if (err < 0)
goto out;
- sock->state = SS_CONNECTING;
+ sock->state = SS_CONNECTING;
/* Just entered SS_CONNECTING state; the only
* difference is that return value in non-blocking
*/
static struct inet_protosw inetsw_array[] =
{
- {
- .type = SOCK_STREAM,
- .protocol = IPPROTO_TCP,
- .prot = &tcp_prot,
- .ops = &inet_stream_ops,
- .capability = -1,
- .no_check = 0,
- .flags = INET_PROTOSW_PERMANENT |
+ {
+ .type = SOCK_STREAM,
+ .protocol = IPPROTO_TCP,
+ .prot = &tcp_prot,
+ .ops = &inet_stream_ops,
+ .capability = -1,
+ .no_check = 0,
+ .flags = INET_PROTOSW_PERMANENT |
INET_PROTOSW_ICSK,
- },
-
- {
- .type = SOCK_DGRAM,
- .protocol = IPPROTO_UDP,
- .prot = &udp_prot,
- .ops = &inet_dgram_ops,
- .capability = -1,
- .no_check = UDP_CSUM_DEFAULT,
- .flags = INET_PROTOSW_PERMANENT,
+ },
+
+ {
+ .type = SOCK_DGRAM,
+ .protocol = IPPROTO_UDP,
+ .prot = &udp_prot,
+ .ops = &inet_dgram_ops,
+ .capability = -1,
+ .no_check = UDP_CSUM_DEFAULT,
+ .flags = INET_PROTOSW_PERMANENT,
},
-
+
{
- .type = SOCK_RAW,
- .protocol = IPPROTO_IP, /* wild card */
- .prot = &raw_prot,
- .ops = &inet_sockraw_ops,
- .capability = CAP_NET_RAW,
- .no_check = UDP_CSUM_DEFAULT,
- .flags = INET_PROTOSW_REUSE,
+ .type = SOCK_RAW,
+ .protocol = IPPROTO_IP, /* wild card */
+ .prot = &raw_prot,
+ .ops = &inet_sockraw_ops,
+ .capability = CAP_NET_RAW,
+ .no_check = UDP_CSUM_DEFAULT,
+ .flags = INET_PROTOSW_REUSE,
}
};
/* Add the new entry after the last permanent entry if any, so that
* the new entry does not override a permanent entry when matched with
* a wild-card protocol. But it is allowed to override any existing
- * non-permanent entry. This means that when we remove this entry, the
+ * non-permanent entry. This means that when we remove this entry, the
* system automatically returns to the old behavior.
*/
list_add_rcu(&p->list, last_perm);
},
},
};
-
+
security_sk_classify_flow(sk, &fl);
err = ip_route_output_flow(&rt, &fl, sk, 0);
}
goto out_unregister_udp_proto;
/*
- * Tell SOCKET that we are alive...
+ * Tell SOCKET that we are alive...
*/
- (void)sock_register(&inet_family_ops);
+ (void)sock_register(&inet_family_ops);
/*
* Add all the base protocols.
arp_init();
- /*
- * Set the IP module up
- */
+ /*
+ * Set the IP module up
+ */
ip_init();
#endif
/*
* Initialise per-cpu ipv4 mibs
- */
+ */
if(init_ipv4_mibs())
printk(KERN_CRIT "inet_init: Cannot init ipv4 mibs\n"); ;
-
+
ipv4_proc_init();
ipfrag_init();
top_iph->check = 0;
ahp = x->data;
- ah->hdrlen = (XFRM_ALIGN8(sizeof(struct ip_auth_hdr) +
+ ah->hdrlen = (XFRM_ALIGN8(sizeof(struct ip_auth_hdr) +
ahp->icv_trunc_len) >> 2) - 2;
ah->reserved = 0;
ah = (struct ip_auth_hdr*)skb->data;
ahp = x->data;
ah_hlen = (ah->hdrlen + 2) << 2;
-
+
if (ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_full_len) &&
- ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len))
+ ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len))
goto out;
if (!pskb_may_pull(skb, ah_hlen))
if (ip_clear_mutable_options(iph, &dummy))
goto out;
}
- {
+ {
u8 auth_data[MAX_AH_AUTH_LEN];
-
+
memcpy(auth_data, ah->auth_data, ahp->icv_trunc_len);
skb_push(skb, ihl);
err = ah_mac_digest(ahp, skb, ah->auth_data);
ahp->tfm = tfm;
if (crypto_hash_setkey(tfm, ahp->key, ahp->key_len))
goto error;
-
+
/*
* Lookup the algorithm description maintained by xfrm_algo,
* verify crypto transform properties, and store information
aalg_desc->uinfo.auth.icv_fullbits/8);
goto error;
}
-
+
ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8;
ahp->icv_trunc_len = aalg_desc->uinfo.auth.icv_truncbits/8;
-
+
BUG_ON(ahp->icv_trunc_len > MAX_AH_AUTH_LEN);
-
+
ahp->work_icv = kmalloc(ahp->icv_full_len, GFP_KERNEL);
if (!ahp->work_icv)
goto error;
-
+
x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len);
if (x->props.mode == XFRM_MODE_TUNNEL)
x->props.header_len += sizeof(struct iphdr);
* 2 of the License, or (at your option) any later version.
*
* Fixes:
- * Alan Cox : Removed the Ethernet assumptions in
+ * Alan Cox : Removed the Ethernet assumptions in
* Florian's code
- * Alan Cox : Fixed some small errors in the ARP
+ * Alan Cox : Fixed some small errors in the ARP
* logic
* Alan Cox : Allow >4K in /proc
* Alan Cox : Make ARP add its own protocol entry
* Jonathan Naylor : Only lookup the hardware address for
* the correct hardware type.
* Germano Caronni : Assorted subtle races.
- * Craig Schlenter : Don't modify permanent entry
+ * Craig Schlenter : Don't modify permanent entry
* during arp_rcv.
* Russ Nelson : Tidied up a few bits.
* Alexey Kuznetsov: Major changes to caching and behaviour,
- * eg intelligent arp probing and
+ * eg intelligent arp probing and
* generation
* of host down events.
* Alan Cox : Missing unlock in device events.
* Eckes : ARP ioctl control errors.
* Alexey Kuznetsov: Arp free fix.
* Manuel Rodriguez: Gratuitous ARP.
- * Jonathan Layes : Added arpd support through kerneld
+ * Jonathan Layes : Added arpd support through kerneld
* message queue (960314)
* Mike Shaver : /proc/sys/net/ipv4/arp_* support
* Mike McLagan : Routing by source
case ARPHRD_FDDI:
case ARPHRD_IEEE802:
ip_eth_mc_map(addr, haddr);
- return 0;
+ return 0;
case ARPHRD_IEEE802_TR:
ip_tr_mc_map(addr, haddr);
return 0;
switch (dev->type) {
default:
break;
- case ARPHRD_ROSE:
+ case ARPHRD_ROSE:
#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
case ARPHRD_AX25:
#if defined(CONFIG_NETROM) || defined(CONFIG_NETROM_MODULE)
struct flowi fl = { .nl_u = { .ip4_u = { .daddr = sip,
.saddr = tip } } };
struct rtable *rt;
- int flag = 0;
+ int flag = 0;
/*unsigned long now; */
- if (ip_route_output_key(&rt, &fl) < 0)
+ if (ip_route_output_key(&rt, &fl) < 0)
return 1;
- if (rt->u.dst.dev != dev) {
+ if (rt->u.dst.dev != dev) {
NET_INC_STATS_BH(LINUX_MIB_ARPFILTER);
flag = 1;
- }
- ip_rt_put(rt);
- return flag;
-}
+ }
+ ip_rt_put(rt);
+ return flag;
+}
/* OBSOLETE FUNCTIONS */
n->used = jiffies;
if (n->nud_state&NUD_VALID || neigh_event_send(n, skb) == 0) {
read_lock_bh(&n->lock);
- memcpy(haddr, n->ha, dev->addr_len);
+ memcpy(haddr, n->ha, dev->addr_len);
read_unlock_bh(&n->lock);
neigh_release(n);
return 0;
/*
* Allocate a buffer
*/
-
+
skb = alloc_skb(sizeof(struct arphdr)+ 2*(dev->addr_len+4)
+ LL_RESERVED_SPACE(dev), GFP_ATOMIC);
if (skb == NULL)
/*
* No arp on this interface.
*/
-
+
if (dev->flags&IFF_NOARP)
return;
arp = skb->nh.arph;
switch (dev_type) {
- default:
+ default:
if (arp->ar_pro != htons(ETH_P_IP) ||
htons(dev_type) != arp->ar_hrd)
goto out;
tha = arp_ptr;
arp_ptr += dev->addr_len;
memcpy(&tip, arp_ptr, 4);
-/*
+/*
* Check for bad requests for 127.x.x.x and requests for multicast
* addresses. If this is one such, delete it.
*/
* Process entry. The idea here is we want to send a reply if it is a
* request for us or if it is a request for someone else that we hold
* a proxy for. We want to add an entry to our cache if it is a reply
- * to us or if it is a request for our address.
- * (The assumption for this last is that if someone is requesting our
- * address, they are probably intending to talk to us, so it saves time
- * if we cache their address. Their address is also probably not in
+ * to us or if it is a request for our address.
+ * (The assumption for this last is that if someone is requesting our
+ * address, they are probably intending to talk to us, so it saves time
+ * if we cache their address. Their address is also probably not in
* our cache, since ours is not in their cache.)
- *
+ *
* Putting this another way, we only care about replies if they are to
* us, in which case we add them to the cache. For requests, we care
* about those for us and those for our proxies. We reply to both,
- * and in the case of requests for us we add the requester to the arp
+ * and in the case of requests for us we add the requester to the arp
* cache.
*/
if (!dont_send)
dont_send |= arp_ignore(in_dev,dev,sip,tip);
if (!dont_send && IN_DEV_ARPFILTER(in_dev))
- dont_send |= arp_filter(sip,tip,dev);
+ dont_send |= arp_filter(sip,tip,dev);
if (!dont_send)
arp_send(ARPOP_REPLY,ETH_P_ARP,sip,dev,tip,sha,dev->dev_addr,sha);
if (n)
neigh_release(n);
- if (NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED ||
+ if (NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED ||
skb->pkt_type == PACKET_HOST ||
in_dev->arp_parms->proxy_delay == 0) {
arp_send(ARPOP_REPLY,ETH_P_ARP,sip,dev,tip,sha,dev->dev_addr,sha);
if (r->arp_flags & ATF_PERM)
state = NUD_PERMANENT;
err = neigh_update(neigh, (r->arp_flags&ATF_COM) ?
- r->arp_ha.sa_data : NULL, state,
+ r->arp_ha.sa_data : NULL, state,
NEIGH_UPDATE_F_OVERRIDE|
NEIGH_UPDATE_F_ADMIN);
neigh_release(neigh);
neigh = neigh_lookup(&arp_tbl, &ip, dev);
if (neigh) {
if (neigh->nud_state&~NUD_NOARP)
- err = neigh_update(neigh, NULL, NUD_FAILED,
+ err = neigh_update(neigh, NULL, NUD_FAILED,
NEIGH_UPDATE_F_OVERRIDE|
NEIGH_UPDATE_F_ADMIN);
neigh_release(neigh);
switch(cmd) {
case SIOCDARP:
- err = arp_req_delete(&r, dev);
+ err = arp_req_delete(&r, dev);
break;
case SIOCSARP:
err = arp_req_set(&r, dev);
if (c != ' ') *s++ = c;
}
-
+
*s++ = '-';
if ((n = ((a->ax25_call[6] >> 1) & 0x0F)) > 9) {
*s++ = '1';
n -= 10;
}
-
+
*s++ = n + '0';
*s++ = '\0';
struct seq_file *seq;
int rc = -ENOMEM;
struct neigh_seq_state *s = kzalloc(sizeof(*s), GFP_KERNEL);
-
+
if (!s)
goto out;
int oif;
int err;
-
- if (addr_len < sizeof(*usin))
- return -EINVAL;
- if (usin->sin_family != AF_INET)
- return -EAFNOSUPPORT;
+ if (addr_len < sizeof(*usin))
+ return -EINVAL;
+
+ if (usin->sin_family != AF_INET)
+ return -EAFNOSUPPORT;
sk_dst_reset(sk);
ip_rt_put(rt);
return -EACCES;
}
- if (!inet->saddr)
- inet->saddr = rt->rt_src; /* Update source address */
+ if (!inet->saddr)
+ inet->saddr = rt->rt_src; /* Update source address */
if (!inet->rcv_saddr)
inet->rcv_saddr = rt->rt_src;
inet->daddr = rt->rt_dst;
ASSERT_RTNL();
- /* 1. Deleting primary ifaddr forces deletion all secondaries
+ /* 1. Deleting primary ifaddr forces deletion all secondaries
* unless alias promotion is set
**/
struct in_ifaddr **ifap1 = &ifa1->ifa_next;
while ((ifa = *ifap1) != NULL) {
- if (!(ifa->ifa_flags & IFA_F_SECONDARY) &&
+ if (!(ifa->ifa_flags & IFA_F_SECONDARY) &&
ifa1->ifa_scope <= ifa->ifa_scope)
last_prim = ifa;
{
int rc = -1; /* Something else, probably a multicast. */
- if (ZERONET(addr))
- rc = 0;
+ if (ZERONET(addr))
+ rc = 0;
else {
__u32 haddr = ntohl(addr);
rc = 24;
}
- return rc;
+ return rc;
}
* alias numbering and to create unique labels if possible.
*/
static void inetdev_changename(struct net_device *dev, struct in_device *in_dev)
-{
+{
struct in_ifaddr *ifa;
int named = 0;
- for (ifa = in_dev->ifa_list; ifa; ifa = ifa->ifa_next) {
- char old[IFNAMSIZ], *dot;
+ for (ifa = in_dev->ifa_list; ifa; ifa = ifa->ifa_next) {
+ char old[IFNAMSIZ], *dot;
memcpy(old, ifa->ifa_label, IFNAMSIZ);
- memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
+ memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
if (named++ == 0)
continue;
dot = strchr(ifa->ifa_label, ':');
- if (dot == NULL) {
- sprintf(old, ":%d", named);
+ if (dot == NULL) {
+ sprintf(old, ":%d", named);
dot = old;
}
- if (strlen(dot) + strlen(dev->name) < IFNAMSIZ) {
- strcat(ifa->ifa_label, dot);
- } else {
- strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot);
- }
- }
-}
+ if (strlen(dot) + strlen(dev->name) < IFNAMSIZ) {
+ strcat(ifa->ifa_label, dot);
+ } else {
+ strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot);
+ }
+ }
+}
/* Called only under RTNL semaphore */
},
},
.devinet_conf_dir = {
- {
+ {
.ctl_name = NET_IPV4_CONF,
.procname = "conf",
.mode = 0555,
}
if (dev) {
- dev_name = dev->name;
+ dev_name = dev->name;
t->devinet_dev[0].ctl_name = dev->ifindex;
} else {
dev_name = "default";
t->devinet_dev[0].ctl_name = NET_PROTO_CONF_DEFAULT;
}
- /*
- * Make a copy of dev_name, because '.procname' is regarded as const
+ /*
+ * Make a copy of dev_name, because '.procname' is regarded as const
* by sysctl and we wouldn't want anyone to change it under our feet
* (see SIOCSIFNAME).
- */
+ */
dev_name = kstrdup(dev_name, GFP_KERNEL);
if (!dev_name)
goto free;
if (padlen+2 >= elen)
goto out;
- /* ... check padding bits here. Silly. :-) */
+ /* ... check padding bits here. Silly. :-) */
iph = skb->nh.iph;
ihl = iph->ihl * 4;
ipaddr.a4 = iph->saddr;
km_new_mapping(x, &ipaddr, uh->source);
-
+
/* XXX: perhaps add an extra
* policy check here, to see
* if we should allow or
* address/port.
*/
}
-
+
/*
* 2) ignore UDP/TCP checksums in case
* of NAT-T in Transport Mode, or
mtu = ALIGN(mtu + 2, 4) + blksize - 4;
break;
case XFRM_MODE_BEET:
- /* The worst case. */
+ /* The worst case. */
enclen = IPV4_BEET_PHMAXLEN;
mtu = ALIGN(mtu + enclen + 2, blksize);
break;
#ifdef CONFIG_IP_MULTIPLE_TABLES
res.r = NULL;
#endif
-
+
if (ip_fib_local_table) {
ret = RTN_UNICAST;
if (!ip_fib_local_table->tb_lookup(ip_fib_local_table,
int len = 0;
mx = kzalloc(3 * nla_total_size(4), GFP_KERNEL);
- if (mx == NULL)
+ if (mx == NULL)
return -ENOMEM;
if (rt->rt_flags & RTF_MTU)
/*
* Handle IP routing ioctl calls. These are used to manipulate the routing tables
*/
-
+
int ip_rt_ioctl(unsigned int cmd, void __user *arg)
{
struct fib_config cfg;
goto next;
if (dumped)
memset(&cb->args[2], 0, sizeof(cb->args) -
- 2 * sizeof(cb->args[0]));
+ 2 * sizeof(cb->args[0]));
if (tb->tb_dump(tb, skb, cb) < 0)
goto out;
dumped = 1;
static void nl_fib_lookup(struct fib_result_nl *frn, struct fib_table *tb )
{
-
+
struct fib_result res;
struct flowi fl = { .mark = frn->fl_mark,
.nl_u = { .ip4_u = { .daddr = frn->fl_addr,
static void nl_fib_input(struct sock *sk, int len)
{
struct sk_buff *skb = NULL;
- struct nlmsghdr *nlh = NULL;
+ struct nlmsghdr *nlh = NULL;
struct fib_result_nl *frn;
- u32 pid;
+ u32 pid;
struct fib_table *tb;
-
+
skb = skb_dequeue(&sk->sk_receive_queue);
nlh = (struct nlmsghdr *)skb->data;
if (skb->len < NLMSG_SPACE(0) || skb->len < nlh->nlmsg_len ||
kfree_skb(skb);
return;
}
-
+
frn = (struct fib_result_nl *) NLMSG_DATA(nlh);
tb = fib_get_table(frn->tb_id_in);
nl_fib_lookup(frn, tb);
-
+
pid = nlh->nlmsg_pid; /*pid of sending process */
NETLINK_CB(skb).pid = 0; /* from kernel */
NETLINK_CB(skb).dst_group = 0; /* unicast */
netlink_unicast(sk, skb, pid, MSG_DONTWAIT);
-}
+}
static void nl_fib_lookup_init(void)
{
struct hlist_head *ht, *old_ht;
int old_divisor, new_divisor;
u32 new_hashmask;
-
+
old_divisor = fz->fz_divisor;
switch (old_divisor) {
if (!iter->zone)
goto out;
-
+
iter->bucket = 0;
iter->hash_head = iter->zone->fz_hash;
{
struct fib_iter_state *iter = seq->private;
struct fib_alias *fa;
-
+
if (iter->valid && pos >= iter->pos && iter->genid == fib_hash_genid) {
fa = iter->fa;
pos -= iter->pos;
return flags;
}
-/*
+/*
* This outputs /proc/net/route.
*
* It always works in backward compatibility mode.
struct seq_file *seq;
int rc = -ENOMEM;
struct fib_iter_state *s = kzalloc(sizeof(*s), GFP_KERNEL);
-
+
if (!s)
goto out;
#define endfor_nexthops(fi) }
-static const struct
+static const struct
{
int error;
u8 scope;
} fib_props[RTA_MAX + 1] = {
- {
+ {
.error = 0,
.scope = RT_SCOPE_NOWHERE,
}, /* RTN_UNSPEC */
rtnh = cfg->fc_mp;
remaining = cfg->fc_mp_len;
-
+
for_nexthops(fi) {
int attrlen;
Normally it looks as following.
