aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorJeff Garzik <jeff@garzik.org>2006-04-12 16:54:43 -0400
committerJeff Garzik <jeff@garzik.org>2006-04-12 16:54:43 -0400
commita890b15c0990cc8d686edcc85f5fccde71ad5ce9 (patch)
tree73162355b58283a2531f13fbbf663809f95c1483 /net/ipv4
parent79fa1b677be3a985cc66b9218a4dd09818f1051b (diff)
parent26ec634c31a11a003040e10b4d650495158632fd (diff)
Merge branch 'upstream'
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/fib_trie.c14
-rw-r--r--net/ipv4/icmp.c2
-rw-r--r--net/ipv4/ip_fragment.c15
-rw-r--r--net/ipv4/ip_gre.c2
-rw-r--r--net/ipv4/ip_output.c6
-rw-r--r--net/ipv4/ipcomp.c8
-rw-r--r--net/ipv4/ipip.c4
-rw-r--r--net/ipv4/netfilter.c50
-rw-r--r--net/ipv4/netfilter/Kconfig1
-rw-r--r--net/ipv4/netfilter/arp_tables.c4
-rw-r--r--net/ipv4/netfilter/arptable_filter.c19
-rw-r--r--net/ipv4/netfilter/ip_conntrack_core.c2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_helper_h323.c66
-rw-r--r--net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.h98
-rw-r--r--net/ipv4/netfilter/ip_conntrack_helper_h323_types.h938
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_icmp.c23
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_tcp.c7
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_udp.c7
-rw-r--r--net/ipv4/netfilter/ip_conntrack_standalone.c268
-rw-r--r--net/ipv4/netfilter/ip_nat_helper_h323.c71
-rw-r--r--net/ipv4/netfilter/ip_nat_rule.c2
-rw-r--r--net/ipv4/netfilter/ip_nat_standalone.c159
-rw-r--r--net/ipv4/netfilter/ip_queue.c31
-rw-r--r--net/ipv4/netfilter/ip_tables.c4
-rw-r--r--net/ipv4/netfilter/ipt_CLUSTERIP.c40
-rw-r--r--net/ipv4/netfilter/ipt_REJECT.c9
-rw-r--r--net/ipv4/netfilter/iptable_filter.c21
-rw-r--r--net/ipv4/netfilter/iptable_mangle.c33
-rw-r--r--net/ipv4/netfilter/iptable_raw.c35
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c223
-rw-r--r--net/ipv4/netfilter/nf_conntrack_proto_icmp.c20
-rw-r--r--net/ipv4/proc.c4
-rw-r--r--net/ipv4/route.c2
-rw-r--r--net/ipv4/tunnel4.c8
-rw-r--r--net/ipv4/xfrm4_input.c4
36 files changed, 412 insertions, 1790 deletions
diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
index ccd3efc6a173..95a639f2e3db 100644
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -50,7 +50,7 @@
50 * Patrick McHardy <kaber@trash.net> 50 * Patrick McHardy <kaber@trash.net>
51 */ 51 */
52 52
53#define VERSION "0.406" 53#define VERSION "0.407"
54 54
55#include <linux/config.h> 55#include <linux/config.h>
56#include <asm/uaccess.h> 56#include <asm/uaccess.h>
@@ -314,11 +314,6 @@ static void __leaf_free_rcu(struct rcu_head *head)
314 kfree(container_of(head, struct leaf, rcu)); 314 kfree(container_of(head, struct leaf, rcu));
315} 315}
316 316
317static inline void free_leaf(struct leaf *leaf)
318{
319 call_rcu(&leaf->rcu, __leaf_free_rcu);
320}
321
322static void __leaf_info_free_rcu(struct rcu_head *head) 317static void __leaf_info_free_rcu(struct rcu_head *head)
323{ 318{
324 kfree(container_of(head, struct leaf_info, rcu)); 319 kfree(container_of(head, struct leaf_info, rcu));
@@ -357,7 +352,12 @@ static void __tnode_free_rcu(struct rcu_head *head)
357 352
358static inline void tnode_free(struct tnode *tn) 353static inline void tnode_free(struct tnode *tn)
359{ 354{
360 call_rcu(&tn->rcu, __tnode_free_rcu); 355 if(IS_LEAF(tn)) {
356 struct leaf *l = (struct leaf *) tn;
357 call_rcu_bh(&l->rcu, __leaf_free_rcu);
358 }
359 else
360 call_rcu(&tn->rcu, __tnode_free_rcu);
361} 361}
362 362
363static struct leaf *leaf_new(void) 363static struct leaf *leaf_new(void)
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 9831fd2c73a0..2a0455911ee0 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -1107,7 +1107,7 @@ void __init icmp_init(struct net_proto_family *ops)
1107 struct inet_sock *inet; 1107 struct inet_sock *inet;
1108 int i; 1108 int i;
1109 1109
1110 for_each_cpu(i) { 1110 for_each_possible_cpu(i) {
1111 int err; 1111 int err;
1112 1112
1113 err = sock_create_kern(PF_INET, SOCK_RAW, IPPROTO_ICMP, 1113 err = sock_create_kern(PF_INET, SOCK_RAW, IPPROTO_ICMP,
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index 2a8adda15e11..da734c439179 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -304,13 +304,17 @@ out:
304 304
305/* Creation primitives. */ 305/* Creation primitives. */
306 306
307static struct ipq *ip_frag_intern(unsigned int hash, struct ipq *qp_in) 307static struct ipq *ip_frag_intern(struct ipq *qp_in)
308{ 308{
309 struct ipq *qp; 309 struct ipq *qp;
310#ifdef CONFIG_SMP 310#ifdef CONFIG_SMP
311 struct hlist_node *n; 311 struct hlist_node *n;
312#endif 312#endif
313 unsigned int hash;
314
313 write_lock(&ipfrag_lock); 315 write_lock(&ipfrag_lock);
316 hash = ipqhashfn(qp_in->id, qp_in->saddr, qp_in->daddr,
317 qp_in->protocol);
314#ifdef CONFIG_SMP 318#ifdef CONFIG_SMP
315 /* With SMP race we have to recheck hash table, because 319 /* With SMP race we have to recheck hash table, because
316 * such entry could be created on other cpu, while we 320 * such entry could be created on other cpu, while we
@@ -345,7 +349,7 @@ static struct ipq *ip_frag_intern(unsigned int hash, struct ipq *qp_in)
345} 349}
346 350
347/* Add an entry to the 'ipq' queue for a newly received IP datagram. */ 351/* Add an entry to the 'ipq' queue for a newly received IP datagram. */
348static struct ipq *ip_frag_create(unsigned hash, struct iphdr *iph, u32 user) 352static struct ipq *ip_frag_create(struct iphdr *iph, u32 user)
349{ 353{
350 struct ipq *qp; 354 struct ipq *qp;
351 355
@@ -371,7 +375,7 @@ static struct ipq *ip_frag_create(unsigned hash, struct iphdr *iph, u32 user)
371 spin_lock_init(&qp->lock); 375 spin_lock_init(&qp->lock);
372 atomic_set(&qp->refcnt, 1); 376 atomic_set(&qp->refcnt, 1);
373 377
374 return ip_frag_intern(hash, qp); 378 return ip_frag_intern(qp);
375 379
376out_nomem: 380out_nomem:
377 LIMIT_NETDEBUG(KERN_ERR "ip_frag_create: no memory left !\n"); 381 LIMIT_NETDEBUG(KERN_ERR "ip_frag_create: no memory left !\n");
@@ -387,11 +391,12 @@ static inline struct ipq *ip_find(struct iphdr *iph, u32 user)
387 __u32 saddr = iph->saddr; 391 __u32 saddr = iph->saddr;
388 __u32 daddr = iph->daddr; 392 __u32 daddr = iph->daddr;
389 __u8 protocol = iph->protocol; 393 __u8 protocol = iph->protocol;
390 unsigned int hash = ipqhashfn(id, saddr, daddr, protocol); 394 unsigned int hash;
391 struct ipq *qp; 395 struct ipq *qp;
392 struct hlist_node *n; 396 struct hlist_node *n;
393 397
394 read_lock(&ipfrag_lock); 398 read_lock(&ipfrag_lock);
399 hash = ipqhashfn(id, saddr, daddr, protocol);
395 hlist_for_each_entry(qp, n, &ipq_hash[hash], list) { 400 hlist_for_each_entry(qp, n, &ipq_hash[hash], list) {
396 if(qp->id == id && 401 if(qp->id == id &&
397 qp->saddr == saddr && 402 qp->saddr == saddr &&
@@ -405,7 +410,7 @@ static inline struct ipq *ip_find(struct iphdr *iph, u32 user)
405 } 410 }
406 read_unlock(&ipfrag_lock); 411 read_unlock(&ipfrag_lock);
407 412
408 return ip_frag_create(hash, iph, user); 413 return ip_frag_create(iph, user);
409} 414}
410 415
411/* Is the fragment too far ahead to be part of ipq? */ 416/* Is the fragment too far ahead to be part of ipq? */
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index 9981dcd68f11..ab99bebdcdc8 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -656,7 +656,7 @@ static int ipgre_rcv(struct sk_buff *skb)
656 read_unlock(&ipgre_lock); 656 read_unlock(&ipgre_lock);
657 return(0); 657 return(0);
658 } 658 }
659 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PROT_UNREACH, 0); 659 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
660 660
661drop: 661drop:
662 read_unlock(&ipgre_lock); 662 read_unlock(&ipgre_lock);
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index f75ff1d96551..8dcba3887f04 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -86,8 +86,6 @@
86 86
87int sysctl_ip_default_ttl = IPDEFTTL; 87int sysctl_ip_default_ttl = IPDEFTTL;
88 88
89static int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*));
90
91/* Generate a checksum for an outgoing IP datagram. */ 89/* Generate a checksum for an outgoing IP datagram. */
92__inline__ void ip_send_check(struct iphdr *iph) 90__inline__ void ip_send_check(struct iphdr *iph)
93{ 91{
@@ -421,7 +419,7 @@ static void ip_copy_metadata(struct sk_buff *to, struct sk_buff *from)
421 * single device frame, and queue such a frame for sending. 419 * single device frame, and queue such a frame for sending.
422 */ 420 */
423 421
424static int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*)) 422int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*))
425{ 423{
426 struct iphdr *iph; 424 struct iphdr *iph;
427 int raw = 0; 425 int raw = 0;
@@ -673,6 +671,8 @@ fail:
673 return err; 671 return err;
674} 672}
675 673
674EXPORT_SYMBOL(ip_fragment);
675
676int 676int
677ip_generic_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb) 677ip_generic_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
678{ 678{
diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
index 0a1d86a0f632..04a429465665 100644
--- a/net/ipv4/ipcomp.c
+++ b/net/ipv4/ipcomp.c
@@ -290,7 +290,7 @@ static void ipcomp_free_scratches(void)
290 if (!scratches) 290 if (!scratches)
291 return; 291 return;
292 292
293 for_each_cpu(i) { 293 for_each_possible_cpu(i) {
294 void *scratch = *per_cpu_ptr(scratches, i); 294 void *scratch = *per_cpu_ptr(scratches, i);
295 if (scratch) 295 if (scratch)
296 vfree(scratch); 296 vfree(scratch);
@@ -313,7 +313,7 @@ static void **ipcomp_alloc_scratches(void)
313 313
314 ipcomp_scratches = scratches; 314 ipcomp_scratches = scratches;
315 315
316 for_each_cpu(i) { 316 for_each_possible_cpu(i) {
317 void *scratch = vmalloc(IPCOMP_SCRATCH_SIZE); 317 void *scratch = vmalloc(IPCOMP_SCRATCH_SIZE);
318 if (!scratch) 318 if (!scratch)
319 return NULL; 319 return NULL;
@@ -344,7 +344,7 @@ static void ipcomp_free_tfms(struct crypto_tfm **tfms)
344 if (!tfms) 344 if (!tfms)
345 return; 345 return;
346 346
347 for_each_cpu(cpu) { 347 for_each_possible_cpu(cpu) {
348 struct crypto_tfm *tfm = *per_cpu_ptr(tfms, cpu); 348 struct crypto_tfm *tfm = *per_cpu_ptr(tfms, cpu);
349 crypto_free_tfm(tfm); 349 crypto_free_tfm(tfm);
350 } 350 }
@@ -384,7 +384,7 @@ static struct crypto_tfm **ipcomp_alloc_tfms(const char *alg_name)
384 if (!tfms) 384 if (!tfms)
385 goto error; 385 goto error;
386 386
387 for_each_cpu(cpu) { 387 for_each_possible_cpu(cpu) {
388 struct crypto_tfm *tfm = crypto_alloc_tfm(alg_name, 0); 388 struct crypto_tfm *tfm = crypto_alloc_tfm(alg_name, 0);
389 if (!tfm) 389 if (!tfm)
390 goto error; 390 goto error;
diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
index eef07b0916a3..ea398ee43f28 100644
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -474,9 +474,6 @@ static int ipip_rcv(struct sk_buff *skb)
474 struct iphdr *iph; 474 struct iphdr *iph;
475 struct ip_tunnel *tunnel; 475 struct ip_tunnel *tunnel;
476 476
477 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
478 goto out;
479
480 iph = skb->nh.iph; 477 iph = skb->nh.iph;
481 478
482 read_lock(&ipip_lock); 479 read_lock(&ipip_lock);
@@ -508,7 +505,6 @@ static int ipip_rcv(struct sk_buff *skb)
508 } 505 }
509 read_unlock(&ipip_lock); 506 read_unlock(&ipip_lock);
510 507
511out:
512 return -1; 508 return -1;
513} 509}
514 510
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index b5ad9ac2fbcc..6a9e34b794bc 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -133,7 +133,7 @@ struct ip_rt_info {
133 u_int8_t tos; 133 u_int8_t tos;
134}; 134};
135 135
136static void queue_save(const struct sk_buff *skb, struct nf_info *info) 136static void nf_ip_saveroute(const struct sk_buff *skb, struct nf_info *info)
137{ 137{
138 struct ip_rt_info *rt_info = nf_info_reroute(info); 138 struct ip_rt_info *rt_info = nf_info_reroute(info);
139 139
@@ -146,7 +146,7 @@ static void queue_save(const struct sk_buff *skb, struct nf_info *info)
146 } 146 }
147} 147}
148 148
149static int queue_reroute(struct sk_buff **pskb, const struct nf_info *info) 149static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info)
150{ 150{
151 const struct ip_rt_info *rt_info = nf_info_reroute(info); 151 const struct ip_rt_info *rt_info = nf_info_reroute(info);
152 152
@@ -161,20 +161,54 @@ static int queue_reroute(struct sk_buff **pskb, const struct nf_info *info)
161 return 0; 161 return 0;
162} 162}
163 163
164static struct nf_queue_rerouter ip_reroute = { 164unsigned int nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
165 .rer_size = sizeof(struct ip_rt_info), 165 unsigned int dataoff, u_int8_t protocol)
166 .save = queue_save, 166{
167 .reroute = queue_reroute, 167 struct iphdr *iph = skb->nh.iph;
168 unsigned int csum = 0;
169
170 switch (skb->ip_summed) {
171 case CHECKSUM_HW:
172 if (hook != NF_IP_PRE_ROUTING && hook != NF_IP_LOCAL_IN)
173 break;
174 if ((protocol == 0 && !(u16)csum_fold(skb->csum)) ||
175 !csum_tcpudp_magic(iph->saddr, iph->daddr,
176 skb->len - dataoff, protocol,
177 skb->csum)) {
178 skb->ip_summed = CHECKSUM_UNNECESSARY;
179 break;
180 }
181 /* fall through */
182 case CHECKSUM_NONE:
183 if (protocol == 0)
184 skb->csum = 0;
185 else
186 skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
187 skb->len - dataoff,
188 protocol, 0);
189 csum = __skb_checksum_complete(skb);
190 }
191 return csum;
192}
193
194EXPORT_SYMBOL(nf_ip_checksum);
195
196static struct nf_afinfo nf_ip_afinfo = {
197 .family = AF_INET,
198 .checksum = nf_ip_checksum,
199 .saveroute = nf_ip_saveroute,
200 .reroute = nf_ip_reroute,
201 .route_key_size = sizeof(struct ip_rt_info),
168}; 202};
169 203
170static int ipv4_netfilter_init(void) 204static int ipv4_netfilter_init(void)
171{ 205{
172 return nf_register_queue_rerouter(PF_INET, &ip_reroute); 206 return nf_register_afinfo(&nf_ip_afinfo);
173} 207}
174 208
175static void ipv4_netfilter_fini(void) 209static void ipv4_netfilter_fini(void)
