aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/net/netfilter/nf_conntrack_l4proto.h13
-rw-r--r--net/ipv4/netfilter/nf_conntrack_proto_icmp.c25
-rw-r--r--net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c27
-rw-r--r--net/netfilter/nf_conntrack_proto_dccp.c22
-rw-r--r--net/netfilter/nf_conntrack_proto_generic.c20
-rw-r--r--net/netfilter/nf_conntrack_proto_gre.c25
-rw-r--r--net/netfilter/nf_conntrack_proto_sctp.c33
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c52
-rw-r--r--net/netfilter/nf_conntrack_proto_udp.c18
-rw-r--r--net/netfilter/nf_conntrack_proto_udplite.c22
10 files changed, 125 insertions, 132 deletions
diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h
index efc16eccddb1..723df9d1cc35 100644
--- a/include/net/netfilter/nf_conntrack_l4proto.h
+++ b/include/net/netfilter/nf_conntrack_l4proto.h
@@ -25,15 +25,14 @@ struct nf_conntrack_l4proto
25 25
26 /* Try to fill in the third arg: dataoff is offset past network protocol 26 /* Try to fill in the third arg: dataoff is offset past network protocol
27 hdr. Return true if possible. */ 27 hdr. Return true if possible. */
28 int (*pkt_to_tuple)(const struct sk_buff *skb, 28 bool (*pkt_to_tuple)(const struct sk_buff *skb, unsigned int dataoff,
29 unsigned int dataoff, 29 struct nf_conntrack_tuple *tuple);
30 struct nf_conntrack_tuple *tuple);
31 30
32 /* Invert the per-proto part of the tuple: ie. turn xmit into reply. 31 /* Invert the per-proto part of the tuple: ie. turn xmit into reply.
33 * Some packets can't be inverted: return 0 in that case. 32 * Some packets can't be inverted: return 0 in that case.
34 */ 33 */
35 int (*invert_tuple)(struct nf_conntrack_tuple *inverse, 34 bool (*invert_tuple)(struct nf_conntrack_tuple *inverse,
36 const struct nf_conntrack_tuple *orig); 35 const struct nf_conntrack_tuple *orig);
37 36
38 /* Returns verdict for packet, or -1 for invalid. */ 37 /* Returns verdict for packet, or -1 for invalid. */
39 int (*packet)(struct nf_conn *ct, 38 int (*packet)(struct nf_conn *ct,
@@ -45,8 +44,8 @@ struct nf_conntrack_l4proto
45 44
46 /* Called when a new connection for this protocol found; 45 /* Called when a new connection for this protocol found;
47 * returns TRUE if it's OK. If so, packet() called next. */ 46 * returns TRUE if it's OK. If so, packet() called next. */
48 int (*new)(struct nf_conn *ct, const struct sk_buff *skb, 47 bool (*new)(struct nf_conn *ct, const struct sk_buff *skb,
49 unsigned int dataoff); 48 unsigned int dataoff);
50 49
51 /* Called when a conntrack entry is destroyed */ 50 /* Called when a conntrack entry is destroyed */
52 void (*destroy)(struct nf_conn *ct); 51 void (*destroy)(struct nf_conn *ct);
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
index 6873fddb3529..193a845fe7f8 100644
--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -22,22 +22,21 @@
22 22
23static unsigned long nf_ct_icmp_timeout __read_mostly = 30*HZ; 23static unsigned long nf_ct_icmp_timeout __read_mostly = 30*HZ;
24 24
25static int icmp_pkt_to_tuple(const struct sk_buff *skb, 25static bool icmp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,
26 unsigned int dataoff, 26 struct nf_conntrack_tuple *tuple)
27 struct nf_conntrack_tuple *tuple)
28{ 27{
29 const struct icmphdr *hp; 28 const struct icmphdr *hp;
30 struct icmphdr _hdr; 29 struct icmphdr _hdr;
31 30
32 hp = skb_header_pointer(skb, dataoff, sizeof(_hdr), &_hdr); 31 hp = skb_header_pointer(skb, dataoff, sizeof(_hdr), &_hdr);
33 if (hp == NULL) 32 if (hp == NULL)
34 return 0; 33 return false;
35 34
36 tuple->dst.u.icmp.type = hp->type; 35 tuple->dst.u.icmp.type = hp->type;
37 tuple->src.u.icmp.id = hp->un.echo.id; 36 tuple->src.u.icmp.id = hp->un.echo.id;
38 tuple->dst.u.icmp.code = hp->code; 37 tuple->dst.u.icmp.code = hp->code;
39 38
40 return 1; 39 return true;
41} 40}
42 41
43/* Add 1; spaces filled with 0. */ 42/* Add 1; spaces filled with 0. */
@@ -52,17 +51,17 @@ static const u_int8_t invmap[] = {
52 [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1 51 [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1
53}; 52};
54 53
55static int icmp_invert_tuple(struct nf_conntrack_tuple *tuple, 54static bool icmp_invert_tuple(struct nf_conntrack_tuple *tuple,
56 const struct nf_conntrack_tuple *orig) 55 const struct nf_conntrack_tuple *orig)
57{ 56{
58 if (orig->dst.u.icmp.type >= sizeof(invmap) 57 if (orig->dst.u.icmp.type >= sizeof(invmap)
59 || !invmap[orig->dst.u.icmp.type]) 58 || !invmap[orig->dst.u.icmp.type])
60 return 0; 59 return false;
61 60
62 tuple->src.u.icmp.id = orig->src.u.icmp.id; 61 tuple->src.u.icmp.id = orig->src.u.icmp.id;
63 tuple->dst.u.icmp.type = invmap[orig->dst.u.icmp.type] - 1; 62 tuple->dst.u.icmp.type = invmap[orig->dst.u.icmp.type] - 1;
64 tuple->dst.u.icmp.code = orig->dst.u.icmp.code; 63 tuple->dst.u.icmp.code = orig->dst.u.icmp.code;
65 return 1; 64 return true;
66} 65}
67 66
68/* Print out the per-protocol part of the tuple. */ 67/* Print out the per-protocol part of the tuple. */
@@ -101,8 +100,8 @@ static int icmp_packet(struct nf_conn *ct,
101} 100}
102 101
103/* Called when a new connection for this protocol found. */ 102/* Called when a new connection for this protocol found. */
104static int icmp_new(struct nf_conn *ct, 103static bool icmp_new(struct nf_conn *ct, const struct sk_buff *skb,
105 const struct sk_buff *skb, unsigned int dataoff) 104 unsigned int dataoff)
106{ 105{
107 static const u_int8_t valid_new[] = { 106 static const u_int8_t valid_new[] = {
108 [ICMP_ECHO] = 1, 107 [ICMP_ECHO] = 1,
@@ -117,10 +116,10 @@ static int icmp_new(struct nf_conn *ct,
117 pr_debug("icmp: can't create new conn with type %u\n", 116 pr_debug("icmp: can't create new conn with type %u\n",
118 ct->tuplehash[0].tuple.dst.u.icmp.type); 117 ct->tuplehash[0].tuple.dst.u.icmp.type);
119 NF_CT_DUMP_TUPLE(&ct->tuplehash[0].tuple); 118 NF_CT_DUMP_TUPLE(&ct->tuplehash[0].tuple);
120 return 0; 119 return false;
121 } 120 }
122 atomic_set(&ct->proto.icmp.count, 0); 121 atomic_set(&ct->proto.icmp.count, 0);
123 return 1; 122 return true;
124} 123}
125 124
126/* Returns conntrack if it dealt with ICMP, and filled in skb fields */ 125/* Returns conntrack if it dealt with ICMP, and filled in skb fields */
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
index 0897d0f4c4a2..9ad40e0e17fc 100644
--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
@@ -28,21 +28,21 @@
28 28
29static unsigned long nf_ct_icmpv6_timeout __read_mostly = 30*HZ; 29static unsigned long nf_ct_icmpv6_timeout __read_mostly = 30*HZ;
30 30
31static int icmpv6_pkt_to_tuple(const struct sk_buff *skb, 31static bool icmpv6_pkt_to_tuple(const struct sk_buff *skb,
32 unsigned int dataoff, 32 unsigned int dataoff,
33 struct nf_conntrack_tuple *tuple) 33 struct nf_conntrack_tuple *tuple)
34{ 34{
35 const struct icmp6hdr *hp; 35 const struct icmp6hdr *hp;
36 struct icmp6hdr _hdr; 36 struct icmp6hdr _hdr;
37 37
38 hp = skb_header_pointer(skb, dataoff, sizeof(_hdr), &_hdr); 38 hp = skb_header_pointer(skb, dataoff, sizeof(_hdr), &_hdr);
39 if (hp == NULL) 39 if (hp == NULL)
40 return 0; 40 return false;
41 tuple->dst.u.icmp.type = hp->icmp6_type; 41 tuple->dst.u.icmp.type = hp->icmp6_type;
42 tuple->src.u.icmp.id = hp->icmp6_identifier; 42 tuple->src.u.icmp.id = hp->icmp6_identifier;
43 tuple->dst.u.icmp.code = hp->icmp6_code; 43 tuple->dst.u.icmp.code = hp->icmp6_code;
44 44
45 return 1; 45 return true;
46} 46}
47 47
48/* Add 1; spaces filled with 0. */ 48/* Add 1; spaces filled with 0. */
@@ -53,17 +53,17 @@ static const u_int8_t invmap[] = {
53 [ICMPV6_NI_REPLY - 128] = ICMPV6_NI_REPLY +1 53 [ICMPV6_NI_REPLY - 128] = ICMPV6_NI_REPLY +1
54}; 54};
55 55
56static int icmpv6_invert_tuple(struct nf_conntrack_tuple *tuple, 56static bool icmpv6_invert_tuple(struct nf_conntrack_tuple *tuple,
57 const struct nf_conntrack_tuple *orig) 57 const struct nf_conntrack_tuple *orig)
58{ 58{
59 int type = orig->dst.u.icmp.type - 128; 59 int type = orig->dst.u.icmp.type - 128;
60 if (type < 0 || type >= sizeof(invmap) || !invmap[type]) 60 if (type < 0 || type >= sizeof(invmap) || !invmap[type])
61 return 0; 61 return false;
62 62
63 tuple->src.u.icmp.id = orig->src.u.icmp.id; 63 tuple->src.u.icmp.id = orig->src.u.icmp.id;
64 tuple->dst.u.icmp.type = invmap[type] - 1; 64 tuple->dst.u.icmp.type = invmap[type] - 1;
65 tuple->dst.u.icmp.code = orig->dst.u.icmp.code; 65 tuple->dst.u.icmp.code = orig->dst.u.icmp.code;
66 return 1; 66 return true;
67} 67}
68 68
69/* Print out the per-protocol part of the tuple. */ 69/* Print out the per-protocol part of the tuple. */
@@ -102,9 +102,8 @@ static int icmpv6_packet(struct nf_conn *ct,
