aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2008-04-14 05:15:52 -0400
committerPatrick McHardy <kaber@trash.net>2008-04-14 05:15:52 -0400
commit5e8fbe2ac8a3f1e34e7004c5750ef59bf9304f82 (patch)
tree7a42f4fa1825e215e3ca3f2d3b2f66a865294ce0
parent5f7da4d26d421f3bdf10c3bbdb86ffc3a12a84f2 (diff)
[NETFILTER]: nf_conntrack: add tuplehash l3num/protonum accessors
Add accessors for l3num and protonum and get rid of some overly long expressions. Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat
-rw-r--r--include/net/netfilter/nf_conntrack.h10
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c13
-rw-r--r--net/netfilter/nf_conntrack_amanda.c4
-rw-r--r--net/netfilter/nf_conntrack_core.c3
-rw-r--r--net/netfilter/nf_conntrack_ftp.c4
-rw-r--r--net/netfilter/nf_conntrack_h323_main.c39
-rw-r--r--net/netfilter/nf_conntrack_netlink.c19
-rw-r--r--net/netfilter/nf_conntrack_pptp.c4
-rw-r--r--net/netfilter/nf_conntrack_proto.c9
-rw-r--r--net/netfilter/nf_conntrack_proto_dccp.c3
-rw-r--r--net/netfilter/nf_conntrack_sane.c3
-rw-r--r--net/netfilter/nf_conntrack_sip.c20
-rw-r--r--net/netfilter/nf_conntrack_standalone.c15
-rw-r--r--net/netfilter/nf_conntrack_tftp.c4
-rw-r--r--net/netfilter/xt_connlimit.c4
-rw-r--r--net/netfilter/xt_conntrack.c4
16 files changed, 64 insertions, 94 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 4a0496aa32d5..26e6a6e2b5a2 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -140,6 +140,16 @@ nf_ct_tuplehash_to_ctrack(const struct nf_conntrack_tuple_hash *hash)
140 tuplehash[hash->tuple.dst.dir]); 140 tuplehash[hash->tuple.dst.dir]);
141} 141}
142 142
143static inline u_int16_t nf_ct_l3num(const struct nf_conn *ct)
144{
145 return ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
146}
147
148static inline u_int8_t nf_ct_protonum(const struct nf_conn *ct)
149{
150 return ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum;
151}
152
143/* get master conntrack via master expectation */ 153/* get master conntrack via master expectation */
144#define master_ct(conntr) (conntr->master) 154#define master_ct(conntr) (conntr->master)
145 155
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
index e60b885d2dcd..40a46d482490 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
@@ -106,21 +106,16 @@ static int ct_seq_show(struct seq_file *s, void *v)
106 /* we only want to print DIR_ORIGINAL */ 106 /* we only want to print DIR_ORIGINAL */
107 if (NF_CT_DIRECTION(hash)) 107 if (NF_CT_DIRECTION(hash))
108 return 0; 108 return 0;
109 if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num != AF_INET) 109 if (nf_ct_l3num(ct) != AF_INET)
110 return 0; 110 return 0;
111 111
112 l3proto = __nf_ct_l3proto_find(ct->tuplehash[IP_CT_DIR_ORIGINAL] 112 l3proto = __nf_ct_l3proto_find(nf_ct_l3num(ct));
113 .tuple.src.l3num);
114 NF_CT_ASSERT(l3proto); 113 NF_CT_ASSERT(l3proto);
115 l4proto = __nf_ct_l4proto_find(ct->tuplehash[IP_CT_DIR_ORIGINAL] 114 l4proto = __nf_ct_l4proto_find(nf_ct_l3num(ct), nf_ct_protonum(ct));
116 .tuple.src.l3num,
117 ct->tuplehash[IP_CT_DIR_ORIGINAL]
118 .tuple.dst.protonum);
119 NF_CT_ASSERT(l4proto); 115 NF_CT_ASSERT(l4proto);
120 116
121 if (seq_printf(s, "%-8s %u %ld ", 117 if (seq_printf(s, "%-8s %u %ld ",
122 l4proto->name, 118 l4proto->name, nf_ct_protonum(ct),
123 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum,
124 timer_pending(&ct->timeout) 119 timer_pending(&ct->timeout)
125 ? (long)(ct->timeout.expires - jiffies)/HZ : 0) != 0) 120 ? (long)(ct->timeout.expires - jiffies)/HZ : 0) != 0)
126 return -ENOSPC; 121 return -ENOSPC;
diff --git a/net/netfilter/nf_conntrack_amanda.c b/net/netfilter/nf_conntrack_amanda.c
index ddfac99cbe63..38aedeeaf4e1 100644
--- a/net/netfilter/nf_conntrack_amanda.c
+++ b/net/netfilter/nf_conntrack_amanda.c
@@ -91,7 +91,6 @@ static int amanda_help(struct sk_buff *skb,
91 char pbuf[sizeof("65535")], *tmp; 91 char pbuf[sizeof("65535")], *tmp;
92 u_int16_t len; 92 u_int16_t len;
93 __be16 port; 93 __be16 port;
94 int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
95 int ret = NF_ACCEPT; 94 int ret = NF_ACCEPT;
96 typeof(nf_nat_amanda_hook) nf_nat_amanda; 95 typeof(nf_nat_amanda_hook) nf_nat_amanda;
97 96
@@ -148,7 +147,8 @@ static int amanda_help(struct sk_buff *skb,
148 goto out; 147 goto out;
149 } 148 }
150 tuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; 149 tuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
151 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, family, 150 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT,
151 nf_ct_l3num(ct),
152 &tuple->src.u3, &tuple->dst.u3, 152 &tuple->src.u3, &tuple->dst.u3,