{universe prefix} -> (gw, oif) [scope link]
- |
+ |
|-> {link prefix} -> (gw, oif) [scope local]
- |
+ |
|-> {local prefix} (terminal node)
*/
err = -EINVAL;
failure:
- if (fi) {
+ if (fi) {
fi->fib_dead = 1;
free_fib_info(fi);
}
{
int ret = 0;
int scope = RT_SCOPE_NOWHERE;
-
+
if (force)
scope = -1;
* Robert Olsson <robert.olsson@its.uu.se> Uppsala Universitet
* & Swedish University of Agricultural Sciences.
*
- * Jens Laas <jens.laas@data.slu.se> Swedish University of
+ * Jens Laas <jens.laas@data.slu.se> Swedish University of
* Agricultural Sciences.
- *
+ *
* Hans Liss <hans.liss@its.uu.se> Uppsala Universitet
*
* This work is based on the LPC-trie which is originally descibed in:
- *
+ *
* An experimental study of compression methods for dynamic tries
* Stefan Nilsson and Matti Tikkanen. Algorithmica, 33(1):19-33, 2002.
* http://www.nada.kth.se/~snilsson/public/papers/dyntrie2/
}
/*
- To understand this stuff, an understanding of keys and all their bits is
- necessary. Every node in the trie has a key associated with it, but not
+ To understand this stuff, an understanding of keys and all their bits is
+ necessary. Every node in the trie has a key associated with it, but not
all of the bits in that key are significant.
Consider a node 'n' and its parent 'tp'.
- If n is a leaf, every bit in its key is significant. Its presence is
- necessitated by path compression, since during a tree traversal (when
- searching for a leaf - unless we are doing an insertion) we will completely
- ignore all skipped bits we encounter. Thus we need to verify, at the end of
- a potentially successful search, that we have indeed been walking the
+ If n is a leaf, every bit in its key is significant. Its presence is
+ necessitated by path compression, since during a tree traversal (when
+ searching for a leaf - unless we are doing an insertion) we will completely
+ ignore all skipped bits we encounter. Thus we need to verify, at the end of
+ a potentially successful search, that we have indeed been walking the
correct key path.
- Note that we can never "miss" the correct key in the tree if present by
- following the wrong path. Path compression ensures that segments of the key
- that are the same for all keys with a given prefix are skipped, but the
- skipped part *is* identical for each node in the subtrie below the skipped
- bit! trie_insert() in this implementation takes care of that - note the
+ Note that we can never "miss" the correct key in the tree if present by
+ following the wrong path. Path compression ensures that segments of the key
+ that are the same for all keys with a given prefix are skipped, but the
+ skipped part *is* identical for each node in the subtrie below the skipped
+ bit! trie_insert() in this implementation takes care of that - note the
call to tkey_sub_equals() in trie_insert().
- if n is an internal node - a 'tnode' here, the various parts of its key
+ if n is an internal node - a 'tnode' here, the various parts of its key
have many different meanings.
- Example:
+ Example:
_________________________________________________________________
| i | i | i | i | i | i | i | N | N | N | S | S | S | S | S | C |
-----------------------------------------------------------------
- 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
+ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
_________________________________________________________________
| C | C | C | u | u | u | u | u | u | u | u | u | u | u | u | u |
n->pos = 15
n->bits = 4
- First, let's just ignore the bits that come before the parent tp, that is
- the bits from 0 to (tp->pos-1). They are *known* but at this point we do
+ First, let's just ignore the bits that come before the parent tp, that is
+ the bits from 0 to (tp->pos-1). They are *known* but at this point we do
not use them for anything.
The bits from (tp->pos) to (tp->pos + tp->bits - 1) - "N", above - are the
- index into the parent's child array. That is, they will be used to find
+ index into the parent's child array. That is, they will be used to find
'n' among tp's children.
The bits from (tp->pos + tp->bits) to (n->pos - 1) - "S" - are skipped bits
for the node n.
- All the bits we have seen so far are significant to the node n. The rest
+ All the bits we have seen so far are significant to the node n. The rest
of the bits are really not needed or indeed known in n->key.
- The bits from (n->pos) to (n->pos + n->bits - 1) - "C" - are the index into
+ The bits from (n->pos) to (n->pos + n->bits - 1) - "C" - are the index into
n's child array, and will of course be different for each child.
-
+
The rest of the bits, from (n->pos + n->bits) onward, are completely unknown
at this point.
static int halve_threshold = 25;
static int inflate_threshold = 50;
static int halve_threshold_root = 15;
-static int inflate_threshold_root = 25;
+static int inflate_threshold_root = 25;
static void __alias_free_mem(struct rcu_head *head)
struct leaf *l = (struct leaf *) tn;
call_rcu_bh(&l->rcu, __leaf_free_rcu);
}
- else
+ else
call_rcu(&tn->rcu, __tnode_free_rcu);
}
int inflate_threshold_use;
int halve_threshold_use;
- if (!tn)
+ if (!tn)
return NULL;
pr_debug("In tnode_resize %p inflate_threshold=%d threshold=%d\n",
if(!tn->parent)
inflate_threshold_use = inflate_threshold_root;
- else
+ else
inflate_threshold_use = inflate_threshold;
err = 0;
if(!tn->parent)
halve_threshold_use = halve_threshold_root;
- else
+ else
halve_threshold_use = halve_threshold;
err = 0;
right = tnode_new(inode->key|m, inode->pos + 1,
inode->bits - 1);
- if (!right) {
+ if (!right) {
tnode_free(left);
goto nomem;
- }
+ }
put_child(t, tn, 2*i, (struct node *) left);
put_child(t, tn, 2*i+1, (struct node *) right);
static void insert_leaf_info(struct hlist_head *head, struct leaf_info *new)
{
- struct leaf_info *li = NULL, *last = NULL;
- struct hlist_node *node;
+ struct leaf_info *li = NULL, *last = NULL;
+ struct hlist_node *node;
- if (hlist_empty(head)) {
- hlist_add_head_rcu(&new->hlist, head);
- } else {
- hlist_for_each_entry(li, node, head, hlist) {
- if (new->plen > li->plen)
- break;
+ if (hlist_empty(head)) {
+ hlist_add_head_rcu(&new->hlist, head);
+ } else {
+ hlist_for_each_entry(li, node, head, hlist) {
+ if (new->plen > li->plen)
+ break;
- last = li;
- }
- if (last)
- hlist_add_after_rcu(&last->hlist, &new->hlist);
- else
- hlist_add_before_rcu(&new->hlist, &li->hlist);
- }
+ last = li;
+ }
+ if (last)
+ hlist_add_after_rcu(&last->hlist, &new->hlist);
+ else
+ hlist_add_before_rcu(&new->hlist, &li->hlist);
+ }
}
/* rcu_read_lock needs to be hold by caller from readside */
/* Decend if tnode */
while (IS_TNODE(c)) {
p = (struct tnode *) c;
- idx = 0;
+ idx = 0;
/* Rightmost non-NULL branch */
if (p && IS_TNODE(p))
seq_indent(seq, iter->depth-1);
seq_printf(seq, " +-- %d.%d.%d.%d/%d %d %d %d\n",
- NIPQUAD(prf), tn->pos, tn->bits, tn->full_children,
+ NIPQUAD(prf), tn->pos, tn->bits, tn->full_children,
tn->empty_children);
-
+
} else {
struct leaf *l = (struct leaf *) n;
int i;
/* No rate limit on loopback */
if (dst->dev && (dst->dev->flags&IFF_LOOPBACK))
- goto out;
+ goto out;
/* Limit if icmp type is enabled in ratemask. */
if ((1 << type) & sysctl_icmp_ratemask)
struct sk_buff *skb;
if (ip_append_data(icmp_socket->sk, icmp_glue_bits, icmp_param,
- icmp_param->data_len+icmp_param->head_len,
- icmp_param->head_len,
- ipc, rt, MSG_DONTWAIT) < 0)
+ icmp_param->data_len+icmp_param->head_len,
+ icmp_param->head_len,
+ ipc, rt, MSG_DONTWAIT) < 0)
ip_flush_pending_frames(icmp_socket->sk);
else if ((skb = skb_peek(&icmp_socket->sk->sk_write_queue)) != NULL) {
struct icmphdr *icmph = skb->h.icmph;
skb->h.icmph->un.gateway,
iph->saddr, skb->dev);
break;
- }
+ }
out:
return;
out_err:
* Parse the ICMP message
*/
- if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
+ if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
/*
* RFC 1122: 3.2.2.6 An ICMP_ECHO to broadcast MAY be
* silently ignored (we let user decide with a sysctl).
icmph->type != ICMP_ADDRESS &&
icmph->type != ICMP_ADDRESSREPLY) {
goto error;
- }
+ }
}
ICMP_INC_STATS_BH(icmp_pointers[icmph->type].input_entry);
.input_entry = ICMP_MIB_DUMMY,
.handler = icmp_discard,
},
- [ICMP_INFO_REPLY] = {
+ [ICMP_INFO_REPLY] = {
.output_entry = ICMP_MIB_DUMMY,
.input_entry = ICMP_MIB_DUMMY,
.handler = icmp_discard,
*
* Chih-Jen Chang : Tried to revise IGMP to Version 2
* Tsu-Sheng Tsao E-mail: chihjenc@scf.usc.edu and tsusheng@scf.usc.edu
- * The enhancements are mainly based on Steve Deering's
+ * The enhancements are mainly based on Steve Deering's
* ipmulti-3.5 source code.
* Chih-Jen Chang : Added the igmp_get_mrouter_info and
* Tsu-Sheng Tsao igmp_set_mrouter_info to keep track of
* Alan Cox : Stop IGMP from 0.0.0.0 being accepted.
* Alan Cox : Use GFP_ATOMIC in the right places.
* Christian Daudt : igmp timer wasn't set for local group
- * memberships but was being deleted,
- * which caused a "del_timer() called
+ * memberships but was being deleted,
+ * which caused a "del_timer() called
* from %p with timer not initialized\n"
* message (960131).
- * Christian Daudt : removed del_timer from
+ * Christian Daudt : removed del_timer from
* igmp_timer_expire function (960205).
* Christian Daudt : igmp_heard_report now only calls
* igmp_timer_expire if tm->running is
{
if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev))
return;
- in_dev->mr_ifc_count = in_dev->mr_qrv ? in_dev->mr_qrv :
+ in_dev->mr_ifc_count = in_dev->mr_qrv ? in_dev->mr_qrv :
IGMP_Unsolicited_Report_Count;
igmp_ifc_start_timer(in_dev, 1);
}
if (len == 8) {
if (ih->code == 0) {
/* Alas, old v1 router presents here. */
-
+
max_delay = IGMP_Query_Response_Interval;
in_dev->mr_v1_seen = jiffies +
IGMP_V1_Router_Present_Timeout;
} else { /* v3 */
if (!pskb_may_pull(skb, sizeof(struct igmpv3_query)))
return;
-
+
ih3 = (struct igmpv3_query *) skb->h.raw;
if (ih3->nsrcs) {
- if (!pskb_may_pull(skb, sizeof(struct igmpv3_query)
+ if (!pskb_may_pull(skb, sizeof(struct igmpv3_query)
+ ntohs(ih3->nsrcs)*sizeof(__be32)))
return;
ih3 = (struct igmpv3_query *) skb->h.raw;
else
im->gsquery = mark;
changed = !im->gsquery ||
- igmp_marksources(im, ntohs(ih3->nsrcs), ih3->srcs);
+ igmp_marksources(im, ntohs(ih3->nsrcs), ih3->srcs);
spin_unlock_bh(&im->lock);
if (changed)
igmp_mod_timer(im, max_delay);
void ip_mc_dec_group(struct in_device *in_dev, __be32 addr)
{
struct ip_mc_list *i, **ip;
-
+
ASSERT_RTNL();
-
+
for (ip=&in_dev->mc_list; (i=*ip)!=NULL; ip=&i->next) {
if (i->multiaddr==addr) {
if (--i->users == 0) {
#ifdef CONFIG_IP_MULTICAST
if (psf->sf_oldin &&
!IGMP_V1_SEEN(in_dev) && !IGMP_V2_SEEN(in_dev)) {
- psf->sf_crcount = in_dev->mr_qrv ? in_dev->mr_qrv :
+ psf->sf_crcount = in_dev->mr_qrv ? in_dev->mr_qrv :
IGMP_Unsolicited_Report_Count;
psf->sf_next = pmc->tomb;
pmc->tomb = psf;
/* filter mode change */
pmc->sfmode = MCAST_INCLUDE;
#ifdef CONFIG_IP_MULTICAST
- pmc->crcount = in_dev->mr_qrv ? in_dev->mr_qrv :
+ pmc->crcount = in_dev->mr_qrv ? in_dev->mr_qrv :
IGMP_Unsolicited_Report_Count;
in_dev->mr_ifc_count = pmc->crcount;
for (psf=pmc->sources; psf; psf = psf->sf_next)
#ifdef CONFIG_IP_MULTICAST
/* else no filters; keep old mode for reports */
- pmc->crcount = in_dev->mr_qrv ? in_dev->mr_qrv :
+ pmc->crcount = in_dev->mr_qrv ? in_dev->mr_qrv :
IGMP_Unsolicited_Report_Count;
in_dev->mr_ifc_count = pmc->crcount;
for (psf=pmc->sources; psf; psf = psf->sf_next)
} else if (pmc->sfmode != omode) {
/* allow mode switches for empty-set filters */
ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 0, NULL, 0);
- ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, pmc->sfmode, 0,
+ ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, pmc->sfmode, 0,
NULL, 0);
pmc->sfmode = omode;
}
}
/* update the interface filter */
- ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, omode, 1,
+ ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, omode, 1,
&mreqs->imr_sourceaddr, 1);
for (j=i+1; j<psl->sl_count; j++)
psl->sl_count++;
err = 0;
/* update the interface list */
- ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 1,
+ ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 1,
&mreqs->imr_sourceaddr, 1);
done:
rtnl_unlock();
struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq);
for (state->dev = dev_base, state->in_dev = NULL;
- state->dev;
+ state->dev;
state->dev = state->dev->next) {
struct in_device *in_dev;
in_dev = in_dev_get(state->dev);
static int igmp_mc_seq_show(struct seq_file *seq, void *v)
{
if (v == SEQ_START_TOKEN)
- seq_puts(seq,
+ seq_puts(seq,
"Idx\tDevice : Count Querier\tGroup Users Timer\tReporter\n");
else {
struct ip_mc_list *im = (struct ip_mc_list *)v;
struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq);
for (state->dev = dev_base, state->idev = NULL, state->im = NULL;
- state->dev;
+ state->dev;
state->dev = state->dev->next) {
struct in_device *idev;
idev = in_dev_get(state->dev);
struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq);
if (v == SEQ_START_TOKEN) {
- seq_printf(seq,
+ seq_printf(seq,
"%3s %6s "
"%10s %10s %6s %6s\n", "Idx",
"Device", "MCA",
} else {
seq_printf(seq,
"%3d %6.6s 0x%08x "
- "0x%08x %6lu %6lu\n",
- state->dev->ifindex, state->dev->name,
+ "0x%08x %6lu %6lu\n",
+ state->dev->ifindex, state->dev->name,
ntohl(state->im->multiaddr),
ntohl(psf->sf_inaddr),
psf->sf_count[MCAST_INCLUDE],
if (!inet_csk(sk)->icsk_bind_hash)
inet_bind_hash(sk, tb, snum);
BUG_TRAP(inet_csk(sk)->icsk_bind_hash == tb);
- ret = 0;
+ ret = 0;
fail_unlock:
spin_unlock(&head->lock);
/*
* Using different timers for retransmit, delayed acks and probes
- * We may wish use just one timer maintaining a list of expire jiffies
+ * We may wish use just one timer maintaining a list of expire jiffies
* to optimize.
*/
void inet_csk_init_xmit_timers(struct sock *sk,
icsk->icsk_delack_timer.function = delack_handler;
sk->sk_timer.function = keepalive_handler;
- icsk->icsk_retransmit_timer.data =
+ icsk->icsk_retransmit_timer.data =
icsk->icsk_delack_timer.data =
sk->sk_timer.data = (unsigned long)sk;
if (addr[0] == 0 && addr[1] == 0 &&
addr[2] == htonl(0xffff) &&
bitstring_match(addr + 3, cond->addr,
- cond->prefix_len))
+ cond->prefix_len))
break;
}
yes = 0;
}
entry.sport = tw->tw_num;
entry.dport = ntohs(tw->tw_dport);
- entry.userlocks = 0;
+ entry.userlocks = 0;
if (!inet_diag_bc_run(RTA_DATA(bc), RTA_PAYLOAD(bc), &entry))
return 0;
static inline u32 inet_sk_port_offset(const struct sock *sk)
{
const struct inet_sock *inet = inet_sk(sk);
- return secure_ipv4_port_ephemeral(inet->rcv_saddr, inet->daddr,
+ return secure_ipv4_port_ephemeral(inet->rcv_saddr, inet->daddr,
inet->dport);
}
{
struct inet_hashinfo *hinfo = death_row->hashinfo;
const unsigned short snum = inet_sk(sk)->num;
- struct inet_bind_hashbucket *head;
- struct inet_bind_bucket *tb;
+ struct inet_bind_hashbucket *head;
+ struct inet_bind_bucket *tb;
int ret;
- if (!snum) {
- int low = sysctl_local_port_range[0];
- int high = sysctl_local_port_range[1];
+ if (!snum) {
+ int low = sysctl_local_port_range[0];
+ int high = sysctl_local_port_range[1];
int range = high - low;
- int i;
+ int i;
int port;
static u32 hint;
u32 offset = hint + inet_sk_port_offset(sk);
struct hlist_node *node;
- struct inet_timewait_sock *tw = NULL;
+ struct inet_timewait_sock *tw = NULL;
- local_bh_disable();
+ local_bh_disable();
for (i = 1; i <= range; i++) {
port = low + (i + offset) % range;
- head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)];
- spin_lock(&head->lock);
+ head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)];
+ spin_lock(&head->lock);
- /* Does not bother with rcv_saddr checks,
- * because the established check is already
- * unique enough.
- */
+ /* Does not bother with rcv_saddr checks,
+ * because the established check is already
+ * unique enough.
+ */
inet_bind_bucket_for_each(tb, node, &head->chain) {
- if (tb->port == port) {
- BUG_TRAP(!hlist_empty(&tb->owners));
- if (tb->fastreuse >= 0)
- goto next_port;
- if (!__inet_check_established(death_row,
+ if (tb->port == port) {
+ BUG_TRAP(!hlist_empty(&tb->owners));
+ if (tb->fastreuse >= 0)
+ goto next_port;
+ if (!__inet_check_established(death_row,
sk, port,
&tw))
- goto ok;
- goto next_port;
- }
- }
-
- tb = inet_bind_bucket_create(hinfo->bind_bucket_cachep, head, port);
- if (!tb) {
- spin_unlock(&head->lock);
- break;
- }
- tb->fastreuse = -1;
- goto ok;
-
- next_port:
- spin_unlock(&head->lock);
- }
- local_bh_enable();
-
- return -EADDRNOTAVAIL;
+ goto ok;
+ goto next_port;
+ }
+ }
+
+ tb = inet_bind_bucket_create(hinfo->bind_bucket_cachep, head, port);
+ if (!tb) {
+ spin_unlock(&head->lock);
+ break;
+ }
+ tb->fastreuse = -1;
+ goto ok;
+
+ next_port:
+ spin_unlock(&head->lock);
+ }
+ local_bh_enable();
+
+ return -EADDRNOTAVAIL;
ok:
hint += i;
- /* Head lock still held and bh's disabled */
- inet_bind_hash(sk, tb, port);
+ /* Head lock still held and bh's disabled */
+ inet_bind_hash(sk, tb, port);
if (sk_unhashed(sk)) {
- inet_sk(sk)->sport = htons(port);
- __inet_hash(hinfo, sk, 0);
- }
- spin_unlock(&head->lock);
+ inet_sk(sk)->sport = htons(port);
+ __inet_hash(hinfo, sk, 0);
+ }
+ spin_unlock(&head->lock);
- if (tw) {
- inet_twsk_deschedule(tw, death_row);
- inet_twsk_put(tw);
- }
+ if (tw) {
+ inet_twsk_deschedule(tw, death_row);
+ inet_twsk_put(tw);
+ }
ret = 0;
goto out;
- }
+ }
- head = &hinfo->bhash[inet_bhashfn(snum, hinfo->bhash_size)];
- tb = inet_csk(sk)->icsk_bind_hash;
+ head = &hinfo->bhash[inet_bhashfn(snum, hinfo->bhash_size)];
+ tb = inet_csk(sk)->icsk_bind_hash;
spin_lock_bh(&head->lock);
if (sk_head(&tb->owners) == sk && !sk->sk_bind_node.next) {
__inet_hash(hinfo, sk, 0);
* interface as the means of communication with the user level.