176{ 210{
177 nf_unregister_queue_rerouter(PF_INET); 211 nf_unregister_afinfo(&nf_ip_afinfo);
178} 212}
179 213
180module_init(ipv4_netfilter_init); 214module_init(ipv4_netfilter_init);
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index 77855ccd6b43..c60fd5c4ea1e 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -69,6 +69,7 @@ config IP_NF_CONNTRACK_NETLINK
69 tristate 'Connection tracking netlink interface (EXPERIMENTAL)' 69 tristate 'Connection tracking netlink interface (EXPERIMENTAL)'
70 depends on EXPERIMENTAL && IP_NF_CONNTRACK && NETFILTER_NETLINK 70 depends on EXPERIMENTAL && IP_NF_CONNTRACK && NETFILTER_NETLINK
71 depends on IP_NF_CONNTRACK!=y || NETFILTER_NETLINK!=m 71 depends on IP_NF_CONNTRACK!=y || NETFILTER_NETLINK!=m
72 depends on IP_NF_NAT=n || IP_NF_NAT
72 help 73 help
73 This option enables support for a netlink-based userspace interface 74 This option enables support for a netlink-based userspace interface
74 75
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index a44a5d73457d..c2d92f99a2b8 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -646,7 +646,7 @@ static int translate_table(const char *name,
646 } 646 }
647 647
648 /* And one copy for every other CPU */ 648 /* And one copy for every other CPU */
649 for_each_cpu(i) { 649 for_each_possible_cpu(i) {
650 if (newinfo->entries[i] && newinfo->entries[i] != entry0) 650 if (newinfo->entries[i] && newinfo->entries[i] != entry0)
651 memcpy(newinfo->entries[i], entry0, newinfo->size); 651 memcpy(newinfo->entries[i], entry0, newinfo->size);
652 } 652 }
@@ -696,7 +696,7 @@ static void get_counters(const struct xt_table_info *t,
696 counters, 696 counters,
697 &i); 697 &i);
698 698
699 for_each_cpu(cpu) { 699 for_each_possible_cpu(cpu) {
700 if (cpu == curcpu) 700 if (cpu == curcpu)
701 continue; 701 continue;
702 i = 0; 702 i = 0;
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c
index d0d379c7df9a..d7c472faa53b 100644
--- a/net/ipv4/netfilter/arptable_filter.c
+++ b/net/ipv4/netfilter/arptable_filter.c
@@ -181,33 +181,26 @@ static struct nf_hook_ops arpt_ops[] = {
181 181
182static int __init arptable_filter_init(void) 182static int __init arptable_filter_init(void)
183{ 183{
184 int ret, i; 184 int ret;
185 185
186 /* Register table */ 186 /* Register table */
187 ret = arpt_register_table(&packet_filter, &initial_table.repl); 187 ret = arpt_register_table(&packet_filter, &initial_table.repl);
188 if (ret < 0) 188 if (ret < 0)
189 return ret; 189 return ret;
190 190
191 for (i = 0; i < ARRAY_SIZE(arpt_ops); i++) 191 ret = nf_register_hooks(arpt_ops, ARRAY_SIZE(arpt_ops));
192 if ((ret = nf_register_hook(&arpt_ops[i])) < 0) 192 if (ret < 0)
193 goto cleanup_hooks; 193 goto cleanup_table;
194 return ret; 194 return ret;
195 195
196cleanup_hooks: 196cleanup_table:
197 while (--i >= 0)
198 nf_unregister_hook(&arpt_ops[i]);
199
200 arpt_unregister_table(&packet_filter); 197 arpt_unregister_table(&packet_filter);
201 return ret; 198 return ret;
202} 199}
203 200
204static void __exit arptable_filter_fini(void) 201static void __exit arptable_filter_fini(void)
205{ 202{
206 unsigned int i; 203 nf_unregister_hooks(arpt_ops, ARRAY_SIZE(arpt_ops));
207
208 for (i = 0; i < ARRAY_SIZE(arpt_ops); i++)
209 nf_unregister_hook(&arpt_ops[i]);
210
211 arpt_unregister_table(&packet_filter); 204 arpt_unregister_table(&packet_filter);
212} 205}
213 206
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index ceaabc18202b..979a2eac6f00 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -133,7 +133,7 @@ static void ip_ct_event_cache_flush(void)
133 struct ip_conntrack_ecache *ecache; 133 struct ip_conntrack_ecache *ecache;
134 int cpu; 134 int cpu;
135 135
136 for_each_cpu(cpu) { 136 for_each_possible_cpu(cpu) {
137 ecache = &per_cpu(ip_conntrack_ecache, cpu); 137 ecache = &per_cpu(ip_conntrack_ecache, cpu);
138 if (ecache->ct) 138 if (ecache->ct)
139 ip_conntrack_put(ecache->ct); 139 ip_conntrack_put(ecache->ct);
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323.c b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
index daeb1395faa4..2c2fb700d835 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_h323.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
@@ -9,37 +9,6 @@
9 * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 9 * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
10 * 10 *
11 * For more information, please see http://nath323.sourceforge.net/ 11 * For more information, please see http://nath323.sourceforge.net/
12 *
13 * Changes:
14 * 2006-02-01 - initial version 0.1
15 *
16 * 2006-02-20 - version 0.2
17 * 1. Changed source format to follow kernel conventions
18 * 2. Deleted some unnecessary structures
19 * 3. Minor fixes
20 *
21 * 2006-03-10 - version 0.3
22 * 1. Added support for multiple TPKTs in one packet (suggested by
23 * Patrick McHardy)
24 * 2. Avoid excessive stack usage (based on Patrick McHardy's patch)
25 * 3. Added support for non-linear skb (based on Patrick McHardy's patch)
26 * 4. Fixed missing H.245 module owner (Patrick McHardy)
27 * 5. Avoid long RAS expectation chains (Patrick McHardy)
28 * 6. Fixed incorrect __exit attribute (Patrick McHardy)
29 * 7. Eliminated unnecessary return code
30 * 8. Fixed incorrect use of NAT data from conntrack code (suggested by
31 * Patrick McHardy)
32 * 9. Fixed TTL calculation error in RCF
33 * 10. Added TTL support in RRQ
34 * 11. Better support for separate TPKT header and data
35 *
36 * 2006-03-15 - version 0.4
37 * 1. Added support for T.120 channels
38 * 2. Added parameter gkrouted_only (suggested by Patrick McHardy)
39 * 3. Splitted ASN.1 code and data (suggested by Patrick McHardy)
40 * 4. Sort ASN.1 data to avoid forwarding declarations (suggested by
41 * Patrick McHardy)
42 * 5. Reset next TPKT data length in get_tpkt_data()
43 */ 12 */
44 13
45#include <linux/config.h> 14#include <linux/config.h>
@@ -54,8 +23,6 @@
54#include <linux/netfilter_ipv4/ip_conntrack_h323.h> 23#include <linux/netfilter_ipv4/ip_conntrack_h323.h>
55#include <linux/moduleparam.h> 24#include <linux/moduleparam.h>
56 25
57#include "ip_conntrack_helper_h323_asn1.h"
58
59#if 0 26#if 0
60#define DEBUGP printk 27#define DEBUGP printk
61#else 28#else
@@ -63,6 +30,10 @@
63#endif 30#endif
64 31
65/* Parameters */ 32/* Parameters */
33static unsigned int default_rrq_ttl = 300;
34module_param(default_rrq_ttl, uint, 0600);
35MODULE_PARM_DESC(default_rrq_ttl, "use this TTL if it's missing in RRQ");
36
66static int gkrouted_only = 1; 37static int gkrouted_only = 1;
67module_param(gkrouted_only, int, 0600); 38module_param(gkrouted_only, int, 0600);
68MODULE_PARM_DESC(gkrouted_only, "only accept calls from gatekeeper"); 39MODULE_PARM_DESC(gkrouted_only, "only accept calls from gatekeeper");
@@ -222,8 +193,8 @@ static int get_tpkt_data(struct sk_buff **pskb, struct ip_conntrack *ct,
222} 193}
223 194
224/****************************************************************************/ 195/****************************************************************************/
225int get_h245_addr(unsigned char *data, H245_TransportAddress * addr, 196static int get_h245_addr(unsigned char *data, H245_TransportAddress * addr,
226 u_int32_t * ip, u_int16_t * port) 197 u_int32_t * ip, u_int16_t * port)
227{ 198{
228 unsigned char *p; 199 unsigned char *p;
229 200
@@ -1302,7 +1273,7 @@ static int process_rrq(struct sk_buff **pskb, struct ip_conntrack *ct,
1302 DEBUGP("ip_ct_ras: RRQ TTL = %u seconds\n", rrq->timeToLive); 1273 DEBUGP("ip_ct_ras: RRQ TTL = %u seconds\n", rrq->timeToLive);
1303 info->timeout = rrq->timeToLive; 1274 info->timeout = rrq->timeToLive;
1304 } else 1275 } else
1305 info->timeout = 0; 1276 info->timeout = default_rrq_ttl;
1306 1277
1307 return 0; 1278 return 0;
1308} 1279}
@@ -1713,18 +1684,17 @@ static int __init init(void)
1713module_init(init); 1684module_init(init);
1714module_exit(fini); 1685module_exit(fini);
1715 1686
1716EXPORT_SYMBOL(get_h245_addr); 1687EXPORT_SYMBOL_GPL(get_h225_addr);
1717EXPORT_SYMBOL(get_h225_addr); 1688EXPORT_SYMBOL_GPL(ip_conntrack_h245_expect);
1718EXPORT_SYMBOL(ip_conntrack_h245_expect); 1689EXPORT_SYMBOL_GPL(ip_conntrack_q931_expect);
1719EXPORT_SYMBOL(ip_conntrack_q931_expect); 1690EXPORT_SYMBOL_GPL(set_h245_addr_hook);
1720EXPORT_SYMBOL(set_h245_addr_hook); 1691EXPORT_SYMBOL_GPL(set_h225_addr_hook);
1721EXPORT_SYMBOL(set_h225_addr_hook); 1692EXPORT_SYMBOL_GPL(set_sig_addr_hook);
1722EXPORT_SYMBOL(set_sig_addr_hook); 1693EXPORT_SYMBOL_GPL(set_ras_addr_hook);
1723EXPORT_SYMBOL(set_ras_addr_hook); 1694EXPORT_SYMBOL_GPL(nat_rtp_rtcp_hook);
1724EXPORT_SYMBOL(nat_rtp_rtcp_hook); 1695EXPORT_SYMBOL_GPL(nat_t120_hook);
1725EXPORT_SYMBOL(nat_t120_hook); 1696EXPORT_SYMBOL_GPL(nat_h245_hook);
1726EXPORT_SYMBOL(nat_h245_hook); 1697EXPORT_SYMBOL_GPL(nat_q931_hook);
1727EXPORT_SYMBOL(nat_q931_hook);
1728 1698
1729MODULE_AUTHOR("Jing Min Zhao <zhaojingmin@users.sourceforge.net>"); 1699MODULE_AUTHOR("Jing Min Zhao <zhaojingmin@users.sourceforge.net>");
1730MODULE_DESCRIPTION("H.323 connection tracking helper"); 1700MODULE_DESCRIPTION("H.323 connection tracking helper");
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c b/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c
index afa525129b51..48078002e450 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.c
@@ -15,7 +15,7 @@
15#else 15#else
16#include <stdio.h> 16#include <stdio.h>
17#endif 17#endif
18#include "ip_conntrack_helper_h323_asn1.h" 18#include <linux/netfilter_ipv4/ip_conntrack_helper_h323_asn1.h>
19 19
20/* Trace Flag */ 20/* Trace Flag */
21#ifndef H323_TRACE 21#ifndef H323_TRACE
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.h b/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.h
deleted file mode 100644
index 0bd828081c0c..000000000000
--- a/net/ipv4/netfilter/ip_conntrack_helper_h323_asn1.h
+++ /dev/null
@@ -1,98 +0,0 @@
1/****************************************************************************
2 * ip_conntrack_helper_h323_asn1.h - BER and PER decoding library for H.323
3 * conntrack/NAT module.
4 *
5 * Copyright (c) 2006 by Jing Min Zhao <zhaojingmin@hotmail.com>
6 *
7 * This source code is licensed under General Public License version 2.
8 *
9 *
10 * This library is based on H.225 version 4, H.235 version 2 and H.245
11 * version 7. It is extremely optimized to decode only the absolutely
12 * necessary objects in a signal for Linux kernel NAT module use, so don't
13 * expect it to be a full ASN.1 library.
14 *
15 * Features:
16 *
17 * 1. Small. The total size of code plus data is less than 20 KB (IA32).
18 * 2. Fast. Decoding Netmeeting's Setup signal 1 million times on a PIII 866
19 * takes only 3.9 seconds.
20 * 3. No memory allocation. It uses a static object. No need to initialize or
21 * cleanup.
22 * 4. Thread safe.
23 * 5. Support embedded architectures that has no misaligned memory access
24 * support.
25 *
26 * Limitations:
27 *
28 * 1. At most 30 faststart entries. Actually this is limited by ethernet's MTU.
29 * If a Setup signal contains more than 30 faststart, the packet size will
30 * very likely exceed the MTU size, then the TPKT will be fragmented. I
31 * don't know how to handle this in a Netfilter module. Anybody can help?
32 * Although I think 30 is enough for most of the cases.
33 * 2. IPv4 addresses only.
34 *
35 ****************************************************************************/
36
37#ifndef _IP_CONNTRACK_HELPER_H323_ASN1_H_
38#define _IP_CONNTRACK_HELPER_H323_ASN1_H_
39
40/*****************************************************************************
41 * H.323 Types
42 ****************************************************************************/
43#include "ip_conntrack_helper_h323_types.h"
44
45typedef struct {
46 enum {
47 Q931_NationalEscape = 0x00,
48 Q931_Alerting = 0x01,
49 Q931_CallProceeding = 0x02,
50 Q931_Connect = 0x07,
51 Q931_ConnectAck = 0x0F,
52 Q931_Progress = 0x03,
53 Q931_Setup = 0x05,
54 Q931_SetupAck = 0x0D,
55 Q931_Resume = 0x26,
56 Q931_ResumeAck = 0x2E,
57 Q931_ResumeReject = 0x22,
58 Q931_Suspend = 0x25,
59 Q931_SuspendAck = 0x2D,
60 Q931_SuspendReject = 0x21,
61 Q931_UserInformation = 0x20,
62 Q931_Disconnect = 0x45,
63 Q931_Release = 0x4D,
64 Q931_ReleaseComplete = 0x5A,
65 Q931_Restart = 0x46,
66 Q931_RestartAck = 0x4E,
67 Q931_Segment = 0x60,
68 Q931_CongestionCtrl = 0x79,
69 Q931_Information = 0x7B,
70 Q931_Notify = 0x6E,
71 Q931_Status = 0x7D,
72 Q931_StatusEnquiry = 0x75,
73 Q931_Facility = 0x62
74 } MessageType;
75 H323_UserInformation UUIE;
76} Q931;
77
78/*****************************************************************************
79 * Decode Functions Return Codes
80 ****************************************************************************/
81
82#define H323_ERROR_NONE 0 /* Decoded successfully */
83#define H323_ERROR_STOP 1 /* Decoding stopped, not really an error */
84#define H323_ERROR_BOUND -1
85#define H323_ERROR_RANGE -2
86
87
88/*****************************************************************************
89 * Decode Functions
90 ****************************************************************************/
91
92int DecodeRasMessage(unsigned char *buf, size_t sz, RasMessage * ras);
93int DecodeQ931(unsigned char *buf, size_t sz, Q931 * q931);
94int DecodeMultimediaSystemControlMessage(unsigned char *buf, size_t sz,
95 MultimediaSystemControlMessage *
96 mscm);
97
98#endif
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323_types.h b/net/ipv4/netfilter/ip_conntrack_helper_h323_types.h
deleted file mode 100644
index cc98f7aa5abe..000000000000
--- a/net/ipv4/netfilter/ip_conntrack_helper_h323_types.h
+++ /dev/null
@@ -1,938 +0,0 @@
1/* Generated by Jing Min Zhao's ASN.1 parser, Mar 15 2006
2 *
3 * Copyright (c) 2006 Jing Min Zhao <zhaojingmin@users.sourceforge.net>
4 *
5 * This source code is licensed under General Public License version 2.
6 */
7
8typedef struct TransportAddress_ipAddress { /* SEQUENCE */
9 int options; /* No use */
10 unsigned ip;
11} TransportAddress_ipAddress;
12
13typedef struct TransportAddress { /* CHOICE */
14 enum {
15 eTransportAddress_ipAddress,
16 eTransportAddress_ipSourceRoute,
17 eTransportAddress_ipxAddress,
18 eTransportAddress_ip6Address,
19 eTransportAddress_netBios,
20 eTransportAddress_nsap,
21 eTransportAddress_nonStandardAddress,
22 } choice;
23 union {
24 TransportAddress_ipAddress ipAddress;
25 };
26} TransportAddress;
27
28typedef struct DataProtocolCapability { /* CHOICE */
29 enum {
30 eDataProtocolCapability_nonStandard,
31 eDataProtocolCapability_v14buffered,
32 eDataProtocolCapability_v42lapm,
33 eDataProtocolCapability_hdlcFrameTunnelling,
34 eDataProtocolCapability_h310SeparateVCStack,
35 eDataProtocolCapability_h310SingleVCStack,
36 eDataProtocolCapability_transparent,
37 eDataProtocolCapability_segmentationAndReassembly,
38 eDataProtocolCapability_hdlcFrameTunnelingwSAR,
39 eDataProtocolCapability_v120,
40 eDataProtocolCapability_separateLANStack,
41 eDataProtocolCapability_v76wCompression,
42 eDataProtocolCapability_tcp,
43 eDataProtocolCapability_udp,
44 } choice;
45} DataProtocolCapability;
46
47typedef struct DataApplicationCapability_application { /* CHOICE */
48 enum {
49 eDataApplicationCapability_application_nonStandard,
50 eDataApplicationCapability_application_t120,
51 eDataApplicationCapability_application_dsm_cc,
52 eDataApplicationCapability_application_userData,
53 eDataApplicationCapability_application_t84,
54 eDataApplicationCapability_application_t434,
55 eDataApplicationCapability_application_h224,
56 eDataApplicationCapability_application_nlpid,
57 eDataApplicationCapability_application_dsvdControl,
58 eDataApplicationCapability_application_h222DataPartitioning,
59 eDataApplicationCapability_application_t30fax,
60 eDataApplicationCapability_application_t140,
61 eDataApplicationCapability_application_t38fax,
62 eDataApplicationCapability_application_genericDataCapability,
63 } choice;
64 union {
65 DataProtocolCapability t120;
66 };
67} DataApplicationCapability_application;
68
69typedef struct DataApplicationCapability { /* SEQUENCE */
70 int options; /* No use */
71 DataApplicationCapability_application application;
72} DataApplicationCapability;
73
74typedef struct DataType { /* CHOICE */
75 enum {
76 eDataType_nonStandard,
77 eDataType_nullData,
78 eDataType_videoData,
79 eDataType_audioData,
80 eDataType_data,
81 eDataType_encryptionData,
82 eDataType_h235Control,
83 eDataType_h235Media,
84 eDataType_multiplexedStream,
85 } choice;
86 union {
87 DataApplicationCapability data;
88 };
89} DataType;
90
91typedef struct UnicastAddress_iPAddress { /* SEQUENCE */
92 int options; /* No use */
93 unsigned network;
94} UnicastAddress_iPAddress;
95
96typedef struct UnicastAddress { /* CHOICE */
97 enum {
98 eUnicastAddress_iPAddress,
99 eUnicastAddress_iPXAddress,
100 eUnicastAddress_iP6Address,
101 eUnicastAddress_netBios,
102 eUnicastAddress_iPSourceRouteAddress,
103 eUnicastAddress_nsap,
104 eUnicastAddress_nonStandardAddress,
105 } choice;
106 union {
107 UnicastAddress_iPAddress iPAddress;
108 };
109} UnicastAddress;
110
111typedef struct H245_TransportAddress { /* CHOICE */
112 enum {
113 eH245_TransportAddress_unicastAddress,
114 eH245_TransportAddress_multicastAddress,
115 } choice;
116 union {
117 UnicastAddress unicastAddress;
118 };
119} H245_TransportAddress;
120
121typedef struct H2250LogicalChannelParameters { /* SEQUENCE */
122 enum {
123 eH2250LogicalChannelParameters_nonStandard = (1 << 31),
124 eH2250LogicalChannelParameters_associatedSessionID =
125 (1 << 30),
126 eH2250LogicalChannelParameters_mediaChannel = (1 << 29),
127 eH2250LogicalChannelParameters_mediaGuaranteedDelivery =
128 (1 << 28),
129 eH2250LogicalChannelParameters_mediaControlChannel =
130 (1 << 27),
131 eH2250LogicalChannelParameters_mediaControlGuaranteedDelivery
132 = (1 << 26),
133 eH2250LogicalChannelParameters_silenceSuppression = (1 << 25),
134 eH2250LogicalChannelParameters_destination = (1 << 24),
135 eH2250LogicalChannelParameters_dynamicRTPPayloadType =
136 (1 << 23),
137 eH2250LogicalChannelParameters_mediaPacketization = (1 << 22),
138 eH2250LogicalChannelParameters_transportCapability =
139 (1 << 21),
140 eH2250LogicalChannelParameters_redundancyEncoding = (1 << 20),
141 eH2250LogicalChannelParameters_source = (1 << 19),
142 } options;
143 H245_TransportAddress mediaChannel;
144 H245_TransportAddress mediaControlChannel;
145} H2250LogicalChannelParameters;
146
147typedef struct OpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters { /* CHOICE */
148 enum {
149 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h222LogicalChannelParameters,
150 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h223LogicalChannelParameters,
151 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_v76LogicalChannelParameters,
152 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters,
153 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_none,
154 } choice;
155 union {
156 H2250LogicalChannelParameters h2250LogicalChannelParameters;
157 };
158} OpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters;
159
160typedef struct OpenLogicalChannel_forwardLogicalChannelParameters { /* SEQUENCE */
161 enum {
162 eOpenLogicalChannel_forwardLogicalChannelParameters_portNumber
163 = (1 << 31),
164 eOpenLogicalChannel_forwardLogicalChannelParameters_forwardLogicalChannelDependency
165 = (1 << 30),
166 eOpenLogicalChannel_forwardLogicalChannelParameters_replacementFor
167 = (1 << 29),
168 } options;
169 DataType dataType;
170 OpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters
171 multiplexParameters;
172} OpenLogicalChannel_forwardLogicalChannelParameters;
173
174typedef struct OpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters { /* CHOICE */
175 enum {
176 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h223LogicalChannelParameters,
177 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_v76LogicalChannelParameters,
178 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters,
179 } choice;
180 union {
181 H2250LogicalChannelParameters h2250LogicalChannelParameters;
182 };
183} OpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters;
184
185typedef struct OpenLogicalChannel_reverseLogicalChannelParameters { /* SEQUENCE */
186 enum {
187 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters
188 = (1 << 31),
189 eOpenLogicalChannel_reverseLogicalChannelParameters_reverseLogicalChannelDependency
190 = (1 << 30),
191 eOpenLogicalChannel_reverseLogicalChannelParameters_replacementFor
192 = (1 << 29),
193 } options;
194 OpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters
195 multiplexParameters;
196} OpenLogicalChannel_reverseLogicalChannelParameters;
197
198typedef struct NetworkAccessParameters_networkAddress { /* CHOICE */
199 enum {
200 eNetworkAccessParameters_networkAddress_q2931Address,
201 eNetworkAccessParameters_networkAddress_e164Address,
202 eNetworkAccessParameters_networkAddress_localAreaAddress,
203 } choice;
204 union {
205 H245_TransportAddress localAreaAddress;
206 };
207} NetworkAccessParameters_networkAddress;
208
209typedef struct NetworkAccessParameters { /* SEQUENCE */
210 enum {
211 eNetworkAccessParameters_distribution = (1 << 31),
212 eNetworkAccessParameters_externalReference = (1 << 30),
213 eNetworkAccessParameters_t120SetupProcedure = (1 << 29),
214 } options;
215 NetworkAccessParameters_networkAddress networkAddress;
216} NetworkAccessParameters;
217
218typedef struct OpenLogicalChannel { /* SEQUENCE */
219 enum {
220 eOpenLogicalChannel_reverseLogicalChannelParameters =
221 (1 << 31),
222 eOpenLogicalChannel_separateStack = (1 << 30),
223 eOpenLogicalChannel_encryptionSync = (1 << 29),
224 } options;
225 OpenLogicalChannel_forwardLogicalChannelParameters
226 forwardLogicalChannelParameters;
227 OpenLogicalChannel_reverseLogicalChannelParameters
228 reverseLogicalChannelParameters;
229 NetworkAccessParameters separateStack;
230} OpenLogicalChannel;
231
232typedef struct Setup_UUIE_fastStart { /* SEQUENCE OF */
233 int count;
234 OpenLogicalChannel item[30];
235} Setup_UUIE_fastStart;
236
237typedef struct Setup_UUIE { /* SEQUENCE */
238 enum {
239 eSetup_UUIE_h245Address = (1 << 31),
240 eSetup_UUIE_sourceAddress = (1 << 30),
241 eSetup_UUIE_destinationAddress = (1 << 29),
242 eSetup_UUIE_destCallSignalAddress = (1 << 28),
243 eSetup_UUIE_destExtraCallInfo = (1 << 27),
244 eSetup_UUIE_destExtraCRV = (1 << 26),
245 eSetup_UUIE_callServices = (1 << 25),
246 eSetup_UUIE_sourceCallSignalAddress = (1 << 24),
247 eSetup_UUIE_remoteExtensionAddress = (1 << 23),
248 eSetup_UUIE_callIdentifier = (1 << 22),
249 eSetup_UUIE_h245SecurityCapability = (1 << 21),
250 eSetup_UUIE_tokens = (1 << 20),
251 eSetup_UUIE_cryptoTokens = (1 << 19),
252 eSetup_UUIE_fastStart = (1 << 18),
253 eSetup_UUIE_mediaWaitForConnect = (1 << 17),
254 eSetup_UUIE_canOverlapSend = (1 << 16),
255 eSetup_UUIE_endpointIdentifier = (1 << 15),
256 eSetup_UUIE_multipleCalls = (1 << 14),
257 eSetup_UUIE_maintainConnection = (1 << 13),
258 eSetup_UUIE_connectionParameters = (1 << 12),
259 eSetup_UUIE_language = (1 << 11),
260 eSetup_UUIE_presentationIndicator = (1 << 10),
261 eSetup_UUIE_screeningIndicator = (1 << 9),
262 eSetup_UUIE_serviceControl = (1 << 8),
263 eSetup_UUIE_symmetricOperationRequired = (1 << 7),
264 eSetup_UUIE_capacity = (1 << 6),
265 eSetup_UUIE_circuitInfo = (1 << 5),
266 eSetup_UUIE_desiredProtocols = (1 << 4),
267 eSetup_UUIE_neededFeatures = (1 << 3),
268 eSetup_UUIE_desiredFeatures = (1 << 2),
269 eSetup_UUIE_supportedFeatures = (1 << 1),
270 eSetup_UUIE_parallelH245Control = (1 << 0),
271 } options;
272 TransportAddress h245Address;
273 TransportAddress destCallSignalAddress;
274 TransportAddress sourceCallSignalAddress;
275 Setup_UUIE_fastStart fastStart;
276} Setup_UUIE;
277
278typedef struct CallProceeding_UUIE_fastStart { /* SEQUENCE OF */
279 int count;
280 OpenLogicalChannel item[30];
281} CallProceeding_UUIE_fastStart;
282
283typedef struct CallProceeding_UUIE { /* SEQUENCE */
284 enum {
285 eCallProceeding_UUIE_h245Address = (1 << 31),
286 eCallProceeding_UUIE_callIdentifier = (1 << 30),
287 eCallProceeding_UUIE_h245SecurityMode = (1 << 29),
288 eCallProceeding_UUIE_tokens = (1 << 28),
289 eCallProceeding_UUIE_cryptoTokens = (1 << 27),
290 eCallProceeding_UUIE_fastStart = (1 << 26),
291 eCallProceeding_UUIE_multipleCalls = (1 << 25),
292 eCallProceeding_UUIE_maintainConnection = (1 << 24),
293 eCallProceeding_UUIE_fastConnectRefused = (1 << 23),
294 eCallProceeding_UUIE_featureSet = (1 << 22),
295 } options;
296 TransportAddress h245Address;
297 CallProceeding_UUIE_fastStart fastStart;
298} CallProceeding_UUIE;
299
300typedef struct Connect_UUIE_fastStart { /* SEQUENCE OF */
301 int count;
302 OpenLogicalChannel item[30];
303} Connect_UUIE_fastStart;
304
305typedef struct Connect_UUIE { /* SEQUENCE */
306 enum {
307 eConnect_UUIE_h245Address = (1 << 31),
308 eConnect_UUIE_callIdentifier = (1 << 30),
309 eConnect_UUIE_h245SecurityMode = (1 << 29),
310 eConnect_UUIE_tokens = (1 << 28),
311 eConnect_UUIE_cryptoTokens = (1 << 27),
312 eConnect_UUIE_fastStart = (1 << 26),
313 eConnect_UUIE_multipleCalls = (1 << 25),
314 eConnect_UUIE_maintainConnection = (1 << 24),
315 eConnect_UUIE_language = (1 << 23),
316 eConnect_UUIE_connectedAddress = (1 << 22),
317 eConnect_UUIE_presentationIndicator = (1 << 21),
318 eConnect_UUIE_screeningIndicator = (1 << 20),
319 eConnect_UUIE_fastConnectRefused = (1 << 19),
320 eConnect_UUIE_serviceControl = (1 << 18),
321 eConnect_UUIE_capacity = (1 << 17),
322 eConnect_UUIE_featureSet = (1 << 16),
323 } options;
324 TransportAddress h245Address;
325 Connect_UUIE_fastStart fastStart;
326} Connect_UUIE;
327
328typedef struct Alerting_UUIE_fastStart { /* SEQUENCE OF */
329 int count;
330 OpenLogicalChannel item[30];
331} Alerting_UUIE_fastStart;
332
333typedef struct Alerting_UUIE { /* SEQUENCE */
334 enum {
335 eAlerting_UUIE_h245Address = (1 << 31),
336 eAlerting_UUIE_callIdentifier = (1 << 30),
337 eAlerting_UUIE_h245SecurityMode = (1 << 29),
338 eAlerting_UUIE_tokens = (1 << 28),
339 eAlerting_UUIE_cryptoTokens = (1 << 27),
340 eAlerting_UUIE_fastStart = (1 << 26),
341 eAlerting_UUIE_multipleCalls = (1 << 25),
342 eAlerting_UUIE_maintainConnection = (1 << 24),
343 eAlerting_UUIE_alertingAddress = (1 << 23),
344 eAlerting_UUIE_presentationIndicator = (1 << 22),
345 eAlerting_UUIE_screeningIndicator = (1 << 21),
346 eAlerting_UUIE_fastConnectRefused = (1 << 20),
347 eAlerting_UUIE_serviceControl = (1 << 19),
348 eAlerting_UUIE_capacity = (1 << 18),
349 eAlerting_UUIE_featureSet = (1 << 17),
350 } options;
351 TransportAddress h245Address;
352 Alerting_UUIE_fastStart fastStart;
353} Alerting_UUIE;
354
355typedef struct Information_UUIE_fastStart { /* SEQUENCE OF */
356 int count;
357 OpenLogicalChannel item[30];
358} Information_UUIE_fastStart;
359
360typedef struct Information_UUIE { /* SEQUENCE */
361 enum {
362 eInformation_UUIE_callIdentifier = (1 << 31),
363 eInformation_UUIE_tokens = (1 << 30),
364 eInformation_UUIE_cryptoTokens = (1 << 29),
365 eInformation_UUIE_fastStart = (1 << 28),
366 eInformation_UUIE_fastConnectRefused = (1 << 27),
367 eInformation_UUIE_circuitInfo = (1 << 26),
368 } options;
369 Information_UUIE_fastStart fastStart;
370} Information_UUIE;
371
372typedef struct FacilityReason { /* CHOICE */
373 enum {
374 eFacilityReason_routeCallToGatekeeper,
375 eFacilityReason_callForwarded,
376 eFacilityReason_routeCallToMC,
377 eFacilityReason_undefinedReason,
378 eFacilityReason_conferenceListChoice,
379 eFacilityReason_startH245,
380 eFacilityReason_noH245,
381 eFacilityReason_newTokens,
382 eFacilityReason_featureSetUpdate,
383 eFacilityReason_forwardedElements,
384 eFacilityReason_transportedInformation,
385 } choice;
386} FacilityReason;
387
388typedef struct Facility_UUIE_fastStart { /* SEQUENCE OF */
389 int count;
390 OpenLogicalChannel item[30];
391} Facility_UUIE_fastStart;
392
393typedef struct Facility_UUIE { /* SEQUENCE */
394 enum {
395 eFacility_UUIE_alternativeAddress = (1 << 31),
396 eFacility_UUIE_alternativeAliasAddress = (1 << 30),
397 eFacility_UUIE_conferenceID = (1 << 29),
398 eFacility_UUIE_callIdentifier = (1 << 28),
399 eFacility_UUIE_destExtraCallInfo = (1 << 27),
400 eFacility_UUIE_remoteExtensionAddress = (1 << 26),
401 eFacility_UUIE_tokens = (1 << 25),
402 eFacility_UUIE_cryptoTokens = (1 << 24),
403 eFacility_UUIE_conferences = (1 << 23),
404 eFacility_UUIE_h245Address = (1 << 22),
