netfilter: conntrack: use u8 for extension sizes again

[mirror_ubuntu-artful-kernel.git] / net / netfilter / nf_conntrack_core.c

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 03150f60714d453f42cc9b30b59537b818a98262..62368b05cef5c23032eb70731a10106095ac2349 100644 (file)
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1804,12 +1804,45 @@ EXPORT_SYMBOL_GPL(nf_conntrack_set_hashsize);
 module_param_call(hashsize, nf_conntrack_set_hashsize, param_get_uint,
                  &nf_conntrack_htable_size, 0600);
 
+static unsigned int total_extension_size(void)
+{
+       /* remember to add new extensions below */
+       BUILD_BUG_ON(NF_CT_EXT_NUM > 9);
+
+       return sizeof(struct nf_ct_ext) +
+              sizeof(struct nf_conn_help)
+#if IS_ENABLED(CONFIG_NF_NAT)
+               + sizeof(struct nf_conn_nat)
+#endif
+               + sizeof(struct nf_conn_seqadj)
+               + sizeof(struct nf_conn_acct)
+#ifdef CONFIG_NF_CONNTRACK_EVENTS
+               + sizeof(struct nf_conntrack_ecache)
+#endif
+#ifdef CONFIG_NF_CONNTRACK_TIMESTAMP
+               + sizeof(struct nf_conn_tstamp)
+#endif
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
+               + sizeof(struct nf_conn_timeout)
+#endif
+#ifdef CONFIG_NF_CONNTRACK_LABELS
+               + sizeof(struct nf_conn_labels)
+#endif
+#if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)
+               + sizeof(struct nf_conn_synproxy)
+#endif
+       ;
+};
+
 int nf_conntrack_init_start(void)
 {
        int max_factor = 8;
        int ret = -ENOMEM;
        int i;
 
+       /* struct nf_ct_ext uses u8 to store offsets/size */
+       BUILD_BUG_ON(total_extension_size() > 255u);
+
        seqcount_init(&nf_conntrack_generation);
 
        for (i = 0; i < CONNTRACK_LOCKS; i++)