From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Subject: [NETFILTER 03/39]: xt_conntrack: clean up overly long lines
Date: Wed, 20 Sep 2006 10:23:55 +0200 (MEST) [thread overview]
Message-ID: <20060920082446.14636.86678.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20060920082442.14636.6806.sendpatchset@localhost.localdomain>
[NETFILTER]: xt_conntrack: clean up overly long lines
Also fix some whitespace errors and use the NAT bits instead of deriving
the state manually.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 9e49956af011aa3825b17ab6edd18a9eafa19bc2
tree 55415a6fa0ce4faa16296e2a1dbf2dcafdf3503b
parent 02f2210c487d5c2c48fb2b30d15d6dec688e1152
author Patrick McHardy <kaber@trash.net> Wed, 20 Sep 2006 09:27:54 +0200
committer Patrick McHardy <kaber@trash.net> Wed, 20 Sep 2006 09:27:54 +0200
net/netfilter/xt_conntrack.c | 179 +++++++++++++++++++++++-------------------
1 files changed, 98 insertions(+), 81 deletions(-)
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c
index 39c57e9..0ea501a 100644
--- a/net/netfilter/xt_conntrack.c
+++ b/net/netfilter/xt_conntrack.c
@@ -45,7 +45,7 @@ match(const struct sk_buff *skb,
ct = ip_conntrack_get((struct sk_buff *)skb, &ctinfo);
-#define FWINV(bool,invflg) ((bool) ^ !!(sinfo->invflags & invflg))
+#define FWINV(bool, invflg) ((bool) ^ !!(sinfo->invflags & invflg))
if (ct == &ip_conntrack_untracked)
statebit = XT_CONNTRACK_STATE_UNTRACKED;
@@ -54,63 +54,72 @@ #define FWINV(bool,invflg) ((bool) ^ !!(
else
statebit = XT_CONNTRACK_STATE_INVALID;
- if(sinfo->flags & XT_CONNTRACK_STATE) {
+ if (sinfo->flags & XT_CONNTRACK_STATE) {
if (ct) {
- if(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip !=
- ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip)
+ if (test_bit(IPS_SRC_NAT_BIT, &ct->status))
statebit |= XT_CONNTRACK_STATE_SNAT;
-
- if(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip !=
- ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip)
+ if (test_bit(IPS_DST_NAT_BIT, &ct->status))
statebit |= XT_CONNTRACK_STATE_DNAT;
}
-
- if (FWINV((statebit & sinfo->statemask) == 0, XT_CONNTRACK_STATE))
+ if (FWINV((statebit & sinfo->statemask) == 0,
+ XT_CONNTRACK_STATE))
return 0;
}
- if(sinfo->flags & XT_CONNTRACK_PROTO) {
- if (!ct || FWINV(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum != sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum, XT_CONNTRACK_PROTO))
- return 0;
- }
-
- if(sinfo->flags & XT_CONNTRACK_ORIGSRC) {
- if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip&sinfo->sipmsk[IP_CT_DIR_ORIGINAL].s_addr) != sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip, XT_CONNTRACK_ORIGSRC))
+ if (ct == NULL) {
+ if (sinfo->flags & ~XT_CONNTRACK_STATE)
return 0;
+ return 1;
}
- if(sinfo->flags & XT_CONNTRACK_ORIGDST) {
- if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip&sinfo->dipmsk[IP_CT_DIR_ORIGINAL].s_addr) != sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip, XT_CONNTRACK_ORIGDST))
- return 0;
- }
-
- if(sinfo->flags & XT_CONNTRACK_REPLSRC) {
