netfilter: add more values to enum ip_conntrack_info
authorEric Dumazet <eric.dumazet@gmail.com>
Thu, 19 May 2011 13:44:27 +0000 (15:44 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Sun, 5 Jun 2011 23:35:10 +0000 (01:35 +0200)
Following error is raised (and other similar ones) :

net/ipv4/netfilter/nf_nat_standalone.c: In function ‘nf_nat_fn’:
net/ipv4/netfilter/nf_nat_standalone.c:119:2: warning: case value ‘4’
not in enumerated type ‘enum ip_conntrack_info’

gcc barfs on adding two enum values and getting a not enumerated
result :

case IP_CT_RELATED+IP_CT_IS_REPLY:

Add missing enum values

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: David Miller <davem@davemloft.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
16 files changed:
include/linux/netfilter/nf_conntrack_common.h
net/ipv4/netfilter/ipt_CLUSTERIP.c
net/ipv4/netfilter/ipt_MASQUERADE.c
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
net/ipv4/netfilter/nf_nat_core.c
net/ipv4/netfilter/nf_nat_rule.c
net/ipv4/netfilter/nf_nat_standalone.c
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
net/netfilter/nf_conntrack_core.c
net/netfilter/nf_conntrack_ftp.c
net/netfilter/nf_conntrack_h323_main.c
net/netfilter/nf_conntrack_irc.c
net/netfilter/nf_conntrack_pptp.c
net/netfilter/nf_conntrack_sane.c
net/netfilter/nf_conntrack_sip.c
net/netfilter/xt_socket.c

index 50cdc2559a5aa05a10e4d1115c48da7185a5e7bd..0d3dd66322ecbb24529303f6634f36e5ce6f390d 100644 (file)
@@ -18,6 +18,9 @@ enum ip_conntrack_info {
        /* >= this indicates reply direction */
        IP_CT_IS_REPLY,
 
+       IP_CT_ESTABLISHED_REPLY = IP_CT_ESTABLISHED + IP_CT_IS_REPLY,
+       IP_CT_RELATED_REPLY = IP_CT_RELATED + IP_CT_IS_REPLY,
+       IP_CT_NEW_REPLY = IP_CT_NEW + IP_CT_IS_REPLY,   
        /* Number of distinct IP_CT types (no NEW in reply dirn). */
        IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1
 };
index d609ac3cb9a450e69d47e4d5bdb7365347cbb46a..5c9e97c790172984b7d87bd2d2f40b61028184cc 100644 (file)
@@ -307,7 +307,7 @@ clusterip_tg(struct sk_buff *skb, const struct xt_action_param *par)
         * error messages (RELATED) and information requests (see below) */
        if (ip_hdr(skb)->protocol == IPPROTO_ICMP &&
            (ctinfo == IP_CT_RELATED ||
-            ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY))
+            ctinfo == IP_CT_RELATED_REPLY))
                return XT_CONTINUE;
 
        /* ip_conntrack_icmp guarantees us that we only have ICMP_ECHO,
@@ -321,12 +321,12 @@ clusterip_tg(struct sk_buff *skb, const struct xt_action_param *par)
                        ct->mark = hash;
                        break;
                case IP_CT_RELATED:
-               case IP_CT_RELATED+IP_CT_IS_REPLY:
+               case IP_CT_RELATED_REPLY:
                        /* FIXME: we don't handle expectations at the
                         * moment.  they can arrive on a different node than
                         * the master connection (e.g. FTP passive mode) */
                case IP_CT_ESTABLISHED:
-               case IP_CT_ESTABLISHED+IP_CT_IS_REPLY:
+               case IP_CT_ESTABLISHED_REPLY:
                        break;
                default:
                        break;
index d2ed9dc74ebc3c029e134295f4ed490f27af0ef6..9931152a78b54e4512bc95bbbe720258ebb44d09 100644 (file)
@@ -60,7 +60,7 @@ masquerade_tg(struct sk_buff *skb, const struct xt_action_param *par)
        nat = nfct_nat(ct);
 
        NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
-                           ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
+                           ctinfo == IP_CT_RELATED_REPLY));
 
        /* Source address is 0.0.0.0 - locally generated packet that is
         * probably not supposed to be masqueraded.
index 5a03c02af999a45ac7d3f9e403ea1c2d38bc0c5a..db10075dd88e4720e1ba97bf7365b424e2fb124b 100644 (file)
@@ -101,7 +101,7 @@ static unsigned int ipv4_confirm(unsigned int hooknum,
 
