]> pilppa.org Git - linux-2.6-omap-h63xx.git/blobdiff - net/netfilter/nf_conntrack_proto_sctp.c
projects / linux-2.6-omap-h63xx.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[NETNS]: Add namespace parameter to ip_dev_find.
[linux-2.6-omap-h63xx.git] / net / netfilter / nf_conntrack_proto_sctp.c
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index e52b6b95b30482f3d6058a57062eb1df28f3aa14..21d29e782baf3ae0970efac12e8587b934fa1f47 100644 (file)
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -49,24 +49,15 @@ static const char *sctp_conntrack_names[] = {
 #define HOURS * 60 MINS
 #define DAYS  * 24 HOURS
 
-static unsigned int nf_ct_sctp_timeout_closed __read_mostly          =  10 SECS;
-static unsigned int nf_ct_sctp_timeout_cookie_wait __read_mostly     =   3 SECS;
-static unsigned int nf_ct_sctp_timeout_cookie_echoed __read_mostly   =   3 SECS;
-static unsigned int nf_ct_sctp_timeout_established __read_mostly     =   5 DAYS;
-static unsigned int nf_ct_sctp_timeout_shutdown_sent __read_mostly   = 300 SECS / 1000;
-static unsigned int nf_ct_sctp_timeout_shutdown_recd __read_mostly   = 300 SECS / 1000;
-static unsigned int nf_ct_sctp_timeout_shutdown_ack_sent __read_mostly = 3 SECS;
-
-static unsigned int * sctp_timeouts[]
-= { NULL,                                  /* SCTP_CONNTRACK_NONE  */
-    &nf_ct_sctp_timeout_closed,                   /* SCTP_CONNTRACK_CLOSED */
-    &nf_ct_sctp_timeout_cookie_wait,       /* SCTP_CONNTRACK_COOKIE_WAIT */
-    &nf_ct_sctp_timeout_cookie_echoed,     /* SCTP_CONNTRACK_COOKIE_ECHOED */
-    &nf_ct_sctp_timeout_established,       /* SCTP_CONNTRACK_ESTABLISHED */
-    &nf_ct_sctp_timeout_shutdown_sent,     /* SCTP_CONNTRACK_SHUTDOWN_SENT */
-    &nf_ct_sctp_timeout_shutdown_recd,     /* SCTP_CONNTRACK_SHUTDOWN_RECD */
-    &nf_ct_sctp_timeout_shutdown_ack_sent  /* SCTP_CONNTRACK_SHUTDOWN_ACK_SENT */
- };
+static unsigned int sctp_timeouts[SCTP_CONNTRACK_MAX] __read_mostly = {
+       [SCTP_CONNTRACK_CLOSED]                 = 10 SECS,
+       [SCTP_CONNTRACK_COOKIE_WAIT]            = 3 SECS,
+       [SCTP_CONNTRACK_COOKIE_ECHOED]          = 3 SECS,
+       [SCTP_CONNTRACK_ESTABLISHED]            = 5 DAYS,
+       [SCTP_CONNTRACK_SHUTDOWN_SENT]          = 300 SECS / 1000,
+       [SCTP_CONNTRACK_SHUTDOWN_RECD]          = 300 SECS / 1000,
+       [SCTP_CONNTRACK_SHUTDOWN_ACK_SENT]      = 3 SECS,
+};
 
 #define sNO SCTP_CONNTRACK_NONE
 #define        sCL SCTP_CONNTRACK_CLOSED
@@ -231,9 +222,9 @@ static int do_basic_checks(struct nf_conn *ct,
        return count == 0;
 }
 
-static int new_state(enum ip_conntrack_dir dir,
-                    enum sctp_conntrack cur_state,
-                    int chunk_type)
+static int sctp_new_state(enum ip_conntrack_dir dir,
+                         enum sctp_conntrack cur_state,
+                         int chunk_type)
 {
        int i;
 
@@ -299,7 +290,7 @@ static int sctp_packet(struct nf_conn *ct,
                       int pf,
                       unsigned int hooknum)
 {
-       enum sctp_conntrack newconntrack, oldsctpstate;
+       enum sctp_conntrack new_state, old_state;
        enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
        sctp_sctphdr_t _sctph, *sh;
        sctp_chunkhdr_t _sch, *sch;
@@ -324,10 +315,9 @@ static int sctp_packet(struct nf_conn *ct,
                goto out;
        }
 
