[PATCH nf-next 12/19] netfilter: nft: empty nft conntrack extension

Boris Sukholitko <boris.sukholitko@xxxxxxxxxxxx> · Wed, 3 May 2023 15:55:45 +0300

And do the related bookkeeping. The extension struct nf_conn_nft_ext
is empty for now.

Signed-off-by: Boris Sukholitko <boris.sukholitko@xxxxxxxxxxxx>
---
 include/net/netfilter/nf_conntrack_extend.h | 3 +++
 include/net/netfilter/nf_tables.h           | 7 +++++++
 net/netfilter/nf_conntrack_extend.c         | 9 ++++++++-
 3 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/include/net/netfilter/nf_conntrack_extend.h b/include/net/netfilter/nf_conntrack_extend.h
index 0b247248b032..fa7321d71d98 100644
--- a/include/net/netfilter/nf_conntrack_extend.h
+++ b/include/net/netfilter/nf_conntrack_extend.h
@@ -30,6 +30,9 @@ enum nf_ct_ext_id {
 #endif
 #if IS_ENABLED(CONFIG_NET_ACT_CT)
 	NF_CT_EXT_ACT_CT,
+#endif
+#if IS_ENABLED(CONFIG_NFT_CONNTRACK_EXT)
+	NF_CT_EXT_NFT_EXT,
 #endif
 	NF_CT_EXT_NUM,
 };
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index cba06ea3fedd..7d433f8db2e7 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -10,6 +10,7 @@
 #include <linux/netfilter/nf_tables.h>
 #include <linux/u64_stats_sync.h>
 #include <linux/rhashtable.h>
+#include <net/netfilter/nf_conntrack_extend.h>
 #include <net/netfilter/nf_flow_table.h>
 #include <net/netlink.h>
 #include <net/flow_offload.h>
@@ -1732,4 +1733,10 @@ static inline bool nft_reg_track_cmp(struct nft_regs_track *track,
 int nft_payload_mangle(const struct nft_payload_set *priv,
 		       const struct nft_pktinfo *pkt,
 		       const u32 *src);
+
+#if IS_ENABLED(CONFIG_NFT_CONNTRACK_EXT)
+struct nf_conn_nft_ext {
+};
+#endif
+
 #endif /* _NET_NF_TABLES_H */
diff --git a/net/netfilter/nf_conntrack_extend.c b/net/netfilter/nf_conntrack_extend.c
index 0b513f7bf9f3..bb389042261e 100644
--- a/net/netfilter/nf_conntrack_extend.c
+++ b/net/netfilter/nf_conntrack_extend.c
@@ -23,6 +23,7 @@
 #include <net/netfilter/nf_conntrack_labels.h>
 #include <net/netfilter/nf_conntrack_synproxy.h>
 #include <net/netfilter/nf_conntrack_act_ct.h>
+#include <net/netfilter/nf_tables.h>
 #include <net/netfilter/nf_nat.h>
 
 #define NF_CT_EXT_PREALLOC	128u /* conntrack events are on by default */
@@ -54,12 +55,15 @@ static const u8 nf_ct_ext_type_len[NF_CT_EXT_NUM] = {
 #if IS_ENABLED(CONFIG_NET_ACT_CT)
 	[NF_CT_EXT_ACT_CT] = sizeof(struct nf_conn_act_ct_ext),
 #endif
+#if IS_ENABLED(CONFIG_NFT_CONNTRACK_EXT)
+	[NF_CT_EXT_NFT_EXT] = sizeof(struct nf_conn_nft_ext),
+#endif
 };
 
 static __always_inline unsigned int total_extension_size(void)
 {
 	/* remember to add new extensions below */
-	BUILD_BUG_ON(NF_CT_EXT_NUM > 10);
+	BUILD_BUG_ON(NF_CT_EXT_NUM > 11);
 
 	return sizeof(struct nf_ct_ext) +
 	       sizeof(struct nf_conn_help)
@@ -85,6 +89,9 @@ static __always_inline unsigned int total_extension_size(void)
 #endif
 #if IS_ENABLED(CONFIG_NET_ACT_CT)
 		+ sizeof(struct nf_conn_act_ct_ext)
+#endif
+#if IS_ENABLED(CONFIG_NFT_CONNTRACK_EXT)
+		+ sizeof(struct nf_conn_nft_ext)
 #endif
 	;
 }
-- 
2.32.0

Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature




