netfilter: xtables: remove xt_conntrack v0

Superseded by xt_conntrack v1 (v2.6.24-2921-g64eb12f). Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
author: Jan Engelhardt <jengelh@medozas.de> 2009-06-12 12:56:14 -0400
committer: Jan Engelhardt <jengelh@medozas.de> 2009-08-10 07:09:44 -0400
commit: 9e05ec4b1804a1ba51f61fe169aef9b86edcd3f7 (patch)
tree: f8a356cfab524538d8de0da2f39d3b0b8e148b5b /net
parent: 84899a2b9adaf6c2e20d198d7c24562ce6b391d8 (diff)
1 files changed, 1 insertions, 154 deletions
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c
index fc581800698e..6dc4652f2fe8 100644
--- a/net/netfilter/xt_conntrack.c
+++ b/net/netfilter/xt_conntrack.c
@@ -19,101 +19,12 @@
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
-MODULE_AUTHOR("Jan Engelhardt <jengelh@computergmbh.de>");
+MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>");
 MODULE_DESCRIPTION("Xtables: connection tracking state match");
 MODULE_ALIAS("ipt_conntrack");
 MODULE_ALIAS("ip6t_conntrack");
 static bool
-conntrack_mt_v0(const struct sk_buff *skb, const struct xt_match_param *par)
-{
-        const struct xt_conntrack_info *sinfo = par->matchinfo;
-        const struct nf_conn *ct;
-        enum ip_conntrack_info ctinfo;
-        unsigned int statebit;
-        ct = nf_ct_get(skb, &ctinfo);
-#define FWINV(bool, invflg) ((bool) ^ !!(sinfo->invflags & (invflg)))
-        if (ct == &nf_conntrack_untracked)
-                statebit = XT_CONNTRACK_STATE_UNTRACKED;
-        else if (ct)
-                statebit = XT_CONNTRACK_STATE_BIT(ctinfo);
-        else
-                statebit = XT_CONNTRACK_STATE_INVALID;
-        if (sinfo->flags & XT_CONNTRACK_STATE) {
-                if (ct) {
-                        if (test_bit(IPS_SRC_NAT_BIT, &ct->status))
-                                statebit |= XT_CONNTRACK_STATE_SNAT;
-                        if (test_bit(IPS_DST_NAT_BIT, &ct->status))
-                                statebit |= XT_CONNTRACK_STATE_DNAT;
-                }
-                if (FWINV((statebit & sinfo->statemask) == 0,
-                          XT_CONNTRACK_STATE))
-                        return false;
-        }
-        if (ct == NULL) {
-                if (sinfo->flags & ~XT_CONNTRACK_STATE)
-                        return false;
-                return true;
-        }
-        if (sinfo->flags & XT_CONNTRACK_PROTO &&
-            FWINV(nf_ct_protonum(ct) !=
-                  sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum,
-                  XT_CONNTRACK_PROTO))
-                return false;
-        if (sinfo->flags & XT_CONNTRACK_ORIGSRC &&
-            FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip &
-                   sinfo->sipmsk[IP_CT_DIR_ORIGINAL].s_addr) !=
-                  sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip,
-                  XT_CONNTRACK_ORIGSRC))
-                return false;
-        if (sinfo->flags & XT_CONNTRACK_ORIGDST &&
-            FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.ip &
-                   sinfo->dipmsk[IP_CT_DIR_ORIGINAL].s_addr) !=
-                  sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip,
-                  XT_CONNTRACK_ORIGDST))
-                return false;
-        if (sinfo->flags & XT_CONNTRACK_REPLSRC &&
-            FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip &
-                   sinfo->sipmsk[IP_CT_DIR_REPLY].s_addr) !=
-                  sinfo->tuple[IP_CT_DIR_REPLY].src.ip,
-                  XT_CONNTRACK_REPLSRC))
-                return false;
-        if (sinfo->flags & XT_CONNTRACK_REPLDST &&
-            FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip &
-                   sinfo->dipmsk[IP_CT_DIR_REPLY].s_addr) !=
-                  sinfo->tuple[IP_CT_DIR_REPLY].dst.ip,
-                  XT_CONNTRACK_REPLDST))
-                return false;
-        if (sinfo->flags & XT_CONNTRACK_STATUS &&
-            FWINV((ct->status & sinfo->statusmask) == 0,
-                  XT_CONNTRACK_STATUS))
-                return false;
-        if(sinfo->flags & XT_CONNTRACK_EXPIRES) {
-                unsigned long expires = timer_pending(&ct->timeout) ?
-                                        (ct->timeout.expires - jiffies)/HZ : 0;
-                if (FWINV(!(expires >= sinfo->expires_min &&
-                            expires <= sinfo->expires_max),
-                          XT_CONNTRACK_EXPIRES))
-                        return false;
-        }
-        return true;
-#undef FWINV
-}
-static bool
 conntrack_addrcmp(const union nf_inet_addr *kaddr,
                  const union nf_inet_addr *uaddr,
                  const union nf_inet_addr *umask, unsigned int l3proto)
@@ -337,73 +248,9 @@ static void conntrack_mt_destroy_v1(const struct xt_mtdtor_param *par)
        conntrack_mt_destroy(par);
 }
-#ifdef CONFIG_COMPAT
-struct compat_xt_conntrack_info
-{
-        compat_uint_t                   statemask;
-        compat_uint_t                   statusmask;
-        struct ip_conntrack_old_tuple   tuple[IP_CT_DIR_MAX];
-        struct in_addr                  sipmsk[IP_CT_DIR_MAX];
-        struct in_addr                  dipmsk[IP_CT_DIR_MAX];
-        compat_ulong_t                  expires_min;
-        compat_ulong_t                  expires_max;
-        u_int8_t                        flags;
-        u_int8_t                        invflags;
-};
-static void conntrack_mt_compat_from_user_v0(void *dst, void *src)
-{
-        const struct compat_xt_conntrack_info *cm = src;
-        struct xt_conntrack_info m = {
-                .statemask      = cm->statemask,
-                .statusmask     = cm->statusmask,
-                .expires_min    = cm->expires_min,
-                .expires_max    = cm->expires_max,
-                .flags          = cm->flags,
-                .invflags       = cm->invflags,
-        };
-        memcpy(m.tuple, cm->tuple, sizeof(m.tuple));
-        memcpy(m.sipmsk, cm->sipmsk, sizeof(m.sipmsk));
-        memcpy(m.dipmsk, cm->dipmsk, sizeof(m.dipmsk));
-        memcpy(dst, &m, sizeof(m));
-}
-static int conntrack_mt_compat_to_user_v0(void __user *dst, void *src)
-{
-        const struct xt_conntrack_info *m = src;
-        struct compat_xt_conntrack_info cm = {
-                .statemask      = m->statemask,
-                .statusmask     = m->statusmask,
-                .expires_min    = m->expires_min,
-                .expires_max    = m->expires_max,
-                .flags          = m->flags,
-                .invflags       = m->invflags,
-        };
-        memcpy(cm.tuple, m->tuple, sizeof(cm.tuple));
-        memcpy(cm.sipmsk, m->sipmsk, sizeof(cm.sipmsk));
-        memcpy(cm.dipmsk, m->dipmsk, sizeof(cm.dipmsk));
-        return copy_to_user(dst, &cm, sizeof(cm)) ? -EFAULT : 0;
-}
-#endif
 static struct xt_match conntrack_mt_reg[] __read_mostly = {
        {
                .name       = "conntrack",
-                .revision   = 0,
-                .family     = NFPROTO_IPV4,
-                .match      = conntrack_mt_v0,
-                .checkentry = conntrack_mt_check,
-                .destroy    = conntrack_mt_destroy,
-                .matchsize  = sizeof(struct xt_conntrack_info),
-                .me         = THIS_MODULE,
-#ifdef CONFIG_COMPAT
-                .compatsize       = sizeof(struct compat_xt_conntrack_info),
-                .compat_from_user = conntrack_mt_compat_from_user_v0,
-                .compat_to_user   = conntrack_mt_compat_to_user_v0,
-#endif
-        },
-        {
-                .name       = "conntrack",
                .revision   = 1,
                .family     = NFPROTO_UNSPEC,
                .matchsize  = sizeof(struct xt_conntrack_mtinfo1),
author	Jan Engelhardt <jengelh@medozas.de>	2009-06-12 12:56:14 -0400
committer	Jan Engelhardt <jengelh@medozas.de>	2009-08-10 07:09:44 -0400
commit	9e05ec4b1804a1ba51f61fe169aef9b86edcd3f7 (patch)
tree	f8a356cfab524538d8de0da2f39d3b0b8e148b5b /net
parent	84899a2b9adaf6c2e20d198d7c24562ce6b391d8 (diff)

diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c index fc581800698e..6dc4652f2fe8 100644 --- a/net/netfilter/xt_conntrack.c +++ b/net/netfilter/xt_conntrack.c
@@ -19,101 +19,12 @@
19		19
20	MODULE_LICENSE("GPL");	20	MODULE_LICENSE("GPL");
21	MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");	21	MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
22	MODULE_AUTHOR("Jan Engelhardt <jengelh@computergmbh.de>");	22	MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>");
23	MODULE_DESCRIPTION("Xtables: connection tracking state match");	23	MODULE_DESCRIPTION("Xtables: connection tracking state match");
24	MODULE_ALIAS("ipt_conntrack");	24	MODULE_ALIAS("ipt_conntrack");
25	MODULE_ALIAS("ip6t_conntrack");	25	MODULE_ALIAS("ip6t_conntrack");
26		26
27	static bool	27	static bool
28	conntrack_mt_v0(const struct sk_buff skb, const struct xt_match_param par)
29	{
30	const struct xt_conntrack_info *sinfo = par->matchinfo;
31	const struct nf_conn *ct;
32	enum ip_conntrack_info ctinfo;
33	unsigned int statebit;
34
35	ct = nf_ct_get(skb, &ctinfo);
36
37	#define FWINV(bool, invflg) ((bool) ^ !!(sinfo->invflags & (invflg)))
38
39	if (ct == &nf_conntrack_untracked)
40	statebit = XT_CONNTRACK_STATE_UNTRACKED;
41	else if (ct)
42	statebit = XT_CONNTRACK_STATE_BIT(ctinfo);
43	else
44	statebit = XT_CONNTRACK_STATE_INVALID;
45
46	if (sinfo->flags & XT_CONNTRACK_STATE) {
47	if (ct) {
48	if (test_bit(IPS_SRC_NAT_BIT, &ct->status))
49	statebit \|= XT_CONNTRACK_STATE_SNAT;
50	if (test_bit(IPS_DST_NAT_BIT, &ct->status))
51	statebit \|= XT_CONNTRACK_STATE_DNAT;
52	}
53	if (FWINV((statebit & sinfo->statemask) == 0,
54	XT_CONNTRACK_STATE))
55	return false;
56	}
57
58	if (ct == NULL) {
59	if (sinfo->flags & ~XT_CONNTRACK_STATE)
60	return false;
61	return true;
62	}
63
64	if (sinfo->flags & XT_CONNTRACK_PROTO &&
65	FWINV(nf_ct_protonum(ct) !=
66	sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum,
67	XT_CONNTRACK_PROTO))
68	return false;
69
70	if (sinfo->flags & XT_CONNTRACK_ORIGSRC &&
71	FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip &
72	sinfo->sipmsk[IP_CT_DIR_ORIGINAL].s_addr) !=
73	sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip,
74	XT_CONNTRACK_ORIGSRC))
75	return false;
76
77	if (sinfo->flags & XT_CONNTRACK_ORIGDST &&
78	FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.ip &
79	sinfo->dipmsk[IP_CT_DIR_ORIGINAL].s_addr) !=
80	sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip,
81	XT_CONNTRACK_ORIGDST))
82	return false;
83
84	if (sinfo->flags & XT_CONNTRACK_REPLSRC &&
85	FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip &
86	sinfo->sipmsk[IP_CT_DIR_REPLY].s_addr) !=
87	sinfo->tuple[IP_CT_DIR_REPLY].src.ip,
88	XT_CONNTRACK_REPLSRC))
89	return false;
90
91	if (sinfo->flags & XT_CONNTRACK_REPLDST &&
92	FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip &
93	sinfo->dipmsk[IP_CT_DIR_REPLY].s_addr) !=
94	sinfo->tuple[IP_CT_DIR_REPLY].dst.ip,
95	XT_CONNTRACK_REPLDST))
96	return false;
97
98	if (sinfo->flags & XT_CONNTRACK_STATUS &&
99	FWINV((ct->status & sinfo->statusmask) == 0,
100	XT_CONNTRACK_STATUS))
101	return false;
102
103	if(sinfo->flags & XT_CONNTRACK_EXPIRES) {
104	unsigned long expires = timer_pending(&ct->timeout) ?
