patch-2.4.23 linux-2.4.23/net/ipv4/netfilter/ip_nat_core.c
Next file: linux-2.4.23/net/ipv4/netfilter/ip_nat_helper.c
Previous file: linux-2.4.23/net/ipv4/netfilter/ip_nat_amanda.c
Back to the patch index
Back to the overall index
- Lines: 99
- Date:
2003-11-28 10:26:21.000000000 -0800
- Orig file:
linux-2.4.22/net/ipv4/netfilter/ip_nat_core.c
- Orig date:
2003-08-25 04:44:44.000000000 -0700
diff -urN linux-2.4.22/net/ipv4/netfilter/ip_nat_core.c linux-2.4.23/net/ipv4/netfilter/ip_nat_core.c
@@ -67,6 +67,7 @@
static void ip_nat_cleanup_conntrack(struct ip_conntrack *conn)
{
struct ip_nat_info *info = &conn->nat.info;
+ unsigned int hs, hp;
if (!info->initialized)
return;
@@ -74,21 +75,18 @@
IP_NF_ASSERT(info->bysource.conntrack);
IP_NF_ASSERT(info->byipsproto.conntrack);
+ hs = hash_by_src(&conn->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src,
+ conn->tuplehash[IP_CT_DIR_ORIGINAL]
+ .tuple.dst.protonum);
+
+ hp = hash_by_ipsproto(conn->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip,
+ conn->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip,
+ conn->tuplehash[IP_CT_DIR_REPLY]
+ .tuple.dst.protonum);
+
WRITE_LOCK(&ip_nat_lock);
- LIST_DELETE(&bysource[hash_by_src(&conn->tuplehash[IP_CT_DIR_ORIGINAL]
- .tuple.src,
- conn->tuplehash[IP_CT_DIR_ORIGINAL]
- .tuple.dst.protonum)],
- &info->bysource);
-
- LIST_DELETE(&byipsproto
- [hash_by_ipsproto(conn->tuplehash[IP_CT_DIR_REPLY]
- .tuple.src.ip,
- conn->tuplehash[IP_CT_DIR_REPLY]
- .tuple.dst.ip,
- conn->tuplehash[IP_CT_DIR_REPLY]
- .tuple.dst.protonum)],
- &info->byipsproto);
+ LIST_DELETE(&bysource[hs], &info->bysource);
+ LIST_DELETE(&byipsproto[hp], &info->byipsproto);
WRITE_UNLOCK(&ip_nat_lock);
}
@@ -244,11 +242,12 @@
const struct ip_conntrack *conntrack)
{
unsigned int score = 0;
+ unsigned int h;
MUST_BE_READ_LOCKED(&ip_nat_lock);
- LIST_FIND(&byipsproto[hash_by_ipsproto(src, dst, protonum)],
- fake_cmp, struct ip_nat_hash *, src, dst, protonum, &score,
- conntrack);
+ h = hash_by_ipsproto(src, dst, protonum);
+ LIST_FIND(&byipsproto[h], fake_cmp, struct ip_nat_hash *,
+ src, dst, protonum, &score, conntrack);
return score;
}
@@ -516,12 +515,14 @@
struct ip_conntrack_tuple new_tuple, inv_tuple, reply;
struct ip_conntrack_tuple orig_tp;
struct ip_nat_info *info = &conntrack->nat.info;
+ int in_hashes = info->initialized;
MUST_BE_WRITE_LOCKED(&ip_nat_lock);
IP_NF_ASSERT(hooknum == NF_IP_PRE_ROUTING
|| hooknum == NF_IP_POST_ROUTING
|| hooknum == NF_IP_LOCAL_OUT);
IP_NF_ASSERT(info->num_manips < IP_NAT_MAX_MANIPS);
+ IP_NF_ASSERT(!(info->initialized & (1 << HOOK2MANIP(hooknum))));
/* What we've got will look like inverse of reply. Normally
this is what is in the conntrack, except for prior
@@ -638,6 +639,14 @@
/* It's done. */
info->initialized |= (1 << HOOK2MANIP(hooknum));
+
+ if (in_hashes) {
+ IP_NF_ASSERT(info->bysource.conntrack);
+ replace_in_hashes(conntrack, info);
+ } else {
+ place_in_hashes(conntrack, info);
+ }
+
return NF_ACCEPT;
}
@@ -756,11 +765,6 @@
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
int is_tcp = (*pskb)->nh.iph->protocol == IPPROTO_TCP;
- /* Skip everything and don't call helpers if there are no
- * manips for this connection */
- if (info->num_manips == 0)
- return NF_ACCEPT;
-
/* Need nat lock to protect against modification, but neither
conntrack (referenced) and helper (deleted with
synchronize_bh()) can vanish. */
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)