From 937e0dfd87a8b7946a17161664500fba93eb13fd Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Thu, 20 Mar 2008 15:15:47 +0100 Subject: [NETFILTER]: nf_nat: add helpers for common NAT protocol operations Add generic ->in_range and ->unique_tuple ops to avoid duplicating them again and again for future NAT modules and save a few bytes of text: net/ipv4/netfilter/nf_nat_proto_tcp.c: tcp_in_range | -62 (removed) tcp_unique_tuple | -259 # 271 -> 12, # inlines: 1 -> 0, size inlines: 7 -> 0 2 functions changed, 321 bytes removed net/ipv4/netfilter/nf_nat_proto_udp.c: udp_in_range | -62 (removed) udp_unique_tuple | -259 # 271 -> 12, # inlines: 1 -> 0, size inlines: 7 -> 0 2 functions changed, 321 bytes removed net/ipv4/netfilter/nf_nat_proto_gre.c: gre_in_range | -62 (removed) 1 function changed, 62 bytes removed vmlinux: 5 functions changed, 704 bytes removed Signed-off-by: Patrick McHardy --- include/net/netfilter/nf_nat_protocol.h | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'include/net') diff --git a/include/net/netfilter/nf_nat_protocol.h b/include/net/netfilter/nf_nat_protocol.h index 4aa0edbb5b9..fa06f6d0de5 100644 --- a/include/net/netfilter/nf_nat_protocol.h +++ b/include/net/netfilter/nf_nat_protocol.h @@ -62,6 +62,17 @@ extern int init_protocols(void) __init; extern void cleanup_protocols(void); extern const struct nf_nat_protocol *find_nat_proto(u_int16_t protonum); +extern int nf_nat_proto_in_range(const struct nf_conntrack_tuple *tuple, + enum nf_nat_manip_type maniptype, + const union nf_conntrack_man_proto *min, + const union nf_conntrack_man_proto *max); + +extern int nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple, + const struct nf_nat_range *range, + enum nf_nat_manip_type maniptype, + const struct nf_conn *ct, + u_int16_t *rover); + extern int nf_nat_port_range_to_nlattr(struct sk_buff *skb, const struct nf_nat_range *range); extern int nf_nat_port_nlattr_to_range(struct nlattr *tb[], -- cgit v1.2.3 From 535b57c7c1524125444aa1b874332f6ff1608ef5 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Mon, 14 Apr 2008 11:15:47 +0200 Subject: [NETFILTER]: nf_nat: move NAT ctnetlink helpers to nf_nat_proto_common Move to nf_nat_proto_common and rename to nf_nat_proto_... since they're also used by protocols that don't have port numbers. Signed-off-by: Patrick McHardy --- include/net/netfilter/nf_nat_protocol.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'include/net') diff --git a/include/net/netfilter/nf_nat_protocol.h b/include/net/netfilter/nf_nat_protocol.h index fa06f6d0de5..8ce227624ea 100644 --- a/include/net/netfilter/nf_nat_protocol.h +++ b/include/net/netfilter/nf_nat_protocol.h @@ -73,9 +73,9 @@ extern int nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple, const struct nf_conn *ct, u_int16_t *rover); -extern int nf_nat_port_range_to_nlattr(struct sk_buff *skb, - const struct nf_nat_range *range); -extern int nf_nat_port_nlattr_to_range(struct nlattr *tb[], - struct nf_nat_range *range); +extern int nf_nat_proto_range_to_nlattr(struct sk_buff *skb, + const struct nf_nat_range *range); +extern int nf_nat_proto_nlattr_to_range(struct nlattr *tb[], + struct nf_nat_range *range); #endif /*_NF_NAT_PROTO_H*/ -- cgit v1.2.3 From 2d2d84c40e19a7fce51ba1f124ecde105104192d Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Thu, 20 Mar 2008 15:15:49 +0100 Subject: [NETFILTER]: nf_nat: remove unused name from struct nf_nat_protocol Signed-off-by: Patrick McHardy --- include/net/netfilter/nf_nat_protocol.h | 3 --- 1 file changed, 3 deletions(-) (limited to 'include/net') diff --git a/include/net/netfilter/nf_nat_protocol.h b/include/net/netfilter/nf_nat_protocol.h index 8ce227624ea..fba94a2028d 100644 --- a/include/net/netfilter/nf_nat_protocol.h +++ b/include/net/netfilter/nf_nat_protocol.h @@ -8,9 +8,6 @@ struct nf_nat_range; struct nf_nat_protocol { - /* Protocol name */ - const char *name; - /* Protocol number. */ unsigned int protonum; -- cgit v1.2.3 From 2bc780499aa33311ec0f3e42624dfaa7be0ade5e Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Thu, 20 Mar 2008 15:15:55 +0100 Subject: [NETFILTER]: nf_conntrack: add DCCP protocol support Add DCCP conntrack helper. Thanks to Gerrit Renker for review and testing. Signed-off-by: Patrick McHardy --- include/net/netfilter/nf_conntrack.h | 2 ++ include/net/netfilter/nf_conntrack_tuple.h | 6 ++++++ 2 files changed, 8 insertions(+) (limited to 'include/net') diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index a3567a7a6d6..bb9fc852e97 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h @@ -20,6 +20,7 @@ #include #include +#include #include #include #include @@ -30,6 +31,7 @@ /* per conntrack: protocol private data */ union nf_conntrack_proto { /* insert conntrack proto private data here */ + struct nf_ct_dccp dccp; struct ip_ct_sctp sctp; struct ip_ct_tcp tcp; struct ip_ct_icmp icmp; diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h index 168c91754d8..bdeec346138 100644 --- a/include/net/netfilter/nf_conntrack_tuple.h +++ b/include/net/netfilter/nf_conntrack_tuple.h @@ -39,6 +39,9 @@ union nf_conntrack_man_proto struct { __be16 id; } icmp; + struct { + __be16 port; + } dccp; struct { __be16 port; } sctp; @@ -77,6 +80,9 @@ struct nf_conntrack_tuple struct { u_int8_t type, code; } icmp; + struct { + __be16 port; + } dccp; struct { __be16 port; } sctp; -- cgit v1.2.3 From 8c87238b726e543f8af4bdb4296020a328df4744 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Mon, 14 Apr 2008 11:15:51 +0200 Subject: [NETFILTER]: nf_nat: don't add NAT extension for confirmed conntracks Adding extensions to confirmed conntracks is not allowed to avoid races on reallocation. Don't setup NAT for confirmed conntracks in case NAT module is loaded late. The has one side-effect, the connections existing before the NAT module was loaded won't enter the bysource hash. The only case where this actually makes a difference is in case of SNAT to a multirange where the IP before NAT is also part of the range. Since old connections don't enter the bysource hash the first new connection from the IP will have a new address selected. This shouldn't matter at all. Signed-off-by: Patrick McHardy --- include/net/netfilter/nf_nat_rule.h | 3 --- 1 file changed, 3 deletions(-) (limited to 'include/net') diff --git a/include/net/netfilter/nf_nat_rule.h b/include/net/netfilter/nf_nat_rule.h index 75d1825031d..e4a18ae361c 100644 --- a/include/net/netfilter/nf_nat_rule.h +++ b/include/net/netfilter/nf_nat_rule.h @@ -14,7 +14,4 @@ extern int nf_nat_rule_find(struct sk_buff *skb, extern unsigned int alloc_null_binding(struct nf_conn *ct, unsigned int hooknum); - -extern unsigned int -alloc_null_binding_confirmed(struct nf_conn *ct, unsigned int hooknum); #endif /* _NF_NAT_RULE_H */ -- cgit v1.2.3 From 55871d04793d9c069ee277b1e98794b88d92ed80 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Mon, 14 Apr 2008 11:15:51 +0200 Subject: [NETFILTER]: nf_conntrack_extend: warn on confirmed conntracks New extensions may only be added to unconfirmed conntracks to avoid races when reallocating the storage. Also change NF_CT_ASSERT to use WARN_ON to get backtraces. Signed-off-by: Patrick McHardy --- include/net/netfilter/nf_conntrack.h | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) (limited to 'include/net') diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index bb9fc852e97..4a0496aa32d 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h @@ -65,14 +65,7 @@ union nf_conntrack_help { #include #ifdef CONFIG_NETFILTER_DEBUG -#define NF_CT_ASSERT(x) \ -do { \ - if (!(x)) \ - /* Wooah! I'm tripping my conntrack in a frenzy of \ - netplay... */ \ - printk("NF_CT_ASSERT: %s:%i(%s)\n", \ - __FILE__, __LINE__, __FUNCTION__); \ -} while(0) +#define NF_CT_ASSERT(x) WARN_ON(!