Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e2e48b47 authored Jan 15, 2019 by Florian Westphal Committed by Pablo Neira Ayuso Jan 18, 2019

netfilter: conntrack: handle icmp pkt_to_tuple helper via direct calls



rather than handling them via indirect call, use a direct one instead.
This leaves GRE as the last user of this indirect call facility.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent a47c5404

include/net/netfilter/nf_conntrack_l4proto.h

+10 −0

Original line number	Diff line number	Diff line
		@@ -90,6 +90,16 @@ struct nf_conntrack_l4proto {
		struct module *me;
		};

		bool icmp_pkt_to_tuple(const struct sk_buff *skb,
		unsigned int dataoff,
		struct net *net,
		struct nf_conntrack_tuple *tuple);

		bool icmpv6_pkt_to_tuple(const struct sk_buff *skb,
		unsigned int dataoff,
		struct net *net,
		struct nf_conntrack_tuple *tuple);

		int nf_conntrack_icmpv4_error(struct nf_conn *tmpl,
		struct sk_buff *skb,
		unsigned int dataoff,

net/netfilter/nf_conntrack_core.c

+6 −0

Original line number	Diff line number	Diff line
		@@ -274,6 +274,12 @@ nf_ct_get_tuple(const struct sk_buff *skb,
		tuple->dst.protonum = protonum;
		tuple->dst.dir = IP_CT_DIR_ORIGINAL;

		switch (protonum) {
		case IPPROTO_ICMPV6:
		return icmpv6_pkt_to_tuple(skb, dataoff, net, tuple);
		case IPPROTO_ICMP:
		return icmp_pkt_to_tuple(skb, dataoff, net, tuple);
		}
		if (unlikely(l4proto->pkt_to_tuple))
		return l4proto->pkt_to_tuple(skb, dataoff, net, tuple);

net/netfilter/nf_conntrack_proto_icmp.c

+2 −3

Original line number	Diff line number	Diff line
		@@ -25,7 +25,7 @@

		static const unsigned int nf_ct_icmp_timeout = 30*HZ;

		static bool icmp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,
		bool icmp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,
		struct net net, struct nf_conntrack_tuple tuple)
		{
		const struct icmphdr *hp;
		@@ -347,7 +347,6 @@ static struct nf_proto_net icmp_get_net_proto(struct net net)
		const struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp =
		{
		.l4proto = IPPROTO_ICMP,
		.pkt_to_tuple = icmp_pkt_to_tuple,
		.invert_tuple = icmp_invert_tuple,
		#if IS_ENABLED(CONFIG_NF_CT_NETLINK)
		.tuple_to_nlattr = icmp_tuple_to_nlattr,

net/netfilter/nf_conntrack_proto_icmpv6.c

+4 −5

Original line number	Diff line number	Diff line
		@@ -30,7 +30,7 @@

		static const unsigned int nf_ct_icmpv6_timeout = 30*HZ;

		static bool icmpv6_pkt_to_tuple(const struct sk_buff *skb,
		bool icmpv6_pkt_to_tuple(const struct sk_buff *skb,
		unsigned int dataoff,
		struct net *net,
		struct nf_conntrack_tuple *tuple)
		@@ -358,7 +358,6 @@ static struct nf_proto_net icmpv6_get_net_proto(struct net net)
		const struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 =
		{
		.l4proto = IPPROTO_ICMPV6,
		.pkt_to_tuple = icmpv6_pkt_to_tuple,
		.invert_tuple = icmpv6_invert_tuple,
		#if IS_ENABLED(CONFIG_NF_CT_NETLINK)
		.tuple_to_nlattr = icmpv6_tuple_to_nlattr,