-       oldsctpstate = newconntrack = SCTP_CONNTRACK_MAX;
+       old_state = new_state = SCTP_CONNTRACK_MAX;
+       write_lock_bh(&sctp_lock);
        for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) {
-               write_lock_bh(&sctp_lock);
-
                /* Special cases of Verification tag check (Sec 8.5.1) */
                if (sch->type == SCTP_CID_INIT) {
                        /* Sec 8.5.1 (A) */
@@ -342,7 +332,7 @@ static int sctp_packet(struct nf_conn *ct,
                        /* Sec 8.5.1 (C) */
                        if (sh->vtag != ct->proto.sctp.vtag[dir] &&
                            sh->vtag != ct->proto.sctp.vtag[!dir] &&
-                           (sch->flags & 1))
+                           sch->flags & SCTP_CHUNK_FLAG_T)
                                goto out_unlock;
                } else if (sch->type == SCTP_CID_COOKIE_ECHO) {
                        /* Sec 8.5.1 (D) */
@@ -350,14 +340,14 @@ static int sctp_packet(struct nf_conn *ct,
                                goto out_unlock;
                }
 
-               oldsctpstate = ct->proto.sctp.state;
-               newconntrack = new_state(dir, oldsctpstate, sch->type);
+               old_state = ct->proto.sctp.state;
+               new_state = sctp_new_state(dir, old_state, sch->type);
 
                /* Invalid */
-               if (newconntrack == SCTP_CONNTRACK_MAX) {
+               if (new_state == SCTP_CONNTRACK_MAX) {
                        pr_debug("nf_conntrack_sctp: Invalid dir=%i ctype=%u "
                                 "conntrack=%u\n",
-                                dir, sch->type, oldsctpstate);
+                                dir, sch->type, old_state);
                        goto out_unlock;
                }
 
@@ -375,17 +365,17 @@ static int sctp_packet(struct nf_conn *ct,
                        ct->proto.sctp.vtag[!dir] = ih->init_tag;
                }
 
-               ct->proto.sctp.state = newconntrack;
-               if (oldsctpstate != newconntrack)
+               ct->proto.sctp.state = new_state;
+               if (old_state != new_state)
                        nf_conntrack_event_cache(IPCT_PROTOINFO, skb);
-               write_unlock_bh(&sctp_lock);
        }
+       write_unlock_bh(&sctp_lock);
 
-       nf_ct_refresh_acct(ct, ctinfo, skb, *sctp_timeouts[newconntrack]);
+       nf_ct_refresh_acct(ct, ctinfo, skb, sctp_timeouts[new_state]);
 
-       if (oldsctpstate == SCTP_CONNTRACK_COOKIE_ECHOED &&
+       if (old_state == SCTP_CONNTRACK_COOKIE_ECHOED &&
            dir == IP_CT_DIR_REPLY &&
-           newconntrack == SCTP_CONNTRACK_ESTABLISHED) {
+           new_state == SCTP_CONNTRACK_ESTABLISHED) {
                pr_debug("Setting assured bit\n");
                set_bit(IPS_ASSURED_BIT, &ct->status);
                nf_conntrack_event_cache(IPCT_STATUS, skb);
@@ -403,7 +393,7 @@ out:
 static int sctp_new(struct nf_conn *ct, const struct sk_buff *skb,
                    unsigned int dataoff)
 {
-       enum sctp_conntrack newconntrack;
+       enum sctp_conntrack new_state;
        sctp_sctphdr_t _sctph, *sh;
        sctp_chunkhdr_t _sch, *sch;
        u_int32_t offset, count;
@@ -422,15 +412,15 @@ static int sctp_new(struct nf_conn *ct, const struct sk_buff *skb,
            test_bit(SCTP_CID_COOKIE_ACK, map))
                return 0;
 
-       newconntrack = SCTP_CONNTRACK_MAX;
+       new_state = SCTP_CONNTRACK_MAX;
        for_each_sctp_chunk (skb, sch, _sch, offset, dataoff, count) {
                /* Don't need lock here: this conntrack not in circulation yet */
-               newconntrack = new_state(IP_CT_DIR_ORIGINAL,
-                                        SCTP_CONNTRACK_NONE, sch->type);
+               new_state = sctp_new_state(IP_CT_DIR_ORIGINAL,
+                                          SCTP_CONNTRACK_NONE, sch->type);
 
