[NETFILTER]: nf_conntrack: introduce expectation classes and policies

[deliverable/linux.git] / net / netfilter / nf_conntrack_h323_main.c

diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c
index 898f1922b5b8ee3f5f4d59ddeced671e0de15872..505052d495cfee3a1f2ab3b6c21be0c43fd3f0ad 100644 (file)
--- a/net/netfilter/nf_conntrack_h323_main.c
+++ b/net/netfilter/nf_conntrack_h323_main.c
@@ -277,7 +277,8 @@ static int expect_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
        /* Create expect for RTP */
        if ((rtp_exp = nf_ct_expect_alloc(ct)) == NULL)
                return -1;
-       nf_ct_expect_init(rtp_exp, ct->tuplehash[!dir].tuple.src.l3num,
+       nf_ct_expect_init(rtp_exp, NF_CT_EXPECT_CLASS_DEFAULT,
+                         ct->tuplehash[!dir].tuple.src.l3num,
                          &ct->tuplehash[!dir].tuple.src.u3,
                          &ct->tuplehash[!dir].tuple.dst.u3,
                          IPPROTO_UDP, NULL, &rtp_port);
@@ -287,7 +288,8 @@ static int expect_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
                nf_ct_expect_put(rtp_exp);
                return -1;
        }
-       nf_ct_expect_init(rtcp_exp, ct->tuplehash[!dir].tuple.src.l3num,
+       nf_ct_expect_init(rtcp_exp, NF_CT_EXPECT_CLASS_DEFAULT,
+                         ct->tuplehash[!dir].tuple.src.l3num,
                          &ct->tuplehash[!dir].tuple.src.u3,
                          &ct->tuplehash[!dir].tuple.dst.u3,
                          IPPROTO_UDP, NULL, &rtcp_port);
@@ -344,7 +346,8 @@ static int expect_t120(struct sk_buff *skb,
        /* Create expect for T.120 connections */
        if ((exp = nf_ct_expect_alloc(ct)) == NULL)
                return -1;
-       nf_ct_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num,
+       nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT,
+                         ct->tuplehash[!dir].tuple.src.l3num,
                          &ct->tuplehash[!dir].tuple.src.u3,
                          &ct->tuplehash[!dir].tuple.dst.u3,
                          IPPROTO_TCP, NULL, &port);
@@ -612,13 +615,17 @@ static int h245_help(struct sk_buff *skb, unsigned int protoff,
 }
 
 /****************************************************************************/
+static const struct nf_conntrack_expect_policy h245_exp_policy = {
+       .max_expected   = H323_RTP_CHANNEL_MAX * 4 + 2 /* T.120 */,
+       .timeout        = 240,
+};
+
 static struct nf_conntrack_helper nf_conntrack_helper_h245 __read_mostly = {
        .name                   = "H.245",
        .me                     = THIS_MODULE,
-       .max_expected           = H323_RTP_CHANNEL_MAX * 4 + 2 /* T.120 */,
-       .timeout                = 240,
        .tuple.dst.protonum     = IPPROTO_UDP,
-       .help                   = h245_help
+       .help                   = h245_help,
+       .expect_policy          = &h245_exp_policy,
 };
 
 /****************************************************************************/
@@ -676,7 +683,8 @@ static int expect_h245(struct sk_buff *skb, struct nf_conn *ct,
        /* Create expect for h245 connection */
        if ((exp = nf_ct_expect_alloc(ct)) == NULL)
                return -1;
-       nf_ct_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num,
+       nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT,
+                         ct->tuplehash[!dir].tuple.src.l3num,
                          &ct->tuplehash[!dir].tuple.src.u3,
                          &ct->tuplehash[!dir].tuple.dst.u3,
                          IPPROTO_TCP, NULL, &port);
@@ -792,7 +800,8 @@ static int expect_callforwarding(struct sk_buff *skb,
        /* Create expect for the second call leg */
        if ((exp = nf_ct_expect_alloc(ct)) == NULL)
                return -1;
-       nf_ct_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num,
+       nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT,
+                         ct->tuplehash[!dir].tuple.src.l3num,
                          &ct->tuplehash[!dir].tuple.src.u3, &addr,
                          IPPROTO_TCP, NULL, &port);
        exp->helper = nf_conntrack_helper_q931;
@@ -1156,28 +1165,30 @@ static int q931_help(struct sk_buff *skb, unsigned int protoff,
 }
 
