netfilter: nf_nat_ftp: remove (*mangle[]) array and functions, use %pI4

These functions merely exist to format a buffer and call nf_nat_mangle_tcp_packet. Format the buffer and perform the call in nf_nat_ftp instead. Use %pI4 for the IP address. Saves ~600 bytes of text old: $ size net/ipv4/netfilter/nf_nat_ftp.o text data bss dec hex filename 2187 160 408 2755 ac3 net/ipv4/netfilter/nf_nat_ftp.o new: $ size net/ipv4/netfilter/nf_nat_ftp.o text data bss dec hex filename 1532 112 288 1932 78c net/ipv4/netfilter/nf_nat_ftp.o Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Joe Perches <joe@perches.com> 2010-01-11 05:49:51 -0500
committer: Patrick McHardy <kaber@trash.net> 2010-01-11 05:49:51 -0500
commit: c299bd53aa2616e6afc304b4f848186af3b3a881 (patch)
tree: 5f9eb0fef6e6e607adbfd0f19df4816868791e33 /net/ipv4
parent: 6f7edb4881bf51300060e89915926e070ace8c4d (diff)
1 files changed, 35 insertions, 70 deletions
diff --git a/net/ipv4/netfilter/nf_nat_ftp.c b/net/ipv4/netfilter/nf_nat_ftp.c
index a1d5d58a58bf..86e0e84ff0a0 100644
--- a/net/ipv4/netfilter/nf_nat_ftp.c
+++ b/net/ipv4/netfilter/nf_nat_ftp.c
@@ -27,76 +27,29 @@ MODULE_ALIAS("ip_nat_ftp");
 /* FIXME: Time out? --RR */
-static int
+static int nf_nat_ftp_fmt_cmd(enum nf_ct_ftp_type type,
-mangle_rfc959_packet(struct sk_buff *skb,
+                              char *buffer, size_t buflen,
-                     __be32 newip,
+                              __be32 addr, u16 port)
-                     u_int16_t port,
-                     unsigned int matchoff,
-                     unsigned int matchlen,
-                     struct nf_conn *ct,
-                     enum ip_conntrack_info ctinfo)
 {
-        char buffer[sizeof("nnn,nnn,nnn,nnn,nnn,nnn")];
+        switch (type) {
+        case NF_CT_FTP_PORT:
-        sprintf(buffer, "%u,%u,%u,%u,%u,%u",
+        case NF_CT_FTP_PASV:
-                NIPQUAD(newip), port>>8, port&0xFF);
+                return snprintf(buffer, buflen, "%u,%u,%u,%u,%u,%u",
+                                ((unsigned char *)&addr)[0],
-        pr_debug("calling nf_nat_mangle_tcp_packet\n");
+                                ((unsigned char *)&addr)[1],
+                                ((unsigned char *)&addr)[2],
-        return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
+                                ((unsigned char *)&addr)[3],
-                                        matchlen, buffer, strlen(buffer));
+                                port >> 8,
-}
+                                port & 0xFF);
+        case NF_CT_FTP_EPRT:
-/* |1|132.235.1.2|6275| */
+                return snprintf(buffer, buflen, "|1|%pI4|%u|", &addr, port);
-static int
+        case NF_CT_FTP_EPSV:
-mangle_eprt_packet(struct sk_buff *skb,
+                return snprintf(buffer, buflen, "|||%u|", port);
-                   __be32 newip,
+        }
-                   u_int16_t port,
-                   unsigned int matchoff,
-                   unsigned int matchlen,
-                   struct nf_conn *ct,
-                   enum ip_conntrack_info ctinfo)
-{
-        char buffer[sizeof("|1|255.255.255.255|65535|")];
-        sprintf(buffer, "|1|%u.%u.%u.%u|%u|", NIPQUAD(newip), port);
-        pr_debug("calling nf_nat_mangle_tcp_packet\n");
-        return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
-                                        matchlen, buffer, strlen(buffer));
-}
-/* |1|132.235.1.2|6275| */
-static int
-mangle_epsv_packet(struct sk_buff *skb,
-                   __be32 newip,
-                   u_int16_t port,
-                   unsigned int matchoff,
-                   unsigned int matchlen,
-                   struct nf_conn *ct,
-                   enum ip_conntrack_info ctinfo)
-{
-        char buffer[sizeof("|||65535|")];
-        sprintf(buffer, "|||%u|", port);
-        pr_debug("calling nf_nat_mangle_tcp_packet\n");
-        return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
+        return 0;
-                                        matchlen, buffer, strlen(buffer));
 }
-static int (*mangle[])(struct sk_buff *, __be32, u_int16_t,
-                       unsigned int, unsigned int, struct nf_conn *,
-                       enum ip_conntrack_info)
-= {
-        [NF_CT_FTP_PORT] = mangle_rfc959_packet,
-        [NF_CT_FTP_PASV] = mangle_rfc959_packet,
-        [NF_CT_FTP_EPRT] = mangle_eprt_packet,
-        [NF_CT_FTP_EPSV] = mangle_epsv_packet
-};
 /* So, this packet has hit the connection tracking matching code.
   Mangle it, and change the expectation to match the new version. */
 static unsigned int nf_nat_ftp(struct sk_buff *skb,
@@ -110,6 +63,8 @@ static unsigned int nf_nat_ftp(struct sk_buff *skb,
        u_int16_t port;
        int dir = CTINFO2DIR(ctinfo);
        struct nf_conn *ct = exp->master;
+        char buffer[sizeof("|1|255.255.255.255|65535|")];
+        unsigned int buflen;
        pr_debug("FTP_NAT: type %i, off %u len %u\n", type, matchoff, matchlen);
@@ -132,11 +87,21 @@ static unsigned int nf_nat_ftp(struct sk_buff *skb,
        if (port == 0)
                return NF_DROP;
-        if (!mangle[type](skb, newip, port, matchoff, matchlen, ct, ctinfo)) {
+        buflen = nf_nat_ftp_fmt_cmd(type, buffer, sizeof(buffer), newip, port);
-                nf_ct_unexpect_related(exp);
+        if (!buflen)
-                return NF_DROP;
+                goto out;
-        }
+        pr_debug("calling nf_nat_mangle_tcp_packet\n");
+        if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
+                                      matchlen, buffer, buflen))
+                goto out;
        return NF_ACCEPT;
+out:
+        nf_ct_unexpect_related(exp);
+        return NF_DROP;
 }
 static void __exit nf_nat_ftp_fini(void)
author	Joe Perches <joe@perches.com>	2010-01-11 05:49:51 -0500
committer	Patrick McHardy <kaber@trash.net>	2010-01-11 05:49:51 -0500
commit	c299bd53aa2616e6afc304b4f848186af3b3a881 (patch)
tree	5f9eb0fef6e6e607adbfd0f19df4816868791e33 /net/ipv4
parent	6f7edb4881bf51300060e89915926e070ace8c4d (diff)

diff --git a/net/ipv4/netfilter/nf_nat_ftp.c b/net/ipv4/netfilter/nf_nat_ftp.c index a1d5d58a58bf..86e0e84ff0a0 100644 --- a/net/ipv4/netfilter/nf_nat_ftp.c +++ b/net/ipv4/netfilter/nf_nat_ftp.c
@@ -27,76 +27,29 @@ MODULE_ALIAS("ip_nat_ftp");
27		27
28	/* FIXME: Time out? --RR */	28	/* FIXME: Time out? --RR */
29		29
30	static int	30	static int nf_nat_ftp_fmt_cmd(enum nf_ct_ftp_type type,
31	mangle_rfc959_packet(struct sk_buff *skb,	31	char *buffer, size_t buflen,
32	__be32 newip,	32	__be32 addr, u16 port)
33	u_int16_t port,
34	unsigned int matchoff,
35	unsigned int matchlen,
36	struct nf_conn *ct,
37	enum ip_conntrack_info ctinfo)
38	{	33	{
39	char buffer[sizeof("nnn,nnn,nnn,nnn,nnn,nnn")];	34	switch (type) {
40		35	case NF_CT_FTP_PORT:
41	sprintf(buffer, "%u,%u,%u,%u,%u,%u",	36	case NF_CT_FTP_PASV:
42	NIPQUAD(newip), port>>8, port&0xFF);	37	return snprintf(buffer, buflen, "%u,%u,%u,%u,%u,%u",
43		38	((unsigned char *)&addr)[0],
44	pr_debug("calling nf_nat_mangle_tcp_packet\n");	39	((unsigned char *)&addr)[1],
45		40	((unsigned char *)&addr)[2],
46	return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,	41	((unsigned char *)&addr)[3],
47	matchlen, buffer, strlen(buffer));	42	port >> 8,
48	}	43	port & 0xFF);
49		44	case NF_CT_FTP_EPRT:
50	/* \|1\|132.235.1.2\|6275\| */	45	return snprintf(buffer, buflen, "\|1\|%pI4\|%u\|", &addr, port);
51	static int	46	case NF_CT_FTP_EPSV:
52	mangle_eprt_packet(struct sk_buff *skb,	47	return snprintf(buffer, buflen, "\|\|\|%u\|", port);
