aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2006-12-03 01:08:01 -0500
committerDavid S. Miller <davem@davemloft.net>2006-12-03 01:08:01 -0500
commitd6a9b6500a8941599bcef98e7de49e1260d104ed (patch)
tree10dd941f8b67d885665b469bf9c476c0a8cbeebc
parent55a733247d6d2883d9bb77825fafac3dfca13fc2 (diff)
[NETFILTER]: nf_conntrack: add helper function for expectation initialization
Expectation address masks need to be differently initialized depending on the address family, create helper function to avoid cluttering up the code too much. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/net/netfilter/nf_conntrack_expect.h4
-rw-r--r--include/net/netfilter/nf_conntrack_tuple.h10
-rw-r--r--net/netfilter/nf_conntrack_expect.c68
3 files changed, 75 insertions, 7 deletions
diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h
index b969c430b36a..54a3d038beaa 100644
--- a/include/net/netfilter/nf_conntrack_expect.h
+++ b/include/net/netfilter/nf_conntrack_expect.h
@@ -68,6 +68,10 @@ void nf_conntrack_unexpect_related(struct nf_conntrack_expect *exp);
68/* Allocate space for an expectation: this is mandatory before calling 68/* Allocate space for an expectation: this is mandatory before calling
69 nf_conntrack_expect_related. You will have to call put afterwards. */ 69 nf_conntrack_expect_related. You will have to call put afterwards. */
70struct nf_conntrack_expect *nf_conntrack_expect_alloc(struct nf_conn *me); 70struct nf_conntrack_expect *nf_conntrack_expect_alloc(struct nf_conn *me);
71void nf_conntrack_expect_init(struct nf_conntrack_expect *, int,
72 union nf_conntrack_address *,
73 union nf_conntrack_address *,
74 u_int8_t, __be16 *, __be16 *);
71void nf_conntrack_expect_put(struct nf_conntrack_expect *exp); 75void nf_conntrack_expect_put(struct nf_conntrack_expect *exp);
72int nf_conntrack_expect_related(struct nf_conntrack_expect *expect); 76int nf_conntrack_expect_related(struct nf_conntrack_expect *expect);
73 77
diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h
index be9dc9a0eb77..c96a9c576736 100644
--- a/include/net/netfilter/nf_conntrack_tuple.h
+++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -24,7 +24,7 @@
24 24
25/* The l3 protocol-specific manipulable parts of the tuple: always in 25/* The l3 protocol-specific manipulable parts of the tuple: always in
26 network order! */ 26 network order! */
27union nf_conntrack_man_l3proto { 27union nf_conntrack_address {
28 u_int32_t all[NF_CT_TUPLE_L3SIZE]; 28 u_int32_t all[NF_CT_TUPLE_L3SIZE];
29 __be32 ip; 29 __be32 ip;
30 __be32 ip6[4]; 30 __be32 ip6[4];
@@ -54,7 +54,7 @@ union nf_conntrack_man_proto
54/* The manipulable part of the tuple. */ 54/* The manipulable part of the tuple. */
55struct nf_conntrack_man 55struct nf_conntrack_man
56{ 56{
57 union nf_conntrack_man_l3proto u3; 57 union nf_conntrack_address u3;
58 union nf_conntrack_man_proto u; 58 union nf_conntrack_man_proto u;
59 /* Layer 3 protocol */ 59 /* Layer 3 protocol */
60 u_int16_t l3num; 60 u_int16_t l3num;
@@ -67,11 +67,7 @@ struct nf_conntrack_tuple
67 67
68 /* These are the parts of the tuple which are fixed. */ 68 /* These are the parts of the tuple which are fixed. */
69 struct { 69 struct {
70 union { 70 union nf_conntrack_address u3;
71 u_int32_t all[NF_CT_TUPLE_L3SIZE];
72 u_int32_t ip;
73 u_int32_t ip6[4];
74 } u3;
75 union { 71 union {
76 /* Add other protocols here. */ 72 /* Add other protocols here. */
77 u_int16_t all; 73 u_int16_t all;
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index aa5903e4da11..68623ae778c8 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -196,6 +196,74 @@ struct nf_conntrack_expect *nf_conntrack_expect_alloc(struct nf_conn *me)
196 return new; 196 return new;
197} 197}
198 198
199void nf_conntrack_expect_init(struct nf_conntrack_expect *exp, int family,
200 union nf_conntrack_address *saddr,
201 union nf_conntrack_address *daddr,
202 u_int8_t proto, __be16 *src, __be16 *dst)
203{
204 int len;
205
206 if (family == AF_INET)
207 len = 4;
208 else
209 len = 16;
210
211 exp->flags = 0;
212 exp->expectfn = NULL;
213 exp->helper = NULL;
214 exp->tuple.src.l3num = family;
215 exp->tuple.dst.protonum = proto;
216 exp->mask.src.l3num = 0xFFFF;
217 exp->mask.dst.protonum = 0xFF;
218
219 if (saddr) {
220 memcpy(&exp->tuple.src.u3, saddr, len);
221 if (sizeof(exp->tuple.src.u3) > len)
222 /* address needs to be cleared for nf_ct_tuple_equal */
223 memset((void *)&exp->tuple.src.u3 + len, 0x00,
224 sizeof(exp->tuple.src.u3) - len);
225 memset(&exp->mask.src.u3, 0xFF, len);
226 if (sizeof(exp->mask.src.u3) > len)
227 memset((void *)&exp->mask.src.u3 + len, 0x00,
228 sizeof(exp->mask.src.u3) - len);
229 } else {
230 memset(&exp->tuple.src.u3, 0x00, sizeof(exp->tuple.src.u3));
231 memset(&exp->mask.src.u3, 0x00, sizeof(exp->mask.src.u3));
232 }
233
234 if (daddr) {
235 memcpy(&exp->tuple.dst.u3, daddr, len);
236 if (sizeof(exp->tuple.dst.u3) > len)
237 /* address needs to be cleared for nf_ct_tuple_equal */
238 memset((void *)&exp->tuple.dst.u3 + len, 0x00,
239 sizeof(exp->tuple.dst.u3) - len);
240 memset(&exp->mask.dst.u3, 0xFF, len);
241 if (sizeof(exp->mask.dst.u3) > len)
242 memset((void *)&exp->mask.dst.u3 + len, 0x00,
243 sizeof(exp->mask.dst.u3) - len);
244 } else {
245 memset(&exp->tuple.dst.u3, 0x00, sizeof(exp->tuple.dst.u3));
246 memset(&exp->mask.dst.u3, 0x00, sizeof(exp->mask.dst.u3));
247 }
248
249 if (src) {
250 exp->tuple.src.u.all = (__force u16)*src;
251 exp->mask.src.u.all = 0xFFFF;
252 } else {
253 exp->tuple.src.u.all = 0;
254 exp->mask.src.u.all = 0;
255 }
256
257 if (dst) {
258 exp->tuple.dst.u.all = (__force u16)*dst;
259 exp->mask.dst.u.all = 0xFFFF;
260 } else {
261 exp->tuple.dst.u.all = 0;
262 exp->mask.dst.u.all = 0;
263 }
264}
265EXPORT_SYMBOL_GPL(nf_conntrack_expect_init);
266
199void nf_conntrack_expect_put(struct nf_conntrack_expect *exp) 267void nf_conntrack_expect_put(struct nf_conntrack_expect *exp)
200{ 268{
201 if (atomic_dec_and_test(&exp->use)) 269 if (atomic_dec_and_test(&exp->use))