diff options
author | Patrick McHardy <kaber@trash.net> | 2006-09-20 15:09:34 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-22 18:20:13 -0400 |
commit | cf9f81523ef3e95d9f222c896d266e4562999150 (patch) | |
tree | 6fa5175b120b150a28e495a8b87704bb139bbb69 /net/ipv4 | |
parent | 857c06da2ba2e00b81677c2f6740048d87da0207 (diff) |
[NETFILTER]: PPTP conntrack: simplify expectation handling
Remove duplicated expectation handling in the NAT helper and simplify
the remains in the conntrack helper.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_helper_pptp.c | 92 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_nat_helper_pptp.c | 58 |
2 files changed, 34 insertions, 116 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c index 5f7af6ef3881..57eac6e3871a 100644 --- a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c +++ b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c | |||
@@ -80,7 +80,7 @@ int | |||
80 | struct PptpControlHeader *ctlh, | 80 | struct PptpControlHeader *ctlh, |
81 | union pptp_ctrl_union *pptpReq); | 81 | union pptp_ctrl_union *pptpReq); |
82 | 82 | ||
83 | int | 83 | void |
84 | (*ip_nat_pptp_hook_exp_gre)(struct ip_conntrack_expect *expect_orig, | 84 | (*ip_nat_pptp_hook_exp_gre)(struct ip_conntrack_expect *expect_orig, |
85 | struct ip_conntrack_expect *expect_reply); | 85 | struct ip_conntrack_expect *expect_reply); |
86 | 86 | ||
@@ -219,93 +219,63 @@ static void pptp_destroy_siblings(struct ip_conntrack *ct) | |||
219 | 219 | ||
220 | /* expect GRE connections (PNS->PAC and PAC->PNS direction) */ | 220 | /* expect GRE connections (PNS->PAC and PAC->PNS direction) */ |
221 | static inline int | 221 | static inline int |
222 | exp_gre(struct ip_conntrack *master, | 222 | exp_gre(struct ip_conntrack *ct, |
223 | __be16 callid, | 223 | __be16 callid, |
224 | __be16 peer_callid) | 224 | __be16 peer_callid) |
225 | { | 225 | { |
226 | struct ip_conntrack_tuple inv_tuple; | ||
227 | struct ip_conntrack_tuple exp_tuples[] = { | ||
228 | /* tuple in original direction, PNS->PAC */ | ||
229 | { .src = { .ip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip, | ||
230 | .u = { .gre = { .key = peer_callid } } | ||
231 | }, | ||
232 | .dst = { .ip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip, | ||
233 | .u = { .gre = { .key = callid } }, | ||
234 | .protonum = IPPROTO_GRE | ||
235 | }, | ||
236 | }, | ||
237 | /* tuple in reply direction, PAC->PNS */ | ||
238 | { .src = { .ip = master->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip, | ||
239 | .u = { .gre = { .key = callid } } | ||
240 | }, | ||
241 | .dst = { .ip = master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip, | ||
242 | .u = { .gre = { .key = peer_callid } }, | ||
243 | .protonum = IPPROTO_GRE | ||
244 | }, | ||
245 | } | ||
246 | }; | ||
247 | struct ip_conntrack_expect *exp_orig, *exp_reply; | 226 | struct ip_conntrack_expect *exp_orig, *exp_reply; |
248 | int ret = 1; | 227 | int ret = 1; |
249 | 228 | ||
