In addition to the struct fwd_ports used by both UDP and TCP to track
port forwarding, UDP also included an 'rdelta' field, which contained the
reverse mapping of the main port map. This was used so that we could
properly direct reply packets to a forwarded packet where we change the
destination port. This has now been taken over by the flow table: reply
packets will match the flow of the originating packet, and that gives the
correct ports on the originating side.
So, eliminate the rdelta field, and with it struct udp_fwd_ports, which
now has no additional information over struct fwd_ports.
Signed-off-by: David Gibson <david(a)gibson.dropbear.id.au>
---
conf.c | 14 +++++++-------
fwd.c | 24 ++++++++++++------------
udp.c | 37 ++++++++-----------------------------
udp.h | 14 ++------------
4 files changed, 29 insertions(+), 60 deletions(-)
diff --git a/conf.c b/conf.c
index 94b3ed6f..d1891479 100644
--- a/conf.c
+++ b/conf.c
@@ -1248,7 +1248,7 @@ void conf(struct ctx *c, int argc, char **argv)
}
c->tcp.fwd_in.mode = c->tcp.fwd_out.mode = FWD_UNSET;
- c->udp.fwd_in.f.mode = c->udp.fwd_out.f.mode = FWD_UNSET;
+ c->udp.fwd_in.mode = c->udp.fwd_out.mode = FWD_UNSET;
do {
name = getopt_long(argc, argv, optstring, options, NULL);
@@ -1733,7 +1733,7 @@ void conf(struct ctx *c, int argc, char **argv)
if (name == 't')
conf_ports(c, name, optarg, &c->tcp.fwd_in);
else if (name == 'u')
- conf_ports(c, name, optarg, &c->udp.fwd_in.f);
+ conf_ports(c, name, optarg, &c->udp.fwd_in);
} while (name != -1);
if (c->mode == MODE_PASTA)
@@ -1768,7 +1768,7 @@ void conf(struct ctx *c, int argc, char **argv)
if (name == 'T')
conf_ports(c, name, optarg, &c->tcp.fwd_out);
else if (name == 'U')
- conf_ports(c, name, optarg, &c->udp.fwd_out.f);
+ conf_ports(c, name, optarg, &c->udp.fwd_out);
} while (name != -1);
if (!c->ifi4)
@@ -1795,10 +1795,10 @@ void conf(struct ctx *c, int argc, char **argv)
c->tcp.fwd_in.mode = fwd_default;
if (!c->tcp.fwd_out.mode)
c->tcp.fwd_out.mode = fwd_default;
- if (!c->udp.fwd_in.f.mode)
- c->udp.fwd_in.f.mode = fwd_default;
- if (!c->udp.fwd_out.f.mode)
- c->udp.fwd_out.f.mode = fwd_default;
+ if (!c->udp.fwd_in.mode)
+ c->udp.fwd_in.mode = fwd_default;
+ if (!c->udp.fwd_out.mode)
+ c->udp.fwd_out.mode = fwd_default;
fwd_scan_ports_init(c);
diff --git a/fwd.c b/fwd.c
index cd66eaee..69b0f535 100644
--- a/fwd.c
+++ b/fwd.c
@@ -129,18 +129,18 @@ void fwd_scan_ports_init(struct ctx *c)
c->tcp.fwd_in.scan4 = c->tcp.fwd_in.scan6 = -1;
c->tcp.fwd_out.scan4 = c->tcp.fwd_out.scan6 = -1;
- c->udp.fwd_in.f.scan4 = c->udp.fwd_in.f.scan6 = -1;
- c->udp.fwd_out.f.scan4 = c->udp.fwd_out.f.scan6 = -1;
+ c->udp.fwd_in.scan4 = c->udp.fwd_in.scan6 = -1;
+ c->udp.fwd_out.scan4 = c->udp.fwd_out.scan6 = -1;
if (c->tcp.fwd_in.mode == FWD_AUTO) {
c->tcp.fwd_in.scan4 = open_in_ns(c, "/proc/net/tcp", flags);
c->tcp.fwd_in.scan6 = open_in_ns(c, "/proc/net/tcp6", flags);
fwd_scan_ports_tcp(&c->tcp.fwd_in, &c->tcp.fwd_out);
}
- if (c->udp.fwd_in.f.mode == FWD_AUTO) {
- c->udp.fwd_in.f.scan4 = open_in_ns(c, "/proc/net/udp", flags);
- c->udp.fwd_in.f.scan6 = open_in_ns(c, "/proc/net/udp6", flags);
- fwd_scan_ports_udp(&c->udp.fwd_in.f, &c->udp.fwd_out.f,
+ if (c->udp.fwd_in.mode == FWD_AUTO) {
+ c->udp.fwd_in.scan4 = open_in_ns(c, "/proc/net/udp", flags);
+ c->udp.fwd_in.scan6 = open_in_ns(c, "/proc/net/udp6", flags);
+ fwd_scan_ports_udp(&c->udp.fwd_in, &c->udp.fwd_out,
&c->tcp.fwd_in, &c->tcp.fwd_out);
}
if (c->tcp.fwd_out.mode == FWD_AUTO) {
@@ -148,10 +148,10 @@ void fwd_scan_ports_init(struct ctx *c)
c->tcp.fwd_out.scan6 = open("/proc/net/tcp6", flags);
fwd_scan_ports_tcp(&c->tcp.fwd_out, &c->tcp.fwd_in);
}
- if (c->udp.fwd_out.f.mode == FWD_AUTO) {
- c->udp.fwd_out.f.scan4 = open("/proc/net/udp", flags);
- c->udp.fwd_out.f.scan6 = open("/proc/net/udp6", flags);
- fwd_scan_ports_udp(&c->udp.fwd_out.f, &c->udp.fwd_in.f,
+ if (c->udp.fwd_out.mode == FWD_AUTO) {
+ c->udp.fwd_out.scan4 = open("/proc/net/udp", flags);
+ c->udp.fwd_out.scan6 = open("/proc/net/udp6", flags);
+ fwd_scan_ports_udp(&c->udp.fwd_out, &c->udp.fwd_in,
&c->tcp.fwd_out, &c->tcp.fwd_in);
}
}
@@ -235,7 +235,7 @@ uint8_t fwd_nat_from_splice(const struct ctx *c, uint8_t proto,
if (proto == IPPROTO_TCP)
tgt->eport += c->tcp.fwd_out.delta[tgt->eport];
else if (proto == IPPROTO_UDP)
- tgt->eport += c->udp.fwd_out.f.delta[tgt->eport];
+ tgt->eport += c->udp.fwd_out.delta[tgt->eport];
/* Let the kernel pick a host side source port */
tgt->fport = 0;
@@ -264,7 +264,7 @@ uint8_t fwd_nat_from_host(const struct ctx *c, uint8_t proto,
if (proto == IPPROTO_TCP)
tgt->eport += c->tcp.fwd_in.delta[tgt->eport];
else if (proto == IPPROTO_UDP)
- tgt->eport += c->udp.fwd_in.f.delta[tgt->eport];
+ tgt->eport += c->udp.fwd_in.delta[tgt->eport];
if (c->mode == MODE_PASTA && inany_is_loopback(&ini->eaddr)
&&
(proto == IPPROTO_TCP || proto == IPPROTO_UDP)) {
diff --git a/udp.c b/udp.c
index 489e2095..c170b0be 100644
--- a/udp.c
+++ b/udp.c
@@ -261,24 +261,6 @@ void udp_portmap_clear(void)
}
}
-/**
- * udp_invert_portmap() - Compute reverse port translations for return packets
- * @fwd: Port forwarding configuration to compute reverse map for
- */
-static void udp_invert_portmap(struct udp_fwd_ports *fwd)
-{
- unsigned int i;
-
- static_assert(ARRAY_SIZE(fwd->f.delta) == ARRAY_SIZE(fwd->rdelta),
- "Forward and reverse delta arrays must have same size");
- for (i = 0; i < ARRAY_SIZE(fwd->f.delta); i++) {
- in_port_t delta = fwd->f.delta[i];
-
- if (delta)
- fwd->rdelta[i + delta] = NUM_PORTS - delta;
- }
-}
-
/**
* udp_update_l2_buf() - Update L2 buffers with Ethernet and IPv4 addresses
* @eth_d: Ethernet destination address, NULL if unchanged
@@ -751,9 +733,9 @@ void udp_buf_sock_handler(const struct ctx *c, union epoll_ref ref,
uint32_t eve
return;
if (ref.udp.pif == PIF_SPLICE)
- dstport += c->udp.fwd_out.f.delta[dstport];
+ dstport += c->udp.fwd_out.delta[dstport];
else if (ref.udp.pif == PIF_HOST)
- dstport += c->udp.fwd_in.f.delta[dstport];
+ dstport += c->udp.fwd_in.delta[dstport];
else
ASSERT(0);
@@ -1139,9 +1121,9 @@ static void udp_timer_one(struct ctx *c, int v6, enum udp_act_type
type,
static void udp_port_rebind(struct ctx *c, bool outbound)
{
const uint8_t *fmap
- = outbound ? c->udp.fwd_out.f.map : c->udp.fwd_in.f.map;
+ = outbound ? c->udp.fwd_out.map : c->udp.fwd_in.map;
const uint8_t *rmap
- = outbound ? c->udp.fwd_in.f.map : c->udp.fwd_out.f.map;
+ = outbound ? c->udp.fwd_in.map : c->udp.fwd_out.map;
struct udp_bound_port (*socks)[NUM_PORTS]
= outbound ? udp_splice_ns : udp_splice_init;
unsigned port;
@@ -1212,14 +1194,14 @@ void udp_timer(struct ctx *c, const struct timespec *now)
long *word, tmp;
if (c->mode == MODE_PASTA) {
- if (c->udp.fwd_out.f.mode == FWD_AUTO) {
- fwd_scan_ports_udp(&c->udp.fwd_out.f, &c->udp.fwd_in.f,
+ if (c->udp.fwd_out.mode == FWD_AUTO) {
+ fwd_scan_ports_udp(&c->udp.fwd_out, &c->udp.fwd_in,
&c->tcp.fwd_out, &c->tcp.fwd_in);
NS_CALL(udp_port_rebind_outbound, c);
}
- if (c->udp.fwd_in.f.mode == FWD_AUTO) {
- fwd_scan_ports_udp(&c->udp.fwd_in.f, &c->udp.fwd_out.f,
+ if (c->udp.fwd_in.mode == FWD_AUTO) {
+ fwd_scan_ports_udp(&c->udp.fwd_in, &c->udp.fwd_out,
&c->tcp.fwd_in, &c->tcp.fwd_out);
udp_port_rebind(c, false);
}
@@ -1256,9 +1238,6 @@ int udp_init(struct ctx *c)
{
udp_iov_init(c);
- udp_invert_portmap(&c->udp.fwd_in);
- udp_invert_portmap(&c->udp.fwd_out);
-
if (c->mode == MODE_PASTA) {
udp_splice_iov_init();
NS_CALL(udp_port_rebind_outbound, c);
diff --git a/udp.h b/udp.h
index d25e66cb..4ae65723 100644
--- a/udp.h
+++ b/udp.h
@@ -42,16 +42,6 @@ union udp_epoll_ref {
};
-/**
- * udp_fwd_ports - UDP specific port forwarding configuration
- * @f: Generic forwarding configuration
- * @rdelta: Reversed delta map to translate source ports on return packets
- */
-struct udp_fwd_ports {
- struct fwd_ports f;
- in_port_t rdelta[NUM_PORTS];
-};
-
/**
* struct udp_ctx - Execution context for UDP
* @fwd_in: Port forwarding configuration for inbound packets
@@ -59,8 +49,8 @@ struct udp_fwd_ports {
* @timer_run: Timestamp of most recent timer run
*/
struct udp_ctx {
- struct udp_fwd_ports fwd_in;
- struct udp_fwd_ports fwd_out;
+ struct fwd_ports fwd_in;
+ struct fwd_ports fwd_out;
struct timespec timer_run;
};
--
2.45.2