netfilter: netns nf_conntrack: per-netns expectations

[mirror_ubuntu-zesty-kernel.git] / net / netfilter / nf_conntrack_h323_main.c

diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c
index 95da1a24aab786e31eecd1a983a67faa81b44de0..dfb826c973d947b1f2a9763ec51a77511c7c6b0f 100644 (file)
--- a/net/netfilter/nf_conntrack_h323_main.c
+++ b/net/netfilter/nf_conntrack_h323_main.c
@@ -619,6 +619,7 @@ static const struct nf_conntrack_expect_policy h245_exp_policy = {
 static struct nf_conntrack_helper nf_conntrack_helper_h245 __read_mostly = {
        .name                   = "H.245",
        .me                     = THIS_MODULE,
+       .tuple.src.l3num        = AF_UNSPEC,
        .tuple.dst.protonum     = IPPROTO_UDP,
        .help                   = h245_help,
        .expect_policy          = &h245_exp_policy,
@@ -708,7 +709,8 @@ static int expect_h245(struct sk_buff *skb, struct nf_conn *ct,
 /* If the calling party is on the same side of the forward-to party,
  * we don't need to track the second call */
 static int callforward_do_filter(const union nf_inet_addr *src,
-                                 const union nf_inet_addr *dst, int family)
+                                const union nf_inet_addr *dst,
+                                u_int8_t family)
 {
        const struct nf_afinfo *afinfo;
        struct flowi fl1, fl2;
@@ -1217,7 +1219,7 @@ static struct nf_conntrack_expect *find_expect(struct nf_conn *ct,
        tuple.dst.u.tcp.port = port;
        tuple.dst.protonum = IPPROTO_TCP;
 
-       exp = __nf_ct_expect_find(&tuple);
+       exp = __nf_ct_expect_find(&init_net, &tuple);
        if (exp && exp->master == ct)
                return exp;
        return NULL;
@@ -1765,6 +1767,7 @@ static void __exit nf_conntrack_h323_fini(void)
        nf_conntrack_helper_unregister(&nf_conntrack_helper_ras[0]);
        nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[1]);
        nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[0]);
+       nf_conntrack_helper_unregister(&nf_conntrack_helper_h245);
        kfree(h323_buffer);
        pr_debug("nf_ct_h323: fini\n");
 }
@@ -1777,28 +1780,34 @@ static int __init nf_conntrack_h323_init(void)
        h323_buffer = kmalloc(65536, GFP_KERNEL);
        if (!h323_buffer)
                return -ENOMEM;
-       ret = nf_conntrack_helper_register(&nf_conntrack_helper_q931[0]);
+       ret = nf_conntrack_helper_register(&nf_conntrack_helper_h245);
        if (ret < 0)
                goto err1;
-       ret = nf_conntrack_helper_register(&nf_conntrack_helper_q931[1]);
+       ret = nf_conntrack_helper_register(&nf_conntrack_helper_q931[0]);
        if (ret < 0)
                goto err2;
-       ret = nf_conntrack_helper_register(&nf_conntrack_helper_ras[0]);
+       ret = nf_conntrack_helper_register(&nf_conntrack_helper_q931[1]);
        if (ret < 0)
                goto err3;
-       ret = nf_conntrack_helper_register(&nf_conntrack_helper_ras[1]);
+       ret = nf_conntrack_helper_register(&nf_conntrack_helper_ras[0]);
        if (ret < 0)
                goto err4;
+       ret = nf_conntrack_helper_register(&nf_conntrack_helper_ras[1]);
+       if (ret < 0)
+               goto err5;
        pr_debug("nf_ct_h323: init success\n");
        return 0;
 
-err4:
+err5:
        nf_conntrack_helper_unregister(&nf_conntrack_helper_ras[0]);
-err3:
+err4:
        nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[1]);
-err2:
+err3:
        nf_conntrack_helper_unregister(&nf_conntrack_helper_q931[0]);
+err2:
+       nf_conntrack_helper_unregister(&nf_conntrack_helper_h245);
 err1:
+       kfree(h323_buffer);
        return ret;
 }