102} 102}
103 103
104/* Called when a new connection for this protocol found. */ 104/* Called when a new connection for this protocol found. */
105static int icmpv6_new(struct nf_conn *ct, 105static bool icmpv6_new(struct nf_conn *ct, const struct sk_buff *skb,
106 const struct sk_buff *skb, 106 unsigned int dataoff)
107 unsigned int dataoff)
108{ 107{
109 static const u_int8_t valid_new[] = { 108 static const u_int8_t valid_new[] = {
110 [ICMPV6_ECHO_REQUEST - 128] = 1, 109 [ICMPV6_ECHO_REQUEST - 128] = 1,
@@ -117,10 +116,10 @@ static int icmpv6_new(struct nf_conn *ct,
117 pr_debug("icmpv6: can't create new conn with type %u\n", 116 pr_debug("icmpv6: can't create new conn with type %u\n",
118 type + 128); 117 type + 128);
119 NF_CT_DUMP_TUPLE(&ct->tuplehash[0].tuple); 118 NF_CT_DUMP_TUPLE(&ct->tuplehash[0].tuple);
120 return 0; 119 return false;
121 } 120 }
122 atomic_set(&ct->proto.icmp.count, 0); 121 atomic_set(&ct->proto.icmp.count, 0);
123 return 1; 122 return true;
124} 123}
125 124
126static int 125static int
diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c
index 9376dcd394bd..afb4a1861d2c 100644
--- a/net/netfilter/nf_conntrack_proto_dccp.c
+++ b/net/netfilter/nf_conntrack_proto_dccp.c
@@ -393,30 +393,30 @@ dccp_state_table[CT_DCCP_ROLE_MAX + 1][DCCP_PKT_SYNCACK + 1][CT_DCCP_MAX + 1] =
393 }, 393 },
394}; 394};
395 395
396static int dccp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff, 396static bool dccp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,
397 struct nf_conntrack_tuple *tuple) 397 struct nf_conntrack_tuple *tuple)
398{ 398{
399 struct dccp_hdr _hdr, *dh; 399 struct dccp_hdr _hdr, *dh;
400 400
401 dh = skb_header_pointer(skb, dataoff, sizeof(_hdr), &_hdr); 401 dh = skb_header_pointer(skb, dataoff, sizeof(_hdr), &_hdr);
402 if (dh == NULL) 402 if (dh == NULL)
403 return 0; 403 return false;
404 404
405 tuple->src.u.dccp.port = dh->dccph_sport; 405 tuple->src.u.dccp.port = dh->dccph_sport;
406 tuple->dst.u.dccp.port = dh->dccph_dport; 406 tuple->dst.u.dccp.port = dh->dccph_dport;
407 return 1; 407 return true;
408} 408}
409 409
410static int dccp_invert_tuple(struct nf_conntrack_tuple *inv, 410static bool dccp_invert_tuple(struct nf_conntrack_tuple *inv,
411 const struct nf_conntrack_tuple *tuple) 411 const struct nf_conntrack_tuple *tuple)
412{ 412{
413 inv->src.u.dccp.port = tuple->dst.u.dccp.port; 413 inv->src.u.dccp.port = tuple->dst.u.dccp.port;
414 inv->dst.u.dccp.port = tuple->src.u.dccp.port; 414 inv->dst.u.dccp.port = tuple->src.u.dccp.port;
415 return 1; 415 return true;
416} 416}
417 417
418static int dccp_new(struct nf_conn *ct, const struct sk_buff *skb, 418static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
419 unsigned int dataoff) 419 unsigned int dataoff)
420{ 420{
421 struct dccp_hdr _dh, *dh; 421 struct dccp_hdr _dh, *dh;
422 const char *msg; 422 const char *msg;
@@ -442,12 +442,12 @@ static int dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
442 ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_CLIENT; 442 ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_CLIENT;
443 ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_SERVER; 443 ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_SERVER;
444 ct->proto.dccp.state = CT_DCCP_NONE; 444 ct->proto.dccp.state = CT_DCCP_NONE;
445 return 1; 445 return true;
446 446
447out_invalid: 447out_invalid:
448 if (LOG_INVALID(IPPROTO_DCCP)) 448 if (LOG_INVALID(IPPROTO_DCCP))
449 nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, msg); 449 nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, msg);
450 return 0; 450 return false;
451} 451}
452 452
453static u64 dccp_ack_seq(const struct dccp_hdr *dh) 453static u64 dccp_ack_seq(const struct dccp_hdr *dh)
diff --git a/net/netfilter/nf_conntrack_proto_generic.c b/net/netfilter/nf_conntrack_proto_generic.c
index 55458915575f..e31b0e7bd0b1 100644
--- a/net/netfilter/nf_conntrack_proto_generic.c
+++ b/net/netfilter/nf_conntrack_proto_generic.c
@@ -14,23 +14,23 @@
14 14
15static unsigned int nf_ct_generic_timeout __read_mostly = 600*HZ; 15static unsigned int nf_ct_generic_timeout __read_mostly = 600*HZ;
16 16
17static int generic_pkt_to_tuple(const struct sk_buff *skb, 17static bool generic_pkt_to_tuple(const struct sk_buff *skb,
