[NETFILTER]: nf_conntrack: reduce masks to a subset of tuples

Since conntrack currently allows to use masks for every bit of both helper and expectation tuples, we can't hash them and have to keep them on two global lists that are searched for every new connection. This patch removes the never used ability to use masks for the destination part of the expectation tuple and completely removes masks from helpers since the only reasonable choice is a full match on l3num, protonum and src.u.all. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Patrick McHardy <kaber@trash.net> 2007-07-08 01:31:32 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2007-07-11 01:17:55 -0400
commit: d4156e8cd93f5772483928aaf4960120caebd789 (patch)
tree: e740e629df29d8ea1ad21244998851362b64a70e /net
parent: df43b4e7ca46952756b2fc039ed80469b1bff62d (diff)
13 files changed, 24 insertions, 90 deletions
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c
index 6e88505d6162..6bfcd3a90f08 100644
--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
@@ -1276,9 +1276,6 @@ static struct nf_conntrack_helper snmp_helper __read_mostly = {
        .tuple.src.l3num        = AF_INET,
        .tuple.src.u.udp.port   = __constant_htons(SNMP_PORT),
        .tuple.dst.protonum     = IPPROTO_UDP,
-        .mask.src.l3num         = 0xFFFF,
-        .mask.src.u.udp.port    = __constant_htons(0xFFFF),
-        .mask.dst.protonum      = 0xFF,
 };
 static struct nf_conntrack_helper snmp_trap_helper __read_mostly = {
@@ -1290,9 +1287,6 @@ static struct nf_conntrack_helper snmp_trap_helper __read_mostly = {
        .tuple.src.l3num        = AF_INET,
        .tuple.src.u.udp.port   = __constant_htons(SNMP_TRAP_PORT),
        .tuple.dst.protonum     = IPPROTO_UDP,
-        .mask.src.l3num         = 0xFFFF,
-        .mask.src.u.udp.port    = __constant_htons(0xFFFF),
-        .mask.dst.protonum      = 0xFF,
 };
 /*****************************************************************************
diff --git a/net/netfilter/nf_conntrack_amanda.c b/net/netfilter/nf_conntrack_amanda.c
index d21359e6c14c..e42ab230ad88 100644
--- a/net/netfilter/nf_conntrack_amanda.c
+++ b/net/netfilter/nf_conntrack_amanda.c
@@ -174,9 +174,6 @@ static struct nf_conntrack_helper amanda_helper[2] __read_mostly = {
                .tuple.src.l3num        = AF_INET,
                .tuple.src.u.udp.port   = __constant_htons(10080),
                .tuple.dst.protonum     = IPPROTO_UDP,
-                .mask.src.l3num         = 0xFFFF,
-                .mask.src.u.udp.port    = __constant_htons(0xFFFF),
-                .mask.dst.protonum      = 0xFF,
        },
        {
                .name                   = "amanda",
@@ -187,9 +184,6 @@ static struct nf_conntrack_helper amanda_helper[2] __read_mostly = {
                .tuple.src.l3num        = AF_INET6,
                .tuple.src.u.udp.port   = __constant_htons(10080),
                .tuple.dst.protonum     = IPPROTO_UDP,
-                .mask.src.l3num         = 0xFFFF,
-                .mask.src.u.udp.port    = __constant_htons(0xFFFF),
-                .mask.dst.protonum      = 0xFF,
        },
 };
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index 4130ea662c48..83b5ad85e0ee 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -141,25 +141,16 @@ static inline int expect_clash(const struct nf_conntrack_expect *a,
 {
        /* Part covered by intersection of masks must be unequal,
           otherwise they clash */
-        struct nf_conntrack_tuple intersect_mask;
+        struct nf_conntrack_tuple_mask intersect_mask;
        int count;
-        intersect_mask.src.l3num = a->mask.src.l3num & b->mask.src.l3num;
        intersect_mask.src.u.all = a->mask.src.u.all & b->mask.src.u.all;
-        intersect_mask.dst.u.all = a->mask.dst.u.all & b->mask.dst.u.all;
-        intersect_mask.dst.protonum = a->mask.dst.protonum
-                                        & b->mask.dst.protonum;
        for (count = 0; count < NF_CT_TUPLE_L3SIZE; count++){
                intersect_mask.src.u3.all[count] =
                        a->mask.src.u3.all[count] & b->mask.src.u3.all[count];
        }
-        for (count = 0; count < NF_CT_TUPLE_L3SIZE; count++){
-                intersect_mask.dst.u3.all[count] =
-                        a->mask.dst.u3.all[count] & b->mask.dst.u3.all[count];
-        }
        return nf_ct_tuple_mask_cmp(&a->tuple, &b->tuple, &intersect_mask);
 }
@@ -168,7 +159,7 @@ static inline int expect_matches(const struct nf_conntrack_expect *a,
 {
        return a->master == b->master
                && nf_ct_tuple_equal(&a->tuple, &b->tuple)
-                && nf_ct_tuple_equal(&a->mask, &b->mask);
+                && nf_ct_tuple_mask_equal(&a->mask, &b->mask);
 }
 /* Generally a bad idea to call this: could have matched already. */
@@ -224,8 +215,6 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp, int family,
        exp->helper = NULL;
        exp->tuple.src.l3num = family;
        exp->tuple.dst.protonum = proto;
-        exp->mask.src.l3num = 0xFFFF;
-        exp->mask.dst.protonum = 0xFF;
        if (saddr) {
                memcpy(&exp->tuple.src.u3, saddr, len);
@@ -242,21 +231,6 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp, int family,
                memset(&exp->mask.src.u3, 0x00, sizeof(exp->mask.src.u3));
        }
-        if (daddr) {
-                memcpy(&exp->tuple.dst.u3, daddr, len);
-                if (sizeof(exp->tuple.dst.u3) > len)
-                        /* address needs to be cleared for nf_ct_tuple_equal */
-                        memset((void *)&exp->tuple.dst.u3 + len, 0x00,
-                               sizeof(exp->tuple.dst.u3) - len);
-                memset(&exp->mask.dst.u3, 0xFF, len);
-                if (sizeof(exp->mask.dst.u3) > len)
-                        memset((void *)&exp->mask.dst.u3 + len, 0x00,
-                               sizeof(exp->mask.dst.u3) - len);
-        } else {
-                memset(&exp->tuple.dst.u3, 0x00, sizeof(exp->tuple.dst.u3));
-                memset(&exp->mask.dst.u3, 0x00, sizeof(exp->mask.dst.u3));
-        }
        if (src) {
                exp->tuple.src.u.all = (__force u16)*src;
                exp->mask.src.u.all = 0xFFFF;
@@ -265,13 +239,13 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp, int family,
                exp->mask.src.u.all = 0;
        }
-        if (dst) {
+        memcpy(&exp->tuple.dst.u3, daddr, len);
-                exp->tuple.dst.u.all = (__force u16)*dst;
+        if (sizeof(exp->tuple.dst.u3) > len)
-                exp->mask.dst.u.all = 0xFFFF;
+                /* address needs to be cleared for nf_ct_tuple_equal */
-        } else {
+                memset((void *)&exp->tuple.dst.u3 + len, 0x00,
-                exp->tuple.dst.u.all = 0;
+                       sizeof(exp->tuple.dst.u3) - len);
-                exp->mask.dst.u.all = 0;
-        }
+        exp->tuple.dst.u.all = (__force u16)*dst;
 }
 EXPORT_SYMBOL_GPL(nf_ct_expect_init);
diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c
index 9ad15191bb44..198330b8ada4 100644
--- a/net/netfilter/nf_conntrack_ftp.c
+++ b/net/netfilter/nf_conntrack_ftp.c
@@ -560,9 +560,6 @@ static int __init nf_conntrack_ftp_init(void)
                for (j = 0; j < 2; j++) {
                        ftp[i][j].tuple.src.u.tcp.port = htons(ports[i]);
                        ftp[i][j].tuple.dst.protonum = IPPROTO_TCP;
-                        ftp[i][j].mask.src.l3num = 0xFFFF;
-                        ftp[i][j].mask.src.u.tcp.port = htons(0xFFFF);
-                        ftp[i][j].mask.dst.protonum = 0xFF;
                        ftp[i][j].max_expected = 1;
                        ftp[i][j].timeout = 5 * 60;     /* 5 Minutes */
                        ftp[i][j].me = THIS_MODULE;
diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c
index 61ae90fb328a..8c57b8119bfb 100644
--- a/net/netfilter/nf_conntrack_h323_main.c
+++ b/net/netfilter/nf_conntrack_h323_main.c
@@ -626,8 +626,6 @@ static struct nf_conntrack_helper nf_conntrack_helper_h245 __read_mostly = {
        .max_expected           = H323_RTP_CHANNEL_MAX * 4 + 2 /* T.120 */,
        .timeout                = 240,
        .tuple.dst.protonum     = IPPROTO_UDP,
-        .mask.src.u.udp.port    = __constant_htons(0xFFFF),
-        .mask.dst.protonum      = 0xFF,
        .help                   = h245_help
 };
@@ -1173,9 +1171,6 @@ static struct nf_conntrack_helper nf_conntrack_helper_q931[] __read_mostly = {
                .tuple.src.l3num        = AF_INET,
                .tuple.src.u.tcp.port   = __constant_htons(Q931_PORT),
                .tuple.dst.protonum     = IPPROTO_TCP,
-                .mask.src.l3num         = 0xFFFF,
-                .mask.src.u.tcp.port    = __constant_htons(0xFFFF),
-                .mask.dst.protonum      = 0xFF,
                .help                   = q931_help
        },
        {
@@ -1187,9 +1182,6 @@ static struct nf_conntrack_helper nf_conntrack_helper_q931[] __read_mostly = {
                .tuple.src.l3num        = AF_INET6,
                .tuple.src.u.tcp.port   = __constant_htons(Q931_PORT),
                .tuple.dst.protonum     = IPPROTO_TCP,
-                .mask.src.l3num         = 0xFFFF,
-                .mask.src.u.tcp.port    = __constant_htons(0xFFFF),
-                .mask.dst.protonum      = 0xFF,
                .help                   = q931_help
        },
 };
@@ -1751,9 +1743,6 @@ static struct nf_conntrack_helper nf_conntrack_helper_ras[] __read_mostly = {
