diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nf_conntrack_proto_sctp.c | 43 |
1 files changed, 21 insertions, 22 deletions
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c index 5166bb388ff0..84e37e92b764 100644 --- a/net/netfilter/nf_conntrack_proto_sctp.c +++ b/net/netfilter/nf_conntrack_proto_sctp.c | |||
@@ -173,13 +173,12 @@ static int sctp_print_tuple(struct seq_file *s, | |||
173 | } | 173 | } |
174 | 174 | ||
175 | /* Print out the private part of the conntrack. */ | 175 | /* Print out the private part of the conntrack. */ |
176 | static int sctp_print_conntrack(struct seq_file *s, | 176 | static int sctp_print_conntrack(struct seq_file *s, const struct nf_conn *ct) |
177 | const struct nf_conn *conntrack) | ||
178 | { | 177 | { |
179 | enum sctp_conntrack state; | 178 | enum sctp_conntrack state; |
180 | 179 | ||
181 | read_lock_bh(&sctp_lock); | 180 | read_lock_bh(&sctp_lock); |
182 | state = conntrack->proto.sctp.state; | 181 | state = ct->proto.sctp.state; |
183 | read_unlock_bh(&sctp_lock); | 182 | read_unlock_bh(&sctp_lock); |
184 | 183 | ||
185 | return seq_printf(s, "%s ", sctp_conntrack_names[state]); | 184 | return seq_printf(s, "%s ", sctp_conntrack_names[state]); |
@@ -192,7 +191,7 @@ for ((offset) = (dataoff) + sizeof(sctp_sctphdr_t), (count) = 0; \ | |||
192 | (offset) += (ntohs((sch)->length) + 3) & ~3, (count)++) | 191 | (offset) += (ntohs((sch)->length) + 3) & ~3, (count)++) |
193 | 192 | ||
194 | /* Some validity checks to make sure the chunks are fine */ | 193 | /* Some validity checks to make sure the chunks are fine */ |
195 | static int do_basic_checks(struct nf_conn *conntrack, | 194 | static int do_basic_checks(struct nf_conn *ct, |
196 | const struct sk_buff *skb, | 195 | const struct sk_buff *skb, |
197 | unsigned int dataoff, | 196 | unsigned int dataoff, |
198 | unsigned long *map) | 197 | unsigned long *map) |
@@ -293,7 +292,7 @@ static int new_state(enum ip_conntrack_dir dir, | |||
293 | } | 292 | } |
294 | 293 | ||
295 | /* Returns verdict for packet, or -1 for invalid. */ | 294 | /* Returns verdict for packet, or -1 for invalid. */ |
296 | static int sctp_packet(struct nf_conn *conntrack, | 295 | static int sctp_packet(struct nf_conn *ct, |
297 | const struct sk_buff *skb, | 296 | const struct sk_buff *skb, |
298 | unsigned int dataoff, | 297 | unsigned int dataoff, |
299 | enum ip_conntrack_info ctinfo, | 298 | enum ip_conntrack_info ctinfo, |
@@ -310,7 +309,7 @@ static int sctp_packet(struct nf_conn *conntrack, | |||
310 | if (sh == NULL) | 309 | if (sh == NULL) |
311 | return -1; | 310 | return -1; |
312 | 311 | ||
313 | if (do_basic_checks(conntrack, skb, dataoff, map) != 0) | 312 | if (do_basic_checks(ct, skb, dataoff, map) != 0) |
314 | return -1; | 313 | return -1; |
315 | 314 | ||
316 | /* Check the verification tag (Sec 8.5) */ | 315 | /* Check the verification tag (Sec 8.5) */ |
@@ -319,7 +318,7 @@ static int sctp_packet(struct nf_conn *conntrack, | |||
319 | !test_bit(SCTP_CID_COOKIE_ECHO, map) && | 318 | !test_bit(SCTP_CID_COOKIE_ECHO, map) && |
320 | !test_bit(SCTP_CID_ABORT, map) && | 319 | !test_bit(SCTP_CID_ABORT, map) && |
321 | !test_bit(SCTP_CID_SHUTDOWN_ACK, map) && | 320 | !test_bit(SCTP_CID_SHUTDOWN_ACK, map) && |
322 | sh->vtag != conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)]) { | 321 | sh->vtag != ct->proto.sctp.vtag[CTINFO2DIR(ctinfo)]) { |
323 | pr_debug("Verification tag check failed\n"); | 322 | pr_debug("Verification tag check failed\n"); |
324 | return -1; | 323 | return -1; |
325 | } | 324 | } |
@@ -337,28 +336,28 @@ static int sctp_packet(struct nf_conn *conntrack, | |||
337 | } | 336 | } |
338 | } else if (sch->type == SCTP_CID_ABORT) { | 337 | } else if (sch->type == SCTP_CID_ABORT) { |
339 | /* Sec 8.5.1 (B) */ | 338 | /* Sec 8.5.1 (B) */ |
340 | if (sh->vtag != conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)] && | 339 | if (sh->vtag != ct->proto.sctp.vtag[CTINFO2DIR(ctinfo)] && |
341 | sh->vtag != conntrack->proto.sctp.vtag[1 - CTINFO2DIR(ctinfo)]) { | 340 | sh->vtag != ct->proto.sctp.vtag[1 - CTINFO2DIR(ctinfo)]) { |
342 | write_unlock_bh(&sctp_lock); | 341 | write_unlock_bh(&sctp_lock); |
343 | return -1; | 342 | return -1; |
344 | } | 343 | } |
345 | } else if (sch->type == SCTP_CID_SHUTDOWN_COMPLETE) { | 344 | } else if (sch->type == SCTP_CID_SHUTDOWN_COMPLETE) { |
346 | /* Sec 8.5.1 (C) */ | 345 | /* Sec 8.5.1 (C) */ |
347 | if (sh->vtag != conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)] && | 346 | if (sh->vtag != ct->proto.sctp.vtag[CTINFO2DIR(ctinfo)] && |
348 | sh->vtag != conntrack->proto.sctp.vtag[1 - CTINFO2DIR(ctinfo)] && | 347 | sh->vtag != ct->proto.sctp.vtag[1 - CTINFO2DIR(ctinfo)] && |
349 | (sch->flags & 1)) { | 348 | (sch->flags & 1)) { |
350 | write_unlock_bh(&sctp_lock); | 349 | write_unlock_bh(&sctp_lock); |
351 | return -1; | 350 | return -1; |
352 | } | 351 | } |
353 | } else if (sch->type == SCTP_CID_COOKIE_ECHO) { | 352 | } else if (sch->type == SCTP_CID_COOKIE_ECHO) { |
354 | /* Sec 8.5.1 (D) */ | 353 | /* Sec 8.5.1 (D) */ |
355 | if (sh->vtag != conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)]) { | 354 | if (sh->vtag != ct->proto.sctp.vtag[CTINFO2DIR(ctinfo)]) { |
356 | write_unlock_bh(&sctp_lock); | 355 | write_unlock_bh(&sctp_lock); |
357 | return -1; | 356 | return -1; |
358 | } | 357 | } |
359 | } | 358 | } |
360 | 359 | ||
361 | oldsctpstate = conntrack->proto.sctp.state; | 360 | oldsctpstate = ct->proto.sctp.state; |
362 | newconntrack = new_state(CTINFO2DIR(ctinfo), oldsctpstate, sch->type); | 361 | newconntrack = new_state(CTINFO2DIR(ctinfo), oldsctpstate, sch->type); |
363 | 362 | ||
364 | /* Invalid */ | 363 | /* Invalid */ |
@@ -383,22 +382,22 @@ static int sctp_packet(struct nf_conn *conntrack, | |||
383 | } | 382 | } |
384 | pr_debug("Setting vtag %x for dir %d\n", | 383 | pr_debug("Setting vtag %x for dir %d\n", |
385 | ih->init_tag, !CTINFO2DIR(ctinfo)); | 384 | ih->init_tag, !CTINFO2DIR(ctinfo)); |
386 | conntrack->proto.sctp.vtag[!CTINFO2DIR(ctinfo)] = ih->init_tag; | 385 | ct->proto.sctp.vtag[!CTINFO2DIR(ctinfo)] = ih->init_tag; |
387 | } | 386 | } |
388 | 387 | ||
389 | conntrack->proto.sctp.state = newconntrack; | 388 | ct->proto.sctp.state = newconntrack; |
390 | if (oldsctpstate != newconntrack) | 389 | if (oldsctpstate != newconntrack) |
391 | nf_conntrack_event_cache(IPCT_PROTOINFO, skb); | 390 | nf_conntrack_event_cache(IPCT_PROTOINFO, skb); |
392 | write_unlock_bh(&sctp_lock); | 391 | write_unlock_bh(&sctp_lock); |
393 | } | 392 | } |
394 | 393 | ||
395 | nf_ct_refresh_acct(conntrack, ctinfo, skb, *sctp_timeouts[newconntrack]); | 394 | nf_ct_refresh_acct(ct, ctinfo, skb, *sctp_timeouts[newconntrack]); |
396 | 395 | ||
397 | if (oldsctpstate == SCTP_CONNTRACK_COOKIE_ECHOED && | 396 | if (oldsctpstate == SCTP_CONNTRACK_COOKIE_ECHOED && |
398 | CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY && | 397 | CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY && |
399 | newconntrack == SCTP_CONNTRACK_ESTABLISHED) { | 398 | newconntrack == SCTP_CONNTRACK_ESTABLISHED) { |
400 | pr_debug("Setting assured bit\n"); | 399 | pr_debug("Setting assured bit\n"); |
401 | set_bit(IPS_ASSURED_BIT, &conntrack->status); | 400 | set_bit(IPS_ASSURED_BIT, &ct->status); |
402 | nf_conntrack_event_cache(IPCT_STATUS, skb); | 401 | nf_conntrack_event_cache(IPCT_STATUS, skb); |
403 | } | 402 | } |
404 | 403 | ||
@@ -406,7 +405,7 @@ static int sctp_packet(struct nf_conn *conntrack, | |||
406 | } | 405 | } |
407 | 406 | ||
408 | /* Called when a new connection for this protocol found. */ | 407 | /* Called when a new connection for this protocol found. */ |
409 | static int sctp_new(struct nf_conn *conntrack, const struct sk_buff *skb, | 408 | static int sctp_new(struct nf_conn *ct, const struct sk_buff *skb, |
410 | unsigned int dataoff) | 409 | unsigned int dataoff) |
411 | { | 410 | { |
412 | enum sctp_conntrack newconntrack; | 411 | enum sctp_conntrack newconntrack; |
@@ -419,7 +418,7 @@ static int sctp_new(struct nf_conn *conntrack, const struct sk_buff *skb, | |||
419 | if (sh == NULL) | 418 | if (sh == NULL) |
420 | return 0; | 419 | return 0; |
421 | 420 | ||
422 | if (do_basic_checks(conntrack, skb, dataoff, map) != 0) | 421 | if (do_basic_checks(ct, skb, dataoff, map) != 0) |
423 | return 0; | 422 | return 0; |
424 | 423 | ||
425 | /* If an OOTB packet has any of these chunks discard (Sec 8.4) */ | 424 | /* If an OOTB packet has any of these chunks discard (Sec 8.4) */ |
@@ -454,7 +453,7 @@ static int sctp_new(struct nf_conn *conntrack, const struct sk_buff *skb, | |||
454 | pr_debug("Setting vtag %x for new conn\n", | 453 | pr_debug("Setting vtag %x for new conn\n", |
455 | ih->init_tag); | 454 | ih->init_tag); |
456 | 455 | ||
457 | conntrack->proto.sctp.vtag[IP_CT_DIR_REPLY] = | 456 | ct->proto.sctp.vtag[IP_CT_DIR_REPLY] = |
458 | ih->init_tag; | 457 | ih->init_tag; |
459 | } else { | 458 | } else { |
460 | /* Sec 8.5.1 (A) */ | 459 | /* Sec 8.5.1 (A) */ |
@@ -466,10 +465,10 @@ static int sctp_new(struct nf_conn *conntrack, const struct sk_buff *skb, | |||
466 | else { | 465 | else { |
467 | pr_debug("Setting vtag %x for new conn OOTB\n", | 466 | pr_debug("Setting vtag %x for new conn OOTB\n", |
468 | sh->vtag); | 467 | sh->vtag); |
469 | conntrack->proto.sctp.vtag[IP_CT_DIR_REPLY] = sh->vtag; | 468 | ct->proto.sctp.vtag[IP_CT_DIR_REPLY] = sh->vtag; |
470 | } | 469 | } |
471 | 470 | ||
472 | conntrack->proto.sctp.state = newconntrack; | 471 | ct->proto.sctp.state = newconntrack; |
473 | } | 472 | } |
474 | 473 | ||
475 | return 1; | 474 | return 1; |