diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2007-10-15 03:53:15 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-15 15:26:29 -0400 |
commit | 3db05fea51cdb162cfa8f69e9cfb9e228919d2a9 (patch) | |
tree | 0d0e4c18cdf2dcb7321035f6614628a2ddfb502d /net | |
parent | 2ca7b0ac022aa0158599178fe1056b1ba9ec8b97 (diff) |
[NETFILTER]: Replace sk_buff ** with sk_buff *
With all the users of the double pointers removed, this patch mops up by
finally replacing all occurances of sk_buff ** in the netfilter API by
sk_buff *.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
93 files changed, 858 insertions, 894 deletions
diff --git a/net/bridge/br.c b/net/bridge/br.c index 848b8fa8bed..93867bb6cc9 100644 --- a/net/bridge/br.c +++ b/net/bridge/br.c | |||
@@ -23,7 +23,7 @@ | |||
23 | 23 | ||
24 | #include "br_private.h" | 24 | #include "br_private.h" |
25 | 25 | ||
26 | int (*br_should_route_hook) (struct sk_buff **pskb) = NULL; | 26 | int (*br_should_route_hook)(struct sk_buff *skb); |
27 | 27 | ||
28 | static struct llc_sap *br_stp_sap; | 28 | static struct llc_sap *br_stp_sap; |
29 | 29 | ||
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index f8e0a2fa796..3cedd4eeeed 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c | |||
@@ -149,7 +149,7 @@ struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb) | |||
149 | case BR_STATE_FORWARDING: | 149 | case BR_STATE_FORWARDING: |
150 | 150 | ||
151 | if (br_should_route_hook) { | 151 | if (br_should_route_hook) { |
152 | if (br_should_route_hook(&skb)) | 152 | if (br_should_route_hook(skb)) |
153 | return skb; | 153 | return skb; |
154 | dest = eth_hdr(skb)->h_dest; | 154 | dest = eth_hdr(skb)->h_dest; |
155 | } | 155 | } |
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 8245f051ccb..246bf23a877 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c | |||
@@ -503,13 +503,12 @@ inhdr_error: | |||
503 | * receiving device) to make netfilter happy, the REDIRECT | 503 | * receiving device) to make netfilter happy, the REDIRECT |
504 | * target in particular. Save the original destination IP | 504 | * target in particular. Save the original destination IP |
505 | * address to be able to detect DNAT afterwards. */ | 505 | * address to be able to detect DNAT afterwards. */ |
506 | static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb, | 506 | static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb, |
507 | const struct net_device *in, | 507 | const struct net_device *in, |
508 | const struct net_device *out, | 508 | const struct net_device *out, |
509 | int (*okfn)(struct sk_buff *)) | 509 | int (*okfn)(struct sk_buff *)) |
510 | { | 510 | { |
511 | struct iphdr *iph; | 511 | struct iphdr *iph; |
512 | struct sk_buff *skb = *pskb; | ||
513 | __u32 len = nf_bridge_encap_header_len(skb); | 512 | __u32 len = nf_bridge_encap_header_len(skb); |
514 | 513 | ||
515 | if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) | 514 | if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) |
@@ -584,13 +583,11 @@ out: | |||
584 | * took place when the packet entered the bridge), but we | 583 | * took place when the packet entered the bridge), but we |
585 | * register an IPv4 PRE_ROUTING 'sabotage' hook that will | 584 | * register an IPv4 PRE_ROUTING 'sabotage' hook that will |
586 | * prevent this from happening. */ | 585 | * prevent this from happening. */ |
587 | static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff **pskb, | 586 | static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff *skb, |
588 | const struct net_device *in, | 587 | const struct net_device *in, |
589 | const struct net_device *out, | 588 | const struct net_device *out, |
590 | int (*okfn)(struct sk_buff *)) | 589 | int (*okfn)(struct sk_buff *)) |
591 | { | 590 | { |
592 | struct sk_buff *skb = *pskb; | ||
593 | |||
594 | if (skb->dst == (struct dst_entry *)&__fake_rtable) { | 591 | if (skb->dst == (struct dst_entry *)&__fake_rtable) { |
595 | dst_release(skb->dst); | 592 | dst_release(skb->dst); |
596 | skb->dst = NULL; | 593 | skb->dst = NULL; |
@@ -625,12 +622,11 @@ static int br_nf_forward_finish(struct sk_buff *skb) | |||
625 | * but we are still able to filter on the 'real' indev/outdev | 622 | * but we are still able to filter on the 'real' indev/outdev |
626 | * because of the physdev module. For ARP, indev and outdev are the | 623 | * because of the physdev module. For ARP, indev and outdev are the |
627 | * bridge ports. */ | 624 | * bridge ports. */ |
628 | static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb, | 625 | static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff *skb, |
629 | const struct net_device *in, | 626 | const struct net_device *in, |
630 | const struct net_device *out, | 627 | const struct net_device *out, |
631 | int (*okfn)(struct sk_buff *)) | 628 | int (*okfn)(struct sk_buff *)) |
632 | { | 629 | { |
633 | struct sk_buff *skb = *pskb; | ||
634 | struct nf_bridge_info *nf_bridge; | 630 | struct nf_bridge_info *nf_bridge; |
635 | struct net_device *parent; | 631 | struct net_device *parent; |
636 | int pf; | 632 | int pf; |
@@ -648,7 +644,7 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb, | |||
648 | else | 644 | else |
649 | pf = PF_INET6; | 645 | pf = PF_INET6; |
650 | 646 | ||
651 | nf_bridge_pull_encap_header(*pskb); | 647 | nf_bridge_pull_encap_header(skb); |
652 | 648 | ||
653 | nf_bridge = skb->nf_bridge; | 649 | nf_bridge = skb->nf_bridge; |
654 | if (skb->pkt_type == PACKET_OTHERHOST) { | 650 | if (skb->pkt_type == PACKET_OTHERHOST) { |
@@ -666,12 +662,11 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb, | |||
666 | return NF_STOLEN; | 662 | return NF_STOLEN; |
667 | } | 663 | } |
668 | 664 | ||
669 | static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb, | 665 | static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff *skb, |
670 | const struct net_device *in, | 666 | const struct net_device *in, |
671 | const struct net_device *out, | 667 | const struct net_device *out, |
672 | int (*okfn)(struct sk_buff *)) | 668 | int (*okfn)(struct sk_buff *)) |
673 | { | 669 | { |
674 | struct sk_buff *skb = *pskb; | ||
675 | struct net_device **d = (struct net_device **)(skb->cb); | 670 | struct net_device **d = (struct net_device **)(skb->cb); |
676 | 671 | ||
677 | #ifdef CONFIG_SYSCTL | 672 | #ifdef CONFIG_SYSCTL |
@@ -682,12 +677,12 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb, | |||
682 | if (skb->protocol != htons(ETH_P_ARP)) { | 677 | if (skb->protocol != htons(ETH_P_ARP)) { |
683 | if (!IS_VLAN_ARP(skb)) | 678 | if (!IS_VLAN_ARP(skb)) |
684 | return NF_ACCEPT; | 679 | return NF_ACCEPT; |
685 | nf_bridge_pull_encap_header(*pskb); | 680 | nf_bridge_pull_encap_header(skb); |
686 | } | 681 | } |
687 | 682 | ||
688 | if (arp_hdr(skb)->ar_pln != 4) { | 683 | if (arp_hdr(skb)->ar_pln != 4) { |
689 | if (IS_VLAN_ARP(skb)) | 684 | if (IS_VLAN_ARP(skb)) |
690 | nf_bridge_push_encap_header(*pskb); | 685 | nf_bridge_push_encap_header(skb); |
691 | return NF_ACCEPT; | 686 | return NF_ACCEPT; |
692 | } | 687 | } |
693 | *d = (struct net_device *)in; | 688 | *d = (struct net_device *)in; |
@@ -709,13 +704,12 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb, | |||
709 | * NF_BR_PRI_FIRST, so no relevant PF_BRIDGE/INPUT functions have been nor | 704 | * NF_BR_PRI_FIRST, so no relevant PF_BRIDGE/INPUT functions have been nor |
710 | * will be executed. | 705 | * will be executed. |
711 | */ | 706 | */ |
712 | static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff **pskb, | 707 | static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff *skb, |
713 | const struct net_device *in, | 708 | const struct net_device *in, |
714 | const struct net_device *out, | 709 | const struct net_device *out, |
715 | int (*okfn)(struct sk_buff *)) | 710 | int (*okfn)(struct sk_buff *)) |
716 | { | 711 | { |
717 | struct net_device *realindev; | 712 | struct net_device *realindev; |
718 | struct sk_buff *skb = *pskb; | ||
719 | struct nf_bridge_info *nf_bridge; | 713 | struct nf_bridge_info *nf_bridge; |
720 | 714 | ||
721 | if (!skb->nf_bridge) | 715 | if (!skb->nf_bridge) |
@@ -752,13 +746,12 @@ static int br_nf_dev_queue_xmit(struct sk_buff *skb) | |||
752 | } | 746 | } |
753 | 747 | ||
754 | /* PF_BRIDGE/POST_ROUTING ********************************************/ | 748 | /* PF_BRIDGE/POST_ROUTING ********************************************/ |
755 | static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb, | 749 | static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb, |
756 | const struct net_device *in, | 750 | const struct net_device *in, |
757 | const struct net_device *out, | 751 | const struct net_device *out, |
758 | int (*okfn)(struct sk_buff *)) | 752 | int (*okfn)(struct sk_buff *)) |
759 | { | 753 | { |
760 | struct sk_buff *skb = *pskb; | 754 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; |
761 | struct nf_bridge_info *nf_bridge = (*pskb)->nf_bridge; | ||
762 | struct net_device *realoutdev = bridge_parent(skb->dev); | 755 | struct net_device *realoutdev = bridge_parent(skb->dev); |
763 | int pf; | 756 | int pf; |
764 | 757 | ||
@@ -828,13 +821,13 @@ print_error: | |||
828 | /* IP/SABOTAGE *****************************************************/ | 821 | /* IP/SABOTAGE *****************************************************/ |
829 | /* Don't hand locally destined packets to PF_INET(6)/PRE_ROUTING | 822 | /* Don't hand locally destined packets to PF_INET(6)/PRE_ROUTING |
830 | * for the second time. */ | 823 | * for the second time. */ |
831 | static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff **pskb, | 824 | static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff *skb, |
832 | const struct net_device *in, | 825 | const struct net_device *in, |
833 | const struct net_device *out, | 826 | const struct net_device *out, |
834 | int (*okfn)(struct sk_buff *)) | 827 | int (*okfn)(struct sk_buff *)) |
835 | { | 828 | { |
836 | if ((*pskb)->nf_bridge && | 829 | if (skb->nf_bridge && |
837 | !((*pskb)->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)) { | 830 | !(skb->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)) { |
838 | return NF_STOP; | 831 | return NF_STOP; |
839 | } | 832 | } |
840 | 833 | ||
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c index ffe468a632e..48a80e42328 100644 --- a/net/bridge/netfilter/ebt_arpreply.c +++ b/net/bridge/netfilter/ebt_arpreply.c | |||
@@ -15,7 +15,7 @@ | |||
15 | #include <net/arp.h> | 15 | #include <net/arp.h> |
16 | #include <linux/module.h> | 16 | #include <linux/module.h> |
17 | 17 | ||
18 | static int ebt_target_reply(struct sk_buff **pskb, unsigned int hooknr, | 18 | static int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr, |
19 | const struct net_device *in, const struct net_device *out, | 19 | const struct net_device *in, const struct net_device *out, |
20 | const void *data, unsigned int datalen) | 20 | const void *data, unsigned int datalen) |
21 | { | 21 | { |
@@ -23,7 +23,6 @@ static int ebt_target_reply(struct sk_buff **pskb, unsigned int hooknr, | |||
23 | __be32 _sip, *siptr, _dip, *diptr; | 23 | __be32 _sip, *siptr, _dip, *diptr; |
24 | struct arphdr _ah, *ap; | 24 | struct arphdr _ah, *ap; |
25 | unsigned char _sha[ETH_ALEN], *shp; | 25 | unsigned char _sha[ETH_ALEN], *shp; |
26 | struct sk_buff *skb = *pskb; | ||
27 | 26 | ||
28 | ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah); | 27 | ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah); |
29 | if (ap == NULL) | 28 | if (ap == NULL) |
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c index 9d74dee20ab..74262e9a566 100644 --- a/net/bridge/netfilter/ebt_dnat.c +++ b/net/bridge/netfilter/ebt_dnat.c | |||
@@ -14,16 +14,16 @@ | |||
14 | #include <linux/module.h> | 14 | #include <linux/module.h> |
15 | #include <net/sock.h> | 15 | #include <net/sock.h> |
16 | 16 | ||
17 | static int ebt_target_dnat(struct sk_buff **pskb, unsigned int hooknr, | 17 | static int ebt_target_dnat(struct sk_buff *skb, unsigned int hooknr, |
18 | const struct net_device *in, const struct net_device *out, | 18 | const struct net_device *in, const struct net_device *out, |
19 | const void *data, unsigned int datalen) | 19 | const void *data, unsigned int datalen) |
20 | { | 20 | { |
21 | struct ebt_nat_info *info = (struct ebt_nat_info *)data; | 21 | struct ebt_nat_info *info = (struct ebt_nat_info *)data; |
22 | 22 | ||
23 | if (skb_make_writable(*pskb, 0)) | 23 | if (skb_make_writable(skb, 0)) |
24 | return NF_DROP; | 24 | return NF_DROP; |
25 | 25 | ||
26 | memcpy(eth_hdr(*pskb)->h_dest, info->mac, ETH_ALEN); | 26 | memcpy(eth_hdr(skb)->h_dest, info->mac, ETH_ALEN); |
27 | return info->target; | 27 | return info->target; |
28 | } | 28 | } |
29 | 29 | ||
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c index 62d23c7b25e..6cba54309c0 100644 --- a/net/bridge/netfilter/ebt_mark.c +++ b/net/bridge/netfilter/ebt_mark.c | |||
@@ -17,7 +17,7 @@ | |||
17 | #include <linux/netfilter_bridge/ebt_mark_t.h> | 17 | #include <linux/netfilter_bridge/ebt_mark_t.h> |
18 | #include <linux/module.h> | 18 | #include <linux/module.h> |
19 | 19 | ||
20 | static int ebt_target_mark(struct sk_buff **pskb, unsigned int hooknr, | 20 | static int ebt_target_mark(struct sk_buff *skb, unsigned int hooknr, |
21 | const struct net_device *in, const struct net_device *out, | 21 | const struct net_device *in, const struct net_device *out, |
22 | const void *data, unsigned int datalen) | 22 | const void *data, unsigned int datalen) |
23 | { | 23 | { |
@@ -25,13 +25,13 @@ static int ebt_target_mark(struct sk_buff **pskb, unsigned int hooknr, | |||
25 | int action = info->target & -16; | 25 | int action = info->target & -16; |
26 | 26 | ||
27 | if (action == MARK_SET_VALUE) | 27 | if (action == MARK_SET_VALUE) |
28 | (*pskb)->mark = info->mark; | 28 | skb->mark = info->mark; |
29 | else if (action == MARK_OR_VALUE) | 29 | else if (action == MARK_OR_VALUE) |
30 | (*pskb)->mark |= info->mark; | 30 | skb->mark |= info->mark; |
31 | else if (action == MARK_AND_VALUE) | 31 | else if (action == MARK_AND_VALUE) |
32 | (*pskb)->mark &= info->mark; | 32 | skb->mark &= info->mark; |
33 | else | 33 | else |
34 | (*pskb)->mark ^= info->mark; | 34 | skb->mark ^= info->mark; |
35 | 35 | ||
36 | return info->target | ~EBT_VERDICT_BITS; | 36 | return info->target | ~EBT_VERDICT_BITS; |
37 | } | 37 | } |
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c index 81371cd01bd..422cb834cff 100644 --- a/net/bridge/netfilter/ebt_redirect.c +++ b/net/bridge/netfilter/ebt_redirect.c | |||
@@ -15,21 +15,21 @@ | |||
15 | #include <net/sock.h> | 15 | #include <net/sock.h> |
16 | #include "../br_private.h" | 16 | #include "../br_private.h" |
17 | 17 | ||
18 | static int ebt_target_redirect(struct sk_buff **pskb, unsigned int hooknr, | 18 | static int ebt_target_redirect(struct sk_buff *skb, unsigned int hooknr, |
19 | const struct net_device *in, const struct net_device *out, | 19 | const struct net_device *in, const struct net_device *out, |
20 | const void *data, unsigned int datalen) | 20 | const void *data, unsigned int datalen) |
21 | { | 21 | { |
22 | struct ebt_redirect_info *info = (struct ebt_redirect_info *)data; | 22 | struct ebt_redirect_info *info = (struct ebt_redirect_info *)data; |
23 | 23 | ||
24 | if (skb_make_writable(*pskb, 0)) | 24 | if (skb_make_writable(skb, 0)) |
25 | return NF_DROP; | 25 | return NF_DROP; |
26 | 26 | ||
27 | if (hooknr != NF_BR_BROUTING) | 27 | if (hooknr != NF_BR_BROUTING) |
28 | memcpy(eth_hdr(*pskb)->h_dest, | 28 | memcpy(eth_hdr(skb)->h_dest, |
29 | in->br_port->br->dev->dev_addr, ETH_ALEN); | 29 | in->br_port->br->dev->dev_addr, ETH_ALEN); |
30 | else | 30 | else |
31 | memcpy(eth_hdr(*pskb)->h_dest, in->dev_addr, ETH_ALEN); | 31 | memcpy(eth_hdr(skb)->h_dest, in->dev_addr, ETH_ALEN); |
32 | (*pskb)->pkt_type = PACKET_HOST; | 32 | skb->pkt_type = PACKET_HOST; |
33 | return info->target; | 33 | return info->target; |
34 | } | 34 | } |
35 | 35 | ||
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c index b0c63684e2f..425ac920904 100644 --- a/net/bridge/netfilter/ebt_snat.c +++ b/net/bridge/netfilter/ebt_snat.c | |||
@@ -16,26 +16,26 @@ | |||
16 | #include <linux/if_arp.h> | 16 | #include <linux/if_arp.h> |
17 | #include <net/arp.h> | 17 | #include <net/arp.h> |
18 | 18 | ||
19 | static int ebt_target_snat(struct sk_buff **pskb, unsigned int hooknr, | 19 | static int ebt_target_snat(struct sk_buff *skb, unsigned int hooknr, |
20 | const struct net_device *in, const struct net_device *out, | 20 | const struct net_device *in, const struct net_device *out, |
21 | const void *data, unsigned int datalen) | 21 | const void *data, unsigned int datalen) |
22 | { | 22 | { |
23 | struct ebt_nat_info *info = (struct ebt_nat_info *) data; | 23 | struct ebt_nat_info *info = (struct ebt_nat_info *) data; |
24 | 24 | ||
25 | if (skb_make_writable(*pskb, 0)) | 25 | if (skb_make_writable(skb, 0)) |
26 | return NF_DROP; | 26 | return NF_DROP; |
27 | 27 | ||
28 | memcpy(eth_hdr(*pskb)->h_source, info->mac, ETH_ALEN); | 28 | memcpy(eth_hdr(skb)->h_source, info->mac, ETH_ALEN); |
29 | if (!(info->target & NAT_ARP_BIT) && | 29 | if (!(info->target & NAT_ARP_BIT) && |
30 | eth_hdr(*pskb)->h_proto == htons(ETH_P_ARP)) { | 30 | eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) { |
31 | struct arphdr _ah, *ap; | 31 | struct arphdr _ah, *ap; |
32 | 32 | ||
33 | ap = skb_header_pointer(*pskb, 0, sizeof(_ah), &_ah); | 33 | ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah); |
34 | if (ap == NULL) | 34 | if (ap == NULL) |
35 | return EBT_DROP; | 35 | return EBT_DROP; |
36 | if (ap->ar_hln != ETH_ALEN) | 36 | if (ap->ar_hln != ETH_ALEN) |
37 | goto out; | 37 | goto out; |
38 | if (skb_store_bits(*pskb, sizeof(_ah), info->mac,ETH_ALEN)) | 38 | if (skb_store_bits(skb, sizeof(_ah), info->mac,ETH_ALEN)) |
39 | return EBT_DROP; | 39 | return EBT_DROP; |
40 | } | 40 | } |
41 | out: | 41 | out: |
diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c index d37ce047893..e44519ebf1d 100644 --- a/net/bridge/netfilter/ebtable_broute.c +++ b/net/bridge/netfilter/ebtable_broute.c | |||
@@ -51,11 +51,11 @@ static struct ebt_table broute_table = | |||
51 | .me = THIS_MODULE, | 51 | .me = THIS_MODULE, |
52 | }; | 52 | }; |
53 | 53 | ||
54 | static int ebt_broute(struct sk_buff **pskb) | 54 | static int ebt_broute(struct sk_buff *skb) |
55 | { | 55 | { |
56 | int ret; | 56 | int ret; |
57 | 57 | ||
58 | ret = ebt_do_table(NF_BR_BROUTING, pskb, (*pskb)->dev, NULL, | 58 | ret = ebt_do_table(NF_BR_BROUTING, skb, skb->dev, NULL, |
59 | &broute_table); | 59 | &broute_table); |
60 | if (ret == NF_DROP) | 60 | if (ret == NF_DROP) |
61 | return 1; /* route it */ | 61 | return 1; /* route it */ |
diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c index 81d84145c41..210493f99bc 100644 --- a/net/bridge/netfilter/ebtable_filter.c +++ b/net/bridge/netfilter/ebtable_filter.c | |||
@@ -61,10 +61,10 @@ static struct ebt_table frame_filter = | |||
61 | }; | 61 | }; |
62 | 62 | ||
63 | static unsigned int | 63 | static unsigned int |
64 | ebt_hook (unsigned int hook, struct sk_buff **pskb, const struct net_device *in, | 64 | ebt_hook(unsigned int hook, struct sk_buff *skb, const struct net_device *in, |
65 | const struct net_device *out, int (*okfn)(struct sk_buff *)) | 65 | const struct net_device *out, int (*okfn)(struct sk_buff *)) |
66 | { | 66 | { |
67 | return ebt_do_table(hook, pskb, in, out, &frame_filter); | 67 | return ebt_do_table(hook, skb, in, out, &frame_filter); |
68 | } | 68 | } |
69 | 69 | ||
70 | static struct nf_hook_ops ebt_ops_filter[] = { | 70 | static struct nf_hook_ops ebt_ops_filter[] = { |
diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c index 9c50488b62e..3e58c2e5ee2 100644 --- a/net/bridge/netfilter/ebtable_nat.c +++ b/net/bridge/netfilter/ebtable_nat.c | |||
@@ -61,17 +61,17 @@ static struct ebt_table frame_nat = | |||
61 | }; | 61 | }; |
62 | 62 | ||
63 | static unsigned int | 63 | static unsigned int |
64 | ebt_nat_dst(unsigned int hook, struct sk_buff **pskb, const struct net_device *in | 64 | ebt_nat_dst(unsigned int hook, struct sk_buff *skb, const struct net_device *in |
65 | , const struct net_device *out, int (*okfn)(struct sk_buff *)) | 65 | , const struct net_device *out, int (*okfn)(struct sk_buff *)) |
66 | { | 66 | { |
67 | return ebt_do_table(hook, pskb, in, out, &frame_nat); | 67 | return ebt_do_table(hook, skb, in, out, &frame_nat); |
68 | } | 68 | } |
69 | 69 | ||
70 | static unsigned int | 70 | static unsigned int |
71 | ebt_nat_src(unsigned int hook, struct sk_buff **pskb, const struct net_device *in | 71 | ebt_nat_src(unsigned int hook, struct sk_buff *skb, const struct net_device *in |
72 | , const struct net_device *out, int (*okfn)(struct sk_buff *)) | 72 | , const struct net_device *out, int (*okfn)(struct sk_buff *)) |
73 | { | 73 | { |
74 | return ebt_do_table(hook, pskb, in, out, &frame_nat); | 74 | return ebt_do_table(hook, skb, in, out, &frame_nat); |
75 | } | 75 | } |
76 | 76 | ||
77 | static struct nf_hook_ops ebt_ops_nat[] = { | 77 | static struct nf_hook_ops ebt_ops_nat[] = { |
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 6018d0e5193..d5a09eaef91 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
@@ -142,7 +142,7 @@ static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h, | |||
142 | } | 142 | } |
143 | 143 | ||
144 | /* Do some firewalling */ | 144 | /* Do some firewalling */ |
145 | unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, | 145 | unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, |
146 | const struct net_device *in, const struct net_device *out, | 146 | const struct net_device *in, const struct net_device *out, |
147 | struct ebt_table *table) | 147 | struct ebt_table *table) |
148 | { | 148 | { |
@@ -172,19 +172,19 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, | |||
172 | base = private->entries; | 172 | base = private->entries; |
173 | i = 0; | 173 | i = 0; |
174 | while (i < nentries) { | 174 | while (i < nentries) { |
175 | if (ebt_basic_match(point, eth_hdr(*pskb), in, out)) | 175 | if (ebt_basic_match(point, eth_hdr(skb), in, out)) |
176 | goto letscontinue; | 176 | goto letscontinue; |
177 | 177 | ||
178 | if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0) | 178 | if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, in, out) != 0) |
179 | goto letscontinue; | 179 | goto letscontinue; |
180 | 180 | ||
181 | /* increase counter */ | 181 | /* increase counter */ |
182 | (*(counter_base + i)).pcnt++; | 182 | (*(counter_base + i)).pcnt++; |
183 | (*(counter_base + i)).bcnt+=(**pskb).len; | 183 | (*(counter_base + i)).bcnt += skb->len; |
184 | 184 | ||
185 | /* these should only watch: not modify, nor tell us | 185 | /* these should only watch: not modify, nor tell us |
186 | what to do with the packet */ | 186 | what to do with the packet */ |
187 | EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in, | 187 | EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, hook, in, |
188 | out); | 188 | out); |
189 | 189 | ||
190 | t = (struct ebt_entry_target *) | 190 | t = (struct ebt_entry_target *) |
@@ -193,7 +193,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, | |||
193 | if (!t->u.target->target) | 193 | if (!t->u.target->target) |
194 | verdict = ((struct ebt_standard_target *)t)->verdict; | 194 | verdict = ((struct ebt_standard_target *)t)->verdict; |
195 | else | 195 | else |
196 | verdict = t->u.target->target(pskb, hook, | 196 | verdict = t->u.target->target(skb, hook, |
197 | in, out, t->data, t->target_size); | 197 | in, out, t->data, t->target_size); |
198 | if (verdict == EBT_ACCEPT) { | 198 | if (verdict == EBT_ACCEPT) { |
199 | read_unlock_bh(&table->lock); | 199 | read_unlock_bh(&table->lock); |
diff --git a/net/decnet/netfilter/dn_rtmsg.c b/net/decnet/netfilter/dn_rtmsg.c index f7fba7721e6..43fcd29046d 100644 --- a/net/decnet/netfilter/dn_rtmsg.c +++ b/net/decnet/netfilter/dn_rtmsg.c | |||
@@ -88,12 +88,12 @@ static void dnrmg_send_peer(struct sk_buff *skb) | |||
88 | 88 | ||
89 | 89 | ||
90 | static unsigned int dnrmg_hook(unsigned int hook, | 90 | static unsigned int dnrmg_hook(unsigned int hook, |
91 | struct sk_buff **pskb, | 91 | struct sk_buff *skb, |
92 | const struct net_device *in, | 92 | const struct net_device *in, |
93 | const struct net_device *out, | 93 | const struct net_device *out, |
94 | int (*okfn)(struct sk_buff *)) | 94 | int (*okfn)(struct sk_buff *)) |
95 | { | 95 | { |
96 | dnrmg_send_peer(*pskb); | 96 | dnrmg_send_peer(skb); |
97 | return NF_ACCEPT; | 97 | return NF_ACCEPT; |
98 | } | 98 | } |
99 | 99 | ||
diff --git a/net/ipv4/ipvs/ip_vs_app.c b/net/ipv4/ipvs/ip_vs_app.c index 8ca5f4806a6..664cb8e97c1 100644 --- a/net/ipv4/ipvs/ip_vs_app.c +++ b/net/ipv4/ipvs/ip_vs_app.c | |||
@@ -329,18 +329,18 @@ static inline void vs_seq_update(struct ip_vs_conn *cp, struct ip_vs_seq *vseq, | |||
329 | spin_unlock(&cp->lock); | 329 | spin_unlock(&cp->lock); |
330 | } | 330 | } |
331 | 331 | ||
332 | static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb, | 332 | static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff *skb, |
333 | struct ip_vs_app *app) | 333 | struct ip_vs_app *app) |
334 | { | 334 | { |
335 | int diff; | 335 | int diff; |
336 | const unsigned int tcp_offset = ip_hdrlen(*pskb); | 336 | const unsigned int tcp_offset = ip_hdrlen(skb); |
337 | struct tcphdr *th; | 337 | struct tcphdr *th; |
338 | __u32 seq; | 338 | __u32 seq; |
339 | 339 | ||
340 | if (!skb_make_writable(*pskb, tcp_offset + sizeof(*th))) | 340 | if (!skb_make_writable(skb, tcp_offset + sizeof(*th))) |
341 | return 0; | 341 | return 0; |
342 | 342 | ||
343 | th = (struct tcphdr *)(skb_network_header(*pskb) + tcp_offset); | 343 | th = (struct tcphdr *)(skb_network_header(skb) + tcp_offset); |
344 | 344 | ||
345 | /* | 345 | /* |
346 | * Remember seq number in case this pkt gets resized | 346 | * Remember seq number in case this pkt gets resized |
@@ -361,7 +361,7 @@ static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb, | |||
361 | if (app->pkt_out == NULL) | 361 | if (app->pkt_out == NULL) |
362 | return 1; | 362 | return 1; |
363 | 363 | ||
364 | if (!app->pkt_out(app, cp, pskb, &diff)) | 364 | if (!app->pkt_out(app, cp, skb, &diff)) |
365 | return 0; | 365 | return 0; |
366 | 366 | ||
367 | /* | 367 | /* |
@@ -379,7 +379,7 @@ static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb, | |||
379 | * called by ipvs packet handler, assumes previously checked cp!=NULL | 379 | * called by ipvs packet handler, assumes previously checked cp!=NULL |
380 | * returns false if it can't handle packet (oom) | 380 | * returns false if it can't handle packet (oom) |
381 | */ | 381 | */ |
382 | int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb) | 382 | int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff *skb) |
383 | { | 383 | { |
384 | struct ip_vs_app *app; | 384 | struct ip_vs_app *app; |
385 | 385 | ||
@@ -392,7 +392,7 @@ int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb) | |||
392 | 392 | ||
393 | /* TCP is complicated */ | 393 | /* TCP is complicated */ |
394 | if (cp->protocol == IPPROTO_TCP) | 394 | if (cp->protocol == IPPROTO_TCP) |
395 | return app_tcp_pkt_out(cp, pskb, app); | 395 | return app_tcp_pkt_out(cp, skb, app); |
396 | 396 | ||
397 | /* | 397 | /* |
398 | * Call private output hook function | 398 | * Call private output hook function |
@@ -400,22 +400,22 @@ int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb) | |||
400 | if (app->pkt_out == NULL) | 400 | if (app->pkt_out == NULL) |
401 | return 1; | 401 | return 1; |
402 | 402 | ||
403 | return app->pkt_out(app, cp, pskb, NULL); | 403 | return app->pkt_out(app, cp, skb, NULL); |
404 | } | 404 | } |
405 | 405 | ||
406 | 406 | ||
407 | static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb, | 407 | static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff *skb, |
408 | struct ip_vs_app *app) | 408 | struct ip_vs_app *app) |
409 | { | 409 | { |
410 | int diff; | 410 | int diff; |
411 | const unsigned int tcp_offset = ip_hdrlen(*pskb); | 411 | const unsigned int tcp_offset = ip_hdrlen(skb); |
412 | struct tcphdr *th; | 412 | struct tcphdr *th; |
413 | __u32 seq; | 413 | __u32 seq; |
414 | 414 | ||
415 | if (!skb_make_writable(*pskb, tcp_offset + sizeof(*th))) | 415 | if (!skb_make_writable(skb, tcp_offset + sizeof(*th))) |
416 | return 0; | 416 | return 0; |
417 | 417 | ||
418 | th = (struct tcphdr *)(skb_network_header(*pskb) + tcp_offset); | 418 | th = (struct tcphdr *)(skb_network_header(skb) + tcp_offset); |
419 | 419 | ||
420 | /* | 420 | /* |
421 | * Remember seq number in case this pkt gets resized | 421 | * Remember seq number in case this pkt gets resized |
@@ -436,7 +436,7 @@ static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb, | |||
436 | if (app->pkt_in == NULL) | 436 | if (app->pkt_in == NULL) |
437 | return 1; | 437 | return 1; |
438 | 438 | ||
439 | if (!app->pkt_in(app, cp, pskb, &diff)) | 439 | if (!app->pkt_in(app, cp, skb, &diff)) |
440 | return 0; | 440 | return 0; |
441 | 441 | ||
442 | /* | 442 | /* |
@@ -454,7 +454,7 @@ static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb, | |||
454 | * called by ipvs packet handler, assumes previously checked cp!=NULL. | 454 | * called by ipvs packet handler, assumes previously checked cp!=NULL. |
455 | * returns false if can't handle packet (oom). | 455 | * returns false if can't handle packet (oom). |
456 | */ | 456 | */ |
457 | int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb) | 457 | int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff *skb) |
458 | { | 458 | { |
459 | struct ip_vs_app *app; | 459 | struct ip_vs_app *app; |
460 | 460 | ||
@@ -467,7 +467,7 @@ int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb) | |||
467 | 467 | ||
468 | /* TCP is complicated */ | 468 | /* TCP is complicated */ |
469 | if (cp->protocol == IPPROTO_TCP) | 469 | if (cp->protocol == IPPROTO_TCP) |
470 | return app_tcp_pkt_in(cp, pskb, app); | 470 | return app_tcp_pkt_in(cp, skb, app); |
471 | 471 | ||
472 | /* | 472 | /* |
473 | * Call private input hook function | 473 | * Call private input hook function |
@@ -475,7 +475,7 @@ int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb) | |||
475 | if (app->pkt_in == NULL) | 475 | if (app->pkt_in == NULL) |
476 | return 1; | 476 | return 1; |
477 | 477 | ||
478 | return app->pkt_in(app, cp, pskb, NULL); | 478 | return app->pkt_in(app, cp, skb, NULL); |
479 | } | 479 | } |
480 | 480 | ||
481 | 481 | ||
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c index 09cac38580f..c6ed7654e83 100644 --- a/net/ipv4/ipvs/ip_vs_core.c +++ b/net/ipv4/ipvs/ip_vs_core.c | |||
@@ -488,12 +488,12 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, | |||
488 | * for VS/NAT. | 488 | * for VS/NAT. |
489 | */ | 489 | */ |
490 | static unsigned int ip_vs_post_routing(unsigned int hooknum, | 490 | static unsigned int ip_vs_post_routing(unsigned int hooknum, |
491 | struct sk_buff **pskb, | 491 | struct sk_buff *skb, |
492 | const struct net_device *in, | 492 | const struct net_device *in, |
493 | const struct net_device *out, | 493 | const struct net_device *out, |
494 | int (*okfn)(struct sk_buff *)) | 494 | int (*okfn)(struct sk_buff *)) |
495 | { | 495 | { |
496 | if (!((*pskb)->ipvs_property)) | 496 | if (!skb->ipvs_property) |
497 | return NF_ACCEPT; | 497 | return NF_ACCEPT; |
498 | /* The packet was sent from IPVS, exit this chain */ | 498 | /* The packet was sent from IPVS, exit this chain */ |
499 | return NF_STOP; | 499 | return NF_STOP; |
@@ -569,9 +569,8 @@ void ip_vs_nat_icmp(struct sk_buff *skb, struct ip_vs_protocol *pp, | |||
569 | * Currently handles error types - unreachable, quench, ttl exceeded. | 569 | * Currently handles error types - unreachable, quench, ttl exceeded. |
570 | * (Only used in VS/NAT) | 570 | * (Only used in VS/NAT) |
571 | */ | 571 | */ |
572 | static int ip_vs_out_icmp(struct sk_buff **pskb, int *related) | 572 | static int ip_vs_out_icmp(struct sk_buff *skb, int *related) |
573 | { | 573 | { |
574 | struct sk_buff *skb = *pskb; | ||
575 | struct iphdr *iph; | 574 | struct iphdr *iph; |
576 | struct icmphdr _icmph, *ic; | 575 | struct icmphdr _icmph, *ic; |
577 | struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ | 576 | struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ |
@@ -685,11 +684,10 @@ static inline int is_tcp_reset(const struct sk_buff *skb) | |||
685 | * rewrite addresses of the packet and send it on its way... | 684 | * rewrite addresses of the packet and send it on its way... |
686 | */ | 685 | */ |
687 | static unsigned int | 686 | static unsigned int |
688 | ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, | 687 | ip_vs_out(unsigned int hooknum, struct sk_buff *skb, |
689 | const struct net_device *in, const struct net_device *out, | 688 | const struct net_device *in, const struct net_device *out, |
690 | int (*okfn)(struct sk_buff *)) | 689 | int (*okfn)(struct sk_buff *)) |
691 | { | 690 | { |
692 | struct sk_buff *skb = *pskb; | ||
693 | struct iphdr *iph; | 691 | struct iphdr *iph; |
694 | struct ip_vs_protocol *pp; | 692 | struct ip_vs_protocol *pp; |
695 | struct ip_vs_conn *cp; | 693 | struct ip_vs_conn *cp; |
@@ -702,11 +700,10 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, | |||
702 | 700 | ||
703 | iph = ip_hdr(skb); | 701 | iph = ip_hdr(skb); |
704 | if (unlikely(iph->protocol == IPPROTO_ICMP)) { | 702 | if (unlikely(iph->protocol == IPPROTO_ICMP)) { |
705 | int related, verdict = ip_vs_out_icmp(pskb, &related); | 703 | int related, verdict = ip_vs_out_icmp(skb, &related); |
706 | 704 | ||
707 | if (related) | 705 | if (related) |
708 | return verdict; | 706 | return verdict; |
709 | skb = *pskb; | ||
710 | iph = ip_hdr(skb); | 707 | iph = ip_hdr(skb); |
711 | } | 708 | } |
712 | 709 | ||
@@ -765,9 +762,8 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, | |||
765 | goto drop; | 762 | goto drop; |
766 | 763 | ||
767 | /* mangle the packet */ | 764 | /* mangle the packet */ |
768 | if (pp->snat_handler && !pp->snat_handler(pskb, pp, cp)) | 765 | if (pp->snat_handler && !pp->snat_handler(skb, pp, cp)) |
769 | goto drop; | 766 | goto drop; |
770 | skb = *pskb; | ||
771 | ip_hdr(skb)->saddr = cp->vaddr; | 767 | ip_hdr(skb)->saddr = cp->vaddr; |
772 | ip_send_check(ip_hdr(skb)); | 768 | ip_send_check(ip_hdr(skb)); |
773 | 769 | ||
@@ -777,9 +773,8 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, | |||
777 | * if it came from this machine itself. So re-compute | 773 | * if it came from this machine itself. So re-compute |
778 | * the routing information. | 774 | * the routing information. |
779 | */ | 775 | */ |
780 | if (ip_route_me_harder(pskb, RTN_LOCAL) != 0) | 776 | if (ip_route_me_harder(skb, RTN_LOCAL) != 0) |
781 | goto drop; | 777 | goto drop; |
782 | skb = *pskb; | ||
783 | 778 | ||
784 | IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT"); | 779 | IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT"); |
785 | 780 | ||
@@ -794,7 +789,7 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, | |||
794 | 789 | ||
795 | drop: | 790 | drop: |
796 | ip_vs_conn_put(cp); | 791 | ip_vs_conn_put(cp); |
797 | kfree_skb(*pskb); | 792 | kfree_skb(skb); |
798 | return NF_STOLEN; | 793 | return NF_STOLEN; |
799 | } | 794 | } |
800 | 795 | ||
@@ -806,9 +801,8 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, | |||
806 | * Currently handles error types - unreachable, quench, ttl exceeded. | 801 | * Currently handles error types - unreachable, quench, ttl exceeded. |
807 | */ | 802 | */ |
808 | static int | 803 | static int |
809 | ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum) | 804 | ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum) |
810 | { | 805 | { |
811 | struct sk_buff *skb = *pskb; | ||
812 | struct iphdr *iph; | 806 | struct iphdr *iph; |
813 | struct icmphdr _icmph, *ic; | 807 | struct icmphdr _icmph, *ic; |
814 | struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ | 808 | struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ |
@@ -901,11 +895,10 @@ ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum) | |||
901 | * and send it on its way... | 895 | * and send it on its way... |
902 | */ | 896 | */ |
903 | static unsigned int | 897 | static unsigned int |
904 | ip_vs_in(unsigned int hooknum, struct sk_buff **pskb, | 898 | ip_vs_in(unsigned int hooknum, struct sk_buff *skb, |
905 | const struct net_device *in, const struct net_device *out, | 899 | const struct net_device *in, const struct net_device *out, |
906 | int (*okfn)(struct sk_buff *)) | 900 | int (*okfn)(struct sk_buff *)) |
907 | { | 901 | { |
908 | struct sk_buff *skb = *pskb; | ||
909 | struct iphdr *iph; | 902 | struct iphdr *iph; |
910 | struct ip_vs_protocol *pp; | 903 | struct ip_vs_protocol *pp; |
911 | struct ip_vs_conn *cp; | 904 | struct ip_vs_conn *cp; |
@@ -927,11 +920,10 @@ ip_vs_in(unsigned int hooknum, struct sk_buff **pskb, | |||
927 | 920 | ||
928 | iph = ip_hdr(skb); | 921 | iph = ip_hdr(skb); |
929 | if (unlikely(iph->protocol == IPPROTO_ICMP)) { | 922 | if (unlikely(iph->protocol == IPPROTO_ICMP)) { |
930 | int related, verdict = ip_vs_in_icmp(pskb, &related, hooknum); | 923 | int related, verdict = ip_vs_in_icmp(skb, &related, hooknum); |
931 | 924 | ||
932 | if (related) | 925 | if (related) |
933 | return verdict; | 926 | return verdict; |
934 | skb = *pskb; | ||
935 | iph = ip_hdr(skb); | 927 | iph = ip_hdr(skb); |
936 | } | 928 | } |
937 | 929 | ||
@@ -1012,16 +1004,16 @@ ip_vs_in(unsigned int hooknum, struct sk_buff **pskb, | |||
1012 | * and send them to ip_vs_in_icmp. | 1004 | * and send them to ip_vs_in_icmp. |
1013 | */ | 1005 | */ |
1014 | static unsigned int | 1006 | static unsigned int |
1015 | ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff **pskb, | 1007 | ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff *skb, |
1016 | const struct net_device *in, const struct net_device *out, | 1008 | const struct net_device *in, const struct net_device *out, |
1017 | int (*okfn)(struct sk_buff *)) | 1009 | int (*okfn)(struct sk_buff *)) |
1018 | { | 1010 | { |
1019 | int r; | 1011 | int r; |
1020 | 1012 | ||
1021 | if (ip_hdr(*pskb)->protocol != IPPROTO_ICMP) | 1013 | if (ip_hdr(skb)->protocol != IPPROTO_ICMP) |
1022 | return NF_ACCEPT; | 1014 | return NF_ACCEPT; |
1023 | 1015 | ||
1024 | return ip_vs_in_icmp(pskb, &r, hooknum); | 1016 | return ip_vs_in_icmp(skb, &r, hooknum); |
1025 | } | 1017 | } |
1026 | 1018 | ||
1027 | 1019 | ||
diff --git a/net/ipv4/ipvs/ip_vs_ftp.c b/net/ipv4/ipvs/ip_vs_ftp.c index 4167d419b66..59aa166b767 100644 --- a/net/ipv4/ipvs/ip_vs_ftp.c +++ b/net/ipv4/ipvs/ip_vs_ftp.c | |||
@@ -136,7 +136,7 @@ static int ip_vs_ftp_get_addrport(char *data, char *data_limit, | |||
136 | * xxx,xxx,xxx,xxx is the server address, ppp,ppp is the server port number. | 136 | * xxx,xxx,xxx,xxx is the server address, ppp,ppp is the server port number. |
137 | */ | 137 | */ |
138 | static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp, | 138 | static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp, |
139 | struct sk_buff **pskb, int *diff) | 139 | struct sk_buff *skb, int *diff) |
140 | { | 140 | { |
141 | struct iphdr *iph; | 141 | struct iphdr *iph; |
142 | struct tcphdr *th; | 142 | struct tcphdr *th; |
@@ -156,14 +156,14 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp, | |||
156 | return 1; | 156 | return 1; |
157 | 157 | ||
158 | /* Linear packets are much easier to deal with. */ | 158 | /* Linear packets are much easier to deal with. */ |
159 | if (!skb_make_writable(*pskb, (*pskb)->len)) | 159 | if (!skb_make_writable(skb, skb->len)) |
160 | return 0; | 160 | return 0; |
161 | 161 | ||
162 | if (cp->app_data == &ip_vs_ftp_pasv) { | 162 | if (cp->app_data == &ip_vs_ftp_pasv) { |
163 | iph = ip_hdr(*pskb); | 163 | iph = ip_hdr(skb); |
164 | th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); | 164 | th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); |
165 | data = (char *)th + (th->doff << 2); | 165 | data = (char *)th + (th->doff << 2); |
166 | data_limit = skb_tail_pointer(*pskb); | 166 | data_limit = skb_tail_pointer(skb); |
167 | 167 | ||
168 | if (ip_vs_ftp_get_addrport(data, data_limit, | 168 | if (ip_vs_ftp_get_addrport(data, data_limit, |
169 | SERVER_STRING, | 169 | SERVER_STRING, |
@@ -214,7 +214,7 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp, | |||
214 | memcpy(start, buf, buf_len); | 214 | memcpy(start, buf, buf_len); |
215 | ret = 1; | 215 | ret = 1; |
216 | } else { | 216 | } else { |
217 | ret = !ip_vs_skb_replace(*pskb, GFP_ATOMIC, start, | 217 | ret = !ip_vs_skb_replace(skb, GFP_ATOMIC, start, |
218 | end-start, buf, buf_len); | 218 | end-start, buf, buf_len); |
219 | } | 219 | } |
220 | 220 | ||
@@ -239,7 +239,7 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp, | |||
239 | * the client. | 239 | * the client. |
240 | */ | 240 | */ |
241 | static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp, | 241 | static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp, |
242 | struct sk_buff **pskb, int *diff) | 242 | struct sk_buff *skb, int *diff) |
243 | { | 243 | { |
244 | struct iphdr *iph; | 244 | struct iphdr *iph; |
245 | struct tcphdr *th; | 245 | struct tcphdr *th; |
@@ -257,20 +257,20 @@ static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp, | |||
257 | return 1; | 257 | return 1; |
258 | 258 | ||
259 | /* Linear packets are much easier to deal with. */ | 259 | /* Linear packets are much easier to deal with. */ |
260 | if (!skb_make_writable(*pskb, (*pskb)->len)) | 260 | if (!skb_make_writable(skb, skb->len)) |
261 | return 0; | 261 | return 0; |
262 | 262 | ||
263 | /* | 263 | /* |
264 | * Detecting whether it is passive | 264 | * Detecting whether it is passive |
265 | */ | 265 | */ |
266 | iph = ip_hdr(*pskb); | 266 | iph = ip_hdr(skb); |
267 | th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); | 267 | th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); |
268 | 268 | ||
269 | /* Since there may be OPTIONS in the TCP packet and the HLEN is | 269 | /* Since there may be OPTIONS in the TCP packet and the HLEN is |
270 | the length of the header in 32-bit multiples, it is accurate | 270 | the length of the header in 32-bit multiples, it is accurate |
271 | to calculate data address by th+HLEN*4 */ | 271 | to calculate data address by th+HLEN*4 */ |
272 | data = data_start = (char *)th + (th->doff << 2); | 272 | data = data_start = (char *)th + (th->doff << 2); |
273 | data_limit = skb_tail_pointer(*pskb); | 273 | data_limit = skb_tail_pointer(skb); |
274 | 274 | ||
275 | while (data <= data_limit - 6) { | 275 | while (data <= data_limit - 6) { |
276 | if (strnicmp(data, "PASV\r\n", 6) == 0) { | 276 | if (strnicmp(data, "PASV\r\n", 6) == 0) { |
diff --git a/net/ipv4/ipvs/ip_vs_proto_tcp.c b/net/ipv4/ipvs/ip_vs_proto_tcp.c index b65b1a352ba..12dc0d640b6 100644 --- a/net/ipv4/ipvs/ip_vs_proto_tcp.c +++ b/net/ipv4/ipvs/ip_vs_proto_tcp.c | |||
@@ -123,27 +123,27 @@ tcp_fast_csum_update(struct tcphdr *tcph, __be32 oldip, __be32 newip, | |||
123 | 123 | ||
124 | 124 | ||
125 | static int | 125 | static int |
126 | tcp_snat_handler(struct sk_buff **pskb, | 126 | tcp_snat_handler(struct sk_buff *skb, |
127 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) | 127 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) |
128 | { | 128 | { |
129 | struct tcphdr *tcph; | 129 | struct tcphdr *tcph; |
130 | const unsigned int tcphoff = ip_hdrlen(*pskb); | 130 | const unsigned int tcphoff = ip_hdrlen(skb); |
131 | 131 | ||
132 | /* csum_check requires unshared skb */ | 132 | /* csum_check requires unshared skb */ |
