diff options
-rw-r--r-- | include/net/netfilter/nf_conntrack.h | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_proto_tcp.c | 2 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_proto_tcp.c | 44 |
3 files changed, 26 insertions, 22 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index bda78a286e2b..90b3e7f5df5f 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h | |||
@@ -216,7 +216,7 @@ static inline void nf_ct_refresh(struct nf_conn *ct, | |||
216 | 216 | ||
217 | /* These are for NAT. Icky. */ | 217 | /* These are for NAT. Icky. */ |
218 | /* Update TCP window tracking data when NAT mangles the packet */ | 218 | /* Update TCP window tracking data when NAT mangles the packet */ |
219 | extern void nf_conntrack_tcp_update(struct sk_buff *skb, | 219 | extern void nf_conntrack_tcp_update(const struct sk_buff *skb, |
220 | unsigned int dataoff, | 220 | unsigned int dataoff, |
221 | struct nf_conn *ct, | 221 | struct nf_conn *ct, |
222 | int dir); | 222 | int dir); |
diff --git a/net/ipv4/netfilter/nf_nat_proto_tcp.c b/net/ipv4/netfilter/nf_nat_proto_tcp.c index da23e9fbe679..ffd5d1589eca 100644 --- a/net/ipv4/netfilter/nf_nat_proto_tcp.c +++ b/net/ipv4/netfilter/nf_nat_proto_tcp.c | |||
@@ -93,7 +93,7 @@ tcp_manip_pkt(struct sk_buff *skb, | |||
93 | const struct nf_conntrack_tuple *tuple, | 93 | const struct nf_conntrack_tuple *tuple, |
94 | enum nf_nat_manip_type maniptype) | 94 | enum nf_nat_manip_type maniptype) |
95 | { | 95 | { |
96 | struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff); | 96 | const struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff); |
97 | struct tcphdr *hdr; | 97 | struct tcphdr *hdr; |
98 | unsigned int hdroff = iphdroff + iph->ihl*4; | 98 | unsigned int hdroff = iphdroff + iph->ihl*4; |
99 | __be32 oldip, newip; | 99 | __be32 oldip, newip; |
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index 9807af677a56..3e0cccae5636 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c | |||
@@ -46,7 +46,7 @@ static int nf_ct_tcp_max_retrans __read_mostly = 3; | |||
46 | /* FIXME: Examine ipfilter's timeouts and conntrack transitions more | 46 | /* FIXME: Examine ipfilter's timeouts and conntrack transitions more |
47 | closely. They're more complex. --RR */ | 47 | closely. They're more complex. --RR */ |
48 | 48 | ||
49 | static const char *tcp_conntrack_names[] = { | 49 | static const char *const tcp_conntrack_names[] = { |
50 | "NONE", | 50 | "NONE", |
51 | "SYN_SENT", | 51 | "SYN_SENT", |
52 | "SYN_RECV", | 52 | "SYN_RECV", |
@@ -261,7 +261,8 @@ static int tcp_pkt_to_tuple(const struct sk_buff *skb, | |||
261 | unsigned int dataoff, | 261 | unsigned int dataoff, |
262 | struct nf_conntrack_tuple *tuple) | 262 | struct nf_conntrack_tuple *tuple) |
263 | { | 263 | { |
264 | struct tcphdr _hdr, *hp; | 264 | const struct tcphdr *hp; |
265 | struct tcphdr _hdr; | ||
265 | 266 | ||
266 | /* Actually only need first 8 bytes. */ | 267 | /* Actually only need first 8 bytes. */ |
267 | hp = skb_header_pointer(skb, dataoff, 8, &_hdr); | 268 | hp = skb_header_pointer(skb, dataoff, 8, &_hdr); |
@@ -343,7 +344,7 @@ static unsigned int get_conntrack_index(const struct tcphdr *tcph) | |||
343 | static inline __u32 segment_seq_plus_len(__u32 seq, | 344 | static inline __u32 segment_seq_plus_len(__u32 seq, |
344 | size_t len, | 345 | size_t len, |
345 | unsigned int dataoff, | 346 | unsigned int dataoff, |
