X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=net%2Fnetfilter%2Fnf_conntrack_pptp.c;h=97e54b0e43a3a1825f58d4ec42d5bbf6aab0e2c4;hb=5cb960a80531211379f8f05c575725d7630098fe;hp=099b6df3e2b55cfcd69bbe0cddf97bc6c714e858;hpb=541010e4b8921cd781ff02ae68028501457045b6;p=linux-2.6 diff --git a/net/netfilter/nf_conntrack_pptp.c b/net/netfilter/nf_conntrack_pptp.c index 099b6df3e2..97e54b0e43 100644 --- a/net/netfilter/nf_conntrack_pptp.c +++ b/net/netfilter/nf_conntrack_pptp.c @@ -67,7 +67,7 @@ EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_expectfn); #ifdef DEBUG /* PptpControlMessageType names */ -const char *pptp_msg_name[] = { +const char *const pptp_msg_name[] = { "UNKNOWN_MESSAGE", "START_SESSION_REQUEST", "START_SESSION_REPLY", @@ -119,7 +119,7 @@ static void pptp_expectfn(struct nf_conn *ct, /* obviously this tuple inversion only works until you do NAT */ nf_ct_invert_tuplepr(&inv_t, &exp->tuple); pr_debug("trying to unexpect other dir: "); - NF_CT_DUMP_TUPLE(&inv_t); + nf_ct_dump_tuple(&inv_t); exp_other = nf_ct_expect_find_get(&inv_t); if (exp_other) { @@ -136,12 +136,12 @@ static void pptp_expectfn(struct nf_conn *ct, static int destroy_sibling_or_exp(const struct nf_conntrack_tuple *t) { - struct nf_conntrack_tuple_hash *h; + const struct nf_conntrack_tuple_hash *h; struct nf_conntrack_expect *exp; struct nf_conn *sibling; pr_debug("trying to timeout ct or exp for tuple "); - NF_CT_DUMP_TUPLE(t); + nf_ct_dump_tuple(t); h = nf_conntrack_find_get(t); if (h) { @@ -168,7 +168,7 @@ static int destroy_sibling_or_exp(const struct nf_conntrack_tuple *t) /* timeout GRE data connections */ static void pptp_destroy_siblings(struct nf_conn *ct) { - struct nf_conn_help *help = nfct_help(ct); + const struct nf_conn_help *help = nfct_help(ct); struct nf_conntrack_tuple t; nf_ct_gre_keymap_destroy(ct); @@ -208,7 +208,8 @@ static int exp_gre(struct nf_conn *ct, __be16 callid, __be16 peer_callid) /* original direction, PNS->PAC */ dir = IP_CT_DIR_ORIGINAL; - nf_ct_expect_init(exp_orig, ct->tuplehash[dir].tuple.src.l3num, + nf_ct_expect_init(exp_orig, NF_CT_EXPECT_CLASS_DEFAULT, + nf_ct_l3num(ct), &ct->tuplehash[dir].tuple.src.u3, &ct->tuplehash[dir].tuple.dst.u3, IPPROTO_GRE, &peer_callid, &callid); @@ -216,7 +217,8 @@ static int exp_gre(struct nf_conn *ct, __be16 callid, __be16 peer_callid) /* reply direction, PAC->PNS */ dir = IP_CT_DIR_REPLY; - nf_ct_expect_init(exp_reply, ct->tuplehash[dir].tuple.src.l3num, + nf_ct_expect_init(exp_reply, NF_CT_EXPECT_CLASS_DEFAULT, + nf_ct_l3num(ct), &ct->tuplehash[dir].tuple.src.u3, &ct->tuplehash[dir].tuple.dst.u3, IPPROTO_GRE, &callid, &peer_callid); @@ -497,9 +499,11 @@ conntrack_pptp_help(struct sk_buff *skb, unsigned int protoff, { int dir = CTINFO2DIR(ctinfo); - struct nf_ct_pptp_master *info = &nfct_help(ct)->help.ct_pptp_info; - struct tcphdr _tcph, *tcph; - struct pptp_pkt_hdr _pptph, *pptph; + const struct nf_ct_pptp_master *info = &nfct_help(ct)->help.ct_pptp_info; + const struct tcphdr *tcph; + struct tcphdr _tcph; + const struct pptp_pkt_hdr *pptph; + struct pptp_pkt_hdr _pptph; struct PptpControlHeader _ctlh, *ctlh; union pptp_ctrl_union _pptpReq, *pptpReq; unsigned int tcplen = skb->len - protoff; @@ -573,17 +577,21 @@ conntrack_pptp_help(struct sk_buff *skb, unsigned int protoff, return ret; } +static const struct nf_conntrack_expect_policy pptp_exp_policy = { + .max_expected = 2, + .timeout = 5 * 60, +}; + /* control protocol helper */ static struct nf_conntrack_helper pptp __read_mostly = { .name = "pptp", .me = THIS_MODULE, - .max_expected = 2, - .timeout = 5 * 60, .tuple.src.l3num = AF_INET, .tuple.src.u.tcp.port = __constant_htons(PPTP_CONTROL_PORT), .tuple.dst.protonum = IPPROTO_TCP, .help = conntrack_pptp_help, .destroy = pptp_destroy_siblings, + .expect_policy = &pptp_exp_policy, }; static int __init nf_conntrack_pptp_init(void)