250 | exp_orig = ip_conntrack_expect_alloc(master); | 229 | exp_orig = ip_conntrack_expect_alloc(ct); |
251 | if (exp_orig == NULL) | 230 | if (exp_orig == NULL) |
252 | goto out; | 231 | goto out; |
253 | 232 | ||
254 | exp_reply = ip_conntrack_expect_alloc(master); | 233 | exp_reply = ip_conntrack_expect_alloc(ct); |
255 | if (exp_reply == NULL) | 234 | if (exp_reply == NULL) |
256 | goto out_put_orig; | 235 | goto out_put_orig; |
257 | 236 | ||
258 | memcpy(&exp_orig->tuple, &exp_tuples[0], sizeof(exp_orig->tuple)); | 237 | /* original direction, PNS->PAC */ |
238 | exp_orig->tuple.src.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip; | ||
239 | exp_orig->tuple.src.u.gre.key = peer_callid; | ||
240 | exp_orig->tuple.dst.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip; | ||
241 | exp_orig->tuple.dst.u.gre.key = callid; | ||
242 | exp_orig->tuple.dst.protonum = IPPROTO_GRE; | ||
259 | 243 | ||
260 | exp_orig->mask.src.ip = 0xffffffff; | 244 | exp_orig->mask.src.ip = 0xffffffff; |
261 | exp_orig->mask.src.u.all = 0; | 245 | exp_orig->mask.src.u.all = 0; |
262 | exp_orig->mask.dst.u.all = 0; | ||
263 | exp_orig->mask.dst.u.gre.key = htons(0xffff); | 246 | exp_orig->mask.dst.u.gre.key = htons(0xffff); |
264 | exp_orig->mask.dst.ip = 0xffffffff; | 247 | exp_orig->mask.dst.ip = 0xffffffff; |
265 | exp_orig->mask.dst.protonum = 0xff; | 248 | exp_orig->mask.dst.protonum = 0xff; |
266 | 249 | ||
267 | exp_orig->master = master; | 250 | exp_orig->master = ct; |
268 | exp_orig->expectfn = pptp_expectfn; | 251 | exp_orig->expectfn = pptp_expectfn; |
269 | exp_orig->flags = 0; | 252 | exp_orig->flags = 0; |
270 | 253 | ||
271 | /* both expectations are identical apart from tuple */ | 254 | /* both expectations are identical apart from tuple */ |
272 | memcpy(exp_reply, exp_orig, sizeof(*exp_reply)); | 255 | memcpy(exp_reply, exp_orig, sizeof(*exp_reply)); |
273 | memcpy(&exp_reply->tuple, &exp_tuples[1], sizeof(exp_reply->tuple)); | ||
274 | |||
275 | if (ip_nat_pptp_hook_exp_gre) | ||
276 | ret = ip_nat_pptp_hook_exp_gre(exp_orig, exp_reply); | ||
277 | else { | ||
278 | 256 | ||
279 | DEBUGP("calling expect_related PNS->PAC"); | 257 | /* reply direction, PAC->PNS */ |
280 | DUMP_TUPLE(&exp_orig->tuple); | 258 | exp_reply->tuple.src.ip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip; |
259 | exp_reply->tuple.src.u.gre.key = callid; | ||
260 | exp_reply->tuple.dst.ip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip; | ||
261 | exp_reply->tuple.dst.u.gre.key = peer_callid; | ||
262 | exp_reply->tuple.dst.protonum = IPPROTO_GRE; | ||
281 | 263 | ||
282 | if (ip_conntrack_expect_related(exp_orig) != 0) { | 264 | if (ip_nat_pptp_hook_exp_gre) |
283 | DEBUGP("cannot expect_related()\n"); | 265 | ip_nat_pptp_hook_exp_gre(exp_orig, exp_reply); |
284 | goto out_put_both; | 266 | if (ip_conntrack_expect_related(exp_orig) != 0) |
285 | } | 267 | goto out_put_both; |
286 | 268 | if (ip_conntrack_expect_related(exp_reply) != 0) | |