153 IPPROTO_TCP, NULL, &port); 153 IPPROTO_TCP, NULL, &port);
154 154
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index b77eb56a87e3..21ab0c3846ac 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -194,8 +194,7 @@ destroy_conntrack(struct nf_conntrack *nfct)
194 * destroy_conntrack() MUST NOT be called with a write lock 194 * destroy_conntrack() MUST NOT be called with a write lock
195 * to nf_conntrack_lock!!! -HW */ 195 * to nf_conntrack_lock!!! -HW */
196 rcu_read_lock(); 196 rcu_read_lock();
197 l4proto = __nf_ct_l4proto_find(ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.l3num, 197 l4proto = __nf_ct_l4proto_find(nf_ct_l3num(ct), nf_ct_protonum(ct));
198 ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.protonum);
199 if (l4proto && l4proto->destroy) 198 if (l4proto && l4proto->destroy)
200 l4proto->destroy(ct); 199 l4proto->destroy(ct);
201 200
diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c
index 87ca39b353bb..bb20672fe036 100644
--- a/net/netfilter/nf_conntrack_ftp.c
+++ b/net/netfilter/nf_conntrack_ftp.c
@@ -406,7 +406,7 @@ static int help(struct sk_buff *skb,
406 406
407 /* Initialize IP/IPv6 addr to expected address (it's not mentioned 407 /* Initialize IP/IPv6 addr to expected address (it's not mentioned
408 in EPSV responses) */ 408 in EPSV responses) */
409 cmd.l3num = ct->tuplehash[dir].tuple.src.l3num; 409 cmd.l3num = nf_ct_l3num(ct);
410 memcpy(cmd.u3.all, &ct->tuplehash[dir].tuple.src.u3.all, 410 memcpy(cmd.u3.all, &ct->tuplehash[dir].tuple.src.u3.all,
411 sizeof(cmd.u3.all)); 411 sizeof(cmd.u3.all));
412 412
@@ -453,7 +453,7 @@ static int help(struct sk_buff *skb,
453 daddr = &ct->tuplehash[!dir].tuple.dst.u3; 453 daddr = &ct->tuplehash[!dir].tuple.dst.u3;
454 454
455 /* Update the ftp info */ 455 /* Update the ftp info */
456 if ((cmd.l3num == ct->tuplehash[dir].tuple.src.l3num) && 456 if ((cmd.l3num == nf_ct_l3num(ct)) &&
457 memcmp(&cmd.u3.all, &ct->tuplehash[dir].tuple.src.u3.all, 457 memcmp(&cmd.u3.all, &ct->tuplehash[dir].tuple.src.u3.all,
458 sizeof(cmd.u3.all))) { 458 sizeof(cmd.u3.all))) {
459 /* Enrico Scholz's passive FTP to partially RNAT'd ftp 459 /* Enrico Scholz's passive FTP to partially RNAT'd ftp
diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c
index 505052d495cf..c3f87094de43 100644
--- a/net/netfilter/nf_conntrack_h323_main.c
+++ b/net/netfilter/nf_conntrack_h323_main.c
@@ -218,7 +218,6 @@ static int get_h245_addr(struct nf_conn *ct, const unsigned char *data,
218 union nf_inet_addr *addr, __be16 *port) 218 union nf_inet_addr *addr, __be16 *port)
219{ 219{
220 const unsigned char *p; 220 const unsigned char *p;
221 int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
222 int len; 221 int len;
223 222
224 if (taddr->choice != eH245_TransportAddress_unicastAddress) 223 if (taddr->choice != eH245_TransportAddress_unicastAddress)
@@ -226,13 +225,13 @@ static int get_h245_addr(struct nf_conn *ct, const unsigned char *data,
226 225
227 switch (taddr->unicastAddress.choice) { 226 switch (taddr->unicastAddress.choice) {
228 case eUnicastAddress_iPAddress: 227 case eUnicastAddress_iPAddress:
229 if (family != AF_INET) 228 if (nf_ct_l3num(ct) != AF_INET)
230 return 0; 229 return 0;
231 p = data + taddr->unicastAddress.iPAddress.network; 230 p = data + taddr->unicastAddress.iPAddress.network;
232 len = 4; 231 len = 4;
233 break; 232 break;
234 case eUnicastAddress_iP6Address: 233 case eUnicastAddress_iP6Address:
235 if (family != AF_INET6) 234 if (nf_ct_l3num(ct) != AF_INET6)
236 return 0; 235 return 0;
237 p = data + taddr->unicastAddress.iP6Address.network; 236 p = data + taddr->unicastAddress.iP6Address.network;
238 len = 16; 237 len = 16;
@@ -277,8 +276,7 @@ static int expect_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
277 /* Create expect for RTP */ 276 /* Create expect for RTP */
278 if ((rtp_exp = nf_ct_expect_alloc(ct)) == NULL) 277 if ((rtp_exp = nf_ct_expect_alloc(ct)) == NULL)
279 return -1; 278 return -1;
280 nf_ct_expect_init(rtp_exp, NF_CT_EXPECT_CLASS_DEFAULT, 279 nf_ct_expect_init(rtp_exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct),
281 ct->tuplehash[!dir].tuple.src.l3num,
282 &ct->tuplehash[!dir].tuple.src.u3, 280 &ct->tuplehash[!dir].tuple.src.u3,
283 &ct->tuplehash[!dir].tuple.dst.u3, 281 &ct->tuplehash[!dir].tuple.dst.u3,
284 IPPROTO_UDP, NULL, &rtp_port); 282 IPPROTO_UDP, NULL, &rtp_port);
@@ -288,8 +286,7 @@ static int expect_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
288 nf_ct_expect_put(rtp_exp); 286 nf_ct_expect_put(rtp_exp);
289 return -1; 287 return -1;
290 } 288 }