346 | struct tcphdr *tcph) | 347 | const struct tcphdr *tcph) |
347 | { | 348 | { |
348 | /* XXX Should I use payload length field in IP/IPv6 header ? | 349 | /* XXX Should I use payload length field in IP/IPv6 header ? |
349 | * - YK */ | 350 | * - YK */ |
@@ -362,11 +363,11 @@ static inline __u32 segment_seq_plus_len(__u32 seq, | |||
362 | */ | 363 | */ |
363 | static void tcp_options(const struct sk_buff *skb, | 364 | static void tcp_options(const struct sk_buff *skb, |
364 | unsigned int dataoff, | 365 | unsigned int dataoff, |
365 | struct tcphdr *tcph, | 366 | const struct tcphdr *tcph, |
366 | struct ip_ct_tcp_state *state) | 367 | struct ip_ct_tcp_state *state) |
367 | { | 368 | { |
368 | unsigned char buff[(15 * 4) - sizeof(struct tcphdr)]; | 369 | unsigned char buff[(15 * 4) - sizeof(struct tcphdr)]; |
369 | unsigned char *ptr; | 370 | const unsigned char *ptr; |
370 | int length = (tcph->doff*4) - sizeof(struct tcphdr); | 371 | int length = (tcph->doff*4) - sizeof(struct tcphdr); |
371 | 372 | ||
372 | if (!length) | 373 | if (!length) |
@@ -417,10 +418,10 @@ static void tcp_options(const struct sk_buff *skb, | |||
417 | } | 418 | } |
418 | 419 | ||
419 | static void tcp_sack(const struct sk_buff *skb, unsigned int dataoff, | 420 | static void tcp_sack(const struct sk_buff *skb, unsigned int dataoff, |
420 | struct tcphdr *tcph, __u32 *sack) | 421 | const struct tcphdr *tcph, __u32 *sack) |
421 | { | 422 | { |
422 | unsigned char buff[(15 * 4) - sizeof(struct tcphdr)]; | 423 | unsigned char buff[(15 * 4) - sizeof(struct tcphdr)]; |
423 | unsigned char *ptr; | 424 | const unsigned char *ptr; |
424 | int length = (tcph->doff*4) - sizeof(struct tcphdr); | 425 | int length = (tcph->doff*4) - sizeof(struct tcphdr); |
425 | __u32 tmp; | 426 | __u32 tmp; |
426 | 427 | ||
@@ -477,18 +478,18 @@ static void tcp_sack(const struct sk_buff *skb, unsigned int dataoff, | |||
477 | } | 478 | } |
478 | } | 479 | } |
479 | 480 | ||
480 | static int tcp_in_window(struct nf_conn *ct, | 481 | static int tcp_in_window(const struct nf_conn *ct, |
481 | struct ip_ct_tcp *state, | 482 | struct ip_ct_tcp *state, |
482 | enum ip_conntrack_dir dir, | 483 | enum ip_conntrack_dir dir, |
483 | unsigned int index, | 484 | unsigned int index, |
484 | const struct sk_buff *skb, | 485 | const struct sk_buff *skb, |
485 | unsigned int dataoff, | 486 | unsigned int dataoff, |
486 | struct tcphdr *tcph, | 487 | const struct tcphdr *tcph, |
487 | int pf) | 488 | int pf) |
488 | { | 489 | { |
489 | struct ip_ct_tcp_state *sender = &state->seen[dir]; | 490 | struct ip_ct_tcp_state *sender = &state->seen[dir]; |
490 | struct ip_ct_tcp_state *receiver = &state->seen[!dir]; | 491 | struct ip_ct_tcp_state *receiver = &state->seen[!dir]; |
491 | struct nf_conntrack_tuple *tuple = &ct->tuplehash[dir].tuple; | 492 | const struct nf_conntrack_tuple *tuple = &ct->tuplehash[dir].tuple; |
492 | __u32 seq, ack, sack, end, win, swin; | 493 | __u32 seq, ack, sack, end, win, swin; |
493 | int res; | 494 | int res; |
494 | 495 | ||
@@ -686,14 +687,14 @@ static int tcp_in_window(struct nf_conn *ct, | |||
686 | #ifdef CONFIG_NF_NAT_NEEDED | 687 | #ifdef CONFIG_NF_NAT_NEEDED |
687 | /* Update sender->td_end after NAT successfully mangled the packet */ | 688 | /* Update sender->td_end after NAT successfully mangled the packet */ |
688 | /* Caller must linearize skb at tcp header. */ | 689 | /* Caller must linearize skb at tcp header. */ |
