diff options
Diffstat (limited to 'net/netfilter')
-rw-r--r-- | net/netfilter/nf_conntrack_proto_sctp.c | 43 |
1 files changed, 21 insertions, 22 deletions
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c index 5166bb3..84e37e9 100644 --- a/net/netfilter/nf_conntrack_proto_sctp.c +++ b/net/netfilter/nf_conntrack_proto_sctp.c @@ -173,13 +173,12 @@ static int sctp_print_tuple(struct seq_file *s, } /* Print out the private part of the conntrack. */ -static int sctp_print_conntrack(struct seq_file *s, - const struct nf_conn *conntrack) +static int sctp_print_conntrack(struct seq_file *s, const struct nf_conn *ct) { enum sctp_conntrack state; read_lock_bh(&sctp_lock); - state = conntrack->proto.sctp.state; + state = ct->proto.sctp.state; read_unlock_bh(&sctp_lock); return seq_printf(s, "%s ", sctp_conntrack_names[state]); @@ -192,7 +191,7 @@ for ((offset) = (dataoff) + sizeof(sctp_sctphdr_t), (count) = 0; \ (offset) += (ntohs((sch)->length) + 3) & ~3, (count)++) /* Some validity checks to make sure the chunks are fine */ -static int do_basic_checks(struct nf_conn *conntrack, +static int do_basic_checks(struct nf_conn *ct, const struct sk_buff *skb, unsigned int dataoff, unsigned long *map) @@ -293,7 +292,7 @@ static int new_state(enum ip_conntrack_dir dir, } /* Returns verdict for packet, or -1 for invalid. */ -static int sctp_packet(struct nf_conn *conntrack, +static int sctp_packet(struct nf_conn *ct, const struct sk_buff *skb, unsigned int dataoff, enum ip_conntrack_info ctinfo, @@ -310,7 +309,7 @@ static int sctp_packet(struct nf_conn *conntrack, if (sh == NULL) return -1; - if (do_basic_checks(conntrack, skb, dataoff, map) != 0) + if (do_basic_checks(ct, skb, dataoff, map) != 0) return -1; /* Check the verification tag (Sec 8.5) */ @@ -319,7 +318,7 @@ static int sctp_packet(struct nf_conn *conntrack, !test_bit(SCTP_CID_COOKIE_ECHO, map) && !test_bit(SCTP_CID_ABORT, map) && !test_bit(SCTP_CID_SHUTDOWN_ACK, map) && - sh->vtag != conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)]) { + sh->vtag != ct->proto.sctp.vtag[CTINFO2DIR(ctinfo)]) { pr_debug("Verification tag check failed\n"); return -1; } @@ -337,28 +336,28 @@ static int sctp_packet(struct nf_conn *conntrack, } } else if (sch->type == SCTP_CID_ABORT) { /* Sec 8.5.1 (B) */ - if (sh->vtag != conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)] && - sh->vtag != conntrack->proto.sctp.vtag[1 - CTINFO2DIR(ctinfo)]) { + if (sh->vtag != ct->proto.sctp.vtag[CTINFO2DIR(ctinfo)] && + sh->vtag != ct->proto.sctp.vtag[1 - CTINFO2DIR(ctinfo)]) { write_unlock_bh(&sctp_lock); return -1; } } else if (sch->type == SCTP_CID_SHUTDOWN_COMPLETE) { /* Sec 8.5.1 (C) */ - if (sh->vtag != conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)] && - sh->vtag != conntrack->proto.sctp.vtag[1 - CTINFO2DIR(ctinfo)] && + if (sh->vtag != ct->proto.sctp.vtag[CTINFO2DIR(ctinfo)] && + sh->vtag != ct->proto.sctp.vtag[1 - CTINFO2DIR(ctinfo)] && (sch->flags & 1)) { write_unlock_bh(&sctp_lock); return -1; } } else if (sch->type == SCTP_CID_COOKIE_ECHO) { /* Sec 8.5.1 (D) */ - if (sh->vtag != conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)]) { + if (sh->vtag != ct->proto.sctp.vtag[CTINFO2DIR(ctinfo)]) { write_unlock_bh(&sctp_lock); return -1; } } - oldsctpstate = conntrack->proto.sctp.state; + oldsctpstate = ct->proto.sctp.state; newconntrack = new_state(CTINFO2DIR(ctinfo), oldsctpstate, sch->type); /* Invalid */ @@ -383,22 +382,22 @@ static int sctp_packet(struct nf_conn *conntrack, } pr_debug("Setting vtag %x for dir %d\n", ih->init_tag, !CTINFO2DIR(ctinfo)); - conntrack->proto.sctp.vtag[!CTINFO2DIR(ctinfo)] = ih->init_tag; + ct->proto.sctp.vtag[!CTINFO2DIR(ctinfo)] = ih->init_tag; } - conntrack->proto.sctp.state = newconntrack; + ct->proto.sctp.state = newconntrack; if (oldsctpstate != newconntrack) nf_conntrack_event_cache(IPCT_PROTOINFO, skb); write_unlock_bh(&sctp_lock); } - nf_ct_refresh_acct(conntrack, ctinfo, skb, *sctp_timeouts[newconntrack]); + nf_ct_refresh_acct(ct, ctinfo, skb, *sctp_timeouts[newconntrack]); if (oldsctpstate == SCTP_CONNTRACK_COOKIE_ECHOED && CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY && newconntrack == SCTP_CONNTRACK_ESTABLISHED) { pr_debug("Setting assured bit\n"); - set_bit(IPS_ASSURED_BIT, &conntrack->status); + set_bit(IPS_ASSURED_BIT, &ct->status); nf_conntrack_event_cache(IPCT_STATUS, skb); } @@ -406,7 +405,7 @@ static int sctp_packet(struct nf_conn *conntrack, } /* Called when a new connection for this protocol found. */ -static int sctp_new(struct nf_conn *conntrack, const struct sk_buff *skb, +static int sctp_new(struct nf_conn *ct, const struct sk_buff *skb, unsigned int dataoff) { enum sctp_conntrack newconntrack; @@ -419,7 +418,7 @@ static int sctp_new(struct nf_conn *conntrack, const struct sk_buff *skb, if (sh == NULL) return 0; - if (do_basic_checks(conntrack, skb, dataoff, map) != 0) + if (do_basic_checks(ct, skb, dataoff, map) != 0) return 0; /* If an OOTB packet has any of these chunks discard (Sec 8.4) */ @@ -454,7 +453,7 @@ static int sctp_new(struct nf_conn *conntrack, const struct sk_buff *skb, pr_debug("Setting vtag %x for new conn\n", ih->init_tag); - conntrack->proto.sctp.vtag[IP_CT_DIR_REPLY] = + ct->proto.sctp.vtag[IP_CT_DIR_REPLY] = ih->init_tag; } else { /* Sec 8.5.1 (A) */ @@ -466,10 +465,10 @@ static int sctp_new(struct nf_conn *conntrack, const struct sk_buff *skb, else { pr_debug("Setting vtag %x for new conn OOTB\n", sh->vtag); - conntrack->proto.sctp.vtag[IP_CT_DIR_REPLY] = sh->vtag; + ct->proto.sctp.vtag[IP_CT_DIR_REPLY] = sh->vtag; } - conntrack->proto.sctp.state = newconntrack; + ct->proto.sctp.state = newconntrack; } return 1; |