                /* Invalid: delete conntrack */
-               if (newconntrack == SCTP_CONNTRACK_NONE ||
-                   newconntrack == SCTP_CONNTRACK_MAX) {
+               if (new_state == SCTP_CONNTRACK_NONE ||
+                   new_state == SCTP_CONNTRACK_MAX) {
                        pr_debug("nf_conntrack_sctp: invalid new deleting.\n");
                        return 0;
                }
@@ -463,7 +453,7 @@ static int sctp_new(struct nf_conn *ct, const struct sk_buff *skb,
                        ct->proto.sctp.vtag[IP_CT_DIR_REPLY] = sh->vtag;
                }
 
-               ct->proto.sctp.state = newconntrack;
+               ct->proto.sctp.state = new_state;
        }
 
        return 1;
@@ -475,49 +465,49 @@ static struct ctl_table_header *sctp_sysctl_header;
 static struct ctl_table sctp_sysctl_table[] = {
        {
                .procname       = "nf_conntrack_sctp_timeout_closed",
-               .data           = &nf_ct_sctp_timeout_closed,
+               .data           = &sctp_timeouts[SCTP_CONNTRACK_CLOSED],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
                .procname       = "nf_conntrack_sctp_timeout_cookie_wait",
-               .data           = &nf_ct_sctp_timeout_cookie_wait,
+               .data           = &sctp_timeouts[SCTP_CONNTRACK_COOKIE_WAIT],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
                .procname       = "nf_conntrack_sctp_timeout_cookie_echoed",
-               .data           = &nf_ct_sctp_timeout_cookie_echoed,
+               .data           = &sctp_timeouts[SCTP_CONNTRACK_COOKIE_ECHOED],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
                .procname       = "nf_conntrack_sctp_timeout_established",
-               .data           = &nf_ct_sctp_timeout_established,
+               .data           = &sctp_timeouts[SCTP_CONNTRACK_ESTABLISHED],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
                .procname       = "nf_conntrack_sctp_timeout_shutdown_sent",
-               .data           = &nf_ct_sctp_timeout_shutdown_sent,
+               .data           = &sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_SENT],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
                .procname       = "nf_conntrack_sctp_timeout_shutdown_recd",
-               .data           = &nf_ct_sctp_timeout_shutdown_recd,
+               .data           = &sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_RECD],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
                .procname       = "nf_conntrack_sctp_timeout_shutdown_ack_sent",
-               .data           = &nf_ct_sctp_timeout_shutdown_ack_sent,
+               .data           = &sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_ACK_SENT],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = &proc_dointvec_jiffies,
@@ -531,49 +521,49 @@ static struct ctl_table sctp_sysctl_table[] = {
 static struct ctl_table sctp_compat_sysctl_table[] = {
        {
                .procname       = "ip_conntrack_sctp_timeout_closed",
-               .data           = &nf_ct_sctp_timeout_closed,
+               .data           = &sctp_timeouts[SCTP_CONNTRACK_CLOSED],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
                .procname       = "ip_conntrack_sctp_timeout_cookie_wait",
-               .data           = &nf_ct_sctp_timeout_cookie_wait,
+               .data           = &sctp_timeouts[SCTP_CONNTRACK_COOKIE_WAIT],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
                .procname       = "ip_conntrack_sctp_timeout_cookie_echoed",
-               .data           = &nf_ct_sctp_timeout_cookie_echoed,
+               .data           = &sctp_timeouts[SCTP_CONNTRACK_COOKIE_ECHOED],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
                .procname       = "ip_conntrack_sctp_timeout_established",
-               .data           = &nf_ct_sctp_timeout_established,
+               .data           = &sctp_timeouts[SCTP_CONNTRACK_ESTABLISHED],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
                .procname       = "ip_conntrack_sctp_timeout_shutdown_sent",
-               .data           = &nf_ct_sctp_timeout_shutdown_sent,
+               .data           = &sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_SENT],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
                .procname       = "ip_conntrack_sctp_timeout_shutdown_recd",
-               .data           = &nf_ct_sctp_timeout_shutdown_recd,
+               .data           = &sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_RECD],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = &proc_dointvec_jiffies,
        },
        {
                .procname       = "ip_conntrack_sctp_timeout_shutdown_ack_sent",
-               .data           = &nf_ct_sctp_timeout_shutdown_ack_sent,
+               .data           = &sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_ACK_SENT],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = &proc_dointvec_jiffies,
Unnamed repository; edit this file 'description' to name the repository.