689 | void nf_conntrack_tcp_update(struct sk_buff *skb, | 690 | void nf_conntrack_tcp_update(const struct sk_buff *skb, |
690 | unsigned int dataoff, | 691 | unsigned int dataoff, |
691 | struct nf_conn *ct, | 692 | struct nf_conn *ct, |
692 | int dir) | 693 | int dir) |
693 | { | 694 | { |
694 | struct tcphdr *tcph = (void *)skb->data + dataoff; | 695 | const struct tcphdr *tcph = (const void *)skb->data + dataoff; |
695 | struct ip_ct_tcp_state *sender = &ct->proto.tcp.seen[dir]; | 696 | const struct ip_ct_tcp_state *sender = &ct->proto.tcp.seen[dir]; |
696 | struct ip_ct_tcp_state *receiver = &ct->proto.tcp.seen[!dir]; | 697 | const struct ip_ct_tcp_state *receiver = &ct->proto.tcp.seen[!dir]; |
697 | __u32 end; | 698 | __u32 end; |
698 | 699 | ||
699 | end = segment_seq_plus_len(ntohl(tcph->seq), skb->len, dataoff, tcph); | 700 | end = segment_seq_plus_len(ntohl(tcph->seq), skb->len, dataoff, tcph); |
@@ -726,7 +727,7 @@ EXPORT_SYMBOL_GPL(nf_conntrack_tcp_update); | |||
726 | #define TH_CWR 0x80 | 727 | #define TH_CWR 0x80 |
727 | 728 | ||
728 | /* table of valid flag combinations - PUSH, ECE and CWR are always valid */ | 729 | /* table of valid flag combinations - PUSH, ECE and CWR are always valid */ |
729 | static u8 tcp_valid_flags[(TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG) + 1] = | 730 | static const u8 tcp_valid_flags[(TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG) + 1] = |
730 | { | 731 | { |
731 | [TH_SYN] = 1, | 732 | [TH_SYN] = 1, |
732 | [TH_SYN|TH_URG] = 1, | 733 | [TH_SYN|TH_URG] = 1, |
@@ -746,7 +747,8 @@ static int tcp_error(struct sk_buff *skb, | |||
746 | int pf, | 747 | int pf, |
747 | unsigned int hooknum) | 748 | unsigned int hooknum) |
748 | { | 749 | { |
749 | struct tcphdr _tcph, *th; | 750 | const struct tcphdr *th; |
751 | struct tcphdr _tcph; | ||
750 | unsigned int tcplen = skb->len - dataoff; | 752 | unsigned int tcplen = skb->len - dataoff; |
751 | u_int8_t tcpflags; | 753 | u_int8_t tcpflags; |
752 | 754 | ||
@@ -803,7 +805,8 @@ static int tcp_packet(struct nf_conn *ct, | |||
803 | struct nf_conntrack_tuple *tuple; | 805 | struct nf_conntrack_tuple *tuple; |
804 | enum tcp_conntrack new_state, old_state; | 806 | enum tcp_conntrack new_state, old_state; |
805 | enum ip_conntrack_dir dir; | 807 | enum ip_conntrack_dir dir; |
806 | struct tcphdr *th, _tcph; | 808 | const struct tcphdr *th; |
809 | struct tcphdr _tcph; | ||
807 | unsigned long timeout; | 810 | unsigned long timeout; |
808 | unsigned int index; | 811 | unsigned int index; |
809 | 812 | ||
@@ -964,9 +967,10 @@ static int tcp_new(struct nf_conn *ct, | |||
964 | unsigned int dataoff) | 967 | unsigned int dataoff) |
965 | { | 968 | { |
966 | enum tcp_conntrack new_state; | 969 | enum tcp_conntrack new_state; |
967 | struct tcphdr *th, _tcph; | 970 | const struct tcphdr *th; |
968 | struct ip_ct_tcp_state *sender = &ct->proto.tcp.seen[0]; | 971 | struct tcphdr _tcph; |
969 | struct ip_ct_tcp_state *receiver = &ct->proto.tcp.seen[1]; | 972 | const struct ip_ct_tcp_state *sender = &ct->proto.tcp.seen[0]; |
973 | const struct ip_ct_tcp_state *receiver = &ct->proto.tcp.seen[1]; | ||
970 | 974 | ||
971 | th = skb_header_pointer(skb, dataoff, sizeof(_tcph), &_tcph); | 975 | th = skb_header_pointer(skb, dataoff, sizeof(_tcph), &_tcph); |
972 | BUG_ON(th == NULL); | 976 | BUG_ON(th == NULL); |