                .tuple.src.l3num        = AF_INET,
                .tuple.src.u.udp.port   = __constant_htons(RAS_PORT),
                .tuple.dst.protonum     = IPPROTO_UDP,
-                .mask.src.l3num         = 0xFFFF,
-                .mask.src.u.udp.port    = __constant_htons(0xFFFF),
-                .mask.dst.protonum      = 0xFF,
                .help                   = ras_help,
        },
        {
@@ -1764,9 +1753,6 @@ static struct nf_conntrack_helper nf_conntrack_helper_ras[] __read_mostly = {
                .tuple.src.l3num        = AF_INET6,
                .tuple.src.u.udp.port   = __constant_htons(RAS_PORT),
                .tuple.dst.protonum     = IPPROTO_UDP,
-                .mask.src.l3num         = 0xFFFF,
-                .mask.src.u.udp.port    = __constant_htons(0xFFFF),
-                .mask.dst.protonum      = 0xFF,
                .help                   = ras_help,
        },
 };
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
index 89a5f7333d38..fdabf823f8cd 100644
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -34,9 +34,10 @@ struct nf_conntrack_helper *
 __nf_ct_helper_find(const struct nf_conntrack_tuple *tuple)
 {
        struct nf_conntrack_helper *h;
+        struct nf_conntrack_tuple_mask mask = { .src.u.all = htons(0xFFFF) };
        list_for_each_entry(h, &helpers, list) {
-                if (nf_ct_tuple_mask_cmp(tuple, &h->tuple, &h->mask))
+                if (nf_ct_tuple_src_mask_cmp(tuple, &h->tuple, &mask))
                        return h;
        }
        return NULL;
diff --git a/net/netfilter/nf_conntrack_irc.c b/net/netfilter/nf_conntrack_irc.c
index 79da93e4396b..8c7340794bf6 100644
--- a/net/netfilter/nf_conntrack_irc.c
+++ b/net/netfilter/nf_conntrack_irc.c
@@ -239,9 +239,6 @@ static int __init nf_conntrack_irc_init(void)
                irc[i].tuple.src.l3num = AF_INET;
                irc[i].tuple.src.u.tcp.port = htons(ports[i]);
                irc[i].tuple.dst.protonum = IPPROTO_TCP;
-                irc[i].mask.src.l3num = 0xFFFF;
-                irc[i].mask.src.u.tcp.port = htons(0xFFFF);
-                irc[i].mask.dst.protonum = 0xFF;
                irc[i].max_expected = max_dcc_channels;
                irc[i].timeout = dcc_timeout;
                irc[i].me = THIS_MODULE;
diff --git a/net/netfilter/nf_conntrack_netbios_ns.c b/net/netfilter/nf_conntrack_netbios_ns.c
index ea585c789a83..1d59fabeb5f7 100644
--- a/net/netfilter/nf_conntrack_netbios_ns.c
+++ b/net/netfilter/nf_conntrack_netbios_ns.c
@@ -83,9 +83,6 @@ static int help(struct sk_buff **pskb, unsigned int protoff,
        exp->mask.src.u3.ip       = mask;
        exp->mask.src.u.udp.port  = htons(0xFFFF);
-        exp->mask.dst.u3.ip       = htonl(0xFFFFFFFF);
-        exp->mask.dst.u.udp.port  = htons(0xFFFF);
-        exp->mask.dst.protonum    = 0xFF;
        exp->expectfn             = NULL;
        exp->flags                = NF_CT_EXPECT_PERMANENT;
@@ -104,9 +101,6 @@ static struct nf_conntrack_helper helper __read_mostly = {
        .tuple.src.l3num        = AF_INET,
        .tuple.src.u.udp.port   = __constant_htons(NMBD_PORT),
        .tuple.dst.protonum     = IPPROTO_UDP,
-        .mask.src.l3num         = 0xFFFF,
-        .mask.src.u.udp.port    = __constant_htons(0xFFFF),
-        .mask.dst.protonum      = 0xFF,
        .max_expected           = 1,
        .me                     = THIS_MODULE,
        .help                   = help,
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 954cc58b9d04..206491488f4e 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1094,22 +1094,29 @@ nfattr_failure:
 static inline int
 ctnetlink_exp_dump_mask(struct sk_buff *skb,
                        const struct nf_conntrack_tuple *tuple,
-                        const struct nf_conntrack_tuple *mask)
+                        const struct nf_conntrack_tuple_mask *mask)
 {
        int ret;
        struct nf_conntrack_l3proto *l3proto;
        struct nf_conntrack_l4proto *l4proto;
-        struct nfattr *nest_parms = NFA_NEST(skb, CTA_EXPECT_MASK);
+        struct nf_conntrack_tuple m;
+        struct nfattr *nest_parms;
+        memset(&m, 0xFF, sizeof(m));
+        m.src.u.all = mask->src.u.all;
+        memcpy(&m.src.u3, &mask->src.u3, sizeof(m.src.u3));
+        nest_parms = NFA_NEST(skb, CTA_EXPECT_MASK);
        l3proto = nf_ct_l3proto_find_get(tuple->src.l3num);
-        ret = ctnetlink_dump_tuples_ip(skb, mask, l3proto);
+        ret = ctnetlink_dump_tuples_ip(skb, &m, l3proto);
        nf_ct_l3proto_put(l3proto);
        if (unlikely(ret < 0))
                goto nfattr_failure;
        l4proto = nf_ct_l4proto_find_get(tuple->src.l3num, tuple->dst.protonum);
-        ret = ctnetlink_dump_tuples_proto(skb, mask, l4proto);
+        ret = ctnetlink_dump_tuples_proto(skb, &m, l4proto);
        nf_ct_l4proto_put(l4proto);
        if (unlikely(ret < 0))
                goto nfattr_failure;
@@ -1447,7 +1454,8 @@ ctnetlink_create_expect(struct nfattr *cda[], u_int8_t u3)
        exp->master = ct;
        exp->helper = NULL;
        memcpy(&exp->tuple, &tuple, sizeof(struct nf_conntrack_tuple));
-        memcpy(&exp->mask, &mask, sizeof(struct nf_conntrack_tuple));
+        memcpy(&exp->mask.src.u3, &mask.src.u3, sizeof(exp->mask.src.u3));
+        exp->mask.src.u.all = mask.src.u.all;
        err = nf_ct_expect_related(exp);
        nf_ct_expect_put(exp);
diff --git a/net/netfilter/nf_conntrack_pptp.c b/net/netfilter/nf_conntrack_pptp.c
index 916e106d36bc..63dac5eb959f 100644
--- a/net/netfilter/nf_conntrack_pptp.c
+++ b/net/netfilter/nf_conntrack_pptp.c
@@ -585,9 +585,6 @@ static struct nf_conntrack_helper pptp __read_mostly = {
        .tuple.src.l3num        = AF_INET,
        .tuple.src.u.tcp.port   = __constant_htons(PPTP_CONTROL_PORT),
        .tuple.dst.protonum     = IPPROTO_TCP,
-        .mask.src.l3num         = 0xffff,
-        .mask.src.u.tcp.port    = __constant_htons(0xffff),
-        .mask.dst.protonum      = 0xff,
        .help                   = conntrack_pptp_help,
        .destroy                = pptp_destroy_siblings,
 };
diff --git a/net/netfilter/nf_conntrack_sane.c b/net/netfilter/nf_conntrack_sane.c
index 28ed303c565b..edd10df8aa08 100644
--- a/net/netfilter/nf_conntrack_sane.c
+++ b/net/netfilter/nf_conntrack_sane.c
@@ -206,8 +206,6 @@ static int __init nf_conntrack_sane_init(void)
                for (j = 0; j < 2; j++) {
                        sane[i][j].tuple.src.u.tcp.port = htons(ports[i]);
                        sane[i][j].tuple.dst.protonum = IPPROTO_TCP;
-                        sane[i][j].mask.src.u.tcp.port = 0xFFFF;
-                        sane[i][j].mask.dst.protonum = 0xFF;
                        sane[i][j].max_expected = 1;
                        sane[i][j].timeout = 5 * 60;    /* 5 Minutes */
                        sane[i][j].me = THIS_MODULE;
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index 1f17f8040cd2..5b78f0e1f63b 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -506,9 +506,6 @@ static int __init nf_conntrack_sip_init(void)
                for (j = 0; j < 2; j++) {
                        sip[i][j].tuple.dst.protonum = IPPROTO_UDP;
                        sip[i][j].tuple.src.u.udp.port = htons(ports[i]);
-                        sip[i][j].mask.src.l3num = 0xFFFF;
-                        sip[i][j].mask.src.u.udp.port = htons(0xFFFF);
-                        sip[i][j].mask.dst.protonum = 0xFF;
                        sip[i][j].max_expected = 2;
                        sip[i][j].timeout = 3 * 60; /* 3 minutes */
                        sip[i][j].me = THIS_MODULE;
diff --git a/net/netfilter/nf_conntrack_tftp.c b/net/netfilter/nf_conntrack_tftp.c
index 53d57b4c0de7..db0387cf9bac 100644
--- a/net/netfilter/nf_conntrack_tftp.c
+++ b/net/netfilter/nf_conntrack_tftp.c
@@ -126,9 +126,6 @@ static int __init nf_conntrack_tftp_init(void)
                for (j = 0; j < 2; j++) {
                        tftp[i][j].tuple.dst.protonum = IPPROTO_UDP;
                        tftp[i][j].tuple.src.u.udp.port = htons(ports[i]);
-                        tftp[i][j].mask.src.l3num = 0xFFFF;
-                        tftp[i][j].mask.dst.protonum = 0xFF;
-                        tftp[i][j].mask.src.u.udp.port = htons(0xFFFF);
                        tftp[i][j].max_expected = 1;
                        tftp[i][j].timeout = 5 * 60; /* 5 minutes */
                        tftp[i][j].me = THIS_MODULE;
author	Patrick McHardy <kaber@trash.net>	2007-07-08 01:31:32 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2007-07-11 01:17:55 -0400
commit	d4156e8cd93f5772483928aaf4960120caebd789 (patch)
tree	e740e629df29d8ea1ad21244998851362b64a70e /net
parent	df43b4e7ca46952756b2fc039ed80469b1bff62d (diff)

diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c index 6e88505d6162..6bfcd3a90f08 100644 --- a/net/ipv4/netfilter/nf_nat_snmp_basic.c +++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
@@ -1276,9 +1276,6 @@ static struct nf_conntrack_helper snmp_helper __read_mostly = {
1276	.tuple.src.l3num = AF_INET,	1276	.tuple.src.l3num = AF_INET,
1277	.tuple.src.u.udp.port = __constant_htons(SNMP_PORT),	1277	.tuple.src.u.udp.port = __constant_htons(SNMP_PORT),
1278	.tuple.dst.protonum = IPPROTO_UDP,	1278	.tuple.dst.protonum = IPPROTO_UDP,
1279	.mask.src.l3num = 0xFFFF,
1280	.mask.src.u.udp.port = __constant_htons(0xFFFF),
1281	.mask.dst.protonum = 0xFF,
1282	};	1279	};
1283		1280
1284	static struct nf_conntrack_helper snmp_trap_helper __read_mostly = {	1281	static struct nf_conntrack_helper snmp_trap_helper __read_mostly = {
@@ -1290,9 +1287,6 @@ static struct nf_conntrack_helper snmp_trap_helper __read_mostly = {
1290	.tuple.src.l3num = AF_INET,	1287	.tuple.src.l3num = AF_INET,
1291	.tuple.src.u.udp.port = __constant_htons(SNMP_TRAP_PORT),	1288	.tuple.src.u.udp.port = __constant_htons(SNMP_TRAP_PORT),
1292	.tuple.dst.protonum = IPPROTO_UDP,	1289	.tuple.dst.protonum = IPPROTO_UDP,
1293	.mask.src.l3num = 0xFFFF,
1294	.mask.src.u.udp.port = __constant_htons(0xFFFF),
1295	.mask.dst.protonum = 0xFF,
1296	};	1290	};
1297		1291
1298	/*****************************************************************************	1292	/*****************************************************************************


diff --git a/net/netfilter/nf_conntrack_amanda.c b/net/netfilter/nf_conntrack_amanda.c index d21359e6c14c..e42ab230ad88 100644 --- a/net/netfilter/nf_conntrack_amanda.c +++ b/net/netfilter/nf_conntrack_amanda.c
@@ -174,9 +174,6 @@ static struct nf_conntrack_helper amanda_helper[2] __read_mostly = {
174	.tuple.src.l3num = AF_INET,	174	.tuple.src.l3num = AF_INET,
175	.tuple.src.u.udp.port = __constant_htons(10080),	175	.tuple.src.u.udp.port = __constant_htons(10080),
176	.tuple.dst.protonum = IPPROTO_UDP,	176	.tuple.dst.protonum = IPPROTO_UDP,
177	.mask.src.l3num = 0xFFFF,
178	.mask.src.u.udp.port = __constant_htons(0xFFFF),
179	.mask.dst.protonum = 0xFF,
180	},	177	},
181	{	178	{
182	.name = "amanda",	179	.name = "amanda",
@@ -187,9 +184,6 @@ static struct nf_conntrack_helper amanda_helper[2] __read_mostly = {
187	.tuple.src.l3num = AF_INET6,	184	.tuple.src.l3num = AF_INET6,
188	.tuple.src.u.udp.port = __constant_htons(10080),	185	.tuple.src.u.udp.port = __constant_htons(10080),
189	.tuple.dst.protonum = IPPROTO_UDP,	186	.tuple.dst.protonum = IPPROTO_UDP,
190	.mask.src.l3num = 0xFFFF,
191	.mask.src.u.udp.port = __constant_htons(0xFFFF),
192	.mask.dst.protonum = 0xFF,
193	},	187	},
194	};	188	};
195		189


diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index 4130ea662c48..83b5ad85e0ee 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c
@@ -141,25 +141,16 @@ static inline int expect_clash(const struct nf_conntrack_expect *a,
141	{	141	{
142	/* Part covered by intersection of masks must be unequal,	142	/* Part covered by intersection of masks must be unequal,
143	otherwise they clash */	143	otherwise they clash */
144	struct nf_conntrack_tuple intersect_mask;	144	struct nf_conntrack_tuple_mask intersect_mask;
145	int count;	145	int count;
146		146
147	intersect_mask.src.l3num = a->mask.src.l3num & b->mask.src.l3num;
148	intersect_mask.src.u.all = a->mask.src.u.all & b->mask.src.u.all;	147	intersect_mask.src.u.all = a->mask.src.u.all & b->mask.src.u.all;
149	intersect_mask.dst.u.all = a->mask.dst.u.all & b->mask.dst.u.all;
150	intersect_mask.dst.protonum = a->mask.dst.protonum
151	& b->mask.dst.protonum;
152		148
153	for (count = 0; count < NF_CT_TUPLE_L3SIZE; count++){	149	for (count = 0; count < NF_CT_TUPLE_L3SIZE; count++){
154	intersect_mask.src.u3.all[count] =	150	intersect_mask.src.u3.all[count] =
155	a->mask.src.u3.all[count] & b->mask.src.u3.all[count];	151	a->mask.src.u3.all[count] & b->mask.src.u3.all[count];
156	}	152	}
157		153
158	for (count = 0; count < NF_CT_TUPLE_L3SIZE; count++){
159	intersect_mask.dst.u3.all[count] =
160	a->mask.dst.u3.all[count] & b->mask.dst.u3.all[count];
161	}
162
163	return nf_ct_tuple_mask_cmp(&a->tuple, &b->tuple, &intersect_mask);	154	return nf_ct_tuple_mask_cmp(&a->tuple, &b->tuple, &intersect_mask);
164	}	155	}
165		156
@@ -168,7 +159,7 @@ static inline int expect_matches(const struct nf_conntrack_expect *a,
168	{	159	{
169	return a->master == b->master	160	return a->master == b->master
170	&& nf_ct_tuple_equal(&a->tuple, &b->tuple)	161	&& nf_ct_tuple_equal(&a->tuple, &b->tuple)
171	&& nf_ct_tuple_equal(&a->mask, &b->mask);	162	&& nf_ct_tuple_mask_equal(&a->mask, &b->mask);
172	}	163	}
173		164
174	/* Generally a bad idea to call this: could have matched already. */	165	/* Generally a bad idea to call this: could have matched already. */
@@ -224,8 +215,6 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp, int family,
224	exp->helper = NULL;	215	exp->helper = NULL;
225	exp->tuple.src.l3num = family;	216	exp->tuple.src.l3num = family;
226	exp->tuple.dst.protonum = proto;	217	exp->tuple.dst.protonum = proto;
227	exp->mask.src.l3num = 0xFFFF;
228	exp->mask.dst.protonum = 0xFF;
229		218
230	if (saddr) {	219	if (saddr) {
231	memcpy(&exp->tuple.src.u3, saddr, len);	220	memcpy(&exp->tuple.src.u3, saddr, len);
@@ -242,21 +231,6 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp, int family,
242	memset(&exp->mask.src.u3, 0x00, sizeof(exp->mask.src.u3));	231	memset(&exp->mask.src.u3, 0x00, sizeof(exp->mask.src.u3));
243	}	232	}
244		233
245	if (daddr) {
246	memcpy(&exp->tuple.dst.u3, daddr, len);
247	if (sizeof(exp->tuple.dst.u3) > len)
248	/* address needs to be cleared for nf_ct_tuple_equal */
249	memset((void *)&exp->tuple.dst.u3 + len, 0x00,
250	sizeof(exp->tuple.dst.u3) - len);
251	memset(&exp->mask.dst.u3, 0xFF, len);
252	if (sizeof(exp->mask.dst.u3) > len)
253	memset((void *)&exp->mask.dst.u3 + len, 0x00,
254	sizeof(exp->mask.dst.u3) - len);
255	} else {
256	memset(&exp->tuple.dst.u3, 0x00, sizeof(exp->tuple.dst.u3));
257	memset(&exp->mask.dst.u3, 0x00, sizeof(exp->mask.dst.u3));
258	}
259
260	if (src) {	234	if (src) {
261	exp->tuple.src.u.all = (__force u16)*src;	235	exp->tuple.src.u.all = (__force u16)*src;
262	exp->mask.src.u.all = 0xFFFF;	236	exp->mask.src.u.all = 0xFFFF;
@@ -265,13 +239,13 @@ void nf_ct_expect_init(struct nf_conntrack_expect *exp, int family,
265	exp->mask.src.u.all = 0;	239	exp->mask.src.u.all = 0;
266	}	240	}
267		241
268	if (dst) {	242	memcpy(&exp->tuple.dst.u3, daddr, len);
269	exp->tuple.dst.u.all = (__force u16)*dst;	243	if (sizeof(exp->tuple.dst.u3) > len)
270	exp->mask.dst.u.all = 0xFFFF;	244	/* address needs to be cleared for nf_ct_tuple_equal */
271	} else {	245	memset((void *)&exp->tuple.dst.u3 + len, 0x00,
272	exp->tuple.dst.u.all = 0;	246	sizeof(exp->tuple.dst.u3) - len);
273	exp->mask.dst.u.all = 0;	247
274	}	248	exp->tuple.dst.u.all = (__force u16)*dst;
275	}	249	}
276	EXPORT_SYMBOL_GPL(nf_ct_expect_init);	250	EXPORT_SYMBOL_GPL(nf_ct_expect_init);
277		251


diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c index 9ad15191bb44..198330b8ada4 100644 --- a/net/netfilter/nf_conntrack_ftp.c +++ b/net/netfilter/nf_conntrack_ftp.c
@@ -560,9 +560,6 @@ static int __init nf_conntrack_ftp_init(void)
560	for (j = 0; j < 2; j++) {	560	for (j = 0; j < 2; j++) {
561	ftp[i][j].tuple.src.u.tcp.port = htons(ports[i]);	561	ftp[i][j].tuple.src.u.tcp.port = htons(ports[i]);
562	ftp[i][j].tuple.dst.protonum = IPPROTO_TCP;	562	ftp[i][j].tuple.dst.protonum = IPPROTO_TCP;
563	ftp[i][j].mask.src.l3num = 0xFFFF;
564	ftp[i][j].mask.src.u.tcp.port = htons(0xFFFF);
565	ftp[i][j].mask.dst.protonum = 0xFF;
566	ftp[i][j].max_expected = 1;	563	ftp[i][j].max_expected = 1;
567	ftp[i][j].timeout = 5 * 60; /* 5 Minutes */	564	ftp[i][j].timeout = 5 * 60; /* 5 Minutes */
568	ftp[i][j].me = THIS_MODULE;	565	ftp[i][j].me = THIS_MODULE;


diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c index 61ae90fb328a..8c57b8119bfb 100644 --- a/net/netfilter/nf_conntrack_h323_main.c +++ b/net/netfilter/nf_conntrack_h323_main.c
@@ -626,8 +626,6 @@ static struct nf_conntrack_helper nf_conntrack_helper_h245 __read_mostly = {
626	.max_expected = H323_RTP_CHANNEL_MAX * 4 + 2 /* T.120 */,	626	.max_expected = H323_RTP_CHANNEL_MAX * 4 + 2 /* T.120 */,
627	.timeout = 240,	627	.timeout = 240,
628	.tuple.dst.protonum = IPPROTO_UDP,	628	.tuple.dst.protonum = IPPROTO_UDP,
629	.mask.src.u.udp.port = __constant_htons(0xFFFF),
630	.mask.dst.protonum = 0xFF,
631	.help = h245_help	629	.help = h245_help
632	};	630	};
633		631
@@ -1173,9 +1171,6 @@ static struct nf_conntrack_helper nf_conntrack_helper_q931[] __read_mostly = {
1173	.tuple.src.l3num = AF_INET,	1171	.tuple.src.l3num = AF_INET,
1174	.tuple.src.u.tcp.port = __constant_htons(Q931_PORT),	1172	.tuple.src.u.tcp.port = __constant_htons(Q931_PORT),
1175	.tuple.dst.protonum = IPPROTO_TCP,	1173	.tuple.dst.protonum = IPPROTO_TCP,
1176	.mask.src.l3num = 0xFFFF,
1177	.mask.src.u.tcp.port = __constant_htons(0xFFFF),
1178	.mask.dst.protonum = 0xFF,
1179	.help = q931_help	1174	.help = q931_help
1180	},	1175	},
1181	{	1176	{
@@ -1187,9 +1182,6 @@ static struct nf_conntrack_helper nf_conntrack_helper_q931[] __read_mostly = {
1187	.tuple.src.l3num = AF_INET6,	1182	.tuple.src.l3num = AF_INET6,
1188	.tuple.src.u.tcp.port = __constant_htons(Q931_PORT),	1183	.tuple.src.u.tcp.port = __constant_htons(Q931_PORT),
1189	.tuple.dst.protonum = IPPROTO_TCP,	1184	.tuple.dst.protonum = IPPROTO_TCP,
1190	.mask.src.l3num = 0xFFFF,
1191	.mask.src.u.tcp.port = __constant_htons(0xFFFF),
1192	.mask.dst.protonum = 0xFF,
1193	.help = q931_help	1185	.help = q931_help
1194	},	1186	},
1195	};	1187	};
@@ -1751,9 +1743,6 @@ static struct nf_conntrack_helper nf_conntrack_helper_ras[] __read_mostly = {
1751	.tuple.src.l3num = AF_INET,	1743	.tuple.src.l3num = AF_INET,
1752	.tuple.src.u.udp.port = __constant_htons(RAS_PORT),	1744	.tuple.src.u.udp.port = __constant_htons(RAS_PORT),
1753	.tuple.dst.protonum = IPPROTO_UDP,	1745	.tuple.dst.protonum = IPPROTO_UDP,
1754	.mask.src.l3num = 0xFFFF,
1755	.mask.src.u.udp.port = __constant_htons(0xFFFF),
1756	.mask.dst.protonum = 0xFF,
1757	.help = ras_help,	1746	.help = ras_help,
1758	},	1747	},
1759	{	1748	{