18 unsigned int dataoff, 18 unsigned int dataoff,
19 struct nf_conntrack_tuple *tuple) 19 struct nf_conntrack_tuple *tuple)
20{ 20{
21 tuple->src.u.all = 0; 21 tuple->src.u.all = 0;
22 tuple->dst.u.all = 0; 22 tuple->dst.u.all = 0;
23 23
24 return 1; 24 return true;
25} 25}
26 26
27static int generic_invert_tuple(struct nf_conntrack_tuple *tuple, 27static bool generic_invert_tuple(struct nf_conntrack_tuple *tuple,
28 const struct nf_conntrack_tuple *orig) 28 const struct nf_conntrack_tuple *orig)
29{ 29{
30 tuple->src.u.all = 0; 30 tuple->src.u.all = 0;
31 tuple->dst.u.all = 0; 31 tuple->dst.u.all = 0;
32 32
33 return 1; 33 return true;
34} 34}
35 35
36/* Print out the per-protocol part of the tuple. */ 36/* Print out the per-protocol part of the tuple. */
@@ -53,10 +53,10 @@ static int packet(struct nf_conn *ct,
53} 53}
54 54
55/* Called when a new connection for this protocol found. */ 55/* Called when a new connection for this protocol found. */
56static int new(struct nf_conn *ct, const struct sk_buff *skb, 56static bool new(struct nf_conn *ct, const struct sk_buff *skb,
57 unsigned int dataoff) 57 unsigned int dataoff)
58{ 58{
59 return 1; 59 return true;
60} 60}
61 61
62#ifdef CONFIG_SYSCTL 62#ifdef CONFIG_SYSCTL
diff --git a/net/netfilter/nf_conntrack_proto_gre.c b/net/netfilter/nf_conntrack_proto_gre.c
index e10024a1b666..7d37a2ea67b2 100644
--- a/net/netfilter/nf_conntrack_proto_gre.c
+++ b/net/netfilter/nf_conntrack_proto_gre.c
@@ -148,18 +148,17 @@ EXPORT_SYMBOL_GPL(nf_ct_gre_keymap_destroy);
148/* PUBLIC CONNTRACK PROTO HELPER FUNCTIONS */ 148/* PUBLIC CONNTRACK PROTO HELPER FUNCTIONS */
149 149
150/* invert gre part of tuple */ 150/* invert gre part of tuple */
151static int gre_invert_tuple(struct nf_conntrack_tuple *tuple, 151static bool gre_invert_tuple(struct nf_conntrack_tuple *tuple,
152 const struct nf_conntrack_tuple *orig) 152 const struct nf_conntrack_tuple *orig)
153{ 153{
154 tuple->dst.u.gre.key = orig->src.u.gre.key; 154 tuple->dst.u.gre.key = orig->src.u.gre.key;
155 tuple->src.u.gre.key = orig->dst.u.gre.key; 155 tuple->src.u.gre.key = orig->dst.u.gre.key;
156 return 1; 156 return true;
157} 157}
158 158
159/* gre hdr info to tuple */ 159/* gre hdr info to tuple */
160static int gre_pkt_to_tuple(const struct sk_buff *skb, 160static bool gre_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,
161 unsigned int dataoff, 161 struct nf_conntrack_tuple *tuple)
162 struct nf_conntrack_tuple *tuple)
163{ 162{
164 const struct gre_hdr_pptp *pgrehdr; 163 const struct gre_hdr_pptp *pgrehdr;
165 struct gre_hdr_pptp _pgrehdr; 164 struct gre_hdr_pptp _pgrehdr;
@@ -173,24 +172,24 @@ static int gre_pkt_to_tuple(const struct sk_buff *skb,
173 /* try to behave like "nf_conntrack_proto_generic" */ 172 /* try to behave like "nf_conntrack_proto_generic" */
174 tuple->src.u.all = 0; 173 tuple->src.u.all = 0;
175 tuple->dst.u.all = 0; 174 tuple->dst.u.all = 0;
176 return 1; 175 return true;
177 } 176 }
178 177
179 /* PPTP header is variable length, only need up to the call_id field */ 178 /* PPTP header is variable length, only need up to the call_id field */
180 pgrehdr = skb_header_pointer(skb, dataoff, 8, &_pgrehdr); 179 pgrehdr = skb_header_pointer(skb, dataoff, 8, &_pgrehdr);
181 if (!pgrehdr) 180 if (!pgrehdr)
182 return 1; 181 return true;
183 182
184 if (ntohs(grehdr->protocol) != GRE_PROTOCOL_PPTP) { 183 if (ntohs(grehdr->protocol) != GRE_PROTOCOL_PPTP) {
185 pr_debug("GRE_VERSION_PPTP but unknown proto\n"); 184 pr_debug("GRE_VERSION_PPTP but unknown proto\n");
186 return 0; 185 return false;
187 } 186 }
188 187
189 tuple->dst.u.gre.key = pgrehdr->call_id; 188 tuple->dst.u.gre.key = pgrehdr->call_id;
190 srckey = gre_keymap_lookup(tuple); 189 srckey = gre_keymap_lookup(tuple);
191 tuple->src.u.gre.key = srckey; 190 tuple->src.u.gre.key = srckey;
192 191
193 return 1; 192 return true;
194} 193}
195 194
196/* print gre part of tuple */ 195/* print gre part of tuple */
@@ -235,8 +234,8 @@ static int gre_packet(struct nf_conn *ct,
235} 234}
236 235
237/* Called when a new connection for this protocol found. */ 236/* Called when a new connection for this protocol found. */
238static int gre_new(struct nf_conn *ct, const struct sk_buff *skb, 237static bool gre_new(struct nf_conn *ct, const struct sk_buff *skb,
