xt_ACCOUNT: make table limit configurable

Add parameter option in module xt_ACCOUNT.ko to accept. Change in the
ACCOUN_MAX_TABLES table without the need to recompile the module.

References: MR-8

diff --git a/extensions/ACCOUNT/xt_ACCOUNT.c b/extensions/ACCOUNT/xt_ACCOUNT.c
index 67d49cb57f8d52eb127695a8d75f489c0c7a98c8..019f5bda007e68891bede8cab55e7125a2e4a8df 100644 (file)
--- a/extensions/ACCOUNT/xt_ACCOUNT.c
+++ b/extensions/ACCOUNT/xt_ACCOUNT.c
@@ -40,6 +40,9 @@
 #error "ipt_ACCOUNT needs at least a PAGE_SIZE of 4096"
 #endif
 
+static unsigned int max_tables_limit = 128;
+module_param(max_tables_limit, uint, 0);
+
 /**
  * Internal table structure, generated by check_entry()
  * @name:      name of the table
@@ -185,7 +188,7 @@ static int ipt_acc_table_insert(struct ipt_acc_table *ipt_acc_tables,
                name, NIPQUAD(ip), NIPQUAD(netmask));
 
        /* Look for existing table */
-       for (i = 0; i < ACCOUNT_MAX_TABLES; i++) {
+       for (i = 0; i < max_tables_limit; i++) {
                if (strncmp(ipt_acc_tables[i].name, name,
                    ACCOUNT_TABLE_NAME_LEN) == 0) {
                        pr_debug("ACCOUNT: Found existing slot: %d - "
@@ -209,7 +212,7 @@ static int ipt_acc_table_insert(struct ipt_acc_table *ipt_acc_tables,
        }
 
        /* Insert new table */
-       for (i = 0; i < ACCOUNT_MAX_TABLES; i++) {
+       for (i = 0; i < max_tables_limit; i++) {
                /* Found free slot */
                if (ipt_acc_tables[i].name[0] == 0) {
                        unsigned int netsize = 0;
@@ -258,7 +261,7 @@ static int ipt_acc_table_insert(struct ipt_acc_table *ipt_acc_tables,
 
        /* No free slot found */
        printk("ACCOUNT: No free table slot found (max: %d). "
-               "Please increase ACCOUNT_MAX_TABLES.\n", ACCOUNT_MAX_TABLES);
+               "Please increase the \"max_tables_limit\" module parameter.\n", max_tables_limit);
        return -1;
 }
 
@@ -299,7 +302,7 @@ static void ipt_acc_destroy(const struct xt_tgdtor_param *par)
        info->table_nr = -1;    /* Set back to original state */
 
        /* Look for table */
-       for (i = 0; i < ACCOUNT_MAX_TABLES; i++) {
+       for (i = 0; i < max_tables_limit; i++) {
                if (strncmp(ian->ipt_acc_tables[i].name, info->table_name,
                    ACCOUNT_TABLE_NAME_LEN) == 0) {
                        pr_debug("ACCOUNT: Found table at slot: %d\n", i);
@@ -604,12 +607,12 @@ static int ipt_acc_handle_prepare_read(struct ipt_acc_table *ipt_acc_tables,
        int table_nr = -1;
        uint8_t depth;
 
-       for (table_nr = 0; table_nr < ACCOUNT_MAX_TABLES; table_nr++)
+       for (table_nr = 0; table_nr < max_tables_limit; table_nr++)
                if (strncmp(ipt_acc_tables[table_nr].name, tablename,
                    ACCOUNT_TABLE_NAME_LEN) == 0)
                        break;
 
-       if (table_nr == ACCOUNT_MAX_TABLES) {
+       if (table_nr == max_tables_limit) {
                printk("ACCOUNT: ipt_acc_handle_prepare_read(): "
                        "Table %s not found\n", tablename);
                return -1;
@@ -707,12 +710,12 @@ static int ipt_acc_handle_prepare_read_flush(struct ipt_acc_table *ipt_acc_table
        int table_nr;
        void *new_data_page;
 
-       for (table_nr = 0; table_nr < ACCOUNT_MAX_TABLES; table_nr++)
+       for (table_nr = 0; table_nr < max_tables_limit; table_nr++)
                if (strncmp(ipt_acc_tables[table_nr].name, tablename,
                    ACCOUNT_TABLE_NAME_LEN) == 0)
                        break;
 
-       if (table_nr == ACCOUNT_MAX_TABLES) {
+       if (table_nr == max_tables_limit) {
                printk("ACCOUNT: ipt_acc_handle_prepare_read_flush(): "
                        "Table %s not found\n", tablename);
                return -1;
@@ -1052,7 +1055,7 @@ static int ipt_acc_get_ctl(struct sock *sk, int cmd, void *user, int *len)
                spin_lock_bh(&ian->ipt_acc_lock);
 
                /* Determine size of table names */
-               for (i = 0; i < ACCOUNT_MAX_TABLES; i++) {
+               for (i = 0; i < max_tables_limit; i++) {
                        if (ian->ipt_acc_tables[i].name[0] != 0)
                                size += strlen(ian->ipt_acc_tables[i].name) + 1;
                }
@@ -1067,7 +1070,7 @@ static int ipt_acc_get_ctl(struct sock *sk, int cmd, void *user, int *len)
                }
                /* Copy table names to userspace */
                tnames = ian->ipt_acc_tmpbuf;
-               for (i = 0; i < ACCOUNT_MAX_TABLES; i++) {
+               for (i = 0; i < max_tables_limit; i++) {
                        if (ian->ipt_acc_tables[i].name[0] != 0) {
                                name_len = strlen(ian->ipt_acc_tables[i].name) + 1;
                                memcpy(tnames, ian->ipt_acc_tables[i].name, name_len);
@@ -1100,7 +1103,7 @@ static int __net_init ipt_acc_net_init(struct net *net)
        memset(ian, 0, sizeof(*ian));
        sema_init(&ian->ipt_acc_userspace_mutex, 1);
 
-       ian->ipt_acc_tables = kcalloc(ACCOUNT_MAX_TABLES,
+       ian->ipt_acc_tables = kcalloc(max_tables_limit,
                sizeof(struct ipt_acc_table), GFP_KERNEL);
        if (ian->ipt_acc_tables == NULL) {
                printk("ACCOUNT: Out of memory allocating account_tables structure");

diff --git a/extensions/ACCOUNT/xt_ACCOUNT.h b/extensions/ACCOUNT/xt_ACCOUNT.h
index 6ffba55ceb1f3bdfa86a902947faf1c5ffd37491..bf4f36d799108b37fbd5a7741f0eb1f3343ff469 100644 (file)
--- a/extensions/ACCOUNT/xt_ACCOUNT.h
+++ b/extensions/ACCOUNT/xt_ACCOUNT.h
@@ -34,7 +34,6 @@
 #define IPT_SO_GET_ACCOUNT_GET_TABLE_NAMES (SO_ACCOUNT_BASE_CTL + 8)
 #define IPT_SO_GET_ACCOUNT_MAX   IPT_SO_GET_ACCOUNT_GET_TABLE_NAMES
 
-#define ACCOUNT_MAX_TABLES 128
 #define ACCOUNT_TABLE_NAME_LEN 32
 #define ACCOUNT_MAX_HANDLES 10