Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8b3892ea authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: conntrack: avoid calls to l4proto invert_tuple 



Handle the common cases (tcp, udp, etc). in the core and only
do the indirect call for the protocols that need it (GRE for instance).

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 6816d931

include/net/netfilter/nf_conntrack_l4proto.h

+1 −1
Original line number Original line Diff line number Diff line
@@ -36,7 +36,7 @@ struct nf_conntrack_l4proto { 
			     struct net *net, struct nf_conntrack_tuple *tuple);

			     struct net *net, struct nf_conntrack_tuple *tuple);





	/* Invert the per-proto part of the tuple: ie. turn xmit into reply.

	/* Invert the per-proto part of the tuple: ie. turn xmit into reply.

	 * Some packets can't be inverted: return 0 in that case.

	 * Only used by icmp, most protocols use a generic version.

	 */

	 */

	bool (*invert_tuple)(struct nf_conntrack_tuple *inverse,

	bool (*invert_tuple)(struct nf_conntrack_tuple *inverse,

			     const struct nf_conntrack_tuple *orig);

			     const struct nf_conntrack_tuple *orig);

net/netfilter/nf_conntrack_core.c

+7 −1
Original line number Original line Diff line number Diff line
@@ -400,7 +400,13 @@ nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse, 
	inverse->dst.dir = !orig->dst.dir;

	inverse->dst.dir = !orig->dst.dir;





	inverse->dst.protonum = orig->dst.protonum;

	inverse->dst.protonum = orig->dst.protonum;



	if (unlikely(l4proto->invert_tuple))

		return l4proto->invert_tuple(inverse, orig);

		return l4proto->invert_tuple(inverse, orig);



	inverse->src.u.all = orig->dst.u.all;

	inverse->dst.u.all = orig->src.u.all;

	return true;

}

}

EXPORT_SYMBOL_GPL(nf_ct_invert_tuple);

EXPORT_SYMBOL_GPL(nf_ct_invert_tuple);

net/netfilter/nf_conntrack_proto_dccp.c

+0 −10
Original line number Original line Diff line number Diff line
@@ -403,14 +403,6 @@ static bool dccp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff, 
	return true;

	return true;

}

}





static bool dccp_invert_tuple(struct nf_conntrack_tuple *inv,

			      const struct nf_conntrack_tuple *tuple)

{

	inv->src.u.dccp.port = tuple->dst.u.dccp.port;

	inv->dst.u.dccp.port = tuple->src.u.dccp.port;

	return true;

}



static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb,

static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb,

		     unsigned int dataoff, unsigned int *timeouts)

		     unsigned int dataoff, unsigned int *timeouts)

{

{
@@ -865,7 +857,6 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_dccp4 = { 
	.l3proto		= AF_INET,

	.l3proto		= AF_INET,

	.l4proto		= IPPROTO_DCCP,

	.l4proto		= IPPROTO_DCCP,

	.pkt_to_tuple		= dccp_pkt_to_tuple,

	.pkt_to_tuple		= dccp_pkt_to_tuple,

	.invert_tuple		= dccp_invert_tuple,

	.new			= dccp_new,

	.new			= dccp_new,

	.packet			= dccp_packet,

	.packet			= dccp_packet,

	.get_timeouts		= dccp_get_timeouts,

	.get_timeouts		= dccp_get_timeouts,
@@ -901,7 +892,6 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_dccp6 = { 
	.l3proto		= AF_INET6,

	.l3proto		= AF_INET6,

	.l4proto		= IPPROTO_DCCP,

	.l4proto		= IPPROTO_DCCP,

	.pkt_to_tuple		= dccp_pkt_to_tuple,

	.pkt_to_tuple		= dccp_pkt_to_tuple,

	.invert_tuple		= dccp_invert_tuple,

	.new			= dccp_new,

	.new			= dccp_new,

	.packet			= dccp_packet,

	.packet			= dccp_packet,

	.get_timeouts		= dccp_get_timeouts,

	.get_timeouts		= dccp_get_timeouts,

net/netfilter/nf_conntrack_proto_generic.c

+0 −10
Original line number Original line Diff line number Diff line
@@ -41,15 +41,6 @@ static bool generic_pkt_to_tuple(const struct sk_buff *skb, 
	return true;

	return true;

}

}





static bool generic_invert_tuple(struct nf_conntrack_tuple *tuple,

				 const struct nf_conntrack_tuple *orig)

{

	tuple->src.u.all = 0;

	tuple->dst.u.all = 0;



	return true;

}



static unsigned int *generic_get_timeouts(struct net *net)

static unsigned int *generic_get_timeouts(struct net *net)

{

{

	return &(generic_pernet(net)->timeout);

	return &(generic_pernet(net)->timeout);
@@ -168,7 +159,6 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_generic = 
	.l3proto		= PF_UNSPEC,

	.l3proto		= PF_UNSPEC,

	.l4proto		= 255,

	.l4proto		= 255,

	.pkt_to_tuple		= generic_pkt_to_tuple,

	.pkt_to_tuple		= generic_pkt_to_tuple,

	.invert_tuple		= generic_invert_tuple,

	.packet			= generic_packet,

	.packet			= generic_packet,

	.get_timeouts		= generic_get_timeouts,

	.get_timeouts		= generic_get_timeouts,

	.new			= generic_new,

	.new			= generic_new,

net/netfilter/nf_conntrack_proto_gre.c

+0 −10
Original line number Original line Diff line number Diff line
@@ -179,15 +179,6 @@ EXPORT_SYMBOL_GPL(nf_ct_gre_keymap_destroy); 




/* PUBLIC CONNTRACK PROTO HELPER FUNCTIONS */

/* PUBLIC CONNTRACK PROTO HELPER FUNCTIONS */





/* invert gre part of tuple */

static bool gre_invert_tuple(struct nf_conntrack_tuple *tuple,

			     const struct nf_conntrack_tuple *orig)

{

	tuple->dst.u.gre.key = orig->src.u.gre.key;

	tuple->src.u.gre.key = orig->dst.u.gre.key;

	return true;

}



/* gre hdr info to tuple */

/* gre hdr info to tuple */

static bool gre_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,

static bool gre_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,

			     struct net *net, struct nf_conntrack_tuple *tuple)

			     struct net *net, struct nf_conntrack_tuple *tuple)
@@ -356,7 +347,6 @@ static const struct nf_conntrack_l4proto nf_conntrack_l4proto_gre4 = { 
	.l3proto	 = AF_INET,

	.l3proto	 = AF_INET,

	.l4proto	 = IPPROTO_GRE,

	.l4proto	 = IPPROTO_GRE,

	.pkt_to_tuple	 = gre_pkt_to_tuple,

	.pkt_to_tuple	 = gre_pkt_to_tuple,

	.invert_tuple	 = gre_invert_tuple,

#ifdef CONFIG_NF_CONNTRACK_PROCFS

#ifdef CONFIG_NF_CONNTRACK_PROCFS

	.print_conntrack = gre_print_conntrack,

	.print_conntrack = gre_print_conntrack,

#endif

#endif