@@ -1764,9 +1753,6 @@ static struct nf_conntrack_helper nf_conntrack_helper_ras[] __read_mostly = {
1764	.tuple.src.l3num = AF_INET6,	1753	.tuple.src.l3num = AF_INET6,
1765	.tuple.src.u.udp.port = __constant_htons(RAS_PORT),	1754	.tuple.src.u.udp.port = __constant_htons(RAS_PORT),
1766	.tuple.dst.protonum = IPPROTO_UDP,	1755	.tuple.dst.protonum = IPPROTO_UDP,
1767	.mask.src.l3num = 0xFFFF,
1768	.mask.src.u.udp.port = __constant_htons(0xFFFF),
1769	.mask.dst.protonum = 0xFF,
1770	.help = ras_help,	1756	.help = ras_help,
1771	},	1757	},
1772	};	1758	};


diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c index 89a5f7333d38..fdabf823f8cd 100644 --- a/net/netfilter/nf_conntrack_helper.c +++ b/net/netfilter/nf_conntrack_helper.c
@@ -34,9 +34,10 @@ struct nf_conntrack_helper *
34	__nf_ct_helper_find(const struct nf_conntrack_tuple *tuple)	34	__nf_ct_helper_find(const struct nf_conntrack_tuple *tuple)
35	{	35	{
36	struct nf_conntrack_helper *h;	36	struct nf_conntrack_helper *h;
		37	struct nf_conntrack_tuple_mask mask = { .src.u.all = htons(0xFFFF) };
37		38
38	list_for_each_entry(h, &helpers, list) {	39	list_for_each_entry(h, &helpers, list) {
39	if (nf_ct_tuple_mask_cmp(tuple, &h->tuple, &h->mask))	40	if (nf_ct_tuple_src_mask_cmp(tuple, &h->tuple, &mask))
40	return h;	41	return h;
41	}	42	}
42	return NULL;	43	return NULL;


diff --git a/net/netfilter/nf_conntrack_irc.c b/net/netfilter/nf_conntrack_irc.c index 79da93e4396b..8c7340794bf6 100644 --- a/net/netfilter/nf_conntrack_irc.c +++ b/net/netfilter/nf_conntrack_irc.c
@@ -239,9 +239,6 @@ static int __init nf_conntrack_irc_init(void)
239	irc[i].tuple.src.l3num = AF_INET;	239	irc[i].tuple.src.l3num = AF_INET;
240	irc[i].tuple.src.u.tcp.port = htons(ports[i]);	240	irc[i].tuple.src.u.tcp.port = htons(ports[i]);
241	irc[i].tuple.dst.protonum = IPPROTO_TCP;	241	irc[i].tuple.dst.protonum = IPPROTO_TCP;
242	irc[i].mask.src.l3num = 0xFFFF;
243	irc[i].mask.src.u.tcp.port = htons(0xFFFF);
244	irc[i].mask.dst.protonum = 0xFF;
245	irc[i].max_expected = max_dcc_channels;	242	irc[i].max_expected = max_dcc_channels;
246	irc[i].timeout = dcc_timeout;	243	irc[i].timeout = dcc_timeout;
247	irc[i].me = THIS_MODULE;	244	irc[i].me = THIS_MODULE;


diff --git a/net/netfilter/nf_conntrack_netbios_ns.c b/net/netfilter/nf_conntrack_netbios_ns.c index ea585c789a83..1d59fabeb5f7 100644 --- a/net/netfilter/nf_conntrack_netbios_ns.c +++ b/net/netfilter/nf_conntrack_netbios_ns.c
@@ -83,9 +83,6 @@ static int help(struct sk_buff **pskb, unsigned int protoff,
83		83
84	exp->mask.src.u3.ip = mask;	84	exp->mask.src.u3.ip = mask;
85	exp->mask.src.u.udp.port = htons(0xFFFF);	85	exp->mask.src.u.udp.port = htons(0xFFFF);
86	exp->mask.dst.u3.ip = htonl(0xFFFFFFFF);
87	exp->mask.dst.u.udp.port = htons(0xFFFF);
88	exp->mask.dst.protonum = 0xFF;
89		86
90	exp->expectfn = NULL;	87	exp->expectfn = NULL;
91	exp->flags = NF_CT_EXPECT_PERMANENT;	88	exp->flags = NF_CT_EXPECT_PERMANENT;
@@ -104,9 +101,6 @@ static struct nf_conntrack_helper helper __read_mostly = {
104	.tuple.src.l3num = AF_INET,	101	.tuple.src.l3num = AF_INET,
105	.tuple.src.u.udp.port = __constant_htons(NMBD_PORT),	102	.tuple.src.u.udp.port = __constant_htons(NMBD_PORT),
106	.tuple.dst.protonum = IPPROTO_UDP,	103	.tuple.dst.protonum = IPPROTO_UDP,
107	.mask.src.l3num = 0xFFFF,
108	.mask.src.u.udp.port = __constant_htons(0xFFFF),
109	.mask.dst.protonum = 0xFF,
110	.max_expected = 1,	104	.max_expected = 1,
111	.me = THIS_MODULE,	105	.me = THIS_MODULE,
112	.help = help,	106	.help = help,


diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 954cc58b9d04..206491488f4e 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1094,22 +1094,29 @@ nfattr_failure:
1094	static inline int	1094	static inline int
1095	ctnetlink_exp_dump_mask(struct sk_buff *skb,	1095	ctnetlink_exp_dump_mask(struct sk_buff *skb,
1096	const struct nf_conntrack_tuple *tuple,	1096	const struct nf_conntrack_tuple *tuple,
1097	const struct nf_conntrack_tuple *mask)	1097	const struct nf_conntrack_tuple_mask *mask)
1098	{	1098	{
1099	int ret;	1099	int ret;
1100	struct nf_conntrack_l3proto *l3proto;	1100	struct nf_conntrack_l3proto *l3proto;
1101	struct nf_conntrack_l4proto *l4proto;	1101	struct nf_conntrack_l4proto *l4proto;
1102	struct nfattr *nest_parms = NFA_NEST(skb, CTA_EXPECT_MASK);	1102	struct nf_conntrack_tuple m;
		1103	struct nfattr *nest_parms;
		1104
		1105	memset(&m, 0xFF, sizeof(m));
		1106	m.src.u.all = mask->src.u.all;
		1107	memcpy(&m.src.u3, &mask->src.u3, sizeof(m.src.u3));
		1108
		1109	nest_parms = NFA_NEST(skb, CTA_EXPECT_MASK);
1103		1110
1104	l3proto = nf_ct_l3proto_find_get(tuple->src.l3num);	1111	l3proto = nf_ct_l3proto_find_get(tuple->src.l3num);
1105	ret = ctnetlink_dump_tuples_ip(skb, mask, l3proto);	1112	ret = ctnetlink_dump_tuples_ip(skb, &m, l3proto);
