diff options
-rw-r--r-- | net/netfilter/nf_conntrack_proto_sctp.c | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c index 84e37e92b76..fdabef56bf1 100644 --- a/net/netfilter/nf_conntrack_proto_sctp.c +++ b/net/netfilter/nf_conntrack_proto_sctp.c @@ -300,6 +300,7 @@ static int sctp_packet(struct nf_conn *ct, unsigned int hooknum) { enum sctp_conntrack newconntrack, oldsctpstate; + enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); sctp_sctphdr_t _sctph, *sh; sctp_chunkhdr_t _sch, *sch; u_int32_t offset, count; @@ -318,7 +319,7 @@ static int sctp_packet(struct nf_conn *ct, !test_bit(SCTP_CID_COOKIE_ECHO, map) && !test_bit(SCTP_CID_ABORT, map) && !test_bit(SCTP_CID_SHUTDOWN_ACK, map) && - sh->vtag != ct->proto.sctp.vtag[CTINFO2DIR(ctinfo)]) { + sh->vtag != ct->proto.sctp.vtag[dir]) { pr_debug("Verification tag check failed\n"); return -1; } @@ -336,35 +337,35 @@ static int sctp_packet(struct nf_conn *ct, } } else if (sch->type == SCTP_CID_ABORT) { /* Sec 8.5.1 (B) */ - if (sh->vtag != ct->proto.sctp.vtag[CTINFO2DIR(ctinfo)] && - sh->vtag != ct->proto.sctp.vtag[1 - CTINFO2DIR(ctinfo)]) { + if (sh->vtag != ct->proto.sctp.vtag[dir] && + sh->vtag != ct->proto.sctp.vtag[!dir]) { write_unlock_bh(&sctp_lock); return -1; } } else if (sch->type == SCTP_CID_SHUTDOWN_COMPLETE) { /* Sec 8.5.1 (C) */ - if (sh->vtag != ct->proto.sctp.vtag[CTINFO2DIR(ctinfo)] && - sh->vtag != ct->proto.sctp.vtag[1 - CTINFO2DIR(ctinfo)] && + if (sh->vtag != ct->proto.sctp.vtag[dir] && + sh->vtag != ct->proto.sctp.vtag[!dir] && (sch->flags & 1)) { write_unlock_bh(&sctp_lock); return -1; } } else if (sch->type == SCTP_CID_COOKIE_ECHO) { /* Sec 8.5.1 (D) */ - if (sh->vtag != ct->proto.sctp.vtag[CTINFO2DIR(ctinfo)]) { + if (sh->vtag != ct->proto.sctp.vtag[dir]) { write_unlock_bh(&sctp_lock); return -1; } } oldsctpstate = ct->proto.sctp.state; - newconntrack = new_state(CTINFO2DIR(ctinfo), oldsctpstate, sch->type); + newconntrack = new_state(dir, oldsctpstate, sch->type); /* Invalid */ if (newconntrack == SCTP_CONNTRACK_MAX) { pr_debug("nf_conntrack_sctp: Invalid dir=%i ctype=%u " "conntrack=%u\n", - CTINFO2DIR(ctinfo), sch->type, oldsctpstate); + dir, sch->type, oldsctpstate); write_unlock_bh(&sctp_lock); return -1; } @@ -381,8 +382,8 @@ static int sctp_packet(struct nf_conn *ct, return -1; } pr_debug("Setting vtag %x for dir %d\n", - ih->init_tag, !CTINFO2DIR(ctinfo)); - ct->proto.sctp.vtag[!CTINFO2DIR(ctinfo)] = ih->init_tag; + ih->init_tag, !dir); + ct->proto.sctp.vtag[!dir] = ih->init_tag; } ct->proto.sctp.state = newconntrack; @@ -394,7 +395,7 @@ static int sctp_packet(struct nf_conn *ct, nf_ct_refresh_acct(ct, ctinfo, skb, *sctp_timeouts[newconntrack]); if (oldsctpstate == SCTP_CONNTRACK_COOKIE_ECHOED && - CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY && + dir == IP_CT_DIR_REPLY && newconntrack == SCTP_CONNTRACK_ESTABLISHED) { pr_debug("Setting assured bit\n"); set_bit(IPS_ASSURED_BIT, &ct->status); |