diff options
author | Willy Tarreau <w@1wt.eu> | 2007-03-14 19:44:53 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-04-26 01:25:56 -0400 |
commit | 5c8ce7c92106434d2bdc9d5dfa5f62bf4546b296 (patch) | |
tree | ec3822ebea143678734caf45b2dd5cbc3ba0ce55 /net/netfilter | |
parent | 8f5bd99071212cd16b3449d16639971a44540d51 (diff) |
[NETFILTER]: TCP conntrack: factorize out the PUSH flag
The PUSH flag is accepted with every other valid combination.
Let's get it out of the tcp_valid_flags table and reduce the
number of combinations we have to handle. This does not
significantly reduce the table size however (8 bytes).
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netfilter')
-rw-r--r-- | net/netfilter/nf_conntrack_proto_tcp.c | 17 |
1 files changed, 4 insertions, 13 deletions
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index 926e302494f3..a1363626bccc 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c | |||
@@ -764,27 +764,18 @@ EXPORT_SYMBOL_GPL(nf_conntrack_tcp_update); | |||
764 | #define TH_ECE 0x40 | 764 | #define TH_ECE 0x40 |
765 | #define TH_CWR 0x80 | 765 | #define TH_CWR 0x80 |
766 | 766 | ||
767 | /* table of valid flag combinations - ECE and CWR are always valid */ | 767 | /* table of valid flag combinations - PUSH, ECE and CWR are always valid */ |
768 | static u8 tcp_valid_flags[(TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG) + 1] = | 768 | static u8 tcp_valid_flags[(TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG) + 1] = |
769 | { | 769 | { |
770 | [TH_SYN] = 1, | 770 | [TH_SYN] = 1, |
771 | [TH_SYN|TH_PUSH] = 1, | ||
772 | [TH_SYN|TH_URG] = 1, | 771 | [TH_SYN|TH_URG] = 1, |
773 | [TH_SYN|TH_PUSH|TH_URG] = 1, | ||
774 | [TH_SYN|TH_ACK] = 1, | 772 | [TH_SYN|TH_ACK] = 1, |
775 | [TH_SYN|TH_ACK|TH_PUSH] = 1, | ||
776 | [TH_RST] = 1, | 773 | [TH_RST] = 1, |
777 | [TH_RST|TH_PUSH] = 1, | ||
778 | [TH_RST|TH_ACK] = 1, | 774 | [TH_RST|TH_ACK] = 1, |
779 | [TH_RST|TH_ACK|TH_PUSH] = 1, | ||
780 | [TH_FIN|TH_ACK] = 1, | 775 | [TH_FIN|TH_ACK] = 1, |
776 | [TH_FIN|TH_ACK|TH_URG] = 1, | ||
781 | [TH_ACK] = 1, | 777 | [TH_ACK] = 1, |
782 | [TH_ACK|TH_PUSH] = 1, | ||
783 | [TH_ACK|TH_URG] = 1, | 778 | [TH_ACK|TH_URG] = 1, |
784 | [TH_ACK|TH_URG|TH_PUSH] = 1, | ||
785 | [TH_FIN|TH_ACK|TH_PUSH] = 1, | ||
786 | [TH_FIN|TH_ACK|TH_URG] = 1, | ||
787 | [TH_FIN|TH_ACK|TH_URG|TH_PUSH] = 1, | ||
788 | }; | 779 | }; |
789 | 780 | ||
790 | /* Protect conntrack agaist broken packets. Code taken from ipt_unclean.c. */ | 781 | /* Protect conntrack agaist broken packets. Code taken from ipt_unclean.c. */ |
@@ -831,7 +822,7 @@ static int tcp_error(struct sk_buff *skb, | |||
831 | } | 822 | } |
832 | 823 | ||
833 | /* Check TCP flags. */ | 824 | /* Check TCP flags. */ |
834 | tcpflags = (((u_int8_t *)th)[13] & ~(TH_ECE|TH_CWR)); | 825 | tcpflags = (((u_int8_t *)th)[13] & ~(TH_ECE|TH_CWR|TH_PUSH)); |
835 | if (!tcp_valid_flags[tcpflags]) { | 826 | if (!tcp_valid_flags[tcpflags]) { |
836 | if (LOG_INVALID(IPPROTO_TCP)) | 827 | if (LOG_INVALID(IPPROTO_TCP)) |
837 | nf_log_packet(pf, 0, skb, NULL, NULL, NULL, | 828 | nf_log_packet(pf, 0, skb, NULL, NULL, NULL, |