1106	nf_ct_l3proto_put(l3proto);	1113	nf_ct_l3proto_put(l3proto);
1107		1114
1108	if (unlikely(ret < 0))	1115	if (unlikely(ret < 0))
1109	goto nfattr_failure;	1116	goto nfattr_failure;
1110		1117
1111	l4proto = nf_ct_l4proto_find_get(tuple->src.l3num, tuple->dst.protonum);	1118	l4proto = nf_ct_l4proto_find_get(tuple->src.l3num, tuple->dst.protonum);
1112	ret = ctnetlink_dump_tuples_proto(skb, mask, l4proto);	1119	ret = ctnetlink_dump_tuples_proto(skb, &m, l4proto);
1113	nf_ct_l4proto_put(l4proto);	1120	nf_ct_l4proto_put(l4proto);
1114	if (unlikely(ret < 0))	1121	if (unlikely(ret < 0))
1115	goto nfattr_failure;	1122	goto nfattr_failure;
@@ -1447,7 +1454,8 @@ ctnetlink_create_expect(struct nfattr *cda[], u_int8_t u3)
1447	exp->master = ct;	1454	exp->master = ct;
1448	exp->helper = NULL;	1455	exp->helper = NULL;
1449	memcpy(&exp->tuple, &tuple, sizeof(struct nf_conntrack_tuple));	1456	memcpy(&exp->tuple, &tuple, sizeof(struct nf_conntrack_tuple));
1450	memcpy(&exp->mask, &mask, sizeof(struct nf_conntrack_tuple));	1457	memcpy(&exp->mask.src.u3, &mask.src.u3, sizeof(exp->mask.src.u3));
		1458	exp->mask.src.u.all = mask.src.u.all;
1451		1459
1452	err = nf_ct_expect_related(exp);	1460	err = nf_ct_expect_related(exp);
1453	nf_ct_expect_put(exp);	1461	nf_ct_expect_put(exp);


diff --git a/net/netfilter/nf_conntrack_pptp.c b/net/netfilter/nf_conntrack_pptp.c index 916e106d36bc..63dac5eb959f 100644 --- a/net/netfilter/nf_conntrack_pptp.c +++ b/net/netfilter/nf_conntrack_pptp.c
@@ -585,9 +585,6 @@ static struct nf_conntrack_helper pptp __read_mostly = {
585	.tuple.src.l3num = AF_INET,	585	.tuple.src.l3num = AF_INET,
586	.tuple.src.u.tcp.port = __constant_htons(PPTP_CONTROL_PORT),	586	.tuple.src.u.tcp.port = __constant_htons(PPTP_CONTROL_PORT),
587	.tuple.dst.protonum = IPPROTO_TCP,	587	.tuple.dst.protonum = IPPROTO_TCP,
588	.mask.src.l3num = 0xffff,
589	.mask.src.u.tcp.port = __constant_htons(0xffff),
590	.mask.dst.protonum = 0xff,
591	.help = conntrack_pptp_help,	588	.help = conntrack_pptp_help,
592	.destroy = pptp_destroy_siblings,	589	.destroy = pptp_destroy_siblings,
593	};	590	};


diff --git a/net/netfilter/nf_conntrack_sane.c b/net/netfilter/nf_conntrack_sane.c index 28ed303c565b..edd10df8aa08 100644 --- a/net/netfilter/nf_conntrack_sane.c +++ b/net/netfilter/nf_conntrack_sane.c
@@ -206,8 +206,6 @@ static int __init nf_conntrack_sane_init(void)
206	for (j = 0; j < 2; j++) {	206	for (j = 0; j < 2; j++) {
207	sane[i][j].tuple.src.u.tcp.port = htons(ports[i]);	207	sane[i][j].tuple.src.u.tcp.port = htons(ports[i]);
208	sane[i][j].tuple.dst.protonum = IPPROTO_TCP;	208	sane[i][j].tuple.dst.protonum = IPPROTO_TCP;
209	sane[i][j].mask.src.u.tcp.port = 0xFFFF;
210	sane[i][j].mask.dst.protonum = 0xFF;
211	sane[i][j].max_expected = 1;	209	sane[i][j].max_expected = 1;
212	sane[i][j].timeout = 5 * 60; /* 5 Minutes */	210	sane[i][j].timeout = 5 * 60; /* 5 Minutes */
213	sane[i][j].me = THIS_MODULE;	211	sane[i][j].me = THIS_MODULE;


diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c index 1f17f8040cd2..5b78f0e1f63b 100644 --- a/net/netfilter/nf_conntrack_sip.c +++ b/net/netfilter/nf_conntrack_sip.c
@@ -506,9 +506,6 @@ static int __init nf_conntrack_sip_init(void)
506	for (j = 0; j < 2; j++) {	506	for (j = 0; j < 2; j++) {
507	sip[i][j].tuple.dst.protonum = IPPROTO_UDP;	507	sip[i][j].tuple.dst.protonum = IPPROTO_UDP;
508	sip[i][j].tuple.src.u.udp.port = htons(ports[i]);	508	sip[i][j].tuple.src.u.udp.port = htons(ports[i]);
509	sip[i][j].mask.src.l3num = 0xFFFF;
510	sip[i][j].mask.src.u.udp.port = htons(0xFFFF);
511	sip[i][j].mask.dst.protonum = 0xFF;
512	sip[i][j].max_expected = 2;	509	sip[i][j].max_expected = 2;
513	sip[i][j].timeout = 3 * 60; /* 3 minutes */	510	sip[i][j].timeout = 3 * 60; /* 3 minutes */
514	sip[i][j].me = THIS_MODULE;	511	sip[i][j].me = THIS_MODULE;


diff --git a/net/netfilter/nf_conntrack_tftp.c b/net/netfilter/nf_conntrack_tftp.c index 53d57b4c0de7..db0387cf9bac 100644 --- a/net/netfilter/nf_conntrack_tftp.c +++ b/net/netfilter/nf_conntrack_tftp.c
@@ -126,9 +126,6 @@ static int __init nf_conntrack_tftp_init(void)
126	for (j = 0; j < 2; j++) {	126	for (j = 0; j < 2; j++) {
127	tftp[i][j].tuple.dst.protonum = IPPROTO_UDP;	127	tftp[i][j].tuple.dst.protonum = IPPROTO_UDP;
128	tftp[i][j].tuple.src.u.udp.port = htons(ports[i]);	128	tftp[i][j].tuple.src.u.udp.port = htons(ports[i]);
129	tftp[i][j].mask.src.l3num = 0xFFFF;
130	tftp[i][j].mask.dst.protonum = 0xFF;
131	tftp[i][j].mask.src.u.udp.port = htons(0xFFFF);
132	tftp[i][j].max_expected = 1;	129	tftp[i][j].max_expected = 1;
133	tftp[i][j].timeout = 5 * 60; /* 5 minutes */	130	tftp[i][j].timeout = 5 * 60; /* 5 minutes */
134	tftp[i][j].me = THIS_MODULE;	131	tftp[i][j].me = THIS_MODULE;