Commit e2e48b47 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso

netfilter: conntrack: handle icmp pkt_to_tuple helper via direct calls

rather than handling them via indirect call, use a direct one instead.
This leaves GRE as the last user of this indirect call facility.
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent a47c5404
...@@ -90,6 +90,16 @@ struct nf_conntrack_l4proto { ...@@ -90,6 +90,16 @@ struct nf_conntrack_l4proto {
struct module *me; struct module *me;
}; };
bool icmp_pkt_to_tuple(const struct sk_buff *skb,
unsigned int dataoff,
struct net *net,
struct nf_conntrack_tuple *tuple);
bool icmpv6_pkt_to_tuple(const struct sk_buff *skb,
unsigned int dataoff,
struct net *net,
struct nf_conntrack_tuple *tuple);
int nf_conntrack_icmpv4_error(struct nf_conn *tmpl, int nf_conntrack_icmpv4_error(struct nf_conn *tmpl,
struct sk_buff *skb, struct sk_buff *skb,
unsigned int dataoff, unsigned int dataoff,
......
...@@ -274,6 +274,12 @@ nf_ct_get_tuple(const struct sk_buff *skb, ...@@ -274,6 +274,12 @@ nf_ct_get_tuple(const struct sk_buff *skb,
tuple->dst.protonum = protonum; tuple->dst.protonum = protonum;
tuple->dst.dir = IP_CT_DIR_ORIGINAL; tuple->dst.dir = IP_CT_DIR_ORIGINAL;
switch (protonum) {
case IPPROTO_ICMPV6:
return icmpv6_pkt_to_tuple(skb, dataoff, net, tuple);
case IPPROTO_ICMP:
return icmp_pkt_to_tuple(skb, dataoff, net, tuple);
}
if (unlikely(l4proto->pkt_to_tuple)) if (unlikely(l4proto->pkt_to_tuple))
return l4proto->pkt_to_tuple(skb, dataoff, net, tuple); return l4proto->pkt_to_tuple(skb, dataoff, net, tuple);
......
...@@ -25,8 +25,8 @@ ...@@ -25,8 +25,8 @@
static const unsigned int nf_ct_icmp_timeout = 30*HZ; static const unsigned int nf_ct_icmp_timeout = 30*HZ;
static bool icmp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff, bool icmp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,
struct net *net, struct nf_conntrack_tuple *tuple) struct net *net, struct nf_conntrack_tuple *tuple)
{ {
const struct icmphdr *hp; const struct icmphdr *hp;
struct icmphdr _hdr; struct icmphdr _hdr;
...@@ -347,7 +347,6 @@ static struct nf_proto_net *icmp_get_net_proto(struct net *net) ...@@ -347,7 +347,6 @@ static struct nf_proto_net *icmp_get_net_proto(struct net *net)
const struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp = const struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp =
{ {
.l4proto = IPPROTO_ICMP, .l4proto = IPPROTO_ICMP,
.pkt_to_tuple = icmp_pkt_to_tuple,
.invert_tuple = icmp_invert_tuple, .invert_tuple = icmp_invert_tuple,
#if IS_ENABLED(CONFIG_NF_CT_NETLINK) #if IS_ENABLED(CONFIG_NF_CT_NETLINK)
.tuple_to_nlattr = icmp_tuple_to_nlattr, .tuple_to_nlattr = icmp_tuple_to_nlattr,
......
...@@ -30,10 +30,10 @@ ...@@ -30,10 +30,10 @@
static const unsigned int nf_ct_icmpv6_timeout = 30*HZ; static const unsigned int nf_ct_icmpv6_timeout = 30*HZ;
static bool icmpv6_pkt_to_tuple(const struct sk_buff *skb, bool icmpv6_pkt_to_tuple(const struct sk_buff *skb,
unsigned int dataoff, unsigned int dataoff,
struct net *net, struct net *net,
struct nf_conntrack_tuple *tuple) struct nf_conntrack_tuple *tuple)
{ {
const struct icmp6hdr *hp; const struct icmp6hdr *hp;
struct icmp6hdr _hdr; struct icmp6hdr _hdr;
...@@ -358,7 +358,6 @@ static struct nf_proto_net *icmpv6_get_net_proto(struct net *net) ...@@ -358,7 +358,6 @@ static struct nf_proto_net *icmpv6_get_net_proto(struct net *net)
const struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 = const struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 =
{ {
.l4proto = IPPROTO_ICMPV6, .l4proto = IPPROTO_ICMPV6,
.pkt_to_tuple = icmpv6_pkt_to_tuple,
.invert_tuple = icmpv6_invert_tuple, .invert_tuple = icmpv6_invert_tuple,
#if IS_ENABLED(CONFIG_NF_CT_NETLINK) #if IS_ENABLED(CONFIG_NF_CT_NETLINK)
.tuple_to_nlattr = icmpv6_tuple_to_nlattr, .tuple_to_nlattr = icmpv6_tuple_to_nlattr,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment