#define HOURS * 60 MINS
#define DAYS * 24 HOURS
-unsigned long nf_ct_tcp_timeout_syn_sent = 2 MINS;
-unsigned long nf_ct_tcp_timeout_syn_recv = 60 SECS;
-unsigned long nf_ct_tcp_timeout_established = 5 DAYS;
-unsigned long nf_ct_tcp_timeout_fin_wait = 2 MINS;
-unsigned long nf_ct_tcp_timeout_close_wait = 60 SECS;
-unsigned long nf_ct_tcp_timeout_last_ack = 30 SECS;
-unsigned long nf_ct_tcp_timeout_time_wait = 2 MINS;
-unsigned long nf_ct_tcp_timeout_close = 10 SECS;
+unsigned int nf_ct_tcp_timeout_syn_sent = 2 MINS;
+unsigned int nf_ct_tcp_timeout_syn_recv = 60 SECS;
+unsigned int nf_ct_tcp_timeout_established = 5 DAYS;
+unsigned int nf_ct_tcp_timeout_fin_wait = 2 MINS;
+unsigned int nf_ct_tcp_timeout_close_wait = 60 SECS;
+unsigned int nf_ct_tcp_timeout_last_ack = 30 SECS;
+unsigned int nf_ct_tcp_timeout_time_wait = 2 MINS;
+unsigned int nf_ct_tcp_timeout_close = 10 SECS;
/* RFC1122 says the R2 limit should be at least 100 seconds.
Linux uses 15 packets as limit, which corresponds
to ~13-30min depending on RTO. */
-unsigned long nf_ct_tcp_timeout_max_retrans = 5 MINS;
+unsigned int nf_ct_tcp_timeout_max_retrans = 5 MINS;
-static unsigned long * tcp_timeouts[]
+static unsigned int * tcp_timeouts[]
= { NULL, /* TCP_CONNTRACK_NONE */
&nf_ct_tcp_timeout_syn_sent, /* TCP_CONNTRACK_SYN_SENT, */
&nf_ct_tcp_timeout_syn_recv, /* TCP_CONNTRACK_SYN_RECV, */
unsigned int dataoff,
enum ip_conntrack_info *ctinfo,
int pf,
- unsigned int hooknum,
- int(*csum)(const struct sk_buff *,unsigned int))
+ unsigned int hooknum)
{
struct tcphdr _tcph, *th;
unsigned int tcplen = skb->len - dataoff;
*/
/* FIXME: Source route IP option packets --RR */
if (((pf == PF_INET && hooknum == NF_IP_PRE_ROUTING) ||
- (pf == PF_INET6 && hooknum == NF_IP6_PRE_ROUTING))
- && skb->ip_summed != CHECKSUM_UNNECESSARY
- && csum(skb, dataoff)) {
+ (pf == PF_INET6 && hooknum == NF_IP6_PRE_ROUTING)) &&
+ nf_checksum(skb, hooknum, dataoff, IPPROTO_TCP, pf)) {
if (LOG_INVALID(IPPROTO_TCP))
nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
"nf_ct_tcp: bad TCP checksum ");
return NF_ACCEPT;
}
-static int csum4(const struct sk_buff *skb, unsigned int dataoff)
-{
- return csum_tcpudp_magic(skb->nh.iph->saddr, skb->nh.iph->daddr,
- skb->len - dataoff, IPPROTO_TCP,
- skb->ip_summed == CHECKSUM_HW ? skb->csum
- : skb_checksum(skb, dataoff,
- skb->len - dataoff, 0));
-}
-
-static int csum6(const struct sk_buff *skb, unsigned int dataoff)
-{
- return csum_ipv6_magic(&skb->nh.ipv6h->saddr, &skb->nh.ipv6h->daddr,
- skb->len - dataoff, IPPROTO_TCP,
- skb->ip_summed == CHECKSUM_HW ? skb->csum
- : skb_checksum(skb, dataoff, skb->len - dataoff,
- 0));
-}
-
-static int tcp_error4(struct sk_buff *skb,
- unsigned int dataoff,
- enum ip_conntrack_info *ctinfo,
- int pf,
- unsigned int hooknum)
-{
- return tcp_error(skb, dataoff, ctinfo, pf, hooknum, csum4);
-}
-
-static int tcp_error6(struct sk_buff *skb,
- unsigned int dataoff,
- enum ip_conntrack_info *ctinfo,
- int pf,
- unsigned int hooknum)
-{
- return tcp_error(skb, dataoff, ctinfo, pf, hooknum, csum6);
-}
-
/* Returns verdict for packet, or -1 for invalid. */
static int tcp_packet(struct nf_conn *conntrack,
const struct sk_buff *skb,
.print_conntrack = tcp_print_conntrack,
.packet = tcp_packet,
.new = tcp_new,
- .error = tcp_error4,
+ .error = tcp_error,
#if defined(CONFIG_NF_CT_NETLINK) || \
defined(CONFIG_NF_CT_NETLINK_MODULE)
.to_nfattr = tcp_to_nfattr,
.print_conntrack = tcp_print_conntrack,
.packet = tcp_packet,
.new = tcp_new,
- .error = tcp_error6,
+ .error = tcp_error,
#if defined(CONFIG_NF_CT_NETLINK) || \
defined(CONFIG_NF_CT_NETLINK_MODULE)
.to_nfattr = tcp_to_nfattr,