(x)) #else #define NF_CT_ASSERT(x) #endif -- cgit v1.2.3 From dd13b010368f85dfa59364ba87bfe8ae930b2832 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Mon, 14 Apr 2008 11:15:52 +0200 Subject: [NETFILTER]: nf_nat: kill helper and seq_adjust hooks Connection tracking helpers (specifically FTP) need to be called before NAT sequence numbers adjustments are performed to be able to compare them against previously seen ones. We've introduced two new hooks around 2.6.11 to maintain this ordering when NAT modules were changed to get called from conntrack helpers directly. The cost of netfilter hooks is quite high and sequence number adjustments are only rarely needed however. Add a RCU-protected sequence number adjustment function pointer and call it from IPv4 conntrack after calling the helper. Signed-off-by: Patrick McHardy --- include/net/netfilter/nf_nat_helper.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'include/net') diff --git a/include/net/netfilter/nf_nat_helper.h b/include/net/netfilter/nf_nat_helper.h index 58dd2268794..237a961f40e 100644 --- a/include/net/netfilter/nf_nat_helper.h +++ b/include/net/netfilter/nf_nat_helper.h @@ -24,6 +24,9 @@ extern int nf_nat_mangle_udp_packet(struct sk_buff *skb, extern int nf_nat_seq_adjust(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info ctinfo); +extern int (*nf_nat_seq_adjust_hook)(struct sk_buff *skb, + struct nf_conn *ct, + enum ip_conntrack_info ctinfo); /* Setup NAT on this expected conntrack so it follows master, but goes * to port ct->master->saved_proto. */ -- cgit v1.2.3 From 5e8fbe2ac8a3f1e34e7004c5750ef59bf9304f82 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Mon, 14 Apr 2008 11:15:52 +0200 Subject: [NETFILTER]: nf_conntrack: add tuplehash l3num/protonum accessors Add accessors for l3num and protonum and get rid of some overly long expressions. Signed-off-by: Patrick McHardy --- include/net/netfilter/nf_conntrack.h | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'include/net') diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index 4a0496aa32d..26e6a6e2b5a 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h @@ -140,6 +140,16 @@ nf_ct_tuplehash_to_ctrack(const struct nf_conntrack_tuple_hash *hash) tuplehash[hash->tuple.dst.dir]); } +static inline u_int16_t nf_ct_l3num(const struct nf_conn *ct) +{ + return ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num; +} + +static inline u_int8_t nf_ct_protonum(const struct nf_conn *ct) +{ + return ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum; +} + /* get master conntrack via master expectation */ #define master_ct(conntr) (conntr->master) -- cgit v1.2.3 From 9dbae7917899d78a094aceeb5062cd76efa89052 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 14 Apr 2008 11:15:52 +0200 Subject: [NETFILTER]: Remove unused callbacks in nf_conntrack_l3proto These functions are never called. Signed-off-by: Jan Engelhardt Signed-off-by: Patrick McHardy --- include/net/netfilter/nf_conntrack_l3proto.h | 11 ----------- 1 file changed, 11 deletions(-) (limited to 'include/net') diff --git a/include/net/netfilter/nf_conntrack_l3proto.h b/include/net/netfilter/nf_conntrack_l3proto.h index b886e3ae6ca..db0825803b1 100644 --- a/include/net/netfilter/nf_conntrack_l3proto.h +++ b/include/net/netfilter/nf_conntrack_l3proto.h @@ -42,17 +42,6 @@ struct nf_conntrack_l3proto int (*print_tuple)(struct seq_file *s, const struct nf_conntrack_tuple *); - /* Returns verdict for packet, or -1 for invalid. */ - int (*packet)(struct nf_conn *ct, - const struct sk_buff *skb, - enum ip_conntrack_info ctinfo); - - /* - * Called when a new connection for this protocol found; - * returns TRUE if it's OK. If so, packet() called next. - */ - int (*new)(struct nf_conn *ct, const struct sk_buff *skb); - /* * Called before tracking. * *dataoff: offset of protocol header (TCP, UDP,...) in skb -- cgit v1.2.3 From 8ce8439a31f723f3aa28adf27fe8797a5678dde1 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 14 Apr 2008 11:15:52 +0200 Subject: [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l3proto Signed-off-by: Jan Engelhardt Signed-off-by: Patrick McHardy --- include/net/netfilter/nf_conntrack_l3proto.