netfilter: conntrack: avoid unneeded nf_conntrack_l4proto lookups

bool nf_ct_get_tuplepr(const struct sk_buff *skb, unsigned int nhoff,

		       u_int16_t l3num, struct net *net,

		       struct nf_conntrack_tuple *tuple);

bool nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse,

			  const struct nf_conntrack_tuple *orig);

void __nf_ct_refresh_acct(struct nf_conn *ct, enum ip_conntrack_info ctinfo,

			  const struct sk_buff *skb,

void nf_conntrack_cleanup_end(void);

bool nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse,

			const struct nf_conntrack_tuple *orig,

			const struct nf_conntrack_l4proto *l4proto);

			const struct nf_conntrack_tuple *orig);

/* Find a connection corresponding to a tuple. */

struct nf_conntrack_tuple_hash *

	}

	/* Change outer to look like the reply to an incoming packet */

	nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple);

	nf_ct_invert_tuple(&target, &ct->tuplehash[!dir].tuple);

	if (!nf_nat_ipv4_manip_pkt(skb, 0, &target, manip))

		return 0;

						     skb->len - hdrlen, 0));

	}

	nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple);

	nf_ct_invert_tuple(&target, &ct->tuplehash[!dir].tuple);

	if (!nf_nat_ipv6_manip_pkt(skb, 0, &target, manip))

		return 0;

		u_int16_t l3num,

		u_int8_t protonum,

		struct net *net,

		struct nf_conntrack_tuple *tuple,

		const struct nf_conntrack_l4proto *l4proto)

		struct nf_conntrack_tuple *tuple)

{

	unsigned int size;

	const __be32 *ap;

		       u_int16_t l3num,

		       struct net *net, struct nf_conntrack_tuple *tuple)

{

	const struct nf_conntrack_l4proto *l4proto;

	u8 protonum;

	int protoff;

	int ret;

	rcu_read_lock();

	protoff = get_l4proto(skb, nhoff, l3num, &protonum);

	if (protoff <= 0) {

		rcu_read_unlock();

	if (protoff <= 0)

		return false;

	}

	l4proto = __nf_ct_l4proto_find(protonum);

	ret = nf_ct_get_tuple(skb, nhoff, protoff, l3num, protonum, net, tuple,

			      l4proto);

	rcu_read_unlock();

	return ret;

	return nf_ct_get_tuple(skb, nhoff, protoff, l3num, protonum, net, tuple);

}

EXPORT_SYMBOL_GPL(nf_ct_get_tuplepr);

bool

nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse,

		   const struct nf_conntrack_tuple *orig,

		   const struct nf_conntrack_l4proto *l4proto)

		   const struct nf_conntrack_tuple *orig)

{

	memset(inverse, 0, sizeof(*inverse));

static noinline struct nf_conntrack_tuple_hash *

init_conntrack(struct net *net, struct nf_conn *tmpl,

	       const struct nf_conntrack_tuple *tuple,

	       const struct nf_conntrack_l4proto *l4proto,

	       struct sk_buff *skb,

	       unsigned int dataoff, u32 hash)

{

	struct nf_conn_timeout *timeout_ext;

	struct nf_conntrack_zone tmp;

	if (!nf_ct_invert_tuple(&repl_tuple, tuple, l4proto)) {

	if (!nf_ct_invert_tuple(&repl_tuple, tuple)) {

		pr_debug("Can't invert tuple.\n");

		return NULL;

	}

		  struct sk_buff *skb,

		  unsigned int dataoff,

		  u_int8_t protonum,

		  const struct nf_conntrack_l4proto *l4proto,

		  const struct nf_hook_state *state)

{

	const struct nf_conntrack_zone *zone;

	if (!nf_ct_get_tuple(skb, skb_network_offset(skb),

			     dataoff, state->pf, protonum, state->net,

			     &tuple, l4proto)) {

			     &tuple)) {

		pr_debug("Can't get tuple\n");

		return 0;

	}

	hash = hash_conntrack_raw(&tuple, state->net);

	h = __nf_conntrack_find_get(state->net, zone, &tuple, hash);

	if (!h) {

		h = init_conntrack(state->net, tmpl, &tuple, l4proto,

		h = init_conntrack(state->net, tmpl, &tuple,

				   skb, dataoff, hash);

		if (!h)

			return 0;

unsigned int

nf_conntrack_in(struct sk_buff *skb, const struct nf_hook_state *state)

{

	const struct nf_conntrack_l4proto *l4proto;

	enum ip_conntrack_info ctinfo;

	struct nf_conn *ct, *tmpl;

	u_int8_t protonum;

		goto out;

	}

	l4proto = __nf_ct_l4proto_find(protonum);

	if (protonum == IPPROTO_ICMP || protonum == IPPROTO_ICMPV6) {

		ret = nf_conntrack_handle_icmp(tmpl, skb, dataoff,

					       protonum, state);

	}

repeat:

	ret = resolve_normal_ct(tmpl, skb, dataoff,

				protonum, l4proto, state);

				protonum, state);

	if (ret < 0) {

		/* Too stressed to deal. */

		NF_CT_STAT_INC_ATOMIC(state->net, drop);

}

EXPORT_SYMBOL_GPL(nf_conntrack_in);

bool nf_ct_invert_tuplepr(struct nf_conntrack_tuple *inverse,

			  const struct nf_conntrack_tuple *orig)

{

	bool ret;

	rcu_read_lock();

	ret = nf_ct_invert_tuple(inverse, orig,

				 __nf_ct_l4proto_find(orig->dst.protonum));

	rcu_read_unlock();

	return ret;

}

EXPORT_SYMBOL_GPL(nf_ct_invert_tuplepr);

/* Alter reply tuple (maybe alter helper).  This is for NAT, and is

   implicitly racy: see __nf_conntrack_confirm */

void nf_conntrack_alter_reply(struct nf_conn *ct,

static int nf_conntrack_update(struct net *net, struct sk_buff *skb)

{

	const struct nf_conntrack_l4proto *l4proto;

	struct nf_conntrack_tuple_hash *h;

	struct nf_conntrack_tuple tuple;

	enum ip_conntrack_info ctinfo;

	if (dataoff <= 0)

		return -1;

	l4proto = nf_ct_l4proto_find_get(l4num);

	if (!nf_ct_get_tuple(skb, skb_network_offset(skb), dataoff, l3num,

			     l4num, net, &tuple, l4proto))

			     l4num, net, &tuple))

		return -1;

	if (ct->status & IPS_SRC_NAT) {