105	(ct->timeout.expires - jiffies)/HZ : 0;
106
107	if (FWINV(!(expires >= sinfo->expires_min &&
108	expires <= sinfo->expires_max),
109	XT_CONNTRACK_EXPIRES))
110	return false;
111	}
112	return true;
113	#undef FWINV
114	}
115
116	static bool
117	conntrack_addrcmp(const union nf_inet_addr *kaddr,	28	conntrack_addrcmp(const union nf_inet_addr *kaddr,
118	const union nf_inet_addr *uaddr,	29	const union nf_inet_addr *uaddr,
119	const union nf_inet_addr *umask, unsigned int l3proto)	30	const union nf_inet_addr *umask, unsigned int l3proto)
@@ -337,73 +248,9 @@ static void conntrack_mt_destroy_v1(const struct xt_mtdtor_param *par)
337	conntrack_mt_destroy(par);	248	conntrack_mt_destroy(par);
338	}	249	}
339		250
340	#ifdef CONFIG_COMPAT
341	struct compat_xt_conntrack_info
342	{
343	compat_uint_t statemask;
344	compat_uint_t statusmask;
345	struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
346	struct in_addr sipmsk[IP_CT_DIR_MAX];
347	struct in_addr dipmsk[IP_CT_DIR_MAX];
348	compat_ulong_t expires_min;
349	compat_ulong_t expires_max;
350	u_int8_t flags;
351	u_int8_t invflags;
352	};
353
354	static void conntrack_mt_compat_from_user_v0(void dst, void src)
355	{
356	const struct compat_xt_conntrack_info *cm = src;
357	struct xt_conntrack_info m = {
358	.statemask = cm->statemask,
359	.statusmask = cm->statusmask,
360	.expires_min = cm->expires_min,
361	.expires_max = cm->expires_max,
362	.flags = cm->flags,
363	.invflags = cm->invflags,
364	};
365	memcpy(m.tuple, cm->tuple, sizeof(m.tuple));
366	memcpy(m.sipmsk, cm->sipmsk, sizeof(m.sipmsk));
367	memcpy(m.dipmsk, cm->dipmsk, sizeof(m.dipmsk));
368	memcpy(dst, &m, sizeof(m));
369	}
370
371	static int conntrack_mt_compat_to_user_v0(void __user dst, void src)
372	{
373	const struct xt_conntrack_info *m = src;
374	struct compat_xt_conntrack_info cm = {
375	.statemask = m->statemask,
376	.statusmask = m->statusmask,
377	.expires_min = m->expires_min,
378	.expires_max = m->expires_max,
379	.flags = m->flags,
380	.invflags = m->invflags,
381	};
382	memcpy(cm.tuple, m->tuple, sizeof(cm.tuple));
383	memcpy(cm.sipmsk, m->sipmsk, sizeof(cm.sipmsk));
384	memcpy(cm.dipmsk, m->dipmsk, sizeof(cm.dipmsk));
385	return copy_to_user(dst, &cm, sizeof(cm)) ? -EFAULT : 0;
386	}
387	#endif
388
389	static struct xt_match conntrack_mt_reg[] __read_mostly = {	251	static struct xt_match conntrack_mt_reg[] __read_mostly = {
390	{	252	{
391	.name = "conntrack",	253	.name = "conntrack",
392	.revision = 0,
393	.family = NFPROTO_IPV4,
394	.match = conntrack_mt_v0,
395	.checkentry = conntrack_mt_check,
396	.destroy = conntrack_mt_destroy,
397	.matchsize = sizeof(struct xt_conntrack_info),
398	.me = THIS_MODULE,
399	#ifdef CONFIG_COMPAT
400	.compatsize = sizeof(struct compat_xt_conntrack_info),
401	.compat_from_user = conntrack_mt_compat_from_user_v0,
402	.compat_to_user = conntrack_mt_compat_to_user_v0,
403	#endif
404	},
405	{
406	.name = "conntrack",
407	.revision = 1,	254	.revision = 1,
408	.family = NFPROTO_UNSPEC,	255	.family = NFPROTO_UNSPEC,
409	.matchsize = sizeof(struct xt_conntrack_mtinfo1),	256	.matchsize = sizeof(struct xt_conntrack_mtinfo1),