- if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip&sinfo->sipmsk[IP_CT_DIR_REPLY].s_addr) != sinfo->tuple[IP_CT_DIR_REPLY].src.ip, XT_CONNTRACK_REPLSRC))
- return 0;
- }
+ if (sinfo->flags & XT_CONNTRACK_PROTO &&
+ FWINV(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum !=
+ sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum,
+ XT_CONNTRACK_PROTO))
+ return 0;
+
+ if (sinfo->flags & XT_CONNTRACK_ORIGSRC &&
+ FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip &
+ sinfo->sipmsk[IP_CT_DIR_ORIGINAL].s_addr) !=
+ sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip,
+ XT_CONNTRACK_ORIGSRC))
+ return 0;
- if(sinfo->flags & XT_CONNTRACK_REPLDST) {
- if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip&sinfo->dipmsk[IP_CT_DIR_REPLY].s_addr) != sinfo->tuple[IP_CT_DIR_REPLY].dst.ip, XT_CONNTRACK_REPLDST))
- return 0;
- }
+ if (sinfo->flags & XT_CONNTRACK_ORIGDST &&
+ FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip &
+ sinfo->dipmsk[IP_CT_DIR_ORIGINAL].s_addr) !=
+ sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip,
+ XT_CONNTRACK_ORIGDST))
+ return 0;
- if(sinfo->flags & XT_CONNTRACK_STATUS) {
- if (!ct || FWINV((ct->status & sinfo->statusmask) == 0, XT_CONNTRACK_STATUS))
- return 0;
- }
+ if (sinfo->flags & XT_CONNTRACK_REPLSRC &&
+ FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip &
+ sinfo->sipmsk[IP_CT_DIR_REPLY].s_addr) !=
+ sinfo->tuple[IP_CT_DIR_REPLY].src.ip,
+ XT_CONNTRACK_REPLSRC))
+ return 0;
- if(sinfo->flags & XT_CONNTRACK_EXPIRES) {
- unsigned long expires;
+ if (sinfo->flags & XT_CONNTRACK_REPLDST &&
+ FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip &
+ sinfo->dipmsk[IP_CT_DIR_REPLY].s_addr) !=
+ sinfo->tuple[IP_CT_DIR_REPLY].dst.ip,
+ XT_CONNTRACK_REPLDST))
+ return 0;
- if(!ct)
- return 0;
+ if (sinfo->flags & XT_CONNTRACK_STATUS &&
+ FWINV((ct->status & sinfo->statusmask) == 0,
+ XT_CONNTRACK_STATUS))
+ return 0;
- expires = timer_pending(&ct->timeout) ? (ct->timeout.expires - jiffies)/HZ : 0;
+ if (sinfo->flags & XT_CONNTRACK_EXPIRES) {
+ unsigned long expires = timer_pending(&ct->timeout) ?
+ (ct->timeout.expires - jiffies)/HZ : 0;
- if (FWINV(!(expires >= sinfo->expires_min && expires <= sinfo->expires_max), XT_CONNTRACK_EXPIRES))
+ if (FWINV(!(expires >= sinfo->expires_min &&
+ expires <= sinfo->expires_max),
+ XT_CONNTRACK_EXPIRES))
return 0;
}
-
return 1;
}
@@ -141,63 +150,72 @@ #define FWINV(bool,invflg) ((bool) ^ !!(
else
statebit = XT_CONNTRACK_STATE_INVALID;
- if(sinfo->flags & XT_CONNTRACK_STATE) {
+ if (sinfo->flags & XT_CONNTRACK_STATE) {
if (ct) {
- if(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip !=
- ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip)
+ if (test_bit(IPS_SRC_NAT_BIT, &ct->status))
statebit |= XT_CONNTRACK_STATE_SNAT;
-
- if(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.ip !=
- ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip)
+ if (test_bit(IPS_DST_NAT_BIT, &ct->status))
statebit |= XT_CONNTRACK_STATE_DNAT;
}
-
- if (FWINV((statebit & sinfo->statemask) == 0, XT_CONNTRACK_STATE))
+ if (FWINV((statebit & sinfo->statemask) == 0,
+ XT_CONNTRACK_STATE))
return 0;
}
- if(sinfo->flags & XT_CONNTRACK_PROTO) {
- if (!ct || FWINV(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum != sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum, XT_CONNTRACK_PROTO))
- return 0;
- }
-
- if(sinfo->flags & XT_CONNTRACK_ORIGSRC) {
- if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip&sinfo->sipmsk[IP_CT_DIR_ORIGINAL].s_addr) != sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip, XT_CONNTRACK_ORIGSRC))
+ if (ct == NULL) {
+ if (sinfo->flags & ~XT_CONNTRACK_STATE)
return 0;
+ return 1;
}
- if(sinfo->flags & XT_CONNTRACK_ORIGDST) {
- if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.ip&sinfo->dipmsk[IP_CT_DIR_ORIGINAL].s_addr) != sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip, XT_CONNTRACK_ORIGDST))
- return 0;
- }
-
- if(sinfo->flags & XT_CONNTRACK_REPLSRC) {
- if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip&sinfo->sipmsk[IP_CT_DIR_REPLY].s_addr) != sinfo->tuple[IP_CT_DIR_REPLY].src.ip, XT_CONNTRACK_REPLSRC))
- return 0;
- }
+ if (sinfo->flags & XT_CONNTRACK_PROTO &&
+ FWINV(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum !=
+ sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum,
+ XT_CONNTRACK_PROTO))
+ return 0;
+
+ if (sinfo->flags & XT_CONNTRACK_ORIGSRC &&
+ FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip &
+ sinfo->sipmsk[IP_CT_DIR_ORIGINAL].s_addr) !=
+ sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip,
+ XT_CONNTRACK_ORIGSRC))
+ return 0;
- if(sinfo->flags & XT_CONNTRACK_REPLDST) {
- if (!ct || FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip&sinfo->dipmsk[IP_CT_DIR_REPLY].s_addr) != sinfo->tuple[IP_CT_DIR_REPLY].dst.ip, XT_CONNTRACK_REPLDST))
- return 0;
- }
+ if (sinfo->flags & XT_CONNTRACK_ORIGDST &&
+ FWINV((ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.ip &
+ sinfo->dipmsk[IP_CT_DIR_ORIGINAL].s_addr) !=
+ sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip,
+ XT_CONNTRACK_ORIGDST))
+ return 0;
- if(sinfo->flags & XT_CONNTRACK_STATUS) {
- if (!ct || FWINV((ct->status & sinfo->statusmask) == 0, XT_CONNTRACK_STATUS))
- return 0;
- }
+ if (sinfo->flags & XT_CONNTRACK_REPLSRC &&
+ FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip &
+ sinfo->sipmsk[IP_CT_DIR_REPLY].s_addr) !=
+ sinfo->tuple[IP_CT_DIR_REPLY].src.ip,
+ XT_CONNTRACK_REPLSRC))
+ return 0;
- if(sinfo->flags & XT_CONNTRACK_EXPIRES) {
- unsigned long expires;
+ if (sinfo->flags & XT_CONNTRACK_REPLDST &&
+ FWINV((ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip &
+ sinfo->dipmsk[IP_CT_DIR_REPLY].s_addr) !=
+ sinfo->tuple[IP_CT_DIR_REPLY].dst.ip,
+ XT_CONNTRACK_REPLDST))
+ return 0;
- if(!ct)
- return 0;
+ if (sinfo->flags & XT_CONNTRACK_STATUS &&
+ FWINV((ct->status & sinfo->statusmask) == 0,
+ XT_CONNTRACK_STATUS))
+ return 0;
- expires = timer_pending(&ct->timeout) ? (ct->timeout.expires - jiffies)/HZ : 0;
+ if(sinfo->flags & XT_CONNTRACK_EXPIRES) {
+ unsigned long expires = timer_pending(&ct->timeout) ?
+ (ct->timeout.expires - jiffies)/HZ : 0;
- if (FWINV(!(expires >= sinfo->expires_min && expires <= sinfo->expires_max), XT_CONNTRACK_EXPIRES))
+ if (FWINV(!(expires >= sinfo->expires_min &&
+ expires <= sinfo->expires_max),
+ XT_CONNTRACK_EXPIRES))
return 0;
}
-
return 1;
}
@@ -220,8 +238,7 @@ #endif
return 1;
}
-static void
-destroy(const struct xt_match *match, void *matchinfo)
+static void destroy(const struct xt_match *match, void *matchinfo)
{
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
nf_ct_l3proto_module_put(match->family);
next prev parent reply other threads:[~2006-09-20 8:23 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-20 8:23 [NETFILTER 00/39]: Netfilter update for 2.6.19 Patrick McHardy
2006-09-20 8:23 ` [NETFILTER 01/39]: remove unused include file Patrick McHardy
2006-09-20 8:23 ` [NETFILTER 02/39]: kill listhelp.h Patrick McHardy
2006-09-20 16:54 ` Patrick McHardy
2006-09-20 8:23 ` Patrick McHardy [this message]
2006-09-20 8:23 ` [NETFILTER 04/39]: ipt_TCPMSS: reformat Patrick McHardy
2006-09-20 11:03 ` Roberto Nibali
2006-09-20 18:19 ` David Miller
2006-09-20 21:11 ` Willy Tarreau
2006-09-20 8:23 ` [NETFILTER 05/39]: ipt_TCPMSS: remove impossible condition Patrick McHardy
2006-09-20 11:07 ` Roberto Nibali
2006-09-20 11:27 ` Patrick McHardy
2006-09-20 8:23 ` [NETFILTER 06/39]: ipt_TCPMSS: misc cleanup Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 07/39]: xt_limit: don't reset state on unrelated rule updates Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 08/39]: ip6table_mangle: reroute when nfmark changes in NF_IP6_LOCAL_OUT Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 09/39]: x_tables: small check_entry & module_refcount cleanup Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 10/39]: ctnetlink: simplify the code to dump the conntrack table Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 11/39]: conntrack: fix race condition in early_drop Patrick McHardy
2006-09-20 11:26 ` Roberto Nibali
2006-09-20 11:30 ` Patrick McHardy
2006-09-20 11:35 ` Roberto Nibali
2006-09-20 11:39 ` Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 12/39]: ipt_TTL: fix checksum update bug Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 13/39]: ip6t_HL: remove write-only variable Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 14/39]: xt_policy: remove dups in .family Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 15/39]: TCP conntrack: improve dead connection detection Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 16/39]: make some netfilter globals __read_mostly Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 17/39]: ip_tables: fix module refcount leaks in compat error paths Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 18/39]: ip_tables: revision support for compat code Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 19/39]: x_tables: simplify compat API Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 20/39]: xt_mark: add compat conversion functions Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 21/39]: xt_MARK: " Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 22/39]: xt_connmark: " Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 23/39]: xt_CONNMARK: " Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 24/39]: xt_limit: " Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 25/39]: ipt_hashlimit: " Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 26/39]: PPTP conntrack: fix whitespace errors Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 27/39]: PPTP conntrack: get rid of unnecessary byte order conversions Patrick McHardy
2006-09-20 11:46 ` Jones Desougi
2006-09-20 11:50 ` Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 28/39]: PPTP conntrack: remove dead code Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 29/39]: PPTP conntrack: remove more " Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 30/39]: PPTP conntrack: fix header definitions Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 31/39]: PPTP conntrack: remove unnecessary cid/pcid header pointers Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 32/39]: PPTP conntrack: simplify expectation handling Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 33/39]: PPTP conntrack: consolidate header size checks Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 34/39]: PPTP conntrack: consolidate header parsing Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 35/39]: PPTP conntrack: clean up debugging cruft Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 36/39]: PPTP conntrack: check call ID before changing state Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 37/39]: PPTP conntrack: fix PPTP_IN_CALL message types Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 38/39]: PPTP conntrack: fix GRE keymap leak Patrick McHardy
2006-09-20 8:24 ` [NETFILTER 39/39]: PPTP conntrack: fix another " Patrick McHardy
2006-09-20 19:11 ` [NETFILTER 00/39]: Netfilter update for 2.6.19 David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060920082446.14636.86678.sendpatchset@localhost.localdomain \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.