UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

netfilter: conntrack: pptp: use single option structure 

Instead of exposing the four hooks individually use a sinle hook ops
structure.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Florian Westphal 2022-01-20 16:09:13 +01:00 committed by Pablo Neira Ayuso
parent 1015c3de23
commit 20ff320246
3 changed files with 45 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
include/linux/netfilter/nf_conntrack_pptp.h
View File

@ -300,26 +300,22 @@ union pptp_ctrl_union {
struct PptpSetLinkInfo setlink; struct PptpSetLinkInfo setlink;
}; };
extern int struct nf_nat_pptp_hook {
(*nf_nat_pptp_hook_outbound)(struct sk_buff *skb, int (*outbound)(struct sk_buff *skb,
struct nf_conn *ct, enum ip_conntrack_info ctinfo, struct nf_conn *ct, enum ip_conntrack_info ctinfo,
unsigned int protoff, unsigned int protoff,
struct PptpControlHeader *ctlh, struct PptpControlHeader *ctlh,
union pptp_ctrl_union *pptpReq); union pptp_ctrl_union *pptpReq);
int (*inbound)(struct sk_buff *skb,
extern int struct nf_conn *ct, enum ip_conntrack_info ctinfo,
(*nf_nat_pptp_hook_inbound)(struct sk_buff *skb, unsigned int protoff,
struct nf_conn *ct, enum ip_conntrack_info ctinfo, struct PptpControlHeader *ctlh,
unsigned int protoff, union pptp_ctrl_union *pptpReq);
struct PptpControlHeader *ctlh, void (*exp_gre)(struct nf_conntrack_expect *exp_orig,
union pptp_ctrl_union *pptpReq); struct nf_conntrack_expect *exp_reply);
void (*expectfn)(struct nf_conn *ct,
extern void struct nf_conntrack_expect *exp);
(*nf_nat_pptp_hook_exp_gre)(struct nf_conntrack_expect *exp_orig, };
struct nf_conntrack_expect *exp_reply);
extern void
(*nf_nat_pptp_hook_expectfn)(struct nf_conn *ct,
struct nf_conntrack_expect *exp);
extern const struct nf_nat_pptp_hook __rcu *nf_nat_pptp_hook;
#endif /* _NF_CONNTRACK_PPTP_H */ #endif /* _NF_CONNTRACK_PPTP_H */

24
net/ipv4/netfilter/nf_nat_pptp.c
View File

@ -295,28 +295,24 @@ pptp_inbound_pkt(struct sk_buff *skb,
return NF_ACCEPT; return NF_ACCEPT;
} }
static const struct nf_nat_pptp_hook pptp_hooks = {
.outbound = pptp_outbound_pkt,
.inbound = pptp_inbound_pkt,
.exp_gre = pptp_exp_gre,
.expectfn = pptp_nat_expected,
};
static int __init nf_nat_helper_pptp_init(void) static int __init nf_nat_helper_pptp_init(void)
{ {
BUG_ON(nf_nat_pptp_hook_outbound != NULL); WARN_ON(nf_nat_pptp_hook != NULL);
RCU_INIT_POINTER(nf_nat_pptp_hook_outbound, pptp_outbound_pkt); RCU_INIT_POINTER(nf_nat_pptp_hook, &pptp_hooks);
BUG_ON(nf_nat_pptp_hook_inbound != NULL);
RCU_INIT_POINTER(nf_nat_pptp_hook_inbound, pptp_inbound_pkt);
BUG_ON(nf_nat_pptp_hook_exp_gre != NULL);
RCU_INIT_POINTER(nf_nat_pptp_hook_exp_gre, pptp_exp_gre);
BUG_ON(nf_nat_pptp_hook_expectfn != NULL);
RCU_INIT_POINTER(nf_nat_pptp_hook_expectfn, pptp_nat_expected);
return 0; return 0;
} }
static void __exit nf_nat_helper_pptp_fini(void) static void __exit nf_nat_helper_pptp_fini(void)
{ {
RCU_INIT_POINTER(nf_nat_pptp_hook_expectfn, NULL); RCU_INIT_POINTER(nf_nat_pptp_hook, NULL);
RCU_INIT_POINTER(nf_nat_pptp_hook_exp_gre, NULL);
RCU_INIT_POINTER(nf_nat_pptp_hook_inbound, NULL);
RCU_INIT_POINTER(nf_nat_pptp_hook_outbound, NULL);
synchronize_rcu(); synchronize_rcu();
} }