291 nf_ct_expect_init(rtcp_exp, NF_CT_EXPECT_CLASS_DEFAULT, 289 nf_ct_expect_init(rtcp_exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct),
292 ct->tuplehash[!dir].tuple.src.l3num,
293 &ct->tuplehash[!dir].tuple.src.u3, 290 &ct->tuplehash[!dir].tuple.src.u3,
294 &ct->tuplehash[!dir].tuple.dst.u3, 291 &ct->tuplehash[!dir].tuple.dst.u3,
295 IPPROTO_UDP, NULL, &rtcp_port); 292 IPPROTO_UDP, NULL, &rtcp_port);
@@ -346,8 +343,7 @@ static int expect_t120(struct sk_buff *skb,
346 /* Create expect for T.120 connections */ 343 /* Create expect for T.120 connections */
347 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 344 if ((exp = nf_ct_expect_alloc(ct)) == NULL)
348 return -1; 345 return -1;
349 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, 346 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct),
350 ct->tuplehash[!dir].tuple.src.l3num,
351 &ct->tuplehash[!dir].tuple.src.u3, 347 &ct->tuplehash[!dir].tuple.src.u3,
352 &ct->tuplehash[!dir].tuple.dst.u3, 348 &ct->tuplehash[!dir].tuple.dst.u3,
353 IPPROTO_TCP, NULL, &port); 349 IPPROTO_TCP, NULL, &port);
@@ -634,18 +630,17 @@ int get_h225_addr(struct nf_conn *ct, unsigned char *data,
634 union nf_inet_addr *addr, __be16 *port) 630 union nf_inet_addr *addr, __be16 *port)
635{ 631{
636 const unsigned char *p; 632 const unsigned char *p;
637 int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
638 int len; 633 int len;
639 634
640 switch (taddr->choice) { 635 switch (taddr->choice) {
641 case eTransportAddress_ipAddress: 636 case eTransportAddress_ipAddress:
642 if (family != AF_INET) 637 if (nf_ct_l3num(ct) != AF_INET)
643 return 0; 638 return 0;
644 p = data + taddr->ipAddress.ip; 639 p = data + taddr->ipAddress.ip;
645 len = 4; 640 len = 4;
646 break; 641 break;
647 case eTransportAddress_ip6Address: 642 case eTransportAddress_ip6Address:
648 if (family != AF_INET6) 643 if (nf_ct_l3num(ct) != AF_INET6)
649 return 0; 644 return 0;
650 p = data + taddr->ip6Address.ip; 645 p = data + taddr->ip6Address.ip;
651 len = 16; 646 len = 16;
@@ -683,8 +678,7 @@ static int expect_h245(struct sk_buff *skb, struct nf_conn *ct,
683 /* Create expect for h245 connection */ 678 /* Create expect for h245 connection */
684 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 679 if ((exp = nf_ct_expect_alloc(ct)) == NULL)
685 return -1; 680 return -1;
686 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, 681 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct),
687 ct->tuplehash[!dir].tuple.src.l3num,
688 &ct->tuplehash[!dir].tuple.src.u3, 682 &ct->tuplehash[!dir].tuple.src.u3,
689 &ct->tuplehash[!dir].tuple.dst.u3, 683 &ct->tuplehash[!dir].tuple.dst.u3,
690 IPPROTO_TCP, NULL, &port); 684 IPPROTO_TCP, NULL, &port);
@@ -792,7 +786,7 @@ static int expect_callforwarding(struct sk_buff *skb,
792 * we don't need to track the second call */ 786 * we don't need to track the second call */
793 if (callforward_filter && 787 if (callforward_filter &&
794 callforward_do_filter(&addr, &ct->tuplehash[!dir].tuple.src.u3, 788 callforward_do_filter(&addr, &ct->tuplehash[!dir].tuple.src.u3,
795 ct->tuplehash[!dir].tuple.src.l3num)) { 789 nf_ct_l3num(ct))) {
796 pr_debug("nf_ct_q931: Call Forwarding not tracked\n"); 790 pr_debug("nf_ct_q931: Call Forwarding not tracked\n");
797 return 0; 791 return 0;
798 } 792 }
@@ -800,8 +794,7 @@ static int expect_callforwarding(struct sk_buff *skb,
800 /* Create expect for the second call leg */ 794 /* Create expect for the second call leg */
801 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 795 if ((exp = nf_ct_expect_alloc(ct)) == NULL)
802 return -1; 796 return -1;
803 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, 797 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct),
804 ct->tuplehash[!dir].tuple.src.l3num,
805 &ct->tuplehash[!dir].tuple.src.u3, &addr, 798 &ct->tuplehash[!dir].tuple.src.u3, &addr,
806 IPPROTO_TCP, NULL, &port); 799 IPPROTO_TCP, NULL, &port);
807 exp->helper = nf_conntrack_helper_q931; 800 exp->helper = nf_conntrack_helper_q931;
@@ -1272,8 +1265,7 @@ static int expect_q931(struct sk_buff *skb, struct nf_conn *ct,
1272 /* Create expect for Q.931 */ 1265 /* Create expect for Q.931 */
1273 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 1266 if ((exp = nf_ct_expect_alloc(ct)) == NULL)
1274 return -1; 1267 return -1;
1275 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, 1268 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct),
1276 ct->tuplehash[!dir].tuple.src.l3num,
1277 gkrouted_only ? /* only accept calls from GK? */ 1269 gkrouted_only ? /* only accept calls from GK? */