405 eFacility_UUIE_fastStart = (1 << 21),
406 eFacility_UUIE_multipleCalls = (1 << 20),
407 eFacility_UUIE_maintainConnection = (1 << 19),
408 eFacility_UUIE_fastConnectRefused = (1 << 18),
409 eFacility_UUIE_serviceControl = (1 << 17),
410 eFacility_UUIE_circuitInfo = (1 << 16),
411 eFacility_UUIE_featureSet = (1 << 15),
412 eFacility_UUIE_destinationInfo = (1 << 14),
413 eFacility_UUIE_h245SecurityMode = (1 << 13),
414 } options;
415 FacilityReason reason;
416 TransportAddress h245Address;
417 Facility_UUIE_fastStart fastStart;
418} Facility_UUIE;
419
420typedef struct Progress_UUIE_fastStart { /* SEQUENCE OF */
421 int count;
422 OpenLogicalChannel item[30];
423} Progress_UUIE_fastStart;
424
425typedef struct Progress_UUIE { /* SEQUENCE */
426 enum {
427 eProgress_UUIE_h245Address = (1 << 31),
428 eProgress_UUIE_h245SecurityMode = (1 << 30),
429 eProgress_UUIE_tokens = (1 << 29),
430 eProgress_UUIE_cryptoTokens = (1 << 28),
431 eProgress_UUIE_fastStart = (1 << 27),
432 eProgress_UUIE_multipleCalls = (1 << 26),
433 eProgress_UUIE_maintainConnection = (1 << 25),
434 eProgress_UUIE_fastConnectRefused = (1 << 24),
435 } options;
436 TransportAddress h245Address;
437 Progress_UUIE_fastStart fastStart;
438} Progress_UUIE;
439
440typedef struct H323_UU_PDU_h323_message_body { /* CHOICE */
441 enum {
442 eH323_UU_PDU_h323_message_body_setup,
443 eH323_UU_PDU_h323_message_body_callProceeding,
444 eH323_UU_PDU_h323_message_body_connect,
445 eH323_UU_PDU_h323_message_body_alerting,
446 eH323_UU_PDU_h323_message_body_information,
447 eH323_UU_PDU_h323_message_body_releaseComplete,
448 eH323_UU_PDU_h323_message_body_facility,
449 eH323_UU_PDU_h323_message_body_progress,
450 eH323_UU_PDU_h323_message_body_empty,
451 eH323_UU_PDU_h323_message_body_status,
452 eH323_UU_PDU_h323_message_body_statusInquiry,
453 eH323_UU_PDU_h323_message_body_setupAcknowledge,
454 eH323_UU_PDU_h323_message_body_notify,
455 } choice;
456 union {
457 Setup_UUIE setup;
458 CallProceeding_UUIE callProceeding;
459 Connect_UUIE connect;
460 Alerting_UUIE alerting;
461 Information_UUIE information;
462 Facility_UUIE facility;
463 Progress_UUIE progress;
464 };
465} H323_UU_PDU_h323_message_body;
466
467typedef struct RequestMessage { /* CHOICE */
468 enum {
469 eRequestMessage_nonStandard,
470 eRequestMessage_masterSlaveDetermination,
471 eRequestMessage_terminalCapabilitySet,
472 eRequestMessage_openLogicalChannel,
473 eRequestMessage_closeLogicalChannel,
474 eRequestMessage_requestChannelClose,
475 eRequestMessage_multiplexEntrySend,
476 eRequestMessage_requestMultiplexEntry,
477 eRequestMessage_requestMode,
478 eRequestMessage_roundTripDelayRequest,
479 eRequestMessage_maintenanceLoopRequest,
480 eRequestMessage_communicationModeRequest,
481 eRequestMessage_conferenceRequest,
482 eRequestMessage_multilinkRequest,
483 eRequestMessage_logicalChannelRateRequest,
484 } choice;
485 union {
486 OpenLogicalChannel openLogicalChannel;
487 };
488} RequestMessage;
489
490typedef struct OpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters { /* CHOICE */
491 enum {
492 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h222LogicalChannelParameters,
493 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters,
494 } choice;
495 union {
496 H2250LogicalChannelParameters h2250LogicalChannelParameters;
497 };
498} OpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters;
499
500typedef struct OpenLogicalChannelAck_reverseLogicalChannelParameters { /* SEQUENCE */
501 enum {
502 eOpenLogicalChannelAck_reverseLogicalChannelParameters_portNumber
503 = (1 << 31),
504 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters
505 = (1 << 30),
506 eOpenLogicalChannelAck_reverseLogicalChannelParameters_replacementFor
507 = (1 << 29),
508 } options;
509 OpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters
510 multiplexParameters;
511} OpenLogicalChannelAck_reverseLogicalChannelParameters;
512
513typedef struct H2250LogicalChannelAckParameters { /* SEQUENCE */
514 enum {
515 eH2250LogicalChannelAckParameters_nonStandard = (1 << 31),
516 eH2250LogicalChannelAckParameters_sessionID = (1 << 30),
517 eH2250LogicalChannelAckParameters_mediaChannel = (1 << 29),
518 eH2250LogicalChannelAckParameters_mediaControlChannel =
519 (1 << 28),
520 eH2250LogicalChannelAckParameters_dynamicRTPPayloadType =
521 (1 << 27),
522 eH2250LogicalChannelAckParameters_flowControlToZero =
523 (1 << 26),
524 eH2250LogicalChannelAckParameters_portNumber = (1 << 25),
525 } options;
526 H245_TransportAddress mediaChannel;
527 H245_TransportAddress mediaControlChannel;
528} H2250LogicalChannelAckParameters;
529
530typedef struct OpenLogicalChannelAck_forwardMultiplexAckParameters { /* CHOICE */
531 enum {
532 eOpenLogicalChannelAck_forwardMultiplexAckParameters_h2250LogicalChannelAckParameters,
533 } choice;
534 union {
535 H2250LogicalChannelAckParameters
536 h2250LogicalChannelAckParameters;
537 };
538} OpenLogicalChannelAck_forwardMultiplexAckParameters;
539
540typedef struct OpenLogicalChannelAck { /* SEQUENCE */
541 enum {
542 eOpenLogicalChannelAck_reverseLogicalChannelParameters =
543 (1 << 31),
544 eOpenLogicalChannelAck_separateStack = (1 << 30),
545 eOpenLogicalChannelAck_forwardMultiplexAckParameters =
546 (1 << 29),
547 eOpenLogicalChannelAck_encryptionSync = (1 << 28),
548 } options;
549 OpenLogicalChannelAck_reverseLogicalChannelParameters
550 reverseLogicalChannelParameters;
551 OpenLogicalChannelAck_forwardMultiplexAckParameters
552 forwardMultiplexAckParameters;
553} OpenLogicalChannelAck;
554
555typedef struct ResponseMessage { /* CHOICE */
556 enum {
557 eResponseMessage_nonStandard,
558 eResponseMessage_masterSlaveDeterminationAck,
559 eResponseMessage_masterSlaveDeterminationReject,
560 eResponseMessage_terminalCapabilitySetAck,
561 eResponseMessage_terminalCapabilitySetReject,
562 eResponseMessage_openLogicalChannelAck,
563 eResponseMessage_openLogicalChannelReject,
564 eResponseMessage_closeLogicalChannelAck,
565 eResponseMessage_requestChannelCloseAck,
566 eResponseMessage_requestChannelCloseReject,
567 eResponseMessage_multiplexEntrySendAck,
568 eResponseMessage_multiplexEntrySendReject,
569 eResponseMessage_requestMultiplexEntryAck,
570 eResponseMessage_requestMultiplexEntryReject,
571 eResponseMessage_requestModeAck,
572 eResponseMessage_requestModeReject,
573 eResponseMessage_roundTripDelayResponse,
574 eResponseMessage_maintenanceLoopAck,
575 eResponseMessage_maintenanceLoopReject,
576 eResponseMessage_communicationModeResponse,
577 eResponseMessage_conferenceResponse,
578 eResponseMessage_multilinkResponse,
579 eResponseMessage_logicalChannelRateAcknowledge,
580 eResponseMessage_logicalChannelRateReject,
581 } choice;
582 union {
583 OpenLogicalChannelAck openLogicalChannelAck;
584 };
585} ResponseMessage;
586
587typedef struct MultimediaSystemControlMessage { /* CHOICE */
588 enum {
589 eMultimediaSystemControlMessage_request,
590 eMultimediaSystemControlMessage_response,
591 eMultimediaSystemControlMessage_command,
592 eMultimediaSystemControlMessage_indication,
593 } choice;
594 union {
595 RequestMessage request;
596 ResponseMessage response;
597 };
598} MultimediaSystemControlMessage;
599
600typedef struct H323_UU_PDU_h245Control { /* SEQUENCE OF */
601 int count;
602 MultimediaSystemControlMessage item[4];
603} H323_UU_PDU_h245Control;
604
605typedef struct H323_UU_PDU { /* SEQUENCE */
606 enum {
607 eH323_UU_PDU_nonStandardData = (1 << 31),
608 eH323_UU_PDU_h4501SupplementaryService = (1 << 30),
609 eH323_UU_PDU_h245Tunneling = (1 << 29),
610 eH323_UU_PDU_h245Control = (1 << 28),
611 eH323_UU_PDU_nonStandardControl = (1 << 27),
612 eH323_UU_PDU_callLinkage = (1 << 26),
613 eH323_UU_PDU_tunnelledSignallingMessage = (1 << 25),
614 eH323_UU_PDU_provisionalRespToH245Tunneling = (1 << 24),
615 eH323_UU_PDU_stimulusControl = (1 << 23),
616 eH323_UU_PDU_genericData = (1 << 22),
617 } options;
618 H323_UU_PDU_h323_message_body h323_message_body;
619 H323_UU_PDU_h245Control h245Control;
620} H323_UU_PDU;
621
622typedef struct H323_UserInformation { /* SEQUENCE */
623 enum {
624 eH323_UserInformation_user_data = (1 << 31),
625 } options;
626 H323_UU_PDU h323_uu_pdu;
627} H323_UserInformation;
628
629typedef struct GatekeeperRequest { /* SEQUENCE */
630 enum {
631 eGatekeeperRequest_nonStandardData = (1 << 31),
632 eGatekeeperRequest_gatekeeperIdentifier = (1 << 30),
633 eGatekeeperRequest_callServices = (1 << 29),
634 eGatekeeperRequest_endpointAlias = (1 << 28),
635 eGatekeeperRequest_alternateEndpoints = (1 << 27),
636 eGatekeeperRequest_tokens = (1 << 26),
637 eGatekeeperRequest_cryptoTokens = (1 << 25),
638 eGatekeeperRequest_authenticationCapability = (1 << 24),
639 eGatekeeperRequest_algorithmOIDs = (1 << 23),
640 eGatekeeperRequest_integrity = (1 << 22),
641 eGatekeeperRequest_integrityCheckValue = (1 << 21),
642 eGatekeeperRequest_supportsAltGK = (1 << 20),
643 eGatekeeperRequest_featureSet = (1 << 19),
644 eGatekeeperRequest_genericData = (1 << 18),
645 } options;
646 TransportAddress rasAddress;
647} GatekeeperRequest;
648
649typedef struct GatekeeperConfirm { /* SEQUENCE */
650 enum {
651 eGatekeeperConfirm_nonStandardData = (1 << 31),
652 eGatekeeperConfirm_gatekeeperIdentifier = (1 << 30),
653 eGatekeeperConfirm_alternateGatekeeper = (1 << 29),
654 eGatekeeperConfirm_authenticationMode = (1 << 28),
655 eGatekeeperConfirm_tokens = (1 << 27),
656 eGatekeeperConfirm_cryptoTokens = (1 << 26),
657 eGatekeeperConfirm_algorithmOID = (1 << 25),
658 eGatekeeperConfirm_integrity = (1 << 24),
659 eGatekeeperConfirm_integrityCheckValue = (1 << 23),
660 eGatekeeperConfirm_featureSet = (1 << 22),
661 eGatekeeperConfirm_genericData = (1 << 21),
662 } options;
663 TransportAddress rasAddress;
664} GatekeeperConfirm;
665
666typedef struct RegistrationRequest_callSignalAddress { /* SEQUENCE OF */
667 int count;
668 TransportAddress item[10];
669} RegistrationRequest_callSignalAddress;
670
671typedef struct RegistrationRequest_rasAddress { /* SEQUENCE OF */
672 int count;
673 TransportAddress item[10];
674} RegistrationRequest_rasAddress;
675
676typedef struct RegistrationRequest { /* SEQUENCE */
677 enum {
678 eRegistrationRequest_nonStandardData = (1 << 31),
679 eRegistrationRequest_terminalAlias = (1 << 30),
680 eRegistrationRequest_gatekeeperIdentifier = (1 << 29),
681 eRegistrationRequest_alternateEndpoints = (1 << 28),
682 eRegistrationRequest_timeToLive = (1 << 27),
683 eRegistrationRequest_tokens = (1 << 26),
684 eRegistrationRequest_cryptoTokens = (1 << 25),
685 eRegistrationRequest_integrityCheckValue = (1 << 24),
686 eRegistrationRequest_keepAlive = (1 << 23),
687 eRegistrationRequest_endpointIdentifier = (1 << 22),
688 eRegistrationRequest_willSupplyUUIEs = (1 << 21),
689 eRegistrationRequest_maintainConnection = (1 << 20),
690 eRegistrationRequest_alternateTransportAddresses = (1 << 19),
691 eRegistrationRequest_additiveRegistration = (1 << 18),
692 eRegistrationRequest_terminalAliasPattern = (1 << 17),
693 eRegistrationRequest_supportsAltGK = (1 << 16),
694 eRegistrationRequest_usageReportingCapability = (1 << 15),
695 eRegistrationRequest_multipleCalls = (1 << 14),
696 eRegistrationRequest_supportedH248Packages = (1 << 13),
697 eRegistrationRequest_callCreditCapability = (1 << 12),
698 eRegistrationRequest_capacityReportingCapability = (1 << 11),
699 eRegistrationRequest_capacity = (1 << 10),
700 eRegistrationRequest_featureSet = (1 << 9),
701 eRegistrationRequest_genericData = (1 << 8),
702 } options;
703 RegistrationRequest_callSignalAddress callSignalAddress;
704 RegistrationRequest_rasAddress rasAddress;
705 unsigned timeToLive;
706} RegistrationRequest;
707
708typedef struct RegistrationConfirm_callSignalAddress { /* SEQUENCE OF */
709 int count;
710 TransportAddress item[10];
711} RegistrationConfirm_callSignalAddress;
712
713typedef struct RegistrationConfirm { /* SEQUENCE */
714 enum {
715 eRegistrationConfirm_nonStandardData = (1 << 31),
716 eRegistrationConfirm_terminalAlias = (1 << 30),
717 eRegistrationConfirm_gatekeeperIdentifier = (1 << 29),
718 eRegistrationConfirm_alternateGatekeeper = (1 << 28),
719 eRegistrationConfirm_timeToLive = (1 << 27),
720 eRegistrationConfirm_tokens = (1 << 26),
721 eRegistrationConfirm_cryptoTokens = (1 << 25),
722 eRegistrationConfirm_integrityCheckValue = (1 << 24),
723 eRegistrationConfirm_willRespondToIRR = (1 << 23),
724 eRegistrationConfirm_preGrantedARQ = (1 << 22),
725 eRegistrationConfirm_maintainConnection = (1 << 21),
726 eRegistrationConfirm_serviceControl = (1 << 20),
727 eRegistrationConfirm_supportsAdditiveRegistration = (1 << 19),
728 eRegistrationConfirm_terminalAliasPattern = (1 << 18),
729 eRegistrationConfirm_supportedPrefixes = (1 << 17),
730 eRegistrationConfirm_usageSpec = (1 << 16),
731 eRegistrationConfirm_featureServerAlias = (1 << 15),
732 eRegistrationConfirm_capacityReportingSpec = (1 << 14),
733 eRegistrationConfirm_featureSet = (1 << 13),
734 eRegistrationConfirm_genericData = (1 << 12),
735 } options;
736 RegistrationConfirm_callSignalAddress callSignalAddress;
737 unsigned timeToLive;
738} RegistrationConfirm;
739
740typedef struct UnregistrationRequest_callSignalAddress { /* SEQUENCE OF */
741 int count;
742 TransportAddress item[10];
743} UnregistrationRequest_callSignalAddress;
744
745typedef struct UnregistrationRequest { /* SEQUENCE */
746 enum {
747 eUnregistrationRequest_endpointAlias = (1 << 31),
748 eUnregistrationRequest_nonStandardData = (1 << 30),
749 eUnregistrationRequest_endpointIdentifier = (1 << 29),
750 eUnregistrationRequest_alternateEndpoints = (1 << 28),
751 eUnregistrationRequest_gatekeeperIdentifier = (1 << 27),
752 eUnregistrationRequest_tokens = (1 << 26),
753 eUnregistrationRequest_cryptoTokens = (1 << 25),
754 eUnregistrationRequest_integrityCheckValue = (1 << 24),
755 eUnregistrationRequest_reason = (1 << 23),
756 eUnregistrationRequest_endpointAliasPattern = (1 << 22),
757 eUnregistrationRequest_supportedPrefixes = (1 << 21),
758 eUnregistrationRequest_alternateGatekeeper = (1 << 20),
759 eUnregistrationRequest_genericData = (1 << 19),
760 } options;
761 UnregistrationRequest_callSignalAddress callSignalAddress;
762} UnregistrationRequest;
763
764typedef struct AdmissionRequest { /* SEQUENCE */
765 enum {
766 eAdmissionRequest_callModel = (1 << 31),
767 eAdmissionRequest_destinationInfo = (1 << 30),
768 eAdmissionRequest_destCallSignalAddress = (1 << 29),
769 eAdmissionRequest_destExtraCallInfo = (1 << 28),
770 eAdmissionRequest_srcCallSignalAddress = (1 << 27),
771 eAdmissionRequest_nonStandardData = (1 << 26),
772 eAdmissionRequest_callServices = (1 << 25),