        /* This is where we call the helper: as the packet goes out. */
        ct = nf_ct_get(skb, &ctinfo);
-       if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)
+       if (!ct || ctinfo == IP_CT_RELATED_REPLY)
                goto out;
 
        help = nfct_help(ct);
index 9c71b2755ce3e4eea5331fe17a49ec1701dccf02..3346de5d94d009ffe3466ce61f1103d5f66a5ca2 100644 (file)
@@ -433,7 +433,7 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
 
        /* Must be RELATED */
        NF_CT_ASSERT(skb->nfctinfo == IP_CT_RELATED ||
-                    skb->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY);
+                    skb->nfctinfo == IP_CT_RELATED_REPLY);
 
        /* Redirects on non-null nats must be dropped, else they'll
           start talking to each other without our translation, and be
index 21c30426480b0d08cdc10a0257ee2f6ce736840f..733c9abc1cbd9ddb7c45a0b7ffae9d72f608ae62 100644 (file)
@@ -53,7 +53,7 @@ ipt_snat_target(struct sk_buff *skb, const struct xt_action_param *par)
 
        /* Connection must be valid and new. */
        NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
-                           ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
+                           ctinfo == IP_CT_RELATED_REPLY));
        NF_CT_ASSERT(par->out != NULL);
 
        return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_SRC);
index 7317bdf1d457544daeef7dc05dce0b3dc23f7a2a..483b76d042da5ad2836005ab1dad3d1c17727c61 100644 (file)
@@ -116,7 +116,7 @@ nf_nat_fn(unsigned int hooknum,
 
        switch (ctinfo) {
        case IP_CT_RELATED:
-       case IP_CT_RELATED+IP_CT_IS_REPLY:
+       case IP_CT_RELATED_REPLY:
                if (ip_hdr(skb)->protocol == IPPROTO_ICMP) {
                        if (!nf_nat_icmp_reply_translation(ct, ctinfo,
                                                           hooknum, skb))
@@ -144,7 +144,7 @@ nf_nat_fn(unsigned int hooknum,
        default:
                /* ESTABLISHED */
                NF_CT_ASSERT(ctinfo == IP_CT_ESTABLISHED ||
-                            ctinfo == (IP_CT_ESTABLISHED+IP_CT_IS_REPLY));
+                            ctinfo == IP_CT_ESTABLISHED_REPLY);
        }
 
        return nf_nat_packet(ct, ctinfo, hooknum, skb);
index c8af58b225620795af240156ae1e5b735fa78a2d..4111050a9fc524e0cd225aa81d5dfa4c4e166d06 100644 (file)
@@ -160,7 +160,7 @@ static unsigned int ipv6_confirm(unsigned int hooknum,
 
        /* This is where we call the helper: as the packet goes out. */
        ct = nf_ct_get(skb, &ctinfo);
-       if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)
+       if (!ct || ctinfo == IP_CT_RELATED_REPLY)
                goto out;
 
        help = nfct_help(ct);
index 2e1c11f784193b4b319b37f246cc8f7d6fded26b..0bd5689294034ca9d9d78341a26d50768fd457b8 100644 (file)
@@ -850,7 +850,7 @@ resolve_normal_ct(struct net *net, struct nf_conn *tmpl,
 
        /* It exists; we have (non-exclusive) reference. */
        if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY) {
-               *ctinfo = IP_CT_ESTABLISHED + IP_CT_IS_REPLY;
+               *ctinfo = IP_CT_ESTABLISHED_REPLY;
                /* Please set reply bit if this packet OK */
                *set_reply = 1;
        } else {
@@ -1143,7 +1143,7 @@ static void nf_conntrack_attach(struct sk_buff *nskb, struct sk_buff *skb)
        /* This ICMP is in reverse direction to the packet which caused it */
        ct = nf_ct_get(skb, &ctinfo);
        if (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL)
-               ctinfo = IP_CT_RELATED + IP_CT_IS_REPLY;
+               ctinfo = IP_CT_RELATED_REPLY;
        else
                ctinfo = IP_CT_RELATED;
 
index e17cb7c7dd8fda61efabf12d8cefb45c4c8d4a78..6f5801eac99923eaaa66e3dd8572678df0ac8ceb 100644 (file)
@@ -368,7 +368,7 @@ static int help(struct sk_buff *skb,
 
        /* Until there's been traffic both ways, don't look in packets. */
        if (ctinfo != IP_CT_ESTABLISHED &&
-           ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
+           ctinfo != IP_CT_ESTABLISHED_REPLY) {
                pr_debug("ftp: Conntrackinfo = %u\n", ctinfo);
                return NF_ACCEPT;
        }
index 18b2ce5c8ced1c82f5f4e3f41af1ed1e659079f9..f03c2d4539f6b8517530c899b2bc2419e4f80f88 100644 (file)
@@ -571,10 +571,9 @@ static int h245_help(struct sk_buff *skb, unsigned int protoff,
        int ret;
 