1278 &ct->tuplehash[!dir].tuple.src.u3 : NULL, 1270 &ct->tuplehash[!dir].tuple.src.u3 : NULL,
1279 &ct->tuplehash[!dir].tuple.dst.u3, 1271 &ct->tuplehash[!dir].tuple.dst.u3,
@@ -1344,8 +1336,7 @@ static int process_gcf(struct sk_buff *skb, struct nf_conn *ct,
1344 /* Need new expect */ 1336 /* Need new expect */
1345 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 1337 if ((exp = nf_ct_expect_alloc(ct)) == NULL)
1346 return -1; 1338 return -1;
1347 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, 1339 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct),
1348 ct->tuplehash[!dir].tuple.src.l3num,
1349 &ct->tuplehash[!dir].tuple.src.u3, &addr, 1340 &ct->tuplehash[!dir].tuple.src.u3, &addr,
1350 IPPROTO_UDP, NULL, &port); 1341 IPPROTO_UDP, NULL, &port);
1351 exp->helper = nf_conntrack_helper_ras; 1342 exp->helper = nf_conntrack_helper_ras;
@@ -1549,8 +1540,7 @@ static int process_acf(struct sk_buff *skb, struct nf_conn *ct,
1549 /* Need new expect */ 1540 /* Need new expect */
1550 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 1541 if ((exp = nf_ct_expect_alloc(ct)) == NULL)
1551 return -1; 1542 return -1;
1552 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, 1543 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct),
1553 ct->tuplehash[!dir].tuple.src.l3num,
1554 &ct->tuplehash[!dir].tuple.src.u3, &addr, 1544 &ct->tuplehash[!dir].tuple.src.u3, &addr,
1555 IPPROTO_TCP, NULL, &port); 1545 IPPROTO_TCP, NULL, &port);
1556 exp->flags = NF_CT_EXPECT_PERMANENT; 1546 exp->flags = NF_CT_EXPECT_PERMANENT;
@@ -1603,8 +1593,7 @@ static int process_lcf(struct sk_buff *skb, struct nf_conn *ct,
1603 /* Need new expect for call signal */ 1593 /* Need new expect for call signal */
1604 if ((exp = nf_ct_expect_alloc(ct)) == NULL) 1594 if ((exp = nf_ct_expect_alloc(ct)) == NULL)
1605 return -1; 1595 return -1;
1606 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, 1596 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct),
1607 ct->tuplehash[!dir].tuple.src.l3num,
1608 &ct->tuplehash[!dir].tuple.src.u3, &addr, 1597 &ct->tuplehash[!dir].tuple.src.u3, &addr,
1609 IPPROTO_TCP, NULL, &port); 1598 IPPROTO_TCP, NULL, &port);
1610 exp->flags = NF_CT_EXPECT_PERMANENT; 1599 exp->flags = NF_CT_EXPECT_PERMANENT;
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 79d5ecde0ddc..16774ecd1c4e 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -145,10 +145,11 @@ nla_put_failure:
145static inline int 145static inline int
146ctnetlink_dump_protoinfo(struct sk_buff *skb, const struct nf_conn *ct) 146ctnetlink_dump_protoinfo(struct sk_buff *skb, const struct nf_conn *ct)
147{ 147{
148 struct nf_conntrack_l4proto *l4proto = nf_ct_l4proto_find_get(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num, ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum); 148 struct nf_conntrack_l4proto *l4proto;
149 struct nlattr *nest_proto; 149 struct nlattr *nest_proto;
150 int ret; 150 int ret;
151 151
152 l4proto = nf_ct_l4proto_find_get(nf_ct_l3num(ct), nf_ct_protonum(ct));
152 if (!l4proto->to_nlattr) { 153 if (!l4proto->to_nlattr) {
153 nf_ct_l4proto_put(l4proto); 154 nf_ct_l4proto_put(l4proto);
154 return 0; 155 return 0;
@@ -368,8 +369,7 @@ ctnetlink_fill_info(struct sk_buff *skb, u32 pid, u32 seq,
368 nfmsg = NLMSG_DATA(nlh); 369 nfmsg = NLMSG_DATA(nlh);
369 370
370 nlh->nlmsg_flags = (nowait && pid) ? NLM_F_MULTI : 0; 371 nlh->nlmsg_flags = (nowait && pid) ? NLM_F_MULTI : 0;
371 nfmsg->nfgen_family = 372 nfmsg->nfgen_family = nf_ct_l3num(ct);
372 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
373 nfmsg->version = NFNETLINK_V0; 373 nfmsg->version = NFNETLINK_V0;
374 nfmsg->res_id = 0; 374 nfmsg->res_id = 0;
375 375
@@ -454,7 +454,7 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
454 nfmsg = NLMSG_DATA(nlh); 454 nfmsg = NLMSG_DATA(nlh);
455 455
456 nlh->nlmsg_flags = flags; 456 nlh->nlmsg_flags = flags;
457 nfmsg->nfgen_family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num; 457 nfmsg->nfgen_family = nf_ct_l3num(ct);
458 nfmsg->version = NFNETLINK_V0; 458 nfmsg->version = NFNETLINK_V0;
459 nfmsg->res_id = 0; 459 nfmsg->res_id = 0;
460 460
@@ -535,8 +535,6 @@ static int ctnetlink_done(struct netlink_callback *cb)
535 return 0; 535 return 0;
536} 536}
537 537
538#define L3PROTO(ct) (ct)->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num
539
540static int 538static int
541ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb) 539ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
542{ 540{
@@ -558,7 +556,7 @@ restart:
558 /* Dump entries of a given L3 protocol number. 556 /* Dump entries of a given L3 protocol number.
