obj: ct_timeout: use fixed size array

Use an internal array and expose maximum size so we can just use the
same array size for all protocol timeouts. This simplifies handling
a bit and we don't need to set NFTNL_OBJ_CT_TIMEOUT_L4PROTO in first
place.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/libnftnl/object.h b/include/libnftnl/object.h
index e8466980a14043301d4b419b25ba93eb43ed76ad..0279705135d1103399ba3a031daf57b33be849ed 100644 (file)
--- a/include/libnftnl/object.h
+++ b/include/libnftnl/object.h
@@ -62,6 +62,8 @@ enum nftnl_cttimeout_array_udp {
        NFTNL_CTTIMEOUT_UDP_MAX
 };
 
+#define NFTNL_CTTIMEOUT_ARRAY_MAX NFTNL_CTTIMEOUT_TCP_MAX
+
 enum {
        NFTNL_OBJ_CT_TIMEOUT_L3PROTO = NFTNL_OBJ_BASE,
        NFTNL_OBJ_CT_TIMEOUT_L4PROTO,

diff --git a/include/obj.h b/include/obj.h
index 837a54a1f35278342bc645708a9480f1070483de..dfdbb73191c6c4866ae3578254b2bf7aab6379a9 100644 (file)
--- a/include/obj.h
+++ b/include/obj.h
@@ -39,7 +39,7 @@ struct nftnl_obj {
                struct nftnl_obj_ct_timeout {
                        uint16_t        l3proto;
                        uint8_t         l4proto;
-                       uint32_t        *timeout;
+                       uint32_t        timeout[NFTNL_CTTIMEOUT_ARRAY_MAX];
                } ct_timeout;
                struct nftnl_obj_limit {
                        uint64_t        rate;

diff --git a/src/obj/ct_timeout.c b/src/obj/ct_timeout.c
index f39e5adfbfbd9463cb2999e83730595c5c7a66b5..fe0689a8adab95214e42022584b6bba48fb9f680 100644 (file)
--- a/src/obj/ct_timeout.c
+++ b/src/obj/ct_timeout.c
@@ -86,27 +86,8 @@ nftnl_timeout_policy_attr_set_u32(struct nftnl_obj *e,
                                 uint32_t type, uint32_t data)
 {
        struct nftnl_obj_ct_timeout *t = nftnl_obj_data(e);
-       size_t timeout_array_size;
 
-       /* Layer 4 protocol needs to be already set. */
-       if (!(e->flags & (1 << NFTNL_OBJ_CT_TIMEOUT_L4PROTO)))
-               return -1;
-       if (t->timeout == NULL) {
-               /* if not supported, default to generic protocol tracker. */
-               if (timeout_protocol[t->l4proto].attr_max != 0) {
-                       timeout_array_size = sizeof(uint32_t) *
-                                       timeout_protocol[t->l4proto].attr_max;
-               } else {
-                       timeout_array_size = sizeof(uint32_t) *
-                                       timeout_protocol[IPPROTO_RAW].attr_max;
-               }
-               t->timeout = calloc(1, timeout_array_size);
-               if (t->timeout == NULL)
-                       return -1;
-       }
-
-       /* this state does not exists in this protocol tracker.*/
-       if (type > timeout_protocol[t->l4proto].attr_max)
+       if (type >= NFTNL_CTTIMEOUT_ARRAY_MAX)
                return -1;
 
        t->timeout[type] = data;
@@ -173,11 +154,12 @@ static int nftnl_obj_ct_timeout_set(struct nftnl_obj *e, uint16_t type,
                timeout->l4proto = *((uint8_t *)data);
                break;
        case NFTNL_OBJ_CT_TIMEOUT_ARRAY:
-               timeout->timeout = ((uint32_t *)data);
+               memcpy(timeout->timeout, data,
+                      sizeof(uint32_t) * NFTNL_CTTIMEOUT_ARRAY_MAX);
                break;
        default:
                return -1;
-               }
+       }
        return 0;
 }
 
@@ -194,7 +176,7 @@ static const void *nftnl_obj_ct_timeout_get(const struct nftnl_obj *e,
                *data_len = sizeof(timeout->l4proto);
                return &timeout->l4proto;
        case NFTNL_OBJ_CT_TIMEOUT_ARRAY:
-               *data_len = sizeof(timeout->timeout);
+               *data_len = sizeof(uint32_t) * NFTNL_CTTIMEOUT_ARRAY_MAX;
                return timeout->timeout;
        }
        return NULL;