*
* The IP forwarding functionality.
- *
+ *
* Version: $Id: ip_forward.c,v 1.48 2000/12/13 18:31:48 davem Exp $
*
* Authors: see ip.c
*
* Fixes:
- * Many : Split from ip.c , see ip_input.c for
+ * Many : Split from ip.c , see ip_input.c for
* history.
- * Dave Gregorich : NULL ip_rt_put fix for multicast
+ * Dave Gregorich : NULL ip_rt_put fix for multicast
* routing.
* Jos Vos : Add call_out_firewall before sending,
* use output device for accounting.
goto drop;
skb->ip_summed = CHECKSUM_NONE;
-
+
/*
* According to the RFC, we must first decrease the TTL field. If
* that reaches zero, we must reply an ICMP control message telling
* that the packet's lifetime expired.
*/
if (skb->nh.iph->ttl <= 1)
- goto too_many_hops;
+ goto too_many_hops;
if (!xfrm4_route_forward(skb))
goto drop;
ip_forward_finish);
sr_failed:
- /*
+ /*
* Strict routing permits no gatewaying
*/
- icmp_send(skb, ICMP_DEST_UNREACH, ICMP_SR_FAILED, 0);
- goto drop;
+ icmp_send(skb, ICMP_DEST_UNREACH, ICMP_SR_FAILED, 0);
+ goto drop;
too_many_hops:
- /* Tell the sender its packet died... */
- IP_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
- icmp_send(skb, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL, 0);
+ /* Tell the sender its packet died... */
+ IP_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
+ icmp_send(skb, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL, 0);
drop:
kfree_skb(skb);
return NET_RX_DROP;
* interface as the means of communication with the user level.
*
* The IP fragmentation functionality.
- *
+ *
* Version: $Id: ip_fragment.c,v 1.59 2002/01/12 07:54:56 davem Exp $
*
* Authors: Fred N. van Kempen <waltje@uWalt.NL.Mugnet.ORG>
}
}
-/* Memory limiting on fragments. Evictor trashes the oldest
+/* Memory limiting on fragments. Evictor trashes the oldest
* fragment queue until we are back under the threshold.
*/
static void ip_evictor(void)
goto err;
}
- offset = ntohs(skb->nh.iph->frag_off);
+ offset = ntohs(skb->nh.iph->frag_off);
flags = offset & ~IP_OFFSET;
offset &= IP_OFFSET;
offset <<= 3; /* offset is in 8-byte chunks */
- ihl = skb->nh.iph->ihl * 4;
+ ihl = skb->nh.iph->ihl * 4;
/* Determine the position of this fragment. */
- end = offset + skb->len - ihl;
+ end = offset + skb->len - ihl;
/* Is this the final fragment? */
if ((flags & IP_MF) == 0) {
else
qp->fragments = skb;
- if (skb->dev)
- qp->iif = skb->dev->ifindex;
+ if (skb->dev)
+ qp->iif = skb->dev->ifindex;
skb->dev = NULL;
skb_get_timestamp(skb, &qp->stamp);
qp->meat += skb->len;
return head;
out_nomem:
- LIMIT_NETDEBUG(KERN_ERR "IP: queue_glue: no memory for gluing "
+ LIMIT_NETDEBUG(KERN_ERR "IP: queue_glue: no memory for gluing "
"queue %p\n", qp);
goto out_fail;
out_oversize:
struct iphdr *iph = skb->nh.iph;
struct ipq *qp;
struct net_device *dev;
-
+
IP_INC_STATS_BH(IPSTATS_MIB_REASMREQDS);
/* Start by cleaning up the memory. */
/*
- * Linux NET3: GRE over IP protocol decoder.
+ * Linux NET3: GRE over IP protocol decoder.
*
* Authors: Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
*
solution, but it supposes maintaing new variable in ALL
skb, even if no tunneling is used.
- Current solution: t->recursion lock breaks dead loops. It looks
+ Current solution: t->recursion lock breaks dead loops. It looks
like dev->tbusy flag, but I preferred new variable, because
the semantics is different. One day, when hard_start_xmit
will be multithreaded we will have to use skb->encapsulation.
if (flags == 0 &&
skb->protocol == htons(ETH_P_WCCP)) {
skb->protocol = htons(ETH_P_IP);
- if ((*(h + offset) & 0xF0) != 0x40)
+ if ((*(h + offset) & 0xF0) != 0x40)
offset += 4;
}
struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
if (!new_skb) {
ip_rt_put(rt);
- stats->tx_dropped++;
+ stats->tx_dropped++;
dev_kfree_skb(skb);
tunnel->recursion--;
return 0;
so that I had to set ARPHRD_IPGRE to a random value.
I have an impression, that Cisco could make something similar,
but this feature is apparently missing in IOS<=11.2(8).
-
+
I set up 10.66.66/24 and fec0:6666:6666::0/96 as virtual networks
with broadcast 224.66.66.66. If you have access to mbone, play with me :-)
p[1] = htons(type);
/*
- * Set the source hardware address.
+ * Set the source hardware address.
*/
-
+
if (saddr)
memcpy(&iph->saddr, saddr, 4);
}
if (iph->daddr && !MULTICAST(iph->daddr))
return t->hlen;
-
+
return -t->hlen;
}
* Stefan Becker, <stefanb@yello.ping.de>
* Jorge Cwik, <jorge@laser.satlink.net>
* Arnt Gulbrandsen, <agulbra@nvg.unit.no>
- *
+ *
*
* Fixes:
* Alan Cox : Commented a couple of minor bits of surplus code
* Jos Vos : Do accounting *before* call_in_firewall
* Willy Konynenberg : Transparent proxying support
*
- *
+ *
*
* To Fix:
* IP fragmentation wants rewriting cleanly. The RFC815 algorithm is much more efficient
* and could be made very efficient with the addition of some virtual memory hacks to permit
* the allocation of a buffer that can then be 'grown' by twiddling page tables.
- * Output fragmentation wants updating along with the buffer management to use a single
+ * Output fragmentation wants updating along with the buffer management to use a single
* interleaved copy algorithm so that fragmenting has a one copy overhead. Actual packet
* output should probably do its own fragmentation at the UDP/RAW layer. TCP shouldn't cause
* fragmentation anyway.
/*
* Process Router Attention IP option
- */
+ */
int ip_call_ra_chain(struct sk_buff *skb)
{
struct ip_ra_chain *ra;
__skb_pull(skb, ihl);
- /* Point into the IP datagram, just past the header. */
- skb->h.raw = skb->data;
+ /* Point into the IP datagram, just past the header. */
+ skb->h.raw = skb->data;
rcu_read_lock();
{
/*
* Deliver IP Packets to the higher protocol layers.
- */
+ */
int ip_local_deliver(struct sk_buff *skb)
{
/*
/*
* Initialise the virtual path cache for the packet. It describes
* how the packet travels inside Linux networking.
- */
+ */
if (skb->dst == NULL) {
int err = ip_route_input(skb, iph->daddr, iph->saddr, iph->tos,
skb->dev);
if (unlikely(err)) {
if (err == -EHOSTUNREACH)
IP_INC_STATS_BH(IPSTATS_MIB_INADDRERRORS);
- goto drop;
+ goto drop;
}
}
return dst_input(skb);
drop:
- kfree_skb(skb);
- return NET_RX_DROP;
+ kfree_skb(skb);
+ return NET_RX_DROP;
}
/*
* Main IP Receive routine.
- */
+ */
int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev)
{
struct iphdr *iph;
inhdr_error:
IP_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
drop:
- kfree_skb(skb);
+ kfree_skb(skb);
out:
- return NET_RX_DROP;
+ return NET_RX_DROP;
}
EXPORT_SYMBOL(ip_statistics);
* Version: $Id: ip_options.c,v 1.21 2001/09/01 00:31:50 davem Exp $
*
* Authors: A.N.Kuznetsov
- *
+ *
*/
#include <linux/capability.h>
#include <net/route.h>
#include <net/cipso_ipv4.h>
-/*
+/*
* Write options to IP header, record destination address to
* source route option, address of outgoing interface
* (we should already know it, so that this function is allowed be
}
}
-/*
+/*
* Provided (sopt, skb) points to received options,
* build in dopt compiled option set appropriate for answering.
* i.e. invert SRR option, copy anothers,
* NOTE: dopt cannot point to skb.
*/
-int ip_options_echo(struct ip_options * dopt, struct sk_buff * skb)
+int ip_options_echo(struct ip_options * dopt, struct sk_buff * skb)
{
struct ip_options *sopt;
unsigned char *sptr, *dptr;
* Simple and stupid 8), but the most efficient way.
*/
-void ip_options_fragment(struct sk_buff * skb)
+void ip_options_fragment(struct sk_buff * skb)
{
unsigned char * optptr = skb->nh.raw + sizeof(struct iphdr);
struct ip_options * opt = &(IPCB(skb)->opt);
switch (optptr[3]&0xF) {
case IPOPT_TS_TSONLY:
opt->ts = optptr - iph;
- if (skb)
+ if (skb)
timeptr = (__be32*)&optptr[optptr[2]-1];
opt->ts_needtime = 1;
optptr[2] += 4;
goto error;
}
opt->cipso = optptr - iph;
- if (cipso_v4_validate(&optptr)) {
+ if (cipso_v4_validate(&optptr)) {
pp_ptr = optptr;
goto error;
}
* Fixes:
* Alan Cox : Missing nonblock feature in ip_build_xmit.
* Mike Kilburn : htons() missing in ip_build_xmit.
- * Bradford Johnson: Fix faulty handling of some frames when
+ * Bradford Johnson: Fix faulty handling of some frames when
* no route is found.
* Alexander Demenshin: Missing sk/skb free in ip_queue_xmit
* (in case if packet not accepted by
* some redundant tests.
* Vitaly E. Lavrov : Transparent proxy revived after year coma.
* Andi Kleen : Replace ip_reply with ip_send_reply.
- * Andi Kleen : Split fast and slow ip_build_xmit path
- * for decreased register pressure on x86
- * and more readibility.
+ * Andi Kleen : Split fast and slow ip_build_xmit path
+ * for decreased register pressure on x86
+ * and more readibility.
* Marc Boucher : When call_out_firewall returns FW_QUEUE,
* silently drop skb instead of failing with -EPERM.
* Detlev Wengorz : Copy protocol for fragments.
return ttl;
}
-/*
+/*
* Add an ip header to a skbuff and send it out.
*
*/
struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
if (newskb)
NF_HOOK(PF_INET, NF_IP_POST_ROUTING, newskb, NULL,
- newskb->dev,
+ newskb->dev,
ip_dev_loopback_xmit);
}
skb->protocol = htons(ETH_P_IP);
return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, dev,
- ip_finish_output,
+ ip_finish_output,
!(IPCB(skb)->flags & IPSKB_REROUTED));
}
return err;
fail:
- kfree_skb(skb);
+ kfree_skb(skb);
IP_INC_STATS(IPSTATS_MIB_FRAGFAILS);
return err;
}
* from many pieces of data. Each pieces will be holded on the socket
* until ip_push_pending_frames() is called. Each piece can be a page
* or non-page data.
- *
+ *
* Not only UDP, other transport protocols - e.g. raw sockets - can use
* this interface potentially.
*
datalen = maxfraglen - fragheaderlen;
fraglen = datalen + fragheaderlen;
- if ((flags & MSG_MORE) &&
+ if ((flags & MSG_MORE) &&
!(rt->u.dst.dev->features&NETIF_F_SG))
alloclen = mtu;
else
alloclen += rt->u.dst.trailer_len;
if (transhdrlen) {
- skb = sock_alloc_send_skb(sk,
+ skb = sock_alloc_send_skb(sk,
alloclen + hh_len + 15,
(flags & MSG_DONTWAIT), &err);
} else {
skb = NULL;
if (atomic_read(&sk->sk_wmem_alloc) <=
2 * sk->sk_sndbuf)
- skb = sock_wmalloc(sk,
+ skb = sock_wmalloc(sk,
alloclen + hh_len + 15, 1,
sk->sk_allocation);
if (unlikely(skb == NULL))
unsigned int off;
off = skb->len;
- if (getfrag(from, skb_put(skb, copy),
+ if (getfrag(from, skb_put(skb, copy),
offset, copy, off, skb) < 0) {
__skb_trim(skb, off);
err = -EFAULT;
goto error;
}
get_page(page);
- skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0);
+ skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0);
frag = &skb_shinfo(skb)->frags[i];
}
} else if (i < MAX_SKB_FRAGS) {
error:
inet->cork.length -= length;
IP_INC_STATS(IPSTATS_MIB_OUTDISCARDS);
- return err;
+ return err;
}
ssize_t ip_append_page(struct sock *sk, struct page *page,
skb->dst = dst_clone(&rt->u.dst);
/* Netfilter gets whole the not fragmented skb. */
- err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL,
+ err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL,
skb->dst->dev, dst_output);
if (err) {
if (err > 0)
/*
* Fetch data from kernel space and fill in checksum if needed.
*/
-static int ip_reply_glue_bits(void *dptr, char *to, int offset,
+static int ip_reply_glue_bits(void *dptr, char *to, int offset,
int len, int odd, struct sk_buff *skb)
{
__wsum csum;
csum = csum_partial_copy_nocheck(dptr+offset, to, len, 0);
skb->csum = csum_block_add(skb->csum, csum, odd);
- return 0;
+ return 0;
}
-/*
+/*
* Generic function to send a packet as reply to another packet.
* Used to send TCP resets so far. ICMP should use this function too.
*
- * Should run single threaded per socket because it uses the sock
+ * Should run single threaded per socket because it uses the sock
* structure to pass arguments.
*
* LATER: switch from ip_build_xmit to ip_append_*
/* Not quite clean, but right. */
.uli_u = { .ports =
{ .sport = skb->h.th->dest,
- .dport = skb->h.th->source } },
+ .dport = skb->h.th->source } },
.proto = sk->sk_protocol };
security_skb_classify_flow(skb, &fl);
if (ip_route_output_key(&rt, &fl))
* interface as the means of communication with the user level.
*
* The IP to API glue.
- *
+ *
* Version: $Id: ip_sockglue.c,v 1.62 2002/02/01 22:01:04 davem Exp $
*
* Authors: see ip.c
* Fixes:
* Many : Split from ip.c , see ip.c for history.
* Martin Mares : TOS setting fixed.
- * Alan Cox : Fixed a couple of oopses in Martin's
+ * Alan Cox : Fixed a couple of oopses in Martin's
* TOS tweaks.
* Mike McLagan : Routing by source
*/
return 0;
}
-void ip_icmp_error(struct sock *sk, struct sk_buff *skb, int err,
+void ip_icmp_error(struct sock *sk, struct sk_buff *skb, int err,
__be16 port, u32 info, u8 *payload)
{
struct inet_sock *inet = inet_sk(sk);
if (!skb)
return;
- serr = SKB_EXT_ERR(skb);
+ serr = SKB_EXT_ERR(skb);
serr->ee.ee_errno = err;
serr->ee.ee_origin = SO_EE_ORIGIN_ICMP;
- serr->ee.ee_type = skb->h.icmph->type;
+ serr->ee.ee_type = skb->h.icmph->type;
serr->ee.ee_code = skb->h.icmph->code;
serr->ee.ee_pad = 0;
serr->ee.ee_info = info;
skb->nh.iph = iph;
iph->daddr = daddr;
- serr = SKB_EXT_ERR(skb);
+ serr = SKB_EXT_ERR(skb);
serr->ee.ee_errno = err;
serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL;
- serr->ee.ee_type = 0;
+ serr->ee.ee_type = 0;
serr->ee.ee_code = 0;
serr->ee.ee_pad = 0;
serr->ee.ee_info = info;
kfree_skb(skb);
}
-/*
+/*
* Handle MSG_ERRQUEUE
*/
int ip_recv_error(struct sock *sk, struct msghdr *msg, int len)
} else
spin_unlock_bh(&sk->sk_error_queue.lock);
-out_free_skb:
+out_free_skb:
kfree_skb(skb);
out:
return err;
struct inet_sock *inet = inet_sk(sk);
int val=0,err;
- if (((1<<optname) & ((1<<IP_PKTINFO) | (1<<IP_RECVTTL) |
- (1<<IP_RECVOPTS) | (1<<IP_RECVTOS) |
- (1<<IP_RETOPTS) | (1<<IP_TOS) |
- (1<<IP_TTL) | (1<<IP_HDRINCL) |
- (1<<IP_MTU_DISCOVER) | (1<<IP_RECVERR) |
+ if (((1<<optname) & ((1<<IP_PKTINFO) | (1<<IP_RECVTTL) |
+ (1<<IP_RECVOPTS) | (1<<IP_RECVTOS) |
+ (1<<IP_RETOPTS) | (1<<IP_TOS) |
+ (1<<IP_TTL) | (1<<IP_HDRINCL) |
+ (1<<IP_MTU_DISCOVER) | (1<<IP_RECVERR) |
(1<<IP_ROUTER_ALERT) | (1<<IP_FREEBIND) |
(1<<IP_PASSSEC))) ||
- optname == IP_MULTICAST_TTL ||
- optname == IP_MULTICAST_LOOP) {
+ optname == IP_MULTICAST_TTL ||
+ optname == IP_MULTICAST_LOOP) {
if (optlen >= sizeof(int)) {
if (get_user(val, (int __user *) optval))
return -EFAULT;
val &= ~3;
val |= inet->tos & 3;
}
- if (IPTOS_PREC(val) >= IPTOS_PREC_CRITIC_ECP &&
+ if (IPTOS_PREC(val) >= IPTOS_PREC_CRITIC_ECP &&
!capable(CAP_NET_ADMIN)) {
err = -EPERM;
break;
if (inet->tos != val) {
inet->tos = val;
sk->sk_priority = rt_tos2priority(val);
- sk_dst_reset(sk);
+ sk_dst_reset(sk);
}
break;
case IP_TTL:
if (val < 0 || val > 255)
goto e_inval;
inet->mc_ttl = val;
- break;
- case IP_MULTICAST_LOOP:
+ break;
+ case IP_MULTICAST_LOOP:
if (optlen<1)
goto e_inval;
inet->mc_loop = !!val;
- break;
- case IP_MULTICAST_IF:
+ break;
+ case IP_MULTICAST_IF:
{
struct ip_mreqn mreq;
struct net_device *dev = NULL;
}
case IP_ADD_MEMBERSHIP:
- case IP_DROP_MEMBERSHIP:
+ case IP_DROP_MEMBERSHIP:
{
struct ip_mreqn mreq;
} else {
memset(&mreq, 0, sizeof(mreq));
if (copy_from_user(&mreq,optval,sizeof(struct ip_mreq)))
- break;
+ break;
}
if (optname == IP_ADD_MEMBERSHIP)
break;
}
case MCAST_JOIN_GROUP:
- case MCAST_LEAVE_GROUP:
+ case MCAST_LEAVE_GROUP:
{
struct group_req greq;
struct sockaddr_in *psin;
kfree(gsf);
break;
}
- case IP_ROUTER_ALERT:
+ case IP_ROUTER_ALERT:
err = ip_ra_control(sk, val ? 1 : 0, NULL);
break;
case IP_FREEBIND:
if (optlen<1)
goto e_inval;
- inet->freebind = !!val;
- break;
-
+ inet->freebind = !!val;
+ break;
+
case IP_IPSEC_POLICY:
case IP_XFRM_POLICY:
err = -EPERM;
struct inet_sock *inet = inet_sk(sk);
int val;
int len;
-
+
if(level!=SOL_IP)
return -EOPNOTSUPP;
return -EFAULT;
if(len < 0)
return -EINVAL;
-
+
lock_sock(sk);
switch(optname) {
inet->opt->optlen);
release_sock(sk);
- if (opt->optlen == 0)
+ if (opt->optlen == 0)
return put_user(0, optlen);
ip_options_undo(opt);
addr.s_addr = inet->mc_addr;
release_sock(sk);
- if(put_user(len, optlen))
- return -EFAULT;
+ if(put_user(len, optlen))
+ return -EFAULT;
if(copy_to_user(optval, &addr, len))
return -EFAULT;
return 0;
release_sock(sk);
return err;
}
- case IP_PKTOPTIONS:
+ case IP_PKTOPTIONS:
{
struct msghdr msg;
len -= msg.msg_controllen;
return put_user(len, optlen);
}
- case IP_FREEBIND:
- val = inet->freebind;
- break;
+ case IP_FREEBIND:
+ val = inet->freebind;
+ break;
default:
release_sock(sk);
return -ENOPROTOOPT;
}
release_sock(sk);
-
+
if (len < sizeof(int) && len > 0 && val>=0 && val<255) {
unsigned char ucval = (unsigned char)val;
len = 1;
&& (optname < MRT_BASE || optname > MRT_BASE+10)
#endif
) {
- int len;
+ int len;
if(get_user(len,optlen))
return -EFAULT;
&& (optname < MRT_BASE || optname > MRT_BASE+10)
#endif
) {
- int len;
+ int len;
if (get_user(len, optlen))
return -EFAULT;
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
+ * Software Foundation; either version 2 of the License, or (at your option)
* any later version.