559 * If it is not specified, ie. l3proto == 0, 557 * If it is not specified, ie. l3proto == 0,
560 * then dump everything. */ 558 * then dump everything. */
561 if (l3proto && L3PROTO(ct) != l3proto) 559 if (l3proto && nf_ct_l3num(ct) != l3proto)
562 continue; 560 continue;
563 if (cb->args[1]) { 561 if (cb->args[1]) {
564 if (ct != last) 562 if (ct != last)
@@ -704,7 +702,7 @@ static int nfnetlink_parse_nat_proto(struct nlattr *attr,
704 if (err < 0) 702 if (err < 0)
705 return err; 703 return err;
706 704
707 npt = nf_nat_proto_find_get(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum); 705 npt = nf_nat_proto_find_get(nf_ct_protonum(ct));
708 if (npt->nlattr_to_range) 706 if (npt->nlattr_to_range)
709 err = npt->nlattr_to_range(tb, range); 707 err = npt->nlattr_to_range(tb, range);
710 nf_nat_proto_put(npt); 708 nf_nat_proto_put(npt);
@@ -1001,14 +999,11 @@ ctnetlink_change_protoinfo(struct nf_conn *ct, struct nlattr *cda[])
1001{ 999{
1002 struct nlattr *tb[CTA_PROTOINFO_MAX+1], *attr = cda[CTA_PROTOINFO]; 1000 struct nlattr *tb[CTA_PROTOINFO_MAX+1], *attr = cda[CTA_PROTOINFO];
1003 struct nf_conntrack_l4proto *l4proto; 1001 struct nf_conntrack_l4proto *l4proto;
1004 u_int16_t npt = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum;
1005 u_int16_t l3num = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
1006 int err = 0; 1002 int err = 0;
1007 1003
1008 nla_parse_nested(tb, CTA_PROTOINFO_MAX, attr, NULL); 1004 nla_parse_nested(tb, CTA_PROTOINFO_MAX, attr, NULL);
1009 1005
1010 l4proto = nf_ct_l4proto_find_get(l3num, npt); 1006 l4proto = nf_ct_l4proto_find_get(nf_ct_l3num(ct), nf_ct_protonum(ct));
1011
1012 if (l4proto->from_nlattr) 1007 if (l4proto->from_nlattr)
1013 err = l4proto->from_nlattr(tb, ct); 1008 err = l4proto->from_nlattr(tb, ct);
1014 nf_ct_l4proto_put(l4proto); 1009 nf_ct_l4proto_put(l4proto);
diff --git a/net/netfilter/nf_conntrack_pptp.c b/net/netfilter/nf_conntrack_pptp.c
index 8fd83470d1b3..4793cc078789 100644
--- a/net/netfilter/nf_conntrack_pptp.c
+++ b/net/netfilter/nf_conntrack_pptp.c
@@ -209,7 +209,7 @@ static int exp_gre(struct nf_conn *ct, __be16 callid, __be16 peer_callid)
209 /* original direction, PNS->PAC */ 209 /* original direction, PNS->PAC */
210 dir = IP_CT_DIR_ORIGINAL; 210 dir = IP_CT_DIR_ORIGINAL;
211 nf_ct_expect_init(exp_orig, NF_CT_EXPECT_CLASS_DEFAULT, 211 nf_ct_expect_init(exp_orig, NF_CT_EXPECT_CLASS_DEFAULT,
212 ct->tuplehash[dir].tuple.src.l3num, 212 nf_ct_l3num(ct),
213 &ct->tuplehash[dir].tuple.src.u3, 213 &ct->tuplehash[dir].tuple.src.u3,
214 &ct->tuplehash[dir].tuple.dst.u3, 214 &ct->tuplehash[dir].tuple.dst.u3,
215 IPPROTO_GRE, &peer_callid, &callid); 215 IPPROTO_GRE, &peer_callid, &callid);
@@ -218,7 +218,7 @@ static int exp_gre(struct nf_conn *ct, __be16 callid, __be16 peer_callid)
218 /* reply direction, PAC->PNS */ 218 /* reply direction, PAC->PNS */
219 dir = IP_CT_DIR_REPLY; 219 dir = IP_CT_DIR_REPLY;
220 nf_ct_expect_init(exp_reply, NF_CT_EXPECT_CLASS_DEFAULT, 220 nf_ct_expect_init(exp_reply, NF_CT_EXPECT_CLASS_DEFAULT,
221 ct->tuplehash[dir].tuple.src.l3num, 221 nf_ct_l3num(ct),
222 &ct->tuplehash[dir].tuple.src.u3, 222 &ct->tuplehash[dir].tuple.src.u3,
223 &ct->tuplehash[dir].tuple.dst.u3, 223 &ct->tuplehash[dir].tuple.dst.u3,
224 IPPROTO_GRE, &callid, &peer_callid); 224 IPPROTO_GRE, &callid, &peer_callid);
diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
index 8595b5946acf..a49fc932629b 100644
--- a/net/netfilter/nf_conntrack_proto.c
+++ b/net/netfilter/nf_conntrack_proto.c
@@ -146,18 +146,15 @@ EXPORT_SYMBOL_GPL(nf_ct_l3proto_module_put);
146 146
147static int kill_l3proto(struct nf_conn *i, void *data) 147static int kill_l3proto(struct nf_conn *i, void *data)
148{ 148{
149 return (i->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num == 149 return nf_ct_l3num(i) == ((struct nf_conntrack_l3proto *)data)->l3proto;
150 ((struct nf_conntrack_l3proto *)data)->l3proto);
151} 150}
152 151
153static int kill_l4proto(struct nf_conn *i, void *data) 152static int kill_l4proto(struct nf_conn *i, void *data)
154{ 153{
155 struct nf_conntrack_l4proto *l4proto; 154 struct nf_conntrack_l4proto *l4proto;
156 l4proto = (struct nf_conntrack_l4proto *)data; 155 l4proto = (struct nf_conntrack_l4proto *)data;
