|
|
@@ -1804,12 +1804,45 @@ EXPORT_SYMBOL_GPL(nf_conntrack_set_hashsize);
|
|
|
module_param_call(hashsize, nf_conntrack_set_hashsize, param_get_uint,
|
|
|
&nf_conntrack_htable_size, 0600);
|
|
|
|
|
|
+static unsigned int total_extension_size(void)
|
|
|
+{
|
|
|
+ /* remember to add new extensions below */
|
|
|
+ BUILD_BUG_ON(NF_CT_EXT_NUM > 9);
|
|
|
+
|
|
|
+ return sizeof(struct nf_ct_ext) +
|
|
|
+ sizeof(struct nf_conn_help)
|
|
|
+#if IS_ENABLED(CONFIG_NF_NAT)
|
|
|
+ + sizeof(struct nf_conn_nat)
|
|
|
+#endif
|
|
|
+ + sizeof(struct nf_conn_seqadj)
|
|
|
+ + sizeof(struct nf_conn_acct)
|
|
|
+#ifdef CONFIG_NF_CONNTRACK_EVENTS
|
|
|
+ + sizeof(struct nf_conntrack_ecache)
|
|
|
+#endif
|
|
|
+#ifdef CONFIG_NF_CONNTRACK_TIMESTAMP
|
|
|
+ + sizeof(struct nf_conn_tstamp)
|
|
|
+#endif
|
|
|
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
|
|
|
+ + sizeof(struct nf_conn_timeout)
|
|
|
+#endif
|
|
|
+#ifdef CONFIG_NF_CONNTRACK_LABELS
|
|
|
+ + sizeof(struct nf_conn_labels)
|
|
|
+#endif
|
|
|
+#if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)
|
|
|
+ + sizeof(struct nf_conn_synproxy)
|
|
|
+#endif
|
|
|
+ ;
|
|
|
+};
|
|
|
+
|
|
|
int nf_conntrack_init_start(void)
|
|
|
{
|
|
|
int max_factor = 8;
|
|
|
int ret = -ENOMEM;
|
|
|
int i;
|
|
|
|
|
|
+ /* struct nf_ct_ext uses u8 to store offsets/size */
|
|
|
+ BUILD_BUG_ON(total_extension_size() > 255u);
|
|
|
+
|
|
|
seqcount_init(&nf_conntrack_generation);
|
|
|
|
|
|
for (i = 0; i < CONNTRACK_LOCKS; i++)
|
Florian Westphal