287 | DEBUGP("calling expect_related PAC->PNS"); | 269 | goto out_unexpect_orig; |
288 | DUMP_TUPLE(&exp_reply->tuple); | 270 | |
289 | 271 | /* Add GRE keymap entries */ | |
290 | if (ip_conntrack_expect_related(exp_reply) != 0) { | 272 | if (ip_ct_gre_keymap_add(ct, &exp_orig->tuple, 0) != 0) |
291 | DEBUGP("cannot expect_related()\n"); | 273 | goto out_unexpect_both; |
292 | goto out_unexpect_orig; | 274 | if (ip_ct_gre_keymap_add(ct, &exp_reply->tuple, 1) != 0) { |
293 | } | 275 | ip_ct_gre_keymap_destroy(ct); |
294 | 276 | goto out_unexpect_both; | |
295 | /* Add GRE keymap entries */ | ||
296 | if (ip_ct_gre_keymap_add(master, &exp_reply->tuple, 0) != 0) { | ||
297 | DEBUGP("cannot keymap_add() exp\n"); | ||
298 | goto out_unexpect_both; | ||
299 | } | ||
300 | |||
301 | invert_tuplepr(&inv_tuple, &exp_reply->tuple); | ||
302 | if (ip_ct_gre_keymap_add(master, &inv_tuple, 1) != 0) { | ||
303 | ip_ct_gre_keymap_destroy(master); | ||
304 | DEBUGP("cannot keymap_add() exp_inv\n"); | ||
305 | goto out_unexpect_both; | ||
306 | } | ||
307 | ret = 0; | ||
308 | } | 277 | } |
278 | ret = 0; | ||
309 | 279 | ||
310 | out_put_both: | 280 | out_put_both: |
311 | ip_conntrack_expect_put(exp_reply); | 281 | ip_conntrack_expect_put(exp_reply); |
diff --git a/net/ipv4/netfilter/ip_nat_helper_pptp.c b/net/ipv4/netfilter/ip_nat_helper_pptp.c index 0f5e753b481d..84f6bd09fcd4 100644 --- a/net/ipv4/netfilter/ip_nat_helper_pptp.c +++ b/net/ipv4/netfilter/ip_nat_helper_pptp.c | |||
@@ -211,80 +211,28 @@ pptp_outbound_pkt(struct sk_buff **pskb, | |||
211 | return NF_ACCEPT; | 211 | return NF_ACCEPT; |
212 | } | 212 | } |
213 | 213 | ||
214 | static int | 214 | static void |
215 | pptp_exp_gre(struct ip_conntrack_expect *expect_orig, | 215 | pptp_exp_gre(struct ip_conntrack_expect *expect_orig, |
216 | struct ip_conntrack_expect *expect_reply) | 216 | struct ip_conntrack_expect *expect_reply) |
217 | { | 217 | { |
218 | struct ip_ct_pptp_master *ct_pptp_info = | ||
219 | &expect_orig->master->help.ct_pptp_info; | ||
220 | struct ip_nat_pptp *nat_pptp_info = | ||
221 | &expect_orig->master->nat.help.nat_pptp_info; | ||
222 | |||
223 | struct ip_conntrack *ct = expect_orig->master; | 218 | struct ip_conntrack *ct = expect_orig->master; |
224 | 219 | struct ip_ct_pptp_master *ct_pptp_info = &ct->help.ct_pptp_info; | |
225 | struct ip_conntrack_tuple inv_t; | 220 | struct ip_nat_pptp *nat_pptp_info = &ct->nat.help.nat_pptp_info; |
226 | struct ip_conntrack_tuple *orig_t, *reply_t; | ||
227 | 221 | ||
228 | /* save original PAC call ID in nat_info */ | 222 | /* save original PAC call ID in nat_info */ |
229 | nat_pptp_info->pac_call_id = ct_pptp_info->pac_call_id; | 223 | nat_pptp_info->pac_call_id = ct_pptp_info->pac_call_id; |
230 | 224 | ||
231 | /* alter expectation */ | ||
232 | orig_t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; | ||
233 | reply_t = &ct->tuplehash[IP_CT_DIR_REPLY].tuple; | ||
234 | |||
235 | /* alter expectation for PNS->PAC direction */ | 225 | /* alter expectation for PNS->PAC direction */ |
236 | invert_tuplepr(&inv_t, &expect_orig->tuple); | ||
237 | expect_orig->saved_proto.gre.key = ct_pptp_info->pns_call_id; | 226 | expect_orig->saved_proto.gre.key = ct_pptp_info->pns_call_id; |
238 | expect_orig->tuple.src.u.gre.key = nat_pptp_info->pns_call_id; | 227 | expect_orig->tuple.src.u.gre.key = nat_pptp_info->pns_call_id; |
239 | expect_orig->tuple.dst.u.gre.key = ct_pptp_info->pac_call_id; | 228 | expect_orig->tuple.dst.u.gre.key = ct_pptp_info->pac_call_id; |
240 | expect_orig->dir = IP_CT_DIR_ORIGINAL; | 229 | expect_orig->dir = IP_CT_DIR_ORIGINAL; |
241 | inv_t.src.ip = reply_t->src.ip; | ||
242 | inv_t.dst.ip = reply_t->dst.ip; | ||
243 | inv_t.src.u.gre.key = nat_pptp_info->pac_call_id; | ||
244 | inv_t.dst.u.gre.key = ct_pptp_info->pns_call_id; | ||
245 | |||
246 | if (!ip_conntrack_expect_related(expect_orig)) { | ||
247 | DEBUGP("successfully registered expect\n"); | ||
248 | } else { | ||
249 | DEBUGP("can't expect_related(expect_orig)\n"); | ||
250 | return 1; | ||
251 | } | ||
252 | 230 | ||
253 | /* alter expectation for PAC->PNS direction */ | 231 | /* alter expectation for PAC->PNS direction */ |
254 | invert_tuplepr(&inv_t, &expect_reply->tuple); | ||
255 | expect_reply->saved_proto.gre.key = nat_pptp_info->pns_call_id; | 232 | expect_reply->saved_proto.gre.key = nat_pptp_info->pns_call_id; |
256 | expect_reply->tuple.src.u.gre.key = nat_pptp_info->pac_call_id; | 233 | expect_reply->tuple.src.u.gre.key = nat_pptp_info->pac_call_id; |
257 | expect_reply->tuple.dst.u.gre.key = ct_pptp_info->pns_call_id; | 234 | expect_reply->tuple.dst.u.gre.key = ct_pptp_info->pns_call_id; |
258 | expect_reply->dir = IP_CT_DIR_REPLY; | 235 | expect_reply->dir = IP_CT_DIR_REPLY; |
259 | inv_t.src.ip = orig_t->src.ip; | ||
260 | inv_t.dst.ip = orig_t->dst.ip; | ||
261 | inv_t.src.u.gre.key = nat_pptp_info->pns_call_id; | ||
262 | inv_t.dst.u.gre.key = ct_pptp_info->pac_call_id; | ||
263 | |||
264 | if (!ip_conntrack_expect_related(expect_reply)) { | ||
265 | DEBUGP("successfully registered expect\n"); | ||
266 | } else { | ||
267 | DEBUGP("can't expect_related(expect_reply)\n"); | ||
268 | ip_conntrack_unexpect_related(expect_orig); | ||
269 | return 1; | ||
270 | } | ||
271 | |||
272 | if (ip_ct_gre_keymap_add(ct, &expect_reply->tuple, 0) < 0) { | ||
273 | DEBUGP("can't register original keymap\n"); | ||
274 | ip_conntrack_unexpect_related(expect_orig); | ||
275 | ip_conntrack_unexpect_related(expect_reply); | ||
276 | return 1; | ||
277 | } | ||
278 | |||
279 | if (ip_ct_gre_keymap_add(ct, &inv_t, 1) < 0) { | ||
280 | DEBUGP("can't register reply keymap\n"); | ||
281 | ip_conntrack_unexpect_related(expect_orig); | ||
282 | ip_conntrack_unexpect_related(expect_reply); | ||
283 | ip_ct_gre_keymap_destroy(ct); | ||
284 | return 1; | ||
285 | } | ||
286 | |||
287 | return 0; | ||
288 | } | 236 | } |
289 | 237 | ||
290 | /* inbound packets == from PAC to PNS */ | 238 | /* inbound packets == from PAC to PNS */ |