239 unsigned int dataoff) 238 unsigned int dataoff)
240{ 239{
241 pr_debug(": "); 240 pr_debug(": ");
242 NF_CT_DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); 241 NF_CT_DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
@@ -246,7 +245,7 @@ static int gre_new(struct nf_conn *ct, const struct sk_buff *skb,
246 ct->proto.gre.stream_timeout = GRE_STREAM_TIMEOUT; 245 ct->proto.gre.stream_timeout = GRE_STREAM_TIMEOUT;
247 ct->proto.gre.timeout = GRE_TIMEOUT; 246 ct->proto.gre.timeout = GRE_TIMEOUT;
248 247
249 return 1; 248 return true;
250} 249}
251 250
252/* Called when a conntrack entry has already been removed from the hashes 251/* Called when a conntrack entry has already been removed from the hashes
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index f9a08370dbb3..2d47351f70dc 100644
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -130,28 +130,27 @@ static const u8 sctp_conntracks[2][9][SCTP_CONNTRACK_MAX] = {
130 } 130 }
131}; 131};
132 132
133static int sctp_pkt_to_tuple(const struct sk_buff *skb, 133static bool sctp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,
134 unsigned int dataoff, 134 struct nf_conntrack_tuple *tuple)
135 struct nf_conntrack_tuple *tuple)
136{ 135{
137 sctp_sctphdr_t _hdr, *hp; 136 sctp_sctphdr_t _hdr, *hp;
138 137
139 /* Actually only need first 8 bytes. */ 138 /* Actually only need first 8 bytes. */
140 hp = skb_header_pointer(skb, dataoff, 8, &_hdr); 139 hp = skb_header_pointer(skb, dataoff, 8, &_hdr);
141 if (hp == NULL) 140 if (hp == NULL)
142 return 0; 141 return false;
143 142
144 tuple->src.u.sctp.port = hp->source; 143 tuple->src.u.sctp.port = hp->source;
145 tuple->dst.u.sctp.port = hp->dest; 144 tuple->dst.u.sctp.port = hp->dest;
146 return 1; 145 return true;
147} 146}
148 147
149static int sctp_invert_tuple(struct nf_conntrack_tuple *tuple, 148static bool sctp_invert_tuple(struct nf_conntrack_tuple *tuple,
150 const struct nf_conntrack_tuple *orig) 149 const struct nf_conntrack_tuple *orig)
151{ 150{
152 tuple->src.u.sctp.port = orig->dst.u.sctp.port; 151 tuple->src.u.sctp.port = orig->dst.u.sctp.port;
153 tuple->dst.u.sctp.port = orig->src.u.sctp.port; 152 tuple->dst.u.sctp.port = orig->src.u.sctp.port;
154 return 1; 153 return true;
155} 154}
156 155
157/* Print out the per-protocol part of the tuple. */ 156/* Print out the per-protocol part of the tuple. */
@@ -390,8 +389,8 @@ out:
390} 389}
391 390
392/* Called when a new connection for this protocol found. */ 391/* Called when a new connection for this protocol found. */
393static int sctp_new(struct nf_conn *ct, const struct sk_buff *skb, 392static bool sctp_new(struct nf_conn *ct, const struct sk_buff *skb,
394 unsigned int dataoff) 393 unsigned int dataoff)
395{ 394{
396 enum sctp_conntrack new_state; 395 enum sctp_conntrack new_state;
397 sctp_sctphdr_t _sctph, *sh; 396 sctp_sctphdr_t _sctph, *sh;
@@ -401,16 +400,16 @@ static int sctp_new(struct nf_conn *ct, const struct sk_buff *skb,
401 400
402 sh = skb_header_pointer(skb, dataoff, sizeof(_sctph), &_sctph); 401 sh = skb_header_pointer(skb, dataoff, sizeof(_sctph), &_sctph);
403 if (sh == NULL) 402 if (sh == NULL)
404 return 0; 403 return false;
405 404
406 if (do_basic_checks(ct, skb, dataoff, map) != 0) 405 if (do_basic_checks(ct, skb, dataoff, map) != 0)
407 return 0; 406 return false;
408 407
409 /* If an OOTB packet has any of these chunks discard (Sec 8.4) */ 408 /* If an OOTB packet has any of these chunks discard (Sec 8.4) */
410 if (test_bit(SCTP_CID_ABORT, map) || 409 if (test_bit(SCTP_CID_ABORT, map) ||
411 test_bit(SCTP_CID_SHUTDOWN_COMPLETE, map) || 410 test_bit(SCTP_CID_SHUTDOWN_COMPLETE, map) ||
412 test_bit(SCTP_CID_COOKIE_ACK, map)) 411 test_bit(SCTP_CID_COOKIE_ACK, map))
413 return 0; 412 return false;
414 413
415 new_state = SCTP_CONNTRACK_MAX; 414 new_state = SCTP_CONNTRACK_MAX;
416 for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) { 415 for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) {
@@ -422,7 +421,7 @@ static int sctp_new(struct nf_conn *ct, const struct sk_buff *skb,
422 if (new_state == SCTP_CONNTRACK_NONE || 421 if (new_state == SCTP_CONNTRACK_NONE ||
423 new_state == SCTP_CONNTRACK_MAX) { 422 new_state == SCTP_CONNTRACK_MAX) {
424 pr_debug("nf_conntrack_sctp: invalid new deleting.\n"); 423 pr_debug("nf_conntrack_sctp: invalid new deleting.\n");
425 return 0; 424 return false;
426 } 425 }
427 426
428 /* Copy the vtag into the state info */ 427 /* Copy the vtag into the state info */
@@ -433,7 +432,7 @@ static int sctp_new(struct nf_conn *ct, const struct sk_buff *skb,
433 ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t), 432 ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t),
434 sizeof(_inithdr), &_inithdr); 433 sizeof(_inithdr), &_inithdr);
435 if (ih == NULL) 434 if (ih == NULL)
436 return 0; 435 return false;
437 436
438 pr_debug("Setting vtag %x for new conn\n", 437 pr_debug("Setting vtag %x for new conn\n",
439 ih->init_tag); 438 ih->init_tag);
@@ -442,7 +441,7 @@ static int sctp_new(struct nf_conn *ct, const struct sk_buff *skb,
442 ih->init_tag; 441 ih->init_tag;
443 } else { 442 } else {
444 /* Sec 8.5.1 (A) */ 443 /* Sec 8.5.1 (A) */
445 return 0; 444 return false;
446 } 445 }
447 } 446 }
448 /* If it is a shutdown ack OOTB packet, we expect a return 447 /* If it is a shutdown ack OOTB packet, we expect a return
@@ -456,7 +455,7 @@ static int sctp_new(struct nf_conn *ct, const struct sk_buff *skb,
456 ct->proto.sctp.state = new_state; 455 ct->proto.sctp.state = new_state;
457 } 456 }
458 457
459 return 1; 458 return true;
460} 459}
461 460
462#ifdef CONFIG_SYSCTL 461#ifdef CONFIG_SYSCTL
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 57831c75fa9f..73a8b32db7be 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -257,9 +257,8 @@ static const u8 tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
257 } 257 }
258}; 258};
259 259
260static int tcp_pkt_to_tuple(const struct sk_buff *skb, 260static bool tcp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,
261 unsigned int dataoff, 261 struct nf_conntrack_tuple *tuple)
262 struct nf_conntrack_tuple *tuple)
263{ 262{
264 const struct tcphdr *hp; 263 const struct tcphdr *hp;
265 struct tcphdr _hdr; 264 struct tcphdr _hdr;
@@ -267,20 +266,20 @@ static int tcp_pkt_to_tuple(const struct sk_buff *skb,
267 /* Actually only need first 8 bytes. */ 266 /* Actually only need first 8 bytes. */
268 hp = skb_header_pointer(skb, dataoff, 8, &_hdr); 267 hp = skb_header_pointer(skb, dataoff, 8, &_hdr);
269 if (hp == NULL) 268 if (hp == NULL)
270 return 0; 269 return false;
271 270
272 tuple->src.u.tcp.port = hp->source; 271 tuple->src.u.tcp.port = hp->source;
273 tuple->dst.u.tcp.port = hp->dest; 272 tuple->dst.u.tcp.port = hp->dest;
274 273
275 return 1; 274 return true;
276} 275}
277 276
278static int tcp_invert_tuple(struct nf_conntrack_tuple *tuple, 277static bool tcp_invert_tuple(struct nf_conntrack_tuple *tuple,
279 const struct nf_conntrack_tuple *orig) 278 const struct nf_conntrack_tuple *orig)
280{ 279{
281 tuple->src.u.tcp.port = orig->dst.u.tcp.port; 280 tuple->src.u.tcp.port = orig->dst.u.tcp.port;
282 tuple->dst.u.tcp.port = orig->src.u.tcp.port; 281 tuple->dst.u.tcp.port = orig->src.u.tcp.port;
283 return 1; 282 return true;
284} 283}
285 284
286/* Print out the per-protocol part of the tuple. */ 285/* Print out the per-protocol part of the tuple. */
@@ -478,20 +477,20 @@ static void tcp_sack(const struct sk_buff *skb, unsigned int dataoff,
478 } 477 }
479} 478}
480 479
481static int tcp_in_window(const struct nf_conn *ct, 480static bool tcp_in_window(const struct nf_conn *ct,
482 struct ip_ct_tcp *state, 481 struct ip_ct_tcp *state,
483 enum ip_conntrack_dir dir, 482 enum ip_conntrack_dir dir,
484 unsigned int index, 483 unsigned int index,
485 const struct sk_buff *skb, 484 const struct sk_buff *skb,
486 unsigned int dataoff, 485 unsigned int dataoff,
487 const struct tcphdr *tcph, 486 const struct tcphdr *tcph,
488 int pf) 487 int pf)
489{ 488{
490 struct ip_ct_tcp_state *sender = &state->seen[dir]; 489 struct ip_ct_tcp_state *sender = &state->seen[dir];
491 struct ip_ct_tcp_state *receiver = &state->seen[!dir]; 490 struct ip_ct_tcp_state *receiver = &state->seen[!dir];
492 const struct nf_conntrack_tuple *tuple = &ct->tuplehash[dir].tuple; 491 const struct nf_conntrack_tuple *tuple = &ct->tuplehash[dir].tuple;
493 __u32 seq, ack, sack, end, win, swin; 492 __u32 seq, ack, sack, end, win, swin;
494 int res; 493 bool res;
495 494
496 /* 495 /*
497 * Get the required data from the packet. 496 * Get the required data from the packet.