 /****************************************************************************/
+static const struct nf_conntrack_expect_policy q931_exp_policy = {
+       /* T.120 and H.245 */
+       .max_expected           = H323_RTP_CHANNEL_MAX * 4 + 4,
+       .timeout                = 240,
+};
+
 static struct nf_conntrack_helper nf_conntrack_helper_q931[] __read_mostly = {
        {
                .name                   = "Q.931",
                .me                     = THIS_MODULE,
-                                         /* T.120 and H.245 */
-               .max_expected           = H323_RTP_CHANNEL_MAX * 4 + 4,
-               .timeout                = 240,
                .tuple.src.l3num        = AF_INET,
                .tuple.src.u.tcp.port   = __constant_htons(Q931_PORT),
                .tuple.dst.protonum     = IPPROTO_TCP,
-               .help                   = q931_help
+               .help                   = q931_help,
+               .expect_policy          = &q931_exp_policy,
        },
        {
                .name                   = "Q.931",
                .me                     = THIS_MODULE,
-                                         /* T.120 and H.245 */
-               .max_expected           = H323_RTP_CHANNEL_MAX * 4 + 4,
-               .timeout                = 240,
                .tuple.src.l3num        = AF_INET6,
                .tuple.src.u.tcp.port   = __constant_htons(Q931_PORT),
                .tuple.dst.protonum     = IPPROTO_TCP,
-               .help                   = q931_help
+               .help                   = q931_help,
+               .expect_policy          = &q931_exp_policy,
        },
 };
 
@@ -1261,7 +1272,8 @@ static int expect_q931(struct sk_buff *skb, struct nf_conn *ct,
        /* Create expect for Q.931 */
        if ((exp = nf_ct_expect_alloc(ct)) == NULL)
                return -1;
-       nf_ct_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num,
+       nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT,
+                         ct->tuplehash[!dir].tuple.src.l3num,
                          gkrouted_only ? /* only accept calls from GK? */
                                &ct->tuplehash[!dir].tuple.src.u3 : NULL,
                          &ct->tuplehash[!dir].tuple.dst.u3,
@@ -1332,7 +1344,8 @@ static int process_gcf(struct sk_buff *skb, struct nf_conn *ct,
        /* Need new expect */
        if ((exp = nf_ct_expect_alloc(ct)) == NULL)
                return -1;
-       nf_ct_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num,
+       nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT,
+                         ct->tuplehash[!dir].tuple.src.l3num,
                          &ct->tuplehash[!dir].tuple.src.u3, &addr,
                          IPPROTO_UDP, NULL, &port);
        exp->helper = nf_conntrack_helper_ras;
@@ -1536,7 +1549,8 @@ static int process_acf(struct sk_buff *skb, struct nf_conn *ct,
        /* Need new expect */
        if ((exp = nf_ct_expect_alloc(ct)) == NULL)
                return -1;
-       nf_ct_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num,
+       nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT,
+                         ct->tuplehash[!dir].tuple.src.l3num,
                          &ct->tuplehash[!dir].tuple.src.u3, &addr,
                          IPPROTO_TCP, NULL, &port);
        exp->flags = NF_CT_EXPECT_PERMANENT;
@@ -1589,7 +1603,8 @@ static int process_lcf(struct sk_buff *skb, struct nf_conn *ct,
        /* Need new expect for call signal */
        if ((exp = nf_ct_expect_alloc(ct)) == NULL)
                return -1;
-       nf_ct_expect_init(exp, ct->tuplehash[!dir].tuple.src.l3num,
+       nf_ct_expect_init(exp, NF_CT_EXPECT_CLASS_DEFAULT,
+                         ct->tuplehash[!dir].tuple.src.l3num,
                          &ct->tuplehash[!dir].tuple.src.u3, &addr,
                          IPPROTO_TCP, NULL, &port);
        exp->flags = NF_CT_EXPECT_PERMANENT;
@@ -1728,26 +1743,29 @@ static int ras_help(struct sk_buff *skb, unsigned int protoff,
 }
 
 /****************************************************************************/
+static const struct nf_conntrack_expect_policy ras_exp_policy = {
+       .max_expected           = 32,
+       .timeout                = 240,
+};
+
 static struct nf_conntrack_helper nf_conntrack_helper_ras[] __read_mostly = {
        {
                .name                   = "RAS",
                .me                     = THIS_MODULE,
-               .max_expected           = 32,
-               .timeout                = 240,
                .tuple.src.l3num        = AF_INET,
                .tuple.src.u.udp.port   = __constant_htons(RAS_PORT),
                .tuple.dst.protonum     = IPPROTO_UDP,
                .help                   = ras_help,
+               .expect_policy          = &ras_exp_policy,
        },
        {
                .name                   = "RAS",
                .me                     = THIS_MODULE,
-               .max_expected           = 32,
-               .timeout                = 240,
                .tuple.src.l3num        = AF_INET6,
                .tuple.src.u.udp.port   = __constant_htons(RAS_PORT),
                .tuple.dst.protonum     = IPPROTO_UDP,
                .help                   = ras_help,
+               .expect_policy          = &ras_exp_policy,
        },
 };