mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-17 01:16:42 +07:00
netfilter: conntrack: handle icmp pkt_to_tuple helper via direct calls
rather than handling them via indirect call, use a direct one instead. This leaves GRE as the last user of this indirect call facility. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
a47c540481
commit
e2e48b4716
@ -90,6 +90,16 @@ struct nf_conntrack_l4proto {
|
||||
struct module *me;
|
||||
};
|
||||
|
||||
bool icmp_pkt_to_tuple(const struct sk_buff *skb,
|
||||
unsigned int dataoff,
|
||||
struct net *net,
|
||||
struct nf_conntrack_tuple *tuple);
|
||||
|
||||
bool icmpv6_pkt_to_tuple(const struct sk_buff *skb,
|
||||
unsigned int dataoff,
|
||||
struct net *net,
|
||||
struct nf_conntrack_tuple *tuple);
|
||||
|
||||
int nf_conntrack_icmpv4_error(struct nf_conn *tmpl,
|
||||
struct sk_buff *skb,
|
||||
unsigned int dataoff,
|
||||
|
@ -274,6 +274,12 @@ nf_ct_get_tuple(const struct sk_buff *skb,
|
||||
tuple->dst.protonum = protonum;
|
||||
tuple->dst.dir = IP_CT_DIR_ORIGINAL;
|
||||
|
||||
switch (protonum) {
|
||||
case IPPROTO_ICMPV6:
|
||||
return icmpv6_pkt_to_tuple(skb, dataoff, net, tuple);
|
||||
case IPPROTO_ICMP:
|
||||
return icmp_pkt_to_tuple(skb, dataoff, net, tuple);
|
||||
}
|
||||
if (unlikely(l4proto->pkt_to_tuple))
|
||||
return l4proto->pkt_to_tuple(skb, dataoff, net, tuple);
|
||||
|
||||
|
@ -25,8 +25,8 @@
|
||||
|
||||
static const unsigned int nf_ct_icmp_timeout = 30*HZ;
|
||||
|
||||
static bool icmp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,
|
||||
struct net *net, struct nf_conntrack_tuple *tuple)
|
||||
bool icmp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,
|
||||
struct net *net, struct nf_conntrack_tuple *tuple)
|
||||
{
|
||||
const struct icmphdr *hp;
|
||||
struct icmphdr _hdr;
|
||||
@ -347,7 +347,6 @@ static struct nf_proto_net *icmp_get_net_proto(struct net *net)
|
||||
const struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp =
|
||||
{
|
||||
.l4proto = IPPROTO_ICMP,
|
||||
.pkt_to_tuple = icmp_pkt_to_tuple,
|
||||
.invert_tuple = icmp_invert_tuple,
|
||||
#if IS_ENABLED(CONFIG_NF_CT_NETLINK)
|
||||
.tuple_to_nlattr = icmp_tuple_to_nlattr,
|
||||
|
@ -30,10 +30,10 @@
|
||||
|
||||
static const unsigned int nf_ct_icmpv6_timeout = 30*HZ;
|
||||
|
||||
static bool icmpv6_pkt_to_tuple(const struct sk_buff *skb,
|
||||
unsigned int dataoff,
|
||||
struct net *net,
|
||||
struct nf_conntrack_tuple *tuple)
|
||||
bool icmpv6_pkt_to_tuple(const struct sk_buff *skb,
|
||||
unsigned int dataoff,
|
||||
struct net *net,
|
||||
struct nf_conntrack_tuple *tuple)
|
||||
{
|
||||
const struct icmp6hdr *hp;
|
||||
struct icmp6hdr _hdr;
|
||||
@ -358,7 +358,6 @@ static struct nf_proto_net *icmpv6_get_net_proto(struct net *net)
|
||||
const struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 =
|
||||
{
|
||||
.l4proto = IPPROTO_ICMPV6,
|
||||
.pkt_to_tuple = icmpv6_pkt_to_tuple,
|
||||
.invert_tuple = icmpv6_invert_tuple,
|
||||
#if IS_ENABLED(CONFIG_NF_CT_NETLINK)
|
||||
.tuple_to_nlattr = icmpv6_tuple_to_nlattr,
|
||||
|
Loading…
Reference in New Issue
Block a user