netfilter: conntrack: add nf_{tcp, udp, sctp, icmp, dccp, icmpv6, generic}_pernet()

mainline inclusion from mainline-4.20 commit a95a7774d51e13f9cf4b7285666829b68852f07a category: bugfix bugzilla: 6008 CVE: NA ------------------------------------------------- Expose these functions to access conntrack protocol tracker netns area, nfnetlink_cttimeout needs this. Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: N YueHaibing <yuehaibing@huawei.com> Conflicts: net/netfilter/nf_conntrack_proto_dccp.c net/netfilter/nf_conntrack_proto_generic.c net/netfilter/nf_conntrack_proto_icmp.c net/netfilter/nf_conntrack_proto_icmpv6.c net/netfilter/nf_conntrack_proto_sctp.c net/netfilter/nf_conntrack_proto_tcp.c net/netfilter/nf_conntrack_proto_udp.c Reviewed-by: N Mao Wenan <maowenan@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

netfilter: conntrack: add nf_{tcp, udp, sctp, icmp, dccp, icmpv6, generic}_pernet()
mainline inclusion from mainline-4.20 commit a95a7774d51e13f9cf4b7285666829b68852f07a category: bugfix bugzilla: 6008 CVE: NA ------------------------------------------------- Expose these functions to access conntrack protocol tracker netns area, nfnetlink_cttimeout needs this. Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: N YueHaibing <yuehaibing@huawei.com> Conflicts: net/netfilter/nf_conntrack_proto_dccp.c net/netfilter/nf_conntrack_proto_generic.c net/netfilter/nf_conntrack_proto_icmp.c net/netfilter/nf_conntrack_proto_icmpv6.c net/netfilter/nf_conntrack_proto_sctp.c net/netfilter/nf_conntrack_proto_tcp.c net/netfilter/nf_conntrack_proto_udp.c Reviewed-by: N Mao Wenan <maowenan@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
a36456cf · Pablo Neira Ayuso · Xie XiuQi · a94fed6c · a36456cf · a36456cf
8 changed file
--- a/include/net/netfilter/nf_conntrack_l4proto.h
+++ b/include/net/netfilter/nf_conntrack_l4proto.h
@@ -157,4 +157,43 @@ void nf_ct_l4proto_log_invalid(const struct sk_buff *skb,
 			       const char *fmt, ...) { }
 #endif /* CONFIG_SYSCTL */
+static inline struct nf_generic_net *nf_generic_pernet(struct net *net)
+{
+	return &net->ct.nf_ct_proto.generic;
+}
+static inline struct nf_tcp_net *nf_tcp_pernet(struct net *net)
+{
+	return &net->ct.nf_ct_proto.tcp;
+}
+static inline struct nf_udp_net *nf_udp_pernet(struct net *net)
+{
+	return &net->ct.nf_ct_proto.udp;
+}
+static inline struct nf_icmp_net *nf_icmp_pernet(struct net *net)
+{
+	return &net->ct.nf_ct_proto.icmp;
+}
+static inline struct nf_icmp_net *nf_icmpv6_pernet(struct net *net)
+{
+	return &net->ct.nf_ct_proto.icmpv6;
+}
+#ifdef CONFIG_NF_CT_PROTO_DCCP
+static inline struct nf_dccp_net *nf_dccp_pernet(struct net *net)
+{
+	return &net->ct.nf_ct_proto.dccp;
+}
+#endif
+#ifdef CONFIG_NF_CT_PROTO_SCTP
+static inline struct nf_sctp_net *nf_sctp_pernet(struct net *net)
+{
+	return &net->ct.nf_ct_proto.sctp;
+}
+#endif
 #endif /*_NF_CONNTRACK_PROTOCOL_H*/
--- a/net/netfilter/nf_conntrack_proto_dccp.c
+++ b/net/netfilter/nf_conntrack_proto_dccp.c
@@ -384,11 +384,6 @@ dccp_state_table[CT_DCCP_ROLE_MAX + 1][DCCP_PKT_SYNCACK + 1][CT_DCCP_MAX + 1] =
 	},
 };
-static inline struct nf_dccp_net *dccp_pernet(struct net *net)
-{
-	return &net->ct.nf_ct_proto.dccp;
-}
 static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
 		     unsigned int dataoff)
 {
@@ -404,7 +399,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
 	state = dccp_state_table[CT_DCCP_ROLE_CLIENT][dh->dccph_type][CT_DCCP_NONE];
 	switch (state) {
 	default:
-		dn = dccp_pernet(net);
+		dn = nf_dccp_pernet(net);
 		if (dn->dccp_loose == 0) {
 			msg = "not picking up existing connection ";
 			goto out_invalid;
@@ -521,7 +516,7 @@ static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb,
 	timeouts = nf_ct_timeout_lookup(ct);
 	if (!timeouts)
-		timeouts = dccp_pernet(nf_ct_net(ct))->dccp_timeout;
+		timeouts = nf_dccp_pernet(nf_ct_net(ct))->dccp_timeout;
 	nf_ct_refresh_acct(ct, ctinfo, skb, timeouts[new_state]);
 	return NF_ACCEPT;
@@ -683,7 +678,7 @@ static int nlattr_to_dccp(struct nlattr *cda[], struct nf_conn *ct)
 static int dccp_timeout_nlattr_to_obj(struct nlattr *tb[],
 				      struct net *net, void *data)
 {
-	struct nf_dccp_net *dn = dccp_pernet(net);
+	struct nf_dccp_net *dn = nf_dccp_pernet(net);
 	unsigned int *timeouts = data;
 	int i;
@@ -816,7 +811,7 @@ static int dccp_kmemdup_sysctl_table(struct net *net, struct nf_proto_net *pn,
 static int dccp_init_net(struct net *net, u_int16_t proto)
 {
-	struct nf_dccp_net *dn = dccp_pernet(net);
+	struct nf_dccp_net *dn = nf_dccp_pernet(net);
 	struct nf_proto_net *pn = &dn->pn;
 	if (!pn->users) {

--- a/net/netfilter/nf_conntrack_proto_generic.c
+++ b/net/netfilter/nf_conntrack_proto_generic.c
@@ -27,11 +27,6 @@ static bool nf_generic_should_process(u8 proto)
 	}
 }
-static inline struct nf_generic_net *generic_pernet(struct net *net)
-{
-	return &net->ct.nf_ct_proto.generic;
-}
 static bool generic_pkt_to_tuple(const struct sk_buff *skb,
 				 unsigned int dataoff,
 				 struct net *net, struct nf_conntrack_tuple *tuple)
@@ -51,7 +46,7 @@ static int generic_packet(struct nf_conn *ct,
 	const unsigned int *timeout = nf_ct_timeout_lookup(ct);
 	if (!timeout)
-		timeout = &generic_pernet(nf_ct_net(ct))->timeout;
+		timeout = &nf_generic_pernet(nf_ct_net(ct))->timeout;
 	nf_ct_refresh_acct(ct, ctinfo, skb, *timeout);
 	return NF_ACCEPT;
@@ -78,7 +73,7 @@ static bool generic_new(struct nf_conn *ct, const struct sk_buff *skb,
 static int generic_timeout_nlattr_to_obj(struct nlattr *tb[],
 					 struct net *net, void *data)
 {
-	struct nf_generic_net *gn = generic_pernet(net);
+	struct nf_generic_net *gn = nf_generic_pernet(net);
 	unsigned int *timeout = data;
 	if (!timeout)
@@ -144,7 +139,7 @@ static int generic_kmemdup_sysctl_table(struct nf_proto_net *pn,
 static int generic_init_net(struct net *net, u_int16_t proto)
 {
-	struct nf_generic_net *gn = generic_pernet(net);
+	struct nf_generic_net *gn = nf_generic_pernet(net);
 	struct nf_proto_net *pn = &gn->pn;
 	gn->timeout = nf_ct_generic_timeout;

--- a/net/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/netfilter/nf_conntrack_proto_icmp.c
@@ -25,11 +25,6 @@
 static const unsigned int nf_ct_icmp_timeout = 30*HZ;
-static inline struct nf_icmp_net *icmp_pernet(struct net *net)
-{
-	return &net->ct.nf_ct_proto.icmp;
-}
 static bool icmp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,
 			      struct net *net, struct nf_conntrack_tuple *tuple)
 {
@@ -74,7 +69,7 @@ static bool icmp_invert_tuple(struct nf_conntrack_tuple *tuple,
 static unsigned int *icmp_get_timeouts(struct net *net)
 {
-	return &icmp_pernet(net)->timeout;
+	return &nf_icmp_pernet(net)->timeout;
 }
 /* Returns verdict for packet, or -1 for invalid. */
@@ -282,7 +277,7 @@ static int icmp_timeout_nlattr_to_obj(struct nlattr *tb[],
 				      struct net *net, void *data)
 {
 	unsigned int *timeout = data;
-	struct nf_icmp_net *in = icmp_pernet(net);
+	struct nf_icmp_net *in = nf_icmp_pernet(net);
 	if (tb[CTA_TIMEOUT_ICMP_TIMEOUT]) {
 		if (!timeout)
@@ -344,7 +339,7 @@ static int icmp_kmemdup_sysctl_table(struct nf_proto_net *pn,
 static int icmp_init_net(struct net *net, u_int16_t proto)
 {
-	struct nf_icmp_net *in = icmp_pernet(net);
+	struct nf_icmp_net *in = nf_icmp_pernet(net);
 	struct nf_proto_net *pn = &in->pn;
 	in->timeout = nf_ct_icmp_timeout;

