netfilter: conntrack: handle icmp pkt_to_tuple helper via direct calls

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

rather than handling them via indirect call, use a direct one instead.
This leaves GRE as the last user of this indirect call facility.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by

Pablo Neira Ayuso 7 years ago e2e48b47 a47c5404

+22 -8

4 changed files

expand all

include

net

netfilter

nf_conntrack_l4proto.h

net

netfilter

nf_conntrack_core.c

nf_conntrack_proto_icmp.c

nf_conntrack_proto_icmpv6.c

+10

include/net/netfilter/nf_conntrack_l4proto.h

··· 90 90 struct module *me; 91 91 }; 92 92 93 + bool icmp_pkt_to_tuple(const struct sk_buff *skb, 94 + unsigned int dataoff, 95 + struct net *net, 96 + struct nf_conntrack_tuple *tuple); 97 + 98 + bool icmpv6_pkt_to_tuple(const struct sk_buff *skb, 99 + unsigned int dataoff, 100 + struct net *net, 101 + struct nf_conntrack_tuple *tuple); 102 + 93 103 int nf_conntrack_icmpv4_error(struct nf_conn *tmpl, 94 104 struct sk_buff *skb, 95 105 unsigned int dataoff,

net/netfilter/nf_conntrack_core.c

··· 274 274 tuple->dst.protonum = protonum; 275 275 tuple->dst.dir = IP_CT_DIR_ORIGINAL; 276 276 277 + switch (protonum) { 278 + case IPPROTO_ICMPV6: 279 + return icmpv6_pkt_to_tuple(skb, dataoff, net, tuple); 280 + case IPPROTO_ICMP: 281 + return icmp_pkt_to_tuple(skb, dataoff, net, tuple); 282 + } 277 283 if (unlikely(l4proto->pkt_to_tuple)) 278 284 return l4proto->pkt_to_tuple(skb, dataoff, net, tuple); 279 285

+2 -3

net/netfilter/nf_conntrack_proto_icmp.c

··· 25 25 26 26 static const unsigned int nf_ct_icmp_timeout = 30*HZ; 27 27 28 - static bool icmp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff, 29 - struct net *net, struct nf_conntrack_tuple *tuple) 28 + bool icmp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff, 29 + struct net *net, struct nf_conntrack_tuple *tuple) 30 30 { 31 31 const struct icmphdr *hp; 32 32 struct icmphdr _hdr; ··· 347 347 const struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp = 348 348 { 349 349 .l4proto = IPPROTO_ICMP, 350 - .pkt_to_tuple = icmp_pkt_to_tuple, 351 350 .invert_tuple = icmp_invert_tuple, 352 351 #if IS_ENABLED(CONFIG_NF_CT_NETLINK) 353 352 .tuple_to_nlattr = icmp_tuple_to_nlattr,

+4 -5

net/netfilter/nf_conntrack_proto_icmpv6.c

··· 30 30 31 31 static const unsigned int nf_ct_icmpv6_timeout = 30*HZ; 32 32 33 - static bool icmpv6_pkt_to_tuple(const struct sk_buff *skb, 34 - unsigned int dataoff, 35 - struct net *net, 36 - struct nf_conntrack_tuple *tuple) 33 + bool icmpv6_pkt_to_tuple(const struct sk_buff *skb, 34 + unsigned int dataoff, 35 + struct net *net, 36 + struct nf_conntrack_tuple *tuple) 37 37 { 38 38 const struct icmp6hdr *hp; 39 39 struct icmp6hdr _hdr; ··· 358 358 const struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 = 359 359 { 360 360 .l4proto = IPPROTO_ICMPV6, 361 - .pkt_to_tuple = icmpv6_pkt_to_tuple, 362 361 .invert_tuple = icmpv6_invert_tuple, 363 362 #if IS_ENABLED(CONFIG_NF_CT_NETLINK) 364 363 .tuple_to_nlattr = icmpv6_tuple_to_nlattr,