From bc1cb4b1140327dc69246907518c95da2d3f580d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Gr=C3=B6ber?= Date: Wed, 24 Jun 2020 15:30:03 +0200 Subject: conntrack: Move icmp request>reply type mapping to common file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently the invmap_icmp* arrays are duplicated in setter.c and grp_setter.c. This moves them to a new module 'proto'. Instead of having the code access the arrays directly we provide new wrapper functions __icmp{,v6}_reply_type. Signed-off-by: Daniel Gröber Signed-off-by: Pablo Neira Ayuso --- src/conntrack/Makefile.am | 3 ++- src/conntrack/grp_setter.c | 34 ++-------------------------------- src/conntrack/proto.c | 36 ++++++++++++++++++++++++++++++++++++ src/conntrack/setter.c | 34 ++-------------------------------- 4 files changed, 42 insertions(+), 65 deletions(-) create mode 100644 src/conntrack/proto.c (limited to 'src') diff --git a/src/conntrack/Makefile.am b/src/conntrack/Makefile.am index 602ed33..1fbf176 100644 --- a/src/conntrack/Makefile.am +++ b/src/conntrack/Makefile.am @@ -14,4 +14,5 @@ libnfconntrack_la_SOURCES = api.c \ copy.c \ filter.c bsf.c filter_dump.c \ grp.c grp_getter.c grp_setter.c \ - stack.c + stack.c \ + proto.c diff --git a/src/conntrack/grp_setter.c b/src/conntrack/grp_setter.c index 4f0125b..9bcf19e 100644 --- a/src/conntrack/grp_setter.c +++ b/src/conntrack/grp_setter.c @@ -8,34 +8,6 @@ */ #include "internal/internal.h" -#include -#include - -static const uint8_t invmap_icmp[] = { - [ICMP_ECHO] = ICMP_ECHOREPLY + 1, - [ICMP_ECHOREPLY] = ICMP_ECHO + 1, - [ICMP_TIMESTAMP] = ICMP_TIMESTAMPREPLY + 1, - [ICMP_TIMESTAMPREPLY] = ICMP_TIMESTAMP + 1, - [ICMP_INFO_REQUEST] = ICMP_INFO_REPLY + 1, - [ICMP_INFO_REPLY] = ICMP_INFO_REQUEST + 1, - [ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1, - [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1 -}; - -#ifndef ICMPV6_NI_QUERY -#define ICMPV6_NI_QUERY 139 -#endif - -#ifndef ICMPV6_NI_REPLY -#define ICMPV6_NI_REPLY 140 -#endif - -static const uint8_t invmap_icmpv6[] = { - [ICMPV6_ECHO_REQUEST - 128] = ICMPV6_ECHO_REPLY + 1, - [ICMPV6_ECHO_REPLY - 128] = ICMPV6_ECHO_REQUEST + 1, - [ICMPV6_NI_QUERY - 128] = ICMPV6_NI_QUERY + 1, - [ICMPV6_NI_REPLY - 128] = ICMPV6_NI_REPLY + 1 -}; static void set_attr_grp_orig_ipv4(struct nf_conntrack *ct, const void *value) { @@ -92,13 +64,11 @@ static void set_attr_grp_icmp(struct nf_conntrack *ct, const void *value) switch(ct->head.orig.l3protonum) { case AF_INET: - if (this->type < ARRAY_SIZE(invmap_icmp)) - rtype = invmap_icmp[this->type]; + rtype = __icmp_reply_type(this->type); break; case AF_INET6: - if (this->type - 128 < ARRAY_SIZE(invmap_icmp)) - rtype = invmap_icmpv6[this->type - 128]; + rtype = __icmpv6_reply_type(this->type); break; default: diff --git a/src/conntrack/proto.c b/src/conntrack/proto.c new file mode 100644 index 0000000..ba79b9b --- /dev/null +++ b/src/conntrack/proto.c @@ -0,0 +1,36 @@ +#include +#include + +static const uint8_t invmap_icmp[] = { + [ICMP_ECHO] = ICMP_ECHOREPLY + 1, + [ICMP_ECHOREPLY] = ICMP_ECHO + 1, + [ICMP_TIMESTAMP] = ICMP_TIMESTAMPREPLY + 1, + [ICMP_TIMESTAMPREPLY] = ICMP_TIMESTAMP + 1, + [ICMP_INFO_REQUEST] = ICMP_INFO_REPLY + 1, + [ICMP_INFO_REPLY] = ICMP_INFO_REQUEST + 1, + [ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1, + [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1 +}; + +static const uint8_t invmap_icmpv6[] = { + [ICMPV6_ECHO_REQUEST - 128] = ICMPV6_ECHO_REPLY + 1, + [ICMPV6_ECHO_REPLY - 128] = ICMPV6_ECHO_REQUEST + 1, + [ICMPV6_NI_QUERY - 128] = ICMPV6_NI_QUERY + 1, + [ICMPV6_NI_REPLY - 128] = ICMPV6_NI_REPLY + 1 +}; + +uint8_t __icmp_reply_type(uint8_t type) +{ + if (type < ARRAY_SIZE(invmap_icmp)) + return invmap_icmp[type]; + + return 0; +} + +uint8_t __icmpv6_reply_type(uint8_t type) +{ + if (type - 128 < ARRAY_SIZE(invmap_icmpv6)) + return invmap_icmpv6[type - 128]; + + return 0; +} diff --git a/src/conntrack/setter.c b/src/conntrack/setter.c index 1d3b971..cee81f1 100644 --- a/src/conntrack/setter.c +++ b/src/conntrack/setter.c @@ -8,34 +8,6 @@ */ #include "internal/internal.h" -#include -#include - -static const uint8_t invmap_icmp[] = { - [ICMP_ECHO] = ICMP_ECHOREPLY + 1, - [ICMP_ECHOREPLY] = ICMP_ECHO + 1, - [ICMP_TIMESTAMP] = ICMP_TIMESTAMPREPLY + 1, - [ICMP_TIMESTAMPREPLY] = ICMP_TIMESTAMP + 1, - [ICMP_INFO_REQUEST] = ICMP_INFO_REPLY + 1, - [ICMP_INFO_REPLY] = ICMP_INFO_REQUEST + 1, - [ICMP_ADDRESS] = ICMP_ADDRESSREPLY + 1, - [ICMP_ADDRESSREPLY] = ICMP_ADDRESS + 1 -}; - -#ifndef ICMPV6_NI_QUERY -#define ICMPV6_NI_QUERY 139 -#endif - -#ifndef ICMPV6_NI_REPLY -#define ICMPV6_NI_REPLY 140 -#endif - -static const uint8_t invmap_icmpv6[] = { - [ICMPV6_ECHO_REQUEST - 128] = ICMPV6_ECHO_REPLY + 1, - [ICMPV6_ECHO_REPLY - 128] = ICMPV6_ECHO_REQUEST + 1, - [ICMPV6_NI_QUERY - 128] = ICMPV6_NI_QUERY + 1, - [ICMPV6_NI_REPLY - 128] = ICMPV6_NI_REPLY + 1 -}; static void set_attr_orig_ipv4_src(struct nf_conntrack *ct, const void *value, size_t len) @@ -131,13 +103,11 @@ set_attr_icmp_type(struct nf_conntrack *ct, const void *value, size_t len) switch(ct->head.orig.l3protonum) { case AF_INET: - if (type < ARRAY_SIZE(invmap_icmp)) - rtype = invmap_icmp[type]; + rtype = __icmp_reply_type(type); break; case AF_INET6: - if (type - 128 < ARRAY_SIZE(invmap_icmpv6)) - rtype = invmap_icmpv6[type - 128]; + rtype = __icmpv6_reply_type(type); break; default: -- cgit v1.2.3