53	__be32 newip,	48	}
54	u_int16_t port,
55	unsigned int matchoff,
56	unsigned int matchlen,
57	struct nf_conn *ct,
58	enum ip_conntrack_info ctinfo)
59	{
60	char buffer[sizeof("\|1\|255.255.255.255\|65535\|")];
61
62	sprintf(buffer, "\|1\|%u.%u.%u.%u\|%u\|", NIPQUAD(newip), port);
63
64	pr_debug("calling nf_nat_mangle_tcp_packet\n");
65
66	return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
67	matchlen, buffer, strlen(buffer));
68	}
69
70	/* \|1\|132.235.1.2\|6275\| */
71	static int
72	mangle_epsv_packet(struct sk_buff *skb,
73	__be32 newip,
74	u_int16_t port,
75	unsigned int matchoff,
76	unsigned int matchlen,
77	struct nf_conn *ct,
78	enum ip_conntrack_info ctinfo)
79	{
80	char buffer[sizeof("\|\|\|65535\|")];
81
82	sprintf(buffer, "\|\|\|%u\|", port);
83
84	pr_debug("calling nf_nat_mangle_tcp_packet\n");
85		49
86	return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,	50	return 0;
87	matchlen, buffer, strlen(buffer));
88	}	51	}
89		52
90	static int (mangle[])(struct sk_buff , __be32, u_int16_t,
91	unsigned int, unsigned int, struct nf_conn *,
92	enum ip_conntrack_info)
93	= {
94	[NF_CT_FTP_PORT] = mangle_rfc959_packet,
95	[NF_CT_FTP_PASV] = mangle_rfc959_packet,
96	[NF_CT_FTP_EPRT] = mangle_eprt_packet,
97	[NF_CT_FTP_EPSV] = mangle_epsv_packet
98	};
99
100	/* So, this packet has hit the connection tracking matching code.	53	/* So, this packet has hit the connection tracking matching code.
101	Mangle it, and change the expectation to match the new version. */	54	Mangle it, and change the expectation to match the new version. */
102	static unsigned int nf_nat_ftp(struct sk_buff *skb,	55	static unsigned int nf_nat_ftp(struct sk_buff *skb,
@@ -110,6 +63,8 @@ static unsigned int nf_nat_ftp(struct sk_buff *skb,
110	u_int16_t port;	63	u_int16_t port;
111	int dir = CTINFO2DIR(ctinfo);	64	int dir = CTINFO2DIR(ctinfo);
112	struct nf_conn *ct = exp->master;	65	struct nf_conn *ct = exp->master;
		66	char buffer[sizeof("\|1\|255.255.255.255\|65535\|")];
		67	unsigned int buflen;
113		68
114	pr_debug("FTP_NAT: type %i, off %u len %u\n", type, matchoff, matchlen);	69	pr_debug("FTP_NAT: type %i, off %u len %u\n", type, matchoff, matchlen);
115		70
@@ -132,11 +87,21 @@ static unsigned int nf_nat_ftp(struct sk_buff *skb,
132	if (port == 0)	87	if (port == 0)
133	return NF_DROP;	88	return NF_DROP;
134		89
135	if (!mangle[type](skb, newip, port, matchoff, matchlen, ct, ctinfo)) {	90	buflen = nf_nat_ftp_fmt_cmd(type, buffer, sizeof(buffer), newip, port);
136	nf_ct_unexpect_related(exp);	91	if (!buflen)
137	return NF_DROP;	92	goto out;
138	}	93
		94	pr_debug("calling nf_nat_mangle_tcp_packet\n");
		95
		96	if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
		97	matchlen, buffer, buflen))
		98	goto out;
		99
139	return NF_ACCEPT;	100	return NF_ACCEPT;
		101
		102	out:
		103	nf_ct_unexpect_related(exp);
		104	return NF_DROP;
140	}	105	}
141		106
142	static void __exit nf_nat_ftp_fini(void)	107	static void __exit nf_nat_ftp_fini(void)