From: Jan Engelhardt <jengelh@inai.de>
Date: Mon, 23 Nov 2020 22:11:41 +0000 (+0100)
Subject: extensions: reduce number of arguments to send_reset functions
X-Git-Tag: v3.14~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9d5b2e2e0e1599f167260d2ff8e63d2d784a05a9;p=thirdparty%2Fxtables-addons.git

extensions: reduce number of arguments to send_reset functions
---

diff --git a/extensions/xt_DELUDE.c b/extensions/xt_DELUDE.c
index 6390f71..77bbfdd 100644
--- a/extensions/xt_DELUDE.c
+++ b/extensions/xt_DELUDE.c
@@ -25,8 +25,8 @@
 #include "compat_xtables.h"
 #define PFX KBUILD_MODNAME ": "
 
-static void delude_send_reset(struct net *net, struct sock *sk,
-    struct sk_buff *oldskb, unsigned int hook)
+static void delude_send_reset(struct sk_buff *oldskb,
+    const struct xt_action_param *par)
 {
 	struct tcphdr _otcph, *tcph;
 	const struct tcphdr *oth;
@@ -51,7 +51,8 @@ static void delude_send_reset(struct net *net, struct sock *sk,
 		return;
 
 	/* Check checksum */
-	if (nf_ip_checksum(oldskb, hook, ip_hdrlen(oldskb), IPPROTO_TCP))
+	if (nf_ip_checksum(oldskb, par->state->hook, ip_hdrlen(oldskb),
+	    IPPROTO_TCP))
 		return;
 
 	nskb = alloc_skb(sizeof(struct iphdr) + sizeof(struct tcphdr) +
@@ -108,20 +109,21 @@ static void delude_send_reset(struct net *net, struct sock *sk,
 	addr_type = RTN_UNSPEC;
 #ifdef CONFIG_BRIDGE_NETFILTER
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0)
-	if (hook != NF_INET_FORWARD || ((struct nf_bridge_info *)skb_ext_find(nskb, SKB_EXT_BRIDGE_NF) != NULL &&
+	if (par->state->hook != NF_INET_FORWARD ||
+	    ((struct nf_bridge_info *)skb_ext_find(nskb, SKB_EXT_BRIDGE_NF) != NULL &&
 	    ((struct nf_bridge_info *)skb_ext_find(nskb, SKB_EXT_BRIDGE_NF))->physoutdev))
 #else
-	if (hook != NF_INET_FORWARD || (nskb->nf_bridge != NULL &&
+	if (par->state->hook != NF_INET_FORWARD || (nskb->nf_bridge != NULL &&
 	    nskb->nf_bridge->physoutdev))
 #endif
 #else
-	if (hook != NF_INET_FORWARD)
+	if (par->state->hook != NF_INET_FORWARD)
 #endif
 		addr_type = RTN_LOCAL;
 
 	/* ip_route_me_harder expects skb->dst to be set */
 	skb_dst_set(nskb, dst_clone(skb_dst(oldskb)));
-	if (ip_route_me_harder(net, sk, nskb, addr_type))
+	if (ip_route_me_harder(par_net(par), par->state->sk, nskb, addr_type))
 		goto free_nskb;
 	else
 		niph = ip_hdr(nskb);
@@ -134,8 +136,7 @@ static void delude_send_reset(struct net *net, struct sock *sk,
 		goto free_nskb;
 
 	nf_ct_attach(nskb, oldskb);
-
-	ip_local_out(net, nskb->sk, nskb);
+	ip_local_out(par_net(par), nskb->sk, nskb);
 	return;
 
  free_nskb:
@@ -150,7 +151,7 @@ delude_tg(struct sk_buff *skb, const struct xt_action_param *par)
 	 * a problem, as that is supported since Linux 2.6.35. But since we do not
 	 * actually want to have a connection open, we are still going to drop it.
 	 */
-	delude_send_reset(par_net(par), par->state->sk, skb, par->state->hook);
+	delude_send_reset(skb, par);
 	return NF_DROP;
 }
 
diff --git a/extensions/xt_TARPIT.c b/extensions/xt_TARPIT.c
index 2deefb0..0b70dd9 100644
--- a/extensions/xt_TARPIT.c
+++ b/extensions/xt_TARPIT.c
@@ -170,8 +170,8 @@ static bool tarpit_generic(struct tcphdr *tcph, const struct tcphdr *oth,
 	return true;
 }
 
-static void tarpit_tcp4(struct net *net, struct sock *sk,
-    struct sk_buff *oldskb, unsigned int hook, unsigned int mode)
+static void tarpit_tcp4(const struct xt_action_param *par,
+    struct sk_buff *oldskb, unsigned int mode)
 {
 	struct tcphdr _otcph, *tcph;
 	const struct tcphdr *oth;
@@ -191,7 +191,8 @@ static void tarpit_tcp4(struct net *net, struct sock *sk,
 		return;
 