--- a/net/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/netfilter/nf_conntrack_proto_icmpv6.c
@@ -30,11 +30,6 @@
 static const unsigned int nf_ct_icmpv6_timeout = 30*HZ;
-static inline struct nf_icmp_net *icmpv6_pernet(struct net *net)
-{
-	return &net->ct.nf_ct_proto.icmpv6;
-}
 static bool icmpv6_pkt_to_tuple(const struct sk_buff *skb,
 				unsigned int dataoff,
 				struct net *net,
@@ -87,7 +82,7 @@ static bool icmpv6_invert_tuple(struct nf_conntrack_tuple *tuple,
 static unsigned int *icmpv6_get_timeouts(struct net *net)
 {
-	return &icmpv6_pernet(net)->timeout;
+	return &nf_icmpv6_pernet(net)->timeout;
 }
 /* Returns verdict for packet, or -1 for invalid. */
@@ -283,7 +278,7 @@ static int icmpv6_timeout_nlattr_to_obj(struct nlattr *tb[],
 					struct net *net, void *data)
 {
 	unsigned int *timeout = data;
-	struct nf_icmp_net *in = icmpv6_pernet(net);
+	struct nf_icmp_net *in = nf_icmpv6_pernet(net);
 	if (!timeout)
 		timeout = icmpv6_get_timeouts(net);
@@ -345,7 +340,7 @@ static int icmpv6_kmemdup_sysctl_table(struct nf_proto_net *pn,
 static int icmpv6_init_net(struct net *net, u_int16_t proto)
 {
-	struct nf_icmp_net *in = icmpv6_pernet(net);
+	struct nf_icmp_net *in = nf_icmpv6_pernet(net);
 	struct nf_proto_net *pn = &in->pn;
 	in->timeout = nf_ct_icmpv6_timeout;

--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -146,11 +146,6 @@ static const u8 sctp_conntracks[2][11][SCTP_CONNTRACK_MAX] = {
 	}
 };
-static inline struct nf_sctp_net *sctp_pernet(struct net *net)
-{
-	return &net->ct.nf_ct_proto.sctp;
-}
 #ifdef CONFIG_NF_CONNTRACK_PROCFS
 /* Print out the private part of the conntrack. */
 static void sctp_print_conntrack(struct seq_file *s, struct nf_conn *ct)
@@ -377,7 +372,7 @@ static int sctp_packet(struct nf_conn *ct,
 	timeouts = nf_ct_timeout_lookup(ct);
 	if (!timeouts)
-		timeouts = sctp_pernet(nf_ct_net(ct))->timeouts;
+		timeouts = nf_sctp_pernet(nf_ct_net(ct))->timeouts;
 	nf_ct_refresh_acct(ct, ctinfo, skb, timeouts[new_state]);
@@ -600,7 +595,7 @@ static int sctp_timeout_nlattr_to_obj(struct nlattr *tb[],
 				      struct net *net, void *data)
 {
 	unsigned int *timeouts = data;
-	struct nf_sctp_net *sn = sctp_pernet(net);
+	struct nf_sctp_net *sn = nf_sctp_pernet(net);
 	int i;
 	/* set default SCTP timeouts. */
@@ -737,7 +732,7 @@ static int sctp_kmemdup_sysctl_table(struct nf_proto_net *pn,
 static int sctp_init_net(struct net *net, u_int16_t proto)
 {
-	struct nf_sctp_net *sn = sctp_pernet(net);
+	struct nf_sctp_net *sn = nf_sctp_pernet(net);
 	struct nf_proto_net *pn = &sn->pn;
 	if (!pn->users) {