*
* Todo:
u8 *start, *scratch;
struct crypto_comp *tfm;
int cpu;
-
+
plen = skb->len;
dlen = IPCOMP_SCRATCH_SIZE;
start = skb->data;
err = pskb_expand_head(skb, 0, dlen - plen, GFP_ATOMIC);
if (err)
goto out;
-
+
skb->truesize += dlen - plen;
__skb_put(skb, dlen - plen);
memcpy(skb->data, scratch, dlen);
-out:
+out:
put_cpu();
return err;
}
struct ip_comp_hdr *ipch;
if (skb_linearize_cow(skb))
- goto out;
+ goto out;
skb->ip_summed = CHECKSUM_NONE;
- /* Remove ipcomp header and decompress original payload */
+ /* Remove ipcomp header and decompress original payload */
iph = skb->nh.iph;
ipch = (void *)skb->data;
iph->protocol = ipch->nexthdr;
__skb_pull(skb, sizeof(*ipch));
err = ipcomp_decompress(x, skb);
-out:
+out:
return err;
}
u8 *start, *scratch;
struct crypto_comp *tfm;
int cpu;
-
+
ihlen = iph->ihl * 4;
plen = skb->len - ihlen;
dlen = IPCOMP_SCRATCH_SIZE;
err = -EMSGSIZE;
goto out;
}
-
+
memcpy(start + sizeof(struct ip_comp_hdr), scratch, dlen);
put_cpu();
pskb_trim(skb, ihlen + dlen + sizeof(struct ip_comp_hdr));
return 0;
-
-out:
+
+out:
put_cpu();
return err;
}
if (skb_linearize_cow(skb))
goto out_ok;
-
+
err = ipcomp_compress(x, skb);
iph = skb->nh.iph;
spi = htonl(ntohs(ipch->cpi));
x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr,
- spi, IPPROTO_COMP, AF_INET);
+ spi, IPPROTO_COMP, AF_INET);
if (!x)
return;
NETDEBUG(KERN_DEBUG "pmtu discovery on SA IPCOMP/%08x/%u.%u.%u.%u\n",
xfrm_state_put(x);
}
-/* We always hold one tunnel user reference to indicate a tunnel */
+/* We always hold one tunnel user reference to indicate a tunnel */
static struct xfrm_state *ipcomp_tunnel_create(struct xfrm_state *x)
{
struct xfrm_state *t;
u8 mode = XFRM_MODE_TUNNEL;
-
+
t = xfrm_state_alloc();
if (t == NULL)
goto out;
struct xfrm_state *t;
t = xfrm_state_lookup((xfrm_address_t *)&x->id.daddr.a4,
- x->props.saddr.a4, IPPROTO_IPIP, AF_INET);
+ x->props.saddr.a4, IPPROTO_IPIP, AF_INET);
if (!t) {
t = ipcomp_tunnel_create(x);
if (!t) {
* BOOTP rewritten to construct and analyse packets itself instead
* of misusing the IP layer. num_bugs_causing_wrong_arp_replies--;
* -- MJ, December 1998
- *
+ *
* Fixed ip_auto_config_setup calling at startup in the new "Linker Magic"
* initialization scheme.
* - Arnaldo Carvalho de Melo <acme@conectiva.com.br>, 08/11/1999
#define CONF_TIMEOUT_RANDOM (HZ) /* Maximum amount of randomization */
#define CONF_TIMEOUT_MULT *7/4 /* Rate of timeout growth */
#define CONF_TIMEOUT_MAX (HZ*30) /* Maximum allowed timeout */
-#define CONF_NAMESERVERS_MAX 3 /* Maximum number of nameservers
- - '3' from resolv.h */
+#define CONF_NAMESERVERS_MAX 3 /* Maximum number of nameservers
+ - '3' from resolv.h */
#define NONE __constant_htonl(INADDR_NONE)
* At this point we have no userspace running so need not
* claim locks on system_utsname
*/
-
+
if (!ic_host_name_set)
sprintf(init_utsname()->nodename, "%u.%u.%u.%u", NIPQUAD(ic_myaddr));
*e++ = 40;
e += 40;
- *e++ = 57; /* set extension buffer size for reply */
+ *e++ = 57; /* set extension buffer size for reply */
*e++ = 2;
- *e++ = 1; /* 128+236+8+20+14, see dhcpd sources */
+ *e++ = 1; /* 128+236+8+20+14, see dhcpd sources */
*e++ = 150;
*e++ = 255; /* End of the list */
/* Parse extensions */
if (ext_len >= 4 &&
!memcmp(b->exten, ic_bootp_cookie, 4)) { /* Check magic cookie */
- u8 *end = (u8 *) b + ntohs(b->iph.tot_len);
+ u8 *end = (u8 *) b + ntohs(b->iph.tot_len);
u8 *ext;
#ifdef IPCONFIG_DHCP
kfree_skb(skb);
return 0;
-}
+}
#endif
* seems to be a terrible waste of CPU time, but actually there is
* only one process running at all, so we don't need to use any
* scheduler functions.
- * [Actually we could now, but the nothing else running note still
+ * [Actually we could now, but the nothing else running note still
* applies.. - AC]
*/
printk(KERN_NOTICE "Sending %s%s%s requests .",
}
printk("IP-Config: Got %s answer from %u.%u.%u.%u, ",
- ((ic_got_reply & IC_RARP) ? "RARP"
+ ((ic_got_reply & IC_RARP) ? "RARP"
: (ic_proto_enabled & IC_USE_DHCP) ? "DHCP" : "BOOTP"),
NIPQUAD(ic_servaddr));
printk("my address is %u.%u.%u.%u\n", NIPQUAD(ic_myaddr));
#endif
ic_first_dev->next) {
#ifdef IPCONFIG_DYNAMIC
-
+
int retries = CONF_OPEN_RETRIES;
if (ic_dynamic() < 0) {
*/
#ifdef CONFIG_ROOT_NFS
if (ROOT_DEV == Root_NFS) {
- printk(KERN_ERR
+ printk(KERN_ERR
"IP-Config: Retrying forever (NFS root)...\n");
goto try_try_again;
}
#endif
if (--retries) {
- printk(KERN_ERR
+ printk(KERN_ERR
"IP-Config: Reopening network devices...\n");
goto try_try_again;
}
ic_set_manually = 1;
- ic_enable = (*addrs &&
- (strcmp(addrs, "off") != 0) &&
+ ic_enable = (*addrs &&
+ (strcmp(addrs, "off") != 0) &&
(strcmp(addrs, "none") != 0));
if (!ic_enable)
return 1;
/*
- * Linux NET3: IP/IP protocol decoder.
+ * Linux NET3: IP/IP protocol decoder.
*
* Version: $Id: ipip.c,v 1.50 2001/10/02 02:22:36 davem Exp $
*
Thanks for the great code!
-Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
-
+
Minor tweaks:
Cleaned up the code a little and added some pre-1.3.0 tweaks.
dev->hard_header/hard_header_len changed to use no headers.
Comments/bracketing tweaked.
Made the tunnels use dev->name not tunnel: when error reporting.
Added tx_dropped stat
-
+
-Alan Cox (Alan.Cox@linux.org) 21 March 95
Reworked:
Note: There is currently no firewall or ICMP handling done.
-Sam Lantinga (slouken@cs.ucdavis.edu) 02/13/96
-
+
*/
/* Things I wish I had known when writing the tunnel driver:
"allocated" with skb_put(). You can then write up to skb->len
bytes to that buffer. If you need more, you can call skb_put()
again with the additional amount of space you need. You can
- find out how much more space you can allocate by calling
+ find out how much more space you can allocate by calling
"skb_tailroom(skb)".
Now, to add header space, call "skb_push(skb, header_len)".
This creates space at the beginning of the buffer and returns
For comments look at net/ipv4/ip_gre.c --ANK
*/
-
+
#include <linux/capability.h>
#include <linux/module.h>
#include <linux/types.h>
struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
if (!new_skb) {
ip_rt_put(rt);
- stats->tx_dropped++;
+ stats->tx_dropped++;
dev_kfree_skb(skb);
tunnel->recursion--;
return 0;
/*
* Delete a VIF entry
*/
-
+
static int vif_delete(int vifi)
{
struct vif_device *v;
return -ENOBUFS;
break;
#endif
- case VIFF_TUNNEL:
+ case VIFF_TUNNEL:
dev = ipmr_new_tunnel(vifc);
if (!dev)
return -ENOBUFS;
/*
* A cache entry has gone into a resolved state from queued
*/
-
+
static void ipmr_cache_resolve(struct mfc_cache *uc, struct mfc_cache *c)
{
struct sk_buff *skb;
*
* Called under mrt_lock.
*/
-
+
static int ipmr_cache_report(struct sk_buff *pkt, vifi_t vifi, int assert)
{
struct sk_buff *skb;
memcpy(msg, pkt->nh.raw, sizeof(struct iphdr));
msg->im_msgtype = IGMPMSG_WHOLEPKT;
msg->im_mbz = 0;
- msg->im_vif = reg_vif_num;
+ msg->im_vif = reg_vif_num;
skb->nh.iph->ihl = sizeof(struct iphdr) >> 2;
skb->nh.iph->tot_len = htons(ntohs(pkt->nh.iph->tot_len) + sizeof(struct iphdr));
- } else
+ } else
#endif
- {
-
+ {
+
/*
* Copy the IP header
*/
igmp->code = 0;
skb->nh.iph->tot_len=htons(skb->len); /* Fix the length */
skb->h.raw = skb->nh.raw;
- }
+ }
if (mroute_socket == NULL) {
kfree_skb(skb);
/*
* Queue a packet for resolution. It gets locked cache entry!
*/
-
+
static int
ipmr_cache_unresolved(vifi_t vifi, struct sk_buff *skb)
{
* Reflect first query at mrouted.
*/
if ((err = ipmr_cache_report(skb, vifi, IGMPMSG_NOCACHE))<0) {
- /* If the report failed throw the cache entry
+ /* If the report failed throw the cache entry
out - Brad Parker
*/
spin_unlock_bh(&mfc_unres_lock);
/*
* Close the multicast socket, and clear the vif tables etc
*/
-
+
static void mroute_clean_tables(struct sock *sk)
{
int i;
-
+
/*
* Shut down all active vif entries
*/
* that's how BSD mrouted happens to think. Maybe one day with a proper
* MOSPF/PIM router set up we can clean this up.
*/
-
+
int ip_mroute_setsockopt(struct sock *sk,int optname,char __user *optval,int optlen)
{
int ret;
struct vifctl vif;
struct mfcctl mfc;
-
+
if(optname!=MRT_INIT)
{
if(sk!=mroute_socket && !capable(CAP_NET_ADMIN))
if(optlen!=sizeof(vif))
return -EINVAL;
if (copy_from_user(&vif,optval,sizeof(vif)))
- return -EFAULT;
+ return -EFAULT;
if(vif.vifc_vifi >= MAXVIFS)
return -ENFILE;
rtnl_lock();
/*
* Getsock opt support for the multicast routing system.
*/
-
+
int ip_mroute_getsockopt(struct sock *sk,int optname,char __user *optval,int __user *optlen)
{
int olr;
int val;
- if(optname!=MRT_VERSION &&
+ if(optname!=MRT_VERSION &&
#ifdef CONFIG_IP_PIMSM
optname!=MRT_PIM &&
#endif
olr = min_t(unsigned int, olr, sizeof(int));
if (olr < 0)
return -EINVAL;
-
+
if(put_user(olr,optlen))
return -EFAULT;
if(optname==MRT_VERSION)
/*
* The IP multicast ioctl support routines.
*/
-
+
int ipmr_ioctl(struct sock *sk, int cmd, void __user *arg)
{
struct sioc_sg_req sr;
struct sioc_vif_req vr;
struct vif_device *vif;
struct mfc_cache *c;
-
+
switch(cmd)
{
case SIOCGETVIFCNT:
if (copy_from_user(&vr,arg,sizeof(vr)))
- return -EFAULT;
+ return -EFAULT;
if(vr.vifi>=maxvif)
return -EINVAL;
read_lock(&mrt_lock);
* This avoids tunnel drivers and other mess and gives us the speed so
* important for multicast video.
*/
-
+
static void ip_encap(struct sk_buff *skb, __be32 saddr, __be32 daddr)
{
struct iphdr *iph = (struct iphdr *)skb_push(skb,sizeof(struct iphdr));
encap += LL_RESERVED_SPACE(dev) + rt->u.dst.header_len;
if (skb_cow(skb, encap)) {
- ip_rt_put(rt);
+ ip_rt_put(rt);
goto out_free;
}
* not mrouter) cannot join to more than one interface - it will
* result in receiving multiple packets.
*/
- NF_HOOK(PF_INET, NF_IP_FORWARD, skb, skb->dev, dev,
+ NF_HOOK(PF_INET, NF_IP_FORWARD, skb, skb->dev, dev,
ipmr_forward_finish);
return;
large chunk of pimd to kernel. Ough... --ANK
*/
(mroute_do_pim || cache->mfc_un.res.ttls[true_vifi] < 255) &&
- time_after(jiffies,
+ time_after(jiffies,
cache->mfc_un.res.last_assert + MFC_ASSERT_THRESH)) {
cache->mfc_un.res.last_assert = jiffies;
ipmr_cache_report(skb, true_vifi, IGMPMSG_WRONGVIF);
struct iphdr *encap;
struct net_device *reg_dev = NULL;
- if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap)))
+ if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap)))
goto drop;
pim = (struct igmphdr*)skb->h.raw;
- if (!mroute_do_pim ||
+ if (!mroute_do_pim ||
skb->len < sizeof(*pim) + sizeof(*encap) ||
- pim->group != PIM_V1_VERSION || pim->code != PIM_V1_REGISTER)
+ pim->group != PIM_V1_VERSION || pim->code != PIM_V1_REGISTER)
goto drop;
encap = (struct iphdr*)(skb->h.raw + sizeof(struct igmphdr));
*/
if (!MULTICAST(encap->daddr) ||
encap->tot_len == 0 ||
- ntohs(encap->tot_len) + sizeof(*pim) > skb->len)
+ ntohs(encap->tot_len) + sizeof(*pim) > skb->len)
goto drop;
read_lock(&mrt_lock);
dev_hold(reg_dev);
read_unlock(&mrt_lock);
- if (reg_dev == NULL)
+ if (reg_dev == NULL)
goto drop;
skb->mac.raw = skb->nh.raw;
struct iphdr *encap;
struct net_device *reg_dev = NULL;
- if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap)))
+ if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap)))
goto drop;
pim = (struct pimreghdr*)skb->h.raw;
- if (pim->type != ((PIM_VERSION<<4)|(PIM_REGISTER)) ||
+ if (pim->type != ((PIM_VERSION<<4)|(PIM_REGISTER)) ||
(pim->flags&PIM_NULL_REGISTER) ||
- (ip_compute_csum((void *)pim, sizeof(*pim)) != 0 &&
+ (ip_compute_csum((void *)pim, sizeof(*pim)) != 0 &&
csum_fold(skb_checksum(skb, 0, skb->len, 0))))
goto drop;
encap = (struct iphdr*)(skb->h.raw + sizeof(struct pimreghdr));
if (!MULTICAST(encap->daddr) ||
encap->tot_len == 0 ||
- ntohs(encap->tot_len) + sizeof(*pim) > skb->len)
+ ntohs(encap->tot_len) + sizeof(*pim) > skb->len)
goto drop;
read_lock(&mrt_lock);
dev_hold(reg_dev);
read_unlock(&mrt_lock);
- if (reg_dev == NULL)
+ if (reg_dev == NULL)
goto drop;
skb->mac.raw = skb->nh.raw;
return err;
}
-#ifdef CONFIG_PROC_FS
+#ifdef CONFIG_PROC_FS
/*
* The /proc interfaces to multicast routing /proc/ip_mr_cache /proc/ip_mr_vif
*/
for (iter->ct = 0; iter->ct < maxvif; ++iter->ct) {
if(!VIF_EXISTS(iter->ct))
continue;
- if (pos-- == 0)
+ if (pos-- == 0)
return &vif_table[iter->ct];
}
return NULL;
static void *ipmr_vif_seq_start(struct seq_file *seq, loff_t *pos)
{
read_lock(&mrt_lock);
- return *pos ? ipmr_vif_seq_idx(seq->private, *pos - 1)
+ return *pos ? ipmr_vif_seq_idx(seq->private, *pos - 1)
: SEQ_START_TOKEN;
}
++*pos;
if (v == SEQ_START_TOKEN)
return ipmr_vif_seq_idx(iter, 0);
-
+
while (++iter->ct < maxvif) {
if(!VIF_EXISTS(iter->ct))
continue;
static int ipmr_vif_seq_show(struct seq_file *seq, void *v)
{
if (v == SEQ_START_TOKEN) {
- seq_puts(seq,
+ seq_puts(seq,
"Interface BytesIn PktsIn BytesOut PktsOut Flags Local Remote\n");
} else {
const struct vif_device *vif = v;
seq_printf(seq,
"%2Zd %-10s %8ld %7ld %8ld %7ld %05X %08X %08X\n",
vif - vif_table,
- name, vif->bytes_in, vif->pkt_in,
+ name, vif->bytes_in, vif->pkt_in,
vif->bytes_out, vif->pkt_out,
vif->flags, vif->local, vif->remote);
}
struct seq_file *seq;
int rc = -ENOMEM;
struct ipmr_vif_iter *s = kmalloc(sizeof(*s), GFP_KERNEL);
-
+
if (!s)
goto out;
it->cache = mfc_cache_array;
read_lock(&mrt_lock);
- for (it->ct = 0; it->ct < MFC_LINES; it->ct++)
- for(mfc = mfc_cache_array[it->ct]; mfc; mfc = mfc->next)
- if (pos-- == 0)
+ for (it->ct = 0; it->ct < MFC_LINES; it->ct++)
+ for(mfc = mfc_cache_array[it->ct]; mfc; mfc = mfc->next)
+ if (pos-- == 0)
return mfc;
read_unlock(&mrt_lock);
it->cache = &mfc_unres_queue;
spin_lock_bh(&mfc_unres_lock);
- for(mfc = mfc_unres_queue; mfc; mfc = mfc->next)
+ for(mfc = mfc_unres_queue; mfc; mfc = mfc->next)
if (pos-- == 0)
return mfc;
spin_unlock_bh(&mfc_unres_lock);
struct ipmr_mfc_iter *it = seq->private;
it->cache = NULL;
it->ct = 0;
- return *pos ? ipmr_mfc_seq_idx(seq->private, *pos - 1)
+ return *pos ? ipmr_mfc_seq_idx(seq->private, *pos - 1)
: SEQ_START_TOKEN;
}
if (mfc->next)
return mfc->next;
-
- if (it->cache == &mfc_unres_queue)
+
+ if (it->cache == &mfc_unres_queue)
goto end_of_list;
BUG_ON(it->cache != mfc_cache_array);
read_unlock(&mrt_lock);
it->cache = &mfc_unres_queue;
it->ct = 0;
-
+
spin_lock_bh(&mfc_unres_lock);
mfc = mfc_unres_queue;
- if (mfc)
+ if (mfc)
return mfc;
end_of_list:
int n;
if (v == SEQ_START_TOKEN) {
- seq_puts(seq,
+ seq_puts(seq,
"Group Origin Iif Pkts Bytes Wrong Oifs\n");
} else {
const struct mfc_cache *mfc = v;
const struct ipmr_mfc_iter *it = seq->private;
-
+
seq_printf(seq, "%08lX %08lX %-3d %8ld %8ld %8ld",
(unsigned long) mfc->mfc_mcastgrp,
(unsigned long) mfc->mfc_origin,
mfc->mfc_un.res.wrong_if);
if (it->cache != &mfc_unres_queue) {
- for(n = mfc->mfc_un.res.minvif;
+ for(n = mfc->mfc_un.res.minvif;
n < mfc->mfc_un.res.maxvif; n++ ) {
- if(VIF_EXISTS(n)
+ if(VIF_EXISTS(n)
&& mfc->mfc_un.res.ttls[n] < 255)
- seq_printf(seq,
- " %2d:%-3d",
+ seq_printf(seq,
+ " %2d:%-3d",
n, mfc->mfc_un.res.ttls[n]);
}
}
struct seq_file *seq;
int rc = -ENOMEM;
struct ipmr_mfc_iter *s = kmalloc(sizeof(*s), GFP_KERNEL);
-
+
if (!s)
goto out;
.llseek = seq_lseek,
.release = seq_release_private,
};
-#endif
+#endif
#ifdef CONFIG_IP_PIMSM_V2
static struct net_protocol pim_protocol = {
/*
* Setup for IP multicast routing
*/
-
+
void __init ip_mr_init(void)
{
mrt_cachep = kmem_cache_create("ip_mrt_cache",
init_timer(&ipmr_expire_timer);
ipmr_expire_timer.function=ipmr_expire_process;
register_netdevice_notifier(&ip_mr_notifier);
-#ifdef CONFIG_PROC_FS
+#ifdef CONFIG_PROC_FS
proc_net_fops_create("ip_mr_vif", 0, &ipmr_vif_fops);
proc_net_fops_create("ip_mr_cache", 0, &ipmr_mfc_fops);
-#endif
+#endif
}
* Checking the dest server status.