@@ -657,12 +656,12 @@ static int tcp_in_window(const struct nf_conn *ct,
657 state->retrans = 0; 656 state->retrans = 0;
658 } 657 }
659 } 658 }
660 res = 1; 659 res = true;
661 } else { 660 } else {
662 res = 0; 661 res = false;
663 if (sender->flags & IP_CT_TCP_FLAG_BE_LIBERAL || 662 if (sender->flags & IP_CT_TCP_FLAG_BE_LIBERAL ||
664 nf_ct_tcp_be_liberal) 663 nf_ct_tcp_be_liberal)
665 res = 1; 664 res = true;
666 if (!res && LOG_INVALID(IPPROTO_TCP)) 665 if (!res && LOG_INVALID(IPPROTO_TCP))
667 nf_log_packet(pf, 0, skb, NULL, NULL, NULL, 666 nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
668 "nf_ct_tcp: %s ", 667 "nf_ct_tcp: %s ",
@@ -676,7 +675,7 @@ static int tcp_in_window(const struct nf_conn *ct,
676 : "SEQ is over the upper bound (over the window of the receiver)"); 675 : "SEQ is over the upper bound (over the window of the receiver)");
677 } 676 }
678 677
679 pr_debug("tcp_in_window: res=%i sender end=%u maxend=%u maxwin=%u " 678 pr_debug("tcp_in_window: res=%u sender end=%u maxend=%u maxwin=%u "
680 "receiver end=%u maxend=%u maxwin=%u\n", 679 "receiver end=%u maxend=%u maxwin=%u\n",
681 res, sender->td_end, sender->td_maxend, sender->td_maxwin, 680 res, sender->td_end, sender->td_maxend, sender->td_maxwin,
682 receiver->td_end, receiver->td_maxend, receiver->td_maxwin); 681 receiver->td_end, receiver->td_maxend, receiver->td_maxwin);
@@ -982,9 +981,8 @@ static int tcp_packet(struct nf_conn *ct,
982} 981}
983 982
984/* Called when a new connection for this protocol found. */ 983/* Called when a new connection for this protocol found. */
985static int tcp_new(struct nf_conn *ct, 984static bool tcp_new(struct nf_conn *ct, const struct sk_buff *skb,
986 const struct sk_buff *skb, 985 unsigned int dataoff)
987 unsigned int dataoff)
988{ 986{
989 enum tcp_conntrack new_state; 987 enum tcp_conntrack new_state;
990 const struct tcphdr *th; 988 const struct tcphdr *th;
@@ -1003,7 +1001,7 @@ static int tcp_new(struct nf_conn *ct,
1003 /* Invalid: delete conntrack */ 1001 /* Invalid: delete conntrack */
1004 if (new_state >= TCP_CONNTRACK_MAX) { 1002 if (new_state >= TCP_CONNTRACK_MAX) {
1005 pr_debug("nf_ct_tcp: invalid new deleting.\n"); 1003 pr_debug("nf_ct_tcp: invalid new deleting.\n");
1006 return 0; 1004 return false;
1007 } 1005 }
1008 1006
1009 if (new_state == TCP_CONNTRACK_SYN_SENT) { 1007 if (new_state == TCP_CONNTRACK_SYN_SENT) {
@@ -1021,7 +1019,7 @@ static int tcp_new(struct nf_conn *ct,
1021 ct->proto.tcp.seen[1].flags = 0; 1019 ct->proto.tcp.seen[1].flags = 0;
1022 } else if (nf_ct_tcp_loose == 0) { 1020 } else if (nf_ct_tcp_loose == 0) {
1023 /* Don't try to pick up connections. */ 1021 /* Don't try to pick up connections. */
1024 return 0; 1022 return false;
1025 } else { 1023 } else {
1026 /* 1024 /*
1027 * We are in the middle of a connection, 1025 * We are in the middle of a connection,
@@ -1061,7 +1059,7 @@ static int tcp_new(struct nf_conn *ct,
1061 sender->td_scale, 1059 sender->td_scale,
1062 receiver->td_end, receiver->td_maxend, receiver->td_maxwin, 1060 receiver->td_end, receiver->td_maxend, receiver->td_maxwin,
1063 receiver->td_scale); 1061 receiver->td_scale);
1064 return 1; 1062 return true;
1065} 1063}
1066 1064
1067#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) 1065#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
index b8a35cc06416..8b21762e65de 100644
--- a/net/netfilter/nf_conntrack_proto_udp.c
+++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -26,7 +26,7 @@
26static unsigned int nf_ct_udp_timeout __read_mostly = 30*HZ; 26static unsigned int nf_ct_udp_timeout __read_mostly = 30*HZ;
27static unsigned int nf_ct_udp_timeout_stream __read_mostly = 180*HZ; 27static unsigned int nf_ct_udp_timeout_stream __read_mostly = 180*HZ;
28 28
29static int udp_pkt_to_tuple(const struct sk_buff *skb, 29static bool udp_pkt_to_tuple(const struct sk_buff *skb,
30 unsigned int dataoff, 30 unsigned int dataoff,
31 struct nf_conntrack_tuple *tuple) 31 struct nf_conntrack_tuple *tuple)
32{ 32{
@@ -36,20 +36,20 @@ static int udp_pkt_to_tuple(const struct sk_buff *skb,
