[PATCH nf-next 13/19] netfilter: conntrack: register nft extension

Boris Sukholitko <boris.sukholitko@xxxxxxxxxxxx> · Wed, 3 May 2023 15:55:46 +0300

Add the new nftables extension in the core and netlink conntrack
initialization.

Signed-off-by: Boris Sukholitko <boris.sukholitko@xxxxxxxxxxxx>
---
 include/net/netfilter/nf_tables.h    | 12 ++++++++++++
 net/netfilter/nf_conntrack_core.c    |  2 ++
 net/netfilter/nf_conntrack_netlink.c |  2 ++
 3 files changed, 16 insertions(+)

diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 7d433f8db2e7..8f34571fe345 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -1737,6 +1737,18 @@ int nft_payload_mangle(const struct nft_payload_set *priv,
 #if IS_ENABLED(CONFIG_NFT_CONNTRACK_EXT)
 struct nf_conn_nft_ext {
 };
+
+static inline void nfct_nft_ext_add(struct nf_conn *ct)
+{
+	struct nf_conn_nft_ext *ext = nf_ct_ext_add(ct, NF_CT_EXT_NFT_EXT, GFP_ATOMIC);
+
+	if (ext)
+		memset(ext, 0, sizeof(*ext));
+}
+#else
+static inline void nfct_nft_ext_add(struct nf_conn *ct)
+{
+}
 #endif
 
 #endif /* _NET_NF_TABLES_H */
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index db1ea361f2da..1614ea3e58da 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -49,6 +49,7 @@
 #include <net/netfilter/nf_conntrack_synproxy.h>
 #include <net/netfilter/nf_nat.h>
 #include <net/netfilter/nf_nat_helper.h>
+#include <net/netfilter/nf_tables.h>
 #include <net/netns/hash.h>
 #include <net/ip.h>
 
@@ -1747,6 +1748,7 @@ init_conntrack(struct net *net, struct nf_conn *tmpl,
 	nf_ct_acct_ext_add(ct, GFP_ATOMIC);
 	nf_ct_tstamp_ext_add(ct, GFP_ATOMIC);
 	nf_ct_labels_ext_add(ct);
+	nfct_nft_ext_add(ct);
 
 #ifdef CONFIG_NF_CONNTRACK_EVENTS
 	ecache = tmpl ? nf_ct_ecache_find(tmpl) : NULL;
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index fbc47e4b7bc3..4bc56a03d0a4 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -50,6 +50,7 @@
 #include <net/netfilter/nf_nat.h>
 #include <net/netfilter/nf_nat_helper.h>
 #endif
+#include <net/netfilter/nf_tables.h>
 
 #include <linux/netfilter/nfnetlink.h>
 #include <linux/netfilter/nfnetlink_conntrack.h>
@@ -2307,6 +2308,7 @@ ctnetlink_create_conntrack(struct net *net,
 	nf_ct_labels_ext_add(ct);
 	nfct_seqadj_ext_add(ct);
 	nfct_synproxy_ext_add(ct);
+	nfct_nft_ext_add(ct);
 
 	if (cda[CTA_STATUS]) {
 		err = ctnetlink_change_status(ct, cda);
-- 
2.32.0

Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature




