diff --git a/include/linux/netfilter/nf_conntrack_h323.h b/include/linux/netfilter/nf_conntrack_h323.h index 3faeb58..fbf9a94 100644 --- a/include/linux/netfilter/nf_conntrack_h323.h +++ b/include/linux/netfilter/nf_conntrack_h323.h @@ -32,10 +32,6 @@ struct nf_conn; extern int get_h225_addr(struct nf_conn *ct, unsigned char *data, TransportAddress *taddr, union nf_conntrack_address *addr, __be16 *port); -extern void nf_conntrack_h245_expect(struct nf_conn *new, - struct nf_conntrack_expect *this); -extern void nf_conntrack_q931_expect(struct nf_conn *new, - struct nf_conntrack_expect *this); extern int (*set_h245_addr_hook) (struct sk_buff **pskb, unsigned char **data, int dataoff, H245_TransportAddress *taddr, diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h index 2923bec..1c23ec2 100644 --- a/include/net/netfilter/nf_conntrack_expect.h +++ b/include/net/netfilter/nf_conntrack_expect.h @@ -22,6 +22,9 @@ struct nf_conntrack_expect void (*expectfn)(struct nf_conn *new, struct nf_conntrack_expect *this); + /* Helper to assign to new connection */ + struct nf_conntrack_helper *helper; + /* The conntrack of the master connection */ struct nf_conn *master; diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c index 81eb00f..a51fd46 100644 --- a/net/ipv4/netfilter/nf_nat_h323.c +++ b/net/ipv4/netfilter/nf_nat_h323.c @@ -324,18 +324,6 @@ static int nat_t120(struct sk_buff **psk return 0; } -/**************************************************************************** - * This conntrack expect function replaces nf_conntrack_h245_expect() - * which was set by nf_conntrack_helper_h323.c. It calls both - * nf_nat_follow_master() and nf_conntrack_h245_expect() - ****************************************************************************/ -static void ip_nat_h245_expect(struct nf_conn *new, - struct nf_conntrack_expect *this) -{ - nf_nat_follow_master(new, this); - nf_conntrack_h245_expect(new, this); -} - /****************************************************************************/ static int nat_h245(struct sk_buff **pskb, struct nf_conn *ct, enum ip_conntrack_info ctinfo, @@ -349,7 +337,7 @@ static int nat_h245(struct sk_buff **psk /* Set expectations for NAT */ exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port; - exp->expectfn = ip_nat_h245_expect; + exp->expectfn = nf_nat_follow_master; exp->dir = !dir; /* Check existing expects */ @@ -399,7 +387,7 @@ static void ip_nat_q931_expect(struct nf if (this->tuple.src.u3.ip != 0) { /* Only accept calls from GK */ nf_nat_follow_master(new, this); - goto out; + return; } /* This must be a fresh one. */ @@ -420,9 +408,6 @@ static void ip_nat_q931_expect(struct nf /* hook doesn't matter, but it has to do destination manip */ nf_nat_setup_info(new, &range, NF_IP_PRE_ROUTING); - - out: - nf_conntrack_q931_expect(new, this); } /****************************************************************************/ @@ -510,8 +495,6 @@ static void ip_nat_callforwarding_expect /* hook doesn't matter, but it has to do destination manip */ nf_nat_setup_info(new, &range, NF_IP_PRE_ROUTING); - - nf_conntrack_q931_expect(new, this); } /****************************************************************************/ diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index 59de125..7041d25 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c @@ -211,6 +211,7 @@ void nf_conntrack_expect_init(struct nf_ exp->flags = 0; exp->expectfn = NULL; + exp->helper = NULL; exp->tuple.src.l3num = family; exp->tuple.dst.protonum = proto; exp->mask.src.l3num = 0xFFFF; diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c index bd3bb15..ee77ed3 100644 --- a/net/netfilter/nf_conntrack_helper.c +++ b/net/netfilter/nf_conntrack_helper.c @@ -128,7 +128,8 @@ void nf_conntrack_helper_unregister(stru /* Get rid of expectations */ list_for_each_entry_safe(exp, tmp, &nf_conntrack_expect_list, list) { struct nf_conn_help *help = nfct_help(exp->master); - if (help->helper == me && del_timer(&exp->timeout)) { + if ((exp->helper == me || help->helper == me) && + del_timer(&exp->timeout)) { nf_ct_unlink_expect(exp); nf_conntrack_expect_put(exp); } diff --git a/net/netfilter/nf_conntrack_helper_h323.c b/net/netfilter/nf_conntrack_helper_h323.c index ed45ff2..1295a93 100644 --- a/net/netfilter/nf_conntrack_helper_h323.c +++ b/net/netfilter/nf_conntrack_helper_h323.c @@ -619,15 +619,6 @@ static struct nf_conntrack_helper nf_con }; /****************************************************************************/ -void nf_conntrack_h245_expect(struct nf_conn *new, - struct nf_conntrack_expect *this) -{ - write_lock_bh(&nf_conntrack_lock); - nfct_help(new)->helper = &nf_conntrack_helper_h245; - write_unlock_bh(&nf_conntrack_lock); -} - -/****************************************************************************/ int get_h225_addr(struct nf_conn *ct, unsigned char *data, TransportAddress *taddr, union nf_conntrack_address *addr, __be16 *port) @@ -685,6 +676,7 @@ static int expect_h245(struct sk_buff ** &ct->tuplehash[!dir].tuple.src.u3, &ct->tuplehash[!dir].tuple.dst.u3, IPPROTO_TCP, NULL, &port); + exp->helper = &nf_conntrack_helper_h245; if (memcmp(&ct->tuplehash[dir].tuple.src.u3, &ct->tuplehash[!dir].tuple.dst.u3, @@ -694,8 +686,6 @@ static int expect_h245(struct sk_buff ** ret = nat_h245_hook(pskb, ct, ctinfo, data, dataoff, taddr, port, exp); } else { /* Conntrack only */ - exp->expectfn = nf_conntrack_h245_expect; - if (nf_conntrack_expect_related(exp) == 0) { DEBUGP("nf_ct_q931: expect H.245 "); NF_CT_DUMP_TUPLE(&exp->tuple); @@ -708,10 +698,6 @@ static int expect_h245(struct sk_buff ** return ret; } -/* Forwarding declaration */ -void nf_conntrack_q931_expect(struct nf_conn *new, - struct nf_conntrack_expect *this); - /* If the calling party is on the same side of the forward-to party, * we don't need to track the second call */ static int callforward_do_filter(union nf_conntrack_address *src, @@ -767,6 +753,8 @@ #endif } +static struct nf_conntrack_helper nf_conntrack_helper_q931; + /****************************************************************************/ static int expect_callforwarding(struct sk_buff **pskb, struct nf_conn *ct, @@ -799,6 +787,7 @@ static int expect_callforwarding(struct nf_conntrack_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num, &ct->tuplehash[!dir].tuple.src.u3, &addr, IPPROTO_TCP, NULL, &port); + exp->helper = &nf_conntrack_helper_q931; if (memcmp(&ct->tuplehash[dir].tuple.src.u3, &ct->tuplehash[!dir].tuple.dst.u3, @@ -808,8 +797,6 @@ static int expect_callforwarding(struct ret = nat_callforwarding_hook(pskb, ct, ctinfo, data, dataoff, taddr, port, exp); } else { /* Conntrack only */ - exp->expectfn = nf_conntrack_q931_expect; - if (nf_conntrack_expect_related(exp) == 0) { DEBUGP("nf_ct_q931: expect Call Forwarding "); NF_CT_DUMP_TUPLE(&exp->tuple); @@ -1203,15 +1190,6 @@ static struct nf_conntrack_helper nf_con }; /****************************************************************************/ -void nf_conntrack_q931_expect(struct nf_conn *new, - struct nf_conntrack_expect *this) -{ - write_lock_bh(&nf_conntrack_lock); - nfct_help(new)->helper = &nf_conntrack_helper_q931; - write_unlock_bh(&nf_conntrack_lock); -} - -/****************************************************************************/ static unsigned char *get_udp_data(struct sk_buff **pskb, unsigned int protoff, int *datalen) { @@ -1295,14 +1273,13 @@ static int expect_q931(struct sk_buff ** NULL, &ct->tuplehash[!dir].tuple.dst.u3, IPPROTO_TCP, NULL, &port); + exp->helper = &nf_conntrack_helper_q931; exp->flags = NF_CT_EXPECT_PERMANENT; /* Accept multiple calls */ if (nat_q931_hook && ct->status & IPS_NAT_MASK) { /* Need NAT */ ret = nat_q931_hook(pskb, ct, ctinfo, data, taddr, i, port, exp); } else { /* Conntrack only */ - exp->expectfn = nf_conntrack_q931_expect; - if (nf_conntrack_expect_related(exp) == 0) { DEBUGP("nf_ct_ras: expect Q.931 "); NF_CT_DUMP_TUPLE(&exp->tuple); @@ -1331,9 +1308,7 @@ static int process_grq(struct sk_buff ** return 0; } -/* Declare before using */ -static void nf_conntrack_ras_expect(struct nf_conn *new, - struct nf_conntrack_expect *this); +static struct nf_conntrack_helper nf_conntrack_helper_ras; /****************************************************************************/ static int process_gcf(struct sk_buff **pskb, struct nf_conn *ct, @@ -1366,7 +1341,7 @@ static int process_gcf(struct sk_buff ** nf_conntrack_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num, &ct->tuplehash[!dir].tuple.src.u3, &addr, IPPROTO_UDP, NULL, &port); - exp->expectfn = nf_conntrack_ras_expect; + exp->helper = &nf_conntrack_helper_ras; if (nf_conntrack_expect_related(exp) == 0) { DEBUGP("nf_ct_ras: expect RAS "); @@ -1562,8 +1537,8 @@ static int process_acf(struct sk_buff ** nf_conntrack_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num, &ct->tuplehash[!dir].tuple.src.u3, &addr, IPPROTO_TCP, NULL, &port); + exp->helper = &nf_conntrack_helper_q931; exp->flags = NF_CT_EXPECT_PERMANENT; - exp->expectfn = nf_conntrack_q931_expect; if (nf_conntrack_expect_related(exp) == 0) { DEBUGP("nf_ct_ras: expect Q.931 "); @@ -1612,8 +1587,8 @@ static int process_lcf(struct sk_buff ** nf_conntrack_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num, &ct->tuplehash[!dir].tuple.src.u3, &addr, IPPROTO_TCP, NULL, &port); + exp->helper = &nf_conntrack_helper_q931; exp->flags = NF_CT_EXPECT_PERMANENT; - exp->expectfn = nf_conntrack_q931_expect; if (nf_conntrack_expect_related(exp) == 0) { DEBUGP("nf_ct_ras: expect Q.931 "); @@ -1758,15 +1733,6 @@ static struct nf_conntrack_helper nf_con }; /****************************************************************************/ -static void nf_conntrack_ras_expect(struct nf_conn *new, - struct nf_conntrack_expect *this) -{ - write_lock_bh(&nf_conntrack_lock); - nfct_help(new)->helper = &nf_conntrack_helper_ras; - write_unlock_bh(&nf_conntrack_lock); -} - -/****************************************************************************/ /* Not __exit - called from init() */ static void fini(void) { @@ -1798,8 +1764,6 @@ module_init(init); module_exit(fini); EXPORT_SYMBOL_GPL(get_h225_addr); -EXPORT_SYMBOL_GPL(nf_conntrack_h245_expect); -EXPORT_SYMBOL_GPL(nf_conntrack_q931_expect); EXPORT_SYMBOL_GPL(set_h245_addr_hook); EXPORT_SYMBOL_GPL(set_h225_addr_hook); EXPORT_SYMBOL_GPL(set_sig_addr_hook);