773 eAdmissionRequest_canMapAlias = (1 << 24),
774 eAdmissionRequest_callIdentifier = (1 << 23),
775 eAdmissionRequest_srcAlternatives = (1 << 22),
776 eAdmissionRequest_destAlternatives = (1 << 21),
777 eAdmissionRequest_gatekeeperIdentifier = (1 << 20),
778 eAdmissionRequest_tokens = (1 << 19),
779 eAdmissionRequest_cryptoTokens = (1 << 18),
780 eAdmissionRequest_integrityCheckValue = (1 << 17),
781 eAdmissionRequest_transportQOS = (1 << 16),
782 eAdmissionRequest_willSupplyUUIEs = (1 << 15),
783 eAdmissionRequest_callLinkage = (1 << 14),
784 eAdmissionRequest_gatewayDataRate = (1 << 13),
785 eAdmissionRequest_capacity = (1 << 12),
786 eAdmissionRequest_circuitInfo = (1 << 11),
787 eAdmissionRequest_desiredProtocols = (1 << 10),
788 eAdmissionRequest_desiredTunnelledProtocol = (1 << 9),
789 eAdmissionRequest_featureSet = (1 << 8),
790 eAdmissionRequest_genericData = (1 << 7),
791 } options;
792 TransportAddress destCallSignalAddress;
793 TransportAddress srcCallSignalAddress;
794} AdmissionRequest;
795
796typedef struct AdmissionConfirm { /* SEQUENCE */
797 enum {
798 eAdmissionConfirm_irrFrequency = (1 << 31),
799 eAdmissionConfirm_nonStandardData = (1 << 30),
800 eAdmissionConfirm_destinationInfo = (1 << 29),
801 eAdmissionConfirm_destExtraCallInfo = (1 << 28),
802 eAdmissionConfirm_destinationType = (1 << 27),
803 eAdmissionConfirm_remoteExtensionAddress = (1 << 26),
804 eAdmissionConfirm_alternateEndpoints = (1 << 25),
805 eAdmissionConfirm_tokens = (1 << 24),
806 eAdmissionConfirm_cryptoTokens = (1 << 23),
807 eAdmissionConfirm_integrityCheckValue = (1 << 22),
808 eAdmissionConfirm_transportQOS = (1 << 21),
809 eAdmissionConfirm_willRespondToIRR = (1 << 20),
810 eAdmissionConfirm_uuiesRequested = (1 << 19),
811 eAdmissionConfirm_language = (1 << 18),
812 eAdmissionConfirm_alternateTransportAddresses = (1 << 17),
813 eAdmissionConfirm_useSpecifiedTransport = (1 << 16),
814 eAdmissionConfirm_circuitInfo = (1 << 15),
815 eAdmissionConfirm_usageSpec = (1 << 14),
816 eAdmissionConfirm_supportedProtocols = (1 << 13),
817 eAdmissionConfirm_serviceControl = (1 << 12),
818 eAdmissionConfirm_multipleCalls = (1 << 11),
819 eAdmissionConfirm_featureSet = (1 << 10),
820 eAdmissionConfirm_genericData = (1 << 9),
821 } options;
822 TransportAddress destCallSignalAddress;
823} AdmissionConfirm;
824
825typedef struct LocationRequest { /* SEQUENCE */
826 enum {
827 eLocationRequest_endpointIdentifier = (1 << 31),
828 eLocationRequest_nonStandardData = (1 << 30),
829 eLocationRequest_sourceInfo = (1 << 29),
830 eLocationRequest_canMapAlias = (1 << 28),
831 eLocationRequest_gatekeeperIdentifier = (1 << 27),
832 eLocationRequest_tokens = (1 << 26),
833 eLocationRequest_cryptoTokens = (1 << 25),
834 eLocationRequest_integrityCheckValue = (1 << 24),
835 eLocationRequest_desiredProtocols = (1 << 23),
836 eLocationRequest_desiredTunnelledProtocol = (1 << 22),
837 eLocationRequest_featureSet = (1 << 21),
838 eLocationRequest_genericData = (1 << 20),
839 eLocationRequest_hopCount = (1 << 19),
840 eLocationRequest_circuitInfo = (1 << 18),
841 } options;
842 TransportAddress replyAddress;
843} LocationRequest;
844
845typedef struct LocationConfirm { /* SEQUENCE */
846 enum {
847 eLocationConfirm_nonStandardData = (1 << 31),
848 eLocationConfirm_destinationInfo = (1 << 30),
849 eLocationConfirm_destExtraCallInfo = (1 << 29),
850 eLocationConfirm_destinationType = (1 << 28),
851 eLocationConfirm_remoteExtensionAddress = (1 << 27),
852 eLocationConfirm_alternateEndpoints = (1 << 26),
853 eLocationConfirm_tokens = (1 << 25),
854 eLocationConfirm_cryptoTokens = (1 << 24),
855 eLocationConfirm_integrityCheckValue = (1 << 23),
856 eLocationConfirm_alternateTransportAddresses = (1 << 22),
857 eLocationConfirm_supportedProtocols = (1 << 21),
858 eLocationConfirm_multipleCalls = (1 << 20),
859 eLocationConfirm_featureSet = (1 << 19),
860 eLocationConfirm_genericData = (1 << 18),
861 eLocationConfirm_circuitInfo = (1 << 17),
862 eLocationConfirm_serviceControl = (1 << 16),
863 } options;
864 TransportAddress callSignalAddress;
865 TransportAddress rasAddress;
866} LocationConfirm;
867
868typedef struct InfoRequestResponse_callSignalAddress { /* SEQUENCE OF */
869 int count;
870 TransportAddress item[10];
871} InfoRequestResponse_callSignalAddress;
872
873typedef struct InfoRequestResponse { /* SEQUENCE */
874 enum {
875 eInfoRequestResponse_nonStandardData = (1 << 31),
876 eInfoRequestResponse_endpointAlias = (1 << 30),
877 eInfoRequestResponse_perCallInfo = (1 << 29),
878 eInfoRequestResponse_tokens = (1 << 28),
879 eInfoRequestResponse_cryptoTokens = (1 << 27),
880 eInfoRequestResponse_integrityCheckValue = (1 << 26),
881 eInfoRequestResponse_needResponse = (1 << 25),
882 eInfoRequestResponse_capacity = (1 << 24),
883 eInfoRequestResponse_irrStatus = (1 << 23),
884 eInfoRequestResponse_unsolicited = (1 << 22),
885 eInfoRequestResponse_genericData = (1 << 21),
886 } options;
887 TransportAddress rasAddress;
888 InfoRequestResponse_callSignalAddress callSignalAddress;
889} InfoRequestResponse;
890
891typedef struct RasMessage { /* CHOICE */
892 enum {
893 eRasMessage_gatekeeperRequest,
894 eRasMessage_gatekeeperConfirm,
895 eRasMessage_gatekeeperReject,
896 eRasMessage_registrationRequest,
897 eRasMessage_registrationConfirm,
898 eRasMessage_registrationReject,
899 eRasMessage_unregistrationRequest,
900 eRasMessage_unregistrationConfirm,
901 eRasMessage_unregistrationReject,
902 eRasMessage_admissionRequest,
903 eRasMessage_admissionConfirm,
904 eRasMessage_admissionReject,
905 eRasMessage_bandwidthRequest,
906 eRasMessage_bandwidthConfirm,
907 eRasMessage_bandwidthReject,
908 eRasMessage_disengageRequest,
909 eRasMessage_disengageConfirm,
910 eRasMessage_disengageReject,
911 eRasMessage_locationRequest,
912 eRasMessage_locationConfirm,
913 eRasMessage_locationReject,
914 eRasMessage_infoRequest,
915 eRasMessage_infoRequestResponse,
916 eRasMessage_nonStandardMessage,
917 eRasMessage_unknownMessageResponse,
918 eRasMessage_requestInProgress,
919 eRasMessage_resourcesAvailableIndicate,
920 eRasMessage_resourcesAvailableConfirm,
921 eRasMessage_infoRequestAck,
922 eRasMessage_infoRequestNak,
923 eRasMessage_serviceControlIndication,
924 eRasMessage_serviceControlResponse,
925 } choice;
926 union {
927 GatekeeperRequest gatekeeperRequest;
928 GatekeeperConfirm gatekeeperConfirm;
929 RegistrationRequest registrationRequest;
930 RegistrationConfirm registrationConfirm;
931 UnregistrationRequest unregistrationRequest;
932 AdmissionRequest admissionRequest;
933 AdmissionConfirm admissionConfirm;
934 LocationRequest locationRequest;
935 LocationConfirm locationConfirm;
936 InfoRequestResponse infoRequestResponse;
937 };
938} RasMessage;
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
index 3021af0910f1..d8b14a9010a6 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
@@ -224,25 +224,14 @@ icmp_error(struct sk_buff *skb, enum ip_conntrack_info *ctinfo,
224 } 224 }
225 225
226 /* See ip_conntrack_proto_tcp.c */ 226 /* See ip_conntrack_proto_tcp.c */
227 if (hooknum != NF_IP_PRE_ROUTING) 227 if (hooknum == NF_IP_PRE_ROUTING &&
228 goto checksum_skipped; 228 nf_ip_checksum(skb, hooknum, skb->nh.iph->ihl * 4, 0)) {
229 229 if (LOG_INVALID(IPPROTO_ICMP))
230 switch (skb->ip_summed) { 230 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
231 case CHECKSUM_HW: 231 "ip_ct_icmp: bad ICMP checksum ");
232 if (!(u16)csum_fold(skb->csum)) 232 return -NF_ACCEPT;
233 break;
234 /* fall through */
235 case CHECKSUM_NONE:
236 skb->csum = 0;
237 if (__skb_checksum_complete(skb)) {
238 if (LOG_INVALID(IPPROTO_ICMP))
239 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
240 "ip_ct_icmp: bad ICMP checksum ");
241 return -NF_ACCEPT;
242 }
243 } 233 }
244 234
245checksum_skipped:
246 /* 235 /*
247 * 18 is the highest 'known' ICMP type. Anything else is a mystery 236 * 18 is the highest 'known' ICMP type. Anything else is a mystery
248 * 237 *
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
index e0dc37063545..062b252b58ad 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
@@ -870,11 +870,8 @@ static int tcp_error(struct sk_buff *skb,
870 * and moreover root might send raw packets. 870 * and moreover root might send raw packets.
871 */ 871 */
872 /* FIXME: Source route IP option packets --RR */ 872 /* FIXME: Source route IP option packets --RR */
873 if (hooknum == NF_IP_PRE_ROUTING 873 if (hooknum == NF_IP_PRE_ROUTING &&
874 && skb->ip_summed != CHECKSUM_UNNECESSARY 874 nf_ip_checksum(skb, hooknum, iph->ihl * 4, IPPROTO_TCP)) {
875 && csum_tcpudp_magic(iph->saddr, iph->daddr, tcplen, IPPROTO_TCP,
876 skb->ip_summed == CHECKSUM_HW ? skb->csum
877 : skb_checksum(skb, iph->ihl*4, tcplen, 0))) {
878 if (LOG_INVALID(IPPROTO_TCP)) 875 if (LOG_INVALID(IPPROTO_TCP))
879 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, 876 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
880 "ip_ct_tcp: bad TCP checksum "); 877 "ip_ct_tcp: bad TCP checksum ");
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_udp.c b/net/ipv4/netfilter/ip_conntrack_proto_udp.c
index 55b7d3210adf..70899868783b 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_udp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_udp.c
@@ -120,11 +120,8 @@ static int udp_error(struct sk_buff *skb, enum ip_conntrack_info *ctinfo,
120 * because the semantic of CHECKSUM_HW is different there 120 * because the semantic of CHECKSUM_HW is different there
121 * and moreover root might send raw packets. 121 * and moreover root might send raw packets.
122 * FIXME: Source route IP option packets --RR */ 122 * FIXME: Source route IP option packets --RR */
123 if (hooknum == NF_IP_PRE_ROUTING 123 if (hooknum == NF_IP_PRE_ROUTING &&
124 && skb->ip_summed != CHECKSUM_UNNECESSARY 124 nf_ip_checksum(skb, hooknum, iph->ihl * 4, IPPROTO_UDP)) {
125 && csum_tcpudp_magic(iph->saddr, iph->daddr, udplen, IPPROTO_UDP,
126 skb->ip_summed == CHECKSUM_HW ? skb->csum
127 : skb_checksum(skb, iph->ihl*4, udplen, 0))) {
128 if (LOG_INVALID(IPPROTO_UDP)) 125 if (LOG_INVALID(IPPROTO_UDP))
129 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, 126 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
130 "ip_ct_udp: bad UDP checksum "); 127 "ip_ct_udp: bad UDP checksum ");
diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c
index 52076026db36..929d61f7be91 100644
--- a/net/ipv4/netfilter/ip_conntrack_standalone.c
+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c
@@ -469,70 +469,63 @@ static unsigned int ip_conntrack_local(unsigned int hooknum,
469 469
470/* Connection tracking may drop packets, but never alters them, so 470/* Connection tracking may drop packets, but never alters them, so
471 make it the first hook. */ 471 make it the first hook. */
472static struct nf_hook_ops ip_conntrack_defrag_ops = { 472static struct nf_hook_ops ip_conntrack_ops[] = {
473 .hook = ip_conntrack_defrag, 473 {
474 .owner = THIS_MODULE, 474 .hook = ip_conntrack_defrag,
475 .pf = PF_INET, 475 .owner = THIS_MODULE,
476 .hooknum = NF_IP_PRE_ROUTING, 476 .pf = PF_INET,
477 .priority = NF_IP_PRI_CONNTRACK_DEFRAG, 477 .hooknum = NF_IP_PRE_ROUTING,
478}; 478 .priority = NF_IP_PRI_CONNTRACK_DEFRAG,
479 479 },
480static struct nf_hook_ops ip_conntrack_in_ops = { 480 {
481 .hook = ip_conntrack_in, 481 .hook = ip_conntrack_in,
482 .owner = THIS_MODULE, 482 .owner = THIS_MODULE,
483 .pf = PF_INET, 483 .pf = PF_INET,
484 .hooknum = NF_IP_PRE_ROUTING, 484 .hooknum = NF_IP_PRE_ROUTING,
485 .priority = NF_IP_PRI_CONNTRACK, 485 .priority = NF_IP_PRI_CONNTRACK,
486}; 486 },
487 487 {
488static struct nf_hook_ops ip_conntrack_defrag_local_out_ops = { 488 .hook = ip_conntrack_defrag,
489 .hook = ip_conntrack_defrag, 489 .owner = THIS_MODULE,
490 .owner = THIS_MODULE, 490 .pf = PF_INET,
491 .pf = PF_INET, 491 .hooknum = NF_IP_LOCAL_OUT,
492 .hooknum = NF_IP_LOCAL_OUT, 492 .priority = NF_IP_PRI_CONNTRACK_DEFRAG,
493 .priority = NF_IP_PRI_CONNTRACK_DEFRAG, 493 },
494}; 494 {
495 495 .hook = ip_conntrack_local,
496static struct nf_hook_ops ip_conntrack_local_out_ops = { 496 .owner = THIS_MODULE,
497 .hook = ip_conntrack_local, 497 .pf = PF_INET,
498 .owner = THIS_MODULE, 498 .hooknum = NF_IP_LOCAL_OUT,
499 .pf = PF_INET, 499 .priority = NF_IP_PRI_CONNTRACK,
500 .hooknum = NF_IP_LOCAL_OUT, 500 },
501 .priority = NF_IP_PRI_CONNTRACK, 501 {
502}; 502 .hook = ip_conntrack_help,
503 503 .owner = THIS_MODULE,
504/* helpers */ 504 .pf = PF_INET,
505static struct nf_hook_ops ip_conntrack_helper_out_ops = { 505 .hooknum = NF_IP_POST_ROUTING,
506 .hook = ip_conntrack_help, 506 .priority = NF_IP_PRI_CONNTRACK_HELPER,
507 .owner = THIS_MODULE, 507 },
508 .pf = PF_INET, 508 {
509 .hooknum = NF_IP_POST_ROUTING, 509 .hook = ip_conntrack_help,
510 .priority = NF_IP_PRI_CONNTRACK_HELPER, 510 .owner = THIS_MODULE,
511}; 511 .pf = PF_INET,
512 512 .hooknum = NF_IP_LOCAL_IN,
513static struct nf_hook_ops ip_conntrack_helper_in_ops = { 513 .priority = NF_IP_PRI_CONNTRACK_HELPER,
514 .hook = ip_conntrack_help, 514 },
515 .owner = THIS_MODULE, 515 {
516 .pf = PF_INET, 516 .hook = ip_confirm,
517 .hooknum = NF_IP_LOCAL_IN, 517 .owner = THIS_MODULE,
518 .priority = NF_IP_PRI_CONNTRACK_HELPER, 518 .pf = PF_INET,
519}; 519 .hooknum = NF_IP_POST_ROUTING,
520 520 .priority = NF_IP_PRI_CONNTRACK_CONFIRM,
521/* Refragmenter; last chance. */ 521 },
522static struct nf_hook_ops ip_conntrack_out_ops = { 522 {
523 .hook = ip_confirm, 523 .hook = ip_confirm,
524 .owner = THIS_MODULE, 524 .owner = THIS_MODULE,
525 .pf = PF_INET, 525 .pf = PF_INET,
526 .hooknum = NF_IP_POST_ROUTING, 526 .hooknum = NF_IP_LOCAL_IN,
527 .priority = NF_IP_PRI_CONNTRACK_CONFIRM, 527 .priority = NF_IP_PRI_CONNTRACK_CONFIRM,
528}; 528 },
529
530static struct nf_hook_ops ip_conntrack_local_in_ops = {
531 .hook = ip_confirm,
532 .owner = THIS_MODULE,
533 .pf = PF_INET,
534 .hooknum = NF_IP_LOCAL_IN,
535 .priority = NF_IP_PRI_CONNTRACK_CONFIRM,
536}; 529};
537 530
538/* Sysctl support */ 531/* Sysctl support */
@@ -783,18 +776,46 @@ static ctl_table ip_ct_net_table[] = {
783EXPORT_SYMBOL(ip_ct_log_invalid); 776EXPORT_SYMBOL(ip_ct_log_invalid);
784#endif /* CONFIG_SYSCTL */ 777#endif /* CONFIG_SYSCTL */
785 778
786static int init_or_cleanup(int init) 779/* FIXME: Allow NULL functions and sub in pointers to generic for
780 them. --RR */
781int ip_conntrack_protocol_register(struct ip_conntrack_protocol *proto)
782{
783 int ret = 0;
784
785 write_lock_bh(&ip_conntrack_lock);
786 if (ip_ct_protos[proto->proto] != &ip_conntrack_generic_protocol) {
787 ret = -EBUSY;
788 goto out;
789 }
790 ip_ct_protos[proto->proto] = proto;
791 out:
