aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/nf_conntrack_proto_sctp.c43
1 files changed, 21 insertions, 22 deletions
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index 5166bb388ff0..84e37e92b764 100644
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -173,13 +173,12 @@ static int sctp_print_tuple(struct seq_file *s,
173} 173}
174 174
175/* Print out the private part of the conntrack. */ 175/* Print out the private part of the conntrack. */
176static int sctp_print_conntrack(struct seq_file *s, 176static int sctp_print_conntrack(struct seq_file *s, const struct nf_conn *ct)
177 const struct nf_conn *conntrack)
178{ 177{
179 enum sctp_conntrack state; 178 enum sctp_conntrack state;
180 179
181 read_lock_bh(&sctp_lock); 180 read_lock_bh(&sctp_lock);
182 state = conntrack->proto.sctp.state; 181 state = ct->proto.sctp.state;
183 read_unlock_bh(&sctp_lock); 182 read_unlock_bh(&sctp_lock);
184 183
185 return seq_printf(s, "%s ", sctp_conntrack_names[state]); 184 return seq_printf(s, "%s ", sctp_conntrack_names[state]);
@@ -192,7 +191,7 @@ for ((offset) = (dataoff) + sizeof(sctp_sctphdr_t), (count) = 0; \
192 (offset) += (ntohs((sch)->length) + 3) & ~3, (count)++) 191 (offset) += (ntohs((sch)->length) + 3) & ~3, (count)++)
193 192
194/* Some validity checks to make sure the chunks are fine */ 193/* Some validity checks to make sure the chunks are fine */
195static int do_basic_checks(struct nf_conn *conntrack, 194static int do_basic_checks(struct nf_conn *ct,
196 const struct sk_buff *skb, 195 const struct sk_buff *skb,
197 unsigned int dataoff, 196 unsigned int dataoff,
198 unsigned long *map) 197 unsigned long *map)
@@ -293,7 +292,7 @@ static int new_state(enum ip_conntrack_dir dir,
293} 292}
294 293
295/* Returns verdict for packet, or -1 for invalid. */ 294/* Returns verdict for packet, or -1 for invalid. */
296static int sctp_packet(struct nf_conn *conntrack, 295static int sctp_packet(struct nf_conn *ct,
297 const struct sk_buff *skb, 296 const struct sk_buff *skb,
298 unsigned int dataoff, 297 unsigned int dataoff,
299 enum ip_conntrack_info ctinfo, 298 enum ip_conntrack_info ctinfo,
@@ -310,7 +309,7 @@ static int sctp_packet(struct nf_conn *conntrack,
310 if (sh == NULL) 309 if (sh == NULL)
311 return -1; 310 return -1;
312 311
313 if (do_basic_checks(conntrack, skb, dataoff, map) != 0) 312 if (do_basic_checks(ct, skb, dataoff, map) != 0)
314 return -1; 313 return -1;
315 314
316 /* Check the verification tag (Sec 8.5) */ 315 /* Check the verification tag (Sec 8.5) */
@@ -319,7 +318,7 @@ static int sctp_packet(struct nf_conn *conntrack,
319 !test_bit(SCTP_CID_COOKIE_ECHO, map) && 318 !test_bit(SCTP_CID_COOKIE_ECHO, map) &&
320 !test_bit(SCTP_CID_ABORT, map) && 319 !test_bit(SCTP_CID_ABORT, map) &&
321 !test_bit(SCTP_CID_SHUTDOWN_ACK, map) && 320 !test_bit(SCTP_CID_SHUTDOWN_ACK, map) &&
322 sh->vtag != conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)]) { 321 sh->vtag != ct->proto.sctp.vtag[CTINFO2DIR(ctinfo)]) {
323 pr_debug("Verification tag check failed\n"); 322 pr_debug("Verification tag check failed\n");
324 return -1; 323 return -1;
325 } 324 }
@@ -337,28 +336,28 @@ static int sctp_packet(struct nf_conn *conntrack,
337 } 336 }
338 } else if (sch->type == SCTP_CID_ABORT) { 337 } else if (sch->type == SCTP_CID_ABORT) {
339 /* Sec 8.5.1 (B) */ 338 /* Sec 8.5.1 (B) */
340 if (sh->vtag != conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)] && 339 if (sh->vtag != ct->proto.sctp.vtag[CTINFO2DIR(ctinfo)] &&
341 sh->vtag != conntrack->proto.sctp.vtag[1 - CTINFO2DIR(ctinfo)]) { 340 sh->vtag != ct->proto.sctp.vtag[1 - CTINFO2DIR(ctinfo)]) {
342 write_unlock_bh(&sctp_lock); 341 write_unlock_bh(&sctp_lock);
343 return -1; 342 return -1;
344 } 343 }
345 } else if (sch->type == SCTP_CID_SHUTDOWN_COMPLETE) { 344 } else if (sch->type == SCTP_CID_SHUTDOWN_COMPLETE) {
346 /* Sec 8.5.1 (C) */ 345 /* Sec 8.5.1 (C) */
347 if (sh->vtag != conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)] && 346 if (sh->vtag != ct->proto.sctp.vtag[CTINFO2DIR(ctinfo)] &&
348 sh->vtag != conntrack->proto.sctp.vtag[1 - CTINFO2DIR(ctinfo)] && 347 sh->vtag != ct->proto.sctp.vtag[1 - CTINFO2DIR(ctinfo)] &&
349 (sch->flags & 1)) { 348 (sch->flags & 1)) {
