Kernel/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-12 00:00:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

netfilter: nf_nat_ftp: remove (*mangle[]) array and functions, use %pI4

Browse Source 
These functions merely exist to format a buffer and call
nf_nat_mangle_tcp_packet.

Format the buffer and perform the call in nf_nat_ftp instead.

Use %pI4 for the IP address.

Saves ~600 bytes of text

old:
$ size net/ipv4/netfilter/nf_nat_ftp.o
   text	   data	    bss	    dec	    hex	filename
   2187	    160	    408	   2755	    ac3	net/ipv4/netfilter/nf_nat_ftp.o
new:
$ size net/ipv4/netfilter/nf_nat_ftp.o
   text    data     bss     dec     hex filename
   1532     112     288    1932     78c net/ipv4/netfilter/nf_nat_ftp.o

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
Joe Perches 2010-01-11 11:49:51 +01:00 committed by Patrick McHardy
parent 6f7edb4881
commit c299bd53aa
1 changed files with 35 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
net/ipv4/netfilter/nf_nat_ftp.c
View File

@ -27,76 +27,29 @@ MODULE_ALIAS("ip_nat_ftp");
/* FIXME: Time out? --RR */ /* FIXME: Time out? --RR */
static int static int nf_nat_ftp_fmt_cmd(enum nf_ct_ftp_type type,
mangle_rfc959_packet(struct sk_buff *skb, char *buffer, size_t buflen,
__be32 newip, __be32 addr, u16 port)
u_int16_t port,
unsigned int matchoff,
unsigned int matchlen,
struct nf_conn *ct,
enum ip_conntrack_info ctinfo)
{ {
char buffer[sizeof("nnn,nnn,nnn,nnn,nnn,nnn")]; switch (type) {
case NF_CT_FTP_PORT:
case NF_CT_FTP_PASV:
return snprintf(buffer, buflen, "%u,%u,%u,%u,%u,%u",
((unsigned char *)&addr)[0],
((unsigned char *)&addr)[1],
((unsigned char *)&addr)[2],
((unsigned char *)&addr)[3],
port >> 8,
port & 0xFF);
case NF_CT_FTP_EPRT:
return snprintf(buffer, buflen, "|1|%pI4|%u|", &addr, port);
case NF_CT_FTP_EPSV:
return snprintf(buffer, buflen, "|||%u|", port);
}
sprintf(buffer, "%u,%u,%u,%u,%u,%u", return 0;
NIPQUAD(newip), port>>8, port&0xFF);
pr_debug("calling nf_nat_mangle_tcp_packet\n");
return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
matchlen, buffer, strlen(buffer));
} }
/* |1|132.235.1.2|6275| */
static int
mangle_eprt_packet(struct sk_buff *skb,
__be32 newip,
u_int16_t port,
unsigned int matchoff,
unsigned int matchlen,
struct nf_conn *ct,
enum ip_conntrack_info ctinfo)
{
char buffer[sizeof("|1|255.255.255.255|65535|")];
sprintf(buffer, "|1|%u.%u.%u.%u|%u|", NIPQUAD(newip), port);
pr_debug("calling nf_nat_mangle_tcp_packet\n");
return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
matchlen, buffer, strlen(buffer));
}
/* |1|132.235.1.2|6275| */
static int
mangle_epsv_packet(struct sk_buff *skb,
__be32 newip,
u_int16_t port,
unsigned int matchoff,
unsigned int matchlen,
struct nf_conn *ct,
enum ip_conntrack_info ctinfo)
{
char buffer[sizeof("|||65535|")];
sprintf(buffer, "|||%u|", port);
pr_debug("calling nf_nat_mangle_tcp_packet\n");
return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
matchlen, buffer, strlen(buffer));
}
static int (*mangle[])(struct sk_buff *, __be32, u_int16_t,
unsigned int, unsigned int, struct nf_conn *,
enum ip_conntrack_info)
= {
[NF_CT_FTP_PORT] = mangle_rfc959_packet,
[NF_CT_FTP_PASV] = mangle_rfc959_packet,
[NF_CT_FTP_EPRT] = mangle_eprt_packet,
[NF_CT_FTP_EPSV] = mangle_epsv_packet
};
/* So, this packet has hit the connection tracking matching code. /* So, this packet has hit the connection tracking matching code.
Mangle it, and change the expectation to match the new version. */ Mangle it, and change the expectation to match the new version. */
static unsigned int nf_nat_ftp(struct sk_buff *skb, static unsigned int nf_nat_ftp(struct sk_buff *skb,
@ -110,6 +63,8 @@ static unsigned int nf_nat_ftp(struct sk_buff *skb,
u_int16_t port; u_int16_t port;
int dir = CTINFO2DIR(ctinfo); int dir = CTINFO2DIR(ctinfo);
struct nf_conn *ct = exp->master; struct nf_conn *ct = exp->master;
char buffer[sizeof("|1|255.255.255.255|65535|")];
unsigned int buflen;
pr_debug("FTP_NAT: type %i, off %u len %u\n", type, matchoff, matchlen); pr_debug("FTP_NAT: type %i, off %u len %u\n", type, matchoff, matchlen);
@ -132,11 +87,21 @@ static unsigned int nf_nat_ftp(struct sk_buff *skb,
if (port == 0) if (port == 0)
return NF_DROP; return NF_DROP;
if (!mangle[type](skb, newip, port, matchoff, matchlen, ct, ctinfo)) { buflen = nf_nat_ftp_fmt_cmd(type, buffer, sizeof(buffer), newip, port);
if (!buflen)
goto out;
pr_debug("calling nf_nat_mangle_tcp_packet\n");
if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
matchlen, buffer, buflen))
goto out;
return NF_ACCEPT;
out:
nf_ct_unexpect_related(exp); nf_ct_unexpect_related(exp);
return NF_DROP; return NF_DROP;
}
return NF_ACCEPT;
} }
static void __exit nf_nat_ftp_fini(void) static void __exit nf_nat_ftp_fini(void)