diff options
| author | Patrick McHardy <kaber@trash.net> | 2011-12-23 08:01:03 -0500 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-12-23 08:36:45 -0500 |
| commit | 40cfb706cda2bacdecd6e5ab78a21456d28878c7 (patch) | |
| tree | e024cdfdff81b71f9d35b539b53f3da3241853b3 /net | |
| parent | d70308f78bb8192a76a7dc38f5f9de6c2695532b (diff) | |
netfilter: nf_nat: remove obsolete code from nf_nat_icmp_reply_translation()
The inner tuple that is extracted from the packet is unused. The code also
doesn't have any useful side-effects like verifying the packet does contain
enough data to extract the inner tuple since conntrack already does the
same, so remove it.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/netfilter/nf_nat_core.c | 14 |
1 files changed, 1 insertions, 13 deletions
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index 5e1bd85182e7..acdd002bb540 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c | |||
| @@ -30,7 +30,6 @@ | |||
| 30 | #include <net/netfilter/nf_nat_helper.h> | 30 | #include <net/netfilter/nf_nat_helper.h> |
| 31 | #include <net/netfilter/nf_conntrack_helper.h> | 31 | #include <net/netfilter/nf_conntrack_helper.h> |
| 32 | #include <net/netfilter/nf_conntrack_l3proto.h> | 32 | #include <net/netfilter/nf_conntrack_l3proto.h> |
| 33 | #include <net/netfilter/nf_conntrack_l4proto.h> | ||
| 34 | #include <net/netfilter/nf_conntrack_zones.h> | 33 | #include <net/netfilter/nf_conntrack_zones.h> |
| 35 | 34 | ||
| 36 | static DEFINE_SPINLOCK(nf_nat_lock); | 35 | static DEFINE_SPINLOCK(nf_nat_lock); |
| @@ -414,8 +413,7 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct, | |||
| 414 | struct icmphdr icmp; | 413 | struct icmphdr icmp; |
| 415 | struct iphdr ip; | 414 | struct iphdr ip; |
| 416 | } *inside; | 415 | } *inside; |
| 417 | const struct nf_conntrack_l4proto *l4proto; | 416 | struct nf_conntrack_tuple target; |
| 418 | struct nf_conntrack_tuple inner, target; | ||
| 419 | int hdrlen = ip_hdrlen(skb); | 417 | int hdrlen = ip_hdrlen(skb); |
| 420 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); | 418 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); |
| 421 | unsigned long statusbit; | 419 | unsigned long statusbit; |
| @@ -463,16 +461,6 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct, | |||
| 463 | "dir %s\n", skb, manip, | 461 | "dir %s\n", skb, manip, |
| 464 | dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY"); | 462 | dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY"); |
| 465 | 463 | ||
| 466 | /* rcu_read_lock()ed by nf_hook_slow */ | ||
| 467 | l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol); | ||
| 468 | |||
| 469 | if (!nf_ct_get_tuple(skb, hdrlen + sizeof(struct icmphdr), | ||
| 470 | (hdrlen + | ||
| 471 | sizeof(struct icmphdr) + inside->ip.ihl * 4), | ||
| 472 | (u_int16_t)AF_INET, inside->ip.protocol, | ||
| 473 | &inner, l3proto, l4proto)) | ||
| 474 | return 0; | ||
| 475 | |||
| 476 | /* Change inner back to look like incoming packet. We do the | 464 | /* Change inner back to look like incoming packet. We do the |
| 477 | opposite manip on this hook to normal, because it might not | 465 | opposite manip on this hook to normal, because it might not |
| 478 | pass all hooks (locally-generated ICMP). Consider incoming | 466 | pass all hooks (locally-generated ICMP). Consider incoming |