350 write_unlock_bh(&sctp_lock); 349 write_unlock_bh(&sctp_lock);
351 return -1; 350 return -1;
352 } 351 }
353 } else if (sch->type == SCTP_CID_COOKIE_ECHO) { 352 } else if (sch->type == SCTP_CID_COOKIE_ECHO) {
354 /* Sec 8.5.1 (D) */ 353 /* Sec 8.5.1 (D) */
355 if (sh->vtag != conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)]) { 354 if (sh->vtag != ct->proto.sctp.vtag[CTINFO2DIR(ctinfo)]) {
356 write_unlock_bh(&sctp_lock); 355 write_unlock_bh(&sctp_lock);
357 return -1; 356 return -1;
358 } 357 }
359 } 358 }
360 359
361 oldsctpstate = conntrack->proto.sctp.state; 360 oldsctpstate = ct->proto.sctp.state;
362 newconntrack = new_state(CTINFO2DIR(ctinfo), oldsctpstate, sch->type); 361 newconntrack = new_state(CTINFO2DIR(ctinfo), oldsctpstate, sch->type);
363 362
364 /* Invalid */ 363 /* Invalid */
@@ -383,22 +382,22 @@ static int sctp_packet(struct nf_conn *conntrack,
383 } 382 }
384 pr_debug("Setting vtag %x for dir %d\n", 383 pr_debug("Setting vtag %x for dir %d\n",
385 ih->init_tag, !CTINFO2DIR(ctinfo)); 384 ih->init_tag, !CTINFO2DIR(ctinfo));
386 conntrack->proto.sctp.vtag[!CTINFO2DIR(ctinfo)] = ih->init_tag; 385 ct->proto.sctp.vtag[!CTINFO2DIR(ctinfo)] = ih->init_tag;
387 } 386 }
388 387
389 conntrack->proto.sctp.state = newconntrack; 388 ct->proto.sctp.state = newconntrack;
390 if (oldsctpstate != newconntrack) 389 if (oldsctpstate != newconntrack)
391 nf_conntrack_event_cache(IPCT_PROTOINFO, skb); 390 nf_conntrack_event_cache(IPCT_PROTOINFO, skb);
392 write_unlock_bh(&sctp_lock); 391 write_unlock_bh(&sctp_lock);
393 } 392 }
394 393
395 nf_ct_refresh_acct(conntrack, ctinfo, skb, *sctp_timeouts[newconntrack]); 394 nf_ct_refresh_acct(ct, ctinfo, skb, *sctp_timeouts[newconntrack]);
396 395
397 if (oldsctpstate == SCTP_CONNTRACK_COOKIE_ECHOED && 396 if (oldsctpstate == SCTP_CONNTRACK_COOKIE_ECHOED &&
398 CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY && 397 CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY &&
399 newconntrack == SCTP_CONNTRACK_ESTABLISHED) { 398 newconntrack == SCTP_CONNTRACK_ESTABLISHED) {
400 pr_debug("Setting assured bit\n"); 399 pr_debug("Setting assured bit\n");
401 set_bit(IPS_ASSURED_BIT, &conntrack->status); 400 set_bit(IPS_ASSURED_BIT, &ct->status);
402 nf_conntrack_event_cache(IPCT_STATUS, skb); 401 nf_conntrack_event_cache(IPCT_STATUS, skb);
403 } 402 }
404 403
@@ -406,7 +405,7 @@ static int sctp_packet(struct nf_conn *conntrack,
406} 405}
407 406
408/* Called when a new connection for this protocol found. */ 407/* Called when a new connection for this protocol found. */
409static int sctp_new(struct nf_conn *conntrack, const struct sk_buff *skb, 408static int sctp_new(struct nf_conn *ct, const struct sk_buff *skb,
410 unsigned int dataoff) 409 unsigned int dataoff)
411{ 410{
412 enum sctp_conntrack newconntrack; 411 enum sctp_conntrack newconntrack;
@@ -419,7 +418,7 @@ static int sctp_new(struct nf_conn *conntrack, const struct sk_buff *skb,
419 if (sh == NULL) 418 if (sh == NULL)
420 return 0; 419 return 0;
421 420
422 if (do_basic_checks(conntrack, skb, dataoff, map) != 0) 421 if (do_basic_checks(ct, skb, dataoff, map) != 0)
423 return 0; 422 return 0;
424 423
425 /* If an OOTB packet has any of these chunks discard (Sec 8.4) */ 424 /* If an OOTB packet has any of these chunks discard (Sec 8.4) */
@@ -454,7 +453,7 @@ static int sctp_new(struct nf_conn *conntrack, const struct sk_buff *skb,
454 pr_debug("Setting vtag %x for new conn\n", 453 pr_debug("Setting vtag %x for new conn\n",
455 ih->init_tag); 454 ih->init_tag);
456 455
457 conntrack->proto.sctp.vtag[IP_CT_DIR_REPLY] = 456 ct->proto.sctp.vtag[IP_CT_DIR_REPLY] =
458 ih->init_tag; 457 ih->init_tag;
459 } else { 458 } else {
460 /* Sec 8.5.1 (A) */ 459 /* Sec 8.5.1 (A) */
@@ -466,10 +465,10 @@ static int sctp_new(struct nf_conn *conntrack, const struct sk_buff *skb,
466 else { 465 else {
467 pr_debug("Setting vtag %x for new conn OOTB\n", 466 pr_debug("Setting vtag %x for new conn OOTB\n",
468 sh->vtag); 467 sh->vtag);
469 conntrack->proto.sctp.vtag[IP_CT_DIR_REPLY] = sh->vtag; 468 ct->proto.sctp.vtag[IP_CT_DIR_REPLY] = sh->vtag;
470 } 469 }
471 470
472 conntrack->proto.sctp.state = newconntrack; 471 ct->proto.sctp.state = newconntrack;
473 } 472 }
474 473
475 return 1; 474 return 1;