--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -272,11 +272,6 @@ static const u8 tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
 	}
 };
-static inline struct nf_tcp_net *tcp_pernet(struct net *net)
-{
-	return &net->ct.nf_ct_proto.tcp;
-}
 #ifdef CONFIG_NF_CONNTRACK_PROCFS
 /* Print out the private part of the conntrack. */
 static void tcp_print_conntrack(struct seq_file *s, struct nf_conn *ct)
@@ -475,7 +470,7 @@ static bool tcp_in_window(const struct nf_conn *ct,
 			  const struct tcphdr *tcph)
 {
 	struct net *net = nf_ct_net(ct);
-	struct nf_tcp_net *tn = tcp_pernet(net);
+	struct nf_tcp_net *tn = nf_tcp_pernet(net);
 	struct ip_ct_tcp_state *sender = &state->seen[dir];
 	struct ip_ct_tcp_state *receiver = &state->seen[!dir];
 	const struct nf_conntrack_tuple *tuple = &ct->tuplehash[dir].tuple;
@@ -776,7 +771,7 @@ static int tcp_packet(struct nf_conn *ct,
 		      enum ip_conntrack_info ctinfo)
 {
 	struct net *net = nf_ct_net(ct);
-	struct nf_tcp_net *tn = tcp_pernet(net);
+	struct nf_tcp_net *tn = nf_tcp_pernet(net);
 	struct nf_conntrack_tuple *tuple;
 	enum tcp_conntrack new_state, old_state;
 	unsigned int index, *timeouts;
@@ -1075,7 +1070,7 @@ static bool tcp_new(struct nf_conn *ct, const struct sk_buff *skb,
 	const struct tcphdr *th;
 	struct tcphdr _tcph;
 	struct net *net = nf_ct_net(ct);
-	struct nf_tcp_net *tn = tcp_pernet(net);
+	struct nf_tcp_net *tn = nf_tcp_pernet(net);
 	const struct ip_ct_tcp_state *sender = &ct->proto.tcp.seen[0];
 	const struct ip_ct_tcp_state *receiver = &ct->proto.tcp.seen[1];
@@ -1287,7 +1282,7 @@ static unsigned int tcp_nlattr_tuple_size(void)
 static int tcp_timeout_nlattr_to_obj(struct nlattr *tb[],
 				     struct net *net, void *data)
 {
-	struct nf_tcp_net *tn = tcp_pernet(net);
+	struct nf_tcp_net *tn = nf_tcp_pernet(net);
 	unsigned int *timeouts = data;
 	int i;
@@ -1512,7 +1507,7 @@ static int tcp_kmemdup_sysctl_table(struct nf_proto_net *pn,
 static int tcp_init_net(struct net *net, u_int16_t proto)
 {
-	struct nf_tcp_net *tn = tcp_pernet(net);
+	struct nf_tcp_net *tn = nf_tcp_pernet(net);
 	struct nf_proto_net *pn = &tn->pn;
 	if (!pn->users) {

--- a/net/netfilter/nf_conntrack_proto_udp.c
+++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -32,14 +32,9 @@ static const unsigned int udp_timeouts[UDP_CT_MAX] = {
 	[UDP_CT_REPLIED]	= 180*HZ,
 };
-static inline struct nf_udp_net *udp_pernet(struct net *net)
-{
-	return &net->ct.nf_ct_proto.udp;
-}
 static unsigned int *udp_get_timeouts(struct net *net)
 {
-	return udp_pernet(net)->timeouts;
+	return nf_udp_pernet(net)->timeouts;
 }
 /* Returns verdict for packet, and may modify conntracktype */
@@ -180,7 +175,7 @@ static int udp_timeout_nlattr_to_obj(struct nlattr *tb[],
 				     struct net *net, void *data)
 {
 	unsigned int *timeouts = data;
-	struct nf_udp_net *un = udp_pernet(net);
+	struct nf_udp_net *un = nf_udp_pernet(net);
 	if (!timeouts)
 		timeouts = un->timeouts;
@@ -260,7 +255,7 @@ static int udp_kmemdup_sysctl_table(struct nf_proto_net *pn,
 static int udp_init_net(struct net *net, u_int16_t proto)
 {
-	struct nf_udp_net *un = udp_pernet(net);
+	struct nf_udp_net *un = nf_udp_pernet(net);
 	struct nf_proto_net *pn = &un->pn;
 	if (!pn->users) {