36 /* Actually only need first 8 bytes. */ 36 /* Actually only need first 8 bytes. */
37 hp = skb_header_pointer(skb, dataoff, sizeof(_hdr), &_hdr); 37 hp = skb_header_pointer(skb, dataoff, sizeof(_hdr), &_hdr);
38 if (hp == NULL) 38 if (hp == NULL)
39 return 0; 39 return false;
40 40
41 tuple->src.u.udp.port = hp->source; 41 tuple->src.u.udp.port = hp->source;
42 tuple->dst.u.udp.port = hp->dest; 42 tuple->dst.u.udp.port = hp->dest;
43 43
44 return 1; 44 return true;
45} 45}
46 46
47static int udp_invert_tuple(struct nf_conntrack_tuple *tuple, 47static bool udp_invert_tuple(struct nf_conntrack_tuple *tuple,
48 const struct nf_conntrack_tuple *orig) 48 const struct nf_conntrack_tuple *orig)
49{ 49{
50 tuple->src.u.udp.port = orig->dst.u.udp.port; 50 tuple->src.u.udp.port = orig->dst.u.udp.port;
51 tuple->dst.u.udp.port = orig->src.u.udp.port; 51 tuple->dst.u.udp.port = orig->src.u.udp.port;
52 return 1; 52 return true;
53} 53}
54 54
55/* Print out the per-protocol part of the tuple. */ 55/* Print out the per-protocol part of the tuple. */
@@ -83,10 +83,10 @@ static int udp_packet(struct nf_conn *ct,
83} 83}
84 84
85/* Called when a new connection for this protocol found. */ 85/* Called when a new connection for this protocol found. */
86static int udp_new(struct nf_conn *ct, const struct sk_buff *skb, 86static bool udp_new(struct nf_conn *ct, const struct sk_buff *skb,
87 unsigned int dataoff) 87 unsigned int dataoff)
88{ 88{
89 return 1; 89 return true;
90} 90}
91 91
92static int udp_error(struct sk_buff *skb, unsigned int dataoff, 92static int udp_error(struct sk_buff *skb, unsigned int dataoff,
diff --git a/net/netfilter/nf_conntrack_proto_udplite.c b/net/netfilter/nf_conntrack_proto_udplite.c
index c3eaee6afffd..1fa62f3c24f1 100644
--- a/net/netfilter/nf_conntrack_proto_udplite.c
+++ b/net/netfilter/nf_conntrack_proto_udplite.c
@@ -27,28 +27,28 @@
27static unsigned int nf_ct_udplite_timeout __read_mostly = 30*HZ; 27static unsigned int nf_ct_udplite_timeout __read_mostly = 30*HZ;
28static unsigned int nf_ct_udplite_timeout_stream __read_mostly = 180*HZ; 28static unsigned int nf_ct_udplite_timeout_stream __read_mostly = 180*HZ;
29 29
30static int udplite_pkt_to_tuple(const struct sk_buff *skb, 30static bool udplite_pkt_to_tuple(const struct sk_buff *skb,
31 unsigned int dataoff, 31 unsigned int dataoff,
32 struct nf_conntrack_tuple *tuple) 32 struct nf_conntrack_tuple *tuple)
33{ 33{
34 const struct udphdr *hp; 34 const struct udphdr *hp;
35 struct udphdr _hdr; 35 struct udphdr _hdr;
36 36
37 hp = skb_header_pointer(skb, dataoff, sizeof(_hdr), &_hdr); 37 hp = skb_header_pointer(skb, dataoff, sizeof(_hdr), &_hdr);
38 if (hp == NULL) 38 if (hp == NULL)
39 return 0; 39 return false;
40 40
41 tuple->src.u.udp.port = hp->source; 41 tuple->src.u.udp.port = hp->source;
42 tuple->dst.u.udp.port = hp->dest; 42 tuple->dst.u.udp.port = hp->dest;
43 return 1; 43 return true;
44} 44}
45 45
46static int udplite_invert_tuple(struct nf_conntrack_tuple *tuple, 46static bool udplite_invert_tuple(struct nf_conntrack_tuple *tuple,
47 const struct nf_conntrack_tuple *orig) 47 const struct nf_conntrack_tuple *orig)
48{ 48{
49 tuple->src.u.udp.port = orig->dst.u.udp.port; 49 tuple->src.u.udp.port = orig->dst.u.udp.port;
50 tuple->dst.u.udp.port = orig->src.u.udp.port; 50 tuple->dst.u.udp.port = orig->src.u.udp.port;
51 return 1; 51 return true;
52} 52}
53 53
54/* Print out the per-protocol part of the tuple. */ 54/* Print out the per-protocol part of the tuple. */
@@ -83,10 +83,10 @@ static int udplite_packet(struct nf_conn *ct,
83} 83}
84 84
85/* Called when a new connection for this protocol found. */ 85/* Called when a new connection for this protocol found. */
86static int udplite_new(struct nf_conn *ct, const struct sk_buff *skb, 86static bool udplite_new(struct nf_conn *ct, const struct sk_buff *skb,
87 unsigned int dataoff) 87 unsigned int dataoff)
88{ 88{
89 return 1; 89 return true;
90} 90}
91 91
92static int udplite_error(struct sk_buff *skb, unsigned int dataoff, 92static int udplite_error(struct sk_buff *skb, unsigned int dataoff,