3 files changed, 75 insertions, 7 deletions
diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h
index b969c430b36a..54a3d038beaa 100644
--- a/include/net/netfilter/nf_conntrack_expect.h
+++ b/include/net/netfilter/nf_conntrack_expect.h
@@ -68,6 +68,10 @@ void nf_conntrack_unexpect_related(struct nf_conntrack_expect *exp);
 /* Allocate space for an expectation: this is mandatory before calling
   nf_conntrack_expect_related.  You will have to call put afterwards. */
 struct nf_conntrack_expect *nf_conntrack_expect_alloc(struct nf_conn *me);
+void nf_conntrack_expect_init(struct nf_conntrack_expect *, int,
+                              union nf_conntrack_address *,
+                              union nf_conntrack_address *,
+                              u_int8_t, __be16 *, __be16 *);
 void nf_conntrack_expect_put(struct nf_conntrack_expect *exp);
 int nf_conntrack_expect_related(struct nf_conntrack_expect *expect);
diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h
index be9dc9a0eb77..c96a9c576736 100644
--- a/include/net/netfilter/nf_conntrack_tuple.h
+++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -24,7 +24,7 @@
 /* The l3 protocol-specific manipulable parts of the tuple: always in
   network order! */
-union nf_conntrack_man_l3proto {
+union nf_conntrack_address {
        u_int32_t all[NF_CT_TUPLE_L3SIZE];
        __be32 ip;
        __be32 ip6[4];
@@ -54,7 +54,7 @@ union nf_conntrack_man_proto
 /* The manipulable part of the tuple. */
 struct nf_conntrack_man
 {
-        union nf_conntrack_man_l3proto u3;
+        union nf_conntrack_address u3;
        union nf_conntrack_man_proto u;
        /* Layer 3 protocol */
        u_int16_t l3num;
@@ -67,11 +67,7 @@ struct nf_conntrack_tuple
        /* These are the parts of the tuple which are fixed. */
        struct {
-                union {
+                union nf_conntrack_address u3;
-                        u_int32_t all[NF_CT_TUPLE_L3SIZE];
-                        u_int32_t ip;
-                        u_int32_t ip6[4];
-                } u3;
                union {
                        /* Add other protocols here. */
                        u_int16_t all;
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index aa5903e4da11..68623ae778c8 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -196,6 +196,74 @@ struct nf_conntrack_expect *nf_conntrack_expect_alloc(struct nf_conn *me)
        return new;
 }
+void nf_conntrack_expect_init(struct nf_conntrack_expect *exp, int family,
+                              union nf_conntrack_address *saddr,
+                              union nf_conntrack_address *daddr,
+                              u_int8_t proto, __be16 *src, __be16 *dst)
+{
+        int len;
+        if (family == AF_INET)
+                len = 4;
+        else
+                len = 16;
+        exp->flags = 0;
+        exp->expectfn = NULL;
+        exp->helper = NULL;
+        exp->tuple.src.l3num = family;
+        exp->tuple.dst.protonum = proto;
+        exp->mask.src.l3num = 0xFFFF;
+        exp->mask.dst.protonum = 0xFF;
+        if (saddr) {
+                memcpy(&exp->tuple.src.u3, saddr, len);
+                if (sizeof(exp->tuple.src.u3) > len)
+                        /* address needs to be cleared for nf_ct_tuple_equal */
+                        memset((void *)&exp->tuple.src.u3 + len, 0x00,
+                               sizeof(exp->tuple.src.u3) - len);
+                memset(&exp->mask.src.u3, 0xFF, len);
+                if (sizeof(exp->mask.src.u3) > len)