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'include/net') diff --git a/include/net/netfilter/nf_conntrack_l3proto.h b/include/net/netfilter/nf_conntrack_l3proto.h index db0825803b1..0378676c3dd 100644 --- a/include/net/netfilter/nf_conntrack_l3proto.h +++ b/include/net/netfilter/nf_conntrack_l3proto.h @@ -28,15 +28,15 @@ struct nf_conntrack_l3proto * Try to fill in the third arg: nhoff is offset of l3 proto * hdr. Return true if possible. */ - int (*pkt_to_tuple)(const struct sk_buff *skb, unsigned int nhoff, - struct nf_conntrack_tuple *tuple); + bool (*pkt_to_tuple)(const struct sk_buff *skb, unsigned int nhoff, + struct nf_conntrack_tuple *tuple); /* * Invert the per-proto part of the tuple: ie. turn xmit into reply. * Some packets can't be inverted: return 0 in that case. */ - int (*invert_tuple)(struct nf_conntrack_tuple *inverse, - const struct nf_conntrack_tuple *orig); + bool (*invert_tuple)(struct nf_conntrack_tuple *inverse, + const struct nf_conntrack_tuple *orig); /* Print out the per-protocol part of the tuple. */ int (*print_tuple)(struct seq_file *s, -- cgit v1.2.3 From 09f263cd39751cada63dec2dccc71e67c00bc38c Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 14 Apr 2008 11:15:53 +0200 Subject: [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l4proto Signed-off-by: Jan Engelhardt Signed-off-by: Patrick McHardy --- include/net/netfilter/nf_conntrack_l4proto.h | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'include/net') diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h index efc16eccddb..723df9d1cc3 100644 --- a/include/net/netfilter/nf_conntrack_l4proto.h +++ b/include/net/netfilter/nf_conntrack_l4proto.h @@ -25,15 +25,14 @@ struct nf_conntrack_l4proto /* Try to fill in the third arg: dataoff is offset past network protocol hdr. Return true if possible. */ - int (*pkt_to_tuple)(const struct sk_buff *skb, - unsigned int dataoff, - struct nf_conntrack_tuple *tuple); + bool (*pkt_to_tuple)(const struct sk_buff *skb, unsigned int dataoff, + struct nf_conntrack_tuple *tuple); /* Invert the per-proto part of the tuple: ie. turn xmit into reply. * Some packets can't be inverted: return 0 in that case. */ - int (*invert_tuple)(struct nf_conntrack_tuple *inverse, - const struct nf_conntrack_tuple *orig); + bool (*invert_tuple)(struct nf_conntrack_tuple *inverse, + const struct nf_conntrack_tuple *orig); /* Returns verdict for packet, or -1 for invalid. */ int (*packet)(struct nf_conn *ct, @@ -45,8 +44,8 @@ struct nf_conntrack_l4proto /* Called when a new connection for this protocol found; * returns TRUE if it's OK. If so, packet() called next. */ - int (*new)(struct nf_conn *ct, const struct sk_buff *skb, - unsigned int dataoff); + bool (*new)(struct nf_conn *ct, const struct sk_buff *skb, + unsigned int dataoff); /* Called when a conntrack entry is destroyed */ void (*destroy)(struct nf_conn *ct); -- cgit v1.2.3 From 5f2b4c9006fc667c4614f0b079efab3721f68316 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 14 Apr 2008 11:15:53 +0200 Subject: [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_tuple.h Signed-off-by: Jan Engelhardt Signed-off-by: Patrick McHardy --- include/net/netfilter/nf_conntrack.h | 11 ++++----- include/net/netfilter/nf_conntrack_core.h | 4 +-- include/net/netfilter/nf_conntrack_tuple.h | 39 ++++++++++++++++-------------- 3 files changed, 28 insertions(+), 26 deletions(-) (limited to 'include/net') diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index 26e6a6e2b5a..2dbd6c015b9 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h @@ -194,12 +194,11 @@ extern void nf_conntrack_hash_insert(struct nf_conn *ct); extern void nf_conntrack_flush(void); -extern int nf_ct_get_tuplepr(const struct sk_buff *skb, - unsigned int nhoff, - u_int16_t l3num, - struct nf_conntrack_tuple *tuple); -extern int nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse, - const struct nf_conntrack_tuple *orig); +extern bool nf_ct_get_tuplepr(const struct sk_buff *skb, + unsigned int nhoff, u_int16_t l3num, + struct nf_conntrack_tuple *tuple); +extern bool nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse, + const struct nf_conntrack_tuple *orig); extern void __nf_ct_refresh_acct(struct nf_conn *ct, enum ip_conntrack_info ctinfo, diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h index 9ee26469c75..a8177121093 100644 --- a/include/net/netfilter/nf_conntrack_core.h +++ b/include/net/netfilter/nf_conntrack_core.h @@ -30,7 +30,7 @@ extern void nf_conntrack_cleanup(void); extern int nf_conntrack_proto_init(void); extern void nf_conntrack_proto_fini(void); -extern int +extern bool nf_ct_get_tuple(const struct sk_buff *skb, unsigned int nhoff, unsigned int dataoff, @@ -40,7 +40,7 @@ nf_ct_get_tuple(const struct sk_buff *skb, const struct nf_conntrack_l3proto *l3proto, const struct nf_conntrack_l4proto *l4proto); -extern int +extern bool nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse, const struct nf_conntrack_tuple *orig, const struct nf_conntrack_l3proto *l3proto, diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h index bdeec346138..2722b13ecd6 100644 --- a/include/net/netfilter/nf_conntrack_tuple.h +++ b/include/net/netfilter/nf_conntrack_tuple.h @@ -166,61 +166,64 @@ struct nf_conntrack_tuple_hash #endif /* __KERNEL__ */ -static inline int __nf_ct_tuple_src_equal(const struct nf_conntrack_tuple *t1, - const struct nf_conntrack_tuple *t2) +static inline bool __nf_ct_tuple_src_equal(const struct nf_conntrack_tuple *t1, + const struct nf_conntrack_tuple *t2) { return (nf_inet_addr_cmp(&t1->src.u3, &t2->src.u3) && t1->src.u.all == t2->src.u.all && t1->src.l3num == t2->src.l3num); } -static inline int __nf_ct_tuple_dst_equal(const struct nf_conntrack_tuple *t1, - const struct nf_conntrack_tuple *t2) +static inline bool __nf_ct_tuple_dst_equal(const struct nf_conntrack_tuple *t1, + const struct nf_conntrack_tuple *t2) { return (nf_inet_addr_cmp(&t1->dst.u3, &t2->dst.u3) && t1->dst.u.all == t2->dst.u.all && t1->dst.protonum == t2->dst.protonum); } -static inline int nf_ct_tuple_equal(const struct nf_conntrack_tuple *t1, - const struct nf_conntrack_tuple *t2) +static inline bool nf_ct_tuple_equal(const struct nf_conntrack_tuple *t1, + const struct nf_conntrack_tuple *t2) { return __nf_ct_tuple_src_equal(t1, t2) && __nf_ct_tuple_dst_equal(t1, t2); } -static inline int nf_ct_tuple_mask_equal(const struct nf_conntrack_tuple_mask *m1, - const struct nf_conntrack_tuple_mask *m2) +static inline bool +nf_ct_tuple_mask_equal(const struct nf_conntrack_tuple_mask *m1, + const struct nf_conntrack_tuple_mask *m2) { return (nf_inet_addr_cmp(&m1->src.u3, &m2->src.u3) && m1->src.u.all == m2->src.u.all); } -static inline int nf_ct_tuple_src_mask_cmp(const struct nf_conntrack_tuple *t1, - const struct nf_conntrack_tuple *t2, - const struct nf_conntrack_tuple_mask *mask) +static inline bool +nf_ct_tuple_src_mask_cmp(const struct nf_conntrack_tuple *t1, + const struct nf_conntrack_tuple *t2, + const struct nf_conntrack_tuple_mask *mask) { int count; for (count = 0; count < NF_CT_TUPLE_L3SIZE; count++) { if ((t1->src.u3.all[count] ^ t2->src.u3.all[count]) & mask->src.u3.all[count]) - return 0; + return false; } if ((t1->src.u.all ^ t2->src.u.all) & mask->src.u.all) - return 0; + return false; if (t1->src.l3num != t2->src.l3num || t1->dst.protonum != t2->dst.protonum) - return 0; + return false; - return 1; + return true; } -static inline int nf_ct_tuple_mask_cmp(const struct nf_conntrack_tuple *t, - const struct nf_conntrack_tuple *tuple, - const struct nf_conntrack_tuple_mask *mask) +static inline bool +nf_ct_tuple_mask_cmp(const struct nf_conntrack_tuple *t, + const struct nf_conntrack_tuple *tuple, + const struct nf_conntrack_tuple_mask *mask) { return nf_ct_tuple_src_mask_cmp(t, tuple, mask) && __nf_ct_tuple_dst_equal(t, tuple); -- cgit v1.2.3 From f2ea825f483d5d78754ae813b6db63f8b74e9343 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 14 Apr 2008 11:15:53 +0200 Subject: [NETFILTER]: nf_nat: use bool type in nf_nat_proto Signed-off-by: Jan Engelhardt Signed-off-by: Patrick McHardy --- include/net/netfilter/nf_nat_protocol.h | 42 ++++++++++++++++----------------- 1 file changed, 21 insertions(+), 21 deletions(-) (limited to 'include/net') diff --git a/include/net/netfilter/nf_nat_protocol.h b/include/net/netfilter/nf_nat_protocol.h index fba94a2028d..f3662c4394e 100644 --- a/include/net/netfilter/nf_nat_protocol.h +++ b/include/net/netfilter/nf_nat_protocol.h @@ -15,25 +15,25 @@ struct nf_nat_protocol /* Translate a packet to the target according to manip type. Return true if succeeded. */ - int (*manip_pkt)(struct sk_buff *skb, - unsigned int iphdroff, - const struct nf_conntrack_tuple *tuple, - enum nf_nat_manip_type maniptype); + bool (*manip_pkt)(struct sk_buff *skb, + unsigned int iphdroff, + const struct nf_conntrack_tuple *tuple, + enum nf_nat_manip_type maniptype); /* Is the manipable part of the tuple between min and max incl? */ - int (*in_range)(const struct nf_conntrack_tuple *tuple, - enum nf_nat_manip_type maniptype, - const union nf_conntrack_man_proto *min, - const union nf_conntrack_man_proto *max); + bool (*in_range)(const struct nf_conntrack_tuple *tuple, + enum nf_nat_manip_type maniptype, + const union nf_conntrack_man_proto *min, + const union nf_conntrack_man_proto *max); /* Alter the per-proto part of the tuple (depending on maniptype), to give a unique tuple in the given range if possible; return false if not. Per-protocol part of tuple is initialized to the incoming packet. */ - int (*unique_tuple)(struct nf_conntrack_tuple *tuple, - const struct nf_nat_range *range, - enum nf_nat_manip_type maniptype, - const struct nf_conn *ct); + bool (*unique_tuple)(struct nf_conntrack_tuple *tuple, + const struct nf_nat_range *range, + enum nf_nat_manip_type maniptype, + const struct nf_conn *ct); int (*range_to_nlattr)(struct sk_buff *skb, const struct nf_nat_range *range); @@ -59,16 +59,16 @@ extern int init_protocols(void) __init; extern void cleanup_protocols(void); extern const struct nf_nat_protocol *find_nat_proto(u_int16_t protonum); -extern int nf_nat_proto_in_range(const struct nf_conntrack_tuple *tuple, - enum nf_nat_manip_type maniptype, - const union nf_conntrack_man_proto *min, - const union nf_conntrack_man_proto *max); +extern bool nf_nat_proto_in_range(const struct nf_conntrack_tuple *tuple, + enum nf_nat_manip_type maniptype, + const union nf_conntrack_man_proto *min, + const union nf_conntrack_man_proto *max); -extern int nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple, - const struct nf_nat_range *range, - enum nf_nat_manip_type maniptype, - const struct nf_conn *ct, - u_int16_t *rover); +extern bool nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple, + const struct nf_nat_range *range, + enum nf_nat_manip_type maniptype, + const struct nf_conn *ct, + u_int16_t *rover); extern int nf_nat_proto_range_to_nlattr(struct sk_buff *skb, const struct nf_nat_range *range); -- cgit v1.2.3 From 3c9fba656a185cf56872a325e5594d9b4d4168ec Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 14 Apr 2008 11:15:54 +0200 Subject: [NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by function call Directly call IPv4 and IPv6 variants where the address family is easily known. Signed-off-by: Jan Engelhardt Signed-off-by: Patrick McHardy --- include/net/netfilter/nf_conntrack_tuple.h | 2 -- 1 file changed, 2 deletions(-) (limited to 'include/net') diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h index 2722b13ecd6..1bb7087833d 100644 --- a/include/net/netfilter/nf_conntrack_tuple.h +++ b/include/net/netfilter/nf_conntrack_tuple.h @@ -151,8 +151,6 @@ static inline void nf_ct_dump_tuple(const struct nf_conntrack_tuple *t) } } -#define NF_CT_DUMP_TUPLE(tp) nf_ct_dump_tuple(tp) - /* If we're the first tuple, it's the original dir. */ #define NF_CT_DIRECTION(h) \ ((enum ip_conntrack_dir)(h)->tuple.dst.dir) -- cgit v1.2.3