From: Nataniel Santos <nsantos@blockbit.com>
Date: Thu, 6 Jul 2017 11:03:16 +0000 (-0300)
Subject: xt_ACCOUNT: make table limit configurable
X-Git-Tag: v3.3~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed10cb9c17273942f6726c3397802fe5ec6f6f3f;p=thirdparty%2Fxtables-addons.git

xt_ACCOUNT: make table limit configurable

Add parameter option in module xt_ACCOUNT.ko to accept. Change in the
ACCOUN_MAX_TABLES table without the need to recompile the module.

References: MR-8
---

diff --git a/extensions/ACCOUNT/xt_ACCOUNT.c b/extensions/ACCOUNT/xt_ACCOUNT.c
index 67d49cb..019f5bd 100644
--- a/extensions/ACCOUNT/xt_ACCOUNT.c
+++ b/extensions/ACCOUNT/xt_ACCOUNT.c
@@ -40,6 +40,9 @@
 #error "ipt_ACCOUNT needs at least a PAGE_SIZE of 4096"
 #endif
 
+static unsigned int max_tables_limit = 128;
+module_param(max_tables_limit, uint, 0);
+
 /**
  * Internal table structure, generated by check_entry()
  * @name:	name of the table
@@ -185,7 +188,7 @@ static int ipt_acc_table_insert(struct ipt_acc_table *ipt_acc_tables,
 		name, NIPQUAD(ip), NIPQUAD(netmask));
 
 	/* Look for existing table */
-	for (i = 0; i < ACCOUNT_MAX_TABLES; i++) {
+	for (i = 0; i < max_tables_limit; i++) {
 		if (strncmp(ipt_acc_tables[i].name, name,
 		    ACCOUNT_TABLE_NAME_LEN) == 0) {
 			pr_debug("ACCOUNT: Found existing slot: %d - "
@@ -209,7 +212,7 @@ static int ipt_acc_table_insert(struct ipt_acc_table *ipt_acc_tables,
 	}
 
 	/* Insert new table */
-	for (i = 0; i < ACCOUNT_MAX_TABLES; i++) {
+	for (i = 0; i < max_tables_limit; i++) {
 		/* Found free slot */
 		if (ipt_acc_tables[i].name[0] == 0) {
 			unsigned int netsize = 0;
@@ -258,7 +261,7 @@ static int ipt_acc_table_insert(struct ipt_acc_table *ipt_acc_tables,
 
 	/* No free slot found */
 	printk("ACCOUNT: No free table slot found (max: %d). "
-		"Please increase ACCOUNT_MAX_TABLES.\n", ACCOUNT_MAX_TABLES);
+		"Please increase the \"max_tables_limit\" module parameter.\n", max_tables_limit);
 	return -1;
 }
 
@@ -299,7 +302,7 @@ static void ipt_acc_destroy(const struct xt_tgdtor_param *par)
 	info->table_nr = -1;	/* Set back to original state */
 
 	/* Look for table */
-	for (i = 0; i < ACCOUNT_MAX_TABLES; i++) {
+	for (i = 0; i < max_tables_limit; i++) {
 		if (strncmp(ian->ipt_acc_tables[i].name, info->table_name,
 		    ACCOUNT_TABLE_NAME_LEN) == 0) {
 			pr_debug("ACCOUNT: Found table at slot: %d\n", i);
@@ -604,12 +607,12 @@ static int ipt_acc_handle_prepare_read(struct ipt_acc_table *ipt_acc_tables,
 	int table_nr = -1;
 	uint8_t depth;
 
-	for (table_nr = 0; table_nr < ACCOUNT_MAX_TABLES; table_nr++)
+	for (table_nr = 0; table_nr < max_tables_limit; table_nr++)
 		if (strncmp(ipt_acc_tables[table_nr].name, tablename,
 		    ACCOUNT_TABLE_NAME_LEN) == 0)
 			break;
 
-	if (table_nr == ACCOUNT_MAX_TABLES) {
+	if (table_nr == max_tables_limit) {
 		printk("ACCOUNT: ipt_acc_handle_prepare_read(): "
 			"Table %s not found\n", tablename);
 		return -1;
@@ -707,12 +710,12 @@ static int ipt_acc_handle_prepare_read_flush(struct ipt_acc_table *ipt_acc_table
 	int table_nr;
 	void *new_data_page;
 
-	for (table_nr = 0; table_nr < ACCOUNT_MAX_TABLES; table_nr++)
+	for (table_nr = 0; table_nr < max_tables_limit; table_nr++)
 		if (strncmp(ipt_acc_tables[table_nr].name, tablename,
 		    ACCOUNT_TABLE_NAME_LEN) == 0)
 			break;
 
-	if (table_nr == ACCOUNT_MAX_TABLES) {
+	if (table_nr == max_tables_limit) {
 		printk("ACCOUNT: ipt_acc_handle_prepare_read_flush(): "
 			"Table %s not found\n", tablename);
 		return -1;
@@ -1052,7 +1055,7 @@ static int ipt_acc_get_ctl(struct sock *sk, int cmd, void *user, int *len)
 		spin_lock_bh(&ian->ipt_acc_lock);
 
 		/* Determine size of table names */
-		for (i = 0; i < ACCOUNT_MAX_TABLES; i++) {
+		for (i = 0; i < max_tables_limit; i++) {
 			if (ian->ipt_acc_tables[i].name[0] != 0)
 				size += strlen(ian->ipt_acc_tables[i].name) + 1;
 		}
@@ -1067,7 +1070,7 @@ static int ipt_acc_get_ctl(struct sock *sk, int cmd, void *user, int *len)
 		}
 		/* Copy table names to userspace */
 		tnames = ian->ipt_acc_tmpbuf;
-		for (i = 0; i < ACCOUNT_MAX_TABLES; i++) {
+		for (i = 0; i < max_tables_limit; i++) {
 			if (ian->ipt_acc_tables[i].name[0] != 0) {
 				name_len = strlen(ian->ipt_acc_tables[i].name) + 1;
 				memcpy(tnames, ian->ipt_acc_tables[i].name, name_len);
@@ -1100,7 +1103,7 @@ static int __net_init ipt_acc_net_init(struct net *net)
 	memset(ian, 0, sizeof(*ian));
 	sema_init(&ian->ipt_acc_userspace_mutex, 1);
 
-	ian->ipt_acc_tables = kcalloc(ACCOUNT_MAX_TABLES,
+	ian->ipt_acc_tables = kcalloc(max_tables_limit,
 		sizeof(struct ipt_acc_table), GFP_KERNEL);
 	if (ian->ipt_acc_tables == NULL) {
 		printk("ACCOUNT: Out of memory allocating account_tables structure");
diff --git a/extensions/ACCOUNT/xt_ACCOUNT.h b/extensions/ACCOUNT/xt_ACCOUNT.h
index 6ffba55..bf4f36d 100644
--- a/extensions/ACCOUNT/xt_ACCOUNT.h
+++ b/extensions/ACCOUNT/xt_ACCOUNT.h
@@ -34,7 +34,6 @@
 #define IPT_SO_GET_ACCOUNT_GET_TABLE_NAMES (SO_ACCOUNT_BASE_CTL + 8)
 #define IPT_SO_GET_ACCOUNT_MAX	  IPT_SO_GET_ACCOUNT_GET_TABLE_NAMES
 
-#define ACCOUNT_MAX_TABLES 128
 #define ACCOUNT_TABLE_NAME_LEN 32
 #define ACCOUNT_MAX_HANDLES 10