[NETFILTER]: nf_conntrack: Introduces nf_ct_get_tuplepr and uses it

nf_ct_get_tuple() requires the offset to transport header and that bothers callers such as icmp[v6] l4proto modules. This introduces new function to simplify them. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> 2007-07-14 23:45:14 -0400
committer: David S. Miller <davem@davemloft.net> 2007-07-14 23:45:14 -0400
commit: e2a3123fbe58da9fd3f35cd242087896ace6049f (patch)
tree: f17f8b6f505bb50be97e204c382a92288f75c986 /net/ipv4
parent: ffc30690480bdd337e4914302b926d24870b56b2 (diff)
1 files changed, 7 insertions, 25 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
index 0fe8fb0466ef..b8b79992797e 100644
--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -136,40 +136,22 @@ icmp_error_message(struct sk_buff *skb,
                 unsigned int hooknum)
 {
        struct nf_conntrack_tuple innertuple, origtuple;
-        struct {
-                struct icmphdr icmp;
-                struct iphdr ip;
-        } _in, *inside;
        struct nf_conntrack_l4proto *innerproto;
        struct nf_conntrack_tuple_hash *h;
-        int dataoff;
        NF_CT_ASSERT(skb->nfct == NULL);
-        /* Not enough header? */
+        /* Are they talking about one of our connections? */
-        inside = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_in), &_in);
+        if (!nf_ct_get_tuplepr(skb,
-        if (inside == NULL)
+                               skb_network_offset(skb) + ip_hdrlen(skb)
-                return -NF_ACCEPT;
+                                                       + sizeof(struct icmphdr),
+                               PF_INET, &origtuple)) {
-        /* Ignore ICMP's containing fragments (shouldn't happen) */
+                pr_debug("icmp_error_message: failed to get tuple\n");
-        if (inside->ip.frag_off & htons(IP_OFFSET)) {
-                pr_debug("icmp_error_message: fragment of proto %u\n",
-                         inside->ip.protocol);
                return -NF_ACCEPT;
        }
        /* rcu_read_lock()ed by nf_hook_slow */
-        innerproto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol);
+        innerproto = __nf_ct_l4proto_find(PF_INET, origtuple.dst.protonum);
-        dataoff = ip_hdrlen(skb) + sizeof(inside->icmp);
-        /* Are they talking about one of our connections? */
-        if (!nf_ct_get_tuple(skb, dataoff, dataoff + inside->ip.ihl*4, PF_INET,
-                             inside->ip.protocol, &origtuple,
-                             &nf_conntrack_l3proto_ipv4, innerproto)) {
-                pr_debug("icmp_error_message: ! get_tuple p=%u",
-                         inside->ip.protocol);
-                return -NF_ACCEPT;
-        }
        /* Ordinarily, we'd expect the inverted tupleproto, but it's
           been preserved inside the ICMP. */
author	Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>	2007-07-14 23:45:14 -0400
committer	David S. Miller <davem@davemloft.net>	2007-07-14 23:45:14 -0400
commit	e2a3123fbe58da9fd3f35cd242087896ace6049f (patch)
tree	f17f8b6f505bb50be97e204c382a92288f75c986 /net/ipv4
parent	ffc30690480bdd337e4914302b926d24870b56b2 (diff)

diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c index 0fe8fb0466ef..b8b79992797e 100644 --- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c +++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -136,40 +136,22 @@ icmp_error_message(struct sk_buff *skb,
136	unsigned int hooknum)	136	unsigned int hooknum)
137	{	137	{
138	struct nf_conntrack_tuple innertuple, origtuple;	138	struct nf_conntrack_tuple innertuple, origtuple;
139	struct {
140	struct icmphdr icmp;
141	struct iphdr ip;
142	} _in, *inside;
143	struct nf_conntrack_l4proto *innerproto;	139	struct nf_conntrack_l4proto *innerproto;
144	struct nf_conntrack_tuple_hash *h;	140	struct nf_conntrack_tuple_hash *h;
145	int dataoff;
146		141
147	NF_CT_ASSERT(skb->nfct == NULL);	142	NF_CT_ASSERT(skb->nfct == NULL);
148		143
149	/* Not enough header? */	144	/* Are they talking about one of our connections? */
150	inside = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_in), &_in);	145	if (!nf_ct_get_tuplepr(skb,
151	if (inside == NULL)	146	skb_network_offset(skb) + ip_hdrlen(skb)
152	return -NF_ACCEPT;	147	+ sizeof(struct icmphdr),
153		148	PF_INET, &origtuple)) {
154	/* Ignore ICMP's containing fragments (shouldn't happen) */	149	pr_debug("icmp_error_message: failed to get tuple\n");
155	if (inside->ip.frag_off & htons(IP_OFFSET)) {
156	pr_debug("icmp_error_message: fragment of proto %u\n",
157	inside->ip.protocol);
158	return -NF_ACCEPT;	150	return -NF_ACCEPT;
159	}	151	}
160		152
161	/* rcu_read_lock()ed by nf_hook_slow */	153	/* rcu_read_lock()ed by nf_hook_slow */
162	innerproto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol);	154	innerproto = __nf_ct_l4proto_find(PF_INET, origtuple.dst.protonum);
163
164	dataoff = ip_hdrlen(skb) + sizeof(inside->icmp);
165	/* Are they talking about one of our connections? */
166	if (!nf_ct_get_tuple(skb, dataoff, dataoff + inside->ip.ihl*4, PF_INET,
167	inside->ip.protocol, &origtuple,
168	&nf_conntrack_l3proto_ipv4, innerproto)) {
169	pr_debug("icmp_error_message: ! get_tuple p=%u",
170	inside->ip.protocol);
171	return -NF_ACCEPT;
172	}
173		155
174	/* Ordinarily, we'd expect the inverted tupleproto, but it's	156	/* Ordinarily, we'd expect the inverted tupleproto, but it's
175	been preserved inside the ICMP. */	157	been preserved inside the ICMP. */