792 write_unlock_bh(&ip_conntrack_lock);
793 return ret;
794}
795
796void ip_conntrack_protocol_unregister(struct ip_conntrack_protocol *proto)
797{
798 write_lock_bh(&ip_conntrack_lock);
799 ip_ct_protos[proto->proto] = &ip_conntrack_generic_protocol;
800 write_unlock_bh(&ip_conntrack_lock);
801
802 /* Somebody could be still looking at the proto in bh. */
803 synchronize_net();
804
805 /* Remove all contrack entries for this protocol */
806 ip_ct_iterate_cleanup(kill_proto, &proto->proto);
807}
808
809static int __init ip_conntrack_standalone_init(void)
787{ 810{
788#ifdef CONFIG_PROC_FS 811#ifdef CONFIG_PROC_FS
789 struct proc_dir_entry *proc, *proc_exp, *proc_stat; 812 struct proc_dir_entry *proc, *proc_exp, *proc_stat;
790#endif 813#endif
791 int ret = 0; 814 int ret = 0;
792 815
793 if (!init) goto cleanup;
794
795 ret = ip_conntrack_init(); 816 ret = ip_conntrack_init();
796 if (ret < 0) 817 if (ret < 0)
797 goto cleanup_nothing; 818 return ret;
798 819
799#ifdef CONFIG_PROC_FS 820#ifdef CONFIG_PROC_FS
800 ret = -ENOMEM; 821 ret = -ENOMEM;
@@ -813,78 +834,25 @@ static int init_or_cleanup(int init)
813 proc_stat->owner = THIS_MODULE; 834 proc_stat->owner = THIS_MODULE;
814#endif 835#endif
815 836
816 ret = nf_register_hook(&ip_conntrack_defrag_ops); 837 ret = nf_register_hooks(ip_conntrack_ops, ARRAY_SIZE(ip_conntrack_ops));
817 if (ret < 0) { 838 if (ret < 0) {
818 printk("ip_conntrack: can't register pre-routing defrag hook.\n"); 839 printk("ip_conntrack: can't register hooks.\n");
819 goto cleanup_proc_stat; 840 goto cleanup_proc_stat;
820 } 841 }
821 ret = nf_register_hook(&ip_conntrack_defrag_local_out_ops);
822 if (ret < 0) {
823 printk("ip_conntrack: can't register local_out defrag hook.\n");
824 goto cleanup_defragops;
825 }
826 ret = nf_register_hook(&ip_conntrack_in_ops);
827 if (ret < 0) {
828 printk("ip_conntrack: can't register pre-routing hook.\n");
829 goto cleanup_defraglocalops;
830 }
831 ret = nf_register_hook(&ip_conntrack_local_out_ops);
832 if (ret < 0) {
833 printk("ip_conntrack: can't register local out hook.\n");
834 goto cleanup_inops;
835 }
836 ret = nf_register_hook(&ip_conntrack_helper_in_ops);
837 if (ret < 0) {
838 printk("ip_conntrack: can't register local in helper hook.\n");
839 goto cleanup_inandlocalops;
840 }
841 ret = nf_register_hook(&ip_conntrack_helper_out_ops);
842 if (ret < 0) {
843 printk("ip_conntrack: can't register postrouting helper hook.\n");
844 goto cleanup_helperinops;
845 }
846 ret = nf_register_hook(&ip_conntrack_out_ops);
847 if (ret < 0) {
848 printk("ip_conntrack: can't register post-routing hook.\n");
849 goto cleanup_helperoutops;
850 }
851 ret = nf_register_hook(&ip_conntrack_local_in_ops);
852 if (ret < 0) {
853 printk("ip_conntrack: can't register local in hook.\n");
854 goto cleanup_inoutandlocalops;
855 }
856#ifdef CONFIG_SYSCTL 842#ifdef CONFIG_SYSCTL
857 ip_ct_sysctl_header = register_sysctl_table(ip_ct_net_table, 0); 843 ip_ct_sysctl_header = register_sysctl_table(ip_ct_net_table, 0);
858 if (ip_ct_sysctl_header == NULL) { 844 if (ip_ct_sysctl_header == NULL) {
859 printk("ip_conntrack: can't register to sysctl.\n"); 845 printk("ip_conntrack: can't register to sysctl.\n");
860 ret = -ENOMEM; 846 ret = -ENOMEM;
861 goto cleanup_localinops; 847 goto cleanup_hooks;
862 } 848 }
863#endif 849#endif
864
865 return ret; 850 return ret;
866 851
867 cleanup:
868 synchronize_net();
869#ifdef CONFIG_SYSCTL 852#ifdef CONFIG_SYSCTL
870 unregister_sysctl_table(ip_ct_sysctl_header); 853 cleanup_hooks:
871 cleanup_localinops: 854 nf_unregister_hooks(ip_conntrack_ops, ARRAY_SIZE(ip_conntrack_ops));
872#endif 855#endif
873 nf_unregister_hook(&ip_conntrack_local_in_ops);
874 cleanup_inoutandlocalops:
875 nf_unregister_hook(&ip_conntrack_out_ops);
876 cleanup_helperoutops:
877 nf_unregister_hook(&ip_conntrack_helper_out_ops);
878 cleanup_helperinops:
879 nf_unregister_hook(&ip_conntrack_helper_in_ops);
880 cleanup_inandlocalops:
881 nf_unregister_hook(&ip_conntrack_local_out_ops);
882 cleanup_inops:
883 nf_unregister_hook(&ip_conntrack_in_ops);
884 cleanup_defraglocalops:
885 nf_unregister_hook(&ip_conntrack_defrag_local_out_ops);
886 cleanup_defragops:
887 nf_unregister_hook(&ip_conntrack_defrag_ops);
888 cleanup_proc_stat: 856 cleanup_proc_stat:
889#ifdef CONFIG_PROC_FS 857#ifdef CONFIG_PROC_FS
890 remove_proc_entry("ip_conntrack", proc_net_stat); 858 remove_proc_entry("ip_conntrack", proc_net_stat);
@@ -895,48 +863,22 @@ static int init_or_cleanup(int init)
895 cleanup_init: 863 cleanup_init:
896#endif /* CONFIG_PROC_FS */ 864#endif /* CONFIG_PROC_FS */
897 ip_conntrack_cleanup(); 865 ip_conntrack_cleanup();
898 cleanup_nothing:
899 return ret;
900}
901
902/* FIXME: Allow NULL functions and sub in pointers to generic for
903 them. --RR */
904int ip_conntrack_protocol_register(struct ip_conntrack_protocol *proto)
905{
906 int ret = 0;
907
908 write_lock_bh(&ip_conntrack_lock);
909 if (ip_ct_protos[proto->proto] != &ip_conntrack_generic_protocol) {
910 ret = -EBUSY;
911 goto out;
912 }
913 ip_ct_protos[proto->proto] = proto;
914 out:
915 write_unlock_bh(&ip_conntrack_lock);
916 return ret; 866 return ret;
917} 867}
918 868
919void ip_conntrack_protocol_unregister(struct ip_conntrack_protocol *proto)
920{
921 write_lock_bh(&ip_conntrack_lock);
922 ip_ct_protos[proto->proto] = &ip_conntrack_generic_protocol;
923 write_unlock_bh(&ip_conntrack_lock);
924
925 /* Somebody could be still looking at the proto in bh. */
926 synchronize_net();
927
928 /* Remove all contrack entries for this protocol */
929 ip_ct_iterate_cleanup(kill_proto, &proto->proto);
930}
931
932static int __init ip_conntrack_standalone_init(void)
933{
934 return init_or_cleanup(1);
935}
936
937static void __exit ip_conntrack_standalone_fini(void) 869static void __exit ip_conntrack_standalone_fini(void)
938{ 870{
939 init_or_cleanup(0); 871 synchronize_net();
872#ifdef CONFIG_SYSCTL
873 unregister_sysctl_table(ip_ct_sysctl_header);
874#endif
875 nf_unregister_hooks(ip_conntrack_ops, ARRAY_SIZE(ip_conntrack_ops));
876#ifdef CONFIG_PROC_FS
877 remove_proc_entry("ip_conntrack", proc_net_stat);
878 proc_net_remove("ip_conntrack_expect");
879 proc_net_remove("ip_conntrack");
880#endif /* CONFIG_PROC_FS */
881 ip_conntrack_cleanup();
940} 882}
941 883
942module_init(ip_conntrack_standalone_init); 884module_init(ip_conntrack_standalone_init);
diff --git a/net/ipv4/netfilter/ip_nat_helper_h323.c b/net/ipv4/netfilter/ip_nat_helper_h323.c
index a0bc883928c0..d45663d137a7 100644
--- a/net/ipv4/netfilter/ip_nat_helper_h323.c
+++ b/net/ipv4/netfilter/ip_nat_helper_h323.c
@@ -7,24 +7,6 @@
7 * 7 *
8 * Based on the 'brute force' H.323 NAT module by 8 * Based on the 'brute force' H.323 NAT module by
9 * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 9 * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
10 *
11 * Changes:
12 * 2006-02-01 - initial version 0.1
13 *
14 * 2006-02-20 - version 0.2
15 * 1. Changed source format to follow kernel conventions
16 * 2. Deleted some unnecessary structures
17 * 3. Minor fixes
18 *
19 * 2006-03-10 - version 0.3
20 * 1. Added support for multiple TPKTs in one packet (suggested by
21 * Patrick McHardy)
22 * 2. Added support for non-linear skb (based on Patrick McHardy's patch)
23 * 3. Eliminated unnecessary return code
24 *
25 * 2006-03-15 - version 0.4
26 * 1. Added support for T.120 channels
27 * 2. Added parameter gkrouted_only (suggested by Patrick McHardy)
28 */ 10 */
29 11
30#include <linux/module.h> 12#include <linux/module.h>
@@ -41,65 +23,12 @@
41#include <linux/netfilter_ipv4/ip_conntrack_h323.h> 23#include <linux/netfilter_ipv4/ip_conntrack_h323.h>
42#include <linux/netfilter_ipv4/ip_conntrack_helper.h> 24#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
43 25
44#include "ip_conntrack_helper_h323_asn1.h"
45
46#if 0 26#if 0
47#define DEBUGP printk 27#define DEBUGP printk
48#else 28#else
49#define DEBUGP(format, args...) 29#define DEBUGP(format, args...)
50#endif 30#endif
51 31
52extern int get_h245_addr(unsigned char *data, H245_TransportAddress * addr,
53 u_int32_t * ip, u_int16_t * port);
54extern int get_h225_addr(unsigned char *data, TransportAddress * addr,
55 u_int32_t * ip, u_int16_t * port);
56extern void ip_conntrack_h245_expect(struct ip_conntrack *new,
57 struct ip_conntrack_expect *this);
58extern void ip_conntrack_q931_expect(struct ip_conntrack *new,
59 struct ip_conntrack_expect *this);
60extern int (*set_h245_addr_hook) (struct sk_buff ** pskb,
61 unsigned char **data, int dataoff,
62 H245_TransportAddress * addr,
63 u_int32_t ip, u_int16_t port);
64extern int (*set_h225_addr_hook) (struct sk_buff ** pskb,
65 unsigned char **data, int dataoff,
66 TransportAddress * addr,
67 u_int32_t ip, u_int16_t port);
68extern int (*set_sig_addr_hook) (struct sk_buff ** pskb,
69 struct ip_conntrack * ct,
70 enum ip_conntrack_info ctinfo,
71 unsigned char **data,
72 TransportAddress * addr, int count);
73extern int (*set_ras_addr_hook) (struct sk_buff ** pskb,
74 struct ip_conntrack * ct,
75 enum ip_conntrack_info ctinfo,
76 unsigned char **data,
77 TransportAddress * addr, int count);
78extern int (*nat_rtp_rtcp_hook) (struct sk_buff ** pskb,
79 struct ip_conntrack * ct,
80 enum ip_conntrack_info ctinfo,
81 unsigned char **data, int dataoff,
82 H245_TransportAddress * addr,
83 u_int16_t port, u_int16_t rtp_port,
84 struct ip_conntrack_expect * rtp_exp,
85 struct ip_conntrack_expect * rtcp_exp);
86extern int (*nat_t120_hook) (struct sk_buff ** pskb, struct ip_conntrack * ct,
87 enum ip_conntrack_info ctinfo,
88 unsigned char **data, int dataoff,
89 H245_TransportAddress * addr, u_int16_t port,
90 struct ip_conntrack_expect * exp);
91extern int (*nat_h245_hook) (struct sk_buff ** pskb, struct ip_conntrack * ct,
92 enum ip_conntrack_info ctinfo,
93 unsigned char **data, int dataoff,
94 TransportAddress * addr, u_int16_t port,
95 struct ip_conntrack_expect * exp);
96extern int (*nat_q931_hook) (struct sk_buff ** pskb, struct ip_conntrack * ct,
97 enum ip_conntrack_info ctinfo,
98 unsigned char **data, TransportAddress * addr,
99 int idx, u_int16_t port,
100 struct ip_conntrack_expect * exp);
101
102
103/****************************************************************************/ 32/****************************************************************************/
104static int set_addr(struct sk_buff **pskb, 33static int set_addr(struct sk_buff **pskb,
105 unsigned char **data, int dataoff, 34 unsigned char **data, int dataoff,
diff --git a/net/ipv4/netfilter/ip_nat_rule.c b/net/ipv4/netfilter/ip_nat_rule.c
index efba8c4e42e0..1aba926c1cb0 100644
--- a/net/ipv4/netfilter/ip_nat_rule.c
+++ b/net/ipv4/netfilter/ip_nat_rule.c
@@ -279,7 +279,7 @@ static struct ipt_target ipt_dnat_reg = {
279 .target = ipt_dnat_target, 279 .target = ipt_dnat_target,
280 .targetsize = sizeof(struct ip_nat_multi_range_compat), 280 .targetsize = sizeof(struct ip_nat_multi_range_compat),
281 .table = "nat", 281 .table = "nat",
282 .hooks = 1 << NF_IP_PRE_ROUTING, 282 .hooks = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT),
283 .checkentry = ipt_dnat_checkentry, 283 .checkentry = ipt_dnat_checkentry,
284}; 284};
285 285
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
index 3505b0de2e04..8f760b28617e 100644
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -299,69 +299,63 @@ ip_nat_adjust(unsigned int hooknum,
299 299
300/* We must be after connection tracking and before packet filtering. */ 300/* We must be after connection tracking and before packet filtering. */
301 301
302/* Before packet filtering, change destination */ 302static struct nf_hook_ops ip_nat_ops[] = {
303static struct nf_hook_ops ip_nat_in_ops = { 303 /* Before packet filtering, change destination */
304 .hook = ip_nat_in, 304 {
305 .owner = THIS_MODULE, 305 .hook = ip_nat_in,
306 .pf = PF_INET, 306 .owner = THIS_MODULE,
307 .hooknum = NF_IP_PRE_ROUTING, 307 .pf = PF_INET,
308 .priority = NF_IP_PRI_NAT_DST, 308 .hooknum = NF_IP_PRE_ROUTING,
309 .priority = NF_IP_PRI_NAT_DST,
310 },
311 /* After packet filtering, change source */
312 {
313 .hook = ip_nat_out,
314 .owner = THIS_MODULE,
315 .pf = PF_INET,
316 .hooknum = NF_IP_POST_ROUTING,
317 .priority = NF_IP_PRI_NAT_SRC,
318 },
319 /* After conntrack, adjust sequence number */
320 {
321 .hook = ip_nat_adjust,
322 .owner = THIS_MODULE,
323 .pf = PF_INET,
324 .hooknum = NF_IP_POST_ROUTING,
325 .priority = NF_IP_PRI_NAT_SEQ_ADJUST,
326 },
327 /* Before packet filtering, change destination */
328 {
329 .hook = ip_nat_local_fn,
330 .owner = THIS_MODULE,
331 .pf = PF_INET,
332 .hooknum = NF_IP_LOCAL_OUT,
333 .priority = NF_IP_PRI_NAT_DST,
334 },
335 /* After packet filtering, change source */
336 {
337 .hook = ip_nat_fn,
338 .owner = THIS_MODULE,
339 .pf = PF_INET,
340 .hooknum = NF_IP_LOCAL_IN,
341 .priority = NF_IP_PRI_NAT_SRC,
342 },
343 /* After conntrack, adjust sequence number */
344 {
345 .hook = ip_nat_adjust,
346 .owner = THIS_MODULE,
347 .pf = PF_INET,
348 .hooknum = NF_IP_LOCAL_IN,
349 .priority = NF_IP_PRI_NAT_SEQ_ADJUST,
350 },
309}; 351};
310 352
311/* After packet filtering, change source */ 353static int __init ip_nat_standalone_init(void)
312static struct nf_hook_ops ip_nat_out_ops = {
313 .hook = ip_nat_out,
314 .owner = THIS_MODULE,
315 .pf = PF_INET,
316 .hooknum = NF_IP_POST_ROUTING,
317 .priority = NF_IP_PRI_NAT_SRC,
318};
319
320/* After conntrack, adjust sequence number */
321static struct nf_hook_ops ip_nat_adjust_out_ops = {
322 .hook = ip_nat_adjust,
323 .owner = THIS_MODULE,
324 .pf = PF_INET,
325 .hooknum = NF_IP_POST_ROUTING,
326 .priority = NF_IP_PRI_NAT_SEQ_ADJUST,
327};
328
329/* Before packet filtering, change destination */
330static struct nf_hook_ops ip_nat_local_out_ops = {
331 .hook = ip_nat_local_fn,
332 .owner = THIS_MODULE,
333 .pf = PF_INET,
334 .hooknum = NF_IP_LOCAL_OUT,
335 .priority = NF_IP_PRI_NAT_DST,
336};
337
338/* After packet filtering, change source for reply packets of LOCAL_OUT DNAT */
339static struct nf_hook_ops ip_nat_local_in_ops = {
340 .hook = ip_nat_fn,
341 .owner = THIS_MODULE,
342 .pf = PF_INET,
343 .hooknum = NF_IP_LOCAL_IN,
344 .priority = NF_IP_PRI_NAT_SRC,
345};
346
347/* After conntrack, adjust sequence number */
348static struct nf_hook_ops ip_nat_adjust_in_ops = {
349 .hook = ip_nat_adjust,
350 .owner = THIS_MODULE,
351 .pf = PF_INET,
352 .hooknum = NF_IP_LOCAL_IN,
353 .priority = NF_IP_PRI_NAT_SEQ_ADJUST,
354};
355
356
357static int init_or_cleanup(int init)
358{ 354{
359 int ret = 0; 355 int ret = 0;
360 356
361 need_conntrack(); 357 need_conntrack();
362 358
363 if (!init) goto cleanup;
364
365#ifdef CONFIG_XFRM 359#ifdef CONFIG_XFRM
