tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: nf_conntrack: pass template to l4proto ->error() handler
The error handlers might need the template to get the conntrack zone
introduced in the next patches to perform a conntrack lookup.
Signed-off-by: Patrick McHardy <kaber@trash.net>
+15
-11
+2
-2
include/net/netfilter/nf_conntrack_l4proto.h
+2
-2
include/net/netfilter/nf_conntrack_l4proto.h
···
49
49
/* Called when a conntrack entry is destroyed */
50
50
void (*destroy)(struct nf_conn *ct);
51
51
52
-
int (*error)(struct net *net, struct sk_buff *skb, unsigned int dataoff,
53
-
enum ip_conntrack_info *ctinfo,
52
+
int (*error)(struct net *net, struct nf_conn *tmpl, struct sk_buff *skb,
53
+
unsigned int dataoff, enum ip_conntrack_info *ctinfo,
54
54
u_int8_t pf, unsigned int hooknum);
55
55
56
56
/* Print out the per-protocol part of the tuple. Return like seq_* */
+2
-1
net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+2
-1
net/ipv4/netfilter/nf_conntrack_proto_icmp.c
···
163
163
164
164
/* Small and modified version of icmp_rcv */
165
165
static int
166
-
icmp_error(struct net *net, struct sk_buff *skb, unsigned int dataoff,
166
+
icmp_error(struct net *net, struct nf_conn *tmpl,
167
+
struct sk_buff *skb, unsigned int dataoff,
167
168
enum ip_conntrack_info *ctinfo, u_int8_t pf, unsigned int hooknum)
168
169
{
169
170
const struct icmphdr *icmph;
+2
-1
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+2
-1
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
···
179
179
}
180
180
181
181
static int
182
-
icmpv6_error(struct net *net, struct sk_buff *skb, unsigned int dataoff,
182
+
icmpv6_error(struct net *net, struct nf_conn *tmpl,
183
+
struct sk_buff *skb, unsigned int dataoff,
183
184
enum ip_conntrack_info *ctinfo, u_int8_t pf, unsigned int hooknum)
184
185
{
185
186
const struct icmp6hdr *icmp6h;
+2
-1
net/netfilter/nf_conntrack_core.c
+2
-1
net/netfilter/nf_conntrack_core.c
···
799
799
* inverse of the return code tells to the netfilter
800
800
* core what to do with the packet. */
801
801
if (l4proto->error != NULL) {
802
-
ret = l4proto->error(net, skb, dataoff, &ctinfo, pf, hooknum);
802
+
ret = l4proto->error(net, tmpl, skb, dataoff, &ctinfo,
803
+
pf, hooknum);
803
804
if (ret <= 0) {
804
805
NF_CT_STAT_INC_ATOMIC(net, error);
805
806
NF_CT_STAT_INC_ATOMIC(net, invalid);
+3
-2
net/netfilter/nf_conntrack_proto_dccp.c
+3
-2
net/netfilter/nf_conntrack_proto_dccp.c
···
561
561
return NF_ACCEPT;
562
562
}
563
563
564
-
static int dccp_error(struct net *net, struct sk_buff *skb,
565
-
unsigned int dataoff, enum ip_conntrack_info *ctinfo,
564
+
static int dccp_error(struct net *net, struct nf_conn *tmpl,
565
+
struct sk_buff *skb, unsigned int dataoff,
566
+
enum ip_conntrack_info *ctinfo,
566
567
u_int8_t pf, unsigned int hooknum)
567
568
{
568
569
struct dccp_hdr _dh, *dh;
+1
-1
net/netfilter/nf_conntrack_proto_tcp.c
+1
-1
net/netfilter/nf_conntrack_proto_tcp.c
···
760
760
};
761
761
762
762
/* Protect conntrack agaist broken packets. Code taken from ipt_unclean.c. */
763
-
static int tcp_error(struct net *net,
763
+
static int tcp_error(struct net *net, struct nf_conn *tmpl,
764
764
struct sk_buff *skb,
765
765
unsigned int dataoff,
766
766
enum ip_conntrack_info *ctinfo,
+2
-2
net/netfilter/nf_conntrack_proto_udp.c
+2
-2
net/netfilter/nf_conntrack_proto_udp.c
···
91
91
return true;
92
92
}
93
93
94
-
static int udp_error(struct net *net, struct sk_buff *skb, unsigned int dataoff,
95
-
enum ip_conntrack_info *ctinfo,
94
+
static int udp_error(struct net *net, struct nf_conn *tmpl, struct sk_buff *skb,
95
+
unsigned int dataoff, enum ip_conntrack_info *ctinfo,
96
96
u_int8_t pf,
97
97
unsigned int hooknum)
98
98
{