60
net/netfilter/nf_conntrack_pptp.c
View File

@ -45,30 +45,8 @@ MODULE_ALIAS_NFCT_HELPER("pptp");
static DEFINE_SPINLOCK(nf_pptp_lock); static DEFINE_SPINLOCK(nf_pptp_lock);
int const struct nf_nat_pptp_hook *nf_nat_pptp_hook;
(*nf_nat_pptp_hook_outbound)(struct sk_buff *skb, EXPORT_SYMBOL_GPL(nf_nat_pptp_hook);
struct nf_conn *ct, enum ip_conntrack_info ctinfo,
unsigned int protoff, struct PptpControlHeader *ctlh,
union pptp_ctrl_union *pptpReq) __read_mostly;
EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_outbound);
int
(*nf_nat_pptp_hook_inbound)(struct sk_buff *skb,
struct nf_conn *ct, enum ip_conntrack_info ctinfo,
unsigned int protoff, struct PptpControlHeader *ctlh,
union pptp_ctrl_union *pptpReq) __read_mostly;
EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_inbound);
void
(*nf_nat_pptp_hook_exp_gre)(struct nf_conntrack_expect *expect_orig,
struct nf_conntrack_expect *expect_reply)
__read_mostly;
EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_exp_gre);
void
(*nf_nat_pptp_hook_expectfn)(struct nf_conn *ct,
struct nf_conntrack_expect *exp) __read_mostly;
EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_expectfn);
#if defined(DEBUG) || defined(CONFIG_DYNAMIC_DEBUG) #if defined(DEBUG) || defined(CONFIG_DYNAMIC_DEBUG)
/* PptpControlMessageType names */ /* PptpControlMessageType names */
@ -111,8 +89,8 @@ EXPORT_SYMBOL(pptp_msg_name);
static void pptp_expectfn(struct nf_conn *ct, static void pptp_expectfn(struct nf_conn *ct,
struct nf_conntrack_expect *exp) struct nf_conntrack_expect *exp)
{ {
const struct nf_nat_pptp_hook *hook;
struct net *net = nf_ct_net(ct); struct net *net = nf_ct_net(ct);
typeof(nf_nat_pptp_hook_expectfn) nf_nat_pptp_expectfn;
pr_debug("increasing timeouts\n"); pr_debug("increasing timeouts\n");
/* increase timeout of GRE data channel conntrack entry */ /* increase timeout of GRE data channel conntrack entry */
@ -122,9 +100,9 @@ static void pptp_expectfn(struct nf_conn *ct,
/* Can you see how rusty this code is, compared with the pre-2.6.11 /* Can you see how rusty this code is, compared with the pre-2.6.11
* one? That's what happened to my shiny newnat of 2002 ;( -HW */ * one? That's what happened to my shiny newnat of 2002 ;( -HW */
nf_nat_pptp_expectfn = rcu_dereference(nf_nat_pptp_hook_expectfn); hook = rcu_dereference(nf_nat_pptp_hook);
if (nf_nat_pptp_expectfn && ct->master->status & IPS_NAT_MASK) if (hook && ct->master->status & IPS_NAT_MASK)
nf_nat_pptp_expectfn(ct, exp); hook->expectfn(ct, exp);
else { else {
struct nf_conntrack_tuple inv_t; struct nf_conntrack_tuple inv_t;
struct nf_conntrack_expect *exp_other; struct nf_conntrack_expect *exp_other;
@ -209,9 +187,9 @@ static void pptp_destroy_siblings(struct nf_conn *ct)
static int exp_gre(struct nf_conn *ct, __be16 callid, __be16 peer_callid) static int exp_gre(struct nf_conn *ct, __be16 callid, __be16 peer_callid)
{ {
struct nf_conntrack_expect *exp_orig, *exp_reply; struct nf_conntrack_expect *exp_orig, *exp_reply;
const struct nf_nat_pptp_hook *hook;
enum ip_conntrack_dir dir; enum ip_conntrack_dir dir;
int ret = 1; int ret = 1;
typeof(nf_nat_pptp_hook_exp_gre) nf_nat_pptp_exp_gre;
exp_orig = nf_ct_expect_alloc(ct); exp_orig = nf_ct_expect_alloc(ct);
if (exp_orig == NULL) if (exp_orig == NULL)
@ -239,9 +217,9 @@ static int exp_gre(struct nf_conn *ct, __be16 callid, __be16 peer_callid)
IPPROTO_GRE, &callid, &peer_callid); IPPROTO_GRE, &callid, &peer_callid);
exp_reply->expectfn = pptp_expectfn; exp_reply->expectfn = pptp_expectfn;
nf_nat_pptp_exp_gre = rcu_dereference(nf_nat_pptp_hook_exp_gre); hook = rcu_dereference(nf_nat_pptp_hook);
if (nf_nat_pptp_exp_gre && ct->status & IPS_NAT_MASK) if (hook && ct->status & IPS_NAT_MASK)
nf_nat_pptp_exp_gre(exp_orig, exp_reply); hook->exp_gre(exp_orig, exp_reply);
if (nf_ct_expect_related(exp_orig, 0) != 0) if (nf_ct_expect_related(exp_orig, 0) != 0)
goto out_put_both; goto out_put_both;
if (nf_ct_expect_related(exp_reply, 0) != 0) if (nf_ct_expect_related(exp_reply, 0) != 0)
@ -279,9 +257,9 @@ pptp_inbound_pkt(struct sk_buff *skb, unsigned int protoff,
enum ip_conntrack_info ctinfo) enum ip_conntrack_info ctinfo)
{ {
struct nf_ct_pptp_master *info = nfct_help_data(ct); struct nf_ct_pptp_master *info = nfct_help_data(ct);
const struct nf_nat_pptp_hook *hook;
u_int16_t msg; u_int16_t msg;
__be16 cid = 0, pcid = 0; __be16 cid = 0, pcid = 0;
typeof(nf_nat_pptp_hook_inbound) nf_nat_pptp_inbound;
msg = ntohs(ctlh->messageType); msg = ntohs(ctlh->messageType);
pr_debug("inbound control message %s\n", pptp_msg_name(msg)); pr_debug("inbound control message %s\n", pptp_msg_name(msg));
@ -383,10 +361,9 @@ pptp_inbound_pkt(struct sk_buff *skb, unsigned int protoff,
goto invalid; goto invalid;
} }
nf_nat_pptp_inbound = rcu_dereference(nf_nat_pptp_hook_inbound); hook = rcu_dereference(nf_nat_pptp_hook);
if (nf_nat_pptp_inbound && ct->status & IPS_NAT_MASK) if (hook && ct->status & IPS_NAT_MASK)
return nf_nat_pptp_inbound(skb, ct, ctinfo, return hook->inbound(skb, ct, ctinfo, protoff, ctlh, pptpReq);
protoff, ctlh, pptpReq);
return NF_ACCEPT; return NF_ACCEPT;
invalid: invalid:
@ -407,9 +384,9 @@ pptp_outbound_pkt(struct sk_buff *skb, unsigned int protoff,
enum ip_conntrack_info ctinfo) enum ip_conntrack_info ctinfo)
{ {
struct nf_ct_pptp_master *info = nfct_help_data(ct); struct nf_ct_pptp_master *info = nfct_help_data(ct);
const struct nf_nat_pptp_hook *hook;
u_int16_t msg; u_int16_t msg;
__be16 cid = 0, pcid = 0; __be16 cid = 0, pcid = 0;
typeof(nf_nat_pptp_hook_outbound) nf_nat_pptp_outbound;
msg = ntohs(ctlh->messageType); msg = ntohs(ctlh->messageType);
pr_debug("outbound control message %s\n", pptp_msg_name(msg)); pr_debug("outbound control message %s\n", pptp_msg_name(msg));
@ -479,10 +456,9 @@ pptp_outbound_pkt(struct sk_buff *skb, unsigned int protoff,
goto invalid; goto invalid;
} }
nf_nat_pptp_outbound = rcu_dereference(nf_nat_pptp_hook_outbound); hook = rcu_dereference(nf_nat_pptp_hook);
if (nf_nat_pptp_outbound && ct->status & IPS_NAT_MASK) if (hook && ct->status & IPS_NAT_MASK)
return nf_nat_pptp_outbound(skb, ct, ctinfo, return hook->outbound(skb, ct, ctinfo, protoff, ctlh, pptpReq);
protoff, ctlh, pptpReq);
return NF_ACCEPT; return NF_ACCEPT;
invalid: invalid: