Code Review
/
kvmfornfv.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
These changes are the raw update to linux-4.4.6-rt14. Kernel sources
[kvmfornfv.git]
/
kernel
/
net
/
ipv6
/
netfilter
/
ip6t_SYNPROXY.c
diff --git
a/kernel/net/ipv6/netfilter/ip6t_SYNPROXY.c
b/kernel/net/ipv6/netfilter/ip6t_SYNPROXY.c
index
6edb7b1
..
3deed58
100644
(file)
--- a/
kernel/net/ipv6/netfilter/ip6t_SYNPROXY.c
+++ b/
kernel/net/ipv6/netfilter/ip6t_SYNPROXY.c
@@
-37,12
+37,13
@@
synproxy_build_ip(struct sk_buff *skb, const struct in6_addr *saddr,
}
static void
}
static void
-synproxy_send_tcp(const struct sk_buff *skb, struct sk_buff *nskb,
+synproxy_send_tcp(const struct synproxy_net *snet,
+ const struct sk_buff *skb, struct sk_buff *nskb,
struct nf_conntrack *nfct, enum ip_conntrack_info ctinfo,
struct ipv6hdr *niph, struct tcphdr *nth,
unsigned int tcp_hdr_size)
{
struct nf_conntrack *nfct, enum ip_conntrack_info ctinfo,
struct ipv6hdr *niph, struct tcphdr *nth,
unsigned int tcp_hdr_size)
{
- struct net *net = nf_ct_net(
(struct nf_conn *)nfct
);
+ struct net *net = nf_ct_net(
snet->tmpl
);
struct dst_entry *dst;
struct flowi6 fl6;
struct dst_entry *dst;
struct flowi6 fl6;
@@
-75,7
+76,7
@@
synproxy_send_tcp(const struct sk_buff *skb, struct sk_buff *nskb,
nf_conntrack_get(nfct);
}
nf_conntrack_get(nfct);
}
- ip6_local_out(nskb);
+ ip6_local_out(n
et, nskb->sk, n
skb);
return;
free_nskb:
return;
free_nskb:
@@
-83,7
+84,8
@@
free_nskb:
}
static void
}
static void
-synproxy_send_client_synack(const struct sk_buff *skb, const struct tcphdr *th,
+synproxy_send_client_synack(const struct synproxy_net *snet,
+ const struct sk_buff *skb, const struct tcphdr *th,
const struct synproxy_options *opts)
{
struct sk_buff *nskb;
const struct synproxy_options *opts)
{
struct sk_buff *nskb;
@@
-119,7
+121,7
@@
synproxy_send_client_synack(const struct sk_buff *skb, const struct tcphdr *th,
synproxy_build_options(nth, opts);
synproxy_build_options(nth, opts);
- synproxy_send_tcp(skb, nskb, skb->nfct, IP_CT_ESTABLISHED_REPLY,
+ synproxy_send_tcp(s
net, s
kb, nskb, skb->nfct, IP_CT_ESTABLISHED_REPLY,
niph, nth, tcp_hdr_size);
}
niph, nth, tcp_hdr_size);
}
@@
-163,7
+165,7
@@
synproxy_send_server_syn(const struct synproxy_net *snet,
synproxy_build_options(nth, opts);
synproxy_build_options(nth, opts);
- synproxy_send_tcp(skb, nskb, &snet->tmpl->ct_general, IP_CT_NEW,
+ synproxy_send_tcp(s
net, s
kb, nskb, &snet->tmpl->ct_general, IP_CT_NEW,
niph, nth, tcp_hdr_size);
}
niph, nth, tcp_hdr_size);
}
@@
-203,7
+205,7
@@
synproxy_send_server_ack(const struct synproxy_net *snet,
synproxy_build_options(nth, opts);
synproxy_build_options(nth, opts);
- synproxy_send_tcp(skb, nskb, NULL, 0, niph, nth, tcp_hdr_size);
+ synproxy_send_tcp(s
net, s
kb, nskb, NULL, 0, niph, nth, tcp_hdr_size);
}
static void
}
static void
@@
-235,13
+237,14
@@
synproxy_send_client_ack(const struct synproxy_net *snet,
nth->ack_seq = th->ack_seq;
tcp_flag_word(nth) = TCP_FLAG_ACK;
nth->doff = tcp_hdr_size / 4;
nth->ack_seq = th->ack_seq;
tcp_flag_word(nth) = TCP_FLAG_ACK;
nth->doff = tcp_hdr_size / 4;
- nth->window =
ntohs(hton
s(th->window) >> opts->wscale);
+ nth->window =
htons(ntoh
s(th->window) >> opts->wscale);
nth->check = 0;
nth->urg_ptr = 0;
synproxy_build_options(nth, opts);
nth->check = 0;
nth->urg_ptr = 0;
synproxy_build_options(nth, opts);
- synproxy_send_tcp(skb, nskb, NULL, 0, niph, nth, tcp_hdr_size);
+ synproxy_send_tcp(snet, skb, nskb, skb->nfct, IP_CT_ESTABLISHED_REPLY,
+ niph, nth, tcp_hdr_size);
}
static bool
}
static bool
@@
-272,7
+275,7
@@
static unsigned int
synproxy_tg6(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_synproxy_info *info = par->targinfo;
synproxy_tg6(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_synproxy_info *info = par->targinfo;
- struct synproxy_net *snet = synproxy_pernet(
dev_net(par->in)
);
+ struct synproxy_net *snet = synproxy_pernet(
par->net
);
struct synproxy_options opts = {};
struct tcphdr *th, _th;
struct synproxy_options opts = {};
struct tcphdr *th, _th;
@@
-301,7
+304,7
@@
synproxy_tg6(struct sk_buff *skb, const struct xt_action_param *par)
XT_SYNPROXY_OPT_SACK_PERM |
XT_SYNPROXY_OPT_ECN);
XT_SYNPROXY_OPT_SACK_PERM |
XT_SYNPROXY_OPT_ECN);
- synproxy_send_client_synack(skb, th, &opts);
+ synproxy_send_client_synack(s
net, s
kb, th, &opts);
return NF_DROP;
} else if (th->ack && !(th->fin || th->rst || th->syn)) {
return NF_DROP;
} else if (th->ack && !(th->fin || th->rst || th->syn)) {
@@
-313,11
+316,11
@@
synproxy_tg6(struct sk_buff *skb, const struct xt_action_param *par)
return XT_CONTINUE;
}
return XT_CONTINUE;
}
-static unsigned int ipv6_synproxy_hook(
const struct nf_hook_ops *ops
,
+static unsigned int ipv6_synproxy_hook(
void *priv
,
struct sk_buff *skb,
const struct nf_hook_state *nhs)
{
struct sk_buff *skb,
const struct nf_hook_state *nhs)
{
- struct synproxy_net *snet = synproxy_pernet(
dev_net(nhs->in ? : nhs->out)
);
+ struct synproxy_net *snet = synproxy_pernet(
nhs->net
);
enum ip_conntrack_info ctinfo;
struct nf_conn *ct;
struct nf_conn_synproxy *synproxy;
enum ip_conntrack_info ctinfo;
struct nf_conn *ct;
struct nf_conn_synproxy *synproxy;
@@
-455,14
+458,12
@@
static struct xt_target synproxy_tg6_reg __read_mostly = {
static struct nf_hook_ops ipv6_synproxy_ops[] __read_mostly = {
{
.hook = ipv6_synproxy_hook,
static struct nf_hook_ops ipv6_synproxy_ops[] __read_mostly = {
{
.hook = ipv6_synproxy_hook,
- .owner = THIS_MODULE,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP_PRI_CONNTRACK_CONFIRM - 1,
},
{
.hook = ipv6_synproxy_hook,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP_PRI_CONNTRACK_CONFIRM - 1,
},
{
.hook = ipv6_synproxy_hook,
- .owner = THIS_MODULE,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_POST_ROUTING,
.priority = NF_IP_PRI_CONNTRACK_CONFIRM - 1,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_POST_ROUTING,
.priority = NF_IP_PRI_CONNTRACK_CONFIRM - 1,