157 return (i->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum == 156 return nf_ct_protonum(i) == l4proto->l4proto &&
158 l4proto->l4proto) && 157 nf_ct_l3num(i) == l4proto->l3proto;
159 (i->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num ==
160 l4proto->l3proto);
161} 158}
162 159
163static int nf_ct_l3proto_register_sysctl(struct nf_conntrack_l3proto *l3proto) 160static int nf_ct_l3proto_register_sysctl(struct nf_conntrack_l3proto *l3proto)
diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c
index db88c5bcc5fd..9376dcd394bd 100644
--- a/net/netfilter/nf_conntrack_proto_dccp.c
+++ b/net/netfilter/nf_conntrack_proto_dccp.c
@@ -418,7 +418,6 @@ static int dccp_invert_tuple(struct nf_conntrack_tuple *inv,
418static int dccp_new(struct nf_conn *ct, const struct sk_buff *skb, 418static int dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
419 unsigned int dataoff) 419 unsigned int dataoff)
420{ 420{
421 int pf = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
422 struct dccp_hdr _dh, *dh; 421 struct dccp_hdr _dh, *dh;
423 const char *msg; 422 const char *msg;
424 u_int8_t state; 423 u_int8_t state;
@@ -447,7 +446,7 @@ static int dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
447 446
448out_invalid: 447out_invalid:
449 if (LOG_INVALID(IPPROTO_DCCP)) 448 if (LOG_INVALID(IPPROTO_DCCP))
450 nf_log_packet(pf, 0, skb, NULL, NULL, NULL, msg); 449 nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, msg);
451 return 0; 450 return 0;
452} 451}
453 452
diff --git a/net/netfilter/nf_conntrack_sane.c b/net/netfilter/nf_conntrack_sane.c
index 7542e25eede3..c3d5e84dcc9b 100644
--- a/net/netfilter/nf_conntrack_sane.c
+++ b/net/netfilter/nf_conntrack_sane.c
@@ -72,7 +72,6 @@ static int help(struct sk_buff *skb,
72 struct nf_conntrack_tuple *tuple; 72 struct nf_conntrack_tuple *tuple;
73 struct sane_request *req; 73 struct sane_request *req;
74 struct sane_reply_net_start *reply; 74 struct sane_reply_net_start *reply;
75 int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
76 75
77 ct_sane_info = &nfct_help(ct)->help.ct_sane_info; 76 ct_sane_info = &nfct_help(ct)->help.ct_sane_info;
78 /* Until there's been traffic both ways, don't look in packets. */ 77 /* Until there's been traffic both ways, don't look in packets. */
@@ -143,7 +142,7 @@ static int help(struct sk_buff *skb,
143 } 142 }
144 143
145 tuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; 144 tuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
146 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, family, 145 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, nf_ct_l3num(ct),
147 &tuple->src.u3, &tuple->dst.u3, 146 &tuple->src.u3, &tuple->dst.u3,
148 IPPROTO_TCP, NULL, &reply->port); 147 IPPROTO_TCP, NULL, &reply->port);
149 148
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index f3915f8724f9..65b3ba57a3b7 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -142,11 +142,10 @@ static int parse_addr(const struct nf_conn *ct, const char *cp,
142 const char *limit) 142 const char *limit)
143{ 143{
144 const char *end; 144 const char *end;
145 int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
146 int ret = 0; 145 int ret = 0;
147 146
148 memset(addr, 0, sizeof(*addr)); 147 memset(addr, 0, sizeof(*addr));
149 switch (family) { 148 switch (nf_ct_l3num(ct)) {
150 case AF_INET: 149 case AF_INET:
151 ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end); 150 ret = in4_pton(cp, limit - cp, (u8 *)&addr->ip, -1, &end);
152 break; 151 break;
@@ -740,7 +739,6 @@ static int set_expected_rtp_rtcp(struct sk_buff *skb,
740 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 739 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
741 union nf_inet_addr *saddr; 740 union nf_inet_addr *saddr;
742 struct nf_conntrack_tuple tuple; 741 struct nf_conntrack_tuple tuple;
743 int family = ct->tuplehash[!dir].tuple.src.l3num;
744 int direct_rtp = 0, skip_expect = 0, ret = NF_DROP; 742 int direct_rtp = 0, skip_expect = 0, ret = NF_DROP;
745 u_int16_t base_port; 743 u_int16_t base_port;
746 __be16 rtp_port, rtcp_port; 744 __be16 rtp_port, rtcp_port;
@@ -770,7 +768,7 @@ static int set_expected_rtp_rtcp(struct sk_buff *skb,
770 memset(&tuple, 0, sizeof(tuple)); 768 memset(&tuple, 0, sizeof(tuple));
771 if (saddr) 769 if (saddr)
