diff options
| author | Patrick McHardy <kaber@trash.net> | 2006-09-20 14:58:17 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-09-22 18:19:46 -0400 |
| commit | 50b9f1d509eb998db73cd769c9511186474f566e (patch) | |
| tree | 6d69634fbf04b97426fe5cbaa9380c81ecb94eae /net | |
| parent | df0933dcb027e156cb5253570ad694b81bd52b69 (diff) | |
[NETFILTER]: xt_conntrack: clean up overly long lines
Also fix some whitespace errors and use the NAT bits instead of deriving
the state manually.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/xt_conntrack.c | 179 |
1 files changed, 98 insertions, 81 deletions
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c index 39c57e9f7563..0ea501a2fda5 100644 --- a/net/netfilter/xt_conntrack.c +++ b/net/netfilter/xt_conntrack.c | |||
| @@ -45,7 +45,7 @@ match(const struct sk_buff *skb, | |||
| 45 | 45 | ||
| 46 | ct = ip_conntrack_get((struct sk_buff *)skb, &ctinfo); | 46 | ct = ip_conntrack_get((struct sk_buff *)skb, &ctinfo); |
| 47 | 47 | ||
| 48 | #define FWINV(bool,invflg) ((bool) ^ !!(sinfo->invflags & invflg)) | 48 | #define FWINV(bool, invflg) ((bool) ^ !!(sinfo->invflags & invflg)) |
| 49 | 49 | ||
| 50 | if (ct == &ip_conntrack_untracked) | 50 | if (ct == &ip_conntrack_untracked) |
| 51 | statebit = XT_CONNTRACK_STATE_UNTRACKED; | 51 | statebit = XT_CONNTRACK_STATE_UNTRACKED; |
| @@ -54,63 +54,72 @@ match(const struct sk_buff *skb, | |||
| 54 | else | 54 | else |
| 55 | statebit = XT_CONNTRACK_STATE_INVALID; | 55 | statebit = XT_CONNTRACK_STATE_INVALID; |
| 56 | 56 | ||
| 57 | if(sinfo->flags & XT_CONNTRACK_STATE) { | 57 | if (sinfo->flags & XT_CONNTRACK_STATE) { |
| 58 | if (ct) { | 58 | if (ct) { |
| 59 | if(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip != | 59 | if (test_bit(IPS_SRC_NAT_BIT, &ct->status)) |
| 60 | ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip) | ||
| 61 | statebit |= XT_CONNTRACK_STATE_SNAT; | 60 | statebit |= XT_CONNTRACK_STATE_SNAT; |
| 62 | 61 | if (test_bit(IPS_DST_NAT_BIT, &ct->status)) | |
| 63 | if(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip != | ||
| 64 | ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip) | ||
| 65 | statebit |= XT_CONNTRACK_STATE_DNAT; | 62 | statebit |= XT_CONNTRACK_STATE_DNAT; |
| 66 | } | 63 | } |
| 67 | 64 | if (FWINV((statebit & sinfo->statemask) == 0, | |
| 68 | if (FWINV((statebit & sinfo->statemask) == 0, XT_CONNTRACK_STATE)) | 65 | XT_CONNTRACK_STATE)) |
| 69 | return 0; | 66 | return 0; |
| 70 | } | 67 | } |
| 71 | 68 | ||
| 72 | if(sinfo->flags & XT_CONNTRACK_PROTO) { | 69 | if (ct == NULL) { |
| 73 | if (!ct || FWINV(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum != sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum, XT_CONNTRACK_PROTO)) | 70 | if (sinfo->flags & ~XT_CONNTRACK_STATE) |
| 74 | return 0; | ||
| 75 | } | ||
| 76 | |||
| 77 | if(sinfo->flags & XT_CONNTRACK_ORIGSRC) { | ||
| 78 | if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip&sinfo->sipmsk[IP_CT_DIR_ORIGINAL].s_addr) != sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip, XT_CONNTRACK_ORIGSRC)) | ||
| 79 | return 0; | 71 | return 0; |
| 72 | return 1; | ||
| 80 | } | 73 | } |
| 81 | 74 | ||
| 82 | if(sinfo->flags & XT_CONNTRACK_ORIGDST) { | 75 | if (sinfo->flags & XT_CONNTRACK_PROTO && |
| 83 | if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip&sinfo->dipmsk[IP_CT_DIR_ORIGINAL].s_addr) != sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip, XT_CONNTRACK_ORIGDST)) | 76 | FWINV(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum != |
| 84 | return 0; | 77 | sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum, |
| 85 | } | 78 | XT_CONNTRACK_PROTO)) |
| 86 | 79 | return 0; | |
| 87 | if(sinfo->flags & XT_CONNTRACK_REPLSRC) { | 80 | |
| 88 | if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip&sinfo->sipmsk[IP_CT_DIR_REPLY].s_addr) != sinfo->tuple[IP_CT_DIR_REPLY].src.ip, XT_CONNTRACK_REPLSRC)) | 81 | if (sinfo->flags & XT_CONNTRACK_ORIGSRC && |
| 89 | return 0; | 82 | FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip & |
| 90 | } | 83 | sinfo->sipmsk[IP_CT_DIR_ORIGINAL].s_addr) != |
| 84 | sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip, | ||
| 85 | XT_CONNTRACK_ORIGSRC)) | ||
| 86 | return 0; | ||
| 91 | 87 | ||
| 92 | if(sinfo->flags & XT_CONNTRACK_REPLDST) { | 88 | if (sinfo->flags & XT_CONNTRACK_ORIGDST && |
| 93 | if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip&sinfo->dipmsk[IP_CT_DIR_REPLY].s_addr) != sinfo->tuple[IP_CT_DIR_REPLY].dst.ip, XT_CONNTRACK_REPLDST)) | 89 | FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip & |
| 94 | return 0; | 90 | sinfo->dipmsk[IP_CT_DIR_ORIGINAL].s_addr) != |
| 95 | } | 91 | sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip, |
| 92 | XT_CONNTRACK_ORIGDST)) | ||
| 93 | return 0; | ||
| 96 | 94 | ||
| 97 | if(sinfo->flags & XT_CONNTRACK_STATUS) { | 95 | if (sinfo->flags & XT_CONNTRACK_REPLSRC && |
| 98 | if (!ct || FWINV((ct->status & sinfo->statusmask) == 0, XT_CONNTRACK_STATUS)) | 96 | FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip & |
| 99 | return 0; | 97 | sinfo->sipmsk[IP_CT_DIR_REPLY].s_addr) != |
| 100 | } | 98 | sinfo->tuple[IP_CT_DIR_REPLY].src.ip, |
| 99 | XT_CONNTRACK_REPLSRC)) | ||
| 100 | return 0; | ||
| 101 | 101 | ||
| 102 | if(sinfo->flags & XT_CONNTRACK_EXPIRES) { | 102 | if (sinfo->flags & XT_CONNTRACK_REPLDST && |
| 103 | unsigned long expires; | 103 | FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip & |
| 104 | sinfo->dipmsk[IP_CT_DIR_REPLY].s_addr) != | ||
| 105 | sinfo->tuple[IP_CT_DIR_REPLY].dst.ip, | ||
| 106 | XT_CONNTRACK_REPLDST)) | ||
| 107 | return 0; | ||
| 104 | 108 | ||
| 105 | if(!ct) | 109 | if (sinfo->flags & XT_CONNTRACK_STATUS && |
| 106 | return 0; | 110 | FWINV((ct->status & sinfo->statusmask) == 0, |
| 111 | XT_CONNTRACK_STATUS)) | ||
| 112 | return 0; | ||
| 107 | 113 | ||
| 108 | expires = timer_pending(&ct->timeout) ? (ct->timeout.expires - jiffies)/HZ : 0; | 114 | if (sinfo->flags & XT_CONNTRACK_EXPIRES) { |
| 115 | unsigned long expires = timer_pending(&ct->timeout) ? | ||
| 116 | (ct->timeout.expires - jiffies)/HZ : 0; | ||
| 109 | 117 | ||
| 110 | if (FWINV(!(expires >= sinfo->expires_min && expires <= sinfo->expires_max), XT_CONNTRACK_EXPIRES)) | 118 | if (FWINV(!(expires >= sinfo->expires_min && |
| 119 | expires <= sinfo->expires_max), | ||
| 120 | XT_CONNTRACK_EXPIRES)) | ||
| 111 | return 0; | 121 | return 0; |
| 112 | } | 122 | } |
| 113 | |||
| 114 | return 1; | 123 | return 1; |
| 115 | } | 124 | } |
| 116 | 125 | ||
| @@ -141,63 +150,72 @@ match(const struct sk_buff *skb, | |||
| 141 | else | 150 | else |
| 142 | statebit = XT_CONNTRACK_STATE_INVALID; | 151 | statebit = XT_CONNTRACK_STATE_INVALID; |
| 143 | 152 | ||
| 144 | if(sinfo->flags & XT_CONNTRACK_STATE) { | 153 | if (sinfo->flags & XT_CONNTRACK_STATE) { |
| 145 | if (ct) { | 154 | if (ct) { |
| 146 | if(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip != | 155 | if (test_bit(IPS_SRC_NAT_BIT, &ct->status)) |
| 147 | ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip) | ||
| 148 | statebit |= XT_CONNTRACK_STATE_SNAT; | 156 | statebit |= XT_CONNTRACK_STATE_SNAT; |
| 149 | 157 | if (test_bit(IPS_DST_NAT_BIT, &ct->status)) | |
| 150 | if(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.ip != | ||
| 151 | ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip) | ||
| 152 | statebit |= XT_CONNTRACK_STATE_DNAT; | 158 | statebit |= XT_CONNTRACK_STATE_DNAT; |
| 153 | } | 159 | } |
| 154 | 160 | if (FWINV((statebit & sinfo->statemask) == 0, | |
| 155 | if (FWINV((statebit & sinfo->statemask) == 0, XT_CONNTRACK_STATE)) | 161 | XT_CONNTRACK_STATE)) |
| 156 | return 0; | 162 | return 0; |
| 157 | } | 163 | } |
| 158 | 164 | ||
| 159 | if(sinfo->flags & XT_CONNTRACK_PROTO) { | 165 | if (ct == NULL) { |
| 160 | if (!ct || FWINV(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum != sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum, XT_CONNTRACK_PROTO)) | 166 | if (sinfo->flags & ~XT_CONNTRACK_STATE) |
| 161 | return 0; | ||
| 162 | } | ||
| 163 | |||
| 164 | if(sinfo->flags & XT_CONNTRACK_ORIGSRC) { | ||
| 165 | if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip&sinfo->sipmsk[IP_CT_DIR_ORIGINAL].s_addr) != sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip, XT_CONNTRACK_ORIGSRC)) | ||
| 166 | return 0; | 167 | return 0; |
| 168 | return 1; | ||
| 167 | } | 169 | } |
| 168 | 170 | ||
| 169 | if(sinfo->flags & XT_CONNTRACK_ORIGDST) { | 171 | if (sinfo->flags & XT_CONNTRACK_PROTO && |
| 170 | if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.ip&sinfo->dipmsk[IP_CT_DIR_ORIGINAL].s_addr) != sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip, XT_CONNTRACK_ORIGDST)) | 172 | FWINV(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum != |
| 171 | return 0; | 173 | sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum, |
| 172 | } | 174 | XT_CONNTRACK_PROTO)) |
| 173 | 175 | return 0; | |
| 174 | if(sinfo->flags & XT_CONNTRACK_REPLSRC) { | 176 | |
| 175 | if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip&sinfo->sipmsk[IP_CT_DIR_REPLY].s_addr) != sinfo->tuple[IP_CT_DIR_REPLY].src.ip, XT_CONNTRACK_REPLSRC)) | 177 | if (sinfo->flags & XT_CONNTRACK_ORIGSRC && |
| 176 | return 0; | 178 | FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip & |
| 177 | } | 179 | sinfo->sipmsk[IP_CT_DIR_ORIGINAL].s_addr) != |
| 180 | sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip, | ||
| 181 | XT_CONNTRACK_ORIGSRC)) | ||
| 182 | return 0; | ||
| 178 | 183 | ||
| 179 | if(sinfo->flags & XT_CONNTRACK_REPLDST) { | 184 | if (sinfo->flags & XT_CONNTRACK_ORIGDST && |
| 180 | if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip&sinfo->dipmsk[IP_CT_DIR_REPLY].s_addr) != sinfo->tuple[IP_CT_DIR_REPLY].dst.ip, XT_CONNTRACK_REPLDST)) | 185 | FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.ip & |
| 181 | return 0; | 186 | sinfo->dipmsk[IP_CT_DIR_ORIGINAL].s_addr) != |
| 182 | } | 187 | sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip, |
| 188 | XT_CONNTRACK_ORIGDST)) | ||
| 189 | return 0; | ||
| 183 | 190 | ||
| 184 | if(sinfo->flags & XT_CONNTRACK_STATUS) { | 191 | if (sinfo->flags & XT_CONNTRACK_REPLSRC && |
| 185 | if (!ct || FWINV((ct->status & sinfo->statusmask) == 0, XT_CONNTRACK_STATUS)) | 192 | FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip & |
| 186 | return 0; | 193 | sinfo->sipmsk[IP_CT_DIR_REPLY].s_addr) != |
| 187 | } | 194 | sinfo->tuple[IP_CT_DIR_REPLY].src.ip, |
| 195 | XT_CONNTRACK_REPLSRC)) | ||
| 196 | return 0; | ||
| 188 | 197 | ||
| 189 | if(sinfo->flags & XT_CONNTRACK_EXPIRES) { | 198 | if (sinfo->flags & XT_CONNTRACK_REPLDST && |
| 190 | unsigned long expires; | 199 | FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip & |
| 200 | sinfo->dipmsk[IP_CT_DIR_REPLY].s_addr) != | ||
| 201 | sinfo->tuple[IP_CT_DIR_REPLY].dst.ip, | ||
| 202 | XT_CONNTRACK_REPLDST)) | ||
| 203 | return 0; | ||
| 191 | 204 | ||
| 192 | if(!ct) | 205 | if (sinfo->flags & XT_CONNTRACK_STATUS && |
| 193 | return 0; | 206 | FWINV((ct->status & sinfo->statusmask) == 0, |
| 207 | XT_CONNTRACK_STATUS)) | ||
| 208 | return 0; | ||
| 194 | 209 | ||
| 195 | expires = timer_pending(&ct->timeout) ? (ct->timeout.expires - jiffies)/HZ : 0; | 210 | if(sinfo->flags & XT_CONNTRACK_EXPIRES) { |
| 211 | unsigned long expires = timer_pending(&ct->timeout) ? | ||
| 212 | (ct->timeout.expires - jiffies)/HZ : 0; | ||
| 196 | 213 | ||
| 197 | if (FWINV(!(expires >= sinfo->expires_min && expires <= sinfo->expires_max), XT_CONNTRACK_EXPIRES)) | 214 | if (FWINV(!(expires >= sinfo->expires_min && |
| 215 | expires <= sinfo->expires_max), | ||
| 216 | XT_CONNTRACK_EXPIRES)) | ||
| 198 | return 0; | 217 | return 0; |
| 199 | } | 218 | } |
| 200 | |||
| 201 | return 1; | 219 | return 1; |
| 202 | } | 220 | } |
| 203 | 221 | ||
| @@ -220,8 +238,7 @@ checkentry(const char *tablename, | |||
| 220 | return 1; | 238 | return 1; |
| 221 | } | 239 | } |
| 222 | 240 | ||
| 223 | static void | 241 | static void destroy(const struct xt_match *match, void *matchinfo) |
| 224 | destroy(const struct xt_match *match, void *matchinfo) | ||
| 225 | { | 242 | { |
| 226 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | 243 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) |
| 227 | nf_ct_l3proto_module_put(match->family); | 244 | nf_ct_l3proto_module_put(match->family); |