#include <linux/netfilter_ipv6.h>
#include <net/netfilter/nf_conntrack_l4proto.h>
#include <net/netfilter/nf_conntrack_ecache.h>
+#include <net/netfilter/nf_log.h>
static unsigned int nf_ct_udplite_timeout __read_mostly = 30*HZ;
static unsigned int nf_ct_udplite_timeout_stream __read_mostly = 180*HZ;
unsigned int dataoff,
struct nf_conntrack_tuple *tuple)
{
- struct udphdr _hdr, *hp;
+ const struct udphdr *hp;
+ struct udphdr _hdr;
hp = skb_header_pointer(skb, dataoff, sizeof(_hdr), &_hdr);
if (hp == NULL)
ntohs(tuple->dst.u.udp.port));
}
-/* Print out the private part of the conntrack. */
-static int udplite_print_conntrack(struct seq_file *s,
- const struct nf_conn *conntrack)
-{
- return 0;
-}
-
/* Returns verdict for packet, and may modify conntracktype */
-static int udplite_packet(struct nf_conn *conntrack,
+static int udplite_packet(struct nf_conn *ct,
const struct sk_buff *skb,
unsigned int dataoff,
enum ip_conntrack_info ctinfo,
{
/* If we've seen traffic both ways, this is some kind of UDP
stream. Extend timeout. */
- if (test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)) {
- nf_ct_refresh_acct(conntrack, ctinfo, skb,
+ if (test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) {
+ nf_ct_refresh_acct(ct, ctinfo, skb,
nf_ct_udplite_timeout_stream);
/* Also, more likely to be important, and not a probe */
- if (!test_and_set_bit(IPS_ASSURED_BIT, &conntrack->status))
+ if (!test_and_set_bit(IPS_ASSURED_BIT, &ct->status))
nf_conntrack_event_cache(IPCT_STATUS, skb);
} else
- nf_ct_refresh_acct(conntrack, ctinfo, skb,
- nf_ct_udplite_timeout);
+ nf_ct_refresh_acct(ct, ctinfo, skb, nf_ct_udplite_timeout);
return NF_ACCEPT;
}
/* Called when a new connection for this protocol found. */
-static int udplite_new(struct nf_conn *conntrack, const struct sk_buff *skb,
+static int udplite_new(struct nf_conn *ct, const struct sk_buff *skb,
unsigned int dataoff)
{
return 1;
unsigned int hooknum)
{
unsigned int udplen = skb->len - dataoff;
- struct udphdr _hdr, *hdr;
+ const struct udphdr *hdr;
+ struct udphdr _hdr;
unsigned int cscov;
/* Header is too small? */
/* Checksum invalid? Ignore. */
if (nf_conntrack_checksum && !skb_csum_unnecessary(skb) &&
- ((pf == PF_INET && hooknum == NF_IP_PRE_ROUTING) ||
- (pf == PF_INET6 && hooknum == NF_IP6_PRE_ROUTING))) {
+ hooknum == NF_INET_PRE_ROUTING) {
if (pf == PF_INET) {
struct iphdr *iph = ip_hdr(skb);
.pkt_to_tuple = udplite_pkt_to_tuple,
.invert_tuple = udplite_invert_tuple,
.print_tuple = udplite_print_tuple,
- .print_conntrack = udplite_print_conntrack,
.packet = udplite_packet,
.new = udplite_new,
.error = udplite_error,
.pkt_to_tuple = udplite_pkt_to_tuple,
.invert_tuple = udplite_invert_tuple,
.print_tuple = udplite_print_tuple,
- .print_conntrack = udplite_print_conntrack,
.packet = udplite_packet,
.new = udplite_new,
.error = udplite_error,