*/
if ((dest == NULL) ||
- !(dest->flags & IP_VS_DEST_F_AVAILABLE) ||
- (sysctl_ip_vs_expire_quiescent_template &&
+ !(dest->flags & IP_VS_DEST_F_AVAILABLE) ||
+ (sysctl_ip_vs_expire_quiescent_template &&
(atomic_read(&dest->weight) == 0))) {
IP_VS_DBG(9, "check_template: dest not available for "
"protocol %s s:%u.%u.%u.%u:%d v:%u.%u.%u.%u:%d "
{
int idx;
struct ip_vs_conn *cp;
-
+
for(idx = 0; idx < IP_VS_CONN_TAB_SIZE; idx++) {
ct_read_lock_bh(idx);
list_for_each_entry(cp, &ip_vs_conn_tab[idx], c_list) {
int idx;
++*pos;
- if (v == SEQ_START_TOKEN)
+ if (v == SEQ_START_TOKEN)
return ip_vs_conn_array(seq, 0);
/* more on same hash chain? */
list_for_each_entry(cp, &ip_vs_conn_tab[idx], c_list) {
seq->private = &ip_vs_conn_tab[idx];
return cp;
- }
+ }
ct_read_unlock_bh(idx);
}
seq->private = NULL;
skb->nh.iph->saddr = cp->vaddr;
ip_send_check(skb->nh.iph);
- /* For policy routing, packets originating from this
- * machine itself may be routed differently to packets
- * passing through. We want this packet to be routed as
- * if it came from this machine itself. So re-compute
- * the routing information.
- */
- if (ip_route_me_harder(pskb, RTN_LOCAL) != 0)
- goto drop;
+ /* For policy routing, packets originating from this
+ * machine itself may be routed differently to packets
+ * passing through. We want this packet to be routed as
+ * if it came from this machine itself. So re-compute
+ * the routing information.
+ */
+ if (ip_route_me_harder(pskb, RTN_LOCAL) != 0)
+ goto drop;
skb = *pskb;
IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT");
* forward to the right destination host if relevant.
* Currently handles error types - unreachable, quench, ttl exceeded.
*/
-static int
+static int
ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum)
{
struct sk_buff *skb = *pskb;
/* reassemble IP fragments */
if (skb->nh.iph->frag_off & __constant_htons(IP_MF|IP_OFFSET)) {
skb = ip_vs_gather_frags(skb,
- hooknum == NF_IP_LOCAL_IN ?
+ hooknum == NF_IP_LOCAL_IN ?
IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD);
if (!skb)
return NF_STOLEN;
if (ret)
break;
IP_VS_INFO("%s: loaded support on port[%d] = %d\n",
- app->name, i, ports[i]);
+ app->name, i, ports[i]);
}
if (ret)
.procname = "lblc_expiration",
.data = &sysctl_ip_vs_lblc_expiration,
.maxlen = sizeof(int),
- .mode = 0644,
+ .mode = 0644,
.proc_handler = &proc_dointvec_jiffies,
},
{ .ctl_name = 0 }
{
.ctl_name = NET_IPV4_VS,
.procname = "vs",
- .mode = 0555,
+ .mode = 0555,
.child = vs_vars_table
},
{ .ctl_name = 0 }
static ctl_table ipvs_ipv4_table[] = {
{
.ctl_name = NET_IPV4,
- .procname = "ipv4",
+ .procname = "ipv4",
.mode = 0555,
.child = vs_table
},
static ctl_table lblc_root_table[] = {
{
.ctl_name = CTL_NET,
- .procname = "net",
- .mode = 0555,
+ .procname = "net",
+ .mode = 0555,
.child = ipvs_ipv4_table
},
{ .ctl_name = 0 }
write_lock(&tbl->lock);
list_for_each_entry_safe(en, nxt, &tbl->bucket[j], list) {
- if (time_before(now,
+ if (time_before(now,
en->lastuse + sysctl_ip_vs_lblc_expiration))
continue;
.procname = "lblcr_expiration",
.data = &sysctl_ip_vs_lblcr_expiration,
.maxlen = sizeof(int),
- .mode = 0644,
+ .mode = 0644,
.proc_handler = &proc_dointvec_jiffies,
},
{ .ctl_name = 0 }
static ctl_table ipvs_ipv4_table[] = {
{
.ctl_name = NET_IPV4,
- .procname = "ipv4",
+ .procname = "ipv4",
.mode = 0555,
.child = vs_table
},
static ctl_table lblcr_root_table[] = {
{
.ctl_name = CTL_NET,
- .procname = "net",
- .mode = 0555,
+ .procname = "net",
+ .mode = 0555,
.child = ipvs_ipv4_table
},
{ .ctl_name = 0 }
q = q->next;
continue;
}
-
+
dest = list_entry(q, struct ip_vs_dest, n_list);
if (!(dest->flags & IP_VS_DEST_F_OVERLOAD) &&
atomic_read(&dest->weight) > 0)
struct rtable *first, struct rtable **rp)
{
struct rtable *nh, *result, *cur_min;
- int min_usecount = -1;
+ int min_usecount = -1;
int devidx = -1;
int cur_min_devidx = -1;
*/
devidx = __multipath_finddev(nh_ifidx);
if (devidx == -1) {
- /* add the interface to the array
+ /* add the interface to the array
* SMP safe
*/
spin_lock_bh(&state_lock);
*/
result = NULL;
for (nh = rcu_dereference(first); nh;
- nh = rcu_dereference(nh->u.rt_next)) {
+ nh = rcu_dereference(nh->u.rt_next)) {
if ((nh->u.dst.flags & DST_BALANCED) != 0 &&
multipath_comparekeys(&nh->fl, flp)) {
nh->u.dst.lastuse = jiffies;
return weight;
}
-static void wrandom_init_state(void)
+static void wrandom_init_state(void)
{
int i;
static void __multipath_free_dst(struct rcu_head *head)
{
- struct multipath_dest *dst = container_of(head,
+ struct multipath_dest *dst = container_of(head,
struct multipath_dest,
rcu);
kfree(dst);
dst_release(&rt->u.dst);
dst_release(odst);
}
-
+
if ((*pskb)->dst->error)
return -1;
struct sk_buff *nskb;
nskb = skb_realloc_headroom(*pskb, hh_len);
- if (!nskb)
+ if (!nskb)
return -1;
if ((*pskb)->sk)
skb_set_owner_w(nskb, (*pskb)->sk);
break;
if ((protocol == 0 && !csum_fold(skb->csum)) ||
!csum_tcpudp_magic(iph->saddr, iph->daddr,
- skb->len - dataoff, protocol,
+ skb->len - dataoff, protocol,
skb->csum)) {
skb->ip_summed = CHECKSUM_UNNECESSARY;
break;
}
/* FIXME: underflows must be unconditional, standard verdicts
- < 0 (not ARPT_RETURN). --RR */
+ < 0 (not ARPT_RETURN). --RR */
/* Clear counters and comefrom */
e->counters = ((struct xt_counters) { 0, 0 });
/* Update module usage count based on number of rules */
duprintf("do_replace: oldnum=%u, initnum=%u, newnum=%u\n",
oldinfo->number, oldinfo->initial_entries, newinfo->number);
- if ((oldinfo->number > oldinfo->initial_entries) ||
- (newinfo->number <= oldinfo->initial_entries))
+ if ((oldinfo->number > oldinfo->initial_entries) ||
+ (newinfo->number <= oldinfo->initial_entries))
module_put(t->me);
if ((oldinfo->number > oldinfo->initial_entries) &&
(newinfo->number <= oldinfo->initial_entries))
static int
checkentry(const char *tablename, const void *e, const struct xt_target *target,
- void *targinfo, unsigned int hook_mask)
+ void *targinfo, unsigned int hook_mask)
{
const struct arpt_mangle *mangle = targinfo;
*
* Module load syntax:
* insmod ip_conntrack_amanda.o [master_timeout=n]
- *
+ *
* Where master_timeout is the timeout (in seconds) of the master
* connection (port 10080). This defaults to 5 minutes but if
* your clients take longer than 5 minutes to do their work
};
static int help(struct sk_buff **pskb,
- struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
+ struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
{
struct ts_state ts;
struct ip_conntrack_expect *exp;
but required by, the NAT layer; it can also be used by an iptables
extension. */
-/* (C) 1999-2001 Paul `Rusty' Russell
+/* (C) 1999-2001 Paul `Rusty' Russell
* (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
*
* This program is free software; you can redistribute it and/or modify
void ip_ct_deliver_cached_events(const struct ip_conntrack *ct)
{
struct ip_conntrack_ecache *ecache;
-
+
local_bh_disable();
ecache = &__get_cpu_var(ip_conntrack_ecache);
if (ecache->ct == ct)
unsigned int size, unsigned int rnd)
{
return (jhash_3words((__force u32)tuple->src.ip,
- ((__force u32)tuple->dst.ip ^ tuple->dst.protonum),
- (tuple->src.u.all | (tuple->dst.u.all << 16)),
- rnd) % size);
+ ((__force u32)tuple->dst.ip ^ tuple->dst.protonum),
+ (tuple->src.u.all | (tuple->dst.u.all << 16)),
+ rnd) % size);
}
static u_int32_t
__ip_conntrack_expect_find(const struct ip_conntrack_tuple *tuple)
{
struct ip_conntrack_expect *i;
-
+
list_for_each_entry(i, &ip_conntrack_expect_list, list) {
if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask))
return i;
ip_conntrack_expect_find_get(const struct ip_conntrack_tuple *tuple)
{
struct ip_conntrack_expect *i;
-
+
read_lock_bh(&ip_conntrack_lock);
i = __ip_conntrack_expect_find(tuple);
if (i)
static void __ip_conntrack_hash_insert(struct ip_conntrack *ct,
unsigned int hash,
- unsigned int repl_hash)
+ unsigned int repl_hash)
{
ct->id = ++ip_conntrack_next_id;
list_add(&ct->tuplehash[IP_CT_DIR_ORIGINAL].list,
/* IP_NF_ASSERT(atomic_read(&ct->ct_general.use) == 1); */
/* No external references means noone else could have
- confirmed us. */
+ confirmed us. */
IP_NF_ASSERT(!is_confirmed(ct));
DEBUGP("Confirming conntrack %p\n", ct);
write_lock_bh(&ip_conntrack_lock);
/* See if there's one in the list already, including reverse:
- NAT could have grabbed it without realizing, since we're
- not in the hash. If there is, we lost race. */
+ NAT could have grabbed it without realizing, since we're
+ not in the hash. If there is, we lost race. */
list_for_each_entry(h, &ip_conntrack_hash[hash], list)
if (ip_ct_tuple_equal(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple,
&h->tuple))
p = &ip_conntrack_generic_protocol;
}
preempt_enable();
-
+
return p;
}
IP_NF_ASSERT((skb->nh.iph->frag_off & htons(IP_OFFSET)) == 0);
- if (!ip_ct_get_tuple(skb->nh.iph, skb, skb->nh.iph->ihl*4,
+ if (!ip_ct_get_tuple(skb->nh.iph, skb, skb->nh.iph->ihl*4,
&tuple,proto))
return NULL;
if (test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) {
DEBUGP("ip_conntrack_in: normal packet for %p\n",
ct);
- *ctinfo = IP_CT_ESTABLISHED;
+ *ctinfo = IP_CT_ESTABLISHED;
} else if (test_bit(IPS_EXPECTED_BIT, &ct->status)) {
DEBUGP("ip_conntrack_in: related packet for %p\n",
ct);
if ((*pskb)->pkt_type == PACKET_BROADCAST) {
printk("Broadcast packet!\n");
return NF_ACCEPT;
- } else if (((*pskb)->nh.iph->daddr & htonl(0x000000FF))
+ } else if (((*pskb)->nh.iph->daddr & htonl(0x000000FF))
== htonl(0x000000FF)) {
printk("Should bcast: %u.%u.%u.%u->%u.%u.%u.%u (sk=%p, ptype=%u)\n",
NIPQUAD((*pskb)->nh.iph->saddr),
/* It may be an special packet, error, unclean...
* inverse of the return code tells to the netfilter
* core what to do with the packet. */
- if (proto->error != NULL
+ if (proto->error != NULL
&& (ret = proto->error(*pskb, &ctinfo, hooknum)) <= 0) {
CONNTRACK_STAT_INC(error);
CONNTRACK_STAT_INC(invalid);
int invert_tuplepr(struct ip_conntrack_tuple *inverse,
const struct ip_conntrack_tuple *orig)
{
- return ip_ct_invert_tuple(inverse, orig,
+ return ip_ct_invert_tuple(inverse, orig,
__ip_conntrack_proto_find(orig->dst.protonum));
}
const struct ip_conntrack_expect *b)
{
/* Part covered by intersection of masks must be unequal,
- otherwise they clash */
+ otherwise they clash */
struct ip_conntrack_tuple intersect_mask
= { { a->mask.src.ip & b->mask.src.ip,
{ a->mask.src.u.all & b->mask.src.u.all } },
}
/* We don't increase the master conntrack refcount for non-fulfilled
- * conntracks. During the conntrack destruction, the expectations are
+ * conntracks. During the conntrack destruction, the expectations are
* always killed before the conntrack itself */
struct ip_conntrack_expect *ip_conntrack_expect_alloc(struct ip_conntrack *me)
{
}
/* Will be over limit? */
- if (expect->master->helper->max_expected &&
+ if (expect->master->helper->max_expected &&
expect->master->expecting >= expect->master->helper->max_expected)
evict_oldest_expect(expect->master);
ret = 0;
out:
write_unlock_bh(&ip_conntrack_lock);
- return ret;
+ return ret;
}
/* Alter reply tuple (maybe alter helper). This is for NAT, and is
const struct ip_conntrack_helper *me)
{
if (tuplehash_to_ctrack(i)->helper == me) {
- ip_conntrack_event(IPCT_HELPER, tuplehash_to_ctrack(i));
+ ip_conntrack_event(IPCT_HELPER, tuplehash_to_ctrack(i));
tuplehash_to_ctrack(i)->helper = NULL;
}
}
}
/* Refresh conntrack for this many jiffies and do accounting if do_acct is 1 */
-void __ip_ct_refresh_acct(struct ip_conntrack *ct,
- enum ip_conntrack_info ctinfo,
+void __ip_ct_refresh_acct(struct ip_conntrack *ct,
+ enum ip_conntrack_info ctinfo,
const struct sk_buff *skb,
unsigned long extra_jiffies,
int do_acct)
#ifdef CONFIG_IP_NF_CT_ACCT
if (do_acct) {
ct->counters[CTINFO2DIR(ctinfo)].packets++;
- ct->counters[CTINFO2DIR(ctinfo)].bytes +=
+ ct->counters[CTINFO2DIR(ctinfo)].bytes +=
ntohs(skb->nh.iph->tot_len);
if ((ct->counters[CTINFO2DIR(ctinfo)].packets & 0x80000000)
|| (ct->counters[CTINFO2DIR(ctinfo)].bytes & 0x80000000))
{
skb_orphan(skb);
- local_bh_disable();
+ local_bh_disable();
skb = ip_defrag(skb, user);
local_bh_enable();
/* This ICMP is in reverse direction to the packet which caused it */
ct = ip_conntrack_get(skb, &ctinfo);
-
+
if (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL)
ctinfo = IP_CT_RELATED + IP_CT_IS_REPLY;
else
struct inet_sock *inet = inet_sk(sk);
struct ip_conntrack_tuple_hash *h;
struct ip_conntrack_tuple tuple;
-
+
IP_CT_TUPLE_U_BLANK(&tuple);
tuple.src.ip = inet->rcv_saddr;
tuple.src.u.tcp.port = inet->sport;
if (vmalloced)
vfree(hash);
else
- free_pages((unsigned long)hash,
+ free_pages((unsigned long)hash,
get_order(sizeof(struct list_head) * size));
}
ip_ct_attach = NULL;
/* This makes sure all current packets have passed through
- netfilter framework. Roll on, two-stage module
- delete... */
+ netfilter framework. Roll on, two-stage module
+ delete... */
synchronize_net();
ip_ct_event_cache_flush();
struct list_head *hash;
unsigned int i;
- *vmalloced = 0;
- hash = (void*)__get_free_pages(GFP_KERNEL,
+ *vmalloced = 0;
+ hash = (void*)__get_free_pages(GFP_KERNEL,
get_order(sizeof(struct list_head)
* size));
- if (!hash) {
+ if (!hash) {
*vmalloced = 1;
printk(KERN_WARNING"ip_conntrack: falling back to vmalloc.\n");
hash = vmalloc(sizeof(struct list_head) * size);
if (!hash)
return -ENOMEM;
- /* We have to rehash for the new table anyway, so we also can
+ /* We have to rehash for the new table anyway, so we also can
* use a new random seed */
get_random_bytes(&rnd, 4);
/* Idea from tcp.c: use 1/16384 of memory. On i386: 32MB
* machine has 256 buckets. >= 1GB machines have 8192 buckets. */
- if (!ip_conntrack_htable_size) {
+ if (!ip_conntrack_htable_size) {
ip_conntrack_htable_size
= (((num_physpages << PAGE_SHIFT) / 16384)
/ sizeof(struct list_head));
}
ip_conntrack_cachep = kmem_cache_create("ip_conntrack",
- sizeof(struct ip_conntrack), 0,
- 0, NULL, NULL);
+ sizeof(struct ip_conntrack), 0,
+ 0, NULL, NULL);
if (!ip_conntrack_cachep) {
printk(KERN_ERR "Unable to create ip_conntrack slab cache\n");
goto err_free_hash;
/* FTP extension for IP connection tracking. */
-/* (C) 1999-2001 Paul `Rusty' Russell
+/* (C) 1999-2001 Paul `Rusty' Russell
* (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
*
* This program is free software; you can redistribute it and/or modify
int length;
/* First character is delimiter, then "1" for IPv4, then
- delimiter again. */
+ delimiter again. */
if (dlen <= 3) return 0;
delim = data[0];
if (isdigit(delim) || delim < 33 || delim > 126
if (!find_nl_seq(ntohl(th->seq), ct_ftp_info, dir)) {
/* Now if this ends in \n, update ftp info. */
DEBUGP("ip_conntrack_ftp_help: wrong seq pos %s(%u) or %s(%u)\n",
- ct_ftp_info->seq_aft_nl[0][dir]
+ ct_ftp_info->seq_aft_nl[0][dir]
old_seq_aft_nl_set ? "":"(UNSET) ", old_seq_aft_nl);
ret = NF_ACCEPT;
goto out_update_nl;
}
/* Initialize IP array to expected address (it's not mentioned
- in EPSV responses) */
+ in EPSV responses) */
array[0] = (ntohl(ct->tuplehash[dir].tuple.src.ip) >> 24) & 0xFF;
array[1] = (ntohl(ct->tuplehash[dir].tuple.src.ip) >> 16) & 0xFF;
array[2] = (ntohl(ct->tuplehash[dir].tuple.src.ip) >> 8) & 0xFF;
DEBUGP("conntrack_ftp: match `%s' (%u bytes at %u)\n",
fb_ptr + matchoff, matchlen, ntohl(th->seq) + matchoff);
-
+
/* Allocate expectation which will be inserted */
exp = ip_conntrack_expect_alloc(ct);
if (exp == NULL) {
sprintf(tmpname, "ftp-%d", ports[i]);
ftp[i].name = tmpname;
- DEBUGP("ip_ct_ftp: registering helper for port %d\n",
+ DEBUGP("ip_ct_ftp: registering helper for port %d\n",
ports[i]);
ret = ip_conntrack_helper_register(&ftp[i]);
static int callforward_filter = 1;
module_param(callforward_filter, bool, 0600);
MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations "
- "if both endpoints are on different sides "
+ "if both endpoints are on different sides "
"(determined by routing information)");
/* Hooks for NAT */
tcph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_tcph), &_tcph);
BUG_ON(!tcph);
nexthdr_off += tcph->doff * 4;
- datalen = tcplen - tcph->doff * 4;
+ datalen = tcplen - tcph->doff * 4;
pptph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_pptph), &_pptph);
if (!pptph) {
.max_expected = 2,
.timeout = 5 * 60,
.tuple = { .src = { .ip = 0,
- .u = { .tcp = { .port =
+ .u = { .tcp = { .port =
__constant_htons(PPTP_CONTROL_PORT) } }
},
.dst = { .ip = 0,
.dst = { .ip = 0,
.u = { .all = 0 },
.protonum = 0xff
- }
+ }
},
.help = conntrack_pptp_help,
.destroy = pptp_destroy_siblings,
/* IRC extension for IP connection tracking, Version 1.21
* (C) 2000-2002 by Harald Welte <laforge@gnumonks.org>
- * based on RR's ip_conntrack_ftp.c
+ * based on RR's ip_conntrack_ftp.c
*
* ip_conntrack_irc.c,v 1.21 2002/02/05 14:49:26 laforge Exp
*
* Module load syntax:
* insmod ip_conntrack_irc.o ports=port1,port2,...port<MAX_PORTS>
* max_dcc_channels=n dcc_timeout=secs
- *
+ *
* please give the ports of all IRC servers You wish to connect to.
* If You don't specify ports, the default will be port 6667.
* With max_dcc_channels you can define the maximum number of not
* yet answered DCC channels per IRC session (default 8).
- * With dcc_timeout you can specify how long the system waits for
+ * With dcc_timeout you can specify how long the system waits for
* an expected DCC channel (default 300 seconds).
*
*/
#if 0
#define DEBUGP(format, args...) printk(KERN_DEBUG "%s:%s:" format, \
- __FILE__, __FUNCTION__ , ## args)
+ __FILE__, __FUNCTION__ , ## args)
#else
#define DEBUGP(format, args...)
#endif
static int parse_dcc(char *data, char *data_end, u_int32_t *ip,
u_int16_t *port, char **ad_beg_p, char **ad_end_p)
/* tries to get the ip_addr and port out of a dcc command
- return value: -1 on failure, 0 on success
+ return value: -1 on failure, 0 on success
data pointer to first byte of DCC command data
data_end pointer to last byte of dcc command data
ip returns parsed ip of dcc command
/* skip blanks between ip and port */
while (*data == ' ') {
- if (data >= data_end)
+ if (data >= data_end)
return -1;
data++;
}
DEBUGP("DCC %s detected\n", dccprotos[i]);
data += strlen(dccprotos[i]);
- /* we have at least
+ /* we have at least
* (19+MINMATCHLEN)-5-dccprotos[i].matchlen bytes valid
* data left (== 14/13 bytes) */
if (parse_dcc((char *)data, data_limit, &dcc_ip,
irc_buffer = kmalloc(65536, GFP_KERNEL);
if (!irc_buffer)
return -ENOMEM;
-
+
/* If no port given, default to standard irc port */
if (ports_c == 0)
ports[ports_c++] = IRC_PORT;
return 0;
}
-/* This function is intentionally _NOT_ defined as __exit, because
+/* This function is intentionally _NOT_ defined as __exit, because
* it is needed by the init function */
static void ip_conntrack_irc_fini(void)
{
MODULE_PARM_DESC(timeout, "timeout for master connection/replies in seconds");
static int help(struct sk_buff **pskb,
- struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
+ struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
{
struct ip_conntrack_expect *exp;
struct iphdr *iph = (*pskb)->nh.iph;
* (C) 2003 by Patrick Mchardy <kaber@trash.net>
* (C) 2005-2006 by Pablo Neira Ayuso <pablo@eurodev.net>
*
- * I've reworked this stuff to use attributes instead of conntrack
+ * I've reworked this stuff to use attributes instead of conntrack
* structures. 5.44 am. I need more tea. --pablo 05/07/11.
*
- * Initial connection tracking via netlink development funded and
+ * Initial connection tracking via netlink development funded and
* generally made possible by Network Robots, Inc. (www.networkrobots.com)
*
* Further development of this code funded by Astaro AG (http://www.astaro.com)
static char __initdata version[] = "0.90";
static inline int
-ctnetlink_dump_tuples_proto(struct sk_buff *skb,
+ctnetlink_dump_tuples_proto(struct sk_buff *skb,
const struct ip_conntrack_tuple *tuple,
struct ip_conntrack_protocol *proto)
{
if (likely(proto->tuple_to_nfattr))
ret = proto->tuple_to_nfattr(skb, tuple);
-
+
NFA_NEST_END(skb, nest_parms);
return ret;
const struct ip_conntrack_tuple *tuple)
{
struct nfattr *nest_parms = NFA_NEST(skb, CTA_TUPLE_IP);
-
+
NFA_PUT(skb, CTA_IP_V4_SRC, sizeof(__be32), &tuple->src.ip);
NFA_PUT(skb, CTA_IP_V4_DST, sizeof(__be32), &tuple->dst.ip);
timeout = 0;
else
timeout = htonl(timeout_l / HZ);
-
+
NFA_PUT(skb, CTA_TIMEOUT, sizeof(timeout), &timeout);
return 0;
ip_conntrack_proto_put(proto);
return 0;
}
-
+
nest_proto = NFA_NEST(skb, CTA_PROTOINFO);
ret = proto->to_nfattr(skb, nest_proto, ct);
if (!ct->helper)
return 0;
-
+
nest_helper = NFA_NEST(skb, CTA_HELP);
NFA_PUT(skb, CTA_HELP_NAME, strlen(ct->helper->name), ct->helper->name);
ctnetlink_dump_use(struct sk_buff *skb, const struct ip_conntrack *ct)
{
__be32 use = htonl(atomic_read(&ct->ct_general.use));
-
+
NFA_PUT(skb, CTA_USE, sizeof(__be32), &use);
return 0;
static int
ctnetlink_fill_info(struct sk_buff *skb, u32 pid, u32 seq,
- int event, int nowait,
+ int event, int nowait,
const struct ip_conntrack *ct)
{
struct nlmsghdr *nlh;
if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_ORIGINAL)) < 0)
goto nfattr_failure;
NFA_NEST_END(skb, nest_parms);
-
+
nest_parms = NFA_NEST(skb, CTA_TUPLE_REPLY);
if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_REPLY)) < 0)
goto nfattr_failure;
#ifdef CONFIG_IP_NF_CONNTRACK_EVENTS
static int ctnetlink_conntrack_event(struct notifier_block *this,
- unsigned long events, void *ptr)
+ unsigned long events, void *ptr)
{
struct nlmsghdr *nlh;
struct nfgenmsg *nfmsg;
} else if (events & (IPCT_STATUS | IPCT_PROTOINFO)) {
type = IPCTNL_MSG_CT_NEW;
group = NFNLGRP_CONNTRACK_UPDATE;
- } else
+ } else
return NOTIFY_DONE;
if (!nfnetlink_has_listeners(group))
if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_ORIGINAL)) < 0)
goto nfattr_failure;
NFA_NEST_END(skb, nest_parms);
-
+
nest_parms = NFA_NEST(skb, CTA_TUPLE_REPLY);
if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_REPLY)) < 0)
goto nfattr_failure;
if (events & IPCT_PROTOINFO
&& ctnetlink_dump_protoinfo(skb, ct) < 0)
- goto nfattr_failure;
+ goto nfattr_failure;
if ((events & IPCT_HELPER || ct->helper)
&& ctnetlink_dump_helpinfo(skb, ct) < 0)
- goto nfattr_failure;
+ goto nfattr_failure;
#ifdef CONFIG_IP_NF_CONNTRACK_MARK
if ((events & IPCT_MARK || ct->mark)
&& ctnetlink_dump_mark(skb, ct) < 0)
- goto nfattr_failure;
+ goto nfattr_failure;
#endif
if (events & IPCT_COUNTER_FILLING &&
cb->args[1] = 0;
}
if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid,
- cb->nlh->nlmsg_seq,
+ cb->nlh->nlmsg_seq,
IPCTNL_MSG_CT_NEW,
1, ct) < 0) {
nf_conntrack_get(&ct->ct_general);
};
static inline int
-ctnetlink_parse_tuple_proto(struct nfattr *attr,
+ctnetlink_parse_tuple_proto(struct nfattr *attr,
struct ip_conntrack_tuple *tuple)
{
struct nfattr *tb[CTA_PROTO_MAX];
if (likely(proto->nfattr_to_tuple))
ret = proto->nfattr_to_tuple(tb, tuple);
-
+
ip_conntrack_proto_put(proto);
-
+
return ret;
}
int err;
memset(range, 0, sizeof(*range));
-
+
nfattr_parse_nested(tb, CTA_NAT_MAX, nat);
if (nfattr_bad_size(tb, CTA_NAT_MAX, cta_min_nat))
};
static int
-ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
+ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
struct nlmsghdr *nlh, struct nfattr *cda[], int *errp)
{
struct ip_conntrack_tuple_hash *h;
return -ENOENT;
ct = tuplehash_to_ctrack(h);
-
+
if (cda[CTA_ID-1]) {
u_int32_t id = ntohl(*(__be32 *)NFA_DATA(cda[CTA_ID-1]));
if (ct->id != id) {
ip_conntrack_put(ct);
return -ENOENT;
}
- }
+ }
if (del_timer(&ct->timeout))
ct->timeout.function((unsigned long)ct);
}
static int
-ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
+ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
struct nlmsghdr *nlh, struct nfattr *cda[], int *errp)
{
struct ip_conntrack_tuple_hash *h;
return -ENOTSUPP;
#endif
if ((*errp = netlink_dump_start(ctnl, skb, nlh,
- ctnetlink_dump_table,
- ctnetlink_done)) != 0)
+ ctnetlink_dump_table,
+ ctnetlink_done)) != 0)
return -EINVAL;
rlen = NLMSG_ALIGN(nlh->nlmsg_len);
return -ENOMEM;
}
- err = ctnetlink_fill_info(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq,
+ err = ctnetlink_fill_info(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq,
IPCTNL_MSG_CT_NEW, 1, ct);
ip_conntrack_put(ct);
if (err <= 0)
if (d & (IPS_EXPECTED|IPS_CONFIRMED|IPS_DYING))
/* unchangeable */
return -EINVAL;
-
+
if (d & IPS_SEEN_REPLY && !(status & IPS_SEEN_REPLY))
/* SEEN_REPLY bit can only be set */
return -EINVAL;
-
+
if (d & IPS_ASSURED && !(status & IPS_ASSURED))
/* ASSURED bit can only be set */
return -EINVAL;
memset(&ct->help, 0, sizeof(ct->help));
}
}
-
+
ct->helper = helper;
return 0;
ctnetlink_change_timeout(struct ip_conntrack *ct, struct nfattr *cda[])
{
u_int32_t timeout = ntohl(*(__be32 *)NFA_DATA(cda[CTA_TIMEOUT-1]));
-
+
if (!del_timer(&ct->timeout))
return -ETIME;
if (proto->from_nfattr)
err = proto->from_nfattr(tb, ct);
- ip_conntrack_proto_put(proto);
+ ip_conntrack_proto_put(proto);
return err;
}
}
static int
-ctnetlink_create_conntrack(struct nfattr *cda[],
+ctnetlink_create_conntrack(struct nfattr *cda[],
struct ip_conntrack_tuple *otuple,
struct ip_conntrack_tuple *rtuple)
{
ct = ip_conntrack_alloc(otuple, rtuple);
if (ct == NULL || IS_ERR(ct))
- return -ENOMEM;
+ return -ENOMEM;
if (!cda[CTA_TIMEOUT-1])
goto err;
return 0;
-err:
+err:
ip_conntrack_free(ct);
return err;
}
-static int
-ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
+static int
+ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
struct nlmsghdr *nlh, struct nfattr *cda[], int *errp)
{
struct ip_conntrack_tuple otuple, rtuple;
return err;
}
-/***********************************************************************
- * EXPECT
- ***********************************************************************/
+/***********************************************************************
+ * EXPECT
+ ***********************************************************************/
static inline int
ctnetlink_exp_dump_tuple(struct sk_buff *skb,
enum ctattr_expect type)
{
struct nfattr *nest_parms = NFA_NEST(skb, type);
-
+
if (ctnetlink_dump_tuples(skb, tuple) < 0)
goto nfattr_failure;
nfattr_failure:
return -1;
-}
+}
static inline int
ctnetlink_exp_dump_mask(struct sk_buff *skb,
static inline int
ctnetlink_exp_dump_expect(struct sk_buff *skb,
- const struct ip_conntrack_expect *exp)
+ const struct ip_conntrack_expect *exp)
{
struct ip_conntrack *master = exp->master;
__be32 timeout = htonl((exp->timeout.expires - jiffies) / HZ);
&master->tuplehash[IP_CT_DIR_ORIGINAL].tuple,
CTA_EXPECT_MASTER) < 0)
goto nfattr_failure;
-
+
NFA_PUT(skb, CTA_EXPECT_TIMEOUT, sizeof(__be32), &timeout);
NFA_PUT(skb, CTA_EXPECT_ID, sizeof(__be32), &id);
return 0;
-
+
nfattr_failure:
return -1;
}
static int
ctnetlink_exp_fill_info(struct sk_buff *skb, u32 pid, u32 seq,
- int event,
- int nowait,
+ int event,
+ int nowait,
const struct ip_conntrack_expect *exp)
{
struct nlmsghdr *nlh;
goto out;
*id = exp->id;
}
-out:
+out:
read_unlock_bh(&ip_conntrack_lock);
return skb->len;
};
static int
-ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
+ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
struct nlmsghdr *nlh, struct nfattr *cda[], int *errp)
{
struct ip_conntrack_tuple tuple;
return -EAFNOSUPPORT;
if ((*errp = netlink_dump_start(ctnl, skb, nlh,
- ctnetlink_exp_dump_table,
+ ctnetlink_exp_dump_table,
ctnetlink_done)) != 0)
return -EINVAL;
rlen = NLMSG_ALIGN(nlh->nlmsg_len);
ip_conntrack_expect_put(exp);
return -ENOENT;
}
- }
+ }
err = -ENOMEM;
skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
if (!skb2)
goto out;
- err = ctnetlink_exp_fill_info(skb2, NETLINK_CB(skb).pid,
+ err = ctnetlink_exp_fill_info(skb2, NETLINK_CB(skb).pid,
nlh->nlmsg_seq, IPCTNL_MSG_EXP_NEW,
1, exp);
if (err <= 0)
}
static int
-ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb,
+ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb,
struct nlmsghdr *nlh, struct nfattr *cda[], int *errp)
{
struct ip_conntrack_expect *exp, *tmp;
/* after list removal, usage count == 1 */
ip_conntrack_unexpect_related(exp);
- /* have to put what we 'get' above.
+ /* have to put what we 'get' above.
* after this line usage count == 0 */
ip_conntrack_expect_put(exp);
} else if (cda[CTA_EXPECT_HELP_NAME-1]) {
}
list_for_each_entry_safe(exp, tmp, &ip_conntrack_expect_list,
list) {
- if (exp->master->helper == h
+ if (exp->master->helper == h
&& del_timer(&exp->timeout)) {
ip_ct_unlink_expect(exp);
ip_conntrack_expect_put(exp);
err = -ENOMEM;
goto out;
}
-
+
exp->expectfn = NULL;
exp->flags = 0;
exp->master = ct;
err = ip_conntrack_expect_related(exp);
ip_conntrack_expect_put(exp);
-out:
+out:
ip_conntrack_put(tuplehash_to_ctrack(h));
return err;
}
enum ip_conntrack_info ctinfo)
{
/* Try to delete connection immediately after all replies:
- won't actually vanish as we still have skb, and del_timer
- means this will only run once even if count hits zero twice
- (theoretically possible with SMP) */
+ won't actually vanish as we still have skb, and del_timer
+ means this will only run once even if count hits zero twice
+ (theoretically possible with SMP) */
if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) {
if (atomic_dec_and_test(&ct->proto.icmp.count)
&& del_timer(&ct->timeout))
static int icmp_new(struct ip_conntrack *conntrack,
const struct sk_buff *skb)
{
- static const u_int8_t valid_new[] = {
+ static const u_int8_t valid_new[] = {
[ICMP_ECHO] = 1,
[ICMP_TIMESTAMP] = 1,
[ICMP_INFO_REQUEST] = 1,
- [ICMP_ADDRESS] = 1
+ [ICMP_ADDRESS] = 1
};
if (conntrack->tuplehash[0].tuple.dst.u.icmp.type >= sizeof(valid_new)
|| !tb[CTA_PROTO_ICMP_ID-1])
return -EINVAL;
- tuple->dst.u.icmp.type =
+ tuple->dst.u.icmp.type =
*(u_int8_t *)NFA_DATA(tb[CTA_PROTO_ICMP_TYPE-1]);
tuple->dst.u.icmp.code =
*(u_int8_t *)NFA_DATA(tb[CTA_PROTO_ICMP_CODE-1]);
/*
* Connection tracking protocol helper module for SCTP.
