صفحهٔ اصلی گشت‌و‌گذار راهنما
ثبت نام ورود
phyus
/
linux-vybrid_public
8
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
فهرست منبع

netfilter: nf_nat_ftp: remove (*mangle[]) array and functions, use %pI4

These functions merely exist to format a buffer and call
nf_nat_mangle_tcp_packet.

Format the buffer and perform the call in nf_nat_ftp instead.

Use %pI4 for the IP address.

Saves ~600 bytes of text

old:
$ size net/ipv4/netfilter/nf_nat_ftp.o
   text	   data	    bss	    dec	    hex	filename
   2187	    160	    408	   2755	    ac3	net/ipv4/netfilter/nf_nat_ftp.o
new:
$ size net/ipv4/netfilter/nf_nat_ftp.o
   text    data     bss     dec     hex filename
   1532     112     288    1932     78c net/ipv4/netfilter/nf_nat_ftp.o

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Joe Perches 15 سال پیش
والد
6f7edb4881
کامیت
c299bd53aa
1فایلهای تغییر یافته به همراه35 افزوده شده و 70 حذف شده
مشاهده تقسیم شده نمایش آمار تفاوت ها
  1. 35 70
      net/ipv4/netfilter/nf_nat_ftp.c

+ 35 - 70
net/ipv4/netfilter/nf_nat_ftp.c
مشاهده فایل 

@@ -27,76 +27,29 @@ MODULE_ALIAS("ip_nat_ftp");
 
 
 /* FIXME: Time out? --RR */
 
 
-static int
 
-mangle_rfc959_packet(struct sk_buff *skb,
 
-		     __be32 newip,
 
-		     u_int16_t port,
 
-		     unsigned int matchoff,
 
-		     unsigned int matchlen,
 
-		     struct nf_conn *ct,
 
-		     enum ip_conntrack_info ctinfo)
 
+static int nf_nat_ftp_fmt_cmd(enum nf_ct_ftp_type type,
 
+			      char *buffer, size_t buflen,
 
+			      __be32 addr, u16 port)
 
 {
 
-	char buffer[sizeof("nnn,nnn,nnn,nnn,nnn,nnn")];
 
-
 
-	sprintf(buffer, "%u,%u,%u,%u,%u,%u",
 
-		NIPQUAD(newip), port>>8, port&0xFF);
 
-
 
-	pr_debug("calling nf_nat_mangle_tcp_packet\n");
 
-
 
-	return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
 
-					matchlen, buffer, strlen(buffer));
 
-}
 
-
 
-/* |1|132.235.1.2|6275| */
 
-static int
 
-mangle_eprt_packet(struct sk_buff *skb,
 
-		   __be32 newip,
 
-		   u_int16_t port,
 
-		   unsigned int matchoff,
 
-		   unsigned int matchlen,
 
-		   struct nf_conn *ct,
 
-		   enum ip_conntrack_info ctinfo)
 
-{
 
-	char buffer[sizeof("|1|255.255.255.255|65535|")];
 
-
 
-	sprintf(buffer, "|1|%u.%u.%u.%u|%u|", NIPQUAD(newip), port);
 
-
 
-	pr_debug("calling nf_nat_mangle_tcp_packet\n");
 
-
 
-	return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
 
-					matchlen, buffer, strlen(buffer));
 
-}
 
-
 
-/* |1|132.235.1.2|6275| */
 
-static int
 
-mangle_epsv_packet(struct sk_buff *skb,
 
-		   __be32 newip,
 
-		   u_int16_t port,
 
-		   unsigned int matchoff,
 
-		   unsigned int matchlen,
 
-		   struct nf_conn *ct,
 
-		   enum ip_conntrack_info ctinfo)
 
-{
 
-	char buffer[sizeof("|||65535|")];
 
-
 
-	sprintf(buffer, "|||%u|", port);
 
-
 
-	pr_debug("calling nf_nat_mangle_tcp_packet\n");
 
+	switch (type) {
 
+	case NF_CT_FTP_PORT:
 
+	case NF_CT_FTP_PASV:
 
+		return snprintf(buffer, buflen, "%u,%u,%u,%u,%u,%u",
 
+				((unsigned char *)&addr)[0],
 
+				((unsigned char *)&addr)[1],
 
+				((unsigned char *)&addr)[2],
 
+				((unsigned char *)&addr)[3],
 
+				port >> 8,
 
+				port & 0xFF);
 
+	case NF_CT_FTP_EPRT:
 
+		return snprintf(buffer, buflen, "|1|%pI4|%u|", &addr, port);
 
+	case NF_CT_FTP_EPSV:
 
+		return snprintf(buffer, buflen, "|||%u|", port);
 
+	}
 
 
-	return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
 
-					matchlen, buffer, strlen(buffer));
 
+	return 0;
 
 }
 
 
-static int (*mangle[])(struct sk_buff *, __be32, u_int16_t,
 
-		       unsigned int, unsigned int, struct nf_conn *,
 
-		       enum ip_conntrack_info)
 
-= {
 
-	[NF_CT_FTP_PORT] = mangle_rfc959_packet,
 
-	[NF_CT_FTP_PASV] = mangle_rfc959_packet,
 
-	[NF_CT_FTP_EPRT] = mangle_eprt_packet,
 
-	[NF_CT_FTP_EPSV] = mangle_epsv_packet
 
-};
 
-
 
 /* So, this packet has hit the connection tracking matching code.
 
    Mangle it, and change the expectation to match the new version. */
 
 static unsigned int nf_nat_ftp(struct sk_buff *skb,
 
@@ -110,6 +63,8 @@ static unsigned int nf_nat_ftp(struct sk_buff *skb,
 
 	u_int16_t port;
 
 	int dir = CTINFO2DIR(ctinfo);
 
 	struct nf_conn *ct = exp->master;
 
+	char buffer[sizeof("|1|255.255.255.255|65535|")];
 
+	unsigned int buflen;
 
 
 	pr_debug("FTP_NAT: type %i, off %u len %u\n", type, matchoff, matchlen);
 
 
@@ -132,11 +87,21 @@ static unsigned int nf_nat_ftp(struct sk_buff *skb,
 
 	if (port == 0)
 
 		return NF_DROP;
 
 
-	if (!mangle[type](skb, newip, port, matchoff, matchlen, ct, ctinfo)) {
 
-		nf_ct_unexpect_related(exp);
 
-		return NF_DROP;
 
-	}
 
+	buflen = nf_nat_ftp_fmt_cmd(type, buffer, sizeof(buffer), newip, port);
 
+	if (!buflen)
 
+		goto out;
 
+
 
+	pr_debug("calling nf_nat_mangle_tcp_packet\n");
 
+
 
+	if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
 
+				      matchlen, buffer, buflen))
 
+		goto out;
 
+
 
 	return NF_ACCEPT;
 
+
 
+out:
 
+	nf_ct_unexpect_related(exp);
 
+	return NF_DROP;
 
 }
 
 
 static void __exit nf_nat_ftp_fini(void)