366 BUG_ON(ip_nat_decode_session != NULL); 360 BUG_ON(ip_nat_decode_session != NULL);
367 ip_nat_decode_session = nat_decode_session; 361 ip_nat_decode_session = nat_decode_session;
@@ -371,50 +365,13 @@ static int init_or_cleanup(int init)
371 printk("ip_nat_init: can't setup rules.\n"); 365 printk("ip_nat_init: can't setup rules.\n");
372 goto cleanup_decode_session; 366 goto cleanup_decode_session;
373 } 367 }
374 ret = nf_register_hook(&ip_nat_in_ops); 368 ret = nf_register_hooks(ip_nat_ops, ARRAY_SIZE(ip_nat_ops));
375 if (ret < 0) { 369 if (ret < 0) {
376 printk("ip_nat_init: can't register in hook.\n"); 370 printk("ip_nat_init: can't register hooks.\n");
377 goto cleanup_rule_init; 371 goto cleanup_rule_init;
378 } 372 }
379 ret = nf_register_hook(&ip_nat_out_ops);
380 if (ret < 0) {
381 printk("ip_nat_init: can't register out hook.\n");
382 goto cleanup_inops;
383 }
384 ret = nf_register_hook(&ip_nat_adjust_in_ops);
385 if (ret < 0) {
386 printk("ip_nat_init: can't register adjust in hook.\n");
387 goto cleanup_outops;
388 }
389 ret = nf_register_hook(&ip_nat_adjust_out_ops);
390 if (ret < 0) {
391 printk("ip_nat_init: can't register adjust out hook.\n");
392 goto cleanup_adjustin_ops;
393 }
394 ret = nf_register_hook(&ip_nat_local_out_ops);
395 if (ret < 0) {
396 printk("ip_nat_init: can't register local out hook.\n");
397 goto cleanup_adjustout_ops;
398 }
399 ret = nf_register_hook(&ip_nat_local_in_ops);
400 if (ret < 0) {
401 printk("ip_nat_init: can't register local in hook.\n");
402 goto cleanup_localoutops;
403 }
404 return ret; 373 return ret;
405 374
406 cleanup:
407 nf_unregister_hook(&ip_nat_local_in_ops);
408 cleanup_localoutops:
409 nf_unregister_hook(&ip_nat_local_out_ops);
410 cleanup_adjustout_ops:
411 nf_unregister_hook(&ip_nat_adjust_out_ops);
412 cleanup_adjustin_ops:
413 nf_unregister_hook(&ip_nat_adjust_in_ops);
414 cleanup_outops:
415 nf_unregister_hook(&ip_nat_out_ops);
416 cleanup_inops:
417 nf_unregister_hook(&ip_nat_in_ops);
418 cleanup_rule_init: 375 cleanup_rule_init:
419 ip_nat_rule_cleanup(); 376 ip_nat_rule_cleanup();
420 cleanup_decode_session: 377 cleanup_decode_session:
@@ -425,14 +382,14 @@ static int init_or_cleanup(int init)
425 return ret; 382 return ret;
426} 383}
427 384
428static int __init ip_nat_standalone_init(void)
429{
430 return init_or_cleanup(1);
431}
432
433static void __exit ip_nat_standalone_fini(void) 385static void __exit ip_nat_standalone_fini(void)
434{ 386{
435 init_or_cleanup(0); 387 nf_unregister_hooks(ip_nat_ops, ARRAY_SIZE(ip_nat_ops));
388 ip_nat_rule_cleanup();
389#ifdef CONFIG_XFRM
390 ip_nat_decode_session = NULL;
391 synchronize_net();
392#endif
436} 393}
437 394
438module_init(ip_nat_standalone_init); 395module_init(ip_nat_standalone_init);
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index 896a244f8f91..b93f0494362f 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -662,15 +662,11 @@ static struct nf_queue_handler nfqh = {
662 .outfn = &ipq_enqueue_packet, 662 .outfn = &ipq_enqueue_packet,
663}; 663};
664 664
665static int 665static int __init ip_queue_init(void)
666init_or_cleanup(int init)
667{ 666{
668 int status = -ENOMEM; 667 int status = -ENOMEM;
669 struct proc_dir_entry *proc; 668 struct proc_dir_entry *proc;
670 669
671 if (!init)
672 goto cleanup;
673
674 netlink_register_notifier(&ipq_nl_notifier); 670 netlink_register_notifier(&ipq_nl_notifier);
675 ipqnl = netlink_kernel_create(NETLINK_FIREWALL, 0, ipq_rcv_sk, 671 ipqnl = netlink_kernel_create(NETLINK_FIREWALL, 0, ipq_rcv_sk,
676 THIS_MODULE); 672 THIS_MODULE);
@@ -697,11 +693,6 @@ init_or_cleanup(int init)
697 } 693 }
698 return status; 694 return status;
699 695
700cleanup:
701 nf_unregister_queue_handlers(&nfqh);
702 synchronize_net();
703 ipq_flush(NF_DROP);
704
705cleanup_sysctl: 696cleanup_sysctl:
706 unregister_sysctl_table(ipq_sysctl_header); 697 unregister_sysctl_table(ipq_sysctl_header);
707 unregister_netdevice_notifier(&ipq_dev_notifier); 698 unregister_netdevice_notifier(&ipq_dev_notifier);
@@ -717,15 +708,21 @@ cleanup_netlink_notifier:
717 return status; 708 return status;
718} 709}
719 710
720static int __init ip_queue_init(void)
721{
722
723 return init_or_cleanup(1);
724}
725
726static void __exit ip_queue_fini(void) 711static void __exit ip_queue_fini(void)
727{ 712{
728 init_or_cleanup(0); 713 nf_unregister_queue_handlers(&nfqh);
714 synchronize_net();
715 ipq_flush(NF_DROP);
716
717 unregister_sysctl_table(ipq_sysctl_header);
718 unregister_netdevice_notifier(&ipq_dev_notifier);
719 proc_net_remove(IPQ_PROC_FS_NAME);
720
721 sock_release(ipqnl->sk_socket);
722 mutex_lock(&ipqnl_mutex);
723 mutex_unlock(&ipqnl_mutex);
724
725 netlink_unregister_notifier(&ipq_nl_notifier);
729} 726}
730 727
731MODULE_DESCRIPTION("IPv4 packet queue handler"); 728MODULE_DESCRIPTION("IPv4 packet queue handler");
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index d5b8cdd361ce..d25ac8ba6eba 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -735,7 +735,7 @@ translate_table(const char *name,
735 } 735 }
736 736
737 /* And one copy for every other CPU */ 737 /* And one copy for every other CPU */
738 for_each_cpu(i) { 738 for_each_possible_cpu(i) {
739 if (newinfo->entries[i] && newinfo->entries[i] != entry0) 739 if (newinfo->entries[i] && newinfo->entries[i] != entry0)
740 memcpy(newinfo->entries[i], entry0, newinfo->size); 740 memcpy(newinfo->entries[i], entry0, newinfo->size);
741 } 741 }
@@ -788,7 +788,7 @@ get_counters(const struct xt_table_info *t,
788 counters, 788 counters,
789 &i); 789 &i);
790 790
791 for_each_cpu(cpu) { 791 for_each_possible_cpu(cpu) {
792 if (cpu == curcpu) 792 if (cpu == curcpu)
793 continue; 793 continue;
794 i = 0; 794 i = 0;
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index e4768a31718b..aad9d28c8d71 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -725,22 +725,17 @@ static struct file_operations clusterip_proc_fops = {
725 725
726#endif /* CONFIG_PROC_FS */ 726#endif /* CONFIG_PROC_FS */
727 727
728static int init_or_cleanup(int fini) 728static int __init ipt_clusterip_init(void)
729{ 729{
730 int ret; 730 int ret;
731 731
732 if (fini) 732 ret = ipt_register_target(&clusterip_tgt);
733 goto cleanup; 733 if (ret < 0)
734 734 return ret;
735 if (ipt_register_target(&clusterip_tgt)) {
736 ret = -EINVAL;
737 goto cleanup_none;
738 }
739 735
740 if (nf_register_hook(&cip_arp_ops) < 0) { 736 ret = nf_register_hook(&cip_arp_ops);
741 ret = -EINVAL; 737 if (ret < 0)
742 goto cleanup_target; 738 goto cleanup_target;
743 }
744 739
745#ifdef CONFIG_PROC_FS 740#ifdef CONFIG_PROC_FS
746 clusterip_procdir = proc_mkdir("ipt_CLUSTERIP", proc_net); 741 clusterip_procdir = proc_mkdir("ipt_CLUSTERIP", proc_net);
@@ -753,31 +748,24 @@ static int init_or_cleanup(int fini)
753 748
754 printk(KERN_NOTICE "ClusterIP Version %s loaded successfully\n", 749 printk(KERN_NOTICE "ClusterIP Version %s loaded successfully\n",
755 CLUSTERIP_VERSION); 750 CLUSTERIP_VERSION);
756
757 return 0; 751 return 0;
758 752
759cleanup:
760 printk(KERN_NOTICE "ClusterIP Version %s unloading\n",
761 CLUSTERIP_VERSION);
762#ifdef CONFIG_PROC_FS
763 remove_proc_entry(clusterip_procdir->name, clusterip_procdir->parent);
764#endif
765cleanup_hook: 753cleanup_hook:
766 nf_unregister_hook(&cip_arp_ops); 754 nf_unregister_hook(&cip_arp_ops);
767cleanup_target: 755cleanup_target:
768 ipt_unregister_target(&clusterip_tgt); 756 ipt_unregister_target(&clusterip_tgt);
769cleanup_none: 757 return ret;
770 return -EINVAL;
771}
772
773static int __init ipt_clusterip_init(void)
774{
775 return init_or_cleanup(0);
776} 758}
777 759
778static void __exit ipt_clusterip_fini(void) 760static void __exit ipt_clusterip_fini(void)
779{ 761{
780 init_or_cleanup(1); 762 printk(KERN_NOTICE "ClusterIP Version %s unloading\n",
763 CLUSTERIP_VERSION);
764#ifdef CONFIG_PROC_FS
765 remove_proc_entry(clusterip_procdir->name, clusterip_procdir->parent);
766#endif
767 nf_unregister_hook(&cip_arp_ops);
768 ipt_unregister_target(&clusterip_tgt);
781} 769}
782 770
783module_init(ipt_clusterip_init); 771module_init(ipt_clusterip_init);
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index 4269a5440d43..0bba3c2bb786 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -106,7 +106,6 @@ static void send_reset(struct sk_buff *oldskb, int hook)
106 struct rtable *rt; 106 struct rtable *rt;
107 u_int16_t tmp_port; 107 u_int16_t tmp_port;
108 u_int32_t tmp_addr; 108 u_int32_t tmp_addr;
109 unsigned int tcplen;
110 int needs_ack; 109 int needs_ack;
111 int hh_len; 110 int hh_len;
112 111
@@ -124,13 +123,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
124 return; 123 return;
125 124
126 /* Check checksum */ 125 /* Check checksum */
127 tcplen = oldskb->len - iph->ihl * 4; 126 if (nf_ip_checksum(oldskb, hook, iph->ihl * 4, IPPROTO_TCP))
128 if (((hook != NF_IP_LOCAL_IN && oldskb->ip_summed != CHECKSUM_HW) ||
129 (hook == NF_IP_LOCAL_IN &&
130 oldskb->ip_summed != CHECKSUM_UNNECESSARY)) &&
131 csum_tcpudp_magic(iph->saddr, iph->daddr, tcplen, IPPROTO_TCP,
132 oldskb->ip_summed == CHECKSUM_HW ? oldskb->csum :
133 skb_checksum(oldskb, iph->ihl * 4, tcplen, 0)))
134 return; 127 return;
135 128
136 if ((rt = route_reverse(oldskb, oth, hook)) == NULL) 129 if ((rt = route_reverse(oldskb, oth, hook)) == NULL)
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c
index 3d80aefe9cfa..7f417484bfbf 100644
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -157,37 +157,20 @@ static int __init iptable_filter_init(void)
157 return ret; 157 return ret;
158 158
159 /* Register hooks */ 159 /* Register hooks */
160 ret = nf_register_hook(&ipt_ops[0]); 160 ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
161 if (ret < 0) 161 if (ret < 0)
162 goto cleanup_table; 162 goto cleanup_table;
163 163
164 ret = nf_register_hook(&ipt_ops[1]);
165 if (ret < 0)
166 goto cleanup_hook0;
167
168 ret = nf_register_hook(&ipt_ops[2]);
169 if (ret < 0)
170 goto cleanup_hook1;
171
172 return ret; 164 return ret;
173 165
174 cleanup_hook1:
175 nf_unregister_hook(&ipt_ops[1]);
176 cleanup_hook0:
177 nf_unregister_hook(&ipt_ops[0]);
178 cleanup_table: 166 cleanup_table:
179 ipt_unregister_table(&packet_filter); 167 ipt_unregister_table(&packet_filter);
180
181 return ret; 168 return ret;
182} 169}
183 170
184static void __exit iptable_filter_fini(void) 171static void __exit iptable_filter_fini(void)
185{ 172{
186 unsigned int i; 173 nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
187
188 for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++)
189 nf_unregister_hook(&ipt_ops[i]);
190
191 ipt_unregister_table(&packet_filter); 174 ipt_unregister_table(&packet_filter);
192} 175}
193 176
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index 412fc96cc896..397b95cc026b 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -211,49 +211,20 @@ static int __init iptable_mangle_init(void)
211 return ret; 211 return ret;
212 212
213 /* Register hooks */ 213 /* Register hooks */
214 ret = nf_register_hook(&ipt_ops[0]); 214 ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
215 if (ret < 0) 215 if (ret < 0)
216 goto cleanup_table; 216 goto cleanup_table;
217 217
218 ret = nf_register_hook(&ipt_ops[1]);
219 if (ret < 0)
220 goto cleanup_hook0;
221
222 ret = nf_register_hook(&ipt_ops[2]);
223 if (ret < 0)
224 goto cleanup_hook1;
225
226 ret = nf_register_hook(&ipt_ops[3]);
227 if (ret < 0)
228 goto cleanup_hook2;
229
230 ret = nf_register_hook(&ipt_ops[4]);
231 if (ret < 0)
232 goto cleanup_hook3;
233
234 return ret; 218 return ret;
235 219
236 cleanup_hook3:
237 nf_unregister_hook(&ipt_ops[3]);
238 cleanup_hook2:
239 nf_unregister_hook(&ipt_ops[2]);
240 cleanup_hook1:
241 nf_unregister_hook(&ipt_ops[1]);
242 cleanup_hook0:
243 nf_unregister_hook(&ipt_ops[0]);
244 cleanup_table: 220 cleanup_table:
245 ipt_unregister_table(&packet_mangler); 221 ipt_unregister_table(&packet_mangler);
246
247 return ret; 222 return ret;
248} 223}
249 224
250static void __exit iptable_mangle_fini(void) 225static void __exit iptable_mangle_fini(void)
251{ 226{
252 unsigned int i; 227 nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
253
254 for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++)
255 nf_unregister_hook(&ipt_ops[i]);
256
257 ipt_unregister_table(&packet_mangler); 228 ipt_unregister_table(&packet_mangler);
258} 229}
259 230
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c
index 03cc79a6160a..7912cce1e1b8 100644
--- a/net/ipv4/netfilter/iptable_raw.c
+++ b/net/ipv4/netfilter/iptable_raw.c
@@ -101,18 +101,18 @@ ipt_hook(unsigned int hook,
101/* 'raw' is the very first table. */ 101/* 'raw' is the very first table. */
102static struct nf_hook_ops ipt_ops[] = { 102static struct nf_hook_ops ipt_ops[] = {
103 { 103 {
104 .hook = ipt_hook, 104 .hook = ipt_hook,
105 .pf = PF_INET, 105 .pf = PF_INET,
106 .hooknum = NF_IP_PRE_ROUTING, 106 .hooknum = NF_IP_PRE_ROUTING,
107 .priority = NF_IP_PRI_RAW, 107 .priority = NF_IP_PRI_RAW,
108 .owner = THIS_MODULE, 108 .owner = THIS_MODULE,
109 }, 109 },
110 { 110 {
111 .hook = ipt_hook, 111 .hook = ipt_hook,
112 .pf = PF_INET, 112 .pf = PF_INET,
113 .hooknum = NF_IP_LOCAL_OUT, 113 .hooknum = NF_IP_LOCAL_OUT,
114 .priority = NF_IP_PRI_RAW, 114 .priority = NF_IP_PRI_RAW,
115 .owner = THIS_MODULE, 115 .owner = THIS_MODULE,
116 }, 116 },
117}; 117};
118 118
@@ -126,31 +126,20 @@ static int __init iptable_raw_init(void)
126 return ret; 126 return ret;
127 127
128 /* Register hooks */ 128 /* Register hooks */
129 ret = nf_register_hook(&ipt_ops[0]); 129 ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
130 if (ret < 0) 130 if (ret < 0)
131 goto cleanup_table; 131 goto cleanup_table;
132 132
133 ret = nf_register_hook(&ipt_ops[1]);
134 if (ret < 0)
135 goto cleanup_hook0;
136
137 return ret; 133 return ret;
138 134
139 cleanup_hook0:
140 nf_unregister_hook(&ipt_ops[0]);
141 cleanup_table: 135 cleanup_table:
142 ipt_unregister_table(&packet_raw); 136 ipt_unregister_table(&packet_raw);
143
144 return ret; 137 return ret;
145} 138}
146 139
147static void __exit iptable_raw_fini(void) 140static void __exit iptable_raw_fini(void)
148{ 141{
149 unsigned int i; 142 nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
150
151 for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++)
152 nf_unregister_hook(&ipt_ops[i]);
153
154 ipt_unregister_table(&packet_raw); 143 ipt_unregister_table(&packet_raw);
155} 144}
156 145
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 4afbc699d3ba..5bc9f64d7b5b 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -210,71 +210,63 @@ static unsigned int ipv4_conntrack_local(unsigned int hooknum,
210 210
211/* Connection tracking may drop packets, but never alters them, so 211/* Connection tracking may drop packets, but never alters them, so
212 make it the first hook. */ 212 make it the first hook. */
213static struct nf_hook_ops ipv4_conntrack_defrag_ops = { 213static struct nf_hook_ops ipv4_conntrack_ops[] = {
214 .hook = ipv4_conntrack_defrag, 214 {
215 .owner = THIS_MODULE, 215 .hook = ipv4_conntrack_defrag,
216 .pf = PF_INET, 216 .owner = THIS_MODULE,
217 .hooknum = NF_IP_PRE_ROUTING, 217 .pf = PF_INET,
218 .priority = NF_IP_PRI_CONNTRACK_DEFRAG, 218 .hooknum = NF_IP_PRE_ROUTING,
219}; 219 .priority = NF_IP_PRI_CONNTRACK_DEFRAG,
220 220 },
221static struct nf_hook_ops ipv4_conntrack_in_ops = { 221 {
222 .hook = ipv4_conntrack_in, 222 .hook = ipv4_conntrack_in,
223 .owner = THIS_MODULE, 223 .owner = THIS_MODULE,
224 .pf = PF_INET, 224 .pf = PF_INET,
225 .hooknum = NF_IP_PRE_ROUTING, 225 .hooknum = NF_IP_PRE_ROUTING,
226 .priority = NF_IP_PRI_CONNTRACK, 226 .priority = NF_IP_PRI_CONNTRACK,
227}; 227 },
228 228 {
229static struct nf_hook_ops ipv4_conntrack_defrag_local_out_ops = { 229 .hook = ipv4_conntrack_defrag,
230 .hook = ipv4_conntrack_defrag, 230 .owner = THIS_MODULE,
231 .owner = THIS_MODULE, 231 .pf = PF_INET,
232 .pf = PF_INET, 232 .hooknum = NF_IP_LOCAL_OUT,
233 .hooknum = NF_IP_LOCAL_OUT, 233 .priority = NF_IP_PRI_CONNTRACK_DEFRAG,
234 .priority = NF_IP_PRI_CONNTRACK_DEFRAG, 234 },
235}; 235 {
236 236 .hook = ipv4_conntrack_local,
237static struct nf_hook_ops ipv4_conntrack_local_out_ops = { 237 .owner = THIS_MODULE,
238 .hook = ipv4_conntrack_local, 238 .pf = PF_INET,
239 .owner = THIS_MODULE, 239 .hooknum = NF_IP_LOCAL_OUT,
240 .pf = PF_INET, 240 .priority = NF_IP_PRI_CONNTRACK,
241 .hooknum = NF_IP_LOCAL_OUT, 241 },
242 .priority = NF_IP_PRI_CONNTRACK, 242 {
243}; 243 .hook = ipv4_conntrack_help,
244 244 .owner = THIS_MODULE,
245/* helpers */ 245 .pf = PF_INET,
246static struct nf_hook_ops ipv4_conntrack_helper_out_ops = { 246 .hooknum = NF_IP_POST_ROUTING,
247 .hook = ipv4_conntrack_help, 247 .priority = NF_IP_PRI_CONNTRACK_HELPER,
248 .owner = THIS_MODULE, 248 },
249 .pf = PF_INET, 249 {
250 .hooknum = NF_IP_POST_ROUTING, 250 .hook = ipv4_conntrack_help,
251 .priority = NF_IP_PRI_CONNTRACK_HELPER, 251 .owner = THIS_MODULE,
252}; 252 .pf = PF_INET,
253 253 .hooknum = NF_IP_LOCAL_IN,
254static struct nf_hook_ops ipv4_conntrack_helper_in_ops = { 254 .priority = NF_IP_PRI_CONNTRACK_HELPER,
255 .hook = ipv4_conntrack_help, 255 },
256 .owner = THIS_MODULE, 256 {
257 .pf = PF_INET, 257 .hook = ipv4_confirm,
258 .hooknum = NF_IP_LOCAL_IN, 258 .owner = THIS_MODULE,
259 .priority = NF_IP_PRI_CONNTRACK_HELPER, 259 .pf = PF_INET,
260}; 260 .hooknum = NF_IP_POST_ROUTING,
261 261 .priority = NF_IP_PRI_CONNTRACK_CONFIRM,
262 262 },
263/* Refragmenter; last chance. */ 263 {
264static struct nf_hook_ops ipv4_conntrack_out_ops = { 264 .hook = ipv4_confirm,
265 .hook = ipv4_confirm, 265 .owner = THIS_MODULE,
266 .owner = THIS_MODULE, 266 .pf = PF_INET,
267 .pf = PF_INET, 267 .hooknum = NF_IP_LOCAL_IN,
268 .hooknum = NF_IP_POST_ROUTING, 268 .priority = NF_IP_PRI_CONNTRACK_CONFIRM,
269 .priority = NF_IP_PRI_CONNTRACK_CONFIRM, 269 },
270};
271
272static struct nf_hook_ops ipv4_conntrack_local_in_ops = {
273 .hook = ipv4_confirm,
274 .owner = THIS_MODULE,
275 .pf = PF_INET,
276 .hooknum = NF_IP_LOCAL_IN,
277 .priority = NF_IP_PRI_CONNTRACK_CONFIRM,
278}; 270};
279 271
280#ifdef CONFIG_SYSCTL 272#ifdef CONFIG_SYSCTL
@@ -440,16 +432,20 @@ struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4 = {
440extern struct nf_conntrack_protocol nf_conntrack_protocol_tcp4; 432extern struct nf_conntrack_protocol nf_conntrack_protocol_tcp4;
441extern struct nf_conntrack_protocol nf_conntrack_protocol_udp4; 433extern struct nf_conntrack_protocol nf_conntrack_protocol_udp4;
442extern struct nf_conntrack_protocol nf_conntrack_protocol_icmp; 434extern struct nf_conntrack_protocol nf_conntrack_protocol_icmp;
443static int init_or_cleanup(int init) 435
436MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET));
437MODULE_LICENSE("GPL");
438
439static int __init nf_conntrack_l3proto_ipv4_init(void)
444{ 440{
445 int ret = 0; 441 int ret = 0;
446 442
447 if (!init) goto cleanup; 443 need_conntrack();
448 444
449 ret = nf_register_sockopt(&so_getorigdst); 445 ret = nf_register_sockopt(&so_getorigdst);
450 if (ret < 0) { 446 if (ret < 0) {
451 printk(KERN_ERR "Unable to register netfilter socket option\n"); 447 printk(KERN_ERR "Unable to register netfilter socket option\n");
452 goto cleanup_nothing; 448 return ret;
453 } 449 }
454 450
455 ret = nf_conntrack_protocol_register(&nf_conntrack_protocol_tcp4); 451 ret = nf_conntrack_protocol_register(&nf_conntrack_protocol_tcp4);
@@ -476,84 +472,26 @@ static int init_or_cleanup(int init)
476 goto cleanup_icmp; 472 goto cleanup_icmp;
477 } 473 }
478 474
479 ret = nf_register_hook(&ipv4_conntrack_defrag_ops); 475 ret = nf_register_hooks(ipv4_conntrack_ops,
476 ARRAY_SIZE(ipv4_conntrack_ops));
480 if (ret < 0) { 477 if (ret < 0) {
481 printk("nf_conntrack_ipv4: can't register pre-routing defrag hook.\n"); 478 printk("nf_conntrack_ipv4: can't register hooks.\n");
482 goto cleanup_ipv4; 479 goto cleanup_ipv4;
483 } 480 }
484 ret = nf_register_hook(&ipv4_conntrack_defrag_local_out_ops);
485 if (ret < 0) {
486 printk("nf_conntrack_ipv4: can't register local_out defrag hook.\n");
487 goto cleanup_defragops;
488 }
489
490 ret = nf_register_hook(&ipv4_conntrack_in_ops);
491 if (ret < 0) {
492 printk("nf_conntrack_ipv4: can't register pre-routing hook.\n");
493 goto cleanup_defraglocalops;
494 }
495
496 ret = nf_register_hook(&ipv4_conntrack_local_out_ops);
497 if (ret < 0) {
498 printk("nf_conntrack_ipv4: can't register local out hook.\n");
499 goto cleanup_inops;
500 }
501
502 ret = nf_register_hook(&ipv4_conntrack_helper_in_ops);
503 if (ret < 0) {
504 printk("nf_conntrack_ipv4: can't register local helper hook.\n");
505 goto cleanup_inandlocalops;
506 }
507
508 ret = nf_register_hook(&ipv4_conntrack_helper_out_ops);
509 if (ret < 0) {
510 printk("nf_conntrack_ipv4: can't register postrouting helper hook.\n");
511 goto cleanup_helperinops;
512 }
513
514 ret = nf_register_hook(&ipv4_conntrack_out_ops);
515 if (ret < 0) {
516 printk("nf_conntrack_ipv4: can't register post-routing hook.\n");
517 goto cleanup_helperoutops;
518 }
519
520 ret = nf_register_hook(&ipv4_conntrack_local_in_ops);
521 if (ret < 0) {
522 printk("nf_conntrack_ipv4: can't register local in hook.\n");
523 goto cleanup_inoutandlocalops;
524 }
525
526#ifdef CONFIG_SYSCTL 481#ifdef CONFIG_SYSCTL
527 nf_ct_ipv4_sysctl_header = register_sysctl_table(nf_ct_net_table, 0); 482 nf_ct_ipv4_sysctl_header = register_sysctl_table(nf_ct_net_table, 0);
528 if (nf_ct_ipv4_sysctl_header == NULL) { 483 if (nf_ct_ipv4_sysctl_header == NULL) {
529 printk("nf_conntrack: can't register to sysctl.\n"); 484 printk("nf_conntrack: can't register to sysctl.\n");
530 ret = -ENOMEM; 485 ret = -ENOMEM;
531 goto cleanup_localinops; 486 goto cleanup_hooks;
532 } 487 }
533#endif 488#endif
534 return ret; 489 return ret;
535 490
536 cleanup:
537 synchronize_net();
538#ifdef CONFIG_SYSCTL 491#ifdef CONFIG_SYSCTL
539 unregister_sysctl_table(nf_ct_ipv4_sysctl_header); 492 cleanup_hooks:
540 cleanup_localinops: 493 nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops));
541#endif 494#endif
542 nf_unregister_hook(&ipv4_conntrack_local_in_ops);
543 cleanup_inoutandlocalops:
544 nf_unregister_hook(&ipv4_conntrack_out_ops);
545 cleanup_helperoutops:
546 nf_unregister_hook(&ipv4_conntrack_helper_out_ops);
547 cleanup_helperinops:
548 nf_unregister_hook(&ipv4_conntrack_helper_in_ops);
549 cleanup_inandlocalops:
550 nf_unregister_hook(&ipv4_conntrack_local_out_ops);
551 cleanup_inops:
552 nf_unregister_hook(&ipv4_conntrack_in_ops);
553 cleanup_defraglocalops:
554 nf_unregister_hook(&ipv4_conntrack_defrag_local_out_ops);
555 cleanup_defragops:
556 nf_unregister_hook(&ipv4_conntrack_defrag_ops);
557 cleanup_ipv4: 495 cleanup_ipv4:
558 nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4); 496 nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4);
559 cleanup_icmp: 497 cleanup_icmp:
@@ -564,22 +502,21 @@ static int init_or_cleanup(int init)
564 nf_conntrack_protocol_unregister(&nf_conntrack_protocol_tcp4); 502 nf_conntrack_protocol_unregister(&nf_conntrack_protocol_tcp4);
565 cleanup_sockopt: 503 cleanup_sockopt:
566 nf_unregister_sockopt(&so_getorigdst); 504 nf_unregister_sockopt(&so_getorigdst);
567 cleanup_nothing:
568 return ret; 505 return ret;
569} 506}
570 507
571MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET));
572MODULE_LICENSE("GPL");
573
574static int __init nf_conntrack_l3proto_ipv4_init(void)
575{
576 need_conntrack();
577 return init_or_cleanup(1);
578}
579
580static void __exit nf_conntrack_l3proto_ipv4_fini(void) 508static void __exit nf_conntrack_l3proto_ipv4_fini(void)
581{ 509{
582 init_or_cleanup(0); 510 synchronize_net();
511#ifdef CONFIG_SYSCTL
512 unregister_sysctl_table(nf_ct_ipv4_sysctl_header);
513#endif
514 nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops));
515 nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4);
516 nf_conntrack_protocol_unregister(&nf_conntrack_protocol_icmp);
517 nf_conntrack_protocol_unregister(&nf_conntrack_protocol_udp4);
518 nf_conntrack_protocol_unregister(&nf_conntrack_protocol_tcp4);
519 nf_unregister_sockopt(&so_getorigdst);
583} 520}
584 521
585module_init(nf_conntrack_l3proto_ipv4_init); 522module_init(nf_conntrack_l3proto_ipv4_init);
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
index 52dc175be39a..4b0d361cc6e6 100644
--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -235,30 +235,14 @@ icmp_error(struct sk_buff *skb, unsigned int dataoff,
235 } 235 }
236 236
237 /* See ip_conntrack_proto_tcp.c */ 237 /* See ip_conntrack_proto_tcp.c */
238 if (hooknum != NF_IP_PRE_ROUTING) 238 if (hooknum == NF_IP_PRE_ROUTING &&
239 goto checksum_skipped; 239 nf_ip_checksum(skb, hooknum, dataoff, 0)) {
240
241 switch (skb->ip_summed) {
242 case CHECKSUM_HW:
243 if (!(u16)csum_fold(skb->csum))
244 break;
245 if (LOG_INVALID(IPPROTO_ICMP)) 240 if (LOG_INVALID(IPPROTO_ICMP))
246 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, 241 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
247 "nf_ct_icmp: bad HW ICMP checksum "); 242 "nf_ct_icmp: bad HW ICMP checksum ");
248 return -NF_ACCEPT; 243 return -NF_ACCEPT;
249 case CHECKSUM_NONE:
250 if ((u16)csum_fold(skb_checksum(skb, 0, skb->len, 0))) {
251 if (LOG_INVALID(IPPROTO_ICMP))
252 nf_log_packet(PF_INET, 0, skb, NULL, NULL,
253 NULL,
254 "nf_ct_icmp: bad ICMP checksum ");
255 return -NF_ACCEPT;
256 }
257 default:
258 break;
259 } 244 }
260 245
261checksum_skipped:
262 /* 246 /*
263 * 18 is the highest 'known' ICMP type. Anything else is a mystery 247 * 18 is the highest 'known' ICMP type. Anything else is a mystery
264 * 248 *
diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c
index 1b167c4bb3be..d61e2a9d394d 100644
--- a/net/ipv4/proc.c
+++ b/net/ipv4/proc.c
@@ -49,7 +49,7 @@ static int fold_prot_inuse(struct proto *proto)
49 int res = 0; 49 int res = 0;
50 int cpu; 50 int cpu;
51 51
52 for_each_cpu(cpu) 52 for_each_possible_cpu(cpu)
53 res += proto->stats[cpu].inuse; 53 res += proto->stats[cpu].inuse;
54 54
55 return res; 55 return res;
@@ -91,7 +91,7 @@ fold_field(void *mib[], int offt)
91 unsigned long res = 0; 91 unsigned long res = 0;
92 int i; 92 int i;
93 93
94 for_each_cpu(i) { 94 for_each_possible_cpu(i) {
95 res += *(((unsigned long *) per_cpu_ptr(mib[0], i)) + offt); 95 res += *(((unsigned long *) per_cpu_ptr(mib[0], i)) + offt);
96 res += *(((unsigned long *) per_cpu_ptr(mib[1], i)) + offt); 96 res += *(((unsigned long *) per_cpu_ptr(mib[1], i)) + offt);
97 } 97 }
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 94fcbc5e5a1b..ff434821909f 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -3083,7 +3083,7 @@ static int ip_rt_acct_read(char *buffer, char **start, off_t offset,
3083 memcpy(dst, src, length); 3083 memcpy(dst, src, length);
3084 3084
3085 /* Add the other cpus in, one int at a time */ 3085 /* Add the other cpus in, one int at a time */
3086 for_each_cpu(i) { 3086 for_each_possible_cpu(i) {
3087 unsigned int j; 3087 unsigned int j;
3088 3088
3089 src = ((u32 *) IP_RT_ACCT_CPU(i)) + offset; 3089 src = ((u32 *) IP_RT_ACCT_CPU(i)) + offset;
diff --git a/net/ipv4/tunnel4.c b/net/ipv4/tunnel4.c
index 0d7d386dac22..8d30c48f090e 100644
--- a/net/ipv4/tunnel4.c
+++ b/net/ipv4/tunnel4.c
@@ -8,6 +8,8 @@
8#include <linux/mutex.h> 8#include <linux/mutex.h>
9#include <linux/netdevice.h> 9#include <linux/netdevice.h>
10#include <linux/skbuff.h> 10#include <linux/skbuff.h>
11#include <net/icmp.h>
12#include <net/ip.h>
11#include <net/protocol.h> 13#include <net/protocol.h>
12#include <net/xfrm.h> 14#include <net/xfrm.h>
13 15
@@ -70,10 +72,16 @@ static int tunnel4_rcv(struct sk_buff *skb)
70{ 72{
71 struct xfrm_tunnel *handler; 73 struct xfrm_tunnel *handler;
72 74
75 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
76 goto drop;
77
73 for (handler = tunnel4_handlers; handler; handler = handler->next) 78 for (handler = tunnel4_handlers; handler; handler = handler->next)
74 if (!handler->handler(skb)) 79 if (!handler->handler(skb))
75 return 0; 80 return 0;
76 81
82 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
83
84drop:
77 kfree_skb(skb); 85 kfree_skb(skb);
78 return 0; 86 return 0;
79} 87}
diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c
index e1b8f4b90d80..3e174c83bfe7 100644
--- a/net/ipv4/xfrm4_input.c
+++ b/net/ipv4/xfrm4_input.c
@@ -37,8 +37,6 @@ static int xfrm4_parse_spi(struct sk_buff *skb, u8 nexthdr, u32 *spi, u32 *seq)
37{ 37{
38 switch (nexthdr) { 38 switch (nexthdr) {
39 case IPPROTO_IPIP: 39 case IPPROTO_IPIP:
40 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
41 return -EINVAL;
42 *spi = skb->nh.iph->saddr; 40 *spi = skb->nh.iph->saddr;
43 *seq = 0; 41 *seq = 0;
44 return 0; 42 return 0;
@@ -90,7 +88,7 @@ int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type)
90 if (unlikely(x->km.state != XFRM_STATE_VALID)) 88 if (unlikely(x->km.state != XFRM_STATE_VALID))
91 goto drop_unlock; 89 goto drop_unlock;
92 90
93 if (x->encap->encap_type != encap_type) 91 if ((x->encap ? x->encap->encap_type : 0) != encap_type)
94 goto drop_unlock; 92 goto drop_unlock;
95 93
96 if (x->props.replay_window && xfrm_replay_check(x, seq)) 94 if (x->props.replay_window && xfrm_replay_check(x, seq))
generated by cgit v1.2.2 (git 2.25.0) at 2025-09-08 09:22:09 -0400