133 | if (!skb_make_writable(*pskb, tcphoff+sizeof(*tcph))) | 133 | if (!skb_make_writable(skb, tcphoff+sizeof(*tcph))) |
134 | return 0; | 134 | return 0; |
135 | 135 | ||
136 | if (unlikely(cp->app != NULL)) { | 136 | if (unlikely(cp->app != NULL)) { |
137 | /* Some checks before mangling */ | 137 | /* Some checks before mangling */ |
138 | if (pp->csum_check && !pp->csum_check(*pskb, pp)) | 138 | if (pp->csum_check && !pp->csum_check(skb, pp)) |
139 | return 0; | 139 | return 0; |
140 | 140 | ||
141 | /* Call application helper if needed */ | 141 | /* Call application helper if needed */ |
142 | if (!ip_vs_app_pkt_out(cp, pskb)) | 142 | if (!ip_vs_app_pkt_out(cp, skb)) |
143 | return 0; | 143 | return 0; |
144 | } | 144 | } |
145 | 145 | ||
146 | tcph = (void *)ip_hdr(*pskb) + tcphoff; | 146 | tcph = (void *)ip_hdr(skb) + tcphoff; |
147 | tcph->source = cp->vport; | 147 | tcph->source = cp->vport; |
148 | 148 | ||
149 | /* Adjust TCP checksums */ | 149 | /* Adjust TCP checksums */ |
@@ -151,17 +151,15 @@ tcp_snat_handler(struct sk_buff **pskb, | |||
151 | /* Only port and addr are changed, do fast csum update */ | 151 | /* Only port and addr are changed, do fast csum update */ |
152 | tcp_fast_csum_update(tcph, cp->daddr, cp->vaddr, | 152 | tcp_fast_csum_update(tcph, cp->daddr, cp->vaddr, |
153 | cp->dport, cp->vport); | 153 | cp->dport, cp->vport); |
154 | if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) | 154 | if (skb->ip_summed == CHECKSUM_COMPLETE) |
155 | (*pskb)->ip_summed = CHECKSUM_NONE; | 155 | skb->ip_summed = CHECKSUM_NONE; |
156 | } else { | 156 | } else { |
157 | /* full checksum calculation */ | 157 | /* full checksum calculation */ |
158 | tcph->check = 0; | 158 | tcph->check = 0; |
159 | (*pskb)->csum = skb_checksum(*pskb, tcphoff, | 159 | skb->csum = skb_checksum(skb, tcphoff, skb->len - tcphoff, 0); |
160 | (*pskb)->len - tcphoff, 0); | ||
161 | tcph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr, | 160 | tcph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr, |
162 | (*pskb)->len - tcphoff, | 161 | skb->len - tcphoff, |
163 | cp->protocol, | 162 | cp->protocol, skb->csum); |
164 | (*pskb)->csum); | ||
165 | IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n", | 163 | IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n", |
166 | pp->name, tcph->check, | 164 | pp->name, tcph->check, |
167 | (char*)&(tcph->check) - (char*)tcph); | 165 | (char*)&(tcph->check) - (char*)tcph); |
@@ -171,30 +169,30 @@ tcp_snat_handler(struct sk_buff **pskb, | |||
171 | 169 | ||
172 | 170 | ||
173 | static int | 171 | static int |
174 | tcp_dnat_handler(struct sk_buff **pskb, | 172 | tcp_dnat_handler(struct sk_buff *skb, |
175 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) | 173 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) |
176 | { | 174 | { |
177 | struct tcphdr *tcph; | 175 | struct tcphdr *tcph; |
178 | const unsigned int tcphoff = ip_hdrlen(*pskb); | 176 | const unsigned int tcphoff = ip_hdrlen(skb); |
179 | 177 | ||
180 | /* csum_check requires unshared skb */ | 178 | /* csum_check requires unshared skb */ |
181 | if (!skb_make_writable(*pskb, tcphoff+sizeof(*tcph))) | 179 | if (!skb_make_writable(skb, tcphoff+sizeof(*tcph))) |
182 | return 0; | 180 | return 0; |
183 | 181 | ||
184 | if (unlikely(cp->app != NULL)) { | 182 | if (unlikely(cp->app != NULL)) { |
185 | /* Some checks before mangling */ | 183 | /* Some checks before mangling */ |
186 | if (pp->csum_check && !pp->csum_check(*pskb, pp)) | 184 | if (pp->csum_check && !pp->csum_check(skb, pp)) |
187 | return 0; | 185 | return 0; |
188 | 186 | ||
189 | /* | 187 | /* |
190 | * Attempt ip_vs_app call. | 188 | * Attempt ip_vs_app call. |
191 | * It will fix ip_vs_conn and iph ack_seq stuff | 189 | * It will fix ip_vs_conn and iph ack_seq stuff |
192 | */ | 190 | */ |
193 | if (!ip_vs_app_pkt_in(cp, pskb)) | 191 | if (!ip_vs_app_pkt_in(cp, skb)) |
194 | return 0; | 192 | return 0; |
195 | } | 193 | } |
196 | 194 | ||
197 | tcph = (void *)ip_hdr(*pskb) + tcphoff; | 195 | tcph = (void *)ip_hdr(skb) + tcphoff; |
198 | tcph->dest = cp->dport; | 196 | tcph->dest = cp->dport; |
199 | 197 | ||
200 | /* | 198 | /* |
@@ -204,18 +202,16 @@ tcp_dnat_handler(struct sk_buff **pskb, | |||
204 | /* Only port and addr are changed, do fast csum update */ | 202 | /* Only port and addr are changed, do fast csum update */ |
205 | tcp_fast_csum_update(tcph, cp->vaddr, cp->daddr, | 203 | tcp_fast_csum_update(tcph, cp->vaddr, cp->daddr, |
206 | cp->vport, cp->dport); | 204 | cp->vport, cp->dport); |
207 | if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) | 205 | if (skb->ip_summed == CHECKSUM_COMPLETE) |
208 | (*pskb)->ip_summed = CHECKSUM_NONE; | 206 | skb->ip_summed = CHECKSUM_NONE; |
209 | } else { | 207 | } else { |
210 | /* full checksum calculation */ | 208 | /* full checksum calculation */ |
211 | tcph->check = 0; | 209 | tcph->check = 0; |
212 | (*pskb)->csum = skb_checksum(*pskb, tcphoff, | 210 | skb->csum = skb_checksum(skb, tcphoff, skb->len - tcphoff, 0); |
213 | (*pskb)->len - tcphoff, 0); | ||
214 | tcph->check = csum_tcpudp_magic(cp->caddr, cp->daddr, | 211 | tcph->check = csum_tcpudp_magic(cp->caddr, cp->daddr, |
215 | (*pskb)->len - tcphoff, | 212 | skb->len - tcphoff, |
216 | cp->protocol, | 213 | cp->protocol, skb->csum); |
217 | (*pskb)->csum); | 214 | skb->ip_summed = CHECKSUM_UNNECESSARY; |
218 | (*pskb)->ip_summed = CHECKSUM_UNNECESSARY; | ||
219 | } | 215 | } |
220 | return 1; | 216 | return 1; |
221 | } | 217 | } |
diff --git a/net/ipv4/ipvs/ip_vs_proto_udp.c b/net/ipv4/ipvs/ip_vs_proto_udp.c index c70aa40e2c9..1fa7b330b9a 100644 --- a/net/ipv4/ipvs/ip_vs_proto_udp.c +++ b/net/ipv4/ipvs/ip_vs_proto_udp.c | |||
@@ -130,29 +130,29 @@ udp_fast_csum_update(struct udphdr *uhdr, __be32 oldip, __be32 newip, | |||
130 | } | 130 | } |
131 | 131 | ||
132 | static int | 132 | static int |
133 | udp_snat_handler(struct sk_buff **pskb, | 133 | udp_snat_handler(struct sk_buff *skb, |
134 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) | 134 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) |
135 | { | 135 | { |
136 | struct udphdr *udph; | 136 | struct udphdr *udph; |
137 | const unsigned int udphoff = ip_hdrlen(*pskb); | 137 | const unsigned int udphoff = ip_hdrlen(skb); |
138 | 138 | ||
139 | /* csum_check requires unshared skb */ | 139 | /* csum_check requires unshared skb */ |
140 | if (!skb_make_writable(*pskb, udphoff+sizeof(*udph))) | 140 | if (!skb_make_writable(skb, udphoff+sizeof(*udph))) |
141 | return 0; | 141 | return 0; |
142 | 142 | ||
143 | if (unlikely(cp->app != NULL)) { | 143 | if (unlikely(cp->app != NULL)) { |
144 | /* Some checks before mangling */ | 144 | /* Some checks before mangling */ |
145 | if (pp->csum_check && !pp->csum_check(*pskb, pp)) | 145 | if (pp->csum_check && !pp->csum_check(skb, pp)) |
146 | return 0; | 146 | return 0; |
147 | 147 | ||
148 | /* | 148 | /* |
149 | * Call application helper if needed | 149 | * Call application helper if needed |
150 | */ | 150 | */ |
151 | if (!ip_vs_app_pkt_out(cp, pskb)) | 151 | if (!ip_vs_app_pkt_out(cp, skb)) |
152 | return 0; | 152 | return 0; |
153 | } | 153 | } |
154 | 154 | ||
155 | udph = (void *)ip_hdr(*pskb) + udphoff; | 155 | udph = (void *)ip_hdr(skb) + udphoff; |
156 | udph->source = cp->vport; | 156 | udph->source = cp->vport; |
157 | 157 | ||
158 | /* | 158 | /* |
@@ -162,17 +162,15 @@ udp_snat_handler(struct sk_buff **pskb, | |||
162 | /* Only port and addr are changed, do fast csum update */ | 162 | /* Only port and addr are changed, do fast csum update */ |
163 | udp_fast_csum_update(udph, cp->daddr, cp->vaddr, | 163 | udp_fast_csum_update(udph, cp->daddr, cp->vaddr, |
164 | cp->dport, cp->vport); | 164 | cp->dport, cp->vport); |
165 | if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) | 165 | if (skb->ip_summed == CHECKSUM_COMPLETE) |
166 | (*pskb)->ip_summed = CHECKSUM_NONE; | 166 | skb->ip_summed = CHECKSUM_NONE; |
167 | } else { | 167 | } else { |
168 | /* full checksum calculation */ | 168 | /* full checksum calculation */ |
169 | udph->check = 0; | 169 | udph->check = 0; |
170 | (*pskb)->csum = skb_checksum(*pskb, udphoff, | 170 | skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0); |
171 | (*pskb)->len - udphoff, 0); | ||
172 | udph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr, | 171 | udph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr, |
173 | (*pskb)->len - udphoff, | 172 | skb->len - udphoff, |
174 | cp->protocol, | 173 | cp->protocol, skb->csum); |
175 | (*pskb)->csum); | ||
176 | if (udph->check == 0) | 174 | if (udph->check == 0) |
177 | udph->check = CSUM_MANGLED_0; | 175 | udph->check = CSUM_MANGLED_0; |
178 | IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n", | 176 | IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n", |
@@ -184,30 +182,30 @@ udp_snat_handler(struct sk_buff **pskb, | |||
184 | 182 | ||
185 | 183 | ||
186 | static int | 184 | static int |
187 | udp_dnat_handler(struct sk_buff **pskb, | 185 | udp_dnat_handler(struct sk_buff *skb, |
188 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) | 186 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) |
189 | { | 187 | { |
190 | struct udphdr *udph; | 188 | struct udphdr *udph; |
191 | unsigned int udphoff = ip_hdrlen(*pskb); | 189 | unsigned int udphoff = ip_hdrlen(skb); |
192 | 190 | ||
193 | /* csum_check requires unshared skb */ | 191 | /* csum_check requires unshared skb */ |
194 | if (!skb_make_writable(*pskb, udphoff+sizeof(*udph))) | 192 | if (!skb_make_writable(skb, udphoff+sizeof(*udph))) |
195 | return 0; | 193 | return 0; |
196 | 194 | ||
197 | if (unlikely(cp->app != NULL)) { | 195 | if (unlikely(cp->app != NULL)) { |
198 | /* Some checks before mangling */ | 196 | /* Some checks before mangling */ |
199 | if (pp->csum_check && !pp->csum_check(*pskb, pp)) | 197 | if (pp->csum_check && !pp->csum_check(skb, pp)) |
200 | return 0; | 198 | return 0; |
201 | 199 | ||
202 | /* | 200 | /* |
203 | * Attempt ip_vs_app call. | 201 | * Attempt ip_vs_app call. |
204 | * It will fix ip_vs_conn | 202 | * It will fix ip_vs_conn |
205 | */ | 203 | */ |
206 | if (!ip_vs_app_pkt_in(cp, pskb)) | 204 | if (!ip_vs_app_pkt_in(cp, skb)) |
207 | return 0; | 205 | return 0; |
208 | } | 206 | } |
209 | 207 | ||
210 | udph = (void *)ip_hdr(*pskb) + udphoff; | 208 | udph = (void *)ip_hdr(skb) + udphoff; |
211 | udph->dest = cp->dport; | 209 | udph->dest = cp->dport; |
212 | 210 | ||
213 | /* | 211 | /* |
@@ -217,20 +215,18 @@ udp_dnat_handler(struct sk_buff **pskb, | |||
217 | /* Only port and addr are changed, do fast csum update */ | 215 | /* Only port and addr are changed, do fast csum update */ |
218 | udp_fast_csum_update(udph, cp->vaddr, cp->daddr, | 216 | udp_fast_csum_update(udph, cp->vaddr, cp->daddr, |
219 | cp->vport, cp->dport); | 217 | cp->vport, cp->dport); |
220 | if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) | 218 | if (skb->ip_summed == CHECKSUM_COMPLETE) |
221 | (*pskb)->ip_summed = CHECKSUM_NONE; | 219 | skb->ip_summed = CHECKSUM_NONE; |
222 | } else { | 220 | } else { |
223 | /* full checksum calculation */ | 221 | /* full checksum calculation */ |
224 | udph->check = 0; | 222 | udph->check = 0; |
225 | (*pskb)->csum = skb_checksum(*pskb, udphoff, | 223 | skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0); |
226 | (*pskb)->len - udphoff, 0); | ||
227 | udph->check = csum_tcpudp_magic(cp->caddr, cp->daddr, | 224 | udph->check = csum_tcpudp_magic(cp->caddr, cp->daddr, |
228 | (*pskb)->len - udphoff, | 225 | skb->len - udphoff, |
229 | cp->protocol, | 226 | cp->protocol, skb->csum); |
230 | (*pskb)->csum); | ||
231 | if (udph->check == 0) | 227 | if (udph->check == 0) |
232 | udph->check = CSUM_MANGLED_0; | 228 | udph->check = CSUM_MANGLED_0; |
233 | (*pskb)->ip_summed = CHECKSUM_UNNECESSARY; | 229 | skb->ip_summed = CHECKSUM_UNNECESSARY; |
234 | } | 230 | } |
235 | return 1; | 231 | return 1; |
236 | } | 232 | } |
diff --git a/net/ipv4/ipvs/ip_vs_xmit.c b/net/ipv4/ipvs/ip_vs_xmit.c index afd90d4d739..d0a92dec105 100644 --- a/net/ipv4/ipvs/ip_vs_xmit.c +++ b/net/ipv4/ipvs/ip_vs_xmit.c | |||
@@ -264,7 +264,7 @@ ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
264 | skb->dst = &rt->u.dst; | 264 | skb->dst = &rt->u.dst; |
265 | 265 | ||
266 | /* mangle the packet */ | 266 | /* mangle the packet */ |
267 | if (pp->dnat_handler && !pp->dnat_handler(&skb, pp, cp)) | 267 | if (pp->dnat_handler && !pp->dnat_handler(skb, pp, cp)) |
268 | goto tx_error; | 268 | goto tx_error; |
269 | ip_hdr(skb)->daddr = cp->daddr; | 269 | ip_hdr(skb)->daddr = cp->daddr; |
270 | ip_send_check(ip_hdr(skb)); | 270 | ip_send_check(ip_hdr(skb)); |
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c index d1e3012d891..5539debf497 100644 --- a/net/ipv4/netfilter.c +++ b/net/ipv4/netfilter.c | |||
@@ -9,9 +9,9 @@ | |||
9 | #include <net/ip.h> | 9 | #include <net/ip.h> |
10 | 10 | ||
11 | /* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */ | 11 | /* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */ |
12 | int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type) | 12 | int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type) |
13 | { | 13 | { |
14 | const struct iphdr *iph = ip_hdr(*pskb); | 14 | const struct iphdr *iph = ip_hdr(skb); |
15 | struct rtable *rt; | 15 | struct rtable *rt; |
16 | struct flowi fl = {}; | 16 | struct flowi fl = {}; |
17 | struct dst_entry *odst; | 17 | struct dst_entry *odst; |
@@ -30,14 +30,14 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type) | |||
30 | if (type == RTN_LOCAL) | 30 | if (type == RTN_LOCAL) |
31 | fl.nl_u.ip4_u.saddr = iph->saddr; | 31 | fl.nl_u.ip4_u.saddr = iph->saddr; |
32 | fl.nl_u.ip4_u.tos = RT_TOS(iph->tos); | 32 | fl.nl_u.ip4_u.tos = RT_TOS(iph->tos); |
33 | fl.oif = (*pskb)->sk ? (*pskb)->sk->sk_bound_dev_if : 0; | 33 | fl.oif = skb->sk ? skb->sk->sk_bound_dev_if : 0; |
34 | fl.mark = (*pskb)->mark; | 34 | fl.mark = skb->mark; |
35 | if (ip_route_output_key(&rt, &fl) != 0) | 35 | if (ip_route_output_key(&rt, &fl) != 0) |
36 | return -1; | 36 | return -1; |
37 | 37 | ||
38 | /* Drop old route. */ | 38 | /* Drop old route. */ |
39 | dst_release((*pskb)->dst); | 39 | dst_release(skb->dst); |
40 | (*pskb)->dst = &rt->u.dst; | 40 | skb->dst = &rt->u.dst; |
41 | } else { | 41 | } else { |
42 | /* non-local src, find valid iif to satisfy | 42 | /* non-local src, find valid iif to satisfy |
43 | * rp-filter when calling ip_route_input. */ | 43 | * rp-filter when calling ip_route_input. */ |
@@ -45,8 +45,8 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type) | |||
45 | if (ip_route_output_key(&rt, &fl) != 0) | 45 | if (ip_route_output_key(&rt, &fl) != 0) |
46 | return -1; | 46 | return -1; |
47 | 47 | ||
48 | odst = (*pskb)->dst; | 48 | odst = skb->dst; |
49 | if (ip_route_input(*pskb, iph->daddr, iph->saddr, | 49 | if (ip_route_input(skb, iph->daddr, iph->saddr, |
50 | RT_TOS(iph->tos), rt->u.dst.dev) != 0) { | 50 | RT_TOS(iph->tos), rt->u.dst.dev) != 0) { |
51 | dst_release(&rt->u.dst); | 51 | dst_release(&rt->u.dst); |
52 | return -1; | 52 | return -1; |
@@ -55,21 +55,20 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type) | |||
55 | dst_release(odst); | 55 | dst_release(odst); |
56 | } | 56 | } |
57 | 57 | ||
58 | if ((*pskb)->dst->error) | 58 | if (skb->dst->error) |
59 | return -1; | 59 | return -1; |
60 | 60 | ||
61 | #ifdef CONFIG_XFRM | 61 | #ifdef CONFIG_XFRM |
62 | if (!(IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED) && | 62 | if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) && |
63 | xfrm_decode_session(*pskb, &fl, AF_INET) == 0) | 63 | xfrm_decode_session(skb, &fl, AF_INET) == 0) |
64 | if (xfrm_lookup(&(*pskb)->dst, &fl, (*pskb)->sk, 0)) | 64 | if (xfrm_lookup(&skb->dst, &fl, skb->sk, 0)) |
65 | return -1; | 65 | return -1; |
66 | #endif | 66 | #endif |
67 | 67 | ||
68 | /* Change in oif may mean change in hh_len. */ | 68 | /* Change in oif may mean change in hh_len. */ |
69 | hh_len = (*pskb)->dst->dev->hard_header_len; | 69 | hh_len = skb->dst->dev->hard_header_len; |
70 | if (skb_headroom(*pskb) < hh_len && | 70 | if (skb_headroom(skb) < hh_len && |
71 | pskb_expand_head(*pskb, hh_len - skb_headroom(*pskb), 0, | 71 | pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC)) |
72 | GFP_ATOMIC)) | ||
73 | return -1; | 72 | return -1; |
74 | 73 | ||
75 | return 0; | 74 | return 0; |
@@ -77,33 +76,32 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type) | |||
77 | EXPORT_SYMBOL(ip_route_me_harder); | 76 | EXPORT_SYMBOL(ip_route_me_harder); |
78 | 77 | ||
79 | #ifdef CONFIG_XFRM | 78 | #ifdef CONFIG_XFRM |
80 | int ip_xfrm_me_harder(struct sk_buff **pskb) | 79 | int ip_xfrm_me_harder(struct sk_buff *skb) |
81 | { | 80 | { |
82 | struct flowi fl; | 81 | struct flowi fl; |
83 | unsigned int hh_len; | 82 | unsigned int hh_len; |
84 | struct dst_entry *dst; | 83 | struct dst_entry *dst; |
85 | 84 | ||
86 | if (IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED) | 85 | if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) |
87 | return 0; | 86 | return 0; |
88 | if (xfrm_decode_session(*pskb, &fl, AF_INET) < 0) | 87 | if (xfrm_decode_session(skb, &fl, AF_INET) < 0) |
89 | return -1; | 88 | return -1; |
90 | 89 | ||
91 | dst = (*pskb)->dst; | 90 | dst = skb->dst; |
92 | if (dst->xfrm) | 91 | if (dst->xfrm) |
93 | dst = ((struct xfrm_dst *)dst)->route; | 92 | dst = ((struct xfrm_dst *)dst)->route; |
94 | dst_hold(dst); | 93 | dst_hold(dst); |
95 | 94 | ||
96 | if (xfrm_lookup(&dst, &fl, (*pskb)->sk, 0) < 0) | 95 | if (xfrm_lookup(&dst, &fl, skb->sk, 0) < 0) |
97 | return -1; | 96 | return -1; |
98 | 97 | ||
99 | dst_release((*pskb)->dst); | 98 | dst_release(skb->dst); |
100 | (*pskb)->dst = dst; | 99 | skb->dst = dst; |
101 | 100 | ||
102 | /* Change in oif may mean change in hh_len. */ | 101 | /* Change in oif may mean change in hh_len. */ |
103 | hh_len = (*pskb)->dst->dev->hard_header_len; | 102 | hh_len = skb->dst->dev->hard_header_len; |
104 | if (skb_headroom(*pskb) < hh_len && | 103 | if (skb_headroom(skb) < hh_len && |
105 | pskb_expand_head(*pskb, hh_len - skb_headroom(*pskb), 0, | 104 | pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC)) |
106 | GFP_ATOMIC)) | ||
107 | return -1; | 105 | return -1; |
108 | return 0; | 106 | return 0; |
109 | } | 107 | } |
@@ -137,17 +135,17 @@ static void nf_ip_saveroute(const struct sk_buff *skb, struct nf_info *info) | |||
137 | } | 135 | } |
138 | } | 136 | } |
139 | 137 | ||
140 | static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info) | 138 | static int nf_ip_reroute(struct sk_buff *skb, const struct nf_info *info) |
141 | { | 139 | { |
142 | const struct ip_rt_info *rt_info = nf_info_reroute(info); | 140 | const struct ip_rt_info *rt_info = nf_info_reroute(info); |
143 | 141 | ||
144 | if (info->hook == NF_IP_LOCAL_OUT) { | 142 | if (info->hook == NF_IP_LOCAL_OUT) { |
145 | const struct iphdr *iph = ip_hdr(*pskb); | 143 | const struct iphdr *iph = ip_hdr(skb); |
146 | 144 | ||
147 | if (!(iph->tos == rt_info->tos | 145 | if (!(iph->tos == rt_info->tos |
148 | && iph->daddr == rt_info->daddr | 146 | && iph->daddr == rt_info->daddr |
149 | && iph->saddr == rt_info->saddr)) | 147 | && iph->saddr == rt_info->saddr)) |
150 | return ip_route_me_harder(pskb, RTN_UNSPEC); | 148 | return ip_route_me_harder(skb, RTN_UNSPEC); |
151 | } | 149 | } |
152 | return 0; | 150 | return 0; |
153 | } | 151 | } |
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 29114a9ccd1..2909c92ecd9 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
@@ -197,7 +197,7 @@ static inline int arp_checkentry(const struct arpt_arp *arp) | |||
197 | return 1; | 197 | return 1; |
198 | } | 198 | } |
199 | 199 | ||
200 | static unsigned int arpt_error(struct sk_buff **pskb, | 200 | static unsigned int arpt_error(struct sk_buff *skb, |
201 | const struct net_device *in, | 201 | const struct net_device *in, |
202 | const struct net_device *out, | 202 | const struct net_device *out, |
203 | unsigned int hooknum, | 203 | unsigned int hooknum, |
@@ -215,7 +215,7 @@ static inline struct arpt_entry *get_entry(void *base, unsigned int offset) | |||
215 | return (struct arpt_entry *)(base + offset); | 215 | return (struct arpt_entry *)(base + offset); |
216 | } | 216 | } |
217 | 217 | ||
218 | unsigned int arpt_do_table(struct sk_buff **pskb, | 218 | unsigned int arpt_do_table(struct sk_buff *skb, |
219 | unsigned int hook, | 219 | unsigned int hook, |
220 | const struct net_device *in, | 220 | const struct net_device *in, |
221 | const struct net_device *out, | 221 | const struct net_device *out, |
@@ -231,9 +231,9 @@ unsigned int arpt_do_table(struct sk_buff **pskb, | |||
231 | struct xt_table_info *private; | 231 | struct xt_table_info *private; |
232 | 232 | ||
233 | /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ | 233 | /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ |
234 | if (!pskb_may_pull((*pskb), (sizeof(struct arphdr) + | 234 | if (!pskb_may_pull(skb, (sizeof(struct arphdr) + |
235 | (2 * (*pskb)->dev->addr_len) + | 235 | (2 * skb->dev->addr_len) + |
236 | (2 * sizeof(u32))))) | 236 | (2 * sizeof(u32))))) |
237 | return NF_DROP; | 237 | return NF_DROP; |
238 | 238 | ||
239 | indev = in ? in->name : nulldevname; | 239 | indev = in ? in->name : nulldevname; |
@@ -245,14 +245,14 @@ unsigned int arpt_do_table(struct sk_buff **pskb, | |||
245 | e = get_entry(table_base, private->hook_entry[hook]); | 245 | e = get_entry(table_base, private->hook_entry[hook]); |
246 | back = get_entry(table_base, private->underflow[hook]); | 246 | back = get_entry(table_base, private->underflow[hook]); |
247 | 247 | ||
248 | arp = arp_hdr(*pskb); | 248 | arp = arp_hdr(skb); |
249 | do { | 249 | do { |
250 | if (arp_packet_match(arp, (*pskb)->dev, indev, outdev, &e->arp)) { | 250 | if (arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) { |
251 | struct arpt_entry_target *t; | 251 | struct arpt_entry_target *t; |
252 | int hdr_len; | 252 | int hdr_len; |
253 | 253 | ||
254 | hdr_len = sizeof(*arp) + (2 * sizeof(struct in_addr)) + | 254 | hdr_len = sizeof(*arp) + (2 * sizeof(struct in_addr)) + |
255 | (2 * (*pskb)->dev->addr_len); | 255 | (2 * skb->dev->addr_len); |
256 | ADD_COUNTER(e->counters, hdr_len, 1); | 256 | ADD_COUNTER(e->counters, hdr_len, 1); |
257 | 257 | ||
258 | t = arpt_get_target(e); | 258 | t = arpt_get_target(e); |
@@ -290,14 +290,14 @@ unsigned int arpt_do_table(struct sk_buff **pskb, | |||
290 | /* Targets which reenter must return | 290 | /* Targets which reenter must return |
291 | * abs. verdicts | 291 | * abs. verdicts |
292 | */ | 292 | */ |
293 | verdict = t->u.kernel.target->target(pskb, | 293 | verdict = t->u.kernel.target->target(skb, |
294 | in, out, | 294 | in, out, |
295 | hook, | 295 | hook, |
296 | t->u.kernel.target, | 296 | t->u.kernel.target, |
297 | t->data); | 297 | t->data); |
298 | 298 | ||
299 | /* Target might have changed stuff. */ | 299 | /* Target might have changed stuff. */ |
300 | arp = arp_hdr(*pskb); | 300 | arp = arp_hdr(skb); |
301 | 301 | ||
302 | if (verdict == ARPT_CONTINUE) | 302 | if (verdict == ARPT_CONTINUE) |
303 | e = (void *)e + e->next_offset; | 303 | e = (void *)e + e->next_offset; |
diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c index 0181f919a79..45fa4e20094 100644 --- a/net/ipv4/netfilter/arpt_mangle.c +++ b/net/ipv4/netfilter/arpt_mangle.c | |||
@@ -9,7 +9,7 @@ MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>"); | |||
9 | MODULE_DESCRIPTION("arptables arp payload mangle target"); | 9 | MODULE_DESCRIPTION("arptables arp payload mangle target"); |
10 | 10 | ||
11 | static unsigned int | 11 | static unsigned int |
12 | target(struct sk_buff **pskb, | 12 | target(struct sk_buff *skb, |
13 | const struct net_device *in, const struct net_device *out, | 13 | const struct net_device *in, const struct net_device *out, |
14 | unsigned int hooknum, const struct xt_target *target, | 14 | unsigned int hooknum, const struct xt_target *target, |
15 | const void *targinfo) | 15 | const void *targinfo) |
@@ -19,38 +19,38 @@ target(struct sk_buff **pskb, | |||
19 | unsigned char *arpptr; | 19 | unsigned char *arpptr; |
20 | int pln, hln; | 20 | int pln, hln; |
21 | 21 | ||
22 | if (skb_make_writable(*pskb, (*pskb)->len)) | 22 | if (skb_make_writable(skb, skb->len)) |
23 | return NF_DROP; | 23 | return NF_DROP; |
24 | 24 | ||
25 | arp = arp_hdr(*pskb); | 25 | arp = arp_hdr(skb); |
26 | arpptr = skb_network_header(*pskb) + sizeof(*arp); | 26 | arpptr = skb_network_header(skb) + sizeof(*arp); |
27 | pln = arp->ar_pln; | 27 | pln = arp->ar_pln; |
28 | hln = arp->ar_hln; | 28 | hln = arp->ar_hln; |
29 | /* We assume that pln and hln were checked in the match */ | 29 | /* We assume that pln and hln were checked in the match */ |
30 | if (mangle->flags & ARPT_MANGLE_SDEV) { | 30 | if (mangle->flags & ARPT_MANGLE_SDEV) { |
31 | if (ARPT_DEV_ADDR_LEN_MAX < hln || | 31 | if (ARPT_DEV_ADDR_LEN_MAX < hln || |
32 | (arpptr + hln > skb_tail_pointer(*pskb))) | 32 | (arpptr + hln > skb_tail_pointer(skb))) |
33 | return NF_DROP; | 33 | return NF_DROP; |
34 | memcpy(arpptr, mangle->src_devaddr, hln); | 34 | memcpy(arpptr, mangle->src_devaddr, hln); |
35 | } | 35 | } |
36 | arpptr += hln; | 36 | arpptr += hln; |
37 | if (mangle->flags & ARPT_MANGLE_SIP) { | 37 | if (mangle->flags & ARPT_MANGLE_SIP) { |
38 | if (ARPT_MANGLE_ADDR_LEN_MAX < pln || | 38 | if (ARPT_MANGLE_ADDR_LEN_MAX < pln || |
39 | (arpptr + pln > skb_tail_pointer(*pskb))) | 39 | (arpptr + pln > skb_tail_pointer(skb))) |
40 | return NF_DROP; | 40 | return NF_DROP; |
41 | memcpy(arpptr, &mangle->u_s.src_ip, pln); | 41 | memcpy(arpptr, &mangle->u_s.src_ip, pln); |
42 | } | 42 | } |
43 | arpptr += pln; | 43 | arpptr += pln; |
44 | if (mangle->flags & ARPT_MANGLE_TDEV) { | 44 | if (mangle->flags & ARPT_MANGLE_TDEV) { |
45 | if (ARPT_DEV_ADDR_LEN_MAX < hln || | 45 | if (ARPT_DEV_ADDR_LEN_MAX < hln || |
46 | (arpptr + hln > skb_tail_pointer(*pskb))) | 46 | (arpptr + hln > skb_tail_pointer(skb))) |
47 | return NF_DROP; | 47 | return NF_DROP; |
48 | memcpy(arpptr, mangle->tgt_devaddr, hln); | 48 | memcpy(arpptr, mangle->tgt_devaddr, hln); |
49 | } | 49 | } |
50 | arpptr += hln; | 50 | arpptr += hln; |
51 | if (mangle->flags & ARPT_MANGLE_TIP) { | 51 | if (mangle->flags & ARPT_MANGLE_TIP) { |
52 | if (ARPT_MANGLE_ADDR_LEN_MAX < pln || | 52 | if (ARPT_MANGLE_ADDR_LEN_MAX < pln || |
53 | (arpptr + pln > skb_tail_pointer(*pskb))) | 53 | (arpptr + pln > skb_tail_pointer(skb))) |
54 | return NF_DROP; | 54 | return NF_DROP; |
55 | memcpy(arpptr, &mangle->u_t.tgt_ip, pln); | 55 | memcpy(arpptr, &mangle->u_t.tgt_ip, pln); |
56 | } | 56 | } |
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c index 75c02306253..302d3da5f69 100644 --- a/net/ipv4/netfilter/arptable_filter.c +++ b/net/ipv4/netfilter/arptable_filter.c | |||
@@ -56,12 +56,12 @@ static struct arpt_table packet_filter = { | |||
56 | 56 | ||
57 | /* The work comes in here from netfilter.c */ | 57 | /* The work comes in here from netfilter.c */ |
58 | static unsigned int arpt_hook(unsigned int hook, | 58 | static unsigned int arpt_hook(unsigned int hook, |
59 | struct sk_buff **pskb, | 59 | struct sk_buff *skb, |
60 | const struct net_device *in, | 60 | const struct net_device *in, |
61 | const struct net_device *out, | 61 | const struct net_device *out, |
62 | int (*okfn)(struct sk_buff *)) | 62 | int (*okfn)(struct sk_buff *)) |
63 | { | 63 | { |
64 | return arpt_do_table(pskb, hook, in, out, &packet_filter); | 64 | return arpt_do_table(skb, hook, in, out, &packet_filter); |
65 | } | 65 | } |
66 | 66 | ||
67 | static struct nf_hook_ops arpt_ops[] = { | 67 | static struct nf_hook_ops arpt_ops[] = { |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 6486894f450..4b10b98640a 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -169,7 +169,7 @@ ip_checkentry(const struct ipt_ip *ip) | |||
169 | } | 169 | } |
170 | 170 | ||
171 | static unsigned int | 171 | static unsigned int |
172 | ipt_error(struct sk_buff **pskb, | 172 | ipt_error(struct sk_buff *skb, |
173 | const struct net_device *in, | 173 | const struct net_device *in, |
174 | const struct net_device *out, | 174 | const struct net_device *out, |
175 | unsigned int hooknum, | 175 | unsigned int hooknum, |
@@ -312,7 +312,7 @@ static void trace_packet(struct sk_buff *skb, | |||
312 | 312 | ||
313 | /* Returns one of the generic firewall policies, like NF_ACCEPT. */ | 313 | /* Returns one of the generic firewall policies, like NF_ACCEPT. */ |
314 | unsigned int | 314 | unsigned int |
315 | ipt_do_table(struct sk_buff **pskb, | 315 | ipt_do_table(struct sk_buff *skb, |
316 | unsigned int hook, | 316 | unsigned int hook, |
317 | const struct net_device *in, | 317 | const struct net_device *in, |
318 | const struct net_device *out, | 318 | const struct net_device *out, |
@@ -331,8 +331,8 @@ ipt_do_table(struct sk_buff **pskb, | |||
331 | struct xt_table_info *private; | 331 | struct xt_table_info *private; |
332 | 332 | ||
333 | /* Initialization */ | 333 | /* Initialization */ |
334 | ip = ip_hdr(*pskb); | 334 | ip = ip_hdr(skb); |
335 | datalen = (*pskb)->len - ip->ihl * 4; | 335 | datalen = skb->len - ip->ihl * 4; |
336 | indev = in ? in->name : nulldevname; | 336 | indev = in ? in->name : nulldevname; |
337 | outdev = out ? out->name : nulldevname; | 337 | outdev = out ? out->name : nulldevname; |
338 | /* We handle fragments by dealing with the first fragment as | 338 | /* We handle fragments by dealing with the first fragment as |
@@ -359,7 +359,7 @@ ipt_do_table(struct sk_buff **pskb, | |||
359 | struct ipt_entry_target *t; | 359 | struct ipt_entry_target *t; |
360 | 360 | ||
361 | if (IPT_MATCH_ITERATE(e, do_match, | 361 | if (IPT_MATCH_ITERATE(e, do_match, |
362 | *pskb, in, out, | 362 | skb, in, out, |
363 | offset, &hotdrop) != 0) | 363 | offset, &hotdrop) != 0) |
364 | goto no_match; | 364 | goto no_match; |
365 | 365 | ||
@@ -371,8 +371,8 @@ ipt_do_table(struct sk_buff **pskb, | |||
371 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ | 371 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ |
372 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) | 372 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) |
373 | /* The packet is traced: log it */ | 373 | /* The packet is traced: log it */ |
374 | if (unlikely((*pskb)->nf_trace)) | 374 | if (unlikely(skb->nf_trace)) |
375 | trace_packet(*pskb, hook, in, out, | 375 | trace_packet(skb, hook, in, out, |
376 | table->name, private, e); | 376 | table->name, private, e); |
377 | #endif | 377 | #endif |
378 | /* Standard target? */ | 378 | /* Standard target? */ |
@@ -410,7 +410,7 @@ ipt_do_table(struct sk_buff **pskb, | |||
410 | ((struct ipt_entry *)table_base)->comefrom | 410 | ((struct ipt_entry *)table_base)->comefrom |
411 | = 0xeeeeeeec; | 411 | = 0xeeeeeeec; |
412 | #endif | 412 | #endif |
413 | verdict = t->u.kernel.target->target(pskb, | 413 | verdict = t->u.kernel.target->target(skb, |
414 | in, out, | 414 | in, out, |
415 | hook, | 415 | hook, |
416 | t->u.kernel.target, | 416 | t->u.kernel.target, |
@@ -428,8 +428,8 @@ ipt_do_table(struct sk_buff **pskb, | |||
428 | = 0x57acc001; | 428 | = 0x57acc001; |
429 | #endif | 429 | #endif |
430 | /* Target might have changed stuff. */ | 430 | /* Target might have changed stuff. */ |
431 | ip = ip_hdr(*pskb); | 431 | ip = ip_hdr(skb); |
432 | datalen = (*pskb)->len - ip->ihl * 4; | 432 | datalen = skb->len - ip->ihl * 4; |
433 | 433 | ||
434 | if (verdict == IPT_CONTINUE) | 434 | if (verdict == IPT_CONTINUE) |
435 | e = (void *)e + e->next_offset; | 435 | e = (void *)e + e->next_offset; |
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c index 27f14e1ebd8..2f544dac72d 100644 --- a/net/ipv4/netfilter/ipt_CLUSTERIP.c +++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c | |||
@@ -289,7 +289,7 @@ clusterip_responsible(const struct clusterip_config *config, u_int32_t hash) | |||
289 | ***********************************************************************/ | 289 | ***********************************************************************/ |
290 | 290 | ||
291 | static unsigned int | 291 | static unsigned int |
292 | target(struct sk_buff **pskb, | 292 | target(struct sk_buff *skb, |
293 | const struct net_device *in, | 293 | const struct net_device *in, |
294 | const struct net_device *out, | 294 | const struct net_device *out, |
295 | unsigned int hooknum, | 295 | unsigned int hooknum, |
@@ -305,7 +305,7 @@ target(struct sk_buff **pskb, | |||
305 | * is only decremented by destroy() - and ip_tables guarantees | 305 | * is only decremented by destroy() - and ip_tables guarantees |
306 | * that the ->target() function isn't called after ->destroy() */ | 306 | * that the ->target() function isn't called after ->destroy() */ |
307 | 307 | ||
308 | ct = nf_ct_get(*pskb, &ctinfo); | 308 | ct = nf_ct_get(skb, &ctinfo); |
309 | if (ct == NULL) { | 309 | if (ct == NULL) { |
310 | printk(KERN_ERR "CLUSTERIP: no conntrack!\n"); | 310 | printk(KERN_ERR "CLUSTERIP: no conntrack!\n"); |
311 | /* FIXME: need to drop invalid ones, since replies | 311 | /* FIXME: need to drop invalid ones, since replies |
@@ -316,7 +316,7 @@ target(struct sk_buff **pskb, | |||
316 | 316 | ||
317 | /* special case: ICMP error handling. conntrack distinguishes between | 317 | /* special case: ICMP error handling. conntrack distinguishes between |
318 | * error messages (RELATED) and information requests (see below) */ | 318 | * error messages (RELATED) and information requests (see below) */ |
319 | if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP | 319 | if (ip_hdr(skb)->protocol == IPPROTO_ICMP |
320 | && (ctinfo == IP_CT_RELATED | 320 | && (ctinfo == IP_CT_RELATED |
321 | || ctinfo == IP_CT_RELATED+IP_CT_IS_REPLY)) | 321 | || ctinfo == IP_CT_RELATED+IP_CT_IS_REPLY)) |
322 | return XT_CONTINUE; | 322 | return XT_CONTINUE; |
@@ -325,7 +325,7 @@ target(struct sk_buff **pskb, | |||
325 | * TIMESTAMP, INFO_REQUEST or ADDRESS type icmp packets from here | 325 | * TIMESTAMP, INFO_REQUEST or ADDRESS type icmp packets from here |
326 | * on, which all have an ID field [relevant for hashing]. */ | 326 | * on, which all have an ID field [relevant for hashing]. */ |
327 | 327 | ||
328 | hash = clusterip_hashfn(*pskb, cipinfo->config); | 328 | hash = clusterip_hashfn(skb, cipinfo->config); |
329 | 329 | ||
330 | switch (ctinfo) { | 330 | switch (ctinfo) { |
331 | case IP_CT_NEW: | 331 | case IP_CT_NEW: |
@@ -355,7 +355,7 @@ target(struct sk_buff **pskb, | |||
355 | 355 | ||
356 | /* despite being received via linklayer multicast, this is | 356 | /* despite being received via linklayer multicast, this is |
357 | * actually a unicast IP packet. TCP doesn't like PACKET_MULTICAST */ | 357 | * actually a unicast IP packet. TCP doesn't like PACKET_MULTICAST */ |
358 | (*pskb)->pkt_type = PACKET_HOST; | 358 | skb->pkt_type = PACKET_HOST; |
359 | 359 | ||
360 | return XT_CONTINUE; | 360 | return XT_CONTINUE; |
361 | } | 361 | } |
@@ -505,12 +505,12 @@ static void arp_print(struct arp_payload *payload) | |||
505 | 505 | ||
506 | static unsigned int | 506 | static unsigned int |
507 | arp_mangle(unsigned int hook, | 507 | arp_mangle(unsigned int hook, |
508 | struct sk_buff **pskb, | 508 | struct sk_buff *skb, |
509 | const struct net_device *in, | 509 | const struct net_device *in, |
510 | const struct net_device *out, | 510 | const struct net_device *out, |
511 | int (*okfn)(struct sk_buff *)) | 511 | int (*okfn)(struct sk_buff *)) |
512 | { | 512 | { |
513 | struct arphdr *arp = arp_hdr(*pskb); | 513 | struct arphdr *arp = arp_hdr(skb); |
514 | struct arp_payload *payload; | 514 | struct arp_payload *payload; |
515 | struct clusterip_config *c; | 515 | struct clusterip_config *c; |
516 | 516 | ||
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c index 92744be1c55..add110060a2 100644 --- a/net/ipv4/netfilter/ipt_ECN.c +++ b/net/ipv4/netfilter/ipt_ECN.c | |||
@@ -26,15 +26,15 @@ MODULE_DESCRIPTION("iptables ECN modification module"); | |||
26 | /* set ECT codepoint from IP header. | 26 | /* set ECT codepoint from IP header. |
27 | * return false if there was an error. */ | 27 | * return false if there was an error. */ |
28 | static inline bool | 28 | static inline bool |
29 | set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) | 29 | set_ect_ip(struct sk_buff *skb, const struct ipt_ECN_info *einfo) |
30 | { | 30 | { |
31 | struct iphdr *iph = ip_hdr(*pskb); | 31 | struct iphdr *iph = ip_hdr(skb); |
32 | 32 | ||
33 | if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) { | 33 | if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) { |
34 | __u8 oldtos; | 34 | __u8 oldtos; |
35 | if (!skb_make_writable(*pskb, sizeof(struct iphdr))) | 35 | if (!skb_make_writable(skb, sizeof(struct iphdr))) |
36 | return false; | 36 | return false; |
37 | iph = ip_hdr(*pskb); | 37 | iph = ip_hdr(skb); |
38 | oldtos = iph->tos; | 38 | oldtos = iph->tos; |
39 | iph->tos &= ~IPT_ECN_IP_MASK; | 39 | iph->tos &= ~IPT_ECN_IP_MASK; |
40 | iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK); | 40 | iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK); |
@@ -45,14 +45,13 @@ set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) | |||
45 | 45 | ||
46 | /* Return false if there was an error. */ | 46 | /* Return false if there was an error. */ |
47 | static inline bool | 47 | static inline bool |
48 | set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) | 48 | set_ect_tcp(struct sk_buff *skb, const struct ipt_ECN_info *einfo) |
49 | { | 49 | { |
50 | struct tcphdr _tcph, *tcph; | 50 | struct tcphdr _tcph, *tcph; |
51 | __be16 oldval; | 51 | __be16 oldval; |
52 | 52 | ||
53 | /* Not enought header? */ | 53 | /* Not enought header? */ |
54 | tcph = skb_header_pointer(*pskb, ip_hdrlen(*pskb), | 54 | tcph = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph); |
55 | sizeof(_tcph), &_tcph); | ||
56 | if (!tcph) | 55 | if (!tcph) |
57 | return false; | 56 | return false; |
58 | 57 | ||
@@ -62,9 +61,9 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) | |||
62 | tcph->cwr == einfo->proto.tcp.cwr)) | 61 | tcph->cwr == einfo->proto.tcp.cwr)) |
63 | return true; | 62 | return true; |
64 | 63 | ||
65 | if (!skb_make_writable(*pskb, ip_hdrlen(*pskb) + sizeof(*tcph))) | 64 | if (!skb_make_writable(skb, ip_hdrlen(skb) + sizeof(*tcph))) |
66 | return false; | 65 | return false; |
67 | tcph = (void *)ip_hdr(*pskb) + ip_hdrlen(*pskb); | 66 | tcph = (void *)ip_hdr(skb) + ip_hdrlen(skb); |
68 | 67 | ||
69 | oldval = ((__be16 *)tcph)[6]; | 68 | oldval = ((__be16 *)tcph)[6]; |
70 | if (einfo->operation & IPT_ECN_OP_SET_ECE) | 69 | if (einfo->operation & IPT_ECN_OP_SET_ECE) |
@@ -72,13 +71,13 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) | |||
72 | if (einfo->operation & IPT_ECN_OP_SET_CWR) | 71 | if (einfo->operation & IPT_ECN_OP_SET_CWR) |
73 | tcph->cwr = einfo->proto.tcp.cwr; | 72 | tcph->cwr = einfo->proto.tcp.cwr; |
74 | 73 | ||
75 | nf_proto_csum_replace2(&tcph->check, *pskb, | 74 | nf_proto_csum_replace2(&tcph->check, skb, |
76 | oldval, ((__be16 *)tcph)[6], 0); | 75 | oldval, ((__be16 *)tcph)[6], 0); |
77 | return true; | 76 | return true; |
78 | } | 77 | } |
79 | 78 | ||
80 | static unsigned int | 79 | static unsigned int |
81 | target(struct sk_buff **pskb, | 80 | target(struct sk_buff *skb, |
82 | const struct net_device *in, | 81 | const struct net_device *in, |
83 | const struct net_device *out, | 82 | const struct net_device *out, |
84 | unsigned int hooknum, | 83 | unsigned int hooknum, |
@@ -88,12 +87,12 @@ target(struct sk_buff **pskb, | |||
88 | const struct ipt_ECN_info *einfo = targinfo; | 87 | const struct ipt_ECN_info *einfo = targinfo; |
89 | 88 | ||
90 | if (einfo->operation & IPT_ECN_OP_SET_IP) | 89 | if (einfo->operation & IPT_ECN_OP_SET_IP) |
91 | if (!set_ect_ip(pskb, einfo)) | 90 | if (!set_ect_ip(skb, einfo)) |
92 | return NF_DROP; | 91 | return NF_DROP; |
93 | 92 | ||
94 | if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR) | 93 | if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR) |
95 | && ip_hdr(*pskb)->protocol == IPPROTO_TCP) | 94 | && ip_hdr(skb)->protocol == IPPROTO_TCP) |
96 | if (!set_ect_tcp(pskb, einfo)) | 95 | if (!set_ect_tcp(skb, einfo)) |
97 | return NF_DROP; | 96 | return NF_DROP; |
98 | 97 | ||
99 | return XT_CONTINUE; | 98 | return XT_CONTINUE; |
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c index 127a5e89bf1..4b5e8216a4e 100644 --- a/net/ipv4/netfilter/ipt_LOG.c +++ b/net/ipv4/netfilter/ipt_LOG.c | |||
@@ -418,7 +418,7 @@ ipt_log_packet(unsigned int pf, | |||
418 | } | 418 | } |
419 | 419 | ||
420 | static unsigned int | 420 | static unsigned int |
421 | ipt_log_target(struct sk_buff **pskb, | 421 | ipt_log_target(struct sk_buff *skb, |
422 | const struct net_device *in, | 422 | const struct net_device *in, |
423 | const struct net_device *out, | 423 | const struct net_device *out, |
424 | unsigned int hooknum, | 424 | unsigned int hooknum, |
@@ -432,7 +432,7 @@ ipt_log_target(struct sk_buff **pskb, | |||
432 | li.u.log.level = loginfo->level; | 432 | li.u.log.level = loginfo->level; |
433 | li.u.log.logflags = loginfo->logflags; | 433 | li.u.log.logflags = loginfo->logflags; |
434 | 434 | ||
435 | ipt_log_packet(PF_INET, hooknum, *pskb, in, out, &li, | 435 | ipt_log_packet(PF_INET, hooknum, skb, in, out, &li, |
436 | loginfo->prefix); | 436 | loginfo->prefix); |
437 | return XT_CONTINUE; | 437 | return XT_CONTINUE; |
438 | } | 438 | } |
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c index 3e0b562b2db..44b516e7cb7 100644 --- a/net/ipv4/netfilter/ipt_MASQUERADE.c +++ b/net/ipv4/netfilter/ipt_MASQUERADE.c | |||
@@ -52,7 +52,7 @@ masquerade_check(const char *tablename, | |||
52 | } | 52 | } |
53 | 53 | ||
54 | static unsigned int | 54 | static unsigned int |
55 | masquerade_target(struct sk_buff **pskb, | 55 | masquerade_target(struct sk_buff *skb, |
56 | const struct net_device *in, | 56 | const struct net_device *in, |
57 | const struct net_device *out, | 57 | const struct net_device *out, |
58 | unsigned int hooknum, | 58 | unsigned int hooknum, |
@@ -69,7 +69,7 @@ masquerade_target(struct sk_buff **pskb, | |||
69 | 69 | ||
70 | NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); | 70 | NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); |
71 | 71 | ||
72 | ct = nf_ct_get(*pskb, &ctinfo); | 72 | ct = nf_ct_get(skb, &ctinfo); |
73 | nat = nfct_nat(ct); | 73 | nat = nfct_nat(ct); |
74 | 74 | ||
75 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED | 75 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED |
@@ -82,7 +82,7 @@ masquerade_target(struct sk_buff **pskb, | |||
82 | return NF_ACCEPT; | 82 | return NF_ACCEPT; |
83 | 83 | ||
84 | mr = targinfo; | 84 | mr = targinfo; |
85 | rt = (struct rtable *)(*pskb)->dst; | 85 | rt = (struct rtable *)skb->dst; |
86 | newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE); | 86 | newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE); |
87 | if (!newsrc) { | 87 | if (!newsrc) { |
88 | printk("MASQUERADE: %s ate my IP address\n", out->name); | 88 | printk("MASQUERADE: %s ate my IP address\n", out->name); |
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c index 41a011d5a06..f8699291e33 100644 --- a/net/ipv4/netfilter/ipt_NETMAP.c +++ b/net/ipv4/netfilter/ipt_NETMAP.c | |||
@@ -43,7 +43,7 @@ check(const char *tablename, | |||
43 | } | 43 | } |
44 | 44 | ||
45 | static unsigned int | 45 | static unsigned int |
46 | target(struct sk_buff **pskb, | 46 | target(struct sk_buff *skb, |
47 | const struct net_device *in, | 47 | const struct net_device *in, |
48 | const struct net_device *out, | 48 | const struct net_device *out, |
49 | unsigned int hooknum, | 49 | unsigned int hooknum, |
