mirror of
https://github.com/edk2-porting/linux-next.git
synced 2025-01-15 17:14:00 +08:00
[NETFILTER]: Add support for permanent expectations
A permanent expectation exists until timeing out and can expect multiple related connections. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
9261c9b042
commit
2248bcfcd8
@ -263,6 +263,9 @@ struct ip_conntrack_expect
|
|||||||
/* Unique ID */
|
/* Unique ID */
|
||||||
unsigned int id;
|
unsigned int id;
|
||||||
|
|
||||||
|
/* Flags */
|
||||||
|
unsigned int flags;
|
||||||
|
|
||||||
#ifdef CONFIG_IP_NF_NAT_NEEDED
|
#ifdef CONFIG_IP_NF_NAT_NEEDED
|
||||||
/* This is the original per-proto part, used to map the
|
/* This is the original per-proto part, used to map the
|
||||||
* expected connection the way the recipient expects. */
|
* expected connection the way the recipient expects. */
|
||||||
@ -272,6 +275,8 @@ struct ip_conntrack_expect
|
|||||||
#endif
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
|
#define IP_CT_EXPECT_PERMANENT 0x1
|
||||||
|
|
||||||
static inline struct ip_conntrack *
|
static inline struct ip_conntrack *
|
||||||
tuplehash_to_ctrack(const struct ip_conntrack_tuple_hash *hash)
|
tuplehash_to_ctrack(const struct ip_conntrack_tuple_hash *hash)
|
||||||
{
|
{
|
||||||
|
@ -108,6 +108,7 @@ static int help(struct sk_buff **pskb,
|
|||||||
}
|
}
|
||||||
|
|
||||||
exp->expectfn = NULL;
|
exp->expectfn = NULL;
|
||||||
|
exp->flags = 0;
|
||||||
|
|
||||||
exp->tuple.src.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip;
|
exp->tuple.src.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip;
|
||||||
exp->tuple.src.u.tcp.port = 0;
|
exp->tuple.src.u.tcp.port = 0;
|
||||||
|
@ -264,12 +264,16 @@ find_expectation(const struct ip_conntrack_tuple *tuple)
|
|||||||
master ct never got confirmed, we'd hold a reference to it
|
master ct never got confirmed, we'd hold a reference to it
|
||||||
and weird things would happen to future packets). */
|
and weird things would happen to future packets). */
|
||||||
if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)
|
if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)
|
||||||
&& is_confirmed(i->master)
|
&& is_confirmed(i->master)) {
|
||||||
&& del_timer(&i->timeout)) {
|
if (i->flags & IP_CT_EXPECT_PERMANENT) {
|
||||||
|
atomic_inc(&i->use);
|
||||||
|
return i;
|
||||||
|
} else if (del_timer(&i->timeout)) {
|
||||||
unlink_expect(i);
|
unlink_expect(i);
|
||||||
return i;
|
return i;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -421,6 +421,7 @@ static int help(struct sk_buff **pskb,
|
|||||||
{ 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFF }});
|
{ 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFF }});
|
||||||
|
|
||||||
exp->expectfn = NULL;
|
exp->expectfn = NULL;
|
||||||
|
exp->flags = 0;
|
||||||
|
|
||||||
/* Now, NAT might want to mangle the packet, and register the
|
/* Now, NAT might want to mangle the packet, and register the
|
||||||
* (possibly changed) expectation itself. */
|
* (possibly changed) expectation itself. */
|
||||||
|
@ -221,6 +221,7 @@ static int help(struct sk_buff **pskb,
|
|||||||
{ { 0, { 0 } },
|
{ { 0, { 0 } },
|
||||||
{ 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFF }});
|
{ 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFF }});
|
||||||
exp->expectfn = NULL;
|
exp->expectfn = NULL;
|
||||||
|
exp->flags = 0;
|
||||||
if (ip_nat_irc_hook)
|
if (ip_nat_irc_hook)
|
||||||
ret = ip_nat_irc_hook(pskb, ctinfo,
|
ret = ip_nat_irc_hook(pskb, ctinfo,
|
||||||
addr_beg_p - ib_ptr,
|
addr_beg_p - ib_ptr,
|
||||||
|
@ -1413,6 +1413,7 @@ ctnetlink_create_expect(struct nfattr *cda[])
|
|||||||
}
|
}
|
||||||
|
|
||||||
exp->expectfn = NULL;
|
exp->expectfn = NULL;
|
||||||
|
exp->flags = 0;
|
||||||
exp->master = ct;
|
exp->master = ct;
|
||||||
memcpy(&exp->tuple, &tuple, sizeof(struct ip_conntrack_tuple));
|
memcpy(&exp->tuple, &tuple, sizeof(struct ip_conntrack_tuple));
|
||||||
memcpy(&exp->mask, &mask, sizeof(struct ip_conntrack_tuple));
|
memcpy(&exp->mask, &mask, sizeof(struct ip_conntrack_tuple));
|
||||||
|
@ -75,6 +75,7 @@ static int tftp_help(struct sk_buff **pskb,
|
|||||||
exp->mask.dst.u.udp.port = 0xffff;
|
exp->mask.dst.u.udp.port = 0xffff;
|
||||||
exp->mask.dst.protonum = 0xff;
|
exp->mask.dst.protonum = 0xff;
|
||||||
exp->expectfn = NULL;
|
exp->expectfn = NULL;
|
||||||
|
exp->flags = 0;
|
||||||
|
|
||||||
DEBUGP("expect: ");
|
DEBUGP("expect: ");
|
||||||
DUMP_TUPLE(&exp->tuple);
|
DUMP_TUPLE(&exp->tuple);
|
||||||
|
Loading…
Reference in New Issue
Block a user