772 tuple.src.u3 = *saddr; 770 tuple.src.u3 = *saddr;
773 tuple.src.l3num = family; 771 tuple.src.l3num = nf_ct_l3num(ct);
774 tuple.dst.protonum = IPPROTO_UDP; 772 tuple.dst.protonum = IPPROTO_UDP;
775 tuple.dst.u3 = *daddr; 773 tuple.dst.u3 = *daddr;
776 tuple.dst.u.udp.port = port; 774 tuple.dst.u.udp.port = port;
@@ -815,13 +813,13 @@ static int set_expected_rtp_rtcp(struct sk_buff *skb,
815 rtp_exp = nf_ct_expect_alloc(ct); 813 rtp_exp = nf_ct_expect_alloc(ct);
816 if (rtp_exp == NULL) 814 if (rtp_exp == NULL)
817 goto err1; 815 goto err1;
818 nf_ct_expect_init(rtp_exp, class, family, saddr, daddr, 816 nf_ct_expect_init(rtp_exp, class, nf_ct_l3num(ct), saddr, daddr,
819 IPPROTO_UDP, NULL, &rtp_port); 817 IPPROTO_UDP, NULL, &rtp_port);
820 818
821 rtcp_exp = nf_ct_expect_alloc(ct); 819 rtcp_exp = nf_ct_expect_alloc(ct);
822 if (rtcp_exp == NULL) 820 if (rtcp_exp == NULL)
823 goto err2; 821 goto err2;
824 nf_ct_expect_init(rtcp_exp, class, family, saddr, daddr, 822 nf_ct_expect_init(rtcp_exp, class, nf_ct_l3num(ct), saddr, daddr,
825 IPPROTO_UDP, NULL, &rtcp_port); 823 IPPROTO_UDP, NULL, &rtcp_port);
826 824
827 nf_nat_sdp_media = rcu_dereference(nf_nat_sdp_media_hook); 825 nf_nat_sdp_media = rcu_dereference(nf_nat_sdp_media_hook);
@@ -871,7 +869,6 @@ static int process_sdp(struct sk_buff *skb,
871{ 869{
872 enum ip_conntrack_info ctinfo; 870 enum ip_conntrack_info ctinfo;
873 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 871 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
874 int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
875 unsigned int matchoff, matchlen; 872 unsigned int matchoff, matchlen;
876 unsigned int mediaoff, medialen; 873 unsigned int mediaoff, medialen;
877 unsigned int sdpoff; 874 unsigned int sdpoff;
@@ -886,8 +883,8 @@ static int process_sdp(struct sk_buff *skb,
886 typeof(nf_nat_sdp_session_hook) nf_nat_sdp_session; 883 typeof(nf_nat_sdp_session_hook) nf_nat_sdp_session;
887 884
888 nf_nat_sdp_addr = rcu_dereference(nf_nat_sdp_addr_hook); 885 nf_nat_sdp_addr = rcu_dereference(nf_nat_sdp_addr_hook);
889 c_hdr = family == AF_INET ? SDP_HDR_CONNECTION_IP4 : 886 c_hdr = nf_ct_l3num(ct) == AF_INET ? SDP_HDR_CONNECTION_IP4 :
890 SDP_HDR_CONNECTION_IP6; 887 SDP_HDR_CONNECTION_IP6;
891 888
892 /* Find beginning of session description */ 889 /* Find beginning of session description */
893 if (ct_sip_get_sdp_header(ct, *dptr, 0, *datalen, 890 if (ct_sip_get_sdp_header(ct, *dptr, 0, *datalen,
@@ -1034,7 +1031,6 @@ static int process_register_request(struct sk_buff *skb,
1034 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 1031 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1035 struct nf_conn_help *help = nfct_help(ct); 1032 struct nf_conn_help *help = nfct_help(ct);
1036 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 1033 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
1037 int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
1038 unsigned int matchoff, matchlen; 1034 unsigned int matchoff, matchlen;
1039 struct nf_conntrack_expect *exp; 1035 struct nf_conntrack_expect *exp;
1040 union nf_inet_addr *saddr, daddr; 1036 union nf_inet_addr *saddr, daddr;
@@ -1089,8 +1085,8 @@ static int process_register_request(struct sk_buff *skb,
1089 if (sip_direct_signalling) 1085 if (sip_direct_signalling)
1090 saddr = &ct->tuplehash[!dir].tuple.src.u3; 1086 saddr = &ct->tuplehash[!dir].tuple.src.u3;
1091 1087
1092 nf_ct_expect_init(exp, SIP_EXPECT_SIGNALLING, family, saddr, &daddr, 1088 nf_ct_expect_init(exp, SIP_EXPECT_SIGNALLING, nf_ct_l3num(ct),
1093 IPPROTO_UDP, NULL, &port); 1089 saddr, &daddr, IPPROTO_UDP, NULL, &port);
1094 exp->timeout.expires = sip_timeout * HZ; 1090 exp->timeout.expires = sip_timeout * HZ;
1095 exp->helper = nfct_help(ct)->helper; 1091 exp->helper = nfct_help(ct)->helper;
1096 exp->flags = NF_CT_EXPECT_PERMANENT | NF_CT_EXPECT_INACTIVE; 1092 exp->flags = NF_CT_EXPECT_PERMANENT | NF_CT_EXPECT_INACTIVE;
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 01d1f7e178f3..b59871f6bdda 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -127,21 +127,14 @@ static int ct_seq_show(struct seq_file *s, void *v)
127 if (NF_CT_DIRECTION(hash)) 127 if (NF_CT_DIRECTION(hash))
128 return 0; 128 return 0;
129 129