 	/* Check checksum. */
-	if (nf_ip_checksum(oldskb, hook, ip_hdrlen(oldskb), IPPROTO_TCP))
+	if (nf_ip_checksum(oldskb, par->state->hook, ip_hdrlen(oldskb),
+	    IPPROTO_TCP))
 		return;
 
 	/*
@@ -254,18 +255,19 @@ static void tarpit_tcp4(struct net *net, struct sock *sk,
 
 #ifdef CONFIG_BRIDGE_NETFILTER
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0)
-	if (hook != NF_INET_FORWARD || ((struct nf_bridge_info *)skb_ext_find(nskb, SKB_EXT_BRIDGE_NF) != NULL &&
+	if (par->state->hook != NF_INET_FORWARD ||
+	    ((struct nf_bridge_info *)skb_ext_find(nskb, SKB_EXT_BRIDGE_NF) != NULL &&
 	    ((struct nf_bridge_info *)skb_ext_find(nskb, SKB_EXT_BRIDGE_NF))->physoutdev))
 #else
-	if (hook != NF_INET_FORWARD || (nskb->nf_bridge != NULL &&
+	if (par->state->hook != NF_INET_FORWARD || (nskb->nf_bridge != NULL &&
 	    nskb->nf_bridge->physoutdev != NULL))
 #endif
 #else
-	if (hook != NF_INET_FORWARD)
+	if (par->state->hook != NF_INET_FORWARD)
 #endif
 		addr_type = RTN_LOCAL;
 
-	if (ip_route_me_harder(net, sk, nskb, addr_type) != 0)
+	if (ip_route_me_harder(par_net(par), par->state->sk, nskb, addr_type) != 0)
 		goto free_nskb;
 	else
 		niph = ip_hdr(nskb);
@@ -287,8 +289,8 @@ static void tarpit_tcp4(struct net *net, struct sock *sk,
 		goto free_nskb;
 
 	nf_ct_attach(nskb, oldskb);
-	NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, net, nskb->sk, nskb, NULL,
-		skb_dst(nskb)->dev, dst_output);
+	NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, par_net(par), nskb->sk, nskb,
+	        NULL, skb_dst(nskb)->dev, dst_output);
 	return;
 
  free_nskb:
@@ -296,8 +298,8 @@ static void tarpit_tcp4(struct net *net, struct sock *sk,
 }
 
 #ifdef WITH_IPV6
-static void tarpit_tcp6(struct net *net, struct sock *sock,
-    struct sk_buff *oldskb, unsigned int hook, unsigned int mode)
+static void tarpit_tcp6(const struct xt_action_param *par,
+    struct sk_buff *oldskb, unsigned int mode)
 {
 	struct sk_buff *nskb;
 	struct tcphdr *tcph, oth;
@@ -398,14 +400,14 @@ static void tarpit_tcp6(struct net *net, struct sock *sock,
 	              &ipv6_hdr(nskb)->daddr, sizeof(struct tcphdr),
 	              IPPROTO_TCP,
 	              csum_partial(tcph, sizeof(struct tcphdr), 0));
-	if (ip6_route_me_harder(net, nskb->sk, nskb))
+	if (ip6_route_me_harder(par_net(par), nskb->sk, nskb))
 		goto free_nskb;
 
 	nskb->ip_summed = CHECKSUM_NONE;
 
 	nf_ct_attach(nskb, oldskb);
-	NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, net, nskb->sk, nskb, NULL,
-	        skb_dst(nskb)->dev, dst_output);
+	NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, par_net(par), nskb->sk, nskb,
+	        NULL, skb_dst(nskb)->dev, dst_output);
 	return;
 
  free_nskb:
@@ -443,8 +445,7 @@ tarpit_tg4(struct sk_buff *skb, const struct xt_action_param *par)
 	/* We are not interested in fragments */
 	if (iph->frag_off & htons(IP_OFFSET))
 		return NF_DROP;
-	tarpit_tcp4(par_net(par), par->state->sk, skb, par->state->hook,
-	            info->variant);
+	tarpit_tcp4(par, skb, info->variant);
 	return NF_DROP;
 }
 
@@ -485,8 +486,7 @@ tarpit_tg6(struct sk_buff *skb, const struct xt_action_param *par)
 		pr_debug("addr is not unicast.\n");
 		return NF_DROP;
 	}
-	tarpit_tcp6(par_net(par), par->state->sk, skb, par->state->hook,
-	            info->variant);
+	tarpit_tcp6(par, skb, info->variant);
 	return NF_DROP;
 }
 #endif