tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: xt_CT: merge common code of revision 0 and 1

This patch merges the common code for revision 0 and 1.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Pablo Neira Ayuso d52ed437 d1beadd1

+56 -89
+56 -89
net/netfilter/xt_CT.c
··· 20 20 #include <net/netfilter/nf_conntrack_timeout.h> 21 21 #include <net/netfilter/nf_conntrack_zones.h> 22 22 23 - static unsigned int xt_ct_target_v0(struct sk_buff *skb, 24 - const struct xt_action_param *par) 23 + static inline int xt_ct_target(struct sk_buff *skb, struct nf_conn *ct) 25 24 { 26 - const struct xt_ct_target_info *info = par->targinfo; 27 - struct nf_conn *ct = info->ct; 28 - 29 25 /* Previously seen (loopback)? Ignore. */ 30 26 if (skb->nfct != NULL) 31 27 return XT_CONTINUE; ··· 33 37 return XT_CONTINUE; 34 38 } 35 39 40 + static unsigned int xt_ct_target_v0(struct sk_buff *skb, 41 + const struct xt_action_param *par) 42 + { 43 + const struct xt_ct_target_info *info = par->targinfo; 44 + struct nf_conn *ct = info->ct; 45 + 46 + return xt_ct_target(skb, ct); 47 + } 48 + 36 49 static unsigned int xt_ct_target_v1(struct sk_buff *skb, 37 50 const struct xt_action_param *par) 38 51 { 39 52 const struct xt_ct_target_info_v1 *info = par->targinfo; 40 53 struct nf_conn *ct = info->ct; 41 54 42 - /* Previously seen (loopback)? Ignore. */ 43 - if (skb->nfct != NULL) 44 - return XT_CONTINUE; 45 - 46 - atomic_inc(&ct->ct_general.use); 47 - skb->nfct = &ct->ct_general; 48 - skb->nfctinfo = IP_CT_NEW; 49 - 50 - return XT_CONTINUE; 55 + return xt_ct_target(skb, ct); 51 56 } 52 57 53 58 static u8 xt_ct_find_proto(const struct xt_tgchk_param *par) ··· 99 102 100 103 help->helper = helper; 101 104 return 0; 102 - } 103 - 104 - static int xt_ct_tg_check_v0(const struct xt_tgchk_param *par) 105 - { 106 - struct xt_ct_target_info *info = par->targinfo; 107 - struct nf_conntrack_tuple t; 108 - struct nf_conn *ct; 109 - int ret = -EOPNOTSUPP; 110 - 111 - if (info->flags & ~XT_CT_NOTRACK) 112 - return -EINVAL; 113 - 114 - if (info->flags & XT_CT_NOTRACK) { 115 - ct = nf_ct_untracked_get(); 116 - atomic_inc(&ct->ct_general.use); 117 - goto out; 118 - } 119 - 120 - #ifndef CONFIG_NF_CONNTRACK_ZONES 121 - if (info->zone) 122 - goto err1; 123 - #endif 124 - 125 - ret = nf_ct_l3proto_try_module_get(par->family); 126 - if (ret < 0) 127 - goto err1; 128 - 129 - memset(&t, 0, sizeof(t)); 130 - ct = nf_conntrack_alloc(par->net, info->zone, &t, &t, GFP_KERNEL); 131 - ret = PTR_ERR(ct); 132 - if (IS_ERR(ct)) 133 - goto err2; 134 - 135 - ret = 0; 136 - if ((info->ct_events || info->exp_events) && 137 - !nf_ct_ecache_ext_add(ct, info->ct_events, info->exp_events, 138 - GFP_KERNEL)) 139 - goto err3; 140 - 141 - if (info->helper[0]) { 142 - ret = xt_ct_set_helper(ct, info->helper, par); 143 - if (ret < 0) 144 - goto err3; 145 - } 146 - 147 - __set_bit(IPS_TEMPLATE_BIT, &ct->status); 148 - __set_bit(IPS_CONFIRMED_BIT, &ct->status); 149 - 150 - /* Overload tuple linked list to put us in template list. */ 151 - hlist_nulls_add_head_rcu(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode, 152 - &par->net->ct.tmpl); 153 - out: 154 - info->ct = ct; 155 - return 0; 156 - 157 - err3: 158 - nf_conntrack_free(ct); 159 - err2: 160 - nf_ct_l3proto_module_put(par->family); 161 - err1: 162 - return ret; 163 105 } 164 106 165 107 #ifdef CONFIG_NF_CONNTRACK_TIMEOUT ··· 178 242 #endif 179 243 } 180 244 181 - static int xt_ct_tg_check_v1(const struct xt_tgchk_param *par) 245 + static int xt_ct_tg_check(const struct xt_tgchk_param *par, 246 + struct xt_ct_target_info_v1 *info) 182 247 { 183 - struct xt_ct_target_info_v1 *info = par->targinfo; 184 248 struct nf_conntrack_tuple t; 185 249 struct nf_conn *ct; 186 250 int ret = -EOPNOTSUPP; ··· 245 309 return ret; 246 310 } 247 311 248 - static void xt_ct_tg_destroy_v0(const struct xt_tgdtor_param *par) 312 + static int xt_ct_tg_check_v0(const struct xt_tgchk_param *par) 249 313 { 250 314 struct xt_ct_target_info *info = par->targinfo; 251 - struct nf_conn *ct = info->ct; 252 - struct nf_conn_help *help; 315 + struct xt_ct_target_info_v1 info_v1 = { 316 + .flags = info->flags, 317 + .zone = info->zone, 318 + .ct_events = info->ct_events, 319 + .exp_events = info->exp_events, 320 + }; 321 + int ret; 253 322 254 - if (!nf_ct_is_untracked(ct)) { 255 - help = nfct_help(ct); 256 - if (help) 257 - module_put(help->helper->me); 323 + memcpy(info_v1.helper, info->helper, sizeof(info->helper)); 258 324 259 - nf_ct_l3proto_module_put(par->family); 260 - } 261 - nf_ct_put(info->ct); 325 + ret = xt_ct_tg_check(par, &info_v1); 326 + if (ret < 0) 327 + return ret; 328 + 329 + info->ct = info_v1.ct; 330 + 331 + return ret; 332 + } 333 + 334 + static int xt_ct_tg_check_v1(const struct xt_tgchk_param *par) 335 + { 336 + return xt_ct_tg_check(par, par->targinfo); 262 337 } 263 338 264 339 static void xt_ct_destroy_timeout(struct nf_conn *ct) ··· 290 343 #endif 291 344 } 292 345 293 - static void xt_ct_tg_destroy_v1(const struct xt_tgdtor_param *par) 346 + static void xt_ct_tg_destroy(const struct xt_tgdtor_param *par, 347 + struct xt_ct_target_info_v1 *info) 294 348 { 295 - struct xt_ct_target_info_v1 *info = par->targinfo; 296 349 struct nf_conn *ct = info->ct; 297 350 struct nf_conn_help *help; 298 351 ··· 306 359 xt_ct_destroy_timeout(ct); 307 360 } 308 361 nf_ct_put(info->ct); 362 + } 363 + 364 + static void xt_ct_tg_destroy_v0(const struct xt_tgdtor_param *par) 365 + { 366 + struct xt_ct_target_info *info = par->targinfo; 367 + struct xt_ct_target_info_v1 info_v1 = { 368 + .flags = info->flags, 369 + .zone = info->zone, 370 + .ct_events = info->ct_events, 371 + .exp_events = info->exp_events, 372 + .ct = info->ct, 373 + }; 374 + memcpy(info_v1.helper, info->helper, sizeof(info->helper)); 375 + 376 + xt_ct_tg_destroy(par, &info_v1); 377 + } 378 + 379 + static void xt_ct_tg_destroy_v1(const struct xt_tgdtor_param *par) 380 + { 381 + xt_ct_tg_destroy(par, par->targinfo); 309 382 } 310 383 311 384 static struct xt_target xt_ct_tg_reg[] __read_mostly = {