+                        memset((void *)&exp->mask.src.u3 + len, 0x00,
+                               sizeof(exp->mask.src.u3) - len);
+        } else {
+                memset(&exp->tuple.src.u3, 0x00, sizeof(exp->tuple.src.u3));
+                memset(&exp->mask.src.u3, 0x00, sizeof(exp->mask.src.u3));
+        }
+        if (daddr) {
+                memcpy(&exp->tuple.dst.u3, daddr, len);
+                if (sizeof(exp->tuple.dst.u3) > len)
+                        /* address needs to be cleared for nf_ct_tuple_equal */
+                        memset((void *)&exp->tuple.dst.u3 + len, 0x00,
+                               sizeof(exp->tuple.dst.u3) - len);
+                memset(&exp->mask.dst.u3, 0xFF, len);
+                if (sizeof(exp->mask.dst.u3) > len)
+                        memset((void *)&exp->mask.dst.u3 + len, 0x00,
+                               sizeof(exp->mask.dst.u3) - len);
+        } else {
+                memset(&exp->tuple.dst.u3, 0x00, sizeof(exp->tuple.dst.u3));
+                memset(&exp->mask.dst.u3, 0x00, sizeof(exp->mask.dst.u3));
+        }
+        if (src) {
+                exp->tuple.src.u.all = (__force u16)*src;
+                exp->mask.src.u.all = 0xFFFF;
+        } else {
+                exp->tuple.src.u.all = 0;
+                exp->mask.src.u.all = 0;
+        }
+        if (dst) {
+                exp->tuple.dst.u.all = (__force u16)*dst;
+                exp->mask.dst.u.all = 0xFFFF;
+        } else {
+                exp->tuple.dst.u.all = 0;
+                exp->mask.dst.u.all = 0;
+        }
+}
+EXPORT_SYMBOL_GPL(nf_conntrack_expect_init);
 void nf_conntrack_expect_put(struct nf_conntrack_expect *exp)
 {
        if (atomic_dec_and_test(&exp->use))

diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h index b969c430b36a..54a3d038beaa 100644 --- a/include/net/netfilter/nf_conntrack_expect.h +++ b/include/net/netfilter/nf_conntrack_expect.h
@@ -68,6 +68,10 @@ void nf_conntrack_unexpect_related(struct nf_conntrack_expect *exp);
68	/* Allocate space for an expectation: this is mandatory before calling	68	/* Allocate space for an expectation: this is mandatory before calling
69	nf_conntrack_expect_related. You will have to call put afterwards. */	69	nf_conntrack_expect_related. You will have to call put afterwards. */
70	struct nf_conntrack_expect nf_conntrack_expect_alloc(struct nf_conn me);	70	struct nf_conntrack_expect nf_conntrack_expect_alloc(struct nf_conn me);
		71	void nf_conntrack_expect_init(struct nf_conntrack_expect *, int,
		72	union nf_conntrack_address *,
		73	union nf_conntrack_address *,
		74	u_int8_t, __be16 , __be16 );
71	void nf_conntrack_expect_put(struct nf_conntrack_expect *exp);	75	void nf_conntrack_expect_put(struct nf_conntrack_expect *exp);
72	int nf_conntrack_expect_related(struct nf_conntrack_expect *expect);	76	int nf_conntrack_expect_related(struct nf_conntrack_expect *expect);
73		77


diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h index be9dc9a0eb77..c96a9c576736 100644 --- a/include/net/netfilter/nf_conntrack_tuple.h +++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -24,7 +24,7 @@
24		24
25	/* The l3 protocol-specific manipulable parts of the tuple: always in	25	/* The l3 protocol-specific manipulable parts of the tuple: always in
26	network order! */	26	network order! */
27	union nf_conntrack_man_l3proto {	27	union nf_conntrack_address {
28	u_int32_t all[NF_CT_TUPLE_L3SIZE];	28	u_int32_t all[NF_CT_TUPLE_L3SIZE];
29	__be32 ip;	29	__be32 ip;
30	__be32 ip6[4];	30	__be32 ip6[4];
@@ -54,7 +54,7 @@ union nf_conntrack_man_proto
54	/* The manipulable part of the tuple. */	54	/* The manipulable part of the tuple. */
55	struct nf_conntrack_man	55	struct nf_conntrack_man
56	{	56	{
57	union nf_conntrack_man_l3proto u3;	57	union nf_conntrack_address u3;
58	union nf_conntrack_man_proto u;	58	union nf_conntrack_man_proto u;
59	/* Layer 3 protocol */	59	/* Layer 3 protocol */
60	u_int16_t l3num;	60	u_int16_t l3num;
@@ -67,11 +67,7 @@ struct nf_conntrack_tuple
67		67
68	/* These are the parts of the tuple which are fixed. */	68	/* These are the parts of the tuple which are fixed. */
69	struct {	69	struct {
70	union {	70	union nf_conntrack_address u3;
71	u_int32_t all[NF_CT_TUPLE_L3SIZE];
72	u_int32_t ip;
73	u_int32_t ip6[4];
74	} u3;
75	union {	71	union {
76	/* Add other protocols here. */	72	/* Add other protocols here. */
77	u_int16_t all;	73	u_int16_t all;


diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index aa5903e4da11..68623ae778c8 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c
@@ -196,6 +196,74 @@ struct nf_conntrack_expect nf_conntrack_expect_alloc(struct nf_conn me)
196	return new;	196	return new;
197	}	197	}
198		198
		199	void nf_conntrack_expect_init(struct nf_conntrack_expect *exp, int family,
		200	union nf_conntrack_address *saddr,
		201	union nf_conntrack_address *daddr,
		202	u_int8_t proto, __be16 src, __be16 dst)
		203	{
		204	int len;
		205
		206	if (family == AF_INET)
		207	len = 4;
		208	else
		209	len = 16;
		210
		211	exp->flags = 0;
		212	exp->expectfn = NULL;
		213	exp->helper = NULL;
		214	exp->tuple.src.l3num = family;
		215	exp->tuple.dst.protonum = proto;
		216	exp->mask.src.l3num = 0xFFFF;
		217	exp->mask.dst.protonum = 0xFF;
		218
		219	if (saddr) {
		220	memcpy(&exp->tuple.src.u3, saddr, len);
		221	if (sizeof(exp->tuple.src.u3) > len)
		222	/* address needs to be cleared for nf_ct_tuple_equal */
		223	memset((void *)&exp->tuple.src.u3 + len, 0x00,
		224	sizeof(exp->tuple.src.u3) - len);
		225	memset(&exp->mask.src.u3, 0xFF, len);
		226	if (sizeof(exp->mask.src.u3) > len)
		227	memset((void *)&exp->mask.src.u3 + len, 0x00,
		228	sizeof(exp->mask.src.u3) - len);
		229	} else {
		230	memset(&exp->tuple.src.u3, 0x00, sizeof(exp->tuple.src.u3));
		231	memset(&exp->mask.src.u3, 0x00, sizeof(exp->mask.src.u3));
		232	}
		233
		234	if (daddr) {
		235	memcpy(&exp->tuple.dst.u3, daddr, len);
		236	if (sizeof(exp->tuple.dst.u3) > len)
		237	/* address needs to be cleared for nf_ct_tuple_equal */
		238	memset((void *)&exp->tuple.dst.u3 + len, 0x00,
		239	sizeof(exp->tuple.dst.u3) - len);
		240	memset(&exp->mask.dst.u3, 0xFF, len);
		241	if (sizeof(exp->mask.dst.u3) > len)
		242	memset((void *)&exp->mask.dst.u3 + len, 0x00,
		243	sizeof(exp->mask.dst.u3) - len);
		244	} else {
		245	memset(&exp->tuple.dst.u3, 0x00, sizeof(exp->tuple.dst.u3));
		246	memset(&exp->mask.dst.u3, 0x00, sizeof(exp->mask.dst.u3));
		247	}
		248
		249	if (src) {
		250	exp->tuple.src.u.all = (__force u16)*src;
		251	exp->mask.src.u.all = 0xFFFF;
		252	} else {
		253	exp->tuple.src.u.all = 0;
		254	exp->mask.src.u.all = 0;
		255	}
		256
		257	if (dst) {
		258	exp->tuple.dst.u.all = (__force u16)*dst;
		259	exp->mask.dst.u.all = 0xFFFF;
		260	} else {
		261	exp->tuple.dst.u.all = 0;
		262	exp->mask.dst.u.all = 0;
		263	}
		264	}
		265	EXPORT_SYMBOL_GPL(nf_conntrack_expect_init);
		266
199	void nf_conntrack_expect_put(struct nf_conntrack_expect *exp)	267	void nf_conntrack_expect_put(struct nf_conntrack_expect *exp)
200	{	268	{
201	if (atomic_dec_and_test(&exp->use))	269	if (atomic_dec_and_test(&exp->use))