130 l3proto = __nf_ct_l3proto_find(ct->tuplehash[IP_CT_DIR_ORIGINAL] 130 l3proto = __nf_ct_l3proto_find(nf_ct_l3num(ct));
131 .tuple.src.l3num);
132
133 NF_CT_ASSERT(l3proto); 131 NF_CT_ASSERT(l3proto);
134 l4proto = __nf_ct_l4proto_find(ct->tuplehash[IP_CT_DIR_ORIGINAL] 132 l4proto = __nf_ct_l4proto_find(nf_ct_l3num(ct), nf_ct_protonum(ct));
135 .tuple.src.l3num,
136 ct->tuplehash[IP_CT_DIR_ORIGINAL]
137 .tuple.dst.protonum);
138 NF_CT_ASSERT(l4proto); 133 NF_CT_ASSERT(l4proto);
139 134
140 if (seq_printf(s, "%-8s %u %-8s %u %ld ", 135 if (seq_printf(s, "%-8s %u %-8s %u %ld ",
141 l3proto->name, 136 l3proto->name, nf_ct_l3num(ct),
142 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num, 137 l4proto->name, nf_ct_protonum(ct),
143 l4proto->name,
144 ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum,
145 timer_pending(&ct->timeout) 138 timer_pending(&ct->timeout)
146 ? (long)(ct->timeout.expires - jiffies)/HZ : 0) != 0) 139 ? (long)(ct->timeout.expires - jiffies)/HZ : 0) != 0)
147 return -ENOSPC; 140 return -ENOSPC;
diff --git a/net/netfilter/nf_conntrack_tftp.c b/net/netfilter/nf_conntrack_tftp.c
index a28341b30f21..ea5ff49d77bc 100644
--- a/net/netfilter/nf_conntrack_tftp.c
+++ b/net/netfilter/nf_conntrack_tftp.c
@@ -44,7 +44,6 @@ static int tftp_help(struct sk_buff *skb,
44 struct nf_conntrack_expect *exp; 44 struct nf_conntrack_expect *exp;
45 struct nf_conntrack_tuple *tuple; 45 struct nf_conntrack_tuple *tuple;
46 unsigned int ret = NF_ACCEPT; 46 unsigned int ret = NF_ACCEPT;
47 int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
48 typeof(nf_nat_tftp_hook) nf_nat_tftp; 47 typeof(nf_nat_tftp_hook) nf_nat_tftp;
49 48
50 tfh = skb_header_pointer(skb, protoff + sizeof(struct udphdr), 49 tfh = skb_header_pointer(skb, protoff + sizeof(struct udphdr),
@@ -63,7 +62,8 @@ static int tftp_help(struct sk_buff *skb,
63 if (exp == NULL) 62 if (exp == NULL)
64 return NF_DROP; 63 return NF_DROP;
65 tuple = &ct->tuplehash[IP_CT_DIR_REPLY].tuple; 64 tuple = &ct->tuplehash[IP_CT_DIR_REPLY].tuple;
66 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT, family, 65 nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT,
66 nf_ct_l3num(ct),
67 &tuple->src.u3, &tuple->dst.u3, 67 &tuple->src.u3, &tuple->dst.u3,
68 IPPROTO_UDP, NULL, &tuple->dst.u.udp.port); 68 IPPROTO_UDP, NULL, &tuple->dst.u.udp.port);
69 69
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index 0ca9fe9da203..2e89a00df92c 100644
--- a/net/netfilter/xt_connlimit.c
+++ b/net/netfilter/xt_connlimit.c
@@ -72,9 +72,7 @@ connlimit_iphash6(const union nf_inet_addr *addr,
72 72
73static inline bool already_closed(const struct nf_conn *conn) 73static inline bool already_closed(const struct nf_conn *conn)
74{ 74{
75 u_int16_t proto = conn->tuplehash[0].tuple.dst.protonum; 75 if (nf_ct_protonum(conn) == IPPROTO_TCP)
76
77 if (proto == IPPROTO_TCP)
78 return conn->proto.tcp.state == TCP_CONNTRACK_TIME_WAIT; 76 return conn->proto.tcp.state == TCP_CONNTRACK_TIME_WAIT;
79 else 77 else
80 return 0; 78 return 0;
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c
index 0c50b2894055..d61412f58ef7 100644
--- a/net/netfilter/xt_conntrack.c
+++ b/net/netfilter/xt_conntrack.c
@@ -65,7 +65,7 @@ conntrack_mt_v0(const struct sk_buff *skb, const struct net_device *in,
65 } 65 }
66 66
67 if (sinfo->flags & XT_CONNTRACK_PROTO && 67 if (sinfo->flags & XT_CONNTRACK_PROTO &&
68 FWINV(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum != 68 FWINV(nf_ct_protonum(ct) !=
69 sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum, 69 sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum,
70 XT_CONNTRACK_PROTO)) 70 XT_CONNTRACK_PROTO))
71 return false; 71 return false;
@@ -174,7 +174,7 @@ ct_proto_port_check(const struct xt_conntrack_mtinfo1 *info,
174 174
175 tuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; 175 tuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
176 if ((info->match_flags & XT_CONNTRACK_PROTO) && 176 if ((info->match_flags & XT_CONNTRACK_PROTO) &&
177 (tuple->dst.protonum == info->l4proto) ^ 177 (nf_ct_protonum(ct) == info->l4proto) ^
178 !(info->invert_flags & XT_CONNTRACK_PROTO)) 178 !(info->invert_flags & XT_CONNTRACK_PROTO))
179 return false; 179 return false;
180 180
generated by cgit v1.2.2 (git 2.25.0) at 2026-04-06 19:58:10 -0400