- *
- * SCTP is defined in RFC 2960. References to various sections in this code
+ *
+ * SCTP is defined in RFC 2960. References to various sections in this code
* are to this RFC.
- *
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
static DEFINE_RWLOCK(sctp_lock);
/* FIXME: Examine ipfilter's timeouts and conntrack transitions more
- closely. They're more complex. --RR
+ closely. They're more complex. --RR
And so for me for SCTP :D -Kiran */
#define sSA SCTP_CONNTRACK_SHUTDOWN_ACK_SENT
#define sIV SCTP_CONNTRACK_MAX
-/*
+/*
These are the descriptions of the states:
-NOTE: These state names are tantalizingly similar to the states of an
+NOTE: These state names are tantalizingly similar to the states of an
SCTP endpoint. But the interpretation of the states is a little different,
-considering that these are the states of the connection and not of an end
+considering that these are the states of the connection and not of an end
point. Please note the subtleties. -Kiran
NONE - Nothing so far.
-COOKIE WAIT - We have seen an INIT chunk in the original direction, or also
- an INIT_ACK chunk in the reply direction.
+COOKIE WAIT - We have seen an INIT chunk in the original direction, or also
+ an INIT_ACK chunk in the reply direction.
COOKIE ECHOED - We have seen a COOKIE_ECHO chunk in the original direction.
ESTABLISHED - We have seen a COOKIE_ACK in the reply direction.
SHUTDOWN_SENT - We have seen a SHUTDOWN chunk in the original direction.
SHUTDOWN_RECD - We have seen a SHUTDOWN chunk in the reply directoin.
SHUTDOWN_ACK_SENT - We have seen a SHUTDOWN_ACK chunk in the direction opposite
- to that of the SHUTDOWN chunk.
-CLOSED - We have seen a SHUTDOWN_COMPLETE chunk in the direction of
- the SHUTDOWN chunk. Connection is closed.
+ to that of the SHUTDOWN chunk.
+CLOSED - We have seen a SHUTDOWN_COMPLETE chunk in the direction of
+ the SHUTDOWN chunk. Connection is closed.
*/
/* TODO
- - I have assumed that the first INIT is in the original direction.
+ - I have assumed that the first INIT is in the original direction.
This messes things when an INIT comes in the reply direction in CLOSED
state.
- - Check the error type in the reply dir before transitioning from
+ - Check the error type in the reply dir before transitioning from
cookie echoed to closed.
- Sec 5.2.4 of RFC 2960
- Multi Homing support.
for_each_sctp_chunk (skb, sch, _sch, offset, count) {
DEBUGP("Chunk Num: %d Type: %d\n", count, sch->type);
- if (sch->type == SCTP_CID_INIT
+ if (sch->type == SCTP_CID_INIT
|| sch->type == SCTP_CID_INIT_ACK
|| sch->type == SCTP_CID_SHUTDOWN_COMPLETE) {
flag = 1;
DEBUGP("Chunk type: %d\n", chunk_type);
switch (chunk_type) {
- case SCTP_CID_INIT:
+ case SCTP_CID_INIT:
DEBUGP("SCTP_CID_INIT\n");
i = 0; break;
- case SCTP_CID_INIT_ACK:
+ case SCTP_CID_INIT_ACK:
DEBUGP("SCTP_CID_INIT_ACK\n");
i = 1; break;
- case SCTP_CID_ABORT:
+ case SCTP_CID_ABORT:
DEBUGP("SCTP_CID_ABORT\n");
i = 2; break;
- case SCTP_CID_SHUTDOWN:
+ case SCTP_CID_SHUTDOWN:
DEBUGP("SCTP_CID_SHUTDOWN\n");
i = 3; break;
- case SCTP_CID_SHUTDOWN_ACK:
+ case SCTP_CID_SHUTDOWN_ACK:
DEBUGP("SCTP_CID_SHUTDOWN_ACK\n");
i = 4; break;
- case SCTP_CID_ERROR:
+ case SCTP_CID_ERROR:
DEBUGP("SCTP_CID_ERROR\n");
i = 5; break;
- case SCTP_CID_COOKIE_ECHO:
+ case SCTP_CID_COOKIE_ECHO:
DEBUGP("SCTP_CID_COOKIE_ECHO\n");
i = 6; break;
- case SCTP_CID_COOKIE_ACK:
+ case SCTP_CID_COOKIE_ACK:
DEBUGP("SCTP_CID_COOKIE_ACK\n");
i = 7; break;
- case SCTP_CID_SHUTDOWN_COMPLETE:
+ case SCTP_CID_SHUTDOWN_COMPLETE:
DEBUGP("SCTP_CID_SHUTDOWN_COMPLETE\n");
i = 8; break;
default:
/* Other chunks like DATA, SACK, HEARTBEAT and
its ACK do not cause a change in state */
- DEBUGP("Unknown chunk type, Will stay in %s\n",
+ DEBUGP("Unknown chunk type, Will stay in %s\n",
sctp_conntrack_names[cur_state]);
return cur_state;
}
- DEBUGP("dir: %d cur_state: %s chunk_type: %d new_state: %s\n",
+ DEBUGP("dir: %d cur_state: %s chunk_type: %d new_state: %s\n",
dir, sctp_conntrack_names[cur_state], chunk_type,
sctp_conntrack_names[sctp_conntracks[dir][i][cur_state]]);
/* Sec 8.5.1 (C) */
if (!(sh->vtag == conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)])
&& !(sh->vtag == conntrack->proto.sctp.vtag
- [1 - CTINFO2DIR(ctinfo)]
+ [1 - CTINFO2DIR(ctinfo)]
&& (sch->flags & 1))) {
write_unlock_bh(&sctp_lock);
return -1;
}
/* If it is an INIT or an INIT ACK note down the vtag */
- if (sch->type == SCTP_CID_INIT
+ if (sch->type == SCTP_CID_INIT
|| sch->type == SCTP_CID_INIT_ACK) {
sctp_inithdr_t _inithdr, *ih;
ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t),
- sizeof(_inithdr), &_inithdr);
+ sizeof(_inithdr), &_inithdr);
if (ih == NULL) {
write_unlock_bh(&sctp_lock);
return -1;
}
- DEBUGP("Setting vtag %x for dir %d\n",
+ DEBUGP("Setting vtag %x for dir %d\n",
ih->init_tag, !CTINFO2DIR(ctinfo));
conntrack->proto.sctp.vtag[!CTINFO2DIR(ctinfo)] = ih->init_tag;
}
}
/* Called when a new connection for this protocol found. */
-static int sctp_new(struct ip_conntrack *conntrack,
+static int sctp_new(struct ip_conntrack *conntrack,
const struct sk_buff *skb)
{
enum sctp_conntrack newconntrack;
newconntrack = SCTP_CONNTRACK_MAX;
for_each_sctp_chunk (skb, sch, _sch, offset, count) {
/* Don't need lock here: this conntrack not in circulation yet */
- newconntrack = new_state (IP_CT_DIR_ORIGINAL,
+ newconntrack = new_state (IP_CT_DIR_ORIGINAL,
SCTP_CONNTRACK_NONE, sch->type);
/* Invalid: delete conntrack */
sctp_inithdr_t _inithdr, *ih;
ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t),
- sizeof(_inithdr), &_inithdr);
+ sizeof(_inithdr), &_inithdr);
if (ih == NULL)
return 0;
- DEBUGP("Setting vtag %x for new conn\n",
+ DEBUGP("Setting vtag %x for new conn\n",
ih->init_tag);
- conntrack->proto.sctp.vtag[IP_CT_DIR_REPLY] =
+ conntrack->proto.sctp.vtag[IP_CT_DIR_REPLY] =
ih->init_tag;
} else {
/* Sec 8.5.1 (A) */
/* If it is a shutdown ack OOTB packet, we expect a return
shutdown complete, otherwise an ABORT Sec 8.4 (5) and (8) */
else {
- DEBUGP("Setting vtag %x for new conn OOTB\n",
+ DEBUGP("Setting vtag %x for new conn OOTB\n",
sh->vtag);
conntrack->proto.sctp.vtag[IP_CT_DIR_REPLY] = sh->vtag;
}
return 1;
}
-static struct ip_conntrack_protocol ip_conntrack_protocol_sctp = {
- .proto = IPPROTO_SCTP,
+static struct ip_conntrack_protocol ip_conntrack_protocol_sctp = {
+ .proto = IPPROTO_SCTP,
.name = "sctp",
- .pkt_to_tuple = sctp_pkt_to_tuple,
- .invert_tuple = sctp_invert_tuple,
- .print_tuple = sctp_print_tuple,
+ .pkt_to_tuple = sctp_pkt_to_tuple,
+ .invert_tuple = sctp_invert_tuple,
+ .print_tuple = sctp_print_tuple,
.print_conntrack = sctp_print_conntrack,
- .packet = sctp_packet,
- .new = sctp_new,
- .destroy = NULL,
+ .packet = sctp_packet,
+ .new = sctp_new,
+ .destroy = NULL,
.me = THIS_MODULE,
#if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \
defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE)
{
.ctl_name = CTL_NET,
.procname = "net",
- .mode = 0555,
+ .mode = 0555,
.child = ip_ct_ipv4_table,
},
{ .ctl_name = 0 }
ip_conntrack_protocol_unregister(&ip_conntrack_protocol_sctp);
#endif
out:
- DEBUGP("SCTP conntrack module loading %s\n",
+ DEBUGP("SCTP conntrack module loading %s\n",
ret ? "failed": "succeeded");
return ret;
}
{
ip_conntrack_protocol_unregister(&ip_conntrack_protocol_sctp);
#ifdef CONFIG_SYSCTL
- unregister_sysctl_table(ip_ct_sysctl_header);
+ unregister_sysctl_table(ip_ct_sysctl_header);
#endif
DEBUGP("SCTP conntrack module unloaded\n");
}
/* Protects conntrack->proto.tcp */
static DEFINE_RWLOCK(tcp_lock);
-/* "Be conservative in what you do,
- be liberal in what you accept from others."
+/* "Be conservative in what you do,
+ be liberal in what you accept from others."
If it's non-zero, we mark only out of window RST segments as INVALID. */
int ip_ct_tcp_be_liberal __read_mostly = 0;
connections. */
int ip_ct_tcp_loose __read_mostly = 1;
-/* Max number of the retransmitted packets without receiving an (acceptable)
- ACK from the destination. If this number is reached, a shorter timer
+/* Max number of the retransmitted packets without receiving an (acceptable)
+ ACK from the destination. If this number is reached, a shorter timer
will be started. */
int ip_ct_tcp_max_retrans __read_mostly = 3;
"CLOSE",
"LISTEN"
};
-
+
#define SECS * HZ
#define MINS * 60 SECS
#define HOURS * 60 MINS
unsigned int ip_ct_tcp_timeout_close __read_mostly = 10 SECS;
/* RFC1122 says the R2 limit should be at least 100 seconds.
- Linux uses 15 packets as limit, which corresponds
+ Linux uses 15 packets as limit, which corresponds
to ~13-30min depending on RTO. */
unsigned int ip_ct_tcp_timeout_max_retrans __read_mostly = 5 MINS;
-
+
static const unsigned int * tcp_timeouts[]
= { NULL, /* TCP_CONNTRACK_NONE */
&ip_ct_tcp_timeout_syn_sent, /* TCP_CONNTRACK_SYN_SENT, */
&ip_ct_tcp_timeout_close, /* TCP_CONNTRACK_CLOSE, */
NULL, /* TCP_CONNTRACK_LISTEN */
};
-
+
#define sNO TCP_CONNTRACK_NONE
#define sSS TCP_CONNTRACK_SYN_SENT
#define sSR TCP_CONNTRACK_SYN_RECV
TCP_RST_SET,
TCP_NONE_SET,
};
-
+
/*
* The TCP state transition table needs a few words...
*
* We are the man in the middle. All the packets go through us
* but might get lost in transit to the destination.
- * It is assumed that the destinations can't receive segments
+ * It is assumed that the destinations can't receive segments
* we haven't seen.
*
* The checked segment is in window, but our windows are *not*
* The meaning of the states are:
*
* NONE: initial state
- * SYN_SENT: SYN-only packet seen
+ * SYN_SENT: SYN-only packet seen
* SYN_RECV: SYN-ACK packet seen
* ESTABLISHED: ACK packet seen
* FIN_WAIT: FIN packet seen
- * CLOSE_WAIT: ACK seen (after FIN)
+ * CLOSE_WAIT: ACK seen (after FIN)
* LAST_ACK: FIN seen (after FIN)
* TIME_WAIT: last ACK seen
* CLOSE: closed connection
* LISTEN state is not used.
*
* Packets marked as IGNORED (sIG):
- * if they may be either invalid or valid
- * and the receiver may send back a connection
+ * if they may be either invalid or valid
+ * and the receiver may send back a connection
* closing RST or a SYN/ACK.
*
* Packets marked as INVALID (sIV):
* sSS -> sSS Retransmitted SYN
* sSR -> sIG Late retransmitted SYN?
* sES -> sIG Error: SYNs in window outside the SYN_SENT state
- * are errors. Receiver will reply with RST
+ * are errors. Receiver will reply with RST
* and close the connection.
* Or we are not in sync and hold a dead connection.
* sFW -> sIG
/*synack*/ { sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV },
/*
* A SYN/ACK from the client is always invalid:
- * - either it tries to set up a simultaneous open, which is
+ * - either it tries to set up a simultaneous open, which is
* not supported;
* - or the firewall has just been inserted between the two hosts
- * during the session set-up. The SYN will be retransmitted
+ * during the session set-up. The SYN will be retransmitted
* by the true client (or it'll time out).
*/
/* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI */
* sSS -> sIV Client migth not send FIN in this state:
* we enforce waiting for a SYN/ACK reply first.
* sSR -> sFW Close started.
- * sES -> sFW
+ * sES -> sFW
* sFW -> sLA FIN seen in both directions, waiting for
- * the last ACK.
+ * the last ACK.
* Migth be a retransmitted FIN as well...
* sCW -> sLA
* sLA -> sLA Retransmitted FIN. Remain in the same state.
/* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI */
/*rst*/ { sIV, sCL, sCL, sCL, sCL, sCL, sCL, sCL, sCL, sIV },
/*none*/ { sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV }
- }
+ }
};
static int tcp_pkt_to_tuple(const struct sk_buff *skb,
const struct ip_conntrack *ct)
{
struct nfattr *nest_parms;
-
+
read_lock_bh(&tcp_lock);
nest_parms = NFA_NEST(skb, CTA_PROTOINFO_TCP);
NFA_PUT(skb, CTA_PROTOINFO_TCP_STATE, sizeof(u_int8_t),
if (!attr)
return 0;
- nfattr_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, attr);
+ nfattr_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, attr);
if (nfattr_bad_size(tb, CTA_PROTOINFO_TCP_MAX, cta_min_tcp))
return -EINVAL;
return -EINVAL;
write_lock_bh(&tcp_lock);
- ct->proto.tcp.state =
+ ct->proto.tcp.state =
*(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_TCP_STATE-1]);
write_unlock_bh(&tcp_lock);
/* TCP connection tracking based on 'Real Stateful TCP Packet Filtering
in IP Filter' by Guido van Rooij.
-
+
http://www.nluug.nl/events/sane2000/papers.html
http://www.iae.nl/users/guido/papers/tcp_filtering.ps.gz
-
+
The boundaries and the conditions are changed according to RFC793:
the packet must intersect the window (i.e. segments may be
after the right or before the left edge) and thus receivers may ACK
segments after the right edge of the window.
- td_maxend = max(sack + max(win,1)) seen in reply packets
+ td_maxend = max(sack + max(win,1)) seen in reply packets
td_maxwin = max(max(win, 1)) + (sack - ack) seen in sent packets
td_maxwin += seq + len - sender.td_maxend
if seq + len > sender.td_maxend
td_end = max(seq + len) seen in sent packets
-
+
I. Upper bound for valid data: seq <= sender.td_maxend
II. Lower bound for valid data: seq + len >= sender.td_end - receiver.td_maxwin
III. Upper bound for valid ack: sack <= receiver.td_end
IV. Lower bound for valid ack: ack >= receiver.td_end - MAXACKWINDOW
-
+
where sack is the highest right edge of sack block found in the packet.
-
- The upper bound limit for a valid ack is not ignored -
- we doesn't have to deal with fragments.
+
+ The upper bound limit for a valid ack is not ignored -
+ we doesn't have to deal with fragments.
*/
static inline __u32 segment_seq_plus_len(__u32 seq,
return (seq + len - (iph->ihl + tcph->doff)*4
+ (tcph->syn ? 1 : 0) + (tcph->fin ? 1 : 0));
}
-
+
/* Fixme: what about big packets? */
#define MAXACKWINCONST 66000
#define MAXACKWINDOW(sender) \
((sender)->td_maxwin > MAXACKWINCONST ? (sender)->td_maxwin \
: MAXACKWINCONST)
-
+
/*
* Simplified tcp_parse_options routine from tcp_input.c
*/
static void tcp_options(const struct sk_buff *skb,
struct iphdr *iph,
- struct tcphdr *tcph,
+ struct tcphdr *tcph,
struct ip_ct_tcp_state *state)
{
unsigned char buff[(15 * 4) - sizeof(struct tcphdr)];
unsigned char *ptr;
int length = (tcph->doff*4) - sizeof(struct tcphdr);
-
+
if (!length)
return;
length, buff);
BUG_ON(ptr == NULL);
- state->td_scale =
+ state->td_scale =
state->flags = 0;
-
+
while (length > 0) {
int opcode=*ptr++;
int opsize;
-
+
switch (opcode) {
case TCPOPT_EOL:
return;
if (opsize > length)
break; /* don't parse partial options */
- if (opcode == TCPOPT_SACK_PERM
+ if (opcode == TCPOPT_SACK_PERM
&& opsize == TCPOLEN_SACK_PERM)
state->flags |= IP_CT_TCP_FLAG_SACK_PERM;
else if (opcode == TCPOPT_WINDOW
&& opsize == TCPOLEN_WINDOW) {
state->td_scale = *(u_int8_t *)ptr;
-
+
if (state->td_scale > 14) {
/* See RFC1323 */
state->td_scale = 14;
/* Fast path for timestamp-only option */
if (length == TCPOLEN_TSTAMP_ALIGNED*4
&& *(__be32 *)ptr ==
- __constant_htonl((TCPOPT_NOP << 24)
- | (TCPOPT_NOP << 16)
- | (TCPOPT_TIMESTAMP << 8)
- | TCPOLEN_TIMESTAMP))
+ __constant_htonl((TCPOPT_NOP << 24)
+ | (TCPOPT_NOP << 16)
+ | (TCPOPT_TIMESTAMP << 8)
+ | TCPOLEN_TIMESTAMP))
return;
-
+
while (length > 0) {
int opcode=*ptr++;
int opsize, i;
-
+
switch (opcode) {
case TCPOPT_EOL:
return;
if (opsize > length)
break; /* don't parse partial options */
- if (opcode == TCPOPT_SACK
- && opsize >= (TCPOLEN_SACK_BASE
- + TCPOLEN_SACK_PERBLOCK)
- && !((opsize - TCPOLEN_SACK_BASE)
- % TCPOLEN_SACK_PERBLOCK)) {
- for (i = 0;
- i < (opsize - TCPOLEN_SACK_BASE);
- i += TCPOLEN_SACK_PERBLOCK) {
+ if (opcode == TCPOPT_SACK
+ && opsize >= (TCPOLEN_SACK_BASE
+ + TCPOLEN_SACK_PERBLOCK)
+ && !((opsize - TCPOLEN_SACK_BASE)
+ % TCPOLEN_SACK_PERBLOCK)) {
+ for (i = 0;
+ i < (opsize - TCPOLEN_SACK_BASE);
+ i += TCPOLEN_SACK_PERBLOCK) {
tmp = ntohl(*((__be32 *)(ptr+i)+1));
-
+
if (after(tmp, *sack))
*sack = tmp;
}
}
}
-static int tcp_in_window(struct ip_ct_tcp *state,
- enum ip_conntrack_dir dir,
- unsigned int index,
- const struct sk_buff *skb,
- struct iphdr *iph,
- struct tcphdr *tcph)
+static int tcp_in_window(struct ip_ct_tcp *state,
+ enum ip_conntrack_dir dir,
+ unsigned int index,
+ const struct sk_buff *skb,
+ struct iphdr *iph,
+ struct tcphdr *tcph)
{
struct ip_ct_tcp_state *sender = &state->seen[dir];
struct ip_ct_tcp_state *receiver = &state->seen[!dir];
__u32 seq, ack, sack, end, win, swin;
int res;
-
+
/*
* Get the required data from the packet.
*/
ack = sack = ntohl(tcph->ack_seq);
win = ntohs(tcph->window);
end = segment_seq_plus_len(seq, skb->len, iph, tcph);
-
+
if (receiver->flags & IP_CT_TCP_FLAG_SACK_PERM)
tcp_sack(skb, iph, tcph, &sack);
-
+
DEBUGP("tcp_in_window: START\n");
DEBUGP("tcp_in_window: src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu "
"seq=%u ack=%u sack=%u win=%u end=%u\n",
- NIPQUAD(iph->saddr), ntohs(tcph->source),
+ NIPQUAD(iph->saddr), ntohs(tcph->source),
NIPQUAD(iph->daddr), ntohs(tcph->dest),
seq, ack, sack, win, end);
DEBUGP("tcp_in_window: sender end=%u maxend=%u maxwin=%u scale=%i "
"receiver end=%u maxend=%u maxwin=%u scale=%i\n",
sender->td_end, sender->td_maxend, sender->td_maxwin,
- sender->td_scale,
- receiver->td_end, receiver->td_maxend, receiver->td_maxwin,
+ sender->td_scale,
+ receiver->td_end, receiver->td_maxend, receiver->td_maxwin,
receiver->td_scale);
-
+
if (sender->td_end == 0) {
/*
* Initialize sender data.
/*
* Outgoing SYN-ACK in reply to a SYN.
*/
- sender->td_end =
+ sender->td_end =
sender->td_maxend = end;
sender->td_maxwin = (win == 0 ? 1 : win);
tcp_options(skb, iph, tcph, sender);
- /*
+ /*
* RFC 1323:
* Both sides must send the Window Scale option
* to enable window scaling in either direction.
*/
if (!(sender->flags & IP_CT_TCP_FLAG_WINDOW_SCALE
&& receiver->flags & IP_CT_TCP_FLAG_WINDOW_SCALE))
- sender->td_scale =
+ sender->td_scale =
receiver->td_scale = 0;
} else {
/*
* We are in the middle of a connection,
* its history is lost for us.
* Let's try to use the data from the packet.
- */
+ */
sender->td_end = end;
sender->td_maxwin = (win == 0 ? 1 : win);
sender->td_maxend = end + sender->td_maxwin;
} else if (((state->state == TCP_CONNTRACK_SYN_SENT
&& dir == IP_CT_DIR_ORIGINAL)
|| (state->state == TCP_CONNTRACK_SYN_RECV
- && dir == IP_CT_DIR_REPLY))
+ && dir == IP_CT_DIR_REPLY))
&& after(end, sender->td_end)) {
/*
* RFC 793: "if a TCP is reinitialized ... then it need
- * not wait at all; it must only be sure to use sequence
+ * not wait at all; it must only be sure to use sequence
* numbers larger than those recently used."
*/
sender->td_end =
tcp_options(skb, iph, tcph, sender);
}
-
+
if (!(tcph->ack)) {
/*
* If there is no ACK, just pretend it was set and OK.
*/
ack = sack = receiver->td_end;
- } else if (((tcp_flag_word(tcph) & (TCP_FLAG_ACK|TCP_FLAG_RST)) ==
- (TCP_FLAG_ACK|TCP_FLAG_RST))
+ } else if (((tcp_flag_word(tcph) & (TCP_FLAG_ACK|TCP_FLAG_RST)) ==
+ (TCP_FLAG_ACK|TCP_FLAG_RST))
&& (ack == 0)) {
/*
* Broken TCP stacks, that set ACK in RST packets as well
}
if (seq == end
- && (!tcph->rst
- || (seq == 0 && state->state == TCP_CONNTRACK_SYN_SENT)))
+ && (!tcph->rst
+ || (seq == 0 && state->state == TCP_CONNTRACK_SYN_SENT)))
/*
* Packets contains no data: we assume it is valid
* and check the ack value only.
* SYN.
*/
seq = end = sender->td_end;
-
+
DEBUGP("tcp_in_window: src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu "
"seq=%u ack=%u sack =%u win=%u end=%u\n",
NIPQUAD(iph->saddr), ntohs(tcph->source),
DEBUGP("tcp_in_window: sender end=%u maxend=%u maxwin=%u scale=%i "
"receiver end=%u maxend=%u maxwin=%u scale=%i\n",
sender->td_end, sender->td_maxend, sender->td_maxwin,
- sender->td_scale,
+ sender->td_scale,
receiver->td_end, receiver->td_maxend, receiver->td_maxwin,
receiver->td_scale);
-
+
DEBUGP("tcp_in_window: I=%i II=%i III=%i IV=%i\n",
before(seq, sender->td_maxend + 1),
- after(end, sender->td_end - receiver->td_maxwin - 1),
- before(sack, receiver->td_end + 1),
- after(ack, receiver->td_end - MAXACKWINDOW(sender)));
-
+ after(end, sender->td_end - receiver->td_maxwin - 1),
+ before(sack, receiver->td_end + 1),
+ after(ack, receiver->td_end - MAXACKWINDOW(sender)));
+
if (before(seq, sender->td_maxend + 1) &&
after(end, sender->td_end - receiver->td_maxwin - 1) &&
before(sack, receiver->td_end + 1) &&
after(ack, receiver->td_end - MAXACKWINDOW(sender))) {
- /*
+ /*
* Take into account window scaling (RFC 1323).
*/
if (!tcph->syn)
win <<= sender->td_scale;
-
+
/*
* Update sender data.
*/
receiver->td_maxend++;
}
- /*
+ /*
* Check retransmissions.
*/
if (index == TCP_ACK_SET) {
: "ACK is over the upper bound (ACKed data not seen yet)"
: "SEQ is under the lower bound (already ACKed data retransmitted)"
: "SEQ is over the upper bound (over the window of the receiver)");
- }
-
+ }
+
DEBUGP("tcp_in_window: res=%i sender end=%u maxend=%u maxwin=%u "
"receiver end=%u maxend=%u maxwin=%u\n",
- res, sender->td_end, sender->td_maxend, sender->td_maxwin,
+ res, sender->td_end, sender->td_maxend, sender->td_maxwin,
receiver->td_end, receiver->td_maxend, receiver->td_maxwin);
return res;
#ifdef CONFIG_IP_NF_NAT_NEEDED
/* Update sender->td_end after NAT successfully mangled the packet */
void ip_conntrack_tcp_update(struct sk_buff *skb,
- struct ip_conntrack *conntrack,
+ struct ip_conntrack *conntrack,
enum ip_conntrack_dir dir)
{
struct iphdr *iph = skb->nh.iph;
#endif
end = segment_seq_plus_len(ntohl(tcph->seq), skb->len, iph, tcph);
-
+
write_lock_bh(&tcp_lock);
/*
* We have to worry for the ack in the reply packet only...
DEBUGP("tcp_update: sender end=%u maxend=%u maxwin=%u scale=%i "
"receiver end=%u maxend=%u maxwin=%u scale=%i\n",
sender->td_end, sender->td_maxend, sender->td_maxwin,
- sender->td_scale,
+ sender->td_scale,
receiver->td_end, receiver->td_maxend, receiver->td_maxwin,
receiver->td_scale);
}
-
+
#endif
#define TH_FIN 0x01
nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
"ip_ct_tcp: short packet ");
return -NF_ACCEPT;
- }
-
+ }
+
/* Not whole TCP header or malformed packet */
if (th->doff*4 < sizeof(struct tcphdr) || tcplen < th->doff*4) {
if (LOG_INVALID(IPPROTO_TCP))
"ip_ct_tcp: truncated/malformed packet ");
return -NF_ACCEPT;
}
-
+
/* Checksum invalid? Ignore.
* We skip checking packets on the outgoing path
* because it is assumed to be correct.
struct tcphdr *th, _tcph;
unsigned long timeout;
unsigned int index;
-
+
th = skb_header_pointer(skb, iph->ihl * 4,
sizeof(_tcph), &_tcph);
BUG_ON(th == NULL);
-
+
write_lock_bh(&tcp_lock);
old_state = conntrack->proto.tcp.state;
dir = CTINFO2DIR(ctinfo);
switch (new_state) {
case TCP_CONNTRACK_IGNORE:
/* Ignored packets:
- *
+ *
* a) SYN in ORIGINAL
* b) SYN/ACK in REPLY
* c) ACK in reply direction after initial SYN in original.
&& conntrack->proto.tcp.last_index == TCP_SYN_SET
&& conntrack->proto.tcp.last_dir != dir
&& ntohl(th->ack_seq) ==
- conntrack->proto.tcp.last_end) {
- /* This SYN/ACK acknowledges a SYN that we earlier
+ conntrack->proto.tcp.last_end) {
+ /* This SYN/ACK acknowledges a SYN that we earlier
* ignored as invalid. This means that the client and
* the server are both in sync, while the firewall is
* not. We kill this session and block the SYN/ACK so
- * that the client cannot but retransmit its SYN and
+ * that the client cannot but retransmit its SYN and
* thus initiate a clean new session.
*/
- write_unlock_bh(&tcp_lock);
+ write_unlock_bh(&tcp_lock);
if (LOG_INVALID(IPPROTO_TCP))
nf_log_packet(PF_INET, 0, skb, NULL, NULL,
NULL, "ip_ct_tcp: "
"killing out of sync session ");
- if (del_timer(&conntrack->timeout))
- conntrack->timeout.function((unsigned long)
- conntrack);
- return -NF_DROP;
+ if (del_timer(&conntrack->timeout))
+ conntrack->timeout.function((unsigned long)
+ conntrack);
+ return -NF_DROP;
}
conntrack->proto.tcp.last_index = index;
conntrack->proto.tcp.last_dir = dir;
conntrack->proto.tcp.last_seq = ntohl(th->seq);
- conntrack->proto.tcp.last_end =
+ conntrack->proto.tcp.last_end =
segment_seq_plus_len(ntohl(th->seq), skb->len, iph, th);
-
+
write_unlock_bh(&tcp_lock);
if (LOG_INVALID(IPPROTO_TCP))
nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
if (old_state < TCP_CONNTRACK_TIME_WAIT)
break;
if ((conntrack->proto.tcp.seen[dir].flags &
- IP_CT_TCP_FLAG_CLOSE_INIT)
+ IP_CT_TCP_FLAG_CLOSE_INIT)
|| after(ntohl(th->seq),
- conntrack->proto.tcp.seen[dir].td_end)) {
- /* Attempt to reopen a closed connection.
- * Delete this connection and look up again. */
- write_unlock_bh(&tcp_lock);
- if (del_timer(&conntrack->timeout))
- conntrack->timeout.function((unsigned long)
- conntrack);
- return -NF_REPEAT;
+ conntrack->proto.tcp.seen[dir].td_end)) {
+ /* Attempt to reopen a closed connection.
+ * Delete this connection and look up again. */
+ write_unlock_bh(&tcp_lock);
+ if (del_timer(&conntrack->timeout))
+ conntrack->timeout.function((unsigned long)
+ conntrack);
+ return -NF_REPEAT;
} else {
write_unlock_bh(&tcp_lock);
if (LOG_INVALID(IPPROTO_TCP))
case TCP_CONNTRACK_CLOSE:
if (index == TCP_RST_SET
&& ((test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)
- && conntrack->proto.tcp.last_index == TCP_SYN_SET)
- || (!test_bit(IPS_ASSURED_BIT, &conntrack->status)
- && conntrack->proto.tcp.last_index == TCP_ACK_SET))
+ && conntrack->proto.tcp.last_index == TCP_SYN_SET)
+ || (!test_bit(IPS_ASSURED_BIT, &conntrack->status)
+ && conntrack->proto.tcp.last_index == TCP_ACK_SET))
&& ntohl(th->ack_seq) == conntrack->proto.tcp.last_end) {
/* RST sent to invalid SYN or ACK we had let through
* at a) and c) above:
break;
}
- if (!tcp_in_window(&conntrack->proto.tcp, dir, index,
+ if (!tcp_in_window(&conntrack->proto.tcp, dir, index,
skb, iph, th)) {
write_unlock_bh(&tcp_lock);
return -NF_ACCEPT;
}
in_window:
- /* From now on we have got in-window packets */
+ /* From now on we have got in-window packets */
conntrack->proto.tcp.last_index = index;
DEBUGP("tcp_conntracks: src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu "
old_state, new_state);
conntrack->proto.tcp.state = new_state;
- if (old_state != new_state
+ if (old_state != new_state
&& (new_state == TCP_CONNTRACK_FIN_WAIT
- || new_state == TCP_CONNTRACK_CLOSE))
+ || new_state == TCP_CONNTRACK_CLOSE))
conntrack->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT;
timeout = conntrack->proto.tcp.retrans >= ip_ct_tcp_max_retrans
&& *tcp_timeouts[new_state] > ip_ct_tcp_timeout_max_retrans
&& (old_state == TCP_CONNTRACK_SYN_RECV
|| old_state == TCP_CONNTRACK_ESTABLISHED)
&& new_state == TCP_CONNTRACK_ESTABLISHED) {
- /* Set ASSURED if we see see valid ack in ESTABLISHED
- after SYN_RECV or a valid answer for a picked up
+ /* Set ASSURED if we see see valid ack in ESTABLISHED
+ after SYN_RECV or a valid answer for a picked up
connection. */
set_bit(IPS_ASSURED_BIT, &conntrack->status);
ip_conntrack_event_cache(IPCT_STATUS, skb);
return NF_ACCEPT;
}
-
+
/* Called when a new connection for this protocol found. */
static int tcp_new(struct ip_conntrack *conntrack,
const struct sk_buff *skb)
th = skb_header_pointer(skb, iph->ihl * 4,
sizeof(_tcph), &_tcph);
BUG_ON(th == NULL);
-
+
/* Don't need lock here: this conntrack not in circulation yet */
new_state
= tcp_conntracks[0][get_conntrack_index(th)]
if (conntrack->proto.tcp.seen[0].td_maxwin == 0)
conntrack->proto.tcp.seen[0].td_maxwin = 1;
conntrack->proto.tcp.seen[0].td_maxend =
- conntrack->proto.tcp.seen[0].td_end +
+ conntrack->proto.tcp.seen[0].td_end +
conntrack->proto.tcp.seen[0].td_maxwin;
conntrack->proto.tcp.seen[0].td_scale = 0;
conntrack->proto.tcp.seen[1].flags = IP_CT_TCP_FLAG_SACK_PERM |
IP_CT_TCP_FLAG_BE_LIBERAL;
}
-
+
conntrack->proto.tcp.seen[1].td_end = 0;
conntrack->proto.tcp.seen[1].td_maxend = 0;
conntrack->proto.tcp.seen[1].td_maxwin = 1;
- conntrack->proto.tcp.seen[1].td_scale = 0;
+ conntrack->proto.tcp.seen[1].td_scale = 0;
/* tcp_packet will set them */
conntrack->proto.tcp.state = TCP_CONNTRACK_NONE;
conntrack->proto.tcp.last_index = TCP_NONE_SET;
-
+
DEBUGP("tcp_new: sender end=%u maxend=%u maxwin=%u scale=%i "
"receiver end=%u maxend=%u maxwin=%u scale=%i\n",
sender->td_end, sender->td_maxend, sender->td_maxwin,
- sender->td_scale,
+ sender->td_scale,
receiver->td_end, receiver->td_maxend, receiver->td_maxwin,
receiver->td_scale);
return 1;
}
-
+
struct ip_conntrack_protocol ip_conntrack_protocol_tcp =
{
.proto = IPPROTO_TCP,
/* If we've seen traffic both ways, this is some kind of UDP
stream. Extend timeout. */
if (test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)) {
- ip_ct_refresh_acct(conntrack, ctinfo, skb,
+ ip_ct_refresh_acct(conntrack, ctinfo, skb,
ip_ct_udp_timeout_stream);
/* Also, more likely to be important, and not a probe */
if (!test_and_set_bit(IPS_ASSURED_BIT, &conntrack->status))
"ip_ct_udp: short packet ");
return -NF_ACCEPT;
}
-
+
/* Truncated/malformed packets */
if (ntohs(hdr->len) > udplen || ntohs(hdr->len) < sizeof(*hdr)) {
if (LOG_INVALID(IPPROTO_UDP))
"ip_ct_udp: truncated/malformed packet ");
return -NF_ACCEPT;
}
-
+
/* Packet with no checksum */
if (!hdr->check)
return NF_ACCEPT;
"ip_ct_udp: bad UDP checksum ");
return -NF_ACCEPT;
}
-
+
return NF_ACCEPT;
}
continue;
}
aux = ct_sip_search(hnfo->ln_str, dptr, hnfo->ln_strlen,
- ct_sip_lnlen(dptr, limit),
+ ct_sip_lnlen(dptr, limit),
hnfo->case_sensitive);
if (!aux) {
DEBUGP("'%s' not found in '%s'.\n", hnfo->ln_str,
if (dataoff >= (*pskb)->len) {
DEBUGP("skb->len = %u\n", (*pskb)->len);
return NF_ACCEPT;
- }
+ }
ip_ct_refresh(ct, *pskb, sip_timeout * HZ);
}
/* Get ip and port address from SDP packet. */
if (ct_sip_get_info(dptr, datalen, &matchoff, &matchlen,
- POS_CONNECTION) > 0) {
+ POS_CONNECTION) > 0) {
/* We'll drop only if there are parse problems. */
if (parse_ipaddr(dptr + matchoff, NULL, &ipaddr,
- dptr + datalen) < 0) {
+ dptr + datalen) < 0) {
ret = NF_DROP;
goto out;
}
if (ct_sip_get_info(dptr, datalen, &matchoff, &matchlen,
- POS_MEDIA) > 0) {
+ POS_MEDIA) > 0) {
port = simple_strtoul(dptr + matchoff, NULL, 10);
if (port < 1024) {
static int kill_proto(struct ip_conntrack *i, void *data)
{
- return (i->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum ==
+ return (i->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum ==
*((u_int8_t *) data));
}
(*pos)++;
return ct_get_next(s, v);
}
-
+
static void ct_seq_stop(struct seq_file *s, void *v)
{
read_unlock_bh(&ip_conntrack_lock);
}
-
+
static int ct_seq_show(struct seq_file *s, void *v)
{
const struct ip_conntrack_tuple_hash *hash = v;
if (proto->print_conntrack(s, conntrack))
return -ENOSPC;
-
+
if (print_tuple(s, &conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple,
proto))
return -ENOSPC;
- if (seq_print_counters(s, &conntrack->counters[IP_CT_DIR_ORIGINAL]))
+ if (seq_print_counters(s, &conntrack->counters[IP_CT_DIR_ORIGINAL]))
return -ENOSPC;
if (!(test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)))
proto))
return -ENOSPC;
- if (seq_print_counters(s, &conntrack->counters[IP_CT_DIR_REPLY]))
+ if (seq_print_counters(s, &conntrack->counters[IP_CT_DIR_REPLY]))
return -ENOSPC;
if (test_bit(IPS_ASSURED_BIT, &conntrack->status))
.stop = ct_seq_stop,
.show = ct_seq_show
};
-
+
static int ct_open(struct inode *inode, struct file *file)
{
struct seq_file *seq;
.llseek = seq_lseek,
.release = seq_release_private,
};
-
+
/* expects *