diff options
author | Florian Westphal <fw@strlen.de> | 2019-01-15 22:03:40 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-01-18 15:02:34 +0100 |
commit | 44fb87f6351d04fafae2b17df5f46f1ce22c6f93 (patch) | |
tree | 89a33d4e9b4c678f34298694c4bd6a03d9ea61bc /net/netfilter/nf_conntrack_core.c | |
parent | b184356d0a003ac5e82b4adf37f2d334df1d213c (diff) | |
download | linux-44fb87f6351d04fafae2b17df5f46f1ce22c6f93.tar.bz2 |
netfilter: conntrack: remove remaining l4proto indirect packet calls
Now that all l4trackers are builtin, no need to use a mix of direct and
indirect calls.
This removes the last two users: gre and the generic l4 protocol
tracker.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nf_conntrack_core.c')
-rw-r--r-- | net/netfilter/nf_conntrack_core.c | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index d56cb0fc82b6..264074f04615 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -1534,6 +1534,18 @@ nf_conntrack_handle_icmp(struct nf_conn *tmpl, return ret; } +static int generic_packet(struct nf_conn *ct, struct sk_buff *skb, + enum ip_conntrack_info ctinfo) +{ + const unsigned int *timeout = nf_ct_timeout_lookup(ct); + + if (!timeout) + timeout = &nf_generic_pernet(nf_ct_net(ct))->timeout; + + nf_ct_refresh_acct(ct, ctinfo, skb, *timeout); + return NF_ACCEPT; +} + /* Returns verdict for packet, or -1 for invalid. */ static int nf_conntrack_handle_packet(struct nf_conn *ct, struct sk_buff *skb, @@ -1567,10 +1579,14 @@ static int nf_conntrack_handle_packet(struct nf_conn *ct, return nf_conntrack_dccp_packet(ct, skb, dataoff, ctinfo, state); #endif +#ifdef CONFIG_NF_CT_PROTO_GRE + case IPPROTO_GRE: + return nf_conntrack_gre_packet(ct, skb, dataoff, + ctinfo, state); +#endif } - WARN_ON_ONCE(1); - return -NF_ACCEPT; + return generic_packet(ct, skb, ctinfo); } unsigned int @@ -1634,11 +1650,7 @@ repeat: goto out; } - if (l4proto->packet) - ret = l4proto->packet(ct, skb, dataoff, ctinfo, state); - else - ret = nf_conntrack_handle_packet(ct, skb, dataoff, ctinfo, state); - + ret = nf_conntrack_handle_packet(ct, skb, dataoff, ctinfo, state); if (ret <= 0) { /* Invalid: inverse of the return code tells * the netfilter core what to do */ |