@@ -59,14 +59,14 @@ target(struct sk_buff **pskb, | |||
59 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING | 59 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING |
60 | || hooknum == NF_IP_POST_ROUTING | 60 | || hooknum == NF_IP_POST_ROUTING |
61 | || hooknum == NF_IP_LOCAL_OUT); | 61 | || hooknum == NF_IP_LOCAL_OUT); |
62 | ct = nf_ct_get(*pskb, &ctinfo); | 62 | ct = nf_ct_get(skb, &ctinfo); |
63 | 63 | ||
64 | netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip); | 64 | netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip); |
65 | 65 | ||
66 | if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT) | 66 | if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT) |
67 | new_ip = ip_hdr(*pskb)->daddr & ~netmask; | 67 | new_ip = ip_hdr(skb)->daddr & ~netmask; |
68 | else | 68 | else |
69 | new_ip = ip_hdr(*pskb)->saddr & ~netmask; | 69 | new_ip = ip_hdr(skb)->saddr & ~netmask; |
70 | new_ip |= mr->range[0].min_ip & netmask; | 70 | new_ip |= mr->range[0].min_ip & netmask; |
71 | 71 | ||
72 | newrange = ((struct nf_nat_range) | 72 | newrange = ((struct nf_nat_range) |
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c index 6ac7a237331..f7cf7d61a2d 100644 --- a/net/ipv4/netfilter/ipt_REDIRECT.c +++ b/net/ipv4/netfilter/ipt_REDIRECT.c | |||
@@ -47,7 +47,7 @@ redirect_check(const char *tablename, | |||
47 | } | 47 | } |
48 | 48 | ||
49 | static unsigned int | 49 | static unsigned int |
50 | redirect_target(struct sk_buff **pskb, | 50 | redirect_target(struct sk_buff *skb, |
51 | const struct net_device *in, | 51 | const struct net_device *in, |
52 | const struct net_device *out, | 52 | const struct net_device *out, |
53 | unsigned int hooknum, | 53 | unsigned int hooknum, |
@@ -63,7 +63,7 @@ redirect_target(struct sk_buff **pskb, | |||
63 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING | 63 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING |
64 | || hooknum == NF_IP_LOCAL_OUT); | 64 | || hooknum == NF_IP_LOCAL_OUT); |
65 | 65 | ||
66 | ct = nf_ct_get(*pskb, &ctinfo); | 66 | ct = nf_ct_get(skb, &ctinfo); |
67 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); | 67 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); |
68 | 68 | ||
69 | /* Local packets: make them go to loopback */ | 69 | /* Local packets: make them go to loopback */ |
@@ -76,7 +76,7 @@ redirect_target(struct sk_buff **pskb, | |||
76 | newdst = 0; | 76 | newdst = 0; |
77 | 77 | ||
78 | rcu_read_lock(); | 78 | rcu_read_lock(); |
79 | indev = __in_dev_get_rcu((*pskb)->dev); | 79 | indev = __in_dev_get_rcu(skb->dev); |
80 | if (indev && (ifa = indev->ifa_list)) | 80 | if (indev && (ifa = indev->ifa_list)) |
81 | newdst = ifa->ifa_local; | 81 | newdst = ifa->ifa_local; |
82 | rcu_read_unlock(); | 82 | rcu_read_unlock(); |
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c index cb038c8fbc9..dcf4d21d511 100644 --- a/net/ipv4/netfilter/ipt_REJECT.c +++ b/net/ipv4/netfilter/ipt_REJECT.c | |||
@@ -131,7 +131,7 @@ static void send_reset(struct sk_buff *oldskb, int hook) | |||
131 | ) | 131 | ) |
132 | addr_type = RTN_LOCAL; | 132 | addr_type = RTN_LOCAL; |
133 | 133 | ||
134 | if (ip_route_me_harder(&nskb, addr_type)) | 134 | if (ip_route_me_harder(nskb, addr_type)) |
135 | goto free_nskb; | 135 | goto free_nskb; |
136 | 136 | ||
137 | nskb->ip_summed = CHECKSUM_NONE; | 137 | nskb->ip_summed = CHECKSUM_NONE; |
@@ -162,7 +162,7 @@ static inline void send_unreach(struct sk_buff *skb_in, int code) | |||
162 | icmp_send(skb_in, ICMP_DEST_UNREACH, code, 0); | 162 | icmp_send(skb_in, ICMP_DEST_UNREACH, code, 0); |
163 | } | 163 | } |
164 | 164 | ||
165 | static unsigned int reject(struct sk_buff **pskb, | 165 | static unsigned int reject(struct sk_buff *skb, |
166 | const struct net_device *in, | 166 | const struct net_device *in, |
167 | const struct net_device *out, | 167 | const struct net_device *out, |
168 | unsigned int hooknum, | 168 | unsigned int hooknum, |
@@ -173,7 +173,7 @@ static unsigned int reject(struct sk_buff **pskb, | |||
173 | 173 | ||
174 | /* Our naive response construction doesn't deal with IP | 174 | /* Our naive response construction doesn't deal with IP |
175 | options, and probably shouldn't try. */ | 175 | options, and probably shouldn't try. */ |
176 | if (ip_hdrlen(*pskb) != sizeof(struct iphdr)) | 176 | if (ip_hdrlen(skb) != sizeof(struct iphdr)) |
177 | return NF_DROP; | 177 | return NF_DROP; |
178 | 178 | ||
179 | /* WARNING: This code causes reentry within iptables. | 179 | /* WARNING: This code causes reentry within iptables. |
@@ -181,28 +181,28 @@ static unsigned int reject(struct sk_buff **pskb, | |||
181 | must return an absolute verdict. --RR */ | 181 | must return an absolute verdict. --RR */ |
182 | switch (reject->with) { | 182 | switch (reject->with) { |
183 | case IPT_ICMP_NET_UNREACHABLE: | 183 | case IPT_ICMP_NET_UNREACHABLE: |
184 | send_unreach(*pskb, ICMP_NET_UNREACH); | 184 | send_unreach(skb, ICMP_NET_UNREACH); |
185 | break; | 185 | break; |
186 | case IPT_ICMP_HOST_UNREACHABLE: | 186 | case IPT_ICMP_HOST_UNREACHABLE: |
187 | send_unreach(*pskb, ICMP_HOST_UNREACH); | 187 | send_unreach(skb, ICMP_HOST_UNREACH); |
188 | break; | 188 | break; |
189 | case IPT_ICMP_PROT_UNREACHABLE: | 189 | case IPT_ICMP_PROT_UNREACHABLE: |
190 | send_unreach(*pskb, ICMP_PROT_UNREACH); | 190 | send_unreach(skb, ICMP_PROT_UNREACH); |
191 | break; | 191 | break; |
192 | case IPT_ICMP_PORT_UNREACHABLE: | 192 | case IPT_ICMP_PORT_UNREACHABLE: |
193 | send_unreach(*pskb, ICMP_PORT_UNREACH); | 193 | send_unreach(skb, ICMP_PORT_UNREACH); |
194 | break; | 194 | break; |
195 | case IPT_ICMP_NET_PROHIBITED: | 195 | case IPT_ICMP_NET_PROHIBITED: |
196 | send_unreach(*pskb, ICMP_NET_ANO); | 196 | send_unreach(skb, ICMP_NET_ANO); |
197 | break; | 197 | break; |
198 | case IPT_ICMP_HOST_PROHIBITED: | 198 | case IPT_ICMP_HOST_PROHIBITED: |
199 | send_unreach(*pskb, ICMP_HOST_ANO); | 199 | send_unreach(skb, ICMP_HOST_ANO); |
200 | break; | 200 | break; |
201 | case IPT_ICMP_ADMIN_PROHIBITED: | 201 | case IPT_ICMP_ADMIN_PROHIBITED: |
202 | send_unreach(*pskb, ICMP_PKT_FILTERED); | 202 | send_unreach(skb, ICMP_PKT_FILTERED); |
203 | break; | 203 | break; |
204 | case IPT_TCP_RESET: | 204 | case IPT_TCP_RESET: |
205 | send_reset(*pskb, hooknum); | 205 | send_reset(skb, hooknum); |
206 | case IPT_ICMP_ECHOREPLY: | 206 | case IPT_ICMP_ECHOREPLY: |
207 | /* Doesn't happen. */ | 207 | /* Doesn't happen. */ |
208 | break; | 208 | break; |
diff --git a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c index 97641f1a97f..8988571436b 100644 --- a/net/ipv4/netfilter/ipt_SAME.c +++ b/net/ipv4/netfilter/ipt_SAME.c | |||
@@ -104,7 +104,7 @@ same_destroy(const struct xt_target *target, void *targinfo) | |||
104 | } | 104 | } |
105 | 105 | ||
106 | static unsigned int | 106 | static unsigned int |
107 | same_target(struct sk_buff **pskb, | 107 | same_target(struct sk_buff *skb, |
108 | const struct net_device *in, | 108 | const struct net_device *in, |
109 | const struct net_device *out, | 109 | const struct net_device *out, |
110 | unsigned int hooknum, | 110 | unsigned int hooknum, |
@@ -121,7 +121,7 @@ same_target(struct sk_buff **pskb, | |||
121 | 121 | ||
122 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || | 122 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || |
123 | hooknum == NF_IP_POST_ROUTING); | 123 | hooknum == NF_IP_POST_ROUTING); |
124 | ct = nf_ct_get(*pskb, &ctinfo); | 124 | ct = nf_ct_get(skb, &ctinfo); |
125 | 125 | ||
126 | t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; | 126 | t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; |
127 | 127 | ||
diff --git a/net/ipv4/netfilter/ipt_TOS.c b/net/ipv4/netfilter/ipt_TOS.c index 87b689ac09a..d4573baa7f2 100644 --- a/net/ipv4/netfilter/ipt_TOS.c +++ b/net/ipv4/netfilter/ipt_TOS.c | |||
@@ -21,7 +21,7 @@ MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); | |||
21 | MODULE_DESCRIPTION("iptables TOS mangling module"); | 21 | MODULE_DESCRIPTION("iptables TOS mangling module"); |
22 | 22 | ||
23 | static unsigned int | 23 | static unsigned int |
24 | target(struct sk_buff **pskb, | 24 | target(struct sk_buff *skb, |
25 | const struct net_device *in, | 25 | const struct net_device *in, |
26 | const struct net_device *out, | 26 | const struct net_device *out, |
27 | unsigned int hooknum, | 27 | unsigned int hooknum, |
@@ -29,13 +29,13 @@ target(struct sk_buff **pskb, | |||
29 | const void *targinfo) | 29 | const void *targinfo) |
30 | { | 30 | { |
31 | const struct ipt_tos_target_info *tosinfo = targinfo; | 31 | const struct ipt_tos_target_info *tosinfo = targinfo; |
32 | struct iphdr *iph = ip_hdr(*pskb); | 32 | struct iphdr *iph = ip_hdr(skb); |
33 | 33 | ||
34 | if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) { | 34 | if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) { |
35 | __u8 oldtos; | 35 | __u8 oldtos; |
36 | if (!skb_make_writable(*pskb, sizeof(struct iphdr))) | 36 | if (!skb_make_writable(skb, sizeof(struct iphdr))) |
37 | return NF_DROP; | 37 | return NF_DROP; |
38 | iph = ip_hdr(*pskb); | 38 | iph = ip_hdr(skb); |
39 | oldtos = iph->tos; | 39 | oldtos = iph->tos; |
40 | iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos; | 40 | iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos; |
41 | nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos)); | 41 | nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos)); |
diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c index 3dd467611e1..c620a052766 100644 --- a/net/ipv4/netfilter/ipt_TTL.c +++ b/net/ipv4/netfilter/ipt_TTL.c | |||
@@ -20,7 +20,7 @@ MODULE_DESCRIPTION("IP tables TTL modification module"); | |||
20 | MODULE_LICENSE("GPL"); | 20 | MODULE_LICENSE("GPL"); |
21 | 21 | ||
22 | static unsigned int | 22 | static unsigned int |
23 | ipt_ttl_target(struct sk_buff **pskb, | 23 | ipt_ttl_target(struct sk_buff *skb, |
24 | const struct net_device *in, const struct net_device *out, | 24 | const struct net_device *in, const struct net_device *out, |
25 | unsigned int hooknum, const struct xt_target *target, | 25 | unsigned int hooknum, const struct xt_target *target, |
26 | const void *targinfo) | 26 | const void *targinfo) |
@@ -29,10 +29,10 @@ ipt_ttl_target(struct sk_buff **pskb, | |||
29 | const struct ipt_TTL_info *info = targinfo; | 29 | const struct ipt_TTL_info *info = targinfo; |
30 | int new_ttl; | 30 | int new_ttl; |
31 | 31 | ||
32 | if (!skb_make_writable(*pskb, (*pskb)->len)) | 32 | if (!skb_make_writable(skb, skb->len)) |
33 | return NF_DROP; | 33 | return NF_DROP; |
34 | 34 | ||
35 | iph = ip_hdr(*pskb); | 35 | iph = ip_hdr(skb); |
36 | 36 | ||
37 | switch (info->mode) { | 37 | switch (info->mode) { |
38 | case IPT_TTL_SET: | 38 | case IPT_TTL_SET: |
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index c636d6d6357..212b830765a 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c | |||
@@ -279,7 +279,7 @@ alloc_failure: | |||
279 | spin_unlock_bh(&ulog_lock); | 279 | spin_unlock_bh(&ulog_lock); |
280 | } | 280 | } |
281 | 281 | ||
282 | static unsigned int ipt_ulog_target(struct sk_buff **pskb, | 282 | static unsigned int ipt_ulog_target(struct sk_buff *skb, |
283 | const struct net_device *in, | 283 | const struct net_device *in, |
284 | const struct net_device *out, | 284 | const struct net_device *out, |
285 | unsigned int hooknum, | 285 | unsigned int hooknum, |
@@ -288,7 +288,7 @@ static unsigned int ipt_ulog_target(struct sk_buff **pskb, | |||
288 | { | 288 | { |
289 | struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; | 289 | struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; |
290 | 290 | ||
291 | ipt_ulog_packet(hooknum, *pskb, in, out, loginfo, NULL); | 291 | ipt_ulog_packet(hooknum, skb, in, out, loginfo, NULL); |
292 | 292 | ||
293 | return XT_CONTINUE; | 293 | return XT_CONTINUE; |
294 | } | 294 | } |
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c index 4f51c1d7d2d..ba3262c6043 100644 --- a/net/ipv4/netfilter/iptable_filter.c +++ b/net/ipv4/netfilter/iptable_filter.c | |||
@@ -62,31 +62,31 @@ static struct xt_table packet_filter = { | |||
62 | /* The work comes in here from netfilter.c. */ | 62 | /* The work comes in here from netfilter.c. */ |
63 | static unsigned int | 63 | static unsigned int |
64 | ipt_hook(unsigned int hook, | 64 | ipt_hook(unsigned int hook, |
65 | struct sk_buff **pskb, | 65 | struct sk_buff *skb, |
66 | const struct net_device *in, | 66 | const struct net_device *in, |
67 | const struct net_device *out, | 67 | const struct net_device *out, |
68 | int (*okfn)(struct sk_buff *)) | 68 | int (*okfn)(struct sk_buff *)) |
69 | { | 69 | { |
70 | return ipt_do_table(pskb, hook, in, out, &packet_filter); | 70 | return ipt_do_table(skb, hook, in, out, &packet_filter); |
71 | } | 71 | } |
72 | 72 | ||
73 | static unsigned int | 73 | static unsigned int |
74 | ipt_local_out_hook(unsigned int hook, | 74 | ipt_local_out_hook(unsigned int hook, |
75 | struct sk_buff **pskb, | 75 | struct sk_buff *skb, |
76 | const struct net_device *in, | 76 | const struct net_device *in, |
77 | const struct net_device *out, | 77 | const struct net_device *out, |
78 | int (*okfn)(struct sk_buff *)) | 78 | int (*okfn)(struct sk_buff *)) |
79 | { | 79 | { |
80 | /* root is playing with raw sockets. */ | 80 | /* root is playing with raw sockets. */ |
81 | if ((*pskb)->len < sizeof(struct iphdr) | 81 | if (skb->len < sizeof(struct iphdr) || |
82 | || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { | 82 | ip_hdrlen(skb) < sizeof(struct iphdr)) { |
83 | if (net_ratelimit()) | 83 | if (net_ratelimit()) |
84 | printk("iptable_filter: ignoring short SOCK_RAW " | 84 | printk("iptable_filter: ignoring short SOCK_RAW " |
85 | "packet.\n"); | 85 | "packet.\n"); |
86 | return NF_ACCEPT; | 86 | return NF_ACCEPT; |
87 | } | 87 | } |
88 | 88 | ||
89 | return ipt_do_table(pskb, hook, in, out, &packet_filter); | 89 | return ipt_do_table(skb, hook, in, out, &packet_filter); |
90 | } | 90 | } |
91 | 91 | ||
92 | static struct nf_hook_ops ipt_ops[] = { | 92 | static struct nf_hook_ops ipt_ops[] = { |
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c index 902446f7cbc..b4360a69d5c 100644 --- a/net/ipv4/netfilter/iptable_mangle.c +++ b/net/ipv4/netfilter/iptable_mangle.c | |||
@@ -75,17 +75,17 @@ static struct xt_table packet_mangler = { | |||
75 | /* The work comes in here from netfilter.c. */ | 75 | /* The work comes in here from netfilter.c. */ |
76 | static unsigned int | 76 | static unsigned int |
77 | ipt_route_hook(unsigned int hook, | 77 | ipt_route_hook(unsigned int hook, |
78 | struct sk_buff **pskb, | 78 | struct sk_buff *skb, |
79 | const struct net_device *in, | 79 | const struct net_device *in, |
80 | const struct net_device *out, | 80 | const struct net_device *out, |
81 | int (*okfn)(struct sk_buff *)) | 81 | int (*okfn)(struct sk_buff *)) |
82 | { | 82 | { |
83 | return ipt_do_table(pskb, hook, in, out, &packet_mangler); | 83 | return ipt_do_table(skb, hook, in, out, &packet_mangler); |
84 | } | 84 | } |
85 | 85 | ||
86 | static unsigned int | 86 | static unsigned int |
87 | ipt_local_hook(unsigned int hook, | 87 | ipt_local_hook(unsigned int hook, |
88 | struct sk_buff **pskb, | 88 | struct sk_buff *skb, |
89 | const struct net_device *in, | 89 | const struct net_device *in, |
90 | const struct net_device *out, | 90 | const struct net_device *out, |
91 | int (*okfn)(struct sk_buff *)) | 91 | int (*okfn)(struct sk_buff *)) |
@@ -97,8 +97,8 @@ ipt_local_hook(unsigned int hook, | |||
97 | u_int32_t mark; | 97 | u_int32_t mark; |
98 | 98 | ||
99 | /* root is playing with raw sockets. */ | 99 | /* root is playing with raw sockets. */ |
100 | if ((*pskb)->len < sizeof(struct iphdr) | 100 | if (skb->len < sizeof(struct iphdr) |
101 | || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { | 101 | || ip_hdrlen(skb) < sizeof(struct iphdr)) { |
102 | if (net_ratelimit()) | 102 | if (net_ratelimit()) |
103 | printk("iptable_mangle: ignoring short SOCK_RAW " | 103 | printk("iptable_mangle: ignoring short SOCK_RAW " |
104 | "packet.\n"); | 104 | "packet.\n"); |
@@ -106,22 +106,22 @@ ipt_local_hook(unsigned int hook, | |||
106 | } | 106 | } |
107 | 107 | ||
108 | /* Save things which could affect route */ | 108 | /* Save things which could affect route */ |
109 | mark = (*pskb)->mark; | 109 | mark = skb->mark; |
110 | iph = ip_hdr(*pskb); | 110 | iph = ip_hdr(skb); |
111 | saddr = iph->saddr; | 111 | saddr = iph->saddr; |
112 | daddr = iph->daddr; | 112 | daddr = iph->daddr; |
113 | tos = iph->tos; | 113 | tos = iph->tos; |
114 | 114 | ||
115 | ret = ipt_do_table(pskb, hook, in, out, &packet_mangler); | 115 | ret = ipt_do_table(skb, hook, in, out, &packet_mangler); |
116 | /* Reroute for ANY change. */ | 116 | /* Reroute for ANY change. */ |
117 | if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) { | 117 | if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) { |
118 | iph = ip_hdr(*pskb); | 118 | iph = ip_hdr(skb); |
119 | 119 | ||
120 | if (iph->saddr != saddr || | 120 | if (iph->saddr != saddr || |
121 | iph->daddr != daddr || | 121 | iph->daddr != daddr || |
122 | (*pskb)->mark != mark || | 122 | skb->mark != mark || |
123 | iph->tos != tos) | 123 | iph->tos != tos) |
124 | if (ip_route_me_harder(pskb, RTN_UNSPEC)) | 124 | if (ip_route_me_harder(skb, RTN_UNSPEC)) |
125 | ret = NF_DROP; | 125 | ret = NF_DROP; |
126 | } | 126 | } |
127 | 127 | ||
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c index d6e50339568..5de6e57ac55 100644 --- a/net/ipv4/netfilter/iptable_raw.c +++ b/net/ipv4/netfilter/iptable_raw.c | |||
@@ -47,30 +47,30 @@ static struct xt_table packet_raw = { | |||
47 | /* The work comes in here from netfilter.c. */ | 47 | /* The work comes in here from netfilter.c. */ |
48 | static unsigned int | 48 | static unsigned int |
49 | ipt_hook(unsigned int hook, | 49 | ipt_hook(unsigned int hook, |
50 | struct sk_buff **pskb, | 50 | struct sk_buff *skb, |
51 | const struct net_device *in, | 51 | const struct net_device *in, |
52 | const struct net_device *out, | 52 | const struct net_device *out, |
53 | int (*okfn)(struct sk_buff *)) | 53 | int (*okfn)(struct sk_buff *)) |
54 | { | 54 | { |
55 | return ipt_do_table(pskb, hook, in, out, &packet_raw); | 55 | return ipt_do_table(skb, hook, in, out, &packet_raw); |
56 | } | 56 | } |
57 | 57 | ||
58 | static unsigned int | 58 | static unsigned int |
59 | ipt_local_hook(unsigned int hook, | 59 | ipt_local_hook(unsigned int hook, |
60 | struct sk_buff **pskb, | 60 | struct sk_buff *skb, |
61 | const struct net_device *in, | 61 | const struct net_device *in, |
62 | const struct net_device *out, | 62 | const struct net_device *out, |
63 | int (*okfn)(struct sk_buff *)) | 63 | int (*okfn)(struct sk_buff *)) |
64 | { | 64 | { |
65 | /* root is playing with raw sockets. */ | 65 | /* root is playing with raw sockets. */ |
66 | if ((*pskb)->len < sizeof(struct iphdr) || | 66 | if (skb->len < sizeof(struct iphdr) || |
67 | ip_hdrlen(*pskb) < sizeof(struct iphdr)) { | 67 | ip_hdrlen(skb) < sizeof(struct iphdr)) { |
68 | if (net_ratelimit()) | 68 | if (net_ratelimit()) |
69 | printk("iptable_raw: ignoring short SOCK_RAW" | 69 | printk("iptable_raw: ignoring short SOCK_RAW" |
70 | "packet.\n"); | 70 | "packet.\n"); |
71 | return NF_ACCEPT; | 71 | return NF_ACCEPT; |
72 | } | 72 | } |
73 | return ipt_do_table(pskb, hook, in, out, &packet_raw); | 73 | return ipt_do_table(skb, hook, in, out, &packet_raw); |
74 | } | 74 | } |
75 | 75 | ||
76 | /* 'raw' is the very first table. */ | 76 | /* 'raw' is the very first table. */ |
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 48fdd9eb1c7..831e9b29806 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
@@ -100,17 +100,17 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff, | |||
100 | } | 100 | } |
101 | 101 | ||
102 | static unsigned int ipv4_confirm(unsigned int hooknum, | 102 | static unsigned int ipv4_confirm(unsigned int hooknum, |
103 | struct sk_buff **pskb, | 103 | struct sk_buff *skb, |
104 | const struct net_device *in, | 104 | const struct net_device *in, |
105 | const struct net_device *out, | 105 | const struct net_device *out, |
106 | int (*okfn)(struct sk_buff *)) | 106 | int (*okfn)(struct sk_buff *)) |
107 | { | 107 | { |
108 | /* We've seen it coming out the other side: confirm it */ | 108 | /* We've seen it coming out the other side: confirm it */ |
109 | return nf_conntrack_confirm(pskb); | 109 | return nf_conntrack_confirm(skb); |
110 | } | 110 | } |
111 | 111 | ||
112 | static unsigned int ipv4_conntrack_help(unsigned int hooknum, | 112 | static unsigned int ipv4_conntrack_help(unsigned int hooknum, |
113 | struct sk_buff **pskb, | 113 | struct sk_buff *skb, |
114 | const struct net_device *in, | 114 | const struct net_device *in, |
115 | const struct net_device *out, | 115 | const struct net_device *out, |
116 | int (*okfn)(struct sk_buff *)) | 116 | int (*okfn)(struct sk_buff *)) |
@@ -121,7 +121,7 @@ static unsigned int ipv4_conntrack_help(unsigned int hooknum, | |||
121 | struct nf_conntrack_helper *helper; | 121 | struct nf_conntrack_helper *helper; |
122 | 122 | ||
123 | /* This is where we call the helper: as the packet goes out. */ | 123 | /* This is where we call the helper: as the packet goes out. */ |
124 | ct = nf_ct_get(*pskb, &ctinfo); | 124 | ct = nf_ct_get(skb, &ctinfo); |
125 | if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY) | 125 | if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY) |
126 | return NF_ACCEPT; | 126 | return NF_ACCEPT; |
127 | 127 | ||
@@ -132,24 +132,24 @@ static unsigned int ipv4_conntrack_help(unsigned int hooknum, | |||
132 | helper = rcu_dereference(help->helper); | 132 | helper = rcu_dereference(help->helper); |
133 | if (!helper) | 133 | if (!helper) |
134 | return NF_ACCEPT; | 134 | return NF_ACCEPT; |
135 | return helper->help(pskb, skb_network_offset(*pskb) + ip_hdrlen(*pskb), | 135 | return helper->help(skb, skb_network_offset(skb) + ip_hdrlen(skb), |
136 | ct, ctinfo); | 136 | ct, ctinfo); |
137 | } | 137 | } |
138 | 138 | ||
139 | static unsigned int ipv4_conntrack_defrag(unsigned int hooknum, | 139 | static unsigned int ipv4_conntrack_defrag(unsigned int hooknum, |
140 | struct sk_buff **pskb, | 140 | struct sk_buff *skb, |
141 | const struct net_device *in, | 141 | const struct net_device *in, |
142 | const struct net_device *out, | 142 | const struct net_device *out, |
143 | int (*okfn)(struct sk_buff *)) | 143 | int (*okfn)(struct sk_buff *)) |
144 | { | 144 | { |
145 | /* Previously seen (loopback)? Ignore. Do this before | 145 | /* Previously seen (loopback)? Ignore. Do this before |
146 | fragment check. */ | 146 | fragment check. */ |
147 | if ((*pskb)->nfct) | 147 | if (skb->nfct) |
148 | return NF_ACCEPT; | 148 | return NF_ACCEPT; |
149 | 149 | ||
150 | /* Gather fragments. */ | 150 | /* Gather fragments. */ |
151 | if (ip_hdr(*pskb)->frag_off & htons(IP_MF | IP_OFFSET)) { | 151 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { |
152 | if (nf_ct_ipv4_gather_frags(*pskb, | 152 | if (nf_ct_ipv4_gather_frags(skb, |
153 | hooknum == NF_IP_PRE_ROUTING ? | 153 | hooknum == NF_IP_PRE_ROUTING ? |
154 | IP_DEFRAG_CONNTRACK_IN : | 154 | IP_DEFRAG_CONNTRACK_IN : |
155 | IP_DEFRAG_CONNTRACK_OUT)) | 155 | IP_DEFRAG_CONNTRACK_OUT)) |
@@ -159,28 +159,28 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum, | |||
159 | } | 159 | } |
160 | 160 | ||
161 | static unsigned int ipv4_conntrack_in(unsigned int hooknum, | 161 | static unsigned int ipv4_conntrack_in(unsigned int hooknum, |
162 | struct sk_buff **pskb, | 162 | struct sk_buff *skb, |
163 | const struct net_device *in, | 163 | const struct net_device *in, |
164 | const struct net_device *out, | 164 | const struct net_device *out, |
165 | int (*okfn)(struct sk_buff *)) | 165 | int (*okfn)(struct sk_buff *)) |
166 | { | 166 | { |
167 | return nf_conntrack_in(PF_INET, hooknum, pskb); | 167 | return nf_conntrack_in(PF_INET, hooknum, skb); |
168 | } | 168 | } |
169 | 169 | ||
170 | static unsigned int ipv4_conntrack_local(unsigned int hooknum, | 170 | static unsigned int ipv4_conntrack_local(unsigned int hooknum, |
171 | struct sk_buff **pskb, | 171 | struct sk_buff *skb, |
172 | const struct net_device *in, | 172 | const struct net_device *in, |
173 | const struct net_device *out, | 173 | const struct net_device *out, |
174 | int (*okfn)(struct sk_buff *)) | 174 | int (*okfn)(struct sk_buff *)) |
175 | { | 175 | { |
176 | /* root is playing with raw sockets. */ | 176 | /* root is playing with raw sockets. */ |
177 | if ((*pskb)->len < sizeof(struct iphdr) | 177 | if (skb->len < sizeof(struct iphdr) || |
178 | || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { | 178 | ip_hdrlen(skb) < sizeof(struct iphdr)) { |
179 | if (net_ratelimit()) | 179 | if (net_ratelimit()) |
180 | printk("ipt_hook: happy cracking.\n"); | 180 | printk("ipt_hook: happy cracking.\n"); |
181 | return NF_ACCEPT; | 181 | return NF_ACCEPT; |
182 | } | 182 | } |
183 | return nf_conntrack_in(PF_INET, hooknum, pskb); | 183 | return nf_conntrack_in(PF_INET, hooknum, skb); |
184 | } | 184 | } |
185 | 185 | ||
186 | /* Connection tracking may drop packets, but never alters them, so | 186 | /* Connection tracking may drop packets, but never alters them, so |
diff --git a/net/ipv4/netfilter/nf_nat_amanda.c b/net/ipv4/netfilter/nf_nat_amanda.c index bd93a1d7105..35a5aa69cd9 100644 --- a/net/ipv4/netfilter/nf_nat_amanda.c +++ b/net/ipv4/netfilter/nf_nat_amanda.c | |||
@@ -24,7 +24,7 @@ MODULE_DESCRIPTION("Amanda NAT helper"); | |||
24 | MODULE_LICENSE("GPL"); | 24 | MODULE_LICENSE("GPL"); |
25 | MODULE_ALIAS("ip_nat_amanda"); | 25 | MODULE_ALIAS("ip_nat_amanda"); |
26 | 26 | ||
27 | static unsigned int help(struct sk_buff **pskb, | 27 | static unsigned int help(struct sk_buff *skb, |
28 | enum ip_conntrack_info ctinfo, | 28 | enum ip_conntrack_info ctinfo, |
29 | unsigned int matchoff, | 29 | unsigned int matchoff, |
30 | unsigned int matchlen, | 30 | unsigned int matchlen, |
@@ -53,7 +53,7 @@ static unsigned int help(struct sk_buff **pskb, | |||
53 | return NF_DROP; | 53 | return NF_DROP; |
54 | 54 | ||
55 | sprintf(buffer, "%u", port); | 55 | sprintf(buffer, "%u", port); |
56 | ret = nf_nat_mangle_udp_packet(pskb, exp->master, ctinfo, | 56 | ret = nf_nat_mangle_udp_packet(skb, exp->master, ctinfo, |
57 | matchoff, matchlen, | 57 | matchoff, matchlen, |
58 | buffer, strlen(buffer)); | 58 | buffer, strlen(buffer)); |
59 | if (ret != NF_ACCEPT) | 59 | if (ret != NF_ACCEPT) |
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index 3b5eb7c1a13..56e93f692e8 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c | |||
@@ -349,7 +349,7 @@ EXPORT_SYMBOL(nf_nat_setup_info); | |||
349 | /* Returns true if succeeded. */ | 349 | /* Returns true if succeeded. */ |
350 | static int | 350 | static int |
351 | manip_pkt(u_int16_t proto, | 351 | manip_pkt(u_int16_t proto, |
352 | struct sk_buff **pskb, | 352 | struct sk_buff *skb, |
353 | unsigned int iphdroff, | 353 | unsigned int iphdroff, |
354 | const struct nf_conntrack_tuple *target, | 354 | const struct nf_conntrack_tuple *target, |
355 | enum nf_nat_manip_type maniptype) | 355 | enum nf_nat_manip_type maniptype) |
@@ -357,19 +357,19 @@ manip_pkt(u_int16_t proto, | |||
357 | struct iphdr *iph; | 357 | struct iphdr *iph; |
358 | struct nf_nat_protocol *p; | 358 | struct nf_nat_protocol *p; |
359 | 359 | ||
360 | if (!skb_make_writable(*pskb, iphdroff + sizeof(*iph))) | 360 | if (!skb_make_writable(skb, iphdroff + sizeof(*iph))) |
361 | return 0; | 361 | return 0; |
362 | 362 | ||
363 | iph = (void *)(*pskb)->data + iphdroff; | 363 | iph = (void *)skb->data + iphdroff; |
364 | 364 | ||
365 | /* Manipulate protcol part. */ | 365 | /* Manipulate protcol part. */ |
366 | 366 | ||
367 | /* rcu_read_lock()ed by nf_hook_slow */ | 367 | /* rcu_read_lock()ed by nf_hook_slow */ |
368 | p = __nf_nat_proto_find(proto); | 368 | p = __nf_nat_proto_find(proto); |
369 | if (!p->manip_pkt(pskb, iphdroff, target, maniptype)) | 369 | if (!p->manip_pkt(skb, iphdroff, target, maniptype)) |
370 | return 0; | 370 | return 0; |
371 | 371 | ||
372 | iph = (void *)(*pskb)->data + iphdroff; | 372 | iph = (void *)skb->data + iphdroff; |
373 | 373 | ||
374 | if (maniptype == IP_NAT_MANIP_SRC) { | 374 | if (maniptype == IP_NAT_MANIP_SRC) { |
375 | nf_csum_replace4(&iph->check, iph->saddr, target->src.u3.ip); | 375 | nf_csum_replace4(&iph->check, iph->saddr, target->src.u3.ip); |
@@ -385,7 +385,7 @@ manip_pkt(u_int16_t proto, | |||
385 | unsigned int nf_nat_packet(struct nf_conn *ct, | 385 | unsigned int nf_nat_packet(struct nf_conn *ct, |
386 | enum ip_conntrack_info ctinfo, | 386 | enum ip_conntrack_info ctinfo, |
387 | unsigned int hooknum, | 387 | unsigned int hooknum, |
388 | struct sk_buff **pskb) | 388 | struct sk_buff *skb) |
389 | { | 389 | { |
390 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); | 390 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); |
391 | unsigned long statusbit; | 391 | unsigned long statusbit; |
@@ -407,7 +407,7 @@ unsigned int nf_nat_packet(struct nf_conn *ct, | |||
407 | /* We are aiming to look like inverse of other direction. */ | 407 | /* We are aiming to look like inverse of other direction. */ |
408 | nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple); | 408 | nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple); |
409 | 409 | ||
410 | if (!manip_pkt(target.dst.protonum, pskb, 0, &target, mtype)) | 410 | if (!manip_pkt(target.dst.protonum, skb, 0, &target, mtype)) |
411 | return NF_DROP; | 411 | return NF_DROP; |
412 | } | 412 | } |
413 | return NF_ACCEPT; | 413 | return NF_ACCEPT; |
@@ -418,7 +418,7 @@ EXPORT_SYMBOL_GPL(nf_nat_packet); | |||
418 | int nf_nat_icmp_reply_translation(struct nf_conn *ct, | 418 | int nf_nat_icmp_reply_translation(struct nf_conn *ct, |
419 | enum ip_conntrack_info ctinfo, | 419 | enum ip_conntrack_info ctinfo, |
420 | unsigned int hooknum, | 420 | unsigned int hooknum, |
421 | struct sk_buff **pskb) | 421 | struct sk_buff *skb) |
422 | { | 422 | { |
423 | struct { | 423 | struct { |
424 | struct icmphdr icmp; | 424 | struct icmphdr icmp; |
@@ -426,24 +426,24 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct, | |||
426 | } *inside; | 426 | } *inside; |
427 | struct nf_conntrack_l4proto *l4proto; | 427 | struct nf_conntrack_l4proto *l4proto; |
428 | struct nf_conntrack_tuple inner, target; | 428 | struct nf_conntrack_tuple inner, target; |
429 | int hdrlen = ip_hdrlen(*pskb); | 429 | int hdrlen = ip_hdrlen(skb); |
430 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); | 430 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); |
431 | unsigned long statusbit; | 431 | unsigned long statusbit; |
432 | enum nf_nat_manip_type manip = HOOK2MANIP(hooknum); | 432 | enum nf_nat_manip_type manip = HOOK2MANIP(hooknum); |
433 | 433 | ||
434 | if (!skb_make_writable(*pskb, hdrlen + sizeof(*inside))) | 434 | if (!skb_make_writable(skb, hdrlen + sizeof(*inside))) |
435 | return 0; | 435 | return 0; |
436 | 436 | ||
437 | inside = (void *)(*pskb)->data + ip_hdrlen(*pskb); | 437 | inside = (void *)skb->data + ip_hdrlen(skb); |
438 | 438 | ||
439 | /* We're actually going to mangle it beyond trivial checksum | 439 | /* We're actually going to mangle it beyond trivial checksum |
440 | adjustment, so make sure the current checksum is correct. */ | 440 | adjustment, so make sure the current checksum is correct. */ |
441 | if (nf_ip_checksum(*pskb, hooknum, hdrlen, 0)) | 441 | if (nf_ip_checksum(skb, hooknum, hdrlen, 0)) |
442 | return 0; | 442 | return 0; |
443 | 443 | ||
444 | /* Must be RELATED */ | 444 | /* Must be RELATED */ |
445 | NF_CT_ASSERT((*pskb)->nfctinfo == IP_CT_RELATED || | 445 | NF_CT_ASSERT(skb->nfctinfo == IP_CT_RELATED || |
446 | (*pskb)->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY); | 446 | skb->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY); |
447 | 447 | ||
448 | /* Redirects on non-null nats must be dropped, else they'll | 448 | /* Redirects on non-null nats must be dropped, else they'll |
449 | start talking to each other without our translation, and be | 449 | start talking to each other without our translation, and be |
@@ -458,15 +458,15 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct, | |||
458 | } | 458 | } |
459 | 459 | ||
460 | pr_debug("icmp_reply_translation: translating error %p manip %u " | 460 | pr_debug("icmp_reply_translation: translating error %p manip %u " |
461 | "dir %s\n", *pskb, manip, | 461 | "dir %s\n", skb, manip, |
462 | dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY"); | 462 | dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY"); |
463 | 463 | ||
464 | /* rcu_read_lock()ed by nf_hook_slow */ | 464 | /* rcu_read_lock()ed by nf_hook_slow */ |
465 | l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol); | 465 | l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol); |
466 | 466 | ||
467 | if (!nf_ct_get_tuple(*pskb, | 467 | if (!nf_ct_get_tuple(skb, |
468 | ip_hdrlen(*pskb) + sizeof(struct icmphdr), | 468 | ip_hdrlen(skb) + sizeof(struct icmphdr), |
469 | (ip_hdrlen(*pskb) + | 469 | (ip_hdrlen(skb) + |
470 | sizeof(struct icmphdr) + inside->ip.ihl * 4), | 470 | sizeof(struct icmphdr) + inside->ip.ihl * 4), |
471 | (u_int16_t)AF_INET, | 471 | (u_int16_t)AF_INET, |
472 | inside->ip.protocol, | 472 | inside->ip.protocol, |
@@ -478,19 +478,19 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct, | |||
478 | pass all hooks (locally-generated ICMP). Consider incoming | 478 | pass all hooks (locally-generated ICMP). Consider incoming |
479 | packet: PREROUTING (DST manip), routing produces ICMP, goes | 479 | packet: PREROUTING (DST manip), routing produces ICMP, goes |
480 | through POSTROUTING (which must correct the DST manip). */ | 480 | through POSTROUTING (which must correct the DST manip). */ |
481 | if (!manip_pkt(inside->ip.protocol, pskb, | 481 | if (!manip_pkt(inside->ip.protocol, skb, |
482 | ip_hdrlen(*pskb) + sizeof(inside->icmp), | 482 | ip_hdrlen(skb) + sizeof(inside->icmp), |
483 | &ct->tuplehash[!dir].tuple, | 483 | &ct->tuplehash[!dir].tuple, |
484 | !manip)) | 484 | !manip)) |
485 | return 0; | 485 | return 0; |
486 | 486 | ||
487 | if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { | 487 | if (skb->ip_summed != CHECKSUM_PARTIAL) { |
488 | /* Reloading "inside" here since manip_pkt inner. */ | 488 | /* Reloading "inside" here since manip_pkt inner. */ |
489 | inside = (void *)(*pskb)->data + ip_hdrlen(*pskb); | 489 | inside = (void *)skb->data + ip_hdrlen(skb); |
490 | inside->icmp.checksum = 0; | 490 | inside->icmp.checksum = 0; |
491 | inside->icmp.checksum = | 491 | inside->icmp.checksum = |
492 | csum_fold(skb_checksum(*pskb, hdrlen, | 492 | csum_fold(skb_checksum(skb, hdrlen, |
493 | (*pskb)->len - hdrlen, 0)); | 493 | skb->len - hdrlen, 0)); |
494 | } | 494 | } |
495 | 495 | ||
496 | /* Change outer to look the reply to an incoming packet | 496 | /* Change outer to look the reply to an incoming packet |
@@ -506,7 +506,7 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct, | |||
506 | 506 | ||
507 | if (ct->status & statusbit) { | 507 | if (ct->status & statusbit) { |
508 | nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple); | 508 | nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple); |
509 | if (!manip_pkt(0, pskb, 0, &target, manip)) | 509 | if (!manip_pkt(0, skb, 0, &target, manip)) |
510 | return 0; | 510 | return 0; |
511 | } | 511 | } |
512 | 512 | ||
diff --git a/net/ipv4/netfilter/nf_nat_ftp.c b/net/ipv4/netfilter/nf_nat_ftp.c index 3663bd879c3..e1a16d3ea4c 100644 --- a/net/ipv4/netfilter/nf_nat_ftp.c +++ b/net/ipv4/netfilter/nf_nat_ftp.c | |||
@@ -28,7 +28,7 @@ MODULE_ALIAS("ip_nat_ftp"); | |||
28 | /* FIXME: Time out? --RR */ | 28 | /* FIXME: Time out? --RR */ |
29 | 29 | ||
30 | static int | 30 | static int |
31 | mangle_rfc959_packet(struct sk_buff **pskb, | 31 | mangle_rfc959_packet(struct sk_buff *skb, |
32 | __be32 newip, | 32 | __be32 newip, |
33 | u_int16_t port, | 33 | u_int16_t port, |
34 | unsigned int matchoff, | 34 | unsigned int matchoff, |
@@ -43,13 +43,13 @@ mangle_rfc959_packet(struct sk_buff **pskb, | |||
43 | 43 | ||
44 | pr_debug("calling nf_nat_mangle_tcp_packet\n"); | 44 | pr_debug("calling nf_nat_mangle_tcp_packet\n"); |
45 | 45 | ||
46 | return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, | 46 | return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff, |
47 | matchlen, buffer, strlen(buffer)); | 47 | matchlen, buffer, strlen(buffer)); |
48 | } | 48 | } |
49 | 49 | ||
50 | /* |1|132.235.1.2|6275| */ | 50 | /* |1|132.235.1.2|6275| */ |
51 | static int | 51 | static int |
52 | mangle_eprt_packet(struct sk_buff **pskb, | 52 | mangle_eprt_packet(struct sk_buff *skb, |
53 | __be32 newip, | 53 | __be32 newip, |
54 | u_int16_t port, | 54 | u_int16_t port, |
55 | unsigned int matchoff, | 55 | unsigned int matchoff, |
@@ -63,13 +63,13 @@ mangle_eprt_packet(struct sk_buff **pskb, | |||
63 | 63 | ||
64 | pr_debug("calling nf_nat_mangle_tcp_packet\n"); | 64 | pr_debug("calling nf_nat_mangle_tcp_packet\n"); |
65 | 65 | ||
66 | return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, | 66 | return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff, |
67 | matchlen, buffer, strlen(buffer)); | 67 | matchlen, buffer, strlen(buffer)); |
68 | } | 68 | } |
69 | 69 | ||
70 | /* |1|132.235.1.2|6275| */ | 70 | /* |1|132.235.1.2|6275| */ |
71 | static int | 71 | static int |
72 | mangle_epsv_packet(struct sk_buff **pskb, | 72 | mangle_epsv_packet(struct sk_buff *skb, |
73 | __be32 newip, | 73 | __be32 newip, |
74 | u_int16_t port, | 74 | u_int16_t port, |
75 | unsigned int matchoff, | 75 | unsigned int matchoff, |
@@ -83,11 +83,11 @@ mangle_epsv_packet(struct sk_buff **pskb, | |||
83 | 83 | ||
84 | pr_debug("calling nf_nat_mangle_tcp_packet\n"); | 84 | pr_debug("calling nf_nat_mangle_tcp_packet\n"); |
85 | 85 | ||
86 | return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, | 86 | return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff, |
87 | matchlen, buffer, strlen(buffer)); | 87 | matchlen, buffer, strlen(buffer)); |
88 | } | 88 | } |
89 | 89 | ||
90 | static int (*mangle[])(struct sk_buff **, __be32, u_int16_t, | 90 | static int (*mangle[])(struct sk_buff *, __be32, u_int16_t, |
91 | unsigned int, unsigned int, struct nf_conn *, | 91 | unsigned int, unsigned int, struct nf_conn *, |
92 | enum ip_conntrack_info) | 92 | enum ip_conntrack_info) |
93 | = { | 93 | = { |
@@ -99,7 +99,7 @@ static int (*mangle[])(struct sk_buff **, __be32, u_int16_t, | |||
99 | 99 | ||
100 | /* So, this packet has hit the connection tracking matching code. | 100 | /* So, this packet has hit the connection tracking matching code. |
101 | Mangle it, and change the expectation to match the new version. */ | 101 | Mangle it, and change the expectation to match the new version. */ |
102 | static unsigned int nf_nat_ftp(struct sk_buff **pskb, | 102 | static unsigned int nf_nat_ftp(struct sk_buff *skb, |
103 | enum ip_conntrack_info ctinfo, | 103 | enum ip_conntrack_info ctinfo, |
104 | enum nf_ct_ftp_type type, | 104 | enum nf_ct_ftp_type type, |
105 | unsigned int matchoff, | 105 | unsigned int matchoff, |
@@ -132,7 +132,7 @@ static unsigned int nf_nat_ftp(struct sk_buff **pskb, | |||
132 | if (port == 0) | 132 | if (port == 0) |
133 | return NF_DROP; | 133 | return NF_DROP; |
134 | 134 | ||
135 | if (!mangle[type](pskb, newip, port, matchoff, matchlen, ct, ctinfo)) { | 135 | if (!mangle[type](skb, newip, port, matchoff, matchlen, ct, ctinfo)) { |
136 | nf_ct_unexpect_related(exp); | 136 | nf_ct_unexpect_related(exp); |
137 | return NF_DROP; | 137 | return NF_DROP; |
138 | } | 138 | } |
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c index c1b059a7370..a868c8c4132 100644 --- a/net/ipv4/netfilter/nf_nat_h323.c +++ b/net/ipv4/netfilter/nf_nat_h323.c | |||
@@ -22,12 +22,12 @@ | |||
22 | #include <linux/netfilter/nf_conntrack_h323.h> | 22 | #include <linux/netfilter/nf_conntrack_h323.h> |
23 | 23 | ||
24 | /****************************************************************************/ | 24 | /****************************************************************************/ |
25 | static int set_addr(struct sk_buff **pskb, | 25 | static int set_addr(struct sk_buff *skb, |
26 | unsigned char **data, int dataoff, | 26 | unsigned char **data, int dataoff, |
27 | unsigned int addroff, __be32 ip, __be16 port) | 27 | unsigned int addroff, __be32 ip, __be16 port) |
28 | { | 28 | { |
29 | enum ip_conntrack_info ctinfo; | 29 | enum ip_conntrack_info ctinfo; |
30 | struct nf_conn *ct = nf_ct_get(*pskb, &ctinfo); | 30 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); |
31 | struct { | 31 | struct { |
32 | __be32 ip; | 32 | __be32 ip; |
33 | __be16 port; | 33 | __be16 port; |
@@ -38,8 +38,8 @@ static int set_addr(struct sk_buff **pskb, | |||
38 | buf.port = port; | 38 | buf.port = port; |
39 | addroff += dataoff; | 39 | addroff += dataoff; |
40 | 40 | ||
41 | if (ip_hdr(*pskb)->protocol == IPPROTO_TCP) { | 41 | if (ip_hdr(skb)->protocol == IPPROTO_TCP) { |
42 | if (!nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, | 42 | if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, |
43 | addroff, sizeof(buf), | 43 | addroff, sizeof(buf), |
44 | (char *) &buf, sizeof(buf))) { | 44 | (char *) &buf, sizeof(buf))) { |
45 | if (net_ratelimit()) | 45 | if (net_ratelimit()) |
@@ -49,14 +49,13 @@ static int set_addr(struct sk_buff **pskb, | |||
49 | } | 49 | } |
50 | 50 | ||
51 | /* Relocate data pointer */ | 51 | /* Relocate data pointer */ |
52 | th = skb_header_pointer(*pskb, ip_hdrlen(*pskb), | 52 | th = skb_header_pointer(skb, ip_hdrlen(skb), |
53 | sizeof(_tcph), &_tcph); | 53 | sizeof(_tcph), &_tcph); |
54 | if (th == NULL) | 54 | if (th == NULL) |
55 | return -1; | 55 | return -1; |
56 | *data = (*pskb)->data + ip_hdrlen(*pskb) + | 56 | *data = skb->data + ip_hdrlen(skb) + th->doff * 4 + dataoff; |
57 | th->doff * 4 + dataoff; | ||
58 | } else { | 57 | } else { |
59 | if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, | 58 | if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo, |
60 | addroff, sizeof(buf), | 59 | addroff, sizeof(buf), |
61 | (char *) &buf, sizeof(buf))) { | 60 | (char *) &buf, sizeof(buf))) { |
62 | if (net_ratelimit()) | 61 | if (net_ratelimit()) |
@@ -67,36 +66,35 @@ static int set_addr(struct sk_buff **pskb, | |||
67 | /* nf_nat_mangle_udp_packet uses skb_make_writable() to copy | 66 | /* nf_nat_mangle_udp_packet uses skb_make_writable() to copy |
68 | * or pull everything in a linear buffer, so we can safely | 67 | * or pull everything in a linear buffer, so we can safely |
69 | * use the skb pointers now */ | 68 | * use the skb pointers now */ |
70 | *data = ((*pskb)->data + ip_hdrlen(*pskb) + | 69 | *data = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr); |
71 | sizeof(struct udphdr)); | ||
72 | } | 70 | } |
73 | 71 | ||
74 | return 0; | 72 | return 0; |
75 | } | 73 | } |
76 | 74 | ||
77 | /****************************************************************************/ | 75 | /****************************************************************************/ |
78 | static int set_h225_addr(struct sk_buff **pskb, | 76 | static int set_h225_addr(struct sk_buff *skb, |
79 | unsigned char **data, int dataoff, | 77 | unsigned char **data, int dataoff, |
80 | TransportAddress *taddr, | 78 | TransportAddress *taddr, |
81 | union nf_conntrack_address *addr, __be16 port) | 79 | union nf_conntrack_address *addr, __be16 port) |
82 | { | 80 | { |
83 | return set_addr(pskb, data, dataoff, taddr->ipAddress.ip, | 81 | return set_addr(skb, data, dataoff, taddr->ipAddress.ip, |
84 | addr->ip, port); | 82 | addr->ip, port); |
85 | } | 83 | } |
86 | 84 | ||
87 | /****************************************************************************/ | 85 | /****************************************************************************/ |
88 | static int set_h245_addr(struct sk_buff **pskb, | 86 | static int set_h245_addr(struct sk_buff *skb, |
89 | unsigned char **data, int dataoff, | 87 | unsigned char **data, int dataoff, |
90 | H245_TransportAddress *taddr, | 88 | H245_TransportAddress *taddr, |
91 | union nf_conntrack_address *addr, __be16 port) | 89 | union nf_conntrack_address *addr, __be16 port) |
92 | { | 90 | { |
93 | return set_addr(pskb, data, dataoff, | 91 | return set_addr(skb, data, dataoff, |
94 | taddr->unicastAddress.iPAddress.network, | 92 | taddr->unicastAddress.iPAddress.network, |
95 | addr->ip, port); | 93 | addr->ip, port); |
96 | } | 94 | } |
97 | 95 | ||
98 | /****************************************************************************/ | 96 | /****************************************************************************/ |
99 | static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct, | 97 | static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct, |
100 | enum ip_conntrack_info ctinfo, | 98 | enum ip_conntrack_info ctinfo, |
101 | unsigned char **data, | 99 | unsigned char **data, |
102 | TransportAddress *taddr, int count) | 100 | TransportAddress *taddr, int count) |
@@ -125,7 +123,7 @@ static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct, | |||
125 | NIPQUAD(addr.ip), port, | 123 | NIPQUAD(addr.ip), port, |
126 | NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip), | 124 | NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip), |
127 | info->sig_port[!dir]); | 125 | info->sig_port[!dir]); |
128 | return set_h225_addr(pskb, data, 0, &taddr[i], | 126 | return set_h225_addr(skb, data, 0, &taddr[i], |
129 | &ct->tuplehash[!dir]. | 127 | &ct->tuplehash[!dir]. |
130 | tuple.dst.u3, | 128 | tuple.dst.u3, |
131 | info->sig_port[!dir]); | 129 | info->sig_port[!dir]); |
@@ -137,7 +135,7 @@ static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct, | |||
137 | NIPQUAD(addr.ip), port, | 135 | NIPQUAD(addr.ip), port, |
138 | NIPQUAD(ct->tuplehash[!dir].tuple.src.u3.ip), | 136 | NIPQUAD(ct->tuplehash[!dir].tuple.src.u3.ip), |
139 | info->sig_port[!dir]); | 137 | info->sig_port[!dir]); |
140 | return set_h225_addr(pskb, data, 0, &taddr[i], | 138 | return set_h225_addr(skb, data, 0, &taddr[i], |
141 | &ct->tuplehash[!dir]. | 139 | &ct->tuplehash[!dir]. |
142 | tuple.src.u3, | 140 | tuple.src.u3, |
143 | info->sig_port[!dir]); | 141 | info->sig_port[!dir]); |
@@ -149,7 +147,7 @@ static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct, | |||
149 | } | 147 | } |
150 | 148 | ||
151 | /****************************************************************************/ | 149 | /****************************************************************************/ |
152 | static int set_ras_addr(struct sk_buff **pskb, struct nf_conn *ct, | 150 | static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct, |
153 | enum ip_conntrack_info ctinfo, | 151 | enum ip_conntrack_info ctinfo, |
154 | unsigned char **data, | 152 | unsigned char **data, |
155 | TransportAddress *taddr, int count) | 153 | TransportAddress *taddr, int count) |
@@ -168,7 +166,7 @@ static int set_ras_addr(struct sk_buff **pskb, struct nf_conn *ct, | |||
168 | NIPQUAD(addr.ip), ntohs(port), | 166 | NIPQUAD(addr.ip), ntohs(port), |
169 | NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip), | 167 | NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip), |
170 | ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port)); | 168 | ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port)); |
171 | return set_h225_addr(pskb, data, 0, &taddr[i], | 169 | return set_h225_addr(skb, data, 0, &taddr[i], |
172 | &ct->tuplehash[!dir].tuple.dst.u3, | 170 | &ct->tuplehash[!dir].tuple.dst.u3, |
173 | ct->tuplehash[!dir].tuple. | 171 | ct->tuplehash[!dir].tuple. |
174 | dst.u.udp.port); | 172 | dst.u.udp.port); |
@@ -179,7 +177,7 @@ static int set_ras_addr(struct sk_buff **pskb, struct nf_conn *ct, | |||
179 | } | 177 | } |
180 | 178 | ||
181 | /****************************************************************************/ | 179 | /****************************************************************************/ |
182 | static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, | 180 | static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct, |
183 | enum ip_conntrack_info ctinfo, | 181 | enum ip_conntrack_info ctinfo, |
184 | unsigned char **data, int dataoff, | 182 | unsigned char **data, int dataoff, |
185 | H245_TransportAddress *taddr, | 183 | H245_TransportAddress *taddr, |
@@ -244,7 +242,7 @@ static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, | |||
244 | } | 242 | } |
245 | 243 | ||
246 | /* Modify signal */ | 244 | /* Modify signal */ |
247 | if (set_h245_addr(pskb, data, dataoff, taddr, | 245 | if (set_h245_addr(skb, data, dataoff, taddr, |
248 | &ct->tuplehash[!dir].tuple.dst.u3, | 246 | &ct->tuplehash[!dir].tuple.dst.u3, |
249 | htons((port & htons(1)) ? nated_port + 1 : | 247 | htons((port & htons(1)) ? nated_port + 1 : |
250 | nated_port)) == 0) { | 248 | nated_port)) == 0) { |
@@ -273,7 +271,7 @@ static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, | |||
273 | } | 271 | } |
274 | 272 | ||
275 | /****************************************************************************/ | 273 | /****************************************************************************/ |
276 | static int nat_t120(struct sk_buff **pskb, struct nf_conn *ct, | 274 | static int nat_t120(struct sk_buff *skb, struct nf_conn *ct, |
277 | enum ip_conntrack_info ctinfo, | 275 | enum ip_conntrack_info ctinfo, |
278 | unsigned char **data, int dataoff, | 276 | unsigned char **data, int dataoff, |
279 | H245_TransportAddress *taddr, __be16 port, | 277 | H245_TransportAddress *taddr, __be16 port, |
@@ -301,7 +299,7 @@ static int nat_t120(struct sk_buff **pskb, struct nf_conn *ct, | |||
301 | } | 299 | } |
302 | 300 | ||
303 | /* Modify signal */ | 301 | /* Modify signal */ |
304 | if (set_h245_addr(pskb, data, dataoff, taddr, | 302 | if (set_h245_addr(skb, data, dataoff, taddr, |
305 | &ct->tuplehash[!dir].tuple.dst.u3, | 303 | &ct->tuplehash[!dir].tuple.dst.u3, |
306 | htons(nated_port)) < 0) { | 304 | htons(nated_port)) < 0) { |
307 | nf_ct_unexpect_related(exp); | 305 | nf_ct_unexpect_related(exp); |
@@ -318,7 +316,7 @@ static int nat_t120(struct sk_buff **pskb, struct nf_conn *ct, | |||
318 | } | 316 | } |
319 | 317 | ||
320 | /****************************************************************************/ | 318 | /****************************************************************************/ |
321 | static int nat_h245(struct sk_buff **pskb, struct nf_conn *ct, | 319 | static int nat_h245(struct sk_buff *skb, struct nf_conn *ct, |
322 | enum ip_conntrack_info ctinfo, | 320 | enum ip_conntrack_info ctinfo, |
323 | unsigned char **data, int dataoff, | 321 | unsigned char **data, int dataoff, |
324 | TransportAddress *taddr, __be16 port, | 322 | TransportAddress *taddr, __be16 port, |
@@ -351,7 +349,7 @@ static int nat_h245(struct sk_buff **pskb, struct nf_conn *ct, | |||
351 | } | 349 | } |
352 | 350 | ||
353 | /* Modify signal */ | 351 | /* Modify signal */ |
354 | if (set_h225_addr(pskb, data, dataoff, taddr, | 352 | if (set_h225_addr(skb, data, dataoff, taddr, |
355 | &ct->tuplehash[!dir].tuple.dst.u3, | 353 | &ct->tuplehash[!dir].tuple.dst.u3, |
356 | htons(nated_port)) == 0) { | 354 | htons(nated_port)) == 0) { |
357 | /* Save ports */ | 355 | /* Save ports */ |
@@ -406,7 +404,7 @@ static void ip_nat_q931_expect(struct nf_conn *new, | |||
406 | } | 404 | } |
407 | 405 | ||
408 | /****************************************************************************/ | 406 | /****************************************************************************/ |
409 | static int nat_q931(struct sk_buff **pskb, struct nf_conn *ct, | 407 | static int nat_q931(struct sk_buff *skb, struct nf_conn *ct, |
410 | enum ip_conntrack_info ctinfo, | 408 | enum ip_conntrack_info ctinfo, |
411 | unsigned char **data, TransportAddress *taddr, int idx, | 409 | unsigned char **data, TransportAddress *taddr, int idx, |
412 | __be16 port, struct nf_conntrack_expect *exp) | 410 | __be16 port, struct nf_conntrack_expect *exp) |
@@ -439,7 +437,7 @@ static int nat_q931(struct sk_buff **pskb, struct nf_conn *ct, | |||
439 | } | 437 | } |
440 | 438 | ||
441 | /* Modify signal */ | 439 | /* Modify signal */ |
442 | if (set_h225_addr(pskb, data, 0, &taddr[idx], | 440 | if (set_h225_addr(skb, data, 0, &taddr[idx], |
443 | &ct->tuplehash[!dir].tuple.dst.u3, | 441 | &ct->tuplehash[!dir].tuple.dst.u3, |
444 | htons(nated_port)) == 0) { | 442 | htons(nated_port)) == 0) { |
445 | /* Save ports */ | 443 | /* Save ports */ |
@@ -450,7 +448,7 @@ static int nat_q931(struct sk_buff **pskb, struct nf_conn *ct, | |||
450 | if (idx > 0 && | 448 | if (idx > 0 && |
451 | get_h225_addr(ct, *data, &taddr[0], &addr, &port) && | 449 | get_h225_addr(ct, *data, &taddr[0], &addr, &port) && |
452 | (ntohl(addr.ip) & 0xff000000) == 0x7f000000) { | 450 | (ntohl(addr.ip) & 0xff000000) == 0x7f000000) { |
453 | set_h225_addr(pskb, data, 0, &taddr[0], | 451 | set_h225_addr(skb, data, 0, &taddr[0], |
454 | &ct->tuplehash[!dir].tuple.dst.u3, | 452 | &ct->tuplehash[!dir].tuple.dst.u3, |
455 | info->sig_port[!dir]); | 453 | info->sig_port[!dir]); |
456 | } | 454 | } |
@@ -495,7 +493,7 @@ static void ip_nat_callforwarding_expect(struct nf_conn *new, | |||
495 | } | 493 | } |
496 | 494 | ||
497 | /****************************************************************************/ | 495 | /****************************************************************************/ |
498 | static int nat_callforwarding(struct sk_buff **pskb, struct nf_conn *ct, | 496 | static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct, |
499 | enum ip_conntrack_info ctinfo, | 497 | enum ip_conntrack_info ctinfo, |
500 | unsigned char **data, int dataoff, | 498 | unsigned char **data, int dataoff, |
501 | TransportAddress *taddr, __be16 port, | 499 | TransportAddress *taddr, __be16 port, |
@@ -525,7 +523,7 @@ static int nat_callforwarding(struct sk_buff **pskb, struct nf_conn *ct, | |||
525 | } | 523 | } |
526 | 524 | ||
527 | /* Modify signal */ | 525 | /* Modify signal */ |
528 | if (!set_h225_addr(pskb, data, dataoff, taddr, | 526 | if (!set_h225_addr(skb, data, dataoff, taddr, |
529 | &ct->tuplehash[!dir].tuple.dst.u3, | 527 | &ct->tuplehash[!dir].tuple.dst.u3, |
530 | htons(nated_port)) == 0) { | 528 | htons(nated_port)) == 0) { |
531 | nf_ct_unexpect_related(exp); | 529 | nf_ct_unexpect_related(exp); |
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c index 40b429e4540..8718da00ef2 100644 --- a/net/ipv4/netfilter/nf_nat_helper.c +++ b/net/ipv4/netfilter/nf_nat_helper.c | |||
@@ -111,12 +111,12 @@ static void mangle_contents(struct sk_buff *skb, | |||
111 | } | 111 | } |
112 | 112 | ||
113 | /* Unusual, but possible case. */ | 113 | /* Unusual, but possible case. */ |
114 | static int enlarge_skb(struct sk_buff **pskb, unsigned int extra) | 114 | static int enlarge_skb(struct sk_buff *skb, unsigned int extra) |
115 | { | 115 | { |
116 | if ((*pskb)->len + extra > 65535) | 116 | if (skb->len + extra > 65535) |
117 | return 0; | 117 | return 0; |
118 | 118 | ||
119 | if (pskb_expand_head(*pskb, 0, extra - skb_tailroom(*pskb), GFP_ATOMIC)) | 119 | if (pskb_expand_head(skb, 0, extra - skb_tailroom(skb), GFP_ATOMIC)) |
120 | return 0; | 120 | return 0; |
121 | 121 | ||
122 | return 1; | 122 | return 1; |
@@ -131,7 +131,7 @@ static int enlarge_skb(struct sk_buff **pskb, unsigned int extra) | |||
131 | * | 131 | * |
132 | * */ | 132 | * */ |
133 | int | 133 | int |
134 | nf_nat_mangle_tcp_packet(struct sk_buff **pskb, | 134 | nf_nat_mangle_tcp_packet(struct sk_buff *skb, |
135 | struct nf_conn *ct, | 135 | struct nf_conn *ct, |
136 | enum ip_conntrack_info ctinfo, | 136 | enum ip_conntrack_info ctinfo, |
137 | unsigned int match_offset, | 137 | unsigned int match_offset, |
@@ -139,37 +139,37 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb, | |||
139 | const char *rep_buffer, | 139 | const char *rep_buffer, |
140 | unsigned int rep_len) | 140 | unsigned int rep_len) |
141 | { | 141 | { |
142 | struct rtable *rt = (struct rtable *)(*pskb)->dst; | 142 | struct rtable *rt = (struct rtable *)skb->dst; |
143 | struct iphdr *iph; | 143 | struct iphdr *iph; |
144 | struct tcphdr *tcph; | 144 | struct tcphdr *tcph; |
145 | int oldlen, datalen; | 145 | int oldlen, datalen; |
146 | 146 | ||
147 | if (!skb_make_writable(*pskb, (*pskb)->len)) | 147 | if (!skb_make_writable(skb, skb->len)) |
148 | return 0; | 148 | return 0; |
149 | 149 | ||
150 | if (rep_len > match_len && | 150 | if (rep_len > match_len && |
151 | rep_len - match_len > skb_tailroom(*pskb) && | 151 | rep_len - match_len > skb_tailroom(skb) && |
152 | !enlarge_skb(pskb, rep_len - match_len)) | 152 | !enlarge_skb(skb, rep_len - match_len)) |
153 | return 0; | 153 | return 0; |
154 | 154 | ||
155 | SKB_LINEAR_ASSERT(*pskb); | 155 | SKB_LINEAR_ASSERT(skb); |
156 | 156 | ||
157 | iph = ip_hdr(*pskb); | 157 | iph = ip_hdr(skb); |
158 | tcph = (void *)iph + iph->ihl*4; | 158 | tcph = (void *)iph + iph->ihl*4; |
159 | 159 | ||
160 | oldlen = (*pskb)->len - iph->ihl*4; | 160 | oldlen = skb->len - iph->ihl*4; |
161 | mangle_contents(*pskb, iph->ihl*4 + tcph->doff*4, | 161 | mangle_contents(skb, iph->ihl*4 + tcph->doff*4, |
162 | match_offset, match_len, rep_buffer, rep_len); | 162 | match_offset, match_len, rep_buffer, rep_len); |
163 | 163 | ||
164 | datalen = (*pskb)->len - iph->ihl*4; | 164 | datalen = skb->len - iph->ihl*4; |
165 | if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { | 165 | if (skb->ip_summed != CHECKSUM_PARTIAL) { |
166 | if (!(rt->rt_flags & RTCF_LOCAL) && | 166 | if (!(rt->rt_flags & RTCF_LOCAL) && |
167 | (*pskb)->dev->features & NETIF_F_V4_CSUM) { | 167 | skb->dev->features & NETIF_F_V4_CSUM) { |
168 | (*pskb)->ip_summed = CHECKSUM_PARTIAL; | 168 | skb->ip_summed = CHECKSUM_PARTIAL; |
169 | (*pskb)->csum_start = skb_headroom(*pskb) + | 169 | skb->csum_start = skb_headroom(skb) + |
170 | skb_network_offset(*pskb) + | 170 | skb_network_offset(skb) + |
171 | iph->ihl * 4; | 171 | iph->ihl * 4; |
172 | (*pskb)->csum_offset = offsetof(struct tcphdr, check); | 172 | skb->csum_offset = offsetof(struct tcphdr, check); |
173 | tcph->check = ~tcp_v4_check(datalen, | 173 | tcph->check = ~tcp_v4_check(datalen, |
174 | iph->saddr, iph->daddr, 0); | 174 | iph->saddr, iph->daddr, 0); |
175 | } else { | 175 | } else { |
@@ -180,7 +180,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb, | |||
180 | datalen, 0)); | 180 | datalen, 0)); |
181 | } | 181 | } |
182 | } else | 182 | } else |
183 | nf_proto_csum_replace2(&tcph->check, *pskb, | 183 | nf_proto_csum_replace2(&tcph->check, skb, |
184 | htons(oldlen), htons(datalen), 1); | 184 | htons(oldlen), htons(datalen), 1); |
185 | 185 | ||
186 | if (rep_len != match_len) { | 186 | if (rep_len != match_len) { |
@@ -189,7 +189,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb, | |||
189 | (int)rep_len - (int)match_len, | 189 | (int)rep_len - (int)match_len, |
190 | ct, ctinfo); | 190 | ct, ctinfo); |
191 | /* Tell TCP window tracking about seq change */ | 191 | /* Tell TCP window tracking about seq change */ |
192 | nf_conntrack_tcp_update(*pskb, ip_hdrlen(*pskb), | 192 | nf_conntrack_tcp_update(skb, ip_hdrlen(skb), |
193 | ct, CTINFO2DIR(ctinfo)); | 193 | ct, CTINFO2DIR(ctinfo)); |
194 | } | 194 | } |
195 | return 1; | 195 | return 1; |
@@ -207,7 +207,7 @@ EXPORT_SYMBOL(nf_nat_mangle_tcp_packet); | |||
207 | * should be fairly easy to do. | 207 | * should be fairly easy to do. |
208 | */ | 208 | */ |
209 | int | 209 | int |
210 | nf_nat_mangle_udp_packet(struct sk_buff **pskb, | 210 | nf_nat_mangle_udp_packet(struct sk_buff *skb, |
211 | struct nf_conn *ct, | 211 | struct nf_conn *ct, |
212 | enum ip_conntrack_info ctinfo, | 212 | enum ip_conntrack_info ctinfo, |
213 | unsigned int match_offset, | 213 | unsigned int match_offset, |
@@ -215,48 +215,48 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb, | |||
215 | const char *rep_buffer, | 215 | const char *rep_buffer, |
216 | unsigned int rep_len) | 216 | unsigned int rep_len) |
217 | { | 217 | { |
218 | struct rtable *rt = (struct rtable *)(*pskb)->dst; | 218 | struct rtable *rt = (struct rtable *)skb->dst; |
219 | struct iphdr *iph; | 219 | struct iphdr *iph; |
220 | struct udphdr *udph; | 220 | struct udphdr *udph; |
221 | int datalen, oldlen; | 221 | int datalen, oldlen; |
222 | 222 | ||
223 | /* UDP helpers might accidentally mangle the wrong packet */ | 223 | /* UDP helpers might accidentally mangle the wrong packet */ |
224 | iph = ip_hdr(*pskb); | 224 | iph = ip_hdr(skb); |
225 | if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) + | 225 | if (skb->len < iph->ihl*4 + sizeof(*udph) + |
226 | match_offset + match_len) | 226 | match_offset + match_len) |
227 | return 0; | 227 | return 0; |
228 | 228 | ||
229 | if (!skb_make_writable(*pskb, (*pskb)->len)) | 229 | if (!skb_make_writable(skb, skb->len)) |
230 | return 0; | 230 | return 0; |
231 | 231 | ||
232 | if (rep_len > match_len && | 232 | if (rep_len > match_len && |
233 | rep_len - match_len > skb_tailroom(*pskb) && | 233 | rep_len - match_len > skb_tailroom(skb) && |
234 | !enlarge_skb(pskb, rep_len - match_len)) | 234 | !enlarge_skb(skb, rep_len - match_len)) |
235 | return 0; | 235 | return 0; |
236 | 236 | ||
237 | iph = ip_hdr(*pskb); | 237 | iph = ip_hdr(skb); |
238 | udph = (void *)iph + iph->ihl*4; | 238 | udph = (void *)iph + iph->ihl*4; |
239 | 239 | ||
240 | oldlen = (*pskb)->len - iph->ihl*4; | 240 | oldlen = skb->len - iph->ihl*4; |
241 | mangle_contents(*pskb, iph->ihl*4 + sizeof(*udph), | 241 | mangle_contents(skb, iph->ihl*4 + sizeof(*udph), |
242 | match_offset, match_len, rep_buffer, rep_len); | 242 | match_offset, match_len, rep_buffer, rep_len); |
243 | 243 | ||
244 | /* update the length of the UDP packet */ | 244 | /* update the length of the UDP packet */ |
245 | datalen = (*pskb)->len - iph->ihl*4; | 245 | datalen = skb->len - iph->ihl*4; |
246 | udph->len = htons(datalen); | 246 | udph->len = htons(datalen); |
247 | 247 | ||
248 | /* fix udp checksum if udp checksum was previously calculated */ | 248 | /* fix udp checksum if udp checksum was previously calculated */ |
249 | if (!udph->check && (*pskb)->ip_summed != CHECKSUM_PARTIAL) | 249 | if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL) |
250 | return 1; | 250 | return 1; |
251 | 251 | ||
252 | if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { | 252 | if (skb->ip_summed != CHECKSUM_PARTIAL) { |
253 | if (!(rt->rt_flags & RTCF_LOCAL) && | 253 | if (!(rt->rt_flags & RTCF_LOCAL) && |
254 | (*pskb)->dev->features & NETIF_F_V4_CSUM) { | 254 | skb->dev->features & NETIF_F_V4_CSUM) { |
255 | (*pskb)->ip_summed = CHECKSUM_PARTIAL; | 255 | skb->ip_summed = CHECKSUM_PARTIAL; |
256 | (*pskb)->csum_start = skb_headroom(*pskb) + | 256 | skb->csum_start = skb_headroom(skb) + |
257 | skb_network_offset(*pskb) + | 257 | skb_network_offset(skb) + |
258 | iph->ihl * 4; | 258 | iph->ihl * 4; |
259 | (*pskb)->csum_offset = offsetof(struct udphdr, check); | 259 | skb->csum_offset = offsetof(struct udphdr, check); |
260 | udph->check = ~csum_tcpudp_magic(iph->saddr, iph->daddr, | 260 | udph->check = ~csum_tcpudp_magic(iph->saddr, iph->daddr, |
261 | datalen, IPPROTO_UDP, | 261 | datalen, IPPROTO_UDP, |
262 | 0); | 262 | 0); |
@@ -270,7 +270,7 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb, | |||
270 | udph->check = CSUM_MANGLED_0; | 270 | udph->check = CSUM_MANGLED_0; |
271 | } | 271 | } |
272 | } else | 272 | } else |
273 | nf_proto_csum_replace2(&udph->check, *pskb, | 273 | nf_proto_csum_replace2(&udph->check, skb, |
274 | htons(oldlen), htons(datalen), 1); | 274 | htons(oldlen), htons(datalen), 1); |
275 | 275 | ||
276 | return 1; | 276 | return 1; |
@@ -322,7 +322,7 @@ sack_adjust(struct sk_buff *skb, | |||
322 | 322 | ||
323 | /* TCP SACK sequence number adjustment */ | 323 | /* TCP SACK sequence number adjustment */ |
324 | static inline unsigned int | 324 | static inline unsigned int |
325 | nf_nat_sack_adjust(struct sk_buff **pskb, | 325 | nf_nat_sack_adjust(struct sk_buff *skb, |
326 | struct tcphdr *tcph, | 326 | struct tcphdr *tcph, |
327 | struct nf_conn *ct, | 327 | struct nf_conn *ct, |
328 | enum ip_conntrack_info ctinfo) | 328 | enum ip_conntrack_info ctinfo) |
@@ -330,17 +330,17 @@ nf_nat_sack_adjust(struct sk_buff **pskb, | |||
330 | unsigned int dir, optoff, optend; | 330 | unsigned int dir, optoff, optend; |
331 | struct nf_conn_nat *nat = nfct_nat(ct); | 331 | struct nf_conn_nat *nat = nfct_nat(ct); |
332 | 332 | ||
333 | optoff = ip_hdrlen(*pskb) + sizeof(struct tcphdr); | 333 | optoff = ip_hdrlen(skb) + sizeof(struct tcphdr); |
334 | optend = ip_hdrlen(*pskb) + tcph->doff * 4; | 334 | optend = ip_hdrlen(skb) + tcph->doff * 4; |
335 | 335 | ||
336 | if (!skb_make_writable(*pskb, optend)) | 336 | if (!skb_make_writable(skb, optend)) |
337 | return 0; | 337 | return 0; |
338 | 338 | ||
339 | dir = CTINFO2DIR(ctinfo); | 339 | dir = CTINFO2DIR(ctinfo); |
340 | 340 | ||
341 | while (optoff < optend) { | 341 | while (optoff < optend) { |
342 | /* Usually: option, length. */ | 342 | /* Usually: option, length. */ |
343 | unsigned char *op = (*pskb)->data + optoff; | 343 | unsigned char *op = skb->data + optoff; |
344 | 344 | ||
345 | switch (op[0]) { | 345 | switch (op[0]) { |
346 | case TCPOPT_EOL: | 346 | case TCPOPT_EOL: |
@@ -357,7 +357,7 @@ nf_nat_sack_adjust(struct sk_buff **pskb, | |||
357 | if (op[0] == TCPOPT_SACK && | 357 | if (op[0] == TCPOPT_SACK && |
358 | op[1] >= 2+TCPOLEN_SACK_PERBLOCK && | 358 | op[1] >= 2+TCPOLEN_SACK_PERBLOCK && |
359 | ((op[1] - 2) % TCPOLEN_SACK_PERBLOCK) == 0) | 359 | ((op[1] - 2) % TCPOLEN_SACK_PERBLOCK) == 0) |
360 | sack_adjust(*pskb, tcph, optoff+2, | 360 | sack_adjust(skb, tcph, optoff+2, |
361 | optoff+op[1], &nat->seq[!dir]); | 361 | optoff+op[1], &nat->seq[!dir]); |
362 | optoff += op[1]; | 362 | optoff += op[1]; |
363 | } | 363 | } |
@@ -367,7 +367,7 @@ nf_nat_sack_adjust(struct sk_buff **pskb, | |||
367 | 367 | ||
368 | /* TCP sequence number adjustment. Returns 1 on success, 0 on failure */ | 368 | /* TCP sequence number adjustment. Returns 1 on success, 0 on failure */ |
369 | int | 369 | int |
370 | nf_nat_seq_adjust(struct sk_buff **pskb, | 370 | nf_nat_seq_adjust(struct sk_buff *skb, |
371 | struct nf_conn *ct, | 371 | struct nf_conn *ct, |
372 | enum ip_conntrack_info ctinfo) | 372 | enum ip_conntrack_info ctinfo) |
373 | { | 373 | { |
@@ -382,10 +382,10 @@ nf_nat_seq_adjust(struct sk_buff **pskb, | |||
382 | this_way = &nat->seq[dir]; | 382 | this_way = &nat->seq[dir]; |
383 | other_way = &nat->seq[!dir]; | 383 | other_way = &nat->seq[!dir]; |
384 | 384 | ||
385 | if (!skb_make_writable(*pskb, ip_hdrlen(*pskb) + sizeof(*tcph))) | 385 | if (!skb_make_writable(skb, ip_hdrlen(skb) + sizeof(*tcph))) |
386 | return 0; | 386 | return 0; |
387 | 387 | ||
388 | tcph = (void *)(*pskb)->data + ip_hdrlen(*pskb); | 388 | tcph = (void *)skb->data + ip_hdrlen(skb); |
389 | if (after(ntohl(tcph->seq), this_way->correction_pos)) | 389 | if (after(ntohl(tcph->seq), this_way->correction_pos)) |
390 | newseq = htonl(ntohl(tcph->seq) + this_way->offset_after); | 390 | newseq = htonl(ntohl(tcph->seq) + this_way->offset_after); |
391 | else | 391 | else |
@@ -397,8 +397,8 @@ nf_nat_seq_adjust(struct sk_buff **pskb, | |||
397 | else | 397 | else |
398 | newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before); | 398 | newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before); |
399 | 399 | ||
400 | nf_proto_csum_replace4(&tcph->check, *pskb, tcph->seq, newseq, 0); | 400 | nf_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, 0); |
401 | nf_proto_csum_replace4(&tcph->check, *pskb, tcph->ack_seq, newack, 0); | 401 | nf_proto_csum_replace4(&tcph->check, skb, tcph->ack_seq, newack, 0); |
402 | 402 | ||
403 | pr_debug("Adjusting sequence number from %u->%u, ack from %u->%u\n", | 403 | pr_debug("Adjusting sequence number from %u->%u, ack from %u->%u\n", |
404 | ntohl(tcph->seq), ntohl(newseq), ntohl(tcph->ack_seq), | 404 | ntohl(tcph->seq), ntohl(newseq), ntohl(tcph->ack_seq), |
@@ -407,10 +407,10 @@ nf_nat_seq_adjust(struct sk_buff **pskb, | |||
407 | tcph->seq = newseq; | 407 | tcph->seq = newseq; |
408 | tcph->ack_seq = newack; | 408 | tcph->ack_seq = newack; |
409 | 409 | ||
410 | if (!nf_nat_sack_adjust(pskb, tcph, ct, ctinfo)) | 410 | if (!nf_nat_sack_adjust(skb, tcph, ct, ctinfo)) |
411 | return 0; | 411 | return 0; |
412 | 412 | ||
413 | nf_conntrack_tcp_update(*pskb, ip_hdrlen(*pskb), ct, dir); | 413 | nf_conntrack_tcp_update(skb, ip_hdrlen(skb), ct, dir); |
414 | 414 | ||
415 | return 1; | 415 | return 1; |
416 | } | 416 | } |
diff --git a/net/ipv4/netfilter/nf_nat_irc.c b/net/ipv4/netfilter/nf_nat_irc.c index bcf274bba60..766e2c16c6b 100644 --- a/net/ipv4/netfilter/nf_nat_irc.c +++ b/net/ipv4/netfilter/nf_nat_irc.c | |||
@@ -27,7 +27,7 @@ MODULE_DESCRIPTION("IRC (DCC) NAT helper"); | |||
27 | MODULE_LICENSE("GPL"); | 27 | MODULE_LICENSE("GPL"); |
28 | MODULE_ALIAS("ip_nat_irc"); | 28 | MODULE_ALIAS("ip_nat_irc"); |
29 | 29 | ||
30 | static unsigned int help(struct sk_buff **pskb, | 30 | static unsigned int help(struct sk_buff *skb, |
31 | enum ip_conntrack_info ctinfo, | 31 | enum ip_conntrack_info ctinfo, |
32 | unsigned int matchoff, | 32 | unsigned int matchoff, |
33 | unsigned int matchlen, | 33 | unsigned int matchlen, |
@@ -58,7 +58,7 @@ static unsigned int help(struct sk_buff **pskb, | |||
58 | pr_debug("nf_nat_irc: inserting '%s' == %u.%u.%u.%u, port %u\n", | 58 | pr_debug("nf_nat_irc: inserting '%s' == %u.%u.%u.%u, port %u\n", |
59 | buffer, NIPQUAD(ip), port); | 59 | buffer, NIPQUAD(ip), port); |
60 | 60 | ||
61 | ret = nf_nat_mangle_tcp_packet(pskb, exp->master, ctinfo, | 61 | ret = nf_nat_mangle_tcp_packet(skb, exp->master, ctinfo, |
62 | matchoff, matchlen, buffer, | 62 | matchoff, matchlen, buffer, |
63 | strlen(buffer)); | 63 | strlen(buffer)); |
64 | if (ret != NF_ACCEPT) | 64 | if (ret != NF_ACCEPT) |
diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c index 984ec8308b2..e1385a09907 100644 --- a/net/ipv4/netfilter/nf_nat_pptp.c +++ b/net/ipv4/netfilter/nf_nat_pptp.c | |||
@@ -110,7 +110,7 @@ static void pptp_nat_expected(struct nf_conn *ct, | |||
110 | 110 | ||
111 | /* outbound packets == from PNS to PAC */ | 111 | /* outbound packets == from PNS to PAC */ |
112 | static int | 112 | static int |
113 | pptp_outbound_pkt(struct sk_buff **pskb, | 113 | pptp_outbound_pkt(struct sk_buff *skb, |
114 | struct nf_conn *ct, | 114 | struct nf_conn *ct, |
115 | enum ip_conntrack_info ctinfo, | 115 | enum ip_conntrack_info ctinfo, |
116 | struct PptpControlHeader *ctlh, | 116 | struct PptpControlHeader *ctlh, |
@@ -175,7 +175,7 @@ pptp_outbound_pkt(struct sk_buff **pskb, | |||
175 | ntohs(REQ_CID(pptpReq, cid_off)), ntohs(new_callid)); | 175 | ntohs(REQ_CID(pptpReq, cid_off)), ntohs(new_callid)); |
176 | 176 | ||
177 | /* mangle packet */ | 177 | /* mangle packet */ |
178 | if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, | 178 | if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo, |
179 | cid_off + sizeof(struct pptp_pkt_hdr) + | 179 | cid_off + sizeof(struct pptp_pkt_hdr) + |
180 | sizeof(struct PptpControlHeader), | 180 | sizeof(struct PptpControlHeader), |
181 | sizeof(new_callid), (char *)&new_callid, | 181 | sizeof(new_callid), (char *)&new_callid, |
@@ -213,7 +213,7 @@ pptp_exp_gre(struct nf_conntrack_expect *expect_orig, | |||
213 | 213 | ||
214 | /* inbound packets == from PAC to PNS */ | 214 | /* inbound packets == from PAC to PNS */ |
215 | static int | 215 | static int |
216 | pptp_inbound_pkt(struct sk_buff **pskb, | 216 | pptp_inbound_pkt(struct sk_buff *skb, |
217 | struct nf_conn *ct, | 217 | struct nf_conn *ct, |
218 | enum ip_conntrack_info ctinfo, | 218 | enum ip_conntrack_info ctinfo, |
219 | struct PptpControlHeader *ctlh, | 219 | struct PptpControlHeader *ctlh, |
@@ -268,7 +268,7 @@ pptp_inbound_pkt(struct sk_buff **pskb, | |||
268 | pr_debug("altering peer call id from 0x%04x to 0x%04x\n", | 268 | pr_debug("altering peer call id from 0x%04x to 0x%04x\n", |
269 | ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid)); | 269 | ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid)); |
270 | 270 | ||
271 | if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, | 271 | if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo, |
272 | pcid_off + sizeof(struct pptp_pkt_hdr) + | 272 | pcid_off + sizeof(struct pptp_pkt_hdr) + |
273 | sizeof(struct PptpControlHeader), | 273 | sizeof(struct PptpControlHeader), |
274 | sizeof(new_pcid), (char *)&new_pcid, | 274 | sizeof(new_pcid), (char *)&new_pcid, |
diff --git a/net/ipv4/netfilter/nf_nat_proto_gre.c b/net/ipv4/netfilter/nf_nat_proto_gre.c index e7a2aafcce5..b820f996035 100644 --- a/net/ipv4/netfilter/nf_nat_proto_gre.c +++ b/net/ipv4/netfilter/nf_nat_proto_gre.c | |||
@@ -98,21 +98,21 @@ gre_unique_tuple(struct nf_conntrack_tuple *tuple, | |||
98 | 98 | ||
99 | /* manipulate a GRE packet according to maniptype */ | 99 | /* manipulate a GRE packet according to maniptype */ |
100 | static int | 100 | static int |
101 | gre_manip_pkt(struct sk_buff **pskb, unsigned int iphdroff, | 101 | gre_manip_pkt(struct sk_buff *skb, unsigned int iphdroff, |
102 | const struct nf_conntrack_tuple *tuple, | 102 | const struct nf_conntrack_tuple *tuple, |
103 | enum nf_nat_manip_type maniptype) | 103 | enum nf_nat_manip_type maniptype) |
104 | { | 104 | { |
105 | struct gre_hdr *greh; | 105 | struct gre_hdr *greh; |
106 | struct gre_hdr_pptp *pgreh; | 106 | struct gre_hdr_pptp *pgreh; |
107 | struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); | 107 | struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff); |
108 | unsigned int hdroff = iphdroff + iph->ihl * 4; | 108 | unsigned int hdroff = iphdroff + iph->ihl * 4; |
109 | 109 | ||
110 | /* pgreh includes two optional 32bit fields which are not required | 110 | /* pgreh includes two optional 32bit fields which are not required |
111 | * to be there. That's where the magic '8' comes from */ | 111 | * to be there. That's where the magic '8' comes from */ |
112 | if (!skb_make_writable(*pskb, hdroff + sizeof(*pgreh) - 8)) | 112 | if (!skb_make_writable(skb, hdroff + sizeof(*pgreh) - 8)) |
113 | return 0; | 113 | return 0; |
114 | 114 | ||
115 | greh = (void *)(*pskb)->data + hdroff; | 115 | greh = (void *)skb->data + hdroff; |
116 | pgreh = (struct gre_hdr_pptp *)greh; | 116 | pgreh = (struct gre_hdr_pptp *)greh; |
117 | 117 | ||
118 | /* we only have destination manip of a packet, since 'source key' | 118 | /* we only have destination manip of a packet, since 'source key' |
diff --git a/net/ipv4/netfilter/nf_nat_proto_icmp.c b/net/ipv4/netfilter/nf_nat_proto_icmp.c index 4087f4f42c3..b9fc724388f 100644 --- a/net/ipv4/netfilter/nf_nat_proto_icmp.c +++ b/net/ipv4/netfilter/nf_nat_proto_icmp.c | |||
@@ -52,20 +52,20 @@ icmp_unique_tuple(struct nf_conntrack_tuple *tuple, | |||
52 | } | 52 | } |
53 | 53 | ||
54 | static int | 54 | static int |
55 | icmp_manip_pkt(struct sk_buff **pskb, | 55 | icmp_manip_pkt(struct sk_buff *skb, |
56 | unsigned int iphdroff, | 56 | unsigned int iphdroff, |
57 | const struct nf_conntrack_tuple *tuple, | 57 | const struct nf_conntrack_tuple *tuple, |
58 | enum nf_nat_manip_type maniptype) | 58 | enum nf_nat_manip_type maniptype) |
59 | { | 59 | { |
60 | struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); | 60 | struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff); |
61 | struct icmphdr *hdr; | 61 | struct icmphdr *hdr; |
62 | unsigned int hdroff = iphdroff + iph->ihl*4; | 62 | unsigned int hdroff = iphdroff + iph->ihl*4; |
63 | 63 | ||
64 | if (!skb_make_writable(*pskb, hdroff + sizeof(*hdr))) | 64 | if (!skb_make_writable(skb, hdroff + sizeof(*hdr))) |
65 | return 0; | 65 | return 0; |
66 | 66 | ||
67 | hdr = (struct icmphdr *)((*pskb)->data + hdroff); | 67 | hdr = (struct icmphdr *)(skb->data + hdroff); |
68 | nf_proto_csum_replace2(&hdr->checksum, *pskb, | 68 | nf_proto_csum_replace2(&hdr->checksum, skb, |
69 | hdr->un.echo.id, tuple->src.u.icmp.id, 0); | 69 | hdr->un.echo.id, tuple->src.u.icmp.id, 0); |
70 | hdr->un.echo.id = tuple->src.u.icmp.id; | 70 | hdr->un.echo.id = tuple->src.u.icmp.id; |
71 | return 1; | 71 | return 1; |
diff --git a/net/ipv4/netfilter/nf_nat_proto_tcp.c b/net/ipv4/netfilter/nf_nat_proto_tcp.c index e544125dc03..6bab2e18445 100644 --- a/net/ipv4/netfilter/nf_nat_proto_tcp.c +++ b/net/ipv4/netfilter/nf_nat_proto_tcp.c | |||
@@ -88,12 +88,12 @@ tcp_unique_tuple(struct nf_conntrack_tuple *tuple, | |||
88 | } | 88 | } |
89 | 89 | ||
90 | static int | 90 | static int |
91 | tcp_manip_pkt(struct sk_buff **pskb, | 91 | tcp_manip_pkt(struct sk_buff *skb, |
92 | unsigned int iphdroff, | 92 | unsigned int iphdroff, |
93 | const struct nf_conntrack_tuple *tuple, | 93 | const struct nf_conntrack_tuple *tuple, |
94 | enum nf_nat_manip_type maniptype) | 94 | enum nf_nat_manip_type maniptype) |
95 | { | 95 | { |
96 | struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); | 96 | struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff); |
97 | struct tcphdr *hdr; | 97 | struct tcphdr *hdr; |
98 | unsigned int hdroff = iphdroff + iph->ihl*4; | 98 | unsigned int hdroff = iphdroff + iph->ihl*4; |
99 | __be32 oldip, newip; | 99 | __be32 oldip, newip; |
@@ -103,14 +103,14 @@ tcp_manip_pkt(struct sk_buff **pskb, | |||
103 | /* this could be a inner header returned in icmp packet; in such | 103 | /* this could be a inner header returned in icmp packet; in such |
104 | cases we cannot update the checksum field since it is outside of | 104 | cases we cannot update the checksum field since it is outside of |
105 | the 8 bytes of transport layer headers we are guaranteed */ | 105 | the 8 bytes of transport layer headers we are guaranteed */ |
106 | if ((*pskb)->len >= hdroff + sizeof(struct tcphdr)) | 106 | if (skb->len >= hdroff + sizeof(struct tcphdr)) |
107 | hdrsize = sizeof(struct tcphdr); | 107 | hdrsize = sizeof(struct tcphdr); |
108 | 108 | ||
109 | if (!skb_make_writable(*pskb, hdroff + hdrsize)) | 109 | if (!skb_make_writable(skb, hdroff + hdrsize)) |
110 | return 0; | 110 | return 0; |
111 | 111 | ||
112 | iph = (struct iphdr *)((*pskb)->data + iphdroff); | 112 | iph = (struct iphdr *)(skb->data + iphdroff); |
113 | hdr = (struct tcphdr *)((*pskb)->data + hdroff); | 113 | hdr = (struct tcphdr *)(skb->data + hdroff); |
114 | 114 | ||
115 | if (maniptype == IP_NAT_MANIP_SRC) { | 115 | if (maniptype == IP_NAT_MANIP_SRC) { |
116 | /* Get rid of src ip and src pt */ | 116 | /* Get rid of src ip and src pt */ |
@@ -132,8 +132,8 @@ tcp_manip_pkt(struct sk_buff **pskb, | |||
132 | if (hdrsize < sizeof(*hdr)) | 132 | if (hdrsize < sizeof(*hdr)) |
133 | return 1; | 133 | return 1; |
134 | 134 | ||
135 | nf_proto_csum_replace4(&hdr->check, *pskb, oldip, newip, 1); | 135 | nf_proto_csum_replace4(&hdr->check, skb, oldip, newip, 1); |
136 | nf_proto_csum_replace2(&hdr->check, *pskb, oldport, newport, 0); | 136 | nf_proto_csum_replace2(&hdr->check, skb, oldport, newport, 0); |
137 | return 1; | 137 | return 1; |
138 | } | 138 | } |
139 | 139 | ||
diff --git a/net/ipv4/netfilter/nf_nat_proto_udp.c b/net/ipv4/netfilter/nf_nat_proto_udp.c index ebe9b42a8e9..cbf1a61e290 100644 --- a/net/ipv4/netfilter/nf_nat_proto_udp.c +++ b/net/ipv4/netfilter/nf_nat_proto_udp.c | |||
@@ -86,22 +86,22 @@ udp_unique_tuple(struct nf_conntrack_tuple *tuple, | |||
86 | } | 86 | } |
87 | 87 | ||
88 | static int | 88 | static int |
89 | udp_manip_pkt(struct sk_buff **pskb, | 89 | udp_manip_pkt(struct sk_buff *skb, |
90 | unsigned int iphdroff, | 90 | unsigned int iphdroff, |
91 | const struct nf_conntrack_tuple *tuple, | 91 | const struct nf_conntrack_tuple *tuple, |
92 | enum nf_nat_manip_type maniptype) | 92 | enum nf_nat_manip_type maniptype) |
93 | { | 93 | { |
94 | struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); | 94 | struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff); |
95 | struct udphdr *hdr; | 95 | struct udphdr *hdr; |
96 | unsigned int hdroff = iphdroff + iph->ihl*4; | 96 | unsigned int hdroff = iphdroff + iph->ihl*4; |
97 | __be32 oldip, newip; | 97 | __be32 oldip, newip; |
98 | __be16 *portptr, newport; | 98 | __be16 *portptr, newport; |
99 | 99 | ||
100 | if (!skb_make_writable(*pskb, hdroff + sizeof(*hdr))) | 100 | if (!skb_make_writable(skb, hdroff + sizeof(*hdr))) |
101 | return 0; | 101 | return 0; |
102 | 102 | ||
103 | iph = (struct iphdr *)((*pskb)->data + iphdroff); | 103 | iph = (struct iphdr *)(skb->data + iphdroff); |
104 | hdr = (struct udphdr *)((*pskb)->data + hdroff); | 104 | hdr = (struct udphdr *)(skb->data + hdroff); |
105 | 105 | ||
106 | if (maniptype == IP_NAT_MANIP_SRC) { | 106 | if (maniptype == IP_NAT_MANIP_SRC) { |
107 | /* Get rid of src ip and src pt */ | 107 | /* Get rid of src ip and src pt */ |
@@ -116,9 +116,9 @@ udp_manip_pkt(struct sk_buff **pskb, | |||
116 | newport = tuple->dst.u.udp.port; | 116 | newport = tuple->dst.u.udp.port; |
117 | portptr = &hdr->dest; | 117 | portptr = &hdr->dest; |
118 | } | 118 | } |
119 | if (hdr->check || (*pskb)->ip_summed == CHECKSUM_PARTIAL) { | 119 | if (hdr->check || skb->ip_summed == CHECKSUM_PARTIAL) { |
120 | nf_proto_csum_replace4(&hdr->check, *pskb, oldip, newip, 1); | 120 | nf_proto_csum_replace4(&hdr->check, skb, oldip, newip, 1); |
121 | nf_proto_csum_replace2(&hdr->check, *pskb, *portptr, newport, | 121 | nf_proto_csum_replace2(&hdr->check, skb, *portptr, newport, |
122 | 0); | 122 | 0); |
123 | if (!hdr->check) | 123 | if (!hdr->check) |
124 | hdr->check = CSUM_MANGLED_0; | 124 | hdr->check = CSUM_MANGLED_0; |
diff --git a/net/ipv4/netfilter/nf_nat_proto_unknown.c b/net/ipv4/netfilter/nf_nat_proto_unknown.c index f50d0203f9c..cfd2742e970 100644 --- a/net/ipv4/netfilter/nf_nat_proto_unknown.c +++ b/net/ipv4/netfilter/nf_nat_proto_unknown.c | |||
@@ -37,7 +37,7 @@ static int unknown_unique_tuple(struct nf_conntrack_tuple *tuple, | |||
37 | } | 37 | } |
38 | 38 | ||
39 | static int | 39 | static int |
40 | unknown_manip_pkt(struct sk_buff **pskb, | 40 | unknown_manip_pkt(struct sk_buff *skb, |
41 | unsigned int iphdroff, | 41 | unsigned int iphdroff, |
42 | const struct nf_conntrack_tuple *tuple, | 42 | const struct nf_conntrack_tuple *tuple, |
43 | enum nf_nat_manip_type maniptype) | 43 | enum nf_nat_manip_type maniptype) |
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c index 76ec59ae524..46b25ab5f78 100644 --- a/net/ipv4/netfilter/nf_nat_rule.c +++ b/net/ipv4/netfilter/nf_nat_rule.c | |||
@@ -65,7 +65,7 @@ static struct xt_table nat_table = { | |||
65 | }; | 65 | }; |
66 | 66 | ||
67 | /* Source NAT */ | 67 | /* Source NAT */ |
68 | static unsigned int ipt_snat_target(struct sk_buff **pskb, | 68 | static unsigned int ipt_snat_target(struct sk_buff *skb, |
69 | const struct net_device *in, | 69 | const struct net_device *in, |
70 | const struct net_device *out, | 70 | const struct net_device *out, |
71 | unsigned int hooknum, | 71 | unsigned int hooknum, |
@@ -78,7 +78,7 @@ static unsigned int ipt_snat_target(struct sk_buff **pskb, | |||
78 | 78 | ||
79 | NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); | 79 | NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); |
80 | 80 | ||
81 | ct = nf_ct_get(*pskb, &ctinfo); | 81 | ct = nf_ct_get(skb, &ctinfo); |
82 | 82 | ||
83 | /* Connection must be valid and new. */ | 83 | /* Connection must be valid and new. */ |
84 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED || | 84 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED || |
@@ -107,7 +107,7 @@ static void warn_if_extra_mangle(__be32 dstip, __be32 srcip) | |||
107 | ip_rt_put(rt); | 107 | ip_rt_put(rt); |
108 | } | 108 | } |
109 | 109 | ||
110 | static unsigned int ipt_dnat_target(struct sk_buff **pskb, | 110 | static unsigned int ipt_dnat_target(struct sk_buff *skb, |
111 | const struct net_device *in, | 111 | const struct net_device *in, |
112 | const struct net_device *out, | 112 | const struct net_device *out, |
113 | unsigned int hooknum, | 113 | unsigned int hooknum, |
@@ -121,14 +121,14 @@ static unsigned int ipt_dnat_target(struct sk_buff **pskb, | |||
121 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || | 121 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || |
122 | hooknum == NF_IP_LOCAL_OUT); | 122 | hooknum == NF_IP_LOCAL_OUT); |
123 | 123 | ||
124 | ct = nf_ct_get(*pskb, &ctinfo); | 124 | ct = nf_ct_get(skb, &ctinfo); |
125 | 125 | ||
126 | /* Connection must be valid and new. */ | 126 | /* Connection must be valid and new. */ |
127 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); | 127 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); |
128 | 128 | ||
129 | if (hooknum == NF_IP_LOCAL_OUT && | 129 | if (hooknum == NF_IP_LOCAL_OUT && |
130 | mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) | 130 | mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) |
131 | warn_if_extra_mangle(ip_hdr(*pskb)->daddr, | 131 | warn_if_extra_mangle(ip_hdr(skb)->daddr, |
132 | mr->range[0].min_ip); | 132 | mr->range[0].min_ip); |
133 | 133 | ||
134 | return nf_nat_setup_info(ct, &mr->range[0], hooknum); | 134 | return nf_nat_setup_info(ct, &mr->range[0], hooknum); |
@@ -204,7 +204,7 @@ alloc_null_binding_confirmed(struct nf_conn *ct, unsigned int hooknum) | |||
204 | return nf_nat_setup_info(ct, &range, hooknum); | 204 | return nf_nat_setup_info(ct, &range, hooknum); |
205 | } | 205 | } |
206 | 206 | ||
207 | int nf_nat_rule_find(struct sk_buff **pskb, | 207 | int nf_nat_rule_find(struct sk_buff *skb, |
208 | unsigned int hooknum, | 208 | unsigned int hooknum, |
209 | const struct net_device *in, | 209 | const struct net_device *in, |
210 | const struct net_device *out, | 210 | const struct net_device *out, |
@@ -212,7 +212,7 @@ int nf_nat_rule_find(struct sk_buff **pskb, | |||
212 | { | 212 | { |
213 | int ret; | 213 | int ret; |
214 | 214 | ||
215 | ret = ipt_do_table(pskb, hooknum, in, out, &nat_table); | 215 | ret = ipt_do_table(skb, hooknum, in, out, &nat_table); |
216 | 216 | ||
217 | if (ret == NF_ACCEPT) { | 217 | if (ret == NF_ACCEPT) { |
218 | if (!nf_nat_initialized(ct, HOOK2MANIP(hooknum))) | 218 | if (!nf_nat_initialized(ct, HOOK2MANIP(hooknum))) |
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c index e14d41976c2..ce9edbcc01e 100644 --- a/net/ipv4/netfilter/nf_nat_sip.c +++ b/net/ipv4/netfilter/nf_nat_sip.c | |||
@@ -60,7 +60,7 @@ static void addr_map_init(struct nf_conn *ct, struct addr_map *map) | |||
60 | } | 60 | } |
61 | } | 61 | } |
62 | 62 | ||
63 | static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo, | 63 | static int map_sip_addr(struct sk_buff *skb, enum ip_conntrack_info ctinfo, |
64 | struct nf_conn *ct, const char **dptr, size_t dlen, | 64 | struct nf_conn *ct, const char **dptr, size_t dlen, |
65 | enum sip_header_pos pos, struct addr_map *map) | 65 | enum sip_header_pos pos, struct addr_map *map) |
66 | { | 66 | { |
@@ -84,15 +84,15 @@ static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo, | |||
84 | } else | 84 | } else |
85 | return 1; | 85 | return 1; |
86 | 86 | ||
87 | if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, | 87 | if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo, |
88 | matchoff, matchlen, addr, addrlen)) | 88 | matchoff, matchlen, addr, addrlen)) |
89 | return 0; | 89 | return 0; |
90 | *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr); | 90 | *dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr); |
91 | return 1; | 91 | return 1; |
92 | 92 | ||
93 | } | 93 | } |
94 | 94 | ||
95 | static unsigned int ip_nat_sip(struct sk_buff **pskb, | 95 | static unsigned int ip_nat_sip(struct sk_buff *skb, |
96 | enum ip_conntrack_info ctinfo, | 96 | enum ip_conntrack_info ctinfo, |
97 | struct nf_conn *ct, | 97 | struct nf_conn *ct, |
98 | const char **dptr) | 98 | const char **dptr) |
@@ -101,8 +101,8 @@ static unsigned int ip_nat_sip(struct sk_buff **pskb, | |||
101 | struct addr_map map; | 101 | struct addr_map map; |
102 | int dataoff, datalen; | 102 | int dataoff, datalen; |
103 | 103 | ||
104 | dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); | 104 | dataoff = ip_hdrlen(skb) + sizeof(struct udphdr); |
105 | datalen = (*pskb)->len - dataoff; | 105 | datalen = skb->len - dataoff; |
106 | if (datalen < sizeof("SIP/2.0") - 1) | 106 | if (datalen < sizeof("SIP/2.0") - 1) |
107 | return NF_ACCEPT; | 107 | return NF_ACCEPT; |
108 | 108 | ||
@@ -121,19 +121,19 @@ static unsigned int ip_nat_sip(struct sk_buff **pskb, | |||
121 | else | 121 | else |
122 | pos = POS_REQ_URI; | 122 | pos = POS_REQ_URI; |
123 | 123 | ||
124 | if (!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, pos, &map)) | 124 | if (!map_sip_addr(skb, ctinfo, ct, dptr, datalen, pos, &map)) |
125 | return NF_DROP; | 125 | return NF_DROP; |
126 | } | 126 | } |
127 | 127 | ||
128 | if (!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_FROM, &map) || | 128 | if (!map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_FROM, &map) || |
129 | !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_TO, &map) || | 129 | !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_TO, &map) || |
130 | !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_VIA, &map) || | 130 | !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_VIA, &map) || |
131 | !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_CONTACT, &map)) | 131 | !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_CONTACT, &map)) |
132 | return NF_DROP; | 132 | return NF_DROP; |
133 | return NF_ACCEPT; | 133 | return NF_ACCEPT; |
134 | } | 134 | } |
135 | 135 | ||
136 | static unsigned int mangle_sip_packet(struct sk_buff **pskb, | 136 | static unsigned int mangle_sip_packet(struct sk_buff *skb, |
137 | enum ip_conntrack_info ctinfo, | 137 | enum ip_conntrack_info ctinfo, |
138 | struct nf_conn *ct, | 138 | struct nf_conn *ct, |
139 | const char **dptr, size_t dlen, | 139 | const char **dptr, size_t dlen, |
@@ -145,16 +145,16 @@ static unsigned int mangle_sip_packet(struct sk_buff **pskb, | |||
145 | if (ct_sip_get_info(ct, *dptr, dlen, &matchoff, &matchlen, pos) <= 0) | 145 | if (ct_sip_get_info(ct, *dptr, dlen, &matchoff, &matchlen, pos) <= 0) |
146 | return 0; | 146 | return 0; |
147 | 147 | ||
148 | if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, | 148 | if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo, |
149 | matchoff, matchlen, buffer, bufflen)) | 149 | matchoff, matchlen, buffer, bufflen)) |
150 | return 0; | 150 | return 0; |
151 | 151 | ||
152 | /* We need to reload this. Thanks Patrick. */ | 152 | /* We need to reload this. Thanks Patrick. */ |
153 | *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr); | 153 | *dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr); |
154 | return 1; | 154 | return 1; |
155 | } | 155 | } |
156 | 156 | ||
157 | static int mangle_content_len(struct sk_buff **pskb, | 157 | static int mangle_content_len(struct sk_buff *skb, |
158 | enum ip_conntrack_info ctinfo, | 158 | enum ip_conntrack_info ctinfo, |
159 | struct nf_conn *ct, | 159 | struct nf_conn *ct, |
160 | const char *dptr) | 160 | const char *dptr) |
@@ -163,22 +163,22 @@ static int mangle_content_len(struct sk_buff **pskb, | |||
163 | char buffer[sizeof("65536")]; | 163 | char buffer[sizeof("65536")]; |
164 | int bufflen; | 164 | int bufflen; |
165 | 165 | ||
166 | dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); | 166 | dataoff = ip_hdrlen(skb) + sizeof(struct udphdr); |
167 | 167 | ||
168 | /* Get actual SDP lenght */ | 168 | /* Get actual SDP lenght */ |
169 | if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff, | 169 | if (ct_sip_get_info(ct, dptr, skb->len - dataoff, &matchoff, |
170 | &matchlen, POS_SDP_HEADER) > 0) { | 170 | &matchlen, POS_SDP_HEADER) > 0) { |
171 | 171 | ||
172 | /* since ct_sip_get_info() give us a pointer passing 'v=' | 172 | /* since ct_sip_get_info() give us a pointer passing 'v=' |
173 | we need to add 2 bytes in this count. */ | 173 | we need to add 2 bytes in this count. */ |
174 | int c_len = (*pskb)->len - dataoff - matchoff + 2; | 174 | int c_len = skb->len - dataoff - matchoff + 2; |
175 | 175 | ||
176 | /* Now, update SDP length */ | 176 | /* Now, update SDP length */ |
177 | if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff, | 177 | if (ct_sip_get_info(ct, dptr, skb->len - dataoff, &matchoff, |
178 | &matchlen, POS_CONTENT) > 0) { | 178 | &matchlen, POS_CONTENT) > 0) { |
179 | 179 | ||
180 | bufflen = sprintf(buffer, "%u", c_len); | 180 | bufflen = sprintf(buffer, "%u", c_len); |
181 | return nf_nat_mangle_udp_packet(pskb, ct, ctinfo, | 181 | return nf_nat_mangle_udp_packet(skb, ct, ctinfo, |
182 | matchoff, matchlen, | 182 | matchoff, matchlen, |
183 | buffer, bufflen); | 183 | buffer, bufflen); |
184 | } | 184 | } |
@@ -186,7 +186,7 @@ static int mangle_content_len(struct sk_buff **pskb, | |||
186 | return 0; | 186 | return 0; |
187 | } | 187 | } |
188 | 188 | ||
189 | static unsigned int mangle_sdp(struct sk_buff **pskb, | 189 | static unsigned int mangle_sdp(struct sk_buff *skb, |
190 | enum ip_conntrack_info ctinfo, | 190 | enum ip_conntrack_info ctinfo, |
191 | struct nf_conn *ct, | 191 | struct nf_conn *ct, |
192 | __be32 newip, u_int16_t port, | 192 | __be32 newip, u_int16_t port, |
@@ -195,25 +195,25 @@ static unsigned int mangle_sdp(struct sk_buff **pskb, | |||
195 | char buffer[sizeof("nnn.nnn.nnn.nnn")]; | 195 | char buffer[sizeof("nnn.nnn.nnn.nnn")]; |
196 | unsigned int dataoff, bufflen; | 196 | unsigned int dataoff, bufflen; |
197 | 197 | ||
198 | dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); | 198 | dataoff = ip_hdrlen(skb) + sizeof(struct udphdr); |
199 | 199 | ||
200 | /* Mangle owner and contact info. */ | 200 | /* Mangle owner and contact info. */ |
201 | bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip)); | 201 | bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip)); |
202 | if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, | 202 | if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff, |
203 | buffer, bufflen, POS_OWNER_IP4)) | 203 | buffer, bufflen, POS_OWNER_IP4)) |
204 | return 0; | 204 | return 0; |
205 | 205 | ||
206 | if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, | 206 | if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff, |
207 | buffer, bufflen, POS_CONNECTION_IP4)) | 207 | buffer, bufflen, POS_CONNECTION_IP4)) |
208 | return 0; | 208 | return 0; |
209 | 209 | ||
210 | /* Mangle media port. */ | 210 | /* Mangle media port. */ |
211 | bufflen = sprintf(buffer, "%u", port); | 211 | bufflen = sprintf(buffer, "%u", port); |
212 | if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, | 212 | if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff, |
213 | buffer, bufflen, POS_MEDIA)) | 213 | buffer, bufflen, POS_MEDIA)) |
214 | return 0; | 214 | return 0; |
215 | 215 | ||
216 | return mangle_content_len(pskb, ctinfo, ct, dptr); | 216 | return mangle_content_len(skb, ctinfo, ct, dptr); |
217 | } | 217 | } |
218 | 218 | ||
219 | static void ip_nat_sdp_expect(struct nf_conn *ct, | 219 | static void ip_nat_sdp_expect(struct nf_conn *ct, |
@@ -241,7 +241,7 @@ static void ip_nat_sdp_expect(struct nf_conn *ct, | |||
241 | 241 | ||
242 | /* So, this packet has hit the connection tracking matching code. | 242 | /* So, this packet has hit the connection tracking matching code. |
243 | Mangle it, and change the expectation to match the new version. */ | 243 | Mangle it, and change the expectation to match the new version. */ |
244 | static unsigned int ip_nat_sdp(struct sk_buff **pskb, | 244 | static unsigned int ip_nat_sdp(struct sk_buff *skb, |
245 | enum ip_conntrack_info ctinfo, | 245 | enum ip_conntrack_info ctinfo, |
246 | struct nf_conntrack_expect *exp, | 246 | struct nf_conntrack_expect *exp, |
247 | const char *dptr) | 247 | const char *dptr) |
@@ -277,7 +277,7 @@ static unsigned int ip_nat_sdp(struct sk_buff **pskb, | |||
277 | if (port == 0) | 277 | if (port == 0) |
278 | return NF_DROP; | 278 | return NF_DROP; |
279 | 279 | ||
280 | if (!mangle_sdp(pskb, ctinfo, ct, newip, port, dptr)) { | 280 | if (!mangle_sdp(skb, ctinfo, ct, newip, port, dptr)) { |
281 | nf_ct_unexpect_related(exp); | 281 | nf_ct_unexpect_related(exp); |
282 | return NF_DROP; | 282 | return NF_DROP; |
283 | } | 283 | } |
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c index 87011fe806c..03709d6b4b0 100644 --- a/net/ipv4/netfilter/nf_nat_snmp_basic.c +++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c | |||
@@ -1188,9 +1188,9 @@ static int snmp_parse_mangle(unsigned char *msg, | |||
1188 | */ | 1188 | */ |
1189 | static int snmp_translate(struct nf_conn *ct, | 1189 | static int snmp_translate(struct nf_conn *ct, |
1190 | enum ip_conntrack_info ctinfo, | 1190 | enum ip_conntrack_info ctinfo, |
1191 | struct sk_buff **pskb) | 1191 | struct sk_buff *skb) |
1192 | { | 1192 | { |
1193 | struct iphdr *iph = ip_hdr(*pskb); | 1193 | struct iphdr *iph = ip_hdr(skb); |
1194 | struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl); | 1194 | struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl); |
1195 | u_int16_t udplen = ntohs(udph->len); | 1195 | u_int16_t udplen = ntohs(udph->len); |
1196 | u_int16_t paylen = udplen - sizeof(struct udphdr); | 1196 | u_int16_t paylen = udplen - sizeof(struct udphdr); |
@@ -1225,13 +1225,13 @@ static int snmp_translate(struct nf_conn *ct, | |||
1225 | 1225 | ||
1226 | /* We don't actually set up expectations, just adjust internal IP | 1226 | /* We don't actually set up expectations, just adjust internal IP |
1227 | * addresses if this is being NATted */ | 1227 | * addresses if this is being NATted */ |
1228 | static int help(struct sk_buff **pskb, unsigned int protoff, | 1228 | static int help(struct sk_buff *skb, unsigned int protoff, |
1229 | struct nf_conn *ct, | 1229 | struct nf_conn *ct, |
1230 | enum ip_conntrack_info ctinfo) | 1230 | enum ip_conntrack_info ctinfo) |
1231 | { | 1231 | { |
1232 | int dir = CTINFO2DIR(ctinfo); | 1232 | int dir = CTINFO2DIR(ctinfo); |
1233 | unsigned int ret; | 1233 | unsigned int ret; |
1234 | struct iphdr *iph = ip_hdr(*pskb); | 1234 | struct iphdr *iph = ip_hdr(skb); |
1235 | struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl); | 1235 | struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl); |
1236 | 1236 | ||
1237 | /* SNMP replies and originating SNMP traps get mangled */ | 1237 | /* SNMP replies and originating SNMP traps get mangled */ |
@@ -1250,7 +1250,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff, | |||
1250 | * enough room for a UDP header. Just verify the UDP length field so we | 1250 | * enough room for a UDP header. Just verify the UDP length field so we |
1251 | * can mess around with the payload. | 1251 | * can mess around with the payload. |
1252 | */ | 1252 | */ |
1253 | if (ntohs(udph->len) != (*pskb)->len - (iph->ihl << 2)) { | 1253 | if (ntohs(udph->len) != skb->len - (iph->ihl << 2)) { |
1254 | if (net_ratelimit()) | 1254 | if (net_ratelimit()) |
1255 | printk(KERN_WARNING "SNMP: dropping malformed packet " | 1255 | printk(KERN_WARNING "SNMP: dropping malformed packet " |
1256 | "src=%u.%u.%u.%u dst=%u.%u.%u.%u\n", | 1256 | "src=%u.%u.%u.%u dst=%u.%u.%u.%u\n", |
@@ -1258,11 +1258,11 @@ static int help(struct sk_buff **pskb, unsigned int protoff, | |||
1258 | return NF_DROP; | 1258 | return NF_DROP; |
1259 | } | 1259 | } |
1260 | 1260 | ||
1261 | if (!skb_make_writable(*pskb, (*pskb)->len)) | 1261 | if (!skb_make_writable(skb, skb->len)) |
1262 | return NF_DROP; | 1262 | return NF_DROP; |
1263 | 1263 | ||
1264 | spin_lock_bh(&snmp_lock); | 1264 | spin_lock_bh(&snmp_lock); |
1265 | ret = snmp_translate(ct, ctinfo, pskb); | 1265 | ret = snmp_translate(ct, ctinfo, skb); |
1266 | spin_unlock_bh(&snmp_lock); | 1266 | spin_unlock_bh(&snmp_lock); |
1267 | return ret; | 1267 | return ret; |
1268 | } | 1268 | } |
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c index 46cc99def16..7db76ea9af9 100644 --- a/net/ipv4/netfilter/nf_nat_standalone.c +++ b/net/ipv4/netfilter/nf_nat_standalone.c | |||
@@ -67,7 +67,7 @@ static void nat_decode_session(struct sk_buff *skb, struct flowi *fl) | |||
67 | 67 | ||
68 | static unsigned int | 68 | static unsigned int |
69 | nf_nat_fn(unsigned int hooknum, | 69 | nf_nat_fn(unsigned int hooknum, |
70 | struct sk_buff **pskb, | 70 | struct sk_buff *skb, |
71 | const struct net_device *in, | 71 | const struct net_device *in, |
72 | const struct net_device *out, | 72 | const struct net_device *out, |
73 | int (*okfn)(struct sk_buff *)) | 73 | int (*okfn)(struct sk_buff *)) |
@@ -80,9 +80,9 @@ nf_nat_fn(unsigned int hooknum, | |||
80 | 80 | ||
81 | /* We never see fragments: conntrack defrags on pre-routing | 81 | /* We never see fragments: conntrack defrags on pre-routing |
82 | and local-out, and nf_nat_out protects post-routing. */ | 82 | and local-out, and nf_nat_out protects post-routing. */ |
83 | NF_CT_ASSERT(!(ip_hdr(*pskb)->frag_off & htons(IP_MF | IP_OFFSET))); | 83 | NF_CT_ASSERT(!(ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET))); |
84 | 84 | ||
85 | ct = nf_ct_get(*pskb, &ctinfo); | 85 | ct = nf_ct_get(skb, &ctinfo); |
86 | /* Can't track? It's not due to stress, or conntrack would | 86 | /* Can't track? It's not due to stress, or conntrack would |
87 | have dropped it. Hence it's the user's responsibilty to | 87 | have dropped it. Hence it's the user's responsibilty to |
88 | packet filter it out, or implement conntrack/NAT for that | 88 | packet filter it out, or implement conntrack/NAT for that |
@@ -91,10 +91,10 @@ nf_nat_fn(unsigned int hooknum, | |||
91 | /* Exception: ICMP redirect to new connection (not in | 91 | /* Exception: ICMP redirect to new connection (not in |
92 | hash table yet). We must not let this through, in | 92 | hash table yet). We must not let this through, in |
93 | case we're doing NAT to the same network. */ | 93 | case we're doing NAT to the same network. */ |
94 | if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP) { | 94 | if (ip_hdr(skb)->protocol == IPPROTO_ICMP) { |
95 | struct icmphdr _hdr, *hp; | 95 | struct icmphdr _hdr, *hp; |
96 | 96 | ||
97 | hp = skb_header_pointer(*pskb, ip_hdrlen(*pskb), | 97 | hp = skb_header_pointer(skb, ip_hdrlen(skb), |
98 | sizeof(_hdr), &_hdr); | 98 | sizeof(_hdr), &_hdr); |
99 | if (hp != NULL && | 99 | if (hp != NULL && |
100 | hp->type == ICMP_REDIRECT) | 100 | hp->type == ICMP_REDIRECT) |
@@ -119,9 +119,9 @@ nf_nat_fn(unsigned int hooknum, | |||
119 | switch (ctinfo) { | 119 | switch (ctinfo) { |
120 | case IP_CT_RELATED: | 120 | case IP_CT_RELATED: |
121 | case IP_CT_RELATED+IP_CT_IS_REPLY: | 121 | case IP_CT_RELATED+IP_CT_IS_REPLY: |
122 | if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP) { | 122 | if (ip_hdr(skb)->protocol == IPPROTO_ICMP) { |
123 | if (!nf_nat_icmp_reply_translation(ct, ctinfo, | 123 | if (!nf_nat_icmp_reply_translation(ct, ctinfo, |
124 | hooknum, pskb)) | 124 | hooknum, skb)) |
125 | return NF_DROP; | 125 | return NF_DROP; |
126 | else | 126 | else |
127 | return NF_ACCEPT; | 127 | return NF_ACCEPT; |
@@ -141,7 +141,7 @@ nf_nat_fn(unsigned int hooknum, | |||
141 | /* LOCAL_IN hook doesn't have a chain! */ | 141 | /* LOCAL_IN hook doesn't have a chain! */ |
142 | ret = alloc_null_binding(ct, hooknum); | 142 | ret = alloc_null_binding(ct, hooknum); |
143 | else | 143 | else |
144 | ret = nf_nat_rule_find(pskb, hooknum, in, out, | 144 | ret = nf_nat_rule_find(skb, hooknum, in, out, |
145 | ct); | 145 | ct); |
146 | 146 | ||
147 | if (ret != NF_ACCEPT) { | 147 | if (ret != NF_ACCEPT) { |
@@ -159,31 +159,31 @@ nf_nat_fn(unsigned int hooknum, | |||
159 | ctinfo == (IP_CT_ESTABLISHED+IP_CT_IS_REPLY)); | 159 | ctinfo == (IP_CT_ESTABLISHED+IP_CT_IS_REPLY)); |
160 | } | 160 | } |
161 | 161 | ||
162 | return nf_nat_packet(ct, ctinfo, hooknum, pskb); | 162 | return nf_nat_packet(ct, ctinfo, hooknum, skb); |
163 | } | 163 | } |
164 | 164 | ||
165 | static unsigned int | 165 | static unsigned int |
166 | nf_nat_in(unsigned int hooknum, | 166 | nf_nat_in(unsigned int hooknum, |
167 | struct sk_buff **pskb, | 167 | struct sk_buff *skb, |
168 | const struct net_device *in, | 168 | const struct net_device *in, |
169 | const struct net_device *out, | 169 | const struct net_device *out, |
170 | int (*okfn)(struct sk_buff *)) | 170 | int (*okfn)(struct sk_buff *)) |
171 | { | 171 | { |
172 | unsigned int ret; | 172 | unsigned int ret; |
173 | __be32 daddr = ip_hdr(*pskb)->daddr; | 173 | __be32 daddr = ip_hdr(skb)->daddr; |
174 | 174 | ||
175 | ret = nf_nat_fn(hooknum, pskb, in, out, okfn); | 175 | ret = nf_nat_fn(hooknum, skb, in, out, okfn); |
176 | if (ret != NF_DROP && ret != NF_STOLEN && | 176 | if (ret != NF_DROP && ret != NF_STOLEN && |
177 | daddr != ip_hdr(*pskb)->daddr) { | 177 | daddr != ip_hdr(skb)->daddr) { |
178 | dst_release((*pskb)->dst); | 178 | dst_release(skb->dst); |
179 | (*pskb)->dst = NULL; | 179 | skb->dst = NULL; |
180 | } | 180 | } |
181 | return ret; | 181 | return ret; |
182 | } | 182 | } |
183 | 183 | ||
184 | static unsigned int | 184 | static unsigned int |
185 | nf_nat_out(unsigned int hooknum, | 185 | nf_nat_out(unsigned int hooknum, |
186 | struct sk_buff **pskb, | 186 | struct sk_buff *skb, |
187 | const struct net_device *in, | 187 | const struct net_device *in, |
188 | const struct net_device *out, | 188 | const struct net_device *out, |
189 | int (*okfn)(struct sk_buff *)) | 189 | int (*okfn)(struct sk_buff *)) |
@@ -195,14 +195,14 @@ nf_nat_out(unsigned int hooknum, | |||
195 | unsigned int ret; | 195 | unsigned int ret; |
196 | 196 | ||
197 | /* root is playing with raw sockets. */ | 197 | /* root is playing with raw sockets. */ |
198 | if ((*pskb)->len < sizeof(struct iphdr) || | 198 | if (skb->len < sizeof(struct iphdr) || |
199 | ip_hdrlen(*pskb) < sizeof(struct iphdr)) | 199 | ip_hdrlen(skb) < sizeof(struct iphdr)) |
200 | return NF_ACCEPT; | 200 | return NF_ACCEPT; |
201 | 201 | ||
202 | ret = nf_nat_fn(hooknum, pskb, in, out, okfn); | 202 | ret = nf_nat_fn(hooknum, skb, in, out, okfn); |
203 | #ifdef CONFIG_XFRM | 203 | #ifdef CONFIG_XFRM |
204 | if (ret != NF_DROP && ret != NF_STOLEN && | 204 | if (ret != NF_DROP && ret != NF_STOLEN && |
205 | (ct = nf_ct_get(*pskb, &ctinfo)) != NULL) { | 205 | (ct = nf_ct_get(skb, &ctinfo)) != NULL) { |
206 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); | 206 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); |
207 | 207 | ||
208 | if (ct->tuplehash[dir].tuple.src.u3.ip != | 208 | if (ct->tuplehash[dir].tuple.src.u3.ip != |
@@ -210,7 +210,7 @@ nf_nat_out(unsigned int hooknum, | |||
210 | || ct->tuplehash[dir].tuple.src.u.all != | 210 | || ct->tuplehash[dir].tuple.src.u.all != |
211 | ct->tuplehash[!dir].tuple.dst.u.all | 211 | ct->tuplehash[!dir].tuple.dst.u.all |
212 | ) | 212 | ) |
213 | return ip_xfrm_me_harder(pskb) == 0 ? ret : NF_DROP; | 213 | return ip_xfrm_me_harder(skb) == 0 ? ret : NF_DROP; |
214 | } | 214 | } |
215 | #endif | 215 | #endif |
216 | return ret; | 216 | return ret; |
@@ -218,7 +218,7 @@ nf_nat_out(unsigned int hooknum, | |||
218 | 218 | ||
219 | static unsigned int | 219 | static unsigned int |
220 | nf_nat_local_fn(unsigned int hooknum, | 220 | nf_nat_local_fn(unsigned int hooknum, |
221 | struct sk_buff **pskb, | 221 | struct sk_buff *skb, |
222 | const struct net_device *in, | 222 | const struct net_device *in, |
223 | const struct net_device *out, | 223 | const struct net_device *out, |
224 | int (*okfn)(struct sk_buff *)) | 224 | int (*okfn)(struct sk_buff *)) |
@@ -228,24 +228,24 @@ nf_nat_local_fn(unsigned int hooknum, | |||
228 | unsigned int ret; | 228 | unsigned int ret; |
229 | 229 | ||
230 | /* root is playing with raw sockets. */ | 230 | /* root is playing with raw sockets. */ |
231 | if ((*pskb)->len < sizeof(struct iphdr) || | 231 | if (skb->len < sizeof(struct iphdr) || |
232 | ip_hdrlen(*pskb) < sizeof(struct iphdr)) | 232 | ip_hdrlen(skb) < sizeof(struct iphdr)) |
233 | return NF_ACCEPT; | 233 | return NF_ACCEPT; |
234 | 234 | ||
235 | ret = nf_nat_fn(hooknum, pskb, in, out, okfn); | 235 | ret = nf_nat_fn(hooknum, skb, in, out, okfn); |
236 | if (ret != NF_DROP && ret != NF_STOLEN && | 236 | if (ret != NF_DROP && ret != NF_STOLEN && |
237 | (ct = nf_ct_get(*pskb, &ctinfo)) != NULL) { | 237 | (ct = nf_ct_get(skb, &ctinfo)) != NULL) { |
238 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); | 238 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); |
239 | 239 | ||
240 | if (ct->tuplehash[dir].tuple.dst.u3.ip != | 240 | if (ct->tuplehash[dir].tuple.dst.u3.ip != |
241 | ct->tuplehash[!dir].tuple.src.u3.ip) { | 241 | ct->tuplehash[!dir].tuple.src.u3.ip) { |
242 | if (ip_route_me_harder(pskb, RTN_UNSPEC)) | 242 | if (ip_route_me_harder(skb, RTN_UNSPEC)) |
243 | ret = NF_DROP; | 243 | ret = NF_DROP; |
244 | } | 244 | } |
245 | #ifdef CONFIG_XFRM | 245 | #ifdef CONFIG_XFRM |
246 | else if (ct->tuplehash[dir].tuple.dst.u.all != | 246 | else if (ct->tuplehash[dir].tuple.dst.u.all != |
247 | ct->tuplehash[!dir].tuple.src.u.all) | 247 | ct->tuplehash[!dir].tuple.src.u.all) |
248 | if (ip_xfrm_me_harder(pskb)) | 248 | if (ip_xfrm_me_harder(skb)) |
249 | ret = NF_DROP; | 249 | ret = NF_DROP; |
250 | #endif | 250 | #endif |
251 | } | 251 | } |
@@ -254,7 +254,7 @@ nf_nat_local_fn(unsigned int hooknum, | |||
254 | 254 | ||
255 | static unsigned int | 255 | static unsigned int |
256 | nf_nat_adjust(unsigned int hooknum, | 256 | nf_nat_adjust(unsigned int hooknum, |
257 | struct sk_buff **pskb, | 257 | struct sk_buff *skb, |
258 | const struct net_device *in, | 258 | const struct net_device *in, |
259 | const struct net_device *out, | 259 | const struct net_device *out, |
260 | int (*okfn)(struct sk_buff *)) | 260 | int (*okfn)(struct sk_buff *)) |
@@ -262,10 +262,10 @@ nf_nat_adjust(unsigned int hooknum, | |||
262 | struct nf_conn *ct; | 262 | struct nf_conn *ct; |
263 | enum ip_conntrack_info ctinfo; | 263 | enum ip_conntrack_info ctinfo; |
264 | 264 | ||
265 | ct = nf_ct_get(*pskb, &ctinfo); | 265 | ct = nf_ct_get(skb, &ctinfo); |
266 | if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) { | 266 | if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) { |
267 | pr_debug("nf_nat_standalone: adjusting sequence number\n"); | 267 | pr_debug("nf_nat_standalone: adjusting sequence number\n"); |
268 | if (!nf_nat_seq_adjust(pskb, ct, ctinfo)) | 268 | if (!nf_nat_seq_adjust(skb, ct, ctinfo)) |
269 | return NF_DROP; | 269 | return NF_DROP; |
270 | } | 270 | } |
271 | return NF_ACCEPT; | 271 | return NF_ACCEPT; |
diff --git a/net/ipv4/netfilter/nf_nat_tftp.c b/net/ipv4/netfilter/nf_nat_tftp.c index 04dfeaefec0..0ecec701cb4 100644 --- a/net/ipv4/netfilter/nf_nat_tftp.c +++ b/net/ipv4/netfilter/nf_nat_tftp.c | |||
@@ -20,7 +20,7 @@ MODULE_DESCRIPTION("TFTP NAT helper"); | |||
20 | MODULE_LICENSE("GPL"); | 20 | MODULE_LICENSE("GPL"); |
21 | MODULE_ALIAS("ip_nat_tftp"); | 21 | MODULE_ALIAS("ip_nat_tftp"); |
22 | 22 | ||
23 | static unsigned int help(struct sk_buff **pskb, | 23 | static unsigned int help(struct sk_buff *skb, |
24 | enum ip_conntrack_info ctinfo, | 24 | enum ip_conntrack_info ctinfo, |
25 | struct nf_conntrack_expect *exp) | 25 | struct nf_conntrack_expect *exp) |
26 | { | 26 | { |
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c index 434ef302ba8..a4edd666318 100644 --- a/net/ipv4/xfrm4_output.c +++ b/net/ipv4/xfrm4_output.c | |||
@@ -78,7 +78,7 @@ static int xfrm4_output_finish2(struct sk_buff *skb) | |||
78 | while (likely((err = xfrm4_output_one(skb)) == 0)) { | 78 | while (likely((err = xfrm4_output_one(skb)) == 0)) { |
79 | nf_reset(skb); | 79 | nf_reset(skb); |
80 | 80 | ||
81 | err = nf_hook(PF_INET, NF_IP_LOCAL_OUT, &skb, NULL, | 81 | err = nf_hook(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, |
82 | skb->dst->dev, dst_output); | 82 | skb->dst->dev, dst_output); |
83 | if (unlikely(err != 1)) | 83 | if (unlikely(err != 1)) |
84 | break; | 84 | break; |
@@ -86,7 +86,7 @@ static int xfrm4_output_finish2(struct sk_buff *skb) | |||
86 | if (!skb->dst->xfrm) | 86 | if (!skb->dst->xfrm) |
87 | return dst_output(skb); | 87 | return dst_output(skb); |
88 | 88 | ||
89 | err = nf_hook(PF_INET, NF_IP_POST_ROUTING, &skb, NULL, | 89 | err = nf_hook(PF_INET, NF_IP_POST_ROUTING, skb, NULL, |
90 | skb->dst->dev, xfrm4_output_finish2); | 90 | skb->dst->dev, xfrm4_output_finish2); |
91 | if (unlikely(err != 1)) | 91 | if (unlikely(err != 1)) |
92 | break; | 92 | break; |
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c index 38b14961391..b1326c2bf8a 100644 --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c | |||
@@ -68,15 +68,15 @@ static void nf_ip6_saveroute(const struct sk_buff *skb, struct nf_info *info) | |||
68 | } | 68 | } |
69 | } | 69 | } |
70 | 70 | ||
71 | static int nf_ip6_reroute(struct sk_buff **pskb, const struct nf_info *info) | 71 | static int nf_ip6_reroute(struct sk_buff *skb, const struct nf_info *info) |
72 | { | 72 | { |
73 | struct ip6_rt_info *rt_info = nf_info_reroute(info); | 73 | struct ip6_rt_info *rt_info = nf_info_reroute(info); |
74 | 74 | ||
75 | if (info->hook == NF_IP6_LOCAL_OUT) { | 75 | if (info->hook == NF_IP6_LOCAL_OUT) { |
76 | struct ipv6hdr *iph = ipv6_hdr(*pskb); | 76 | struct ipv6hdr *iph = ipv6_hdr(skb); |
77 | if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) || | 77 | if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) || |
78 | !ipv6_addr_equal(&iph->saddr, &rt_info->saddr)) | 78 | !ipv6_addr_equal(&iph->saddr, &rt_info->saddr)) |
79 | return ip6_route_me_harder(*pskb); | 79 | return ip6_route_me_harder(skb); |
80 | } | 80 | } |
81 | return 0; | 81 | return 0; |
82 | } | 82 | } |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index cd9df02bb85..acaba153793 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -205,7 +205,7 @@ ip6_checkentry(const struct ip6t_ip6 *ipv6) | |||
205 | } | 205 | } |
206 | 206 | ||
207 | static unsigned int | 207 | static unsigned int |
208 | ip6t_error(struct sk_buff **pskb, | 208 | ip6t_error(struct sk_buff *skb, |
209 | const struct net_device *in, | 209 | const struct net_device *in, |
210 | const struct net_device *out, | 210 | const struct net_device *out, |
211 | unsigned int hooknum, | 211 | unsigned int hooknum, |
@@ -350,7 +350,7 @@ static void trace_packet(struct sk_buff *skb, | |||
350 | 350 | ||
351 | /* Returns one of the generic firewall policies, like NF_ACCEPT. */ | 351 | /* Returns one of the generic firewall policies, like NF_ACCEPT. */ |
352 | unsigned int | 352 | unsigned int |
353 | ip6t_do_table(struct sk_buff **pskb, | 353 | ip6t_do_table(struct sk_buff *skb, |
354 | unsigned int hook, | 354 | unsigned int hook, |
355 | const struct net_device *in, | 355 | const struct net_device *in, |
356 | const struct net_device *out, | 356 | const struct net_device *out, |
@@ -389,17 +389,17 @@ ip6t_do_table(struct sk_buff **pskb, | |||
389 | do { | 389 | do { |
390 | IP_NF_ASSERT(e); | 390 | IP_NF_ASSERT(e); |
391 | IP_NF_ASSERT(back); | 391 | IP_NF_ASSERT(back); |
392 | if (ip6_packet_match(*pskb, indev, outdev, &e->ipv6, | 392 | if (ip6_packet_match(skb, indev, outdev, &e->ipv6, |
393 | &protoff, &offset, &hotdrop)) { | 393 | &protoff, &offset, &hotdrop)) { |
394 | struct ip6t_entry_target *t; | 394 | struct ip6t_entry_target *t; |
395 | 395 | ||
396 | if (IP6T_MATCH_ITERATE(e, do_match, | 396 | if (IP6T_MATCH_ITERATE(e, do_match, |
397 | *pskb, in, out, | 397 | skb, in, out, |
398 | offset, protoff, &hotdrop) != 0) | 398 | offset, protoff, &hotdrop) != 0) |
399 | goto no_match; | 399 | goto no_match; |
400 | 400 | ||
401 | ADD_COUNTER(e->counters, | 401 | ADD_COUNTER(e->counters, |
402 | ntohs(ipv6_hdr(*pskb)->payload_len) | 402 | ntohs(ipv6_hdr(skb)->payload_len) |
403 | + IPV6_HDR_LEN, | 403 | + IPV6_HDR_LEN, |
404 | 1); | 404 | 1); |
405 | 405 | ||
@@ -409,8 +409,8 @@ ip6t_do_table(struct sk_buff **pskb, | |||
409 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ | 409 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ |
410 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) | 410 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) |
411 | /* The packet is traced: log it */ | 411 | /* The packet is traced: log it */ |
412 | if (unlikely((*pskb)->nf_trace)) | 412 | if (unlikely(skb->nf_trace)) |
413 | trace_packet(*pskb, hook, in, out, | 413 | trace_packet(skb, hook, in, out, |
414 | table->name, private, e); | 414 | table->name, private, e); |
415 | #endif | 415 | #endif |
416 | /* Standard target? */ | 416 | /* Standard target? */ |
@@ -448,7 +448,7 @@ ip6t_do_table(struct sk_buff **pskb, | |||
448 | ((struct ip6t_entry *)table_base)->comefrom | 448 | ((struct ip6t_entry *)table_base)->comefrom |
449 | = 0xeeeeeeec; | 449 | = 0xeeeeeeec; |
450 | #endif | 450 | #endif |
451 | verdict = t->u.kernel.target->target(pskb, | 451 | verdict = t->u.kernel.target->target(skb, |
452 | in, out, | 452 | in, out, |
453 | hook, | 453 | hook, |
454 | t->u.kernel.target, | 454 | t->u.kernel.target, |
diff --git a/net/ipv6/netfilter/ip6t_HL.c b/net/ipv6/netfilter/ip6t_HL.c index f76197fc4dc..9afc836fd45 100644 --- a/net/ipv6/netfilter/ip6t_HL.c +++ b/net/ipv6/netfilter/ip6t_HL.c | |||
@@ -18,7 +18,7 @@ MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>"); | |||
18 | MODULE_DESCRIPTION("IP6 tables Hop Limit modification module"); | 18 | MODULE_DESCRIPTION("IP6 tables Hop Limit modification module"); |
19 | MODULE_LICENSE("GPL"); | 19 | MODULE_LICENSE("GPL"); |
20 | 20 | ||
21 | static unsigned int ip6t_hl_target(struct sk_buff **pskb, | 21 | static unsigned int ip6t_hl_target(struct sk_buff *skb, |
22 | const struct net_device *in, | 22 | const struct net_device *in, |
23 | const struct net_device *out, | 23 | const struct net_device *out, |
24 | unsigned int hooknum, | 24 | unsigned int hooknum, |
@@ -29,10 +29,10 @@ static unsigned int ip6t_hl_target(struct sk_buff **pskb, | |||
29 | const struct ip6t_HL_info *info = targinfo; | 29 | const struct ip6t_HL_info *info = targinfo; |
30 | int new_hl; | 30 | int new_hl; |
31 | 31 | ||
32 | if (!skb_make_writable(*pskb, (*pskb)->len)) | 32 | if (!skb_make_writable(skb, skb->len)) |
33 | return NF_DROP; | 33 | return NF_DROP; |
34 | 34 | ||
35 | ip6h = ipv6_hdr(*pskb); | 35 | ip6h = ipv6_hdr(skb); |
36 | 36 | ||
37 | switch (info->mode) { | 37 | switch (info->mode) { |
38 | case IP6T_HL_SET: | 38 | case IP6T_HL_SET: |
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c index 6ab99001dcc..7a48c342df4 100644 --- a/net/ipv6/netfilter/ip6t_LOG.c +++ b/net/ipv6/netfilter/ip6t_LOG.c | |||
@@ -431,7 +431,7 @@ ip6t_log_packet(unsigned int pf, | |||
431 | } | 431 | } |
432 | 432 | ||
433 | static unsigned int | 433 | static unsigned int |
434 | ip6t_log_target(struct sk_buff **pskb, | 434 | ip6t_log_target(struct sk_buff *skb, |
435 | const struct net_device *in, | 435 | const struct net_device *in, |
436 | const struct net_device *out, | 436 | const struct net_device *out, |
437 | unsigned int hooknum, | 437 | unsigned int hooknum, |
@@ -445,8 +445,7 @@ ip6t_log_target(struct sk_buff **pskb, | |||
445 | li.u.log.level = loginfo->level; | 445 | li.u.log.level = loginfo->level; |
446 | li.u.log.logflags = loginfo->logflags; | 446 | li.u.log.logflags = loginfo->logflags; |
447 | 447 | ||
448 | ip6t_log_packet(PF_INET6, hooknum, *pskb, in, out, &li, | 448 | ip6t_log_packet(PF_INET6, hooknum, skb, in, out, &li, loginfo->prefix); |
449 | loginfo->prefix); | ||
450 | return XT_CONTINUE; | 449 | return XT_CONTINUE; |
451 | } | 450 | } |
452 | 451 | ||
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c index 3fd08d5567a..1a7d2917545 100644 --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c | |||
@@ -172,7 +172,7 @@ send_unreach(struct sk_buff *skb_in, unsigned char code, unsigned int hooknum) | |||
172 | icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0, NULL); | 172 | icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0, NULL); |
173 | } | 173 | } |
174 | 174 | ||
175 | static unsigned int reject6_target(struct sk_buff **pskb, | 175 | static unsigned int reject6_target(struct sk_buff *skb, |
176 | const struct net_device *in, | 176 | const struct net_device *in, |
177 | const struct net_device *out, | 177 | const struct net_device *out, |
178 | unsigned int hooknum, | 178 | unsigned int hooknum, |
@@ -187,25 +187,25 @@ static unsigned int reject6_target(struct sk_buff **pskb, | |||
187 | must return an absolute verdict. --RR */ | 187 | must return an absolute verdict. --RR */ |
188 | switch (reject->with) { | 188 | switch (reject->with) { |
189 | case IP6T_ICMP6_NO_ROUTE: | 189 | case IP6T_ICMP6_NO_ROUTE: |
190 | send_unreach(*pskb, ICMPV6_NOROUTE, hooknum); | 190 | send_unreach(skb, ICMPV6_NOROUTE, hooknum); |
191 | break; | 191 | break; |
192 | case IP6T_ICMP6_ADM_PROHIBITED: | 192 | case IP6T_ICMP6_ADM_PROHIBITED: |
193 | send_unreach(*pskb, ICMPV6_ADM_PROHIBITED, hooknum); | 193 | send_unreach(skb, ICMPV6_ADM_PROHIBITED, hooknum); |
194 | break; | 194 | break; |
195 | case IP6T_ICMP6_NOT_NEIGHBOUR: | 195 | case IP6T_ICMP6_NOT_NEIGHBOUR: |
196 | send_unreach(*pskb, ICMPV6_NOT_NEIGHBOUR, hooknum); | 196 | send_unreach(skb, ICMPV6_NOT_NEIGHBOUR, hooknum); |
197 | break; | 197 | break; |
198 | case IP6T_ICMP6_ADDR_UNREACH: | 198 | case IP6T_ICMP6_ADDR_UNREACH: |
199 | send_unreach(*pskb, ICMPV6_ADDR_UNREACH, hooknum); | 199 | send_unreach(skb, ICMPV6_ADDR_UNREACH, hooknum); |
200 | break; | 200 | break; |
201 | case IP6T_ICMP6_PORT_UNREACH: | 201 | case IP6T_ICMP6_PORT_UNREACH: |
202 | send_unreach(*pskb, ICMPV6_PORT_UNREACH, hooknum); | 202 | send_unreach(skb, ICMPV6_PORT_UNREACH, hooknum); |
203 | break; | 203 | break; |
204 | case IP6T_ICMP6_ECHOREPLY: | 204 | case IP6T_ICMP6_ECHOREPLY: |
205 | /* Do nothing */ | 205 | /* Do nothing */ |
206 | break; | 206 | break; |
207 | case IP6T_TCP_RESET: | 207 | case IP6T_TCP_RESET: |
208 | send_reset(*pskb); | 208 | send_reset(skb); |
209 | break; | 209 | break; |
210 | default: | 210 | default: |
211 | if (net_ratelimit()) | 211 | if (net_ratelimit()) |
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c index 7e32e2aaf7f..1d26b202bf3 100644 --- a/net/ipv6/netfilter/ip6table_filter.c +++ b/net/ipv6/netfilter/ip6table_filter.c | |||
@@ -60,32 +60,32 @@ static struct xt_table packet_filter = { | |||
60 | /* The work comes in here from netfilter.c. */ | 60 | /* The work comes in here from netfilter.c. */ |
61 | static unsigned int | 61 | static unsigned int |
62 | ip6t_hook(unsigned int hook, | 62 | ip6t_hook(unsigned int hook, |
63 | struct sk_buff **pskb, | 63 | struct sk_buff *skb, |
64 | const struct net_device *in, | 64 | const struct net_device *in, |
65 | const struct net_device *out, | 65 | const struct net_device *out, |
66 | int (*okfn)(struct sk_buff *)) | 66 | int (*okfn)(struct sk_buff *)) |
67 | { | 67 | { |
68 | return ip6t_do_table(pskb, hook, in, out, &packet_filter); | 68 | return ip6t_do_table(skb, hook, in, out, &packet_filter); |
69 | } | 69 | } |
70 | 70 | ||
71 | static unsigned int | 71 | static unsigned int |
72 | ip6t_local_out_hook(unsigned int hook, | 72 | ip6t_local_out_hook(unsigned int hook, |
73 | struct sk_buff **pskb, | 73 | struct sk_buff *skb, |
74 | const struct net_device *in, | 74 | const struct net_device *in, |
75 | const struct net_device *out, | 75 | const struct net_device *out, |
76 | int (*okfn)(struct sk_buff *)) | 76 | int (*okfn)(struct sk_buff *)) |
77 | { | 77 | { |
78 | #if 0 | 78 | #if 0 |
79 | /* root is playing with raw sockets. */ | 79 | /* root is playing with raw sockets. */ |
80 | if ((*pskb)->len < sizeof(struct iphdr) | 80 | if (skb->len < sizeof(struct iphdr) |
81 | || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { | 81 | || ip_hdrlen(skb) < sizeof(struct iphdr)) { |
82 | if (net_ratelimit()) | 82 | if (net_ratelimit()) |
83 | printk("ip6t_hook: happy cracking.\n"); | 83 | printk("ip6t_hook: happy cracking.\n"); |
84 | return NF_ACCEPT; | 84 | return NF_ACCEPT; |
85 | } | 85 | } |
86 | #endif | 86 | #endif |
87 | 87 | ||
88 | return ip6t_do_table(pskb, hook, in, out, &packet_filter); | 88 | return ip6t_do_table(skb, hook, in, out, &packet_filter); |
89 | } | 89 | } |
90 | 90 | ||
91 | static struct nf_hook_ops ip6t_ops[] = { | 91 | static struct nf_hook_ops ip6t_ops[] = { |
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c index f0a9efa67fb..a0b6381f1e8 100644 --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c | |||
@@ -68,17 +68,17 @@ static struct xt_table packet_mangler = { | |||
68 | /* The work comes in here from netfilter.c. */ | 68 | /* The work comes in here from netfilter.c. */ |
69 | static unsigned int | 69 | static unsigned int |
70 | ip6t_route_hook(unsigned int hook, | 70 | ip6t_route_hook(unsigned int hook, |
71 | struct sk_buff **pskb, | 71 | struct sk_buff *skb, |
72 | const struct net_device *in, | 72 | const struct net_device *in, |
73 | const struct net_device *out, | 73 | const struct net_device *out, |
74 | int (*okfn)(struct sk_buff *)) | 74 | int (*okfn)(struct sk_buff *)) |
75 | { | 75 | { |
76 | return ip6t_do_table(pskb, hook, in, out, &packet_mangler); | 76 | return ip6t_do_table(skb, hook, in, out, &packet_mangler); |
77 | } | 77 | } |
78 | 78 | ||
79 | static unsigned int | 79 | static unsigned int |
80 | ip6t_local_hook(unsigned int hook, | 80 | ip6t_local_hook(unsigned int hook, |
81 | struct sk_buff **pskb, | 81 | struct sk_buff *skb, |
82 | const struct net_device *in, | 82 | const struct net_device *in, |
83 | const struct net_device *out, | 83 | const struct net_device *out, |
84 | int (*okfn)(struct sk_buff *)) | 84 | int (*okfn)(struct sk_buff *)) |
@@ -91,8 +91,8 @@ ip6t_local_hook(unsigned int hook, | |||
91 | 91 | ||
92 | #if 0 | 92 | #if 0 |
93 | /* root is playing with raw sockets. */ | 93 | /* root is playing with raw sockets. */ |
94 | if ((*pskb)->len < sizeof(struct iphdr) | 94 | if (skb->len < sizeof(struct iphdr) |
95 | || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { | 95 | || ip_hdrlen(skb) < sizeof(struct iphdr)) { |
96 | if (net_ratelimit()) | 96 | if (net_ratelimit()) |
97 | printk("ip6t_hook: happy cracking.\n"); | 97 | printk("ip6t_hook: happy cracking.\n"); |
98 | return NF_ACCEPT; | 98 | return NF_ACCEPT; |
@@ -100,22 +100,22 @@ ip6t_local_hook(unsigned int hook, | |||
100 | #endif | 100 | #endif |
101 | 101 | ||
102 | /* save source/dest address, mark, hoplimit, flowlabel, priority, */ | 102 | /* save source/dest address, mark, hoplimit, flowlabel, priority, */ |
103 | memcpy(&saddr, &ipv6_hdr(*pskb)->saddr, sizeof(saddr)); | 103 | memcpy(&saddr, &ipv6_hdr(skb)->saddr, sizeof(saddr)); |
104 | memcpy(&daddr, &ipv6_hdr(*pskb)->daddr, sizeof(daddr)); | 104 | memcpy(&daddr, &ipv6_hdr(skb)->daddr, sizeof(daddr)); |
105 | mark = (*pskb)->mark; | 105 | mark = skb->mark; |
106 | hop_limit = ipv6_hdr(*pskb)->hop_limit; | 106 | hop_limit = ipv6_hdr(skb)->hop_limit; |
107 | 107 | ||
108 | /* flowlabel and prio (includes version, which shouldn't change either */ | 108 | /* flowlabel and prio (includes version, which shouldn't change either */ |
109 | flowlabel = *((u_int32_t *)ipv6_hdr(*pskb)); | 109 | flowlabel = *((u_int32_t *)ipv6_hdr(skb)); |
110 | 110 | ||
111 | ret = ip6t_do_table(pskb, hook, in, out, &packet_mangler); | 111 | ret = ip6t_do_table(skb, hook, in, out, &packet_mangler); |
112 | 112 | ||
113 | if (ret != NF_DROP && ret != NF_STOLEN | 113 | if (ret != NF_DROP && ret != NF_STOLEN |
114 | && (memcmp(&ipv6_hdr(*pskb)->saddr, &saddr, sizeof(saddr)) | 114 | && (memcmp(&ipv6_hdr(skb)->saddr, &saddr, sizeof(saddr)) |
115 | || memcmp(&ipv6_hdr(*pskb)->daddr, &daddr, sizeof(daddr)) | 115 | || memcmp(&ipv6_hdr(skb)->daddr, &daddr, sizeof(daddr)) |
116 | || (*pskb)->mark != mark | 116 | || skb->mark != mark |
117 | || ipv6_hdr(*pskb)->hop_limit != hop_limit)) | 117 | || ipv6_hdr(skb)->hop_limit != hop_limit)) |
118 | return ip6_route_me_harder(*pskb) == 0 ? ret : NF_DROP; | 118 | return ip6_route_me_harder(skb) == 0 ? ret : NF_DROP; |
119 | 119 | ||
120 | return ret; | 120 | return ret; |
121 | } | 121 | } |
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c index ec290e4ebdd..8f7109f991e 100644 --- a/net/ipv6/netfilter/ip6table_raw.c +++ b/net/ipv6/netfilter/ip6table_raw.c | |||
@@ -46,12 +46,12 @@ static struct xt_table packet_raw = { | |||
46 | /* The work comes in here from netfilter.c. */ | 46 | /* The work comes in here from netfilter.c. */ |
47 | static unsigned int | 47 | static unsigned int |
48 | ip6t_hook(unsigned int hook, | 48 | ip6t_hook(unsigned int hook, |
49 | struct sk_buff **pskb, | 49 | struct sk_buff *skb, |
50 | const struct net_device *in, | 50 | const struct net_device *in, |
51 | const struct net_device *out, | 51 | const struct net_device *out, |
52 | int (*okfn)(struct sk_buff *)) | 52 | int (*okfn)(struct sk_buff *)) |
53 | { | 53 | { |
54 | return ip6t_do_table(pskb, hook, in, out, &packet_raw); | 54 | return ip6t_do_table(skb, hook, in, out, &packet_raw); |
55 | } | 55 | } |
56 | 56 | ||
57 | static struct nf_hook_ops ip6t_ops[] = { | 57 | static struct nf_hook_ops ip6t_ops[] = { |
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c index 37a3db92695..e9369dc0238 100644 --- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c +++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | |||
@@ -145,7 +145,7 @@ static int ipv6_get_l4proto(const struct sk_buff *skb, unsigned int nhoff, | |||
145 | } | 145 | } |
146 | 146 | ||
147 | static unsigned int ipv6_confirm(unsigned int hooknum, | 147 | static unsigned int ipv6_confirm(unsigned int hooknum, |
148 | struct sk_buff **pskb, | 148 | struct sk_buff *skb, |
149 | const struct net_device *in, | 149 | const struct net_device *in, |
150 | const struct net_device *out, | 150 | const struct net_device *out, |
151 | int (*okfn)(struct sk_buff *)) | 151 | int (*okfn)(struct sk_buff *)) |
@@ -155,12 +155,12 @@ static unsigned int ipv6_confirm(unsigned int hooknum, | |||
155 | struct nf_conntrack_helper *helper; | 155 | struct nf_conntrack_helper *helper; |
156 | enum ip_conntrack_info ctinfo; | 156 | enum ip_conntrack_info ctinfo; |
157 | unsigned int ret, protoff; | 157 | unsigned int ret, protoff; |
158 | unsigned int extoff = (u8 *)(ipv6_hdr(*pskb) + 1) - (*pskb)->data; | 158 | unsigned int extoff = (u8 *)(ipv6_hdr(skb) + 1) - skb->data; |
159 | unsigned char pnum = ipv6_hdr(*pskb)->nexthdr; | 159 | unsigned char pnum = ipv6_hdr(skb)->nexthdr; |
160 | 160 | ||
161 | 161 | ||
162 | /* This is where we call the helper: as the packet goes out. */ | 162 | /* This is where we call the helper: as the packet goes out. */ |
163 | ct = nf_ct_get(*pskb, &ctinfo); | 163 | ct = nf_ct_get(skb, &ctinfo); |
164 | if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY) | 164 | if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY) |
165 | goto out; | 165 | goto out; |
166 | 166 | ||
@@ -172,23 +172,23 @@ static unsigned int ipv6_confirm(unsigned int hooknum, | |||
172 | if (!helper) | 172 | if (!helper) |
173 | goto out; | 173 | goto out; |
174 | 174 | ||
175 | protoff = nf_ct_ipv6_skip_exthdr(*pskb, extoff, &pnum, | 175 | protoff = nf_ct_ipv6_skip_exthdr(skb, extoff, &pnum, |
176 | (*pskb)->len - extoff); | 176 | skb->len - extoff); |
177 | if (protoff > (*pskb)->len || pnum == NEXTHDR_FRAGMENT) { | 177 | if (protoff > skb->len || pnum == NEXTHDR_FRAGMENT) { |
178 | pr_debug("proto header not found\n"); | 178 | pr_debug("proto header not found\n"); |
179 | return NF_ACCEPT; | 179 | return NF_ACCEPT; |
180 | } | 180 | } |
181 | 181 | ||
182 | ret = helper->help(pskb, protoff, ct, ctinfo); | 182 | ret = helper->help(skb, protoff, ct, ctinfo); |
183 | if (ret != NF_ACCEPT) | 183 | if (ret != NF_ACCEPT) |
184 | return ret; | 184 | return ret; |
185 | out: | 185 | out: |
186 | /* We've seen it coming out the other side: confirm it */ | 186 | /* We've seen it coming out the other side: confirm it */ |
187 | return nf_conntrack_confirm(pskb); | 187 | return nf_conntrack_confirm(skb); |
188 | } | 188 | } |
189 | 189 | ||
190 | static unsigned int ipv6_defrag(unsigned int hooknum, | 190 | static unsigned int ipv6_defrag(unsigned int hooknum, |
191 | struct sk_buff **pskb, | 191 | struct sk_buff *skb, |
192 | const struct net_device *in, | 192 | const struct net_device *in, |
193 | const struct net_device *out, | 193 | const struct net_device *out, |
194 | int (*okfn)(struct sk_buff *)) | 194 | int (*okfn)(struct sk_buff *)) |
@@ -196,17 +196,17 @@ static unsigned int ipv6_defrag(unsigned int hooknum, | |||
196 | struct sk_buff *reasm; | 196 | struct sk_buff *reasm; |
197 | 197 | ||
198 | /* Previously seen (loopback)? */ | 198 | /* Previously seen (loopback)? */ |
199 | if ((*pskb)->nfct) | 199 | if (skb->nfct) |
200 | return NF_ACCEPT; | 200 | return NF_ACCEPT; |
201 | 201 | ||
202 | reasm = nf_ct_frag6_gather(*pskb); | 202 | reasm = nf_ct_frag6_gather(skb); |
203 | 203 | ||
204 | /* queued */ | 204 | /* queued */ |
205 | if (reasm == NULL) | 205 | if (reasm == NULL) |
206 | return NF_STOLEN; | 206 | return NF_STOLEN; |
207 | 207 | ||
208 | /* error occured or not fragmented */ | 208 | /* error occured or not fragmented */ |
209 | if (reasm == *pskb) | 209 | if (reasm == skb) |
210 | return NF_ACCEPT; | 210 | return NF_ACCEPT; |
211 | 211 | ||
212 | nf_ct_frag6_output(hooknum, reasm, (struct net_device *)in, | 212 | nf_ct_frag6_output(hooknum, reasm, (struct net_device *)in, |
@@ -216,12 +216,12 @@ static unsigned int ipv6_defrag(unsigned int hooknum, | |||
216 | } | 216 | } |
217 | 217 | ||
218 | static unsigned int ipv6_conntrack_in(unsigned int hooknum, | 218 | static unsigned int ipv6_conntrack_in(unsigned int hooknum, |
219 | struct sk_buff **pskb, | 219 | struct sk_buff *skb, |
220 | const struct net_device *in, | 220 | const struct net_device *in, |
221 | const struct net_device *out, | 221 | const struct net_device *out, |
222 | int (*okfn)(struct sk_buff *)) | 222 | int (*okfn)(struct sk_buff *)) |
223 | { | 223 | { |
224 | struct sk_buff *reasm = (*pskb)->nfct_reasm; | 224 | struct sk_buff *reasm = skb->nfct_reasm; |
225 | 225 | ||
226 | /* This packet is fragmented and has reassembled packet. */ | 226 | /* This packet is fragmented and has reassembled packet. */ |
227 | if (reasm) { | 227 | if (reasm) { |
@@ -229,32 +229,32 @@ static unsigned int ipv6_conntrack_in(unsigned int hooknum, | |||
229 | if (!reasm->nfct) { | 229 | if (!reasm->nfct) { |
230 | unsigned int ret; | 230 | unsigned int ret; |
231 | 231 | ||
232 | ret = nf_conntrack_in(PF_INET6, hooknum, &reasm); | 232 | ret = nf_conntrack_in(PF_INET6, hooknum, reasm); |
233 | if (ret != NF_ACCEPT) | 233 | if (ret != NF_ACCEPT) |
234 | return ret; | 234 | return ret; |
235 | } | 235 | } |
236 | nf_conntrack_get(reasm->nfct); | 236 | nf_conntrack_get(reasm->nfct); |
237 | (*pskb)->nfct = reasm->nfct; | 237 | skb->nfct = reasm->nfct; |
238 | (*pskb)->nfctinfo = reasm->nfctinfo; | 238 | skb->nfctinfo = reasm->nfctinfo; |
239 | return NF_ACCEPT; | 239 | return NF_ACCEPT; |
240 | } | 240 | } |
241 | 241 | ||
242 | return nf_conntrack_in(PF_INET6, hooknum, pskb); | 242 | return nf_conntrack_in(PF_INET6, hooknum, skb); |
243 | } | 243 | } |
244 | 244 | ||
245 | static unsigned int ipv6_conntrack_local(unsigned int hooknum, | 245 | static unsigned int ipv6_conntrack_local(unsigned int hooknum, |
246 | struct sk_buff **pskb, | 246 | struct sk_buff *skb, |
247 | const struct net_device *in, | 247 | const struct net_device *in, |
248 | const struct net_device *out, | 248 | const struct net_device *out, |
249 | int (*okfn)(struct sk_buff *)) | 249 | int (*okfn)(struct sk_buff *)) |
250 | { | 250 | { |
251 | /* root is playing with raw sockets. */ | 251 | /* root is playing with raw sockets. */ |
252 | if ((*pskb)->len < sizeof(struct ipv6hdr)) { | 252 | if (skb->len < sizeof(struct ipv6hdr)) { |
253 | if (net_ratelimit()) | 253 | if (net_ratelimit()) |
254 | printk("ipv6_conntrack_local: packet too short\n"); | 254 | printk("ipv6_conntrack_local: packet too short\n"); |
255 | return NF_ACCEPT; | 255 | return NF_ACCEPT; |
256 | } | 256 | } |
257 | return ipv6_conntrack_in(hooknum, pskb, in, out, okfn); | 257 | return ipv6_conntrack_in(hooknum, skb, in, out, okfn); |
258 | } | 258 | } |
259 | 259 | ||
260 | static struct nf_hook_ops ipv6_conntrack_ops[] = { | 260 | static struct nf_hook_ops ipv6_conntrack_ops[] = { |
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c index 4618c18e611..a5a32c17249 100644 --- a/net/ipv6/xfrm6_output.c +++ b/net/ipv6/xfrm6_output.c | |||
@@ -80,7 +80,7 @@ static int xfrm6_output_finish2(struct sk_buff *skb) | |||
80 | while (likely((err = xfrm6_output_one(skb)) == 0)) { | 80 | while (likely((err = xfrm6_output_one(skb)) == 0)) { |
81 | nf_reset(skb); | 81 | nf_reset(skb); |
82 | 82 | ||
83 | err = nf_hook(PF_INET6, NF_IP6_LOCAL_OUT, &skb, NULL, | 83 | err = nf_hook(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, |
84 | skb->dst->dev, dst_output); | 84 | skb->dst->dev, dst_output); |
85 | if (unlikely(err != 1)) | 85 | if (unlikely(err != 1)) |
86 | break; | 86 | break; |
@@ -88,7 +88,7 @@ static int xfrm6_output_finish2(struct sk_buff *skb) | |||
88 | if (!skb->dst->xfrm) | 88 | if (!skb->dst->xfrm) |
89 | return dst_output(skb); | 89 | return dst_output(skb); |
90 | 90 | ||
91 | err = nf_hook(PF_INET6, NF_IP6_POST_ROUTING, &skb, NULL, | 91 | err = nf_hook(PF_INET6, NF_IP6_POST_ROUTING, skb, NULL, |
92 | skb->dst->dev, xfrm6_output_finish2); | 92 | skb->dst->dev, xfrm6_output_finish2); |
93 | if (unlikely(err != 1)) | 93 | if (unlikely(err != 1)) |
94 | break; | 94 | break; |
diff --git a/net/netfilter/core.c b/net/netfilter/core.c index 2c9e8e3652d..bed9ba01e8e 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c | |||
@@ -117,7 +117,7 @@ void nf_unregister_hooks(struct nf_hook_ops *reg, unsigned int n) | |||
117 | EXPORT_SYMBOL(nf_unregister_hooks); | 117 | EXPORT_SYMBOL(nf_unregister_hooks); |
118 | 118 | ||
119 | unsigned int nf_iterate(struct list_head *head, | 119 | unsigned int nf_iterate(struct list_head *head, |
120 | struct sk_buff **skb, | 120 | struct sk_buff *skb, |
121 | int hook, | 121 | int hook, |
122 | const struct net_device *indev, | 122 | const struct net_device *indev, |
123 | const struct net_device *outdev, | 123 | const struct net_device *outdev, |
@@ -160,7 +160,7 @@ unsigned int nf_iterate(struct list_head *head, | |||
160 | 160 | ||
161 | /* Returns 1 if okfn() needs to be executed by the caller, | 161 | /* Returns 1 if okfn() needs to be executed by the caller, |
162 | * -EPERM for NF_DROP, 0 otherwise. */ | 162 | * -EPERM for NF_DROP, 0 otherwise. */ |
163 | int nf_hook_slow(int pf, unsigned int hook, struct sk_buff **pskb, | 163 | int nf_hook_slow(int pf, unsigned int hook, struct sk_buff *skb, |
164 | struct net_device *indev, | 164 | struct net_device *indev, |
165 | struct net_device *outdev, | 165 | struct net_device *outdev, |
166 | int (*okfn)(struct sk_buff *), | 166 | int (*okfn)(struct sk_buff *), |
@@ -175,17 +175,17 @@ int nf_hook_slow(int pf, unsigned int hook, struct sk_buff **pskb, | |||
175 | 175 | ||
176 | elem = &nf_hooks[pf][hook]; | 176 | elem = &nf_hooks[pf][hook]; |
177 | next_hook: | 177 | next_hook: |
178 | verdict = nf_iterate(&nf_hooks[pf][hook], pskb, hook, indev, | 178 | verdict = nf_iterate(&nf_hooks[pf][hook], skb, hook, indev, |
179 | outdev, &elem, okfn, hook_thresh); | 179 | outdev, &elem, okfn, hook_thresh); |
180 | if (verdict == NF_ACCEPT || verdict == NF_STOP) { | 180 | if (verdict == NF_ACCEPT || verdict == NF_STOP) { |
181 | ret = 1; | 181 | ret = 1; |
182 | goto unlock; | 182 | goto unlock; |
183 | } else if (verdict == NF_DROP) { | 183 | } else if (verdict == NF_DROP) { |
184 | kfree_skb(*pskb); | 184 | kfree_skb(skb); |
185 | ret = -EPERM; | 185 | ret = -EPERM; |
186 | } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) { | 186 | } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) { |
187 | NFDEBUG("nf_hook: Verdict = QUEUE.\n"); | 187 | NFDEBUG("nf_hook: Verdict = QUEUE.\n"); |
188 | if (!nf_queue(*pskb, elem, pf, hook, indev, outdev, okfn, | 188 | if (!nf_queue(skb, elem, pf, hook, indev, outdev, okfn, |
189 | verdict >> NF_VERDICT_BITS)) | 189 | verdict >> NF_VERDICT_BITS)) |
190 | goto next_hook; | 190 | goto next_hook; |
191 | } | 191 | } |
diff --git a/net/netfilter/nf_conntrack_amanda.c b/net/netfilter/nf_conntrack_amanda.c index e42ab230ad8..7b8239c0cd5 100644 --- a/net/netfilter/nf_conntrack_amanda.c +++ b/net/netfilter/nf_conntrack_amanda.c | |||
@@ -36,7 +36,7 @@ MODULE_PARM_DESC(master_timeout, "timeout for the master connection"); | |||
36 | module_param(ts_algo, charp, 0400); | 36 | module_param(ts_algo, charp, 0400); |
37 | MODULE_PARM_DESC(ts_algo, "textsearch algorithm to use (default kmp)"); | 37 | MODULE_PARM_DESC(ts_algo, "textsearch algorithm to use (default kmp)"); |
38 | 38 | ||
39 | unsigned int (*nf_nat_amanda_hook)(struct sk_buff **pskb, | 39 | unsigned int (*nf_nat_amanda_hook)(struct sk_buff *skb, |
40 | enum ip_conntrack_info ctinfo, | 40 | enum ip_conntrack_info ctinfo, |
41 | unsigned int matchoff, | 41 | unsigned int matchoff, |
42 | unsigned int matchlen, | 42 | unsigned int matchlen, |
@@ -79,7 +79,7 @@ static struct { | |||
79 | }, | 79 | }, |
80 | }; | 80 | }; |
81 | 81 | ||
82 | static int amanda_help(struct sk_buff **pskb, | 82 | static int amanda_help(struct sk_buff *skb, |
83 | unsigned int protoff, | 83 | unsigned int protoff, |
84 | struct nf_conn *ct, | 84 | struct nf_conn *ct, |
85 | enum ip_conntrack_info ctinfo) | 85 | enum ip_conntrack_info ctinfo) |
@@ -101,25 +101,25 @@ static int amanda_help(struct sk_buff **pskb, | |||
101 | 101 | ||
102 | /* increase the UDP timeout of the master connection as replies from | 102 | /* increase the UDP timeout of the master connection as replies from |
103 | * Amanda clients to the server can be quite delayed */ | 103 | * Amanda clients to the server can be quite delayed */ |
104 | nf_ct_refresh(ct, *pskb, master_timeout * HZ); | 104 | nf_ct_refresh(ct, skb, master_timeout * HZ); |
105 | 105 | ||
106 | /* No data? */ | 106 | /* No data? */ |
107 | dataoff = protoff + sizeof(struct udphdr); | 107 | dataoff = protoff + sizeof(struct udphdr); |
108 | if (dataoff >= (*pskb)->len) { | 108 | if (dataoff >= skb->len) { |
109 | if (net_ratelimit()) | 109 | if (net_ratelimit()) |
110 | printk("amanda_help: skblen = %u\n", (*pskb)->len); | 110 | printk("amanda_help: skblen = %u\n", skb->len); |
111 | return NF_ACCEPT; | 111 | return NF_ACCEPT; |
112 | } | 112 | } |
113 | 113 | ||
114 | memset(&ts, 0, sizeof(ts)); | 114 | memset(&ts, 0, sizeof(ts)); |
115 | start = skb_find_text(*pskb, dataoff, (*pskb)->len, | 115 | start = skb_find_text(skb, dataoff, skb->len, |
116 | search[SEARCH_CONNECT].ts, &ts); | 116 | search[SEARCH_CONNECT].ts, &ts); |
117 | if (start == UINT_MAX) | 117 | if (start == UINT_MAX) |
118 | goto out; | 118 | goto out; |
119 | start += dataoff + search[SEARCH_CONNECT].len; | 119 | start += dataoff + search[SEARCH_CONNECT].len; |
120 | 120 | ||
121 | memset(&ts, 0, sizeof(ts)); | 121 | memset(&ts, 0, sizeof(ts)); |
122 | stop = skb_find_text(*pskb, start, (*pskb)->len, | 122 | stop = skb_find_text(skb, start, skb->len, |
123 | search[SEARCH_NEWLINE].ts, &ts); | 123 | search[SEARCH_NEWLINE].ts, &ts); |
124 | if (stop == UINT_MAX) | 124 | if (stop == UINT_MAX) |
125 | goto out; | 125 | goto out; |
@@ -127,13 +127,13 @@ static int amanda_help(struct sk_buff **pskb, | |||
127 | 127 | ||
128 | for (i = SEARCH_DATA; i <= SEARCH_INDEX; i++) { | 128 | for (i = SEARCH_DATA; i <= SEARCH_INDEX; i++) { |
129 | memset(&ts, 0, sizeof(ts)); | 129 | memset(&ts, 0, sizeof(ts)); |
130 | off = skb_find_text(*pskb, start, stop, search[i].ts, &ts); | 130 | off = skb_find_text(skb, start, stop, search[i].ts, &ts); |
131 | if (off == UINT_MAX) | 131 | if (off == UINT_MAX) |
132 | continue; | 132 | continue; |
133 | off += start + search[i].len; | 133 | off += start + search[i].len; |
134 | 134 | ||
135 | len = min_t(unsigned int, sizeof(pbuf) - 1, stop - off); | 135 | len = min_t(unsigned int, sizeof(pbuf) - 1, stop - off); |
136 | if (skb_copy_bits(*pskb, off, pbuf, len)) | 136 | if (skb_copy_bits(skb, off, pbuf, len)) |
137 | break; | 137 | break; |
138 | pbuf[len] = '\0'; | 138 | pbuf[len] = '\0'; |
139 | 139 | ||
@@ -153,7 +153,7 @@ static int amanda_help(struct sk_buff **pskb, | |||
153 | 153 | ||
154 | nf_nat_amanda = rcu_dereference(nf_nat_amanda_hook); | 154 | nf_nat_amanda = rcu_dereference(nf_nat_amanda_hook); |
155 | if (nf_nat_amanda && ct->status & IPS_NAT_MASK) | 155 | if (nf_nat_amanda && ct->status & IPS_NAT_MASK) |
156 | ret = nf_nat_amanda(pskb, ctinfo, off - dataoff, | 156 | ret = nf_nat_amanda(skb, ctinfo, off - dataoff, |
157 | len, exp); | 157 | len, exp); |
158 | else if (nf_ct_expect_related(exp) != 0) | 158 | else if (nf_ct_expect_related(exp) != 0) |
159 | ret = NF_DROP; | 159 | ret = NF_DROP; |
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 83c30b45d17..4d6171bc082 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
@@ -307,7 +307,7 @@ EXPORT_SYMBOL_GPL(nf_conntrack_hash_insert); | |||
307 | 307 | ||
308 | /* Confirm a connection given skb; places it in hash table */ | 308 | /* Confirm a connection given skb; places it in hash table */ |
309 | int | 309 | int |
310 | __nf_conntrack_confirm(struct sk_buff **pskb) | 310 | __nf_conntrack_confirm(struct sk_buff *skb) |
311 | { | 311 | { |
312 | unsigned int hash, repl_hash; | 312 | unsigned int hash, repl_hash; |
313 | struct nf_conntrack_tuple_hash *h; | 313 | struct nf_conntrack_tuple_hash *h; |
@@ -316,7 +316,7 @@ __nf_conntrack_confirm(struct sk_buff **pskb) | |||
316 | struct hlist_node *n; | 316 | struct hlist_node *n; |
317 | enum ip_conntrack_info ctinfo; | 317 | enum ip_conntrack_info ctinfo; |
318 | 318 | ||
319 | ct = nf_ct_get(*pskb, &ctinfo); | 319 | ct = nf_ct_get(skb, &ctinfo); |
320 | 320 | ||
321 | /* ipt_REJECT uses nf_conntrack_attach to attach related | 321 | /* ipt_REJECT uses nf_conntrack_attach to attach related |
322 | ICMP/TCP RST packets in other direction. Actual packet | 322 | ICMP/TCP RST packets in other direction. Actual packet |
@@ -367,14 +367,14 @@ __nf_conntrack_confirm(struct sk_buff **pskb) | |||
367 | write_unlock_bh(&nf_conntrack_lock); | 367 | write_unlock_bh(&nf_conntrack_lock); |
368 | help = nfct_help(ct); | 368 | help = nfct_help(ct); |
369 | if (help && help->helper) | 369 | if (help && help->helper) |
370 | nf_conntrack_event_cache(IPCT_HELPER, *pskb); | 370 | nf_conntrack_event_cache(IPCT_HELPER, skb); |
371 | #ifdef CONFIG_NF_NAT_NEEDED | 371 | #ifdef CONFIG_NF_NAT_NEEDED |
372 | if (test_bit(IPS_SRC_NAT_DONE_BIT, &ct->status) || | 372 | if (test_bit(IPS_SRC_NAT_DONE_BIT, &ct->status) || |
373 | test_bit(IPS_DST_NAT_DONE_BIT, &ct->status)) | 373 | test_bit(IPS_DST_NAT_DONE_BIT, &ct->status)) |
374 | nf_conntrack_event_cache(IPCT_NATINFO, *pskb); | 374 | nf_conntrack_event_cache(IPCT_NATINFO, skb); |
375 | #endif | 375 | #endif |
376 | nf_conntrack_event_cache(master_ct(ct) ? | 376 | nf_conntrack_event_cache(master_ct(ct) ? |
377 | IPCT_RELATED : IPCT_NEW, *pskb); | 377 | IPCT_RELATED : IPCT_NEW, skb); |
378 | return NF_ACCEPT; | 378 | return NF_ACCEPT; |
379 | 379 | ||
380 | out: | 380 | out: |
@@ -632,7 +632,7 @@ resolve_normal_ct(struct sk_buff *skb, | |||
632 | } | 632 | } |
633 | 633 | ||
634 | unsigned int | 634 | unsigned int |
635 | nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff **pskb) | 635 | nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff *skb) |
636 | { | 636 | { |
637 | struct nf_conn *ct; | 637 | struct nf_conn *ct; |
638 | enum ip_conntrack_info ctinfo; | 638 | enum ip_conntrack_info ctinfo; |
@@ -644,14 +644,14 @@ nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff **pskb) | |||
644 | int ret; | 644 | int ret; |
645 | 645 | ||
646 | /* Previously seen (loopback or untracked)? Ignore. */ | 646 | /* Previously seen (loopback or untracked)? Ignore. */ |
647 | if ((*pskb)->nfct) { | 647 | if (skb->nfct) { |
648 | NF_CT_STAT_INC_ATOMIC(ignore); | 648 | NF_CT_STAT_INC_ATOMIC(ignore); |
649 | return NF_ACCEPT; | 649 | return NF_ACCEPT; |
650 | } | 650 | } |
651 | 651 | ||
652 | /* rcu_read_lock()ed by nf_hook_slow */ | 652 | /* rcu_read_lock()ed by nf_hook_slow */ |
653 | l3proto = __nf_ct_l3proto_find((u_int16_t)pf); | 653 | l3proto = __nf_ct_l3proto_find((u_int16_t)pf); |
654 | ret = l3proto->get_l4proto(*pskb, skb_network_offset(*pskb), | 654 | ret = l3proto->get_l4proto(skb, skb_network_offset(skb), |
655 | &dataoff, &protonum); | 655 | &dataoff, &protonum); |
656 | if (ret <= 0) { | 656 | if (ret <= 0) { |
657 | pr_debug("not prepared to track yet or error occured\n"); | 657 | pr_debug("not prepared to track yet or error occured\n"); |
@@ -666,13 +666,13 @@ nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff **pskb) | |||
666 | * inverse of the return code tells to the netfilter | 666 | * inverse of the return code tells to the netfilter |
667 | * core what to do with the packet. */ | 667 | * core what to do with the packet. */ |
668 | if (l4proto->error != NULL && | 668 | if (l4proto->error != NULL && |
669 | (ret = l4proto->error(*pskb, dataoff, &ctinfo, pf, hooknum)) <= 0) { | 669 | (ret = l4proto->error(skb, dataoff, &ctinfo, pf, hooknum)) <= 0) { |
670 | NF_CT_STAT_INC_ATOMIC(error); | 670 | NF_CT_STAT_INC_ATOMIC(error); |
671 | NF_CT_STAT_INC_ATOMIC(invalid); | 671 | NF_CT_STAT_INC_ATOMIC(invalid); |
672 | return -ret; | 672 | return -ret; |
673 | } | 673 | } |
674 | 674 | ||
675 | ct = resolve_normal_ct(*pskb, dataoff, pf, protonum, l3proto, l4proto, | 675 | ct = resolve_normal_ct(skb, dataoff, pf, protonum, l3proto, l4proto, |
676 | &set_reply, &ctinfo); | 676 | &set_reply, &ctinfo); |
677 | if (!ct) { | 677 | if (!ct) { |
678 | /* Not valid part of a connection */ | 678 | /* Not valid part of a connection */ |
@@ -686,21 +686,21 @@ nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff **pskb) | |||
686 | return NF_DROP; | 686 | return NF_DROP; |
687 | } | 687 | } |
688 | 688 | ||
689 | NF_CT_ASSERT((*pskb)->nfct); | 689 | NF_CT_ASSERT(skb->nfct); |
690 | 690 | ||
691 | ret = l4proto->packet(ct, *pskb, dataoff, ctinfo, pf, hooknum); | 691 | ret = l4proto->packet(ct, skb, dataoff, ctinfo, pf, hooknum); |
692 | if (ret < 0) { | 692 | if (ret < 0) { |
693 | /* Invalid: inverse of the return code tells | 693 | /* Invalid: inverse of the return code tells |
694 | * the netfilter core what to do */ | 694 | * the netfilter core what to do */ |
695 | pr_debug("nf_conntrack_in: Can't track with proto module\n"); | 695 | pr_debug("nf_conntrack_in: Can't track with proto module\n"); |
696 | nf_conntrack_put((*pskb)->nfct); | 696 | nf_conntrack_put(skb->nfct); |
697 | (*pskb)->nfct = NULL; | 697 | skb->nfct = NULL; |
698 | NF_CT_STAT_INC_ATOMIC(invalid); | 698 | NF_CT_STAT_INC_ATOMIC(invalid); |
699 | return -ret; | 699 | return -ret; |
700 | } | 700 | } |
701 | 701 | ||
702 | if (set_reply && !test_and_set_bit(IPS_SEEN_REPLY_BIT, &ct->status)) | 702 | if (set_reply && !test_and_set_bit(IPS_SEEN_REPLY_BIT, &ct->status)) |
703 | nf_conntrack_event_cache(IPCT_STATUS, *pskb); | 703 | nf_conntrack_event_cache(IPCT_STATUS, skb); |
704 | 704 | ||
705 | return ret; | 705 | return ret; |
706 | } | 706 | } |
diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c index c763ee74ea0..6df259067f7 100644 --- a/net/netfilter/nf_conntrack_ftp.c +++ b/net/netfilter/nf_conntrack_ftp.c | |||
@@ -43,7 +43,7 @@ module_param_array(ports, ushort, &ports_c, 0400); | |||
43 | static int loose; | 43 | static int loose; |
44 | module_param(loose, bool, 0600); | 44 | module_param(loose, bool, 0600); |
45 | 45 | ||
46 | unsigned int (*nf_nat_ftp_hook)(struct sk_buff **pskb, | 46 | unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb, |
47 | enum ip_conntrack_info ctinfo, | 47 | enum ip_conntrack_info ctinfo, |
48 | enum nf_ct_ftp_type type, | 48 | enum nf_ct_ftp_type type, |
49 | unsigned int matchoff, | 49 | unsigned int matchoff, |
@@ -344,7 +344,7 @@ static void update_nl_seq(u32 nl_seq, struct nf_ct_ftp_master *info, int dir, | |||
344 | } | 344 | } |
345 | } | 345 | } |
346 | 346 | ||
347 | static int help(struct sk_buff **pskb, | 347 | static int help(struct sk_buff *skb, |
348 | unsigned int protoff, | 348 | unsigned int protoff, |
349 | struct nf_conn *ct, | 349 | struct nf_conn *ct, |
350 | enum ip_conntrack_info ctinfo) | 350 | enum ip_conntrack_info ctinfo) |
@@ -371,21 +371,21 @@ static int help(struct sk_buff **pskb, | |||
371 | return NF_ACCEPT; | 371 | return NF_ACCEPT; |
372 | } | 372 | } |
373 | 373 | ||
374 | th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); | 374 | th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); |
375 | if (th == NULL) | 375 | if (th == NULL) |
376 | return NF_ACCEPT; | 376 | return NF_ACCEPT; |
377 | 377 | ||
378 | dataoff = protoff + th->doff * 4; | 378 | dataoff = protoff + th->doff * 4; |
379 | /* No data? */ | 379 | /* No data? */ |
380 | if (dataoff >= (*pskb)->len) { | 380 | if (dataoff >= skb->len) { |
381 | pr_debug("ftp: dataoff(%u) >= skblen(%u)\n", dataoff, | 381 | pr_debug("ftp: dataoff(%u) >= skblen(%u)\n", dataoff, |
382 | (*pskb)->len); | 382 | skb->len); |
383 | return NF_ACCEPT; | 383 | return NF_ACCEPT; |
384 | } | 384 | } |
385 | datalen = (*pskb)->len - dataoff; | 385 | datalen = skb->len - dataoff; |
386 | 386 | ||
387 | spin_lock_bh(&nf_ftp_lock); | 387 | spin_lock_bh(&nf_ftp_lock); |
388 | fb_ptr = skb_header_pointer(*pskb, dataoff, datalen, ftp_buffer); | 388 | fb_ptr = skb_header_pointer(skb, dataoff, datalen, ftp_buffer); |
389 | BUG_ON(fb_ptr == NULL); | 389 | BUG_ON(fb_ptr == NULL); |
390 | 390 | ||
391 | ends_in_nl = (fb_ptr[datalen - 1] == '\n'); | 391 | ends_in_nl = (fb_ptr[datalen - 1] == '\n'); |
@@ -491,7 +491,7 @@ static int help(struct sk_buff **pskb, | |||
491 | * (possibly changed) expectation itself. */ | 491 | * (possibly changed) expectation itself. */ |
492 | nf_nat_ftp = rcu_dereference(nf_nat_ftp_hook); | 492 | nf_nat_ftp = rcu_dereference(nf_nat_ftp_hook); |
493 | if (nf_nat_ftp && ct->status & IPS_NAT_MASK) | 493 | if (nf_nat_ftp && ct->status & IPS_NAT_MASK) |
494 | ret = nf_nat_ftp(pskb, ctinfo, search[dir][i].ftptype, | 494 | ret = nf_nat_ftp(skb, ctinfo, search[dir][i].ftptype, |
495 | matchoff, matchlen, exp); | 495 | matchoff, matchlen, exp); |
496 | else { | 496 | else { |
497 | /* Can't expect this? Best to drop packet now. */ | 497 | /* Can't expect this? Best to drop packet now. */ |
@@ -508,7 +508,7 @@ out_update_nl: | |||
508 | /* Now if this ends in \n, update ftp info. Seq may have been | 508 | /* Now if this ends in \n, update ftp info. Seq may have been |
509 | * adjusted by NAT code. */ | 509 | * adjusted by NAT code. */ |
510 | if (ends_in_nl) | 510 | if (ends_in_nl) |
511 | update_nl_seq(seq, ct_ftp_info, dir, *pskb); | 511 | update_nl_seq(seq, ct_ftp_info, dir, skb); |
512 | out: | 512 | out: |
513 | spin_unlock_bh(&nf_ftp_lock); | 513 | spin_unlock_bh(&nf_ftp_lock); |
514 | return ret; | 514 | return ret; |
diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c index a8a9dfbe7a6..f23fd9598e1 100644 --- a/net/netfilter/nf_conntrack_h323_main.c +++ b/net/netfilter/nf_conntrack_h323_main.c | |||
@@ -47,27 +47,27 @@ MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations " | |||
47 | "(determined by routing information)"); | 47 | "(determined by routing information)"); |
48 | 48 | ||
49 | /* Hooks for NAT */ | 49 | /* Hooks for NAT */ |
50 | int (*set_h245_addr_hook) (struct sk_buff **pskb, | 50 | int (*set_h245_addr_hook) (struct sk_buff *skb, |
51 | unsigned char **data, int dataoff, | 51 | unsigned char **data, int dataoff, |
52 | H245_TransportAddress *taddr, | 52 | H245_TransportAddress *taddr, |
53 | union nf_conntrack_address *addr, __be16 port) | 53 | union nf_conntrack_address *addr, __be16 port) |
54 | __read_mostly; | 54 | __read_mostly; |
55 | int (*set_h225_addr_hook) (struct sk_buff **pskb, | 55 | int (*set_h225_addr_hook) (struct sk_buff *skb, |
56 | unsigned char **data, int dataoff, | 56 | unsigned char **data, int dataoff, |
57 | TransportAddress *taddr, | 57 | TransportAddress *taddr, |
58 | union nf_conntrack_address *addr, __be16 port) | 58 | union nf_conntrack_address *addr, __be16 port) |
59 | __read_mostly; | 59 | __read_mostly; |
60 | int (*set_sig_addr_hook) (struct sk_buff **pskb, | 60 | int (*set_sig_addr_hook) (struct sk_buff *skb, |
61 | struct nf_conn *ct, | 61 | struct nf_conn *ct, |
62 | enum ip_conntrack_info ctinfo, | 62 | enum ip_conntrack_info ctinfo, |
63 | unsigned char **data, | 63 | unsigned char **data, |
64 | TransportAddress *taddr, int count) __read_mostly; | 64 | TransportAddress *taddr, int count) __read_mostly; |
65 | int (*set_ras_addr_hook) (struct sk_buff **pskb, | 65 | int (*set_ras_addr_hook) (struct sk_buff *skb, |
66 | struct nf_conn *ct, | 66 | struct nf_conn *ct, |
67 | enum ip_conntrack_info ctinfo, | 67 | enum ip_conntrack_info ctinfo, |
68 | unsigned char **data, | 68 | unsigned char **data, |
69 | TransportAddress *taddr, int count) __read_mostly; | 69 | TransportAddress *taddr, int count) __read_mostly; |
70 | int (*nat_rtp_rtcp_hook) (struct sk_buff **pskb, | 70 | int (*nat_rtp_rtcp_hook) (struct sk_buff *skb, |
71 | struct nf_conn *ct, | 71 | struct nf_conn *ct, |
72 | enum ip_conntrack_info ctinfo, | 72 | enum ip_conntrack_info ctinfo, |
73 | unsigned char **data, int dataoff, | 73 | unsigned char **data, int dataoff, |
@@ -75,25 +75,25 @@ int (*nat_rtp_rtcp_hook) (struct sk_buff **pskb, | |||
75 | __be16 port, __be16 rtp_port, | 75 | __be16 port, __be16 rtp_port, |
76 | struct nf_conntrack_expect *rtp_exp, | 76 | struct nf_conntrack_expect *rtp_exp, |
77 | struct nf_conntrack_expect *rtcp_exp) __read_mostly; | 77 | struct nf_conntrack_expect *rtcp_exp) __read_mostly; |
78 | int (*nat_t120_hook) (struct sk_buff **pskb, | 78 | int (*nat_t120_hook) (struct sk_buff *skb, |
79 | struct nf_conn *ct, | 79 | struct nf_conn *ct, |
80 | enum ip_conntrack_info ctinfo, | 80 | enum ip_conntrack_info ctinfo, |
81 | unsigned char **data, int dataoff, | 81 | unsigned char **data, int dataoff, |
82 | H245_TransportAddress *taddr, __be16 port, | 82 | H245_TransportAddress *taddr, __be16 port, |
83 | struct nf_conntrack_expect *exp) __read_mostly; | 83 | struct nf_conntrack_expect *exp) __read_mostly; |
84 | int (*nat_h245_hook) (struct sk_buff **pskb, | 84 | int (*nat_h245_hook) (struct sk_buff *skb, |
85 | struct nf_conn *ct, | 85 | struct nf_conn *ct, |
86 | enum ip_conntrack_info ctinfo, | 86 | enum ip_conntrack_info ctinfo, |
87 | unsigned char **data, int dataoff, | 87 | unsigned char **data, int dataoff, |
88 | TransportAddress *taddr, __be16 port, | 88 | TransportAddress *taddr, __be16 port, |
89 | struct nf_conntrack_expect *exp) __read_mostly; | 89 | struct nf_conntrack_expect *exp) __read_mostly; |
90 | int (*nat_callforwarding_hook) (struct sk_buff **pskb, | 90 | int (*nat_callforwarding_hook) (struct sk_buff *skb, |
91 | struct nf_conn *ct, | 91 | struct nf_conn *ct, |
92 | enum ip_conntrack_info ctinfo, | 92 | enum ip_conntrack_info ctinfo, |
93 | unsigned char **data, int dataoff, | 93 | unsigned char **data, int dataoff, |
94 | TransportAddress *taddr, __be16 port, | 94 | TransportAddress *taddr, __be16 port, |
95 | struct nf_conntrack_expect *exp) __read_mostly; | 95 | struct nf_conntrack_expect *exp) __read_mostly; |
96 | int (*nat_q931_hook) (struct sk_buff **pskb, | 96 | int (*nat_q931_hook) (struct sk_buff *skb, |
97 | struct nf_conn *ct, | 97 | struct nf_conn *ct, |
98 | enum ip_conntrack_info ctinfo, | 98 | enum ip_conntrack_info ctinfo, |
99 | unsigned char **data, TransportAddress *taddr, int idx, | 99 | unsigned char **data, TransportAddress *taddr, int idx, |
@@ -108,7 +108,7 @@ static struct nf_conntrack_helper nf_conntrack_helper_q931[]; | |||
108 | static struct nf_conntrack_helper nf_conntrack_helper_ras[]; | 108 | static struct nf_conntrack_helper nf_conntrack_helper_ras[]; |
109 | 109 | ||
110 | /****************************************************************************/ | 110 | /****************************************************************************/ |
111 | static int get_tpkt_data(struct sk_buff **pskb, unsigned int protoff, | 111 | static int get_tpkt_data(struct sk_buff *skb, unsigned int protoff, |
112 | struct nf_conn *ct, enum ip_conntrack_info ctinfo, | 112 | struct nf_conn *ct, enum ip_conntrack_info ctinfo, |
113 | unsigned char **data, int *datalen, int *dataoff) | 113 | unsigned char **data, int *datalen, int *dataoff) |
114 | { | 114 | { |
@@ -122,7 +122,7 @@ static int get_tpkt_data(struct sk_buff **pskb, unsigned int protoff, | |||
122 | int tpktoff; | 122 | int tpktoff; |
123 | 123 | ||
124 | /* Get TCP header */ | 124 | /* Get TCP header */ |
125 | th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); | 125 | th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); |
126 | if (th == NULL) | 126 | if (th == NULL) |
127 | return 0; | 127 | return 0; |
128 | 128 | ||
@@ -130,13 +130,13 @@ static int get_tpkt_data(struct sk_buff **pskb, unsigned int protoff, | |||
130 | tcpdataoff = protoff + th->doff * 4; | 130 | tcpdataoff = protoff + th->doff * 4; |
131 | 131 | ||
132 | /* Get TCP data length */ | 132 | /* Get TCP data length */ |
133 | tcpdatalen = (*pskb)->len - tcpdataoff; | 133 | tcpdatalen = skb->len - tcpdataoff; |
134 | if (tcpdatalen <= 0) /* No TCP data */ | 134 | if (tcpdatalen <= 0) /* No TCP data */ |
135 | goto clear_out; | 135 | goto clear_out; |
136 | 136 | ||
137 | if (*data == NULL) { /* first TPKT */ | 137 | if (*data == NULL) { /* first TPKT */ |
138 | /* Get first TPKT pointer */ | 138 | /* Get first TPKT pointer */ |
139 | tpkt = skb_header_pointer(*pskb, tcpdataoff, tcpdatalen, | 139 | tpkt = skb_header_pointer(skb, tcpdataoff, tcpdatalen, |
140 | h323_buffer); | 140 | h323_buffer); |
141 | BUG_ON(tpkt == NULL); | 141 | BUG_ON(tpkt == NULL); |
142 | 142 | ||
@@ -248,7 +248,7 @@ static int get_h245_addr(struct nf_conn *ct, unsigned char *data, | |||
248 | } | 248 | } |
249 | 249 | ||
250 | /****************************************************************************/ | 250 | /****************************************************************************/ |
251 | static int expect_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, | 251 | static int expect_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct, |
252 | enum ip_conntrack_info ctinfo, | 252 | enum ip_conntrack_info ctinfo, |
253 | unsigned char **data, int dataoff, | 253 | unsigned char **data, int dataoff, |
254 | H245_TransportAddress *taddr) | 254 | H245_TransportAddress *taddr) |
@@ -297,7 +297,7 @@ static int expect_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, | |||
297 | (nat_rtp_rtcp = rcu_dereference(nat_rtp_rtcp_hook)) && | 297 | (nat_rtp_rtcp = rcu_dereference(nat_rtp_rtcp_hook)) && |
298 | ct->status & IPS_NAT_MASK) { | 298 | ct->status & IPS_NAT_MASK) { |
299 | /* NAT needed */ | 299 | /* NAT needed */ |
300 | ret = nat_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, | 300 | ret = nat_rtp_rtcp(skb, ct, ctinfo, data, dataoff, |
301 | taddr, port, rtp_port, rtp_exp, rtcp_exp); | 301 | taddr, port, rtp_port, rtp_exp, rtcp_exp); |
302 | } else { /* Conntrack only */ | 302 | } else { /* Conntrack only */ |
303 | if (nf_ct_expect_related(rtp_exp) == 0) { | 303 | if (nf_ct_expect_related(rtp_exp) == 0) { |
@@ -321,7 +321,7 @@ static int expect_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, | |||
321 | } | 321 | } |
322 | 322 | ||
323 | /****************************************************************************/ | 323 | /****************************************************************************/ |
324 | static int expect_t120(struct sk_buff **pskb, | 324 | static int expect_t120(struct sk_buff *skb, |
325 | struct nf_conn *ct, | 325 | struct nf_conn *ct, |
326 | enum ip_conntrack_info ctinfo, | 326 | enum ip_conntrack_info ctinfo, |
327 | unsigned char **data, int dataoff, | 327 | unsigned char **data, int dataoff, |
@@ -355,7 +355,7 @@ static int expect_t120(struct sk_buff **pskb, | |||
355 | (nat_t120 = rcu_dereference(nat_t120_hook)) && | 355 | (nat_t120 = rcu_dereference(nat_t120_hook)) && |
356 | ct->status & IPS_NAT_MASK) { | 356 | ct->status & IPS_NAT_MASK) { |
357 | /* NAT needed */ | 357 | /* NAT needed */ |
358 | ret = nat_t120(pskb, ct, ctinfo, data, dataoff, taddr, | 358 | ret = nat_t120(skb, ct, ctinfo, data, dataoff, taddr, |
359 | port, exp); | 359 | port, exp); |
360 | } else { /* Conntrack only */ | 360 | } else { /* Conntrack only */ |
361 | if (nf_ct_expect_related(exp) == 0) { | 361 | if (nf_ct_expect_related(exp) == 0) { |
@@ -371,7 +371,7 @@ static int expect_t120(struct sk_buff **pskb, | |||
371 | } | 371 | } |
372 | 372 | ||
373 | /****************************************************************************/ | 373 | /****************************************************************************/ |
374 | static int process_h245_channel(struct sk_buff **pskb, | 374 | static int process_h245_channel(struct sk_buff *skb, |
375 | struct nf_conn *ct, | 375 | struct nf_conn *ct, |
376 | enum ip_conntrack_info ctinfo, | 376 | enum ip_conntrack_info ctinfo, |
377 | unsigned char **data, int dataoff, | 377 | unsigned char **data, int dataoff, |
@@ -381,7 +381,7 @@ static int process_h245_channel(struct sk_buff **pskb, | |||
381 | 381 | ||
382 | if (channel->options & eH2250LogicalChannelParameters_mediaChannel) { | 382 | if (channel->options & eH2250LogicalChannelParameters_mediaChannel) { |
383 | /* RTP */ | 383 | /* RTP */ |
384 | ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, | 384 | ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff, |
385 | &channel->mediaChannel); | 385 | &channel->mediaChannel); |
386 | if (ret < 0) | 386 | if (ret < 0) |
387 | return -1; | 387 | return -1; |
@@ -390,7 +390,7 @@ static int process_h245_channel(struct sk_buff **pskb, | |||
390 | if (channel-> | 390 | if (channel-> |
391 | options & eH2250LogicalChannelParameters_mediaControlChannel) { | 391 | options & eH2250LogicalChannelParameters_mediaControlChannel) { |
392 | /* RTCP */ | 392 | /* RTCP */ |
393 | ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, | 393 | ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff, |
394 | &channel->mediaControlChannel); | 394 | &channel->mediaControlChannel); |
395 | if (ret < 0) | 395 | if (ret < 0) |
396 | return -1; | 396 | return -1; |
@@ -400,7 +400,7 @@ static int process_h245_channel(struct sk_buff **pskb, | |||
400 | } | 400 | } |
401 | 401 | ||
402 | /****************************************************************************/ | 402 | /****************************************************************************/ |
403 | static int process_olc(struct sk_buff **pskb, struct nf_conn *ct, | 403 | static int process_olc(struct sk_buff *skb, struct nf_conn *ct, |
404 | enum ip_conntrack_info ctinfo, | 404 | enum ip_conntrack_info ctinfo, |
405 | unsigned char **data, int dataoff, | 405 | unsigned char **data, int dataoff, |
406 | OpenLogicalChannel *olc) | 406 | OpenLogicalChannel *olc) |
@@ -412,7 +412,7 @@ static int process_olc(struct sk_buff **pskb, struct nf_conn *ct, | |||
412 | if (olc->forwardLogicalChannelParameters.multiplexParameters.choice == | 412 | if (olc->forwardLogicalChannelParameters.multiplexParameters.choice == |
413 | eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters) | 413 | eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters) |
414 | { | 414 | { |
415 | ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff, | 415 | ret = process_h245_channel(skb, ct, ctinfo, data, dataoff, |
416 | &olc-> | 416 | &olc-> |
417 | forwardLogicalChannelParameters. | 417 | forwardLogicalChannelParameters. |
418 | multiplexParameters. | 418 | multiplexParameters. |
@@ -430,7 +430,7 @@ static int process_olc(struct sk_buff **pskb, struct nf_conn *ct, | |||
430 | eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) | 430 | eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) |
431 | { | 431 | { |
432 | ret = | 432 | ret = |
433 | process_h245_channel(pskb, ct, ctinfo, data, dataoff, | 433 | process_h245_channel(skb, ct, ctinfo, data, dataoff, |
434 | &olc-> | 434 | &olc-> |
435 | reverseLogicalChannelParameters. | 435 | reverseLogicalChannelParameters. |
436 | multiplexParameters. | 436 | multiplexParameters. |
@@ -448,7 +448,7 @@ static int process_olc(struct sk_buff **pskb, struct nf_conn *ct, | |||
448 | t120.choice == eDataProtocolCapability_separateLANStack && | 448 | t120.choice == eDataProtocolCapability_separateLANStack && |
449 | olc->separateStack.networkAddress.choice == | 449 | olc->separateStack.networkAddress.choice == |
450 | eNetworkAccessParameters_networkAddress_localAreaAddress) { | 450 | eNetworkAccessParameters_networkAddress_localAreaAddress) { |
451 | ret = expect_t120(pskb, ct, ctinfo, data, dataoff, | 451 | ret = expect_t120(skb, ct, ctinfo, data, dataoff, |
452 | &olc->separateStack.networkAddress. | 452 | &olc->separateStack.networkAddress. |
453 | localAreaAddress); | 453 | localAreaAddress); |
454 | if (ret < 0) | 454 | if (ret < 0) |
@@ -459,7 +459,7 @@ static int process_olc(struct sk_buff **pskb, struct nf_conn *ct, | |||
459 | } | 459 | } |
460 | 460 | ||
461 | /****************************************************************************/ | 461 | /****************************************************************************/ |
462 | static int process_olca(struct sk_buff **pskb, struct nf_conn *ct, | 462 | static int process_olca(struct sk_buff *skb, struct nf_conn *ct, |
463 | enum ip_conntrack_info ctinfo, | 463 | enum ip_conntrack_info ctinfo, |
464 | unsigned char **data, int dataoff, | 464 | unsigned char **data, int dataoff, |
465 | OpenLogicalChannelAck *olca) | 465 | OpenLogicalChannelAck *olca) |
@@ -477,7 +477,7 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct, | |||
477 | choice == | 477 | choice == |
478 | eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) | 478 | eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) |
479 | { | 479 | { |
480 | ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff, | 480 | ret = process_h245_channel(skb, ct, ctinfo, data, dataoff, |
481 | &olca-> | 481 | &olca-> |
482 | reverseLogicalChannelParameters. | 482 | reverseLogicalChannelParameters. |
483 | multiplexParameters. | 483 | multiplexParameters. |
@@ -496,7 +496,7 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct, | |||
496 | if (ack->options & | 496 | if (ack->options & |
497 | eH2250LogicalChannelAckParameters_mediaChannel) { | 497 | eH2250LogicalChannelAckParameters_mediaChannel) { |
498 | /* RTP */ | 498 | /* RTP */ |
499 | ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, | 499 | ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff, |
500 | &ack->mediaChannel); | 500 | &ack->mediaChannel); |
501 | if (ret < 0) | 501 | if (ret < 0) |
502 | return -1; | 502 | return -1; |
@@ -505,7 +505,7 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct, | |||
505 | if (ack->options & | 505 | if (ack->options & |
506 | eH2250LogicalChannelAckParameters_mediaControlChannel) { | 506 | eH2250LogicalChannelAckParameters_mediaControlChannel) { |
507 | /* RTCP */ | 507 | /* RTCP */ |
508 | ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, | 508 | ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff, |
509 | &ack->mediaControlChannel); | 509 | &ack->mediaControlChannel); |
510 | if (ret < 0) | 510 | if (ret < 0) |
511 | return -1; | 511 | return -1; |
@@ -515,7 +515,7 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct, | |||
515 | if ((olca->options & eOpenLogicalChannelAck_separateStack) && | 515 | if ((olca->options & eOpenLogicalChannelAck_separateStack) && |
516 | olca->separateStack.networkAddress.choice == | 516 | olca->separateStack.networkAddress.choice == |
517 | eNetworkAccessParameters_networkAddress_localAreaAddress) { | 517 | eNetworkAccessParameters_networkAddress_localAreaAddress) { |
518 | ret = expect_t120(pskb, ct, ctinfo, data, dataoff, | 518 | ret = expect_t120(skb, ct, ctinfo, data, dataoff, |
519 | &olca->separateStack.networkAddress. | 519 | &olca->separateStack.networkAddress. |
520 | localAreaAddress); | 520 | localAreaAddress); |
521 | if (ret < 0) | 521 | if (ret < 0) |
@@ -526,7 +526,7 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct, | |||
526 | } | 526 | } |
527 | 527 | ||
528 | /****************************************************************************/ | 528 | /****************************************************************************/ |
529 | static int process_h245(struct sk_buff **pskb, struct nf_conn *ct, | 529 | static int process_h245(struct sk_buff *skb, struct nf_conn *ct, |
530 | enum ip_conntrack_info ctinfo, | 530 | enum ip_conntrack_info ctinfo, |
531 | unsigned char **data, int dataoff, | 531 | unsigned char **data, int dataoff, |
532 | MultimediaSystemControlMessage *mscm) | 532 | MultimediaSystemControlMessage *mscm) |
@@ -535,7 +535,7 @@ static int process_h245(struct sk_buff **pskb, struct nf_conn *ct, | |||
535 | case eMultimediaSystemControlMessage_request: | 535 | case eMultimediaSystemControlMessage_request: |
536 | if (mscm->request.choice == | 536 | if (mscm->request.choice == |
537 | eRequestMessage_openLogicalChannel) { | 537 | eRequestMessage_openLogicalChannel) { |
538 | return process_olc(pskb, ct, ctinfo, data, dataoff, | 538 | return process_olc(skb, ct, ctinfo, data, dataoff, |
539 | &mscm->request.openLogicalChannel); | 539 | &mscm->request.openLogicalChannel); |
540 | } | 540 | } |
541 | pr_debug("nf_ct_h323: H.245 Request %d\n", | 541 | pr_debug("nf_ct_h323: H.245 Request %d\n", |
@@ -544,7 +544,7 @@ static int process_h245(struct sk_buff **pskb, struct nf_conn *ct, | |||
544 | case eMultimediaSystemControlMessage_response: | 544 | case eMultimediaSystemControlMessage_response: |
545 | if (mscm->response.choice == | 545 | if (mscm->response.choice == |
546 | eResponseMessage_openLogicalChannelAck) { | 546 | eResponseMessage_openLogicalChannelAck) { |
547 | return process_olca(pskb, ct, ctinfo, data, dataoff, | 547 | return process_olca(skb, ct, ctinfo, data, dataoff, |
548 | &mscm->response. | 548 | &mscm->response. |
549 | openLogicalChannelAck); | 549 | openLogicalChannelAck); |
550 | } | 550 | } |
@@ -560,7 +560,7 @@ static int process_h245(struct sk_buff **pskb, struct nf_conn *ct, | |||
560 | } | 560 | } |
561 | 561 | ||
562 | /****************************************************************************/ | 562 | /****************************************************************************/ |
563 | static int h245_help(struct sk_buff **pskb, unsigned int protoff, | 563 | static int h245_help(struct sk_buff *skb, unsigned int protoff, |
564 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) | 564 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) |
565 | { | 565 | { |
566 | static MultimediaSystemControlMessage mscm; | 566 | static MultimediaSystemControlMessage mscm; |
@@ -574,12 +574,12 @@ static int h245_help(struct sk_buff **pskb, unsigned int protoff, | |||
574 | ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) { | 574 | ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) { |
575 | return NF_ACCEPT; | 575 | return NF_ACCEPT; |
576 | } | 576 | } |
577 | pr_debug("nf_ct_h245: skblen = %u\n", (*pskb)->len); | 577 | pr_debug("nf_ct_h245: skblen = %u\n", skb->len); |
578 | 578 | ||
579 | spin_lock_bh(&nf_h323_lock); | 579 | spin_lock_bh(&nf_h323_lock); |
580 | 580 | ||
581 | /* Process each TPKT */ | 581 | /* Process each TPKT */ |
582 | while (get_tpkt_data(pskb, protoff, ct, ctinfo, | 582 | while (get_tpkt_data(skb, protoff, ct, ctinfo, |
583 | &data, &datalen, &dataoff)) { | 583 | &data, &datalen, &dataoff)) { |
584 | pr_debug("nf_ct_h245: TPKT len=%d ", datalen); | 584 | pr_debug("nf_ct_h245: TPKT len=%d ", datalen); |
585 | NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); | 585 | NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); |
@@ -596,7 +596,7 @@ static int h245_help(struct sk_buff **pskb, unsigned int protoff, | |||
596 | } | 596 | } |
597 | 597 | ||
598 | /* Process H.245 signal */ | 598 | /* Process H.245 signal */ |
599 | if (process_h245(pskb, ct, ctinfo, &data, dataoff, &mscm) < 0) | 599 | if (process_h245(skb, ct, ctinfo, &data, dataoff, &mscm) < 0) |
600 | goto drop; | 600 | goto drop; |
601 | } | 601 | } |
602 | 602 | ||
@@ -654,7 +654,7 @@ int get_h225_addr(struct nf_conn *ct, unsigned char *data, | |||
654 | } | 654 | } |
655 | 655 | ||
656 | /****************************************************************************/ | 656 | /****************************************************************************/ |
657 | static int expect_h245(struct sk_buff **pskb, struct nf_conn *ct, | 657 | static int expect_h245(struct sk_buff *skb, struct nf_conn *ct, |
658 | enum ip_conntrack_info ctinfo, | 658 | enum ip_conntrack_info ctinfo, |
659 | unsigned char **data, int dataoff, | 659 | unsigned char **data, int dataoff, |
660 | TransportAddress *taddr) | 660 | TransportAddress *taddr) |
@@ -687,7 +687,7 @@ static int expect_h245(struct sk_buff **pskb, struct nf_conn *ct, | |||
687 | (nat_h245 = rcu_dereference(nat_h245_hook)) && | 687 | (nat_h245 = rcu_dereference(nat_h245_hook)) && |
688 | ct->status & IPS_NAT_MASK) { | 688 | ct->status & IPS_NAT_MASK) { |
689 | /* NAT needed */ | 689 | /* NAT needed */ |
690 | ret = nat_h245(pskb, ct, ctinfo, data, dataoff, taddr, | 690 | ret = nat_h245(skb, ct, ctinfo, data, dataoff, taddr, |
691 | port, exp); | 691 | port, exp); |
692 | } else { /* Conntrack only */ | 692 | } else { /* Conntrack only */ |
693 | if (nf_ct_expect_related(exp) == 0) { | 693 | if (nf_ct_expect_related(exp) == 0) { |
@@ -758,7 +758,7 @@ static int callforward_do_filter(union nf_conntrack_address *src, | |||
758 | } | 758 | } |
759 | 759 | ||
760 | /****************************************************************************/ | 760 | /****************************************************************************/ |
761 | static int expect_callforwarding(struct sk_buff **pskb, | 761 | static int expect_callforwarding(struct sk_buff *skb, |
762 | struct nf_conn *ct, | 762 | struct nf_conn *ct, |
763 | enum ip_conntrack_info ctinfo, | 763 | enum ip_conntrack_info ctinfo, |
764 | unsigned char **data, int dataoff, | 764 | unsigned char **data, int dataoff, |
@@ -798,7 +798,7 @@ static int expect_callforwarding(struct sk_buff **pskb, | |||
798 | (nat_callforwarding = rcu_dereference(nat_callforwarding_hook)) && | 798 | (nat_callforwarding = rcu_dereference(nat_callforwarding_hook)) && |
799 | ct->status & IPS_NAT_MASK) { | 799 | ct->status & IPS_NAT_MASK) { |
800 | /* Need NAT */ | 800 | /* Need NAT */ |
801 | ret = nat_callforwarding(pskb, ct, ctinfo, data, dataoff, | 801 | ret = nat_callforwarding(skb, ct, ctinfo, data, dataoff, |
802 | taddr, port, exp); | 802 | taddr, port, exp); |
803 | } else { /* Conntrack only */ | 803 | } else { /* Conntrack only */ |
804 | if (nf_ct_expect_related(exp) == 0) { | 804 | if (nf_ct_expect_related(exp) == 0) { |
@@ -814,7 +814,7 @@ static int expect_callforwarding(struct sk_buff **pskb, | |||
814 | } | 814 | } |
815 | 815 | ||
816 | /****************************************************************************/ | 816 | /****************************************************************************/ |
817 | static int process_setup(struct sk_buff **pskb, struct nf_conn *ct, | 817 | static int process_setup(struct sk_buff *skb, struct nf_conn *ct, |
818 | enum ip_conntrack_info ctinfo, | 818 | enum ip_conntrack_info ctinfo, |
819 | unsigned char **data, int dataoff, | 819 | unsigned char **data, int dataoff, |
820 | Setup_UUIE *setup) | 820 | Setup_UUIE *setup) |
@@ -829,7 +829,7 @@ static int process_setup(struct sk_buff **pskb, struct nf_conn *ct, | |||
829 | pr_debug("nf_ct_q931: Setup\n"); | 829 | pr_debug("nf_ct_q931: Setup\n"); |
830 | 830 | ||
831 | if (setup->options & eSetup_UUIE_h245Address) { | 831 | if (setup->options & eSetup_UUIE_h245Address) { |
832 | ret = expect_h245(pskb, ct, ctinfo, data, dataoff, | 832 | ret = expect_h245(skb, ct, ctinfo, data, dataoff, |
833 | &setup->h245Address); | 833 | &setup->h245Address); |
834 | if (ret < 0) | 834 | if (ret < 0) |
835 | return -1; | 835 | return -1; |
@@ -846,7 +846,7 @@ static int process_setup(struct sk_buff **pskb, struct nf_conn *ct, | |||
846 | NIP6(*(struct in6_addr *)&addr), ntohs(port), | 846 | NIP6(*(struct in6_addr *)&addr), ntohs(port), |
847 | NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.src.u3), | 847 | NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.src.u3), |
848 | ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port)); | 848 | ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port)); |
849 | ret = set_h225_addr(pskb, data, dataoff, | 849 | ret = set_h225_addr(skb, data, dataoff, |
850 | &setup->destCallSignalAddress, | 850 | &setup->destCallSignalAddress, |
851 | &ct->tuplehash[!dir].tuple.src.u3, | 851 | &ct->tuplehash[!dir].tuple.src.u3, |
852 | ct->tuplehash[!dir].tuple.src.u.tcp.port); | 852 | ct->tuplehash[!dir].tuple.src.u.tcp.port); |
@@ -864,7 +864,7 @@ static int process_setup(struct sk_buff **pskb, struct nf_conn *ct, | |||
864 | NIP6(*(struct in6_addr *)&addr), ntohs(port), | 864 | NIP6(*(struct in6_addr *)&addr), ntohs(port), |
865 | NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.dst.u3), | 865 | NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.dst.u3), |
866 | ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port)); | 866 | ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port)); |
867 | ret = set_h225_addr(pskb, data, dataoff, | 867 | ret = set_h225_addr(skb, data, dataoff, |
868 | &setup->sourceCallSignalAddress, | 868 | &setup->sourceCallSignalAddress, |
869 | &ct->tuplehash[!dir].tuple.dst.u3, | 869 | &ct->tuplehash[!dir].tuple.dst.u3, |
870 | ct->tuplehash[!dir].tuple.dst.u.tcp.port); | 870 | ct->tuplehash[!dir].tuple.dst.u.tcp.port); |
@@ -874,7 +874,7 @@ static int process_setup(struct sk_buff **pskb, struct nf_conn *ct, | |||
874 | 874 | ||
875 | if (setup->options & eSetup_UUIE_fastStart) { | 875 | if (setup->options & eSetup_UUIE_fastStart) { |
876 | for (i = 0; i < setup->fastStart.count; i++) { | 876 | for (i = 0; i < setup->fastStart.count; i++) { |
877 | ret = process_olc(pskb, ct, ctinfo, data, dataoff, | 877 | ret = process_olc(skb, ct, ctinfo, data, dataoff, |
878 | &setup->fastStart.item[i]); | 878 | &setup->fastStart.item[i]); |
879 | if (ret < 0) | 879 | if (ret < 0) |
880 | return -1; | 880 | return -1; |
@@ -885,7 +885,7 @@ static int process_setup(struct sk_buff **pskb, struct nf_conn *ct, | |||
885 | } | 885 | } |
886 | 886 | ||
887 | /****************************************************************************/ | 887 | /****************************************************************************/ |
888 | static int process_callproceeding(struct sk_buff **pskb, | 888 | static int process_callproceeding(struct sk_buff *skb, |
889 | struct nf_conn *ct, | 889 | struct nf_conn *ct, |
890 | enum ip_conntrack_info ctinfo, | 890 | enum ip_conntrack_info ctinfo, |
891 | unsigned char **data, int dataoff, | 891 | unsigned char **data, int dataoff, |
@@ -897,7 +897,7 @@ static int process_callproceeding(struct sk_buff **pskb, | |||
897 | pr_debug("nf_ct_q931: CallProceeding\n"); | 897 | pr_debug("nf_ct_q931: CallProceeding\n"); |
898 | 898 | ||
899 | if (callproc->options & eCallProceeding_UUIE_h245Address) { | 899 | if (callproc->options & eCallProceeding_UUIE_h245Address) { |
900 | ret = expect_h245(pskb, ct, ctinfo, data, dataoff, | 900 | ret = expect_h245(skb, ct, ctinfo, data, dataoff, |
901 | &callproc->h245Address); | 901 | &callproc->h245Address); |
902 | if (ret < 0) | 902 | if (ret < 0) |
903 | return -1; | 903 | return -1; |
@@ -905,7 +905,7 @@ static int process_callproceeding(struct sk_buff **pskb, | |||
905 | 905 | ||
906 | if (callproc->options & eCallProceeding_UUIE_fastStart) { | 906 | if (callproc->options & eCallProceeding_UUIE_fastStart) { |
907 | for (i = 0; i < callproc->fastStart.count; i++) { | 907 | for (i = 0; i < callproc->fastStart.count; i++) { |
908 | ret = process_olc(pskb, ct, ctinfo, data, dataoff, | 908 | ret = process_olc(skb, ct, ctinfo, data, dataoff, |
909 | &callproc->fastStart.item[i]); | 909 | &callproc->fastStart.item[i]); |
910 | if (ret < 0) | 910 | if (ret < 0) |
911 | return -1; | 911 | return -1; |
@@ -916,7 +916,7 @@ static int process_callproceeding(struct sk_buff **pskb, | |||
916 | } | 916 | } |
917 | 917 | ||
918 | /****************************************************************************/ | 918 | /****************************************************************************/ |
919 | static int process_connect(struct sk_buff **pskb, struct nf_conn *ct, | 919 | static int process_connect(struct sk_buff *skb, struct nf_conn *ct, |
920 | enum ip_conntrack_info ctinfo, | 920 | enum ip_conntrack_info ctinfo, |
921 | unsigned char **data, int dataoff, | 921 | unsigned char **data, int dataoff, |
922 | Connect_UUIE *connect) | 922 | Connect_UUIE *connect) |
@@ -927,7 +927,7 @@ static int process_connect(struct sk_buff **pskb, struct nf_conn *ct, | |||
927 | pr_debug("nf_ct_q931: Connect\n"); | 927 | pr_debug("nf_ct_q931: Connect\n"); |
928 | 928 | ||
929 | if (connect->options & eConnect_UUIE_h245Address) { | 929 | if (connect->options & eConnect_UUIE_h245Address) { |
930 | ret = expect_h245(pskb, ct, ctinfo, data, dataoff, | 930 | ret = expect_h245(skb, ct, ctinfo, data, dataoff, |
931 | &connect->h245Address); | 931 | &connect->h245Address); |
932 | if (ret < 0) | 932 | if (ret < 0) |
933 | return -1; | 933 | return -1; |
@@ -935,7 +935,7 @@ static int process_connect(struct sk_buff **pskb, struct nf_conn *ct, | |||
935 | 935 | ||
936 | if (connect->options & eConnect_UUIE_fastStart) { | 936 | if (connect->options & eConnect_UUIE_fastStart) { |
937 | for (i = 0; i < connect->fastStart.count; i++) { | 937 | for (i = 0; i < connect->fastStart.count; i++) { |
938 | ret = process_olc(pskb, ct, ctinfo, data, dataoff, | 938 | ret = process_olc(skb, ct, ctinfo, data, dataoff, |
939 | &connect->fastStart.item[i]); | 939 | &connect->fastStart.item[i]); |
940 | if (ret < 0) | 940 | if (ret < 0) |
941 | return -1; | 941 | return -1; |
@@ -946,7 +946,7 @@ static int process_connect(struct sk_buff **pskb, struct nf_conn *ct, | |||
946 | } | 946 | } |
947 | 947 | ||
948 | /****************************************************************************/ | 948 | /****************************************************************************/ |
949 | static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct, | 949 | static int process_alerting(struct sk_buff *skb, struct nf_conn *ct, |
950 | enum ip_conntrack_info ctinfo, | 950 | enum ip_conntrack_info ctinfo, |
951 | unsigned char **data, int dataoff, | 951 | unsigned char **data, int dataoff, |
952 | Alerting_UUIE *alert) | 952 | Alerting_UUIE *alert) |
@@ -957,7 +957,7 @@ static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct, | |||
957 | pr_debug("nf_ct_q931: Alerting\n"); | 957 | pr_debug("nf_ct_q931: Alerting\n"); |
958 | 958 | ||
959 | if (alert->options & eAlerting_UUIE_h245Address) { | 959 | if (alert->options & eAlerting_UUIE_h245Address) { |
960 | ret = expect_h245(pskb, ct, ctinfo, data, dataoff, | 960 | ret = expect_h245(skb, ct, ctinfo, data, dataoff, |
961 | &alert->h245Address); | 961 | &alert->h245Address); |
962 | if (ret < 0) | 962 | if (ret < 0) |
963 | return -1; | 963 | return -1; |
@@ -965,7 +965,7 @@ static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct, | |||
965 | 965 | ||
966 | if (alert->options & eAlerting_UUIE_fastStart) { | 966 | if (alert->options & eAlerting_UUIE_fastStart) { |
967 | for (i = 0; i < alert->fastStart.count; i++) { | 967 | for (i = 0; i < alert->fastStart.count; i++) { |
968 | ret = process_olc(pskb, ct, ctinfo, data, dataoff, | 968 | ret = process_olc(skb, ct, ctinfo, data, dataoff, |
969 | &alert->fastStart.item[i]); | 969 | &alert->fastStart.item[i]); |
970 | if (ret < 0) | 970 | if (ret < 0) |
971 | return -1; | 971 | return -1; |
@@ -976,7 +976,7 @@ static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct, | |||
976 | } | 976 | } |
977 | 977 | ||
978 | /****************************************************************************/ | 978 | /****************************************************************************/ |
979 | static int process_facility(struct sk_buff **pskb, struct nf_conn *ct, | 979 | static int process_facility(struct sk_buff *skb, struct nf_conn *ct, |
980 | enum ip_conntrack_info ctinfo, | 980 | enum ip_conntrack_info ctinfo, |
981 | unsigned char **data, int dataoff, | 981 | unsigned char **data, int dataoff, |
982 | Facility_UUIE *facility) | 982 | Facility_UUIE *facility) |
@@ -988,7 +988,7 @@ static int process_facility(struct sk_buff **pskb, struct nf_conn *ct, | |||
988 | 988 | ||
989 | if (facility->reason.choice == eFacilityReason_callForwarded) { | 989 | if (facility->reason.choice == eFacilityReason_callForwarded) { |
990 | if (facility->options & eFacility_UUIE_alternativeAddress) | 990 | if (facility->options & eFacility_UUIE_alternativeAddress) |
991 | return expect_callforwarding(pskb, ct, ctinfo, data, | 991 | return expect_callforwarding(skb, ct, ctinfo, data, |
992 | dataoff, | 992 | dataoff, |
993 | &facility-> | 993 | &facility-> |
994 | alternativeAddress); | 994 | alternativeAddress); |
@@ -996,7 +996,7 @@ static int process_facility(struct sk_buff **pskb, struct nf_conn *ct, | |||
996 | } | 996 | } |
997 | 997 | ||
998 | if (facility->options & eFacility_UUIE_h245Address) { | 998 | if (facility->options & eFacility_UUIE_h245Address) { |
999 | ret = expect_h245(pskb, ct, ctinfo, data, dataoff, | 999 | ret = expect_h245(skb, ct, ctinfo, data, dataoff, |
1000 | &facility->h245Address); | 1000 | &facility->h245Address); |
1001 | if (ret < 0) | 1001 | if (ret < 0) |
1002 | return -1; | 1002 | return -1; |
@@ -1004,7 +1004,7 @@ static int process_facility(struct sk_buff **pskb, struct nf_conn *ct, | |||
1004 | 1004 | ||
1005 | if (facility->options & eFacility_UUIE_fastStart) { | 1005 | if (facility->options & eFacility_UUIE_fastStart) { |
1006 | for (i = 0; i < facility->fastStart.count; i++) { | 1006 | for (i = 0; i < facility->fastStart.count; i++) { |
1007 | ret = process_olc(pskb, ct, ctinfo, data, dataoff, | 1007 | ret = process_olc(skb, ct, ctinfo, data, dataoff, |
1008 | &facility->fastStart.item[i]); | 1008 | &facility->fastStart.item[i]); |
1009 | if (ret < 0) | 1009 | if (ret < 0) |
1010 | return -1; | 1010 | return -1; |
@@ -1015,7 +1015,7 @@ static int process_facility(struct sk_buff **pskb, struct nf_conn *ct, | |||
1015 | } | 1015 | } |
1016 | 1016 | ||
1017 | /****************************************************************************/ | 1017 | /****************************************************************************/ |
1018 | static int process_progress(struct sk_buff **pskb, struct nf_conn *ct, | 1018 | static int process_progress(struct sk_buff *skb, struct nf_conn *ct, |
1019 | enum ip_conntrack_info ctinfo, | 1019 | enum ip_conntrack_info ctinfo, |
1020 | unsigned char **data, int dataoff, | 1020 | unsigned char **data, int dataoff, |
1021 | Progress_UUIE *progress) | 1021 | Progress_UUIE *progress) |
@@ -1026,7 +1026,7 @@ static int process_progress(struct sk_buff **pskb, struct nf_conn *ct, | |||
1026 | pr_debug("nf_ct_q931: Progress\n"); | 1026 | pr_debug("nf_ct_q931: Progress\n"); |
1027 | 1027 | ||
1028 | if (progress->options & eProgress_UUIE_h245Address) { | 1028 | if (progress->options & eProgress_UUIE_h245Address) { |
1029 | ret = expect_h245(pskb, ct, ctinfo, data, dataoff, | 1029 | ret = expect_h245(skb, ct, ctinfo, data, dataoff, |
1030 | &progress->h245Address); | 1030 | &progress->h245Address); |
1031 | if (ret < 0) | 1031 | if (ret < 0) |
1032 | return -1; | 1032 | return -1; |
@@ -1034,7 +1034,7 @@ static int process_progress(struct sk_buff **pskb, struct nf_conn *ct, | |||
1034 | 1034 | ||
1035 | if (progress->options & eProgress_UUIE_fastStart) { | 1035 | if (progress->options & eProgress_UUIE_fastStart) { |
1036 | for (i = 0; i < progress->fastStart.count; i++) { | 1036 | for (i = 0; i < progress->fastStart.count; i++) { |
1037 | ret = process_olc(pskb, ct, ctinfo, data, dataoff, | 1037 | ret = process_olc(skb, ct, ctinfo, data, dataoff, |
1038 | &progress->fastStart.item[i]); | 1038 | &progress->fastStart.item[i]); |
1039 | if (ret < 0) | 1039 | if (ret < 0) |
1040 | return -1; | 1040 | return -1; |
@@ -1045,7 +1045,7 @@ static int process_progress(struct sk_buff **pskb, struct nf_conn *ct, | |||
1045 | } | 1045 | } |
1046 | 1046 | ||
1047 | /****************************************************************************/ | 1047 | /****************************************************************************/ |
1048 | static int process_q931(struct sk_buff **pskb, struct nf_conn *ct, | 1048 | static int process_q931(struct sk_buff *skb, struct nf_conn *ct, |
1049 | enum ip_conntrack_info ctinfo, | 1049 | enum ip_conntrack_info ctinfo, |
1050 | unsigned char **data, int dataoff, Q931 *q931) | 1050 | unsigned char **data, int dataoff, Q931 *q931) |
1051 | { | 1051 | { |
@@ -1055,28 +1055,28 @@ static int process_q931(struct sk_buff **pskb, struct nf_conn *ct, | |||
1055 | 1055 | ||
1056 | switch (pdu->h323_message_body.choice) { | 1056 | switch (pdu->h323_message_body.choice) { |
1057 | case eH323_UU_PDU_h323_message_body_setup: | 1057 | case eH323_UU_PDU_h323_message_body_setup: |
1058 | ret = process_setup(pskb, ct, ctinfo, data, dataoff, | 1058 | ret = process_setup(skb, ct, ctinfo, data, dataoff, |
1059 | &pdu->h323_message_body.setup); | 1059 | &pdu->h323_message_body.setup); |
1060 | break; | 1060 | break; |
1061 | case eH323_UU_PDU_h323_message_body_callProceeding: | 1061 | case eH323_UU_PDU_h323_message_body_callProceeding: |
1062 | ret = process_callproceeding(pskb, ct, ctinfo, data, dataoff, | 1062 | ret = process_callproceeding(skb, ct, ctinfo, data, dataoff, |
1063 | &pdu->h323_message_body. | 1063 | &pdu->h323_message_body. |
1064 | callProceeding); | 1064 | callProceeding); |
1065 | break; | 1065 | break; |
1066 | case eH323_UU_PDU_h323_message_body_connect: | 1066 | case eH323_UU_PDU_h323_message_body_connect: |
1067 | ret = process_connect(pskb, ct, ctinfo, data, dataoff, | 1067 | ret = process_connect(skb, ct, ctinfo, data, dataoff, |
1068 | &pdu->h323_message_body.connect); | 1068 | &pdu->h323_message_body.connect); |
1069 | break; | 1069 | break; |
1070 | case eH323_UU_PDU_h323_message_body_alerting: | 1070 | case eH323_UU_PDU_h323_message_body_alerting: |
1071 | ret = process_alerting(pskb, ct, ctinfo, data, dataoff, | 1071 | ret = process_alerting(skb, ct, ctinfo, data, dataoff, |
1072 | &pdu->h323_message_body.alerting); | 1072 | &pdu->h323_message_body.alerting); |
1073 | break; | 1073 | break; |
1074 | case eH323_UU_PDU_h323_message_body_facility: | 1074 | case eH323_UU_PDU_h323_message_body_facility: |
1075 | ret = process_facility(pskb, ct, ctinfo, data, dataoff, | 1075 | ret = process_facility(skb, ct, ctinfo, data, dataoff, |
1076 | &pdu->h323_message_body.facility); | 1076 | &pdu->h323_message_body.facility); |
1077 | break; | 1077 | break; |
1078 | case eH323_UU_PDU_h323_message_body_progress: | 1078 | case eH323_UU_PDU_h323_message_body_progress: |
1079 | ret = process_progress(pskb, ct, ctinfo, data, dataoff, | 1079 | ret = process_progress(skb, ct, ctinfo, data, dataoff, |
1080 | &pdu->h323_message_body.progress); | 1080 | &pdu->h323_message_body.progress); |
1081 | break; | 1081 | break; |
1082 | default: | 1082 | default: |
@@ -1090,7 +1090,7 @@ static int process_q931(struct sk_buff **pskb, struct nf_conn *ct, | |||
1090 | 1090 | ||
1091 | if (pdu->options & eH323_UU_PDU_h245Control) { | 1091 | if (pdu->options & eH323_UU_PDU_h245Control) { |
1092 | for (i = 0; i < pdu->h245Control.count; i++) { | 1092 | for (i = 0; i < pdu->h245Control.count; i++) { |
1093 | ret = process_h245(pskb, ct, ctinfo, data, dataoff, | 1093 | ret = process_h245(skb, ct, ctinfo, data, dataoff, |
1094 | &pdu->h245Control.item[i]); | 1094 | &pdu->h245Control.item[i]); |
1095 | if (ret < 0) | 1095 | if (ret < 0) |
1096 | return -1; | 1096 | return -1; |
@@ -1101,7 +1101,7 @@ static int process_q931(struct sk_buff **pskb, struct nf_conn *ct, | |||
1101 | } | 1101 | } |
1102 | 1102 | ||
1103 | /****************************************************************************/ | 1103 | /****************************************************************************/ |
1104 | static int q931_help(struct sk_buff **pskb, unsigned int protoff, | 1104 | static int q931_help(struct sk_buff *skb, unsigned int protoff, |
1105 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) | 1105 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) |
1106 | { | 1106 | { |
1107 | static Q931 q931; | 1107 | static Q931 q931; |
@@ -1115,12 +1115,12 @@ static int q931_help(struct sk_buff **pskb, unsigned int protoff, | |||
1115 | ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) { | 1115 | ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) { |
1116 | return NF_ACCEPT; | 1116 | return NF_ACCEPT; |
1117 | } | 1117 | } |
1118 | pr_debug("nf_ct_q931: skblen = %u\n", (*pskb)->len); | 1118 | pr_debug("nf_ct_q931: skblen = %u\n", skb->len); |
1119 | 1119 | ||
1120 | spin_lock_bh(&nf_h323_lock); | 1120 | spin_lock_bh(&nf_h323_lock); |
1121 | 1121 | ||
1122 | /* Process each TPKT */ | 1122 | /* Process each TPKT */ |
1123 | while (get_tpkt_data(pskb, protoff, ct, ctinfo, | 1123 | while (get_tpkt_data(skb, protoff, ct, ctinfo, |
1124 | &data, &datalen, &dataoff)) { | 1124 | &data, &datalen, &dataoff)) { |
1125 | pr_debug("nf_ct_q931: TPKT len=%d ", datalen); | 1125 | pr_debug("nf_ct_q931: TPKT len=%d ", datalen); |
1126 | NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); | 1126 | NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); |
@@ -1136,7 +1136,7 @@ static int q931_help(struct sk_buff **pskb, unsigned int protoff, | |||
1136 | } | 1136 | } |
1137 | 1137 | ||
1138 | /* Process Q.931 signal */ | 1138 | /* Process Q.931 signal */ |
1139 | if (process_q931(pskb, ct, ctinfo, &data, dataoff, &q931) < 0) | 1139 | if (process_q931(skb, ct, ctinfo, &data, dataoff, &q931) < 0) |
1140 | goto drop; | 1140 | goto drop; |
1141 | } | 1141 | } |
1142 | 1142 | ||
@@ -1177,20 +1177,20 @@ static struct nf_conntrack_helper nf_conntrack_helper_q931[] __read_mostly = { | |||
1177 | }; | 1177 | }; |
1178 | 1178 | ||
1179 | /****************************************************************************/ | 1179 | /****************************************************************************/ |
1180 | static unsigned char *get_udp_data(struct sk_buff **pskb, unsigned int protoff, | 1180 | static unsigned char *get_udp_data(struct sk_buff *skb, unsigned int protoff, |
1181 | int *datalen) | 1181 | int *datalen) |
1182 | { | 1182 | { |
1183 | struct udphdr _uh, *uh; | 1183 | struct udphdr _uh, *uh; |
1184 | int dataoff; | 1184 | int dataoff; |
1185 | 1185 | ||
1186 | uh = skb_header_pointer(*pskb, protoff, sizeof(_uh), &_uh); | 1186 | uh = skb_header_pointer(skb, protoff, sizeof(_uh), &_uh); |
1187 | if (uh == NULL) | 1187 | if (uh == NULL) |
1188 | return NULL; | 1188 | return NULL; |
1189 | dataoff = protoff + sizeof(_uh); | 1189 | dataoff = protoff + sizeof(_uh); |
1190 | if (dataoff >= (*pskb)->len) | 1190 | if (dataoff >= skb->len) |
1191 | return NULL; | 1191 | return NULL; |
1192 | *datalen = (*pskb)->len - dataoff; | 1192 | *datalen = skb->len - dataoff; |
1193 | return skb_header_pointer(*pskb, dataoff, *datalen, h323_buffer); | 1193 | return skb_header_pointer(skb, dataoff, *datalen, h323_buffer); |
1194 | } | 1194 | } |
1195 | 1195 | ||
1196 | /****************************************************************************/ | 1196 | /****************************************************************************/ |
@@ -1227,7 +1227,7 @@ static int set_expect_timeout(struct nf_conntrack_expect *exp, | |||
1227 | } | 1227 | } |
1228 | 1228 | ||
1229 | /****************************************************************************/ | 1229 | /****************************************************************************/ |
1230 | static int expect_q931(struct sk_buff **pskb, struct nf_conn *ct, | 1230 | static int expect_q931(struct sk_buff *skb, struct nf_conn *ct, |
1231 | enum ip_conntrack_info ctinfo, | 1231 | enum ip_conntrack_info ctinfo, |
1232 | unsigned char **data, | 1232 | unsigned char **data, |
1233 | TransportAddress *taddr, int count) | 1233 | TransportAddress *taddr, int count) |
@@ -1265,7 +1265,7 @@ static int expect_q931(struct sk_buff **pskb, struct nf_conn *ct, | |||
1265 | 1265 | ||
1266 | nat_q931 = rcu_dereference(nat_q931_hook); | 1266 | nat_q931 = rcu_dereference(nat_q931_hook); |
1267 | if (nat_q931 && ct->status & IPS_NAT_MASK) { /* Need NAT */ | 1267 | if (nat_q931 && ct->status & IPS_NAT_MASK) { /* Need NAT */ |
1268 | ret = nat_q931(pskb, ct, ctinfo, data, taddr, i, port, exp); | 1268 | ret = nat_q931(skb, ct, ctinfo, data, taddr, i, port, exp); |
1269 | } else { /* Conntrack only */ | 1269 | } else { /* Conntrack only */ |
1270 | if (nf_ct_expect_related(exp) == 0) { | 1270 | if (nf_ct_expect_related(exp) == 0) { |
1271 | pr_debug("nf_ct_ras: expect Q.931 "); | 1271 | pr_debug("nf_ct_ras: expect Q.931 "); |
@@ -1283,7 +1283,7 @@ static int expect_q931(struct sk_buff **pskb, struct nf_conn *ct, | |||
1283 | } | 1283 | } |
1284 | 1284 | ||
1285 | /****************************************************************************/ | 1285 | /****************************************************************************/ |
1286 | static int process_grq(struct sk_buff **pskb, struct nf_conn *ct, | 1286 | static int process_grq(struct sk_buff *skb, struct nf_conn *ct, |
1287 | enum ip_conntrack_info ctinfo, | 1287 | enum ip_conntrack_info ctinfo, |
1288 | unsigned char **data, GatekeeperRequest *grq) | 1288 | unsigned char **data, GatekeeperRequest *grq) |
1289 | { | 1289 | { |
@@ -1293,13 +1293,13 @@ static int process_grq(struct sk_buff **pskb, struct nf_conn *ct, | |||
1293 | 1293 | ||
1294 | set_ras_addr = rcu_dereference(set_ras_addr_hook); | 1294 | set_ras_addr = rcu_dereference(set_ras_addr_hook); |
1295 | if (set_ras_addr && ct->status & IPS_NAT_MASK) /* NATed */ | 1295 | if (set_ras_addr && ct->status & IPS_NAT_MASK) /* NATed */ |
1296 | return set_ras_addr(pskb, ct, ctinfo, data, | 1296 | return set_ras_addr(skb, ct, ctinfo, data, |
1297 | &grq->rasAddress, 1); | 1297 | &grq->rasAddress, 1); |
1298 | return 0; | 1298 | return 0; |
1299 | } | 1299 | } |
1300 | 1300 | ||
1301 | /****************************************************************************/ | 1301 | /****************************************************************************/ |
1302 | static int process_gcf(struct sk_buff **pskb, struct nf_conn *ct, | 1302 | static int process_gcf(struct sk_buff *skb, struct nf_conn *ct, |
1303 | enum ip_conntrack_info ctinfo, | 1303 | enum ip_conntrack_info ctinfo, |
1304 | unsigned char **data, GatekeeperConfirm *gcf) | 1304 | unsigned char **data, GatekeeperConfirm *gcf) |
1305 | { | 1305 | { |
@@ -1343,7 +1343,7 @@ static int process_gcf(struct sk_buff **pskb, struct nf_conn *ct, | |||
1343 | } | 1343 | } |
1344 | 1344 | ||
1345 | /****************************************************************************/ | 1345 | /****************************************************************************/ |
1346 | static int process_rrq(struct sk_buff **pskb, struct nf_conn *ct, | 1346 | static int process_rrq(struct sk_buff *skb, struct nf_conn *ct, |
1347 | enum ip_conntrack_info ctinfo, | 1347 | enum ip_conntrack_info ctinfo, |
1348 | unsigned char **data, RegistrationRequest *rrq) | 1348 | unsigned char **data, RegistrationRequest *rrq) |
1349 | { | 1349 | { |
@@ -1353,7 +1353,7 @@ static int process_rrq(struct sk_buff **pskb, struct nf_conn *ct, | |||
1353 | 1353 | ||
1354 | pr_debug("nf_ct_ras: RRQ\n"); | 1354 | pr_debug("nf_ct_ras: RRQ\n"); |
1355 | 1355 | ||
1356 | ret = expect_q931(pskb, ct, ctinfo, data, | 1356 | ret = expect_q931(skb, ct, ctinfo, data, |
1357 | rrq->callSignalAddress.item, | 1357 | rrq->callSignalAddress.item, |
1358 | rrq->callSignalAddress.count); | 1358 | rrq->callSignalAddress.count); |
1359 | if (ret < 0) | 1359 | if (ret < 0) |
@@ -1361,7 +1361,7 @@ static int process_rrq(struct sk_buff **pskb, struct nf_conn *ct, | |||
1361 | 1361 | ||
1362 | set_ras_addr = rcu_dereference(set_ras_addr_hook); | 1362 | set_ras_addr = rcu_dereference(set_ras_addr_hook); |
1363 | if (set_ras_addr && ct->status & IPS_NAT_MASK) { | 1363 | if (set_ras_addr && ct->status & IPS_NAT_MASK) { |
1364 | ret = set_ras_addr(pskb, ct, ctinfo, data, | 1364 | ret = set_ras_addr(skb, ct, ctinfo, data, |
1365 | rrq->rasAddress.item, | 1365 | rrq->rasAddress.item, |
1366 | rrq->rasAddress.count); | 1366 | rrq->rasAddress.count); |
1367 | if (ret < 0) | 1367 | if (ret < 0) |
@@ -1378,7 +1378,7 @@ static int process_rrq(struct sk_buff **pskb, struct nf_conn *ct, | |||
1378 | } | 1378 | } |
1379 | 1379 | ||
1380 | /****************************************************************************/ | 1380 | /****************************************************************************/ |
1381 | static int process_rcf(struct sk_buff **pskb, struct nf_conn *ct, | 1381 | static int process_rcf(struct sk_buff *skb, struct nf_conn *ct, |
1382 | enum ip_conntrack_info ctinfo, | 1382 | enum ip_conntrack_info ctinfo, |
1383 | unsigned char **data, RegistrationConfirm *rcf) | 1383 | unsigned char **data, RegistrationConfirm *rcf) |
1384 | { | 1384 | { |
@@ -1392,7 +1392,7 @@ static int process_rcf(struct sk_buff **pskb, struct nf_conn *ct, | |||
1392 | 1392 | ||
1393 | set_sig_addr = rcu_dereference(set_sig_addr_hook); | 1393 | set_sig_addr = rcu_dereference(set_sig_addr_hook); |
1394 | if (set_sig_addr && ct->status & IPS_NAT_MASK) { | 1394 | if (set_sig_addr && ct->status & IPS_NAT_MASK) { |
1395 | ret = set_sig_addr(pskb, ct, ctinfo, data, | 1395 | ret = set_sig_addr(skb, ct, ctinfo, data, |
1396 | rcf->callSignalAddress.item, | 1396 | rcf->callSignalAddress.item, |
1397 | rcf->callSignalAddress.count); | 1397 | rcf->callSignalAddress.count); |
1398 | if (ret < 0) | 1398 | if (ret < 0) |
@@ -1407,7 +1407,7 @@ static int process_rcf(struct sk_buff **pskb, struct nf_conn *ct, | |||
1407 | if (info->timeout > 0) { | 1407 | if (info->timeout > 0) { |
1408 | pr_debug("nf_ct_ras: set RAS connection timeout to " | 1408 | pr_debug("nf_ct_ras: set RAS connection timeout to " |
1409 | "%u seconds\n", info->timeout); | 1409 | "%u seconds\n", info->timeout); |
1410 | nf_ct_refresh(ct, *pskb, info->timeout * HZ); | 1410 | nf_ct_refresh(ct, skb, info->timeout * HZ); |
1411 | 1411 | ||
1412 | /* Set expect timeout */ | 1412 | /* Set expect timeout */ |
1413 | read_lock_bh(&nf_conntrack_lock); | 1413 | read_lock_bh(&nf_conntrack_lock); |
@@ -1427,7 +1427,7 @@ static int process_rcf(struct sk_buff **pskb, struct nf_conn *ct, | |||
1427 | } | 1427 | } |
1428 | 1428 | ||
1429 | /****************************************************************************/ | 1429 | /****************************************************************************/ |
1430 | static int process_urq(struct sk_buff **pskb, struct nf_conn *ct, | 1430 | static int process_urq(struct sk_buff *skb, struct nf_conn *ct, |
1431 | enum ip_conntrack_info ctinfo, | 1431 | enum ip_conntrack_info ctinfo, |
1432 | unsigned char **data, UnregistrationRequest *urq) | 1432 | unsigned char **data, UnregistrationRequest *urq) |
1433 | { | 1433 | { |
@@ -1440,7 +1440,7 @@ static int process_urq(struct sk_buff **pskb, struct nf_conn *ct, | |||
1440 | 1440 | ||
1441 | set_sig_addr = rcu_dereference(set_sig_addr_hook); | 1441 | set_sig_addr = rcu_dereference(set_sig_addr_hook); |
1442 | if (set_sig_addr && ct->status & IPS_NAT_MASK) { | 1442 | if (set_sig_addr && ct->status & IPS_NAT_MASK) { |
1443 | ret = set_sig_addr(pskb, ct, ctinfo, data, | 1443 | ret = set_sig_addr(skb, ct, ctinfo, data, |
1444 | urq->callSignalAddress.item, | 1444 | urq->callSignalAddress.item, |
1445 | urq->callSignalAddress.count); | 1445 | urq->callSignalAddress.count); |
1446 | if (ret < 0) | 1446 | if (ret < 0) |
@@ -1453,13 +1453,13 @@ static int process_urq(struct sk_buff **pskb, struct nf_conn *ct, | |||
1453 | info->sig_port[!dir] = 0; | 1453 | info->sig_port[!dir] = 0; |
1454 | 1454 | ||
1455 | /* Give it 30 seconds for UCF or URJ */ | 1455 | /* Give it 30 seconds for UCF or URJ */ |
1456 | nf_ct_refresh(ct, *pskb, 30 * HZ); | 1456 | nf_ct_refresh(ct, skb, 30 * HZ); |
1457 | 1457 | ||
1458 | return 0; | 1458 | return 0; |
1459 | } | 1459 | } |
1460 | 1460 | ||
1461 | /****************************************************************************/ | 1461 | /****************************************************************************/ |
1462 | static int process_arq(struct sk_buff **pskb, struct nf_conn *ct, | 1462 | static int process_arq(struct sk_buff *skb, struct nf_conn *ct, |
1463 | enum ip_conntrack_info ctinfo, | 1463 | enum ip_conntrack_info ctinfo, |
1464 | unsigned char **data, AdmissionRequest *arq) | 1464 | unsigned char **data, AdmissionRequest *arq) |
1465 | { | 1465 | { |
@@ -1479,7 +1479,7 @@ static int process_arq(struct sk_buff **pskb, struct nf_conn *ct, | |||
1479 | port == info->sig_port[dir] && | 1479 | port == info->sig_port[dir] && |
1480 | set_h225_addr && ct->status & IPS_NAT_MASK) { | 1480 | set_h225_addr && ct->status & IPS_NAT_MASK) { |
1481 | /* Answering ARQ */ | 1481 | /* Answering ARQ */ |
1482 | return set_h225_addr(pskb, data, 0, | 1482 | return set_h225_addr(skb, data, 0, |
1483 | &arq->destCallSignalAddress, | 1483 | &arq->destCallSignalAddress, |
1484 | &ct->tuplehash[!dir].tuple.dst.u3, | 1484 | &ct->tuplehash[!dir].tuple.dst.u3, |
1485 | info->sig_port[!dir]); | 1485 | info->sig_port[!dir]); |
@@ -1491,7 +1491,7 @@ static int process_arq(struct sk_buff **pskb, struct nf_conn *ct, | |||
1491 | !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) && | 1491 | !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) && |
1492 | set_h225_addr && ct->status & IPS_NAT_MASK) { | 1492 | set_h225_addr && ct->status & IPS_NAT_MASK) { |
1493 | /* Calling ARQ */ | 1493 | /* Calling ARQ */ |
1494 | return set_h225_addr(pskb, data, 0, | 1494 | return set_h225_addr(skb, data, 0, |
1495 | &arq->srcCallSignalAddress, | 1495 | &arq->srcCallSignalAddress, |
1496 | &ct->tuplehash[!dir].tuple.dst.u3, | 1496 | &ct->tuplehash[!dir].tuple.dst.u3, |
1497 | port); | 1497 | port); |
@@ -1501,7 +1501,7 @@ static int process_arq(struct sk_buff **pskb, struct nf_conn *ct, | |||
1501 | } | 1501 | } |
1502 | 1502 | ||
1503 | /****************************************************************************/ | 1503 | /****************************************************************************/ |
1504 | static int process_acf(struct sk_buff **pskb, struct nf_conn *ct, | 1504 | static int process_acf(struct sk_buff *skb, struct nf_conn *ct, |
1505 | enum ip_conntrack_info ctinfo, | 1505 | enum ip_conntrack_info ctinfo, |
1506 | unsigned char **data, AdmissionConfirm *acf) | 1506 | unsigned char **data, AdmissionConfirm *acf) |
1507 | { | 1507 | { |
@@ -1522,7 +1522,7 @@ static int process_acf(struct sk_buff **pskb, struct nf_conn *ct, | |||
1522 | /* Answering ACF */ | 1522 | /* Answering ACF */ |
1523 | set_sig_addr = rcu_dereference(set_sig_addr_hook); | 1523 | set_sig_addr = rcu_dereference(set_sig_addr_hook); |
1524 | if (set_sig_addr && ct->status & IPS_NAT_MASK) | 1524 | if (set_sig_addr && ct->status & IPS_NAT_MASK) |
1525 | return set_sig_addr(pskb, ct, ctinfo, data, | 1525 | return set_sig_addr(skb, ct, ctinfo, data, |
1526 | &acf->destCallSignalAddress, 1); | 1526 | &acf->destCallSignalAddress, 1); |
1527 | return 0; | 1527 | return 0; |
1528 | } | 1528 | } |
@@ -1548,7 +1548,7 @@ static int process_acf(struct sk_buff **pskb, struct nf_conn *ct, | |||
1548 | } | 1548 | } |
1549 | 1549 | ||
1550 | /****************************************************************************/ | 1550 | /****************************************************************************/ |
1551 | static int process_lrq(struct sk_buff **pskb, struct nf_conn *ct, | 1551 | static int process_lrq(struct sk_buff *skb, struct nf_conn *ct, |
1552 | enum ip_conntrack_info ctinfo, | 1552 | enum ip_conntrack_info ctinfo, |
1553 | unsigned char **data, LocationRequest *lrq) | 1553 | unsigned char **data, LocationRequest *lrq) |
1554 | { | 1554 | { |
@@ -1558,13 +1558,13 @@ static int process_lrq(struct sk_buff **pskb, struct nf_conn *ct, | |||
1558 | 1558 | ||
1559 | set_ras_addr = rcu_dereference(set_ras_addr_hook); | 1559 | set_ras_addr = rcu_dereference(set_ras_addr_hook); |
1560 | if (set_ras_addr && ct->status & IPS_NAT_MASK) | 1560 | if (set_ras_addr && ct->status & IPS_NAT_MASK) |
1561 | return set_ras_addr(pskb, ct, ctinfo, data, | 1561 | return set_ras_addr(skb, ct, ctinfo, data, |
1562 | &lrq->replyAddress, 1); | 1562 | &lrq->replyAddress, 1); |
1563 | return 0; | 1563 | return 0; |
1564 | } | 1564 | } |
1565 | 1565 | ||
1566 | /****************************************************************************/ | 1566 | /****************************************************************************/ |
1567 | static int process_lcf(struct sk_buff **pskb, struct nf_conn *ct, | 1567 | static int process_lcf(struct sk_buff *skb, struct nf_conn *ct, |
1568 | enum ip_conntrack_info ctinfo, | 1568 | enum ip_conntrack_info ctinfo, |
1569 | unsigned char **data, LocationConfirm *lcf) | 1569 | unsigned char **data, LocationConfirm *lcf) |
1570 | { | 1570 | { |
@@ -1603,7 +1603,7 @@ static int process_lcf(struct sk_buff **pskb, struct nf_conn *ct, | |||
1603 | } | 1603 | } |
1604 | 1604 | ||
1605 | /****************************************************************************/ | 1605 | /****************************************************************************/ |
1606 | static int process_irr(struct sk_buff **pskb, struct nf_conn *ct, | 1606 | static int process_irr(struct sk_buff *skb, struct nf_conn *ct, |
1607 | enum ip_conntrack_info ctinfo, | 1607 | enum ip_conntrack_info ctinfo, |
1608 | unsigned char **data, InfoRequestResponse *irr) | 1608 | unsigned char **data, InfoRequestResponse *irr) |
1609 | { | 1609 | { |
@@ -1615,7 +1615,7 @@ static int process_irr(struct sk_buff **pskb, struct nf_conn *ct, | |||
1615 | 1615 | ||
1616 | set_ras_addr = rcu_dereference(set_ras_addr_hook); | 1616 | set_ras_addr = rcu_dereference(set_ras_addr_hook); |
1617 | if (set_ras_addr && ct->status & IPS_NAT_MASK) { | 1617 | if (set_ras_addr && ct->status & IPS_NAT_MASK) { |
1618 | ret = set_ras_addr(pskb, ct, ctinfo, data, | 1618 | ret = set_ras_addr(skb, ct, ctinfo, data, |
1619 | &irr->rasAddress, 1); | 1619 | &irr->rasAddress, 1); |
1620 | if (ret < 0) | 1620 | if (ret < 0) |
1621 | return -1; | 1621 | return -1; |
@@ -1623,7 +1623,7 @@ static int process_irr(struct sk_buff **pskb, struct nf_conn *ct, | |||
1623 | 1623 | ||
1624 | set_sig_addr = rcu_dereference(set_sig_addr_hook); | 1624 | set_sig_addr = rcu_dereference(set_sig_addr_hook); |
1625 | if (set_sig_addr && ct->status & IPS_NAT_MASK) { | 1625 | if (set_sig_addr && ct->status & IPS_NAT_MASK) { |
1626 | ret = set_sig_addr(pskb, ct, ctinfo, data, | 1626 | ret = set_sig_addr(skb, ct, ctinfo, data, |
1627 | irr->callSignalAddress.item, | 1627 | irr->callSignalAddress.item, |
1628 | irr->callSignalAddress.count); | 1628 | irr->callSignalAddress.count); |
1629 | if (ret < 0) | 1629 | if (ret < 0) |
@@ -1634,40 +1634,40 @@ static int process_irr(struct sk_buff **pskb, struct nf_conn *ct, | |||
1634 | } | 1634 | } |
1635 | 1635 | ||
1636 | /****************************************************************************/ | 1636 | /****************************************************************************/ |
1637 | static int process_ras(struct sk_buff **pskb, struct nf_conn *ct, | 1637 | static int process_ras(struct sk_buff *skb, struct nf_conn *ct, |
1638 | enum ip_conntrack_info ctinfo, | 1638 | enum ip_conntrack_info ctinfo, |
1639 | unsigned char **data, RasMessage *ras) | 1639 | unsigned char **data, RasMessage *ras) |
1640 | { | 1640 | { |
1641 | switch (ras->choice) { | 1641 | switch (ras->choice) { |
1642 | case eRasMessage_gatekeeperRequest: | 1642 | case eRasMessage_gatekeeperRequest: |
1643 | return process_grq(pskb, ct, ctinfo, data, | 1643 | return process_grq(skb, ct, ctinfo, data, |
1644 | &ras->gatekeeperRequest); | 1644 | &ras->gatekeeperRequest); |
1645 | case eRasMessage_gatekeeperConfirm: | 1645 | case eRasMessage_gatekeeperConfirm: |
1646 | return process_gcf(pskb, ct, ctinfo, data, | 1646 | return process_gcf(skb, ct, ctinfo, data, |
1647 | &ras->gatekeeperConfirm); | 1647 | &ras->gatekeeperConfirm); |
1648 | case eRasMessage_registrationRequest: | 1648 | case eRasMessage_registrationRequest: |
1649 | return process_rrq(pskb, ct, ctinfo, data, | 1649 | return process_rrq(skb, ct, ctinfo, data, |
1650 | &ras->registrationRequest); | 1650 | &ras->registrationRequest); |
1651 | case eRasMessage_registrationConfirm: | 1651 | case eRasMessage_registrationConfirm: |
1652 | return process_rcf(pskb, ct, ctinfo, data, | 1652 | return process_rcf(skb, ct, ctinfo, data, |
1653 | &ras->registrationConfirm); | 1653 | &ras->registrationConfirm); |
1654 | case eRasMessage_unregistrationRequest: | 1654 | case eRasMessage_unregistrationRequest: |
1655 | return process_urq(pskb, ct, ctinfo, data, | 1655 | return process_urq(skb, ct, ctinfo, data, |
1656 | &ras->unregistrationRequest); | 1656 | &ras->unregistrationRequest); |
1657 | case eRasMessage_admissionRequest: | 1657 | case eRasMessage_admissionRequest: |
1658 | return process_arq(pskb, ct, ctinfo, data, | 1658 | return process_arq(skb, ct, ctinfo, data, |
1659 | &ras->admissionRequest); | 1659 | &ras->admissionRequest); |
1660 | case eRasMessage_admissionConfirm: | 1660 | case eRasMessage_admissionConfirm: |
1661 | return process_acf(pskb, ct, ctinfo, data, | 1661 | return process_acf(skb, ct, ctinfo, data, |
1662 | &ras->admissionConfirm); | 1662 | &ras->admissionConfirm); |
1663 | case eRasMessage_locationRequest: | 1663 | case eRasMessage_locationRequest: |
1664 | return process_lrq(pskb, ct, ctinfo, data, | 1664 | return process_lrq(skb, ct, ctinfo, data, |
1665 | &ras->locationRequest); | 1665 | &ras->locationRequest); |
1666 | case eRasMessage_locationConfirm: | 1666 | case eRasMessage_locationConfirm: |
1667 | return process_lcf(pskb, ct, ctinfo, data, | 1667 | return process_lcf(skb, ct, ctinfo, data, |
1668 | &ras->locationConfirm); | 1668 | &ras->locationConfirm); |
1669 | case eRasMessage_infoRequestResponse: | 1669 | case eRasMessage_infoRequestResponse: |
1670 | return process_irr(pskb, ct, ctinfo, data, | 1670 | return process_irr(skb, ct, ctinfo, data, |
1671 | &ras->infoRequestResponse); | 1671 | &ras->infoRequestResponse); |
1672 | default: | 1672 | default: |
1673 | pr_debug("nf_ct_ras: RAS message %d\n", ras->choice); | 1673 | pr_debug("nf_ct_ras: RAS message %d\n", ras->choice); |
@@ -1678,7 +1678,7 @@ static int process_ras(struct sk_buff **pskb, struct nf_conn *ct, | |||
1678 | } | 1678 | } |
1679 | 1679 | ||
1680 | /****************************************************************************/ | 1680 | /****************************************************************************/ |
1681 | static int ras_help(struct sk_buff **pskb, unsigned int protoff, | 1681 | static int ras_help(struct sk_buff *skb, unsigned int protoff, |
1682 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) | 1682 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) |
1683 | { | 1683 | { |
1684 | static RasMessage ras; | 1684 | static RasMessage ras; |
@@ -1686,12 +1686,12 @@ static int ras_help(struct sk_buff **pskb, unsigned int protoff, | |||
1686 | int datalen = 0; | 1686 | int datalen = 0; |
1687 | int ret; | 1687 | int ret; |
1688 | 1688 | ||
1689 | pr_debug("nf_ct_ras: skblen = %u\n", (*pskb)->len); | 1689 | pr_debug("nf_ct_ras: skblen = %u\n", skb->len); |
1690 | 1690 | ||
1691 | spin_lock_bh(&nf_h323_lock); | 1691 | spin_lock_bh(&nf_h323_lock); |
1692 | 1692 | ||
1693 | /* Get UDP data */ | 1693 | /* Get UDP data */ |
1694 | data = get_udp_data(pskb, protoff, &datalen); | 1694 | data = get_udp_data(skb, protoff, &datalen); |
1695 | if (data == NULL) | 1695 | if (data == NULL) |
1696 | goto accept; | 1696 | goto accept; |
1697 | pr_debug("nf_ct_ras: RAS message len=%d ", datalen); | 1697 | pr_debug("nf_ct_ras: RAS message len=%d ", datalen); |
@@ -1707,7 +1707,7 @@ static int ras_help(struct sk_buff **pskb, unsigned int protoff, | |||
1707 | } | 1707 | } |
1708 | 1708 | ||
1709 | /* Process RAS message */ | 1709 | /* Process RAS message */ |
1710 | if (process_ras(pskb, ct, ctinfo, &data, &ras) < 0) | 1710 | if (process_ras(skb, ct, ctinfo, &data, &ras) < 0) |
1711 | goto drop; | 1711 | goto drop; |
1712 | 1712 | ||
1713 | accept: | 1713 | accept: |
diff --git a/net/netfilter/nf_conntrack_irc.c b/net/netfilter/nf_conntrack_irc.c index 1562ca97a34..dfaed4ba83c 100644 --- a/net/netfilter/nf_conntrack_irc.c +++ b/net/netfilter/nf_conntrack_irc.c | |||
@@ -30,7 +30,7 @@ static unsigned int dcc_timeout __read_mostly = 300; | |||
30 | static char *irc_buffer; | 30 | static char *irc_buffer; |
31 | static DEFINE_SPINLOCK(irc_buffer_lock); | 31 | static DEFINE_SPINLOCK(irc_buffer_lock); |
32 | 32 | ||
33 | unsigned int (*nf_nat_irc_hook)(struct sk_buff **pskb, | 33 | unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb, |
34 | enum ip_conntrack_info ctinfo, | 34 | enum ip_conntrack_info ctinfo, |
35 | unsigned int matchoff, | 35 | unsigned int matchoff, |
36 | unsigned int matchlen, | 36 | unsigned int matchlen, |
@@ -89,7 +89,7 @@ static int parse_dcc(char *data, char *data_end, u_int32_t *ip, | |||
89 | return 0; | 89 | return 0; |
90 | } | 90 | } |
91 | 91 | ||
92 | static int help(struct sk_buff **pskb, unsigned int protoff, | 92 | static int help(struct sk_buff *skb, unsigned int protoff, |
93 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) | 93 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) |
94 | { | 94 | { |
95 | unsigned int dataoff; | 95 | unsigned int dataoff; |
@@ -116,22 +116,22 @@ static int help(struct sk_buff **pskb, unsigned int protoff, | |||
116 | return NF_ACCEPT; | 116 | return NF_ACCEPT; |
117 | 117 | ||
118 | /* Not a full tcp header? */ | 118 | /* Not a full tcp header? */ |
119 | th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); | 119 | th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); |
120 | if (th == NULL) | 120 | if (th == NULL) |
121 | return NF_ACCEPT; | 121 | return NF_ACCEPT; |
122 | 122 | ||
123 | /* No data? */ | 123 | /* No data? */ |
124 | dataoff = protoff + th->doff*4; | 124 | dataoff = protoff + th->doff*4; |
125 | if (dataoff >= (*pskb)->len) | 125 | if (dataoff >= skb->len) |
126 | return NF_ACCEPT; | 126 | return NF_ACCEPT; |
127 | 127 | ||
128 | spin_lock_bh(&irc_buffer_lock); | 128 | spin_lock_bh(&irc_buffer_lock); |
129 | ib_ptr = skb_header_pointer(*pskb, dataoff, (*pskb)->len - dataoff, | 129 | ib_ptr = skb_header_pointer(skb, dataoff, skb->len - dataoff, |
130 | irc_buffer); | 130 | irc_buffer); |
131 | BUG_ON(ib_ptr == NULL); | 131 | BUG_ON(ib_ptr == NULL); |
132 | 132 | ||
133 | data = ib_ptr; | 133 | data = ib_ptr; |
134 | data_limit = ib_ptr + (*pskb)->len - dataoff; | 134 | data_limit = ib_ptr + skb->len - dataoff; |
135 | 135 | ||
136 | /* strlen("\1DCC SENT t AAAAAAAA P\1\n")=24 | 136 | /* strlen("\1DCC SENT t AAAAAAAA P\1\n")=24 |
137 | * 5+MINMATCHLEN+strlen("t AAAAAAAA P\1\n")=14 */ | 137 | * 5+MINMATCHLEN+strlen("t AAAAAAAA P\1\n")=14 */ |
@@ -143,7 +143,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff, | |||
143 | data += 5; | 143 | data += 5; |
144 | /* we have at least (19+MINMATCHLEN)-5 bytes valid data left */ | 144 | /* we have at least (19+MINMATCHLEN)-5 bytes valid data left */ |
145 | 145 | ||
146 | iph = ip_hdr(*pskb); | 146 | iph = ip_hdr(skb); |
147 | pr_debug("DCC found in master %u.%u.%u.%u:%u %u.%u.%u.%u:%u\n", | 147 | pr_debug("DCC found in master %u.%u.%u.%u:%u %u.%u.%u.%u:%u\n", |
148 | NIPQUAD(iph->saddr), ntohs(th->source), | 148 | NIPQUAD(iph->saddr), ntohs(th->source), |
149 | NIPQUAD(iph->daddr), ntohs(th->dest)); | 149 | NIPQUAD(iph->daddr), ntohs(th->dest)); |
@@ -193,7 +193,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff, | |||
193 | 193 | ||
194 | nf_nat_irc = rcu_dereference(nf_nat_irc_hook); | 194 | nf_nat_irc = rcu_dereference(nf_nat_irc_hook); |
195 | if (nf_nat_irc && ct->status & IPS_NAT_MASK) | 195 | if (nf_nat_irc && ct->status & IPS_NAT_MASK) |
196 | ret = nf_nat_irc(pskb, ctinfo, | 196 | ret = nf_nat_irc(skb, ctinfo, |
197 | addr_beg_p - ib_ptr, | 197 | addr_beg_p - ib_ptr, |
198 | addr_end_p - addr_beg_p, | 198 | addr_end_p - addr_beg_p, |
199 | exp); | 199 | exp); |
diff --git a/net/netfilter/nf_conntrack_netbios_ns.c b/net/netfilter/nf_conntrack_netbios_ns.c index 1d59fabeb5f..9810d81e2a0 100644 --- a/net/netfilter/nf_conntrack_netbios_ns.c +++ b/net/netfilter/nf_conntrack_netbios_ns.c | |||
@@ -42,17 +42,17 @@ static unsigned int timeout __read_mostly = 3; | |||
42 | module_param(timeout, uint, 0400); | 42 | module_param(timeout, uint, 0400); |
43 | MODULE_PARM_DESC(timeout, "timeout for master connection/replies in seconds"); | 43 | MODULE_PARM_DESC(timeout, "timeout for master connection/replies in seconds"); |
44 | 44 | ||
45 | static int help(struct sk_buff **pskb, unsigned int protoff, | 45 | static int help(struct sk_buff *skb, unsigned int protoff, |
46 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) | 46 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) |
47 | { | 47 | { |
48 | struct nf_conntrack_expect *exp; | 48 | struct nf_conntrack_expect *exp; |
49 | struct iphdr *iph = ip_hdr(*pskb); | 49 | struct iphdr *iph = ip_hdr(skb); |
50 | struct rtable *rt = (struct rtable *)(*pskb)->dst; | 50 | struct rtable *rt = (struct rtable *)skb->dst; |
51 | struct in_device *in_dev; | 51 | struct in_device *in_dev; |
52 | __be32 mask = 0; | 52 | __be32 mask = 0; |
53 | 53 | ||
54 | /* we're only interested in locally generated packets */ | 54 | /* we're only interested in locally generated packets */ |
55 | if ((*pskb)->sk == NULL) | 55 | if (skb->sk == NULL) |
56 | goto out; | 56 | goto out; |
57 | if (rt == NULL || !(rt->rt_flags & RTCF_BROADCAST)) | 57 | if (rt == NULL || !(rt->rt_flags & RTCF_BROADCAST)) |
58 | goto out; | 58 | goto out; |
@@ -91,7 +91,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff, | |||
91 | nf_ct_expect_related(exp); | 91 | nf_ct_expect_related(exp); |
92 | nf_ct_expect_put(exp); | 92 | nf_ct_expect_put(exp); |
93 | 93 | ||
94 | nf_ct_refresh(ct, *pskb, timeout * HZ); | 94 | nf_ct_refresh(ct, skb, timeout * HZ); |
95 | out: | 95 | out: |
96 | return NF_ACCEPT; | 96 | return NF_ACCEPT; |
97 | } | 97 | } |
diff --git a/net/netfilter/nf_conntrack_pptp.c b/net/netfilter/nf_conntrack_pptp.c index b0804199ab5..099b6df3e2b 100644 --- a/net/netfilter/nf_conntrack_pptp.c +++ b/net/netfilter/nf_conntrack_pptp.c | |||
@@ -41,14 +41,14 @@ MODULE_ALIAS("ip_conntrack_pptp"); | |||
41 | static DEFINE_SPINLOCK(nf_pptp_lock); | 41 | static DEFINE_SPINLOCK(nf_pptp_lock); |
42 | 42 | ||
43 | int | 43 | int |
44 | (*nf_nat_pptp_hook_outbound)(struct sk_buff **pskb, | 44 | (*nf_nat_pptp_hook_outbound)(struct sk_buff *skb, |
45 | struct nf_conn *ct, enum ip_conntrack_info ctinfo, | 45 | struct nf_conn *ct, enum ip_conntrack_info ctinfo, |
46 | struct PptpControlHeader *ctlh, | 46 | struct PptpControlHeader *ctlh, |
47 | union pptp_ctrl_union *pptpReq) __read_mostly; | 47 | union pptp_ctrl_union *pptpReq) __read_mostly; |
48 | EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_outbound); | 48 | EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_outbound); |
49 | 49 | ||
50 | int | 50 | int |
51 | (*nf_nat_pptp_hook_inbound)(struct sk_buff **pskb, | 51 | (*nf_nat_pptp_hook_inbound)(struct sk_buff *skb, |
52 | struct nf_conn *ct, enum ip_conntrack_info ctinfo, | 52 | struct nf_conn *ct, enum ip_conntrack_info ctinfo, |
53 | struct PptpControlHeader *ctlh, | 53 | struct PptpControlHeader *ctlh, |
54 | union pptp_ctrl_union *pptpReq) __read_mostly; | 54 | union pptp_ctrl_union *pptpReq) __read_mostly; |
@@ -254,7 +254,7 @@ out_unexpect_orig: | |||
254 | } | 254 | } |
255 | 255 | ||
256 | static inline int | 256 | static inline int |
257 | pptp_inbound_pkt(struct sk_buff **pskb, | 257 | pptp_inbound_pkt(struct sk_buff *skb, |
258 | struct PptpControlHeader *ctlh, | 258 | struct PptpControlHeader *ctlh, |
259 | union pptp_ctrl_union *pptpReq, | 259 | union pptp_ctrl_union *pptpReq, |
260 | unsigned int reqlen, | 260 | unsigned int reqlen, |
@@ -367,7 +367,7 @@ pptp_inbound_pkt(struct sk_buff **pskb, | |||
367 | 367 | ||
368 | nf_nat_pptp_inbound = rcu_dereference(nf_nat_pptp_hook_inbound); | 368 | nf_nat_pptp_inbound = rcu_dereference(nf_nat_pptp_hook_inbound); |
369 | if (nf_nat_pptp_inbound && ct->status & IPS_NAT_MASK) | 369 | if (nf_nat_pptp_inbound && ct->status & IPS_NAT_MASK) |
370 | return nf_nat_pptp_inbound(pskb, ct, ctinfo, ctlh, pptpReq); | 370 | return nf_nat_pptp_inbound(skb, ct, ctinfo, ctlh, pptpReq); |
371 | return NF_ACCEPT; | 371 | return NF_ACCEPT; |
372 | 372 | ||
373 | invalid: | 373 | invalid: |
@@ -380,7 +380,7 @@ invalid: | |||
380 | } | 380 | } |
381 | 381 | ||
382 | static inline int | 382 | static inline int |
383 | pptp_outbound_pkt(struct sk_buff **pskb, | 383 | pptp_outbound_pkt(struct sk_buff *skb, |
384 | struct PptpControlHeader *ctlh, | 384 | struct PptpControlHeader *ctlh, |
385 | union pptp_ctrl_union *pptpReq, | 385 | union pptp_ctrl_union *pptpReq, |
386 | unsigned int reqlen, | 386 | unsigned int reqlen, |
@@ -462,7 +462,7 @@ pptp_outbound_pkt(struct sk_buff **pskb, | |||
462 | 462 | ||
463 | nf_nat_pptp_outbound = rcu_dereference(nf_nat_pptp_hook_outbound); | 463 | nf_nat_pptp_outbound = rcu_dereference(nf_nat_pptp_hook_outbound); |
464 | if (nf_nat_pptp_outbound && ct->status & IPS_NAT_MASK) | 464 | if (nf_nat_pptp_outbound && ct->status & IPS_NAT_MASK) |
465 | return nf_nat_pptp_outbound(pskb, ct, ctinfo, ctlh, pptpReq); | 465 | return nf_nat_pptp_outbound(skb, ct, ctinfo, ctlh, pptpReq); |
466 | return NF_ACCEPT; | 466 | return NF_ACCEPT; |
467 | 467 | ||
468 | invalid: | 468 | invalid: |
@@ -492,7 +492,7 @@ static const unsigned int pptp_msg_size[] = { | |||
492 | 492 | ||
493 | /* track caller id inside control connection, call expect_related */ | 493 | /* track caller id inside control connection, call expect_related */ |
494 | static int | 494 | static int |
495 | conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff, | 495 | conntrack_pptp_help(struct sk_buff *skb, unsigned int protoff, |
496 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) | 496 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) |
497 | 497 | ||
498 | { | 498 | { |
@@ -502,7 +502,7 @@ conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff, | |||
502 | struct pptp_pkt_hdr _pptph, *pptph; | 502 | struct pptp_pkt_hdr _pptph, *pptph; |
503 | struct PptpControlHeader _ctlh, *ctlh; | 503 | struct PptpControlHeader _ctlh, *ctlh; |
504 | union pptp_ctrl_union _pptpReq, *pptpReq; | 504 | union pptp_ctrl_union _pptpReq, *pptpReq; |
505 | unsigned int tcplen = (*pskb)->len - protoff; | 505 | unsigned int tcplen = skb->len - protoff; |
506 | unsigned int datalen, reqlen, nexthdr_off; | 506 | unsigned int datalen, reqlen, nexthdr_off; |
507 | int oldsstate, oldcstate; | 507 | int oldsstate, oldcstate; |
508 | int ret; | 508 | int ret; |
@@ -514,12 +514,12 @@ conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff, | |||
514 | return NF_ACCEPT; | 514 | return NF_ACCEPT; |
515 | 515 | ||
516 | nexthdr_off = protoff; | 516 | nexthdr_off = protoff; |
517 | tcph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_tcph), &_tcph); | 517 | tcph = skb_header_pointer(skb, nexthdr_off, sizeof(_tcph), &_tcph); |
518 | BUG_ON(!tcph); | 518 | BUG_ON(!tcph); |
519 | nexthdr_off += tcph->doff * 4; | 519 | nexthdr_off += tcph->doff * 4; |
520 | datalen = tcplen - tcph->doff * 4; | 520 | datalen = tcplen - tcph->doff * 4; |
521 | 521 | ||
522 | pptph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_pptph), &_pptph); | 522 | pptph = skb_header_pointer(skb, nexthdr_off, sizeof(_pptph), &_pptph); |
523 | if (!pptph) { | 523 | if (!pptph) { |
524 | pr_debug("no full PPTP header, can't track\n"); | 524 | pr_debug("no full PPTP header, can't track\n"); |
525 | return NF_ACCEPT; | 525 | return NF_ACCEPT; |
@@ -534,7 +534,7 @@ conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff, | |||
534 | return NF_ACCEPT; | 534 | return NF_ACCEPT; |
535 | } | 535 | } |
536 | 536 | ||
537 | ctlh = skb_header_pointer(*pskb, nexthdr_off, sizeof(_ctlh), &_ctlh); | 537 | ctlh = skb_header_pointer(skb, nexthdr_off, sizeof(_ctlh), &_ctlh); |
538 | if (!ctlh) | 538 | if (!ctlh) |
539 | return NF_ACCEPT; | 539 | return NF_ACCEPT; |
540 | nexthdr_off += sizeof(_ctlh); | 540 | nexthdr_off += sizeof(_ctlh); |
@@ -547,7 +547,7 @@ conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff, | |||
547 | if (reqlen > sizeof(*pptpReq)) | 547 | if (reqlen > sizeof(*pptpReq)) |
548 | reqlen = sizeof(*pptpReq); | 548 | reqlen = sizeof(*pptpReq); |
549 | 549 | ||
550 | pptpReq = skb_header_pointer(*pskb, nexthdr_off, reqlen, &_pptpReq); | 550 | pptpReq = skb_header_pointer(skb, nexthdr_off, reqlen, &_pptpReq); |
551 | if (!pptpReq) | 551 | if (!pptpReq) |
552 | return NF_ACCEPT; | 552 | return NF_ACCEPT; |
553 | 553 | ||
@@ -560,11 +560,11 @@ conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff, | |||
560 | * established from PNS->PAC. However, RFC makes no guarantee */ | 560 | * established from PNS->PAC. However, RFC makes no guarantee */ |
561 | if (dir == IP_CT_DIR_ORIGINAL) | 561 | if (dir == IP_CT_DIR_ORIGINAL) |
562 | /* client -> server (PNS -> PAC) */ | 562 | /* client -> server (PNS -> PAC) */ |
563 | ret = pptp_outbound_pkt(pskb, ctlh, pptpReq, reqlen, ct, | 563 | ret = pptp_outbound_pkt(skb, ctlh, pptpReq, reqlen, ct, |
564 | ctinfo); | 564 | ctinfo); |
565 | else | 565 | else |
566 | /* server -> client (PAC -> PNS) */ | 566 | /* server -> client (PAC -> PNS) */ |
567 | ret = pptp_inbound_pkt(pskb, ctlh, pptpReq, reqlen, ct, | 567 | ret = pptp_inbound_pkt(skb, ctlh, pptpReq, reqlen, ct, |
568 | ctinfo); | 568 | ctinfo); |
569 | pr_debug("sstate: %d->%d, cstate: %d->%d\n", | 569 | pr_debug("sstate: %d->%d, cstate: %d->%d\n", |
570 | oldsstate, info->sstate, oldcstate, info->cstate); | 570 | oldsstate, info->sstate, oldcstate, info->cstate); |
diff --git a/net/netfilter/nf_conntrack_sane.c b/net/netfilter/nf_conntrack_sane.c index 355d371bac9..b5a16c6e21c 100644 --- a/net/netfilter/nf_conntrack_sane.c +++ b/net/netfilter/nf_conntrack_sane.c | |||
@@ -56,7 +56,7 @@ struct sane_reply_net_start { | |||
56 | /* other fields aren't interesting for conntrack */ | 56 | /* other fields aren't interesting for conntrack */ |
57 | }; | 57 | }; |
58 | 58 | ||
59 | static int help(struct sk_buff **pskb, | 59 | static int help(struct sk_buff *skb, |
60 | unsigned int protoff, | 60 | unsigned int protoff, |
61 | struct nf_conn *ct, | 61 | struct nf_conn *ct, |
62 | enum ip_conntrack_info ctinfo) | 62 | enum ip_conntrack_info ctinfo) |
@@ -80,19 +80,19 @@ static int help(struct sk_buff **pskb, | |||
80 | return NF_ACCEPT; | 80 | return NF_ACCEPT; |
81 | 81 | ||
82 | /* Not a full tcp header? */ | 82 | /* Not a full tcp header? */ |
83 | th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); | 83 | th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); |
84 | if (th == NULL) | 84 | if (th == NULL) |
85 | return NF_ACCEPT; | 85 | return NF_ACCEPT; |
86 | 86 | ||
87 | /* No data? */ | 87 | /* No data? */ |
88 | dataoff = protoff + th->doff * 4; | 88 | dataoff = protoff + th->doff * 4; |
89 | if (dataoff >= (*pskb)->len) | 89 | if (dataoff >= skb->len) |
90 | return NF_ACCEPT; | 90 | return NF_ACCEPT; |
91 | 91 | ||
92 | datalen = (*pskb)->len - dataoff; | 92 | datalen = skb->len - dataoff; |
93 | 93 | ||
94 | spin_lock_bh(&nf_sane_lock); | 94 | spin_lock_bh(&nf_sane_lock); |
95 | sb_ptr = skb_header_pointer(*pskb, dataoff, datalen, sane_buffer); | 95 | sb_ptr = skb_header_pointer(skb, dataoff, datalen, sane_buffer); |
96 | BUG_ON(sb_ptr == NULL); | 96 | BUG_ON(sb_ptr == NULL); |
97 | 97 | ||
98 | if (dir == IP_CT_DIR_ORIGINAL) { | 98 | if (dir == IP_CT_DIR_ORIGINAL) { |
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c index d449fa47491..8f8b5a48df3 100644 --- a/net/netfilter/nf_conntrack_sip.c +++ b/net/netfilter/nf_conntrack_sip.c | |||
@@ -36,13 +36,13 @@ static unsigned int sip_timeout __read_mostly = SIP_TIMEOUT; | |||
36 | module_param(sip_timeout, uint, 0600); | 36 | module_param(sip_timeout, uint, 0600); |
37 | MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session"); | 37 | MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session"); |
38 | 38 | ||
39 | unsigned int (*nf_nat_sip_hook)(struct sk_buff **pskb, | 39 | unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb, |
40 | enum ip_conntrack_info ctinfo, | 40 | enum ip_conntrack_info ctinfo, |
41 | struct nf_conn *ct, | 41 | struct nf_conn *ct, |
42 | const char **dptr) __read_mostly; | 42 | const char **dptr) __read_mostly; |
43 | EXPORT_SYMBOL_GPL(nf_nat_sip_hook); | 43 | EXPORT_SYMBOL_GPL(nf_nat_sip_hook); |
44 | 44 | ||
45 | unsigned int (*nf_nat_sdp_hook)(struct sk_buff **pskb, | 45 | unsigned int (*nf_nat_sdp_hook)(struct sk_buff *skb, |
46 | enum ip_conntrack_info ctinfo, | 46 | enum ip_conntrack_info ctinfo, |
47 | struct nf_conntrack_expect *exp, | 47 | struct nf_conntrack_expect *exp, |
48 | const char *dptr) __read_mostly; | 48 | const char *dptr) __read_mostly; |
@@ -363,7 +363,7 @@ int ct_sip_get_info(struct nf_conn *ct, | |||
363 | } | 363 | } |
364 | EXPORT_SYMBOL_GPL(ct_sip_get_info); | 364 | EXPORT_SYMBOL_GPL(ct_sip_get_info); |
365 | 365 | ||
366 | static int set_expected_rtp(struct sk_buff **pskb, | 366 | static int set_expected_rtp(struct sk_buff *skb, |
367 | struct nf_conn *ct, | 367 | struct nf_conn *ct, |
368 | enum ip_conntrack_info ctinfo, | 368 | enum ip_conntrack_info ctinfo, |
369 | union nf_conntrack_address *addr, | 369 | union nf_conntrack_address *addr, |
@@ -385,7 +385,7 @@ static int set_expected_rtp(struct sk_buff **pskb, | |||
385 | 385 | ||
386 | nf_nat_sdp = rcu_dereference(nf_nat_sdp_hook); | 386 | nf_nat_sdp = rcu_dereference(nf_nat_sdp_hook); |
387 | if (nf_nat_sdp && ct->status & IPS_NAT_MASK) | 387 | if (nf_nat_sdp && ct->status & IPS_NAT_MASK) |
388 | ret = nf_nat_sdp(pskb, ctinfo, exp, dptr); | 388 | ret = nf_nat_sdp(skb, ctinfo, exp, dptr); |
389 | else { | 389 | else { |
390 | if (nf_ct_expect_related(exp) != 0) | 390 | if (nf_ct_expect_related(exp) != 0) |
391 | ret = NF_DROP; | 391 | ret = NF_DROP; |
@@ -397,7 +397,7 @@ static int set_expected_rtp(struct sk_buff **pskb, | |||
397 | return ret; | 397 | return ret; |
398 | } | 398 | } |
399 | 399 | ||
400 | static int sip_help(struct sk_buff **pskb, | 400 | static int sip_help(struct sk_buff *skb, |
401 | unsigned int protoff, | 401 | unsigned int protoff, |
402 | struct nf_conn *ct, | 402 | struct nf_conn *ct, |
403 | enum ip_conntrack_info ctinfo) | 403 | enum ip_conntrack_info ctinfo) |
@@ -414,13 +414,13 @@ static int sip_help(struct sk_buff **pskb, | |||
414 | 414 | ||
415 | /* No Data ? */ | 415 | /* No Data ? */ |
416 | dataoff = protoff + sizeof(struct udphdr); | 416 | dataoff = protoff + sizeof(struct udphdr); |
417 | if (dataoff >= (*pskb)->len) | 417 | if (dataoff >= skb->len) |
418 | return NF_ACCEPT; | 418 | return NF_ACCEPT; |
419 | 419 | ||
420 | nf_ct_refresh(ct, *pskb, sip_timeout * HZ); | 420 | nf_ct_refresh(ct, skb, sip_timeout * HZ); |
421 | 421 | ||
422 | if (!skb_is_nonlinear(*pskb)) | 422 | if (!skb_is_nonlinear(skb)) |
423 | dptr = (*pskb)->data + dataoff; | 423 | dptr = skb->data + dataoff; |
424 | else { | 424 | else { |
425 | pr_debug("Copy of skbuff not supported yet.\n"); | 425 | pr_debug("Copy of skbuff not supported yet.\n"); |
426 | goto out; | 426 | goto out; |
@@ -428,13 +428,13 @@ static int sip_help(struct sk_buff **pskb, | |||
428 | 428 | ||
429 | nf_nat_sip = rcu_dereference(nf_nat_sip_hook); | 429 | nf_nat_sip = rcu_dereference(nf_nat_sip_hook); |
430 | if (nf_nat_sip && ct->status & IPS_NAT_MASK) { | 430 | if (nf_nat_sip && ct->status & IPS_NAT_MASK) { |
431 | if (!nf_nat_sip(pskb, ctinfo, ct, &dptr)) { | 431 | if (!nf_nat_sip(skb, ctinfo, ct, &dptr)) { |
432 | ret = NF_DROP; | 432 | ret = NF_DROP; |
433 | goto out; | 433 | goto out; |
434 | } | 434 | } |
435 | } | 435 | } |
436 | 436 | ||
437 | datalen = (*pskb)->len - dataoff; | 437 | datalen = skb->len - dataoff; |
438 | if (datalen < sizeof("SIP/2.0 200") - 1) | 438 | if (datalen < sizeof("SIP/2.0 200") - 1) |
439 | goto out; | 439 | goto out; |
440 | 440 | ||
@@ -464,7 +464,7 @@ static int sip_help(struct sk_buff **pskb, | |||
464 | ret = NF_DROP; | 464 | ret = NF_DROP; |
465 | goto out; | 465 | goto out; |
466 | } | 466 | } |
467 | ret = set_expected_rtp(pskb, ct, ctinfo, &addr, | 467 | ret = set_expected_rtp(skb, ct, ctinfo, &addr, |
468 | htons(port), dptr); | 468 | htons(port), dptr); |
469 | } | 469 | } |
470 | } | 470 | } |
diff --git a/net/netfilter/nf_conntrack_tftp.c b/net/netfilter/nf_conntrack_tftp.c index cc19506cf2f..e894aa1ff3a 100644 --- a/net/netfilter/nf_conntrack_tftp.c +++ b/net/netfilter/nf_conntrack_tftp.c | |||
@@ -29,12 +29,12 @@ static int ports_c; | |||
29 | module_param_array(ports, ushort, &ports_c, 0400); | 29 | module_param_array(ports, ushort, &ports_c, 0400); |
30 | MODULE_PARM_DESC(ports, "Port numbers of TFTP servers"); | 30 | MODULE_PARM_DESC(ports, "Port numbers of TFTP servers"); |
31 | 31 | ||
32 | unsigned int (*nf_nat_tftp_hook)(struct sk_buff **pskb, | 32 | unsigned int (*nf_nat_tftp_hook)(struct sk_buff *skb, |
33 | enum ip_conntrack_info ctinfo, | 33 | enum ip_conntrack_info ctinfo, |
34 | struct nf_conntrack_expect *exp) __read_mostly; | 34 | struct nf_conntrack_expect *exp) __read_mostly; |
35 | EXPORT_SYMBOL_GPL(nf_nat_tftp_hook); | 35 | EXPORT_SYMBOL_GPL(nf_nat_tftp_hook); |
36 | 36 | ||
37 | static int tftp_help(struct sk_buff **pskb, | 37 | static int tftp_help(struct sk_buff *skb, |
38 | unsigned int protoff, | 38 | unsigned int protoff, |
39 | struct nf_conn *ct, | 39 | struct nf_conn *ct, |
40 | enum ip_conntrack_info ctinfo) | 40 | enum ip_conntrack_info ctinfo) |
@@ -46,7 +46,7 @@ static int tftp_help(struct sk_buff **pskb, | |||
46 | int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num; | 46 | int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num; |
47 | typeof(nf_nat_tftp_hook) nf_nat_tftp; | 47 | typeof(nf_nat_tftp_hook) nf_nat_tftp; |
48 | 48 | ||
49 | tfh = skb_header_pointer(*pskb, protoff + sizeof(struct udphdr), | 49 | tfh = skb_header_pointer(skb, protoff + sizeof(struct udphdr), |
50 | sizeof(_tftph), &_tftph); | 50 | sizeof(_tftph), &_tftph); |
51 | if (tfh == NULL) | 51 | if (tfh == NULL) |
52 | return NF_ACCEPT; | 52 | return NF_ACCEPT; |
@@ -70,7 +70,7 @@ static int tftp_help(struct sk_buff **pskb, | |||
70 | 70 | ||
71 | nf_nat_tftp = rcu_dereference(nf_nat_tftp_hook); | 71 | nf_nat_tftp = rcu_dereference(nf_nat_tftp_hook); |
72 | if (nf_nat_tftp && ct->status & IPS_NAT_MASK) | 72 | if (nf_nat_tftp && ct->status & IPS_NAT_MASK) |
73 | ret = nf_nat_tftp(pskb, ctinfo, exp); | 73 | ret = nf_nat_tftp(skb, ctinfo, exp); |
74 | else if (nf_ct_expect_related(exp) != 0) | 74 | else if (nf_ct_expect_related(exp) != 0) |
75 | ret = NF_DROP; | 75 | ret = NF_DROP; |
76 | nf_ct_expect_put(exp); | 76 | nf_ct_expect_put(exp); |
diff --git a/net/netfilter/nf_internals.h b/net/netfilter/nf_internals.h index 0df7fff196a..196269c1e58 100644 --- a/net/netfilter/nf_internals.h +++ b/net/netfilter/nf_internals.h | |||
@@ -14,7 +14,7 @@ | |||
14 | 14 | ||
15 | /* core.c */ | 15 | /* core.c */ |
16 | extern unsigned int nf_iterate(struct list_head *head, | 16 | extern unsigned int nf_iterate(struct list_head *head, |
17 | struct sk_buff **skb, | 17 | struct sk_buff *skb, |
18 | int hook, | 18 | int hook, |
19 | const struct net_device *indev, | 19 | const struct net_device *indev, |
20 | const struct net_device *outdev, | 20 | const struct net_device *outdev, |
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c index a481a349f7b..0cef1433d66 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c | |||
@@ -256,14 +256,14 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info, | |||
256 | 256 | ||
257 | if (verdict == NF_ACCEPT) { | 257 | if (verdict == NF_ACCEPT) { |
258 | afinfo = nf_get_afinfo(info->pf); | 258 | afinfo = nf_get_afinfo(info->pf); |
259 | if (!afinfo || afinfo->reroute(&skb, info) < 0) | 259 | if (!afinfo || afinfo->reroute(skb, info) < 0) |
260 | verdict = NF_DROP; | 260 | verdict = NF_DROP; |
261 | } | 261 | } |
262 | 262 | ||
263 | if (verdict == NF_ACCEPT) { | 263 | if (verdict == NF_ACCEPT) { |
264 | next_hook: | 264 | next_hook: |
265 | verdict = nf_iterate(&nf_hooks[info->pf][info->hook], | 265 | verdict = nf_iterate(&nf_hooks[info->pf][info->hook], |
266 | &skb, info->hook, | 266 | skb, info->hook, |
267 | info->indev, info->outdev, &elem, | 267 | info->indev, info->outdev, &elem, |
268 | info->okfn, INT_MIN); | 268 | info->okfn, INT_MIN); |
269 | } | 269 | } |
diff --git a/net/netfilter/xt_CLASSIFY.c b/net/netfilter/xt_CLASSIFY.c index 07a1b966500..77eeae658d4 100644 --- a/net/netfilter/xt_CLASSIFY.c +++ b/net/netfilter/xt_CLASSIFY.c | |||
@@ -27,7 +27,7 @@ MODULE_ALIAS("ipt_CLASSIFY"); | |||
27 | MODULE_ALIAS("ip6t_CLASSIFY"); | 27 | MODULE_ALIAS("ip6t_CLASSIFY"); |
28 | 28 | ||
29 | static unsigned int | 29 | static unsigned int |
30 | target(struct sk_buff **pskb, | 30 | target(struct sk_buff *skb, |
31 | const struct net_device *in, | 31 | const struct net_device *in, |
32 | const struct net_device *out, | 32 | const struct net_device *out, |
33 | unsigned int hooknum, | 33 | unsigned int hooknum, |
@@ -36,7 +36,7 @@ target(struct sk_buff **pskb, | |||
36 | { | 36 | { |
37 | const struct xt_classify_target_info *clinfo = targinfo; | 37 | const struct xt_classify_target_info *clinfo = targinfo; |
38 | 38 | ||
39 | (*pskb)->priority = clinfo->priority; | 39 | skb->priority = clinfo->priority; |
40 | return XT_CONTINUE; | 40 | return XT_CONTINUE; |
41 | } | 41 | } |
42 | 42 | ||
diff --git a/net/netfilter/xt_CONNMARK.c b/net/netfilter/xt_CONNMARK.c index 7043c2757e0..8cc324b159e 100644 --- a/net/netfilter/xt_CONNMARK.c +++ b/net/netfilter/xt_CONNMARK.c | |||
@@ -34,7 +34,7 @@ MODULE_ALIAS("ip6t_CONNMARK"); | |||
34 | #include <net/netfilter/nf_conntrack_ecache.h> | 34 | #include <net/netfilter/nf_conntrack_ecache.h> |
35 | 35 | ||
36 | static unsigned int | 36 | static unsigned int |
37 | target(struct sk_buff **pskb, | 37 | target(struct sk_buff *skb, |
38 | const struct net_device *in, | 38 | const struct net_device *in, |
39 | const struct net_device *out, | 39 | const struct net_device *out, |
40 | unsigned int hooknum, | 40 | unsigned int hooknum, |
@@ -48,28 +48,28 @@ target(struct sk_buff **pskb, | |||
48 | u_int32_t mark; | 48 | u_int32_t mark; |
49 | u_int32_t newmark; | 49 | u_int32_t newmark; |
50 | 50 | ||
51 | ct = nf_ct_get(*pskb, &ctinfo); | 51 | ct = nf_ct_get(skb, &ctinfo); |
52 | if (ct) { | 52 | if (ct) { |
53 | switch(markinfo->mode) { | 53 | switch(markinfo->mode) { |
54 | case XT_CONNMARK_SET: | 54 | case XT_CONNMARK_SET: |
55 | newmark = (ct->mark & ~markinfo->mask) | markinfo->mark; | 55 | newmark = (ct->mark & ~markinfo->mask) | markinfo->mark; |
56 | if (newmark != ct->mark) { | 56 | if (newmark != ct->mark) { |
57 | ct->mark = newmark; | 57 | ct->mark = newmark; |
58 | nf_conntrack_event_cache(IPCT_MARK, *pskb); | 58 | nf_conntrack_event_cache(IPCT_MARK, skb); |
59 | } | 59 | } |
60 | break; | 60 | break; |
61 | case XT_CONNMARK_SAVE: | 61 | case XT_CONNMARK_SAVE: |
62 | newmark = (ct->mark & ~markinfo->mask) | | 62 | newmark = (ct->mark & ~markinfo->mask) | |
63 | ((*pskb)->mark & markinfo->mask); | 63 | (skb->mark & markinfo->mask); |
64 | if (ct->mark != newmark) { | 64 | if (ct->mark != newmark) { |
65 | ct->mark = newmark; | 65 | ct->mark = newmark; |
66 | nf_conntrack_event_cache(IPCT_MARK, *pskb); | 66 | nf_conntrack_event_cache(IPCT_MARK, skb); |
67 | } | 67 | } |
68 | break; | 68 | break; |
69 | case XT_CONNMARK_RESTORE: | 69 | case XT_CONNMARK_RESTORE: |
70 | mark = (*pskb)->mark; | 70 | mark = skb->mark; |
71 | diff = (ct->mark ^ mark) & markinfo->mask; | 71 | diff = (ct->mark ^ mark) & markinfo->mask; |
72 | (*pskb)->mark = mark ^ diff; | 72 | skb->mark = mark ^ diff; |
73 | break; | 73 | break; |
74 | } | 74 | } |
75 | } | 75 | } |
diff --git a/net/netfilter/xt_CONNSECMARK.c b/net/netfilter/xt_CONNSECMARK.c index 63d73138c1b..021b5c8d20e 100644 --- a/net/netfilter/xt_CONNSECMARK.c +++ b/net/netfilter/xt_CONNSECMARK.c | |||
@@ -61,12 +61,11 @@ static void secmark_restore(struct sk_buff *skb) | |||
61 | } | 61 | } |
62 | } | 62 | } |
63 | 63 | ||
64 | static unsigned int target(struct sk_buff **pskb, const struct net_device *in, | 64 | static unsigned int target(struct sk_buff *skb, const struct net_device *in, |
65 | const struct net_device *out, unsigned int hooknum, | 65 | const struct net_device *out, unsigned int hooknum, |
66 | const struct xt_target *target, | 66 | const struct xt_target *target, |
67 | const void *targinfo) | 67 | const void *targinfo) |
68 | { | 68 | { |
69 | struct sk_buff *skb = *pskb; | ||
70 | const struct xt_connsecmark_target_info *info = targinfo; | 69 | const struct xt_connsecmark_target_info *info = targinfo; |
71 | 70 | ||
72 | switch (info->mode) { | 71 | switch (info->mode) { |
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c index 17066167438..6322a933ab7 100644 --- a/net/netfilter/xt_DSCP.c +++ b/net/netfilter/xt_DSCP.c | |||
@@ -25,7 +25,7 @@ MODULE_LICENSE("GPL"); | |||
25 | MODULE_ALIAS("ipt_DSCP"); | 25 | MODULE_ALIAS("ipt_DSCP"); |
26 | MODULE_ALIAS("ip6t_DSCP"); | 26 | MODULE_ALIAS("ip6t_DSCP"); |
27 | 27 | ||
28 | static unsigned int target(struct sk_buff **pskb, | 28 | static unsigned int target(struct sk_buff *skb, |
29 | const struct net_device *in, | 29 | const struct net_device *in, |
30 | const struct net_device *out, | 30 | const struct net_device *out, |
31 | unsigned int hooknum, | 31 | unsigned int hooknum, |
@@ -33,20 +33,20 @@ static unsigned int target(struct sk_buff **pskb, | |||
33 | const void *targinfo) | 33 | const void *targinfo) |
34 | { | 34 | { |
35 | const struct xt_DSCP_info *dinfo = targinfo; | 35 | const struct xt_DSCP_info *dinfo = targinfo; |
36 | u_int8_t dscp = ipv4_get_dsfield(ip_hdr(*pskb)) >> XT_DSCP_SHIFT; | 36 | u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT; |
37 | 37 | ||
38 | if (dscp != dinfo->dscp) { | 38 | if (dscp != dinfo->dscp) { |
39 | if (!skb_make_writable(*pskb, sizeof(struct iphdr))) | 39 | if (!skb_make_writable(skb, sizeof(struct iphdr))) |
40 | return NF_DROP; | 40 | return NF_DROP; |
41 | 41 | ||
42 | ipv4_change_dsfield(ip_hdr(*pskb), (__u8)(~XT_DSCP_MASK), | 42 | ipv4_change_dsfield(ip_hdr(skb), (__u8)(~XT_DSCP_MASK), |
43 | dinfo->dscp << XT_DSCP_SHIFT); | 43 | dinfo->dscp << XT_DSCP_SHIFT); |
44 | 44 | ||
45 | } | 45 | } |
46 | return XT_CONTINUE; | 46 | return XT_CONTINUE; |
47 | } | 47 | } |
48 | 48 | ||
49 | static unsigned int target6(struct sk_buff **pskb, | 49 | static unsigned int target6(struct sk_buff *skb, |
50 | const struct net_device *in, | 50 | const struct net_device *in, |
51 | const struct net_device *out, | 51 | const struct net_device *out, |
52 | unsigned int hooknum, | 52 | unsigned int hooknum, |
@@ -54,13 +54,13 @@ static unsigned int target6(struct sk_buff **pskb, | |||
54 | const void *targinfo) | 54 | const void *targinfo) |
55 | { | 55 | { |
56 | const struct xt_DSCP_info *dinfo = targinfo; | 56 | const struct xt_DSCP_info *dinfo = targinfo; |
57 | u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(*pskb)) >> XT_DSCP_SHIFT; | 57 | u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT; |
58 | 58 | ||
59 | if (dscp != dinfo->dscp) { | 59 | if (dscp != dinfo->dscp) { |
60 | if (!skb_make_writable(*pskb, sizeof(struct ipv6hdr))) | 60 | if (!skb_make_writable(skb, sizeof(struct ipv6hdr))) |
61 | return NF_DROP; | 61 | return NF_DROP; |
62 | 62 | ||
63 | ipv6_change_dsfield(ipv6_hdr(*pskb), (__u8)(~XT_DSCP_MASK), | 63 | ipv6_change_dsfield(ipv6_hdr(skb), (__u8)(~XT_DSCP_MASK), |
64 | dinfo->dscp << XT_DSCP_SHIFT); | 64 | dinfo->dscp << XT_DSCP_SHIFT); |
65 | } | 65 | } |
66 | return XT_CONTINUE; | 66 | return XT_CONTINUE; |
diff --git a/net/netfilter/xt_MARK.c b/net/netfilter/xt_MARK.c index f30fe0baf7d..bc6503d77d7 100644 --- a/net/netfilter/xt_MARK.c +++ b/net/netfilter/xt_MARK.c | |||
@@ -22,7 +22,7 @@ MODULE_ALIAS("ipt_MARK"); | |||
22 | MODULE_ALIAS("ip6t_MARK"); | 22 | MODULE_ALIAS("ip6t_MARK"); |
23 | 23 | ||
24 | static unsigned int | 24 | static unsigned int |
25 | target_v0(struct sk_buff **pskb, | 25 | target_v0(struct sk_buff *skb, |
26 | const struct net_device *in, | 26 | const struct net_device *in, |
27 | const struct net_device *out, | 27 | const struct net_device *out, |
28 | unsigned int hooknum, | 28 | unsigned int hooknum, |
@@ -31,12 +31,12 @@ target_v0(struct sk_buff **pskb, | |||
31 | { | 31 | { |
32 | const struct xt_mark_target_info *markinfo = targinfo; | 32 | const struct xt_mark_target_info *markinfo = targinfo; |
33 | 33 | ||
34 | (*pskb)->mark = markinfo->mark; | 34 | skb->mark = markinfo->mark; |
35 | return XT_CONTINUE; | 35 | return XT_CONTINUE; |
36 | } | 36 | } |
37 | 37 | ||
38 | static unsigned int | 38 | static unsigned int |
39 | target_v1(struct sk_buff **pskb, | 39 | target_v1(struct sk_buff *skb, |
40 | const struct net_device *in, | 40 | const struct net_device *in, |
41 | const struct net_device *out, | 41 | const struct net_device *out, |
42 | unsigned int hooknum, | 42 | unsigned int hooknum, |
@@ -52,15 +52,15 @@ target_v1(struct sk_buff **pskb, | |||
52 | break; | 52 | break; |
53 | 53 | ||
54 | case XT_MARK_AND: | 54 | case XT_MARK_AND: |
55 | mark = (*pskb)->mark & markinfo->mark; | 55 | mark = skb->mark & markinfo->mark; |
56 | break; | 56 | break; |
57 | 57 | ||
58 | case XT_MARK_OR: | 58 | case XT_MARK_OR: |
59 | mark = (*pskb)->mark | markinfo->mark; | 59 | mark = skb->mark | markinfo->mark; |
60 | break; | 60 | break; |
61 | } | 61 | } |
62 | 62 | ||
63 | (*pskb)->mark = mark; | 63 | skb->mark = mark; |
64 | return XT_CONTINUE; | 64 | return XT_CONTINUE; |
65 | } | 65 | } |
66 | 66 | ||
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c index d3594c7ccb2..9fb449ffbf8 100644 --- a/net/netfilter/xt_NFLOG.c +++ b/net/netfilter/xt_NFLOG.c | |||
@@ -20,7 +20,7 @@ MODULE_ALIAS("ipt_NFLOG"); | |||
20 | MODULE_ALIAS("ip6t_NFLOG"); | 20 | MODULE_ALIAS("ip6t_NFLOG"); |
21 | 21 | ||
22 | static unsigned int | 22 | static unsigned int |
23 | nflog_target(struct sk_buff **pskb, | 23 | nflog_target(struct sk_buff *skb, |
24 | const struct net_device *in, const struct net_device *out, | 24 | const struct net_device *in, const struct net_device *out, |
25 | unsigned int hooknum, const struct xt_target *target, | 25 | unsigned int hooknum, const struct xt_target *target, |
26 | const void *targinfo) | 26 | const void *targinfo) |
@@ -33,7 +33,7 @@ nflog_target(struct sk_buff **pskb, | |||
33 | li.u.ulog.group = info->group; | 33 | li.u.ulog.group = info->group; |
34 | li.u.ulog.qthreshold = info->threshold; | 34 | li.u.ulog.qthreshold = info->threshold; |
35 | 35 | ||
36 | nf_log_packet(target->family, hooknum, *pskb, in, out, &li, | 36 | nf_log_packet(target->family, hooknum, skb, in, out, &li, |
37 | "%s", info->prefix); | 37 | "%s", info->prefix); |
38 | return XT_CONTINUE; | 38 | return XT_CONTINUE; |
39 | } | 39 | } |
diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c index 13f59f3e8c3..c3984e9f766 100644 --- a/net/netfilter/xt_NFQUEUE.c +++ b/net/netfilter/xt_NFQUEUE.c | |||
@@ -24,7 +24,7 @@ MODULE_ALIAS("ip6t_NFQUEUE"); | |||
24 | MODULE_ALIAS("arpt_NFQUEUE"); | 24 | MODULE_ALIAS("arpt_NFQUEUE"); |
25 | 25 | ||
26 | static unsigned int | 26 | static unsigned int |
27 | target(struct sk_buff **pskb, | 27 | target(struct sk_buff *skb, |
28 | const struct net_device *in, | 28 | const struct net_device *in, |
29 | const struct net_device *out, | 29 | const struct net_device *out, |
30 | unsigned int hooknum, | 30 | unsigned int hooknum, |
diff --git a/net/netfilter/xt_NOTRACK.c b/net/netfilter/xt_NOTRACK.c index fec1aefb1c3..4976ce18661 100644 --- a/net/netfilter/xt_NOTRACK.c +++ b/net/netfilter/xt_NOTRACK.c | |||
@@ -12,7 +12,7 @@ MODULE_ALIAS("ipt_NOTRACK"); | |||
12 | MODULE_ALIAS("ip6t_NOTRACK"); | 12 | MODULE_ALIAS("ip6t_NOTRACK"); |
13 | 13 | ||
14 | static unsigned int | 14 | static unsigned int |
15 | target(struct sk_buff **pskb, | 15 | target(struct sk_buff *skb, |
16 | const struct net_device *in, | 16 | const struct net_device *in, |
17 | const struct net_device *out, | 17 | const struct net_device *out, |
18 | unsigned int hooknum, | 18 | unsigned int hooknum, |
@@ -20,16 +20,16 @@ target(struct sk_buff **pskb, | |||
20 | const void *targinfo) | 20 | const void *targinfo) |
21 | { | 21 | { |
22 | /* Previously seen (loopback)? Ignore. */ | 22 | /* Previously seen (loopback)? Ignore. */ |
23 | if ((*pskb)->nfct != NULL) | 23 | if (skb->nfct != NULL) |
24 | return XT_CONTINUE; | 24 | return XT_CONTINUE; |
25 | 25 | ||
26 | /* Attach fake conntrack entry. | 26 | /* Attach fake conntrack entry. |
27 | If there is a real ct entry correspondig to this packet, | 27 | If there is a real ct entry correspondig to this packet, |
28 | it'll hang aroun till timing out. We don't deal with it | 28 | it'll hang aroun till timing out. We don't deal with it |
29 | for performance reasons. JK */ | 29 | for performance reasons. JK */ |
30 | (*pskb)->nfct = &nf_conntrack_untracked.ct_general; | 30 | skb->nfct = &nf_conntrack_untracked.ct_general; |
31 | (*pskb)->nfctinfo = IP_CT_NEW; | 31 | skb->nfctinfo = IP_CT_NEW; |
32 | nf_conntrack_get((*pskb)->nfct); | 32 | nf_conntrack_get(skb->nfct); |
33 | 33 | ||
34 | return XT_CONTINUE; | 34 | return XT_CONTINUE; |
35 | } | 35 | } |
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c index c83779a941a..235806eb6ec 100644 --- a/net/netfilter/xt_SECMARK.c +++ b/net/netfilter/xt_SECMARK.c | |||
@@ -28,7 +28,7 @@ MODULE_ALIAS("ip6t_SECMARK"); | |||
28 | 28 | ||
29 | static u8 mode; | 29 | static u8 mode; |
30 | 30 | ||
31 | static unsigned int target(struct sk_buff **pskb, const struct net_device *in, | 31 | static unsigned int target(struct sk_buff *skb, const struct net_device *in, |
32 | const struct net_device *out, unsigned int hooknum, | 32 | const struct net_device *out, unsigned int hooknum, |
33 | const struct xt_target *target, | 33 | const struct xt_target *target, |
34 | const void *targinfo) | 34 | const void *targinfo) |
@@ -47,7 +47,7 @@ static unsigned int target(struct sk_buff **pskb, const struct net_device *in, | |||
47 | BUG(); | 47 | BUG(); |
48 | } | 48 | } |
49 | 49 | ||
50 | (*pskb)->secmark = secmark; | 50 | skb->secmark = secmark; |
51 | return XT_CONTINUE; | 51 | return XT_CONTINUE; |
52 | } | 52 | } |
53 | 53 | ||
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c index f111edf5f77..07435a602b1 100644 --- a/net/netfilter/xt_TCPMSS.c +++ b/net/netfilter/xt_TCPMSS.c | |||
@@ -39,7 +39,7 @@ optlen(const u_int8_t *opt, unsigned int offset) | |||
39 | } | 39 | } |
40 | 40 | ||
41 | static int | 41 | static int |
42 | tcpmss_mangle_packet(struct sk_buff **pskb, | 42 | tcpmss_mangle_packet(struct sk_buff *skb, |
43 | const struct xt_tcpmss_info *info, | 43 | const struct xt_tcpmss_info *info, |
44 | unsigned int tcphoff, | 44 | unsigned int tcphoff, |
45 | unsigned int minlen) | 45 | unsigned int minlen) |
@@ -50,11 +50,11 @@ tcpmss_mangle_packet(struct sk_buff **pskb, | |||
50 | u16 newmss; | 50 | u16 newmss; |
51 | u8 *opt; | 51 | u8 *opt; |
52 | 52 | ||
53 | if (!skb_make_writable(*pskb, (*pskb)->len)) | 53 | if (!skb_make_writable(skb, skb->len)) |
54 | return -1; | 54 | return -1; |
55 | 55 | ||
56 | tcplen = (*pskb)->len - tcphoff; | 56 | tcplen = skb->len - tcphoff; |
57 | tcph = (struct tcphdr *)(skb_network_header(*pskb) + tcphoff); | 57 | tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff); |
58 | 58 | ||
59 | /* Since it passed flags test in tcp match, we know it is is | 59 | /* Since it passed flags test in tcp match, we know it is is |
60 | not a fragment, and has data >= tcp header length. SYN | 60 | not a fragment, and has data >= tcp header length. SYN |
@@ -64,19 +64,19 @@ tcpmss_mangle_packet(struct sk_buff **pskb, | |||
64 | if (tcplen != tcph->doff*4) { | 64 | if (tcplen != tcph->doff*4) { |
65 | if (net_ratelimit()) | 65 | if (net_ratelimit()) |
66 | printk(KERN_ERR "xt_TCPMSS: bad length (%u bytes)\n", | 66 | printk(KERN_ERR "xt_TCPMSS: bad length (%u bytes)\n", |
67 | (*pskb)->len); | 67 | skb->len); |
68 | return -1; | 68 | return -1; |
69 | } | 69 | } |
70 | 70 | ||
71 | if (info->mss == XT_TCPMSS_CLAMP_PMTU) { | 71 | if (info->mss == XT_TCPMSS_CLAMP_PMTU) { |
72 | if (dst_mtu((*pskb)->dst) <= minlen) { | 72 | if (dst_mtu(skb->dst) <= minlen) { |
73 | if (net_ratelimit()) | 73 | if (net_ratelimit()) |
74 | printk(KERN_ERR "xt_TCPMSS: " | 74 | printk(KERN_ERR "xt_TCPMSS: " |
75 | "unknown or invalid path-MTU (%u)\n", | 75 | "unknown or invalid path-MTU (%u)\n", |
76 | dst_mtu((*pskb)->dst)); | 76 | dst_mtu(skb->dst)); |
77 | return -1; | 77 | return -1; |
78 | } | 78 | } |
79 | newmss = dst_mtu((*pskb)->dst) - minlen; | 79 | newmss = dst_mtu(skb->dst) - minlen; |
80 | } else | 80 | } else |
81 | newmss = info->mss; | 81 | newmss = info->mss; |
82 | 82 | ||
@@ -95,7 +95,7 @@ tcpmss_mangle_packet(struct sk_buff **pskb, | |||
95 | opt[i+2] = (newmss & 0xff00) >> 8; | 95 | opt[i+2] = (newmss & 0xff00) >> 8; |
96 | opt[i+3] = newmss & 0x00ff; | 96 | opt[i+3] = newmss & 0x00ff; |
97 | 97 | ||
98 | nf_proto_csum_replace2(&tcph->check, *pskb, | 98 | nf_proto_csum_replace2(&tcph->check, skb, |
99 | htons(oldmss), htons(newmss), 0); | 99 | htons(oldmss), htons(newmss), 0