        /* Until there's been traffic both ways, don't look in packets. */
-       if (ctinfo != IP_CT_ESTABLISHED &&
-           ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
+       if (ctinfo != IP_CT_ESTABLISHED && ctinfo != IP_CT_ESTABLISHED_REPLY)
                return NF_ACCEPT;
-       }
+
        pr_debug("nf_ct_h245: skblen = %u\n", skb->len);
 
        spin_lock_bh(&nf_h323_lock);
@@ -1125,10 +1124,9 @@ static int q931_help(struct sk_buff *skb, unsigned int protoff,
        int ret;
 
        /* Until there's been traffic both ways, don't look in packets. */
-       if (ctinfo != IP_CT_ESTABLISHED &&
-           ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
+       if (ctinfo != IP_CT_ESTABLISHED && ctinfo != IP_CT_ESTABLISHED_REPLY)
                return NF_ACCEPT;
-       }
+
        pr_debug("nf_ct_q931: skblen = %u\n", skb->len);
 
        spin_lock_bh(&nf_h323_lock);
index b394aa318776447d243a2c95ed0aa0c86a754f4d..4f9390b98697e55ec00cd81c9c6d327a43e908d7 100644 (file)
@@ -125,8 +125,7 @@ static int help(struct sk_buff *skb, unsigned int protoff,
                return NF_ACCEPT;
 
        /* Until there's been traffic both ways, don't look in packets. */
-       if (ctinfo != IP_CT_ESTABLISHED &&
-           ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY)
+       if (ctinfo != IP_CT_ESTABLISHED && ctinfo != IP_CT_ESTABLISHED_REPLY)
                return NF_ACCEPT;
 
        /* Not a full tcp header? */
index 088944824e135f53c769477aa201888cd343e398..2fd4565144defa5221bef7e458253de3d7df787f 100644 (file)
@@ -519,8 +519,7 @@ conntrack_pptp_help(struct sk_buff *skb, unsigned int protoff,
        u_int16_t msg;
 
        /* don't do any tracking before tcp handshake complete */
-       if (ctinfo != IP_CT_ESTABLISHED &&
-           ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY)
+       if (ctinfo != IP_CT_ESTABLISHED && ctinfo != IP_CT_ESTABLISHED_REPLY)
                return NF_ACCEPT;
 
        nexthdr_off = protoff;
index d9e27734b2a223adab2f73b199431df97e022b70..8501823b3f9b0f4af53b1392e465bb0215dee11d 100644 (file)
@@ -78,7 +78,7 @@ static int help(struct sk_buff *skb,
        ct_sane_info = &nfct_help(ct)->help.ct_sane_info;
        /* Until there's been traffic both ways, don't look in packets. */
        if (ctinfo != IP_CT_ESTABLISHED &&
-           ctinfo != IP_CT_ESTABLISHED+IP_CT_IS_REPLY)
+           ctinfo != IP_CT_ESTABLISHED_REPLY)
                return NF_ACCEPT;
 
        /* Not a full tcp header? */
index cb5a285817827a0ad036adba9ea08a34a6147dff..93faf6a3a6379d5f8c4c9e52fcaf91cebdfabf66 100644 (file)
@@ -1423,7 +1423,7 @@ static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff,
        typeof(nf_nat_sip_seq_adjust_hook) nf_nat_sip_seq_adjust;
 
        if (ctinfo != IP_CT_ESTABLISHED &&
-           ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY)
+           ctinfo != IP_CT_ESTABLISHED_REPLY)
                return NF_ACCEPT;
 
        /* No Data ? */
index 9cc46356b5773058c0554931bc84866a14113f75..fe39f7e913dff490e948ca47b1ce6c14844013d6 100644 (file)
@@ -143,9 +143,9 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par,
        ct = nf_ct_get(skb, &ctinfo);
        if (ct && !nf_ct_is_untracked(ct) &&
            ((iph->protocol != IPPROTO_ICMP &&
-             ctinfo == IP_CT_IS_REPLY + IP_CT_ESTABLISHED) ||
+             ctinfo == IP_CT_ESTABLISHED_REPLY) ||
             (iph->protocol == IPPROTO_ICMP &&
-             ctinfo == IP_CT_IS_REPLY + IP_CT_RELATED)) &&
+             ctinfo == IP_CT_RELATED_REPLY)) &&
            (ct->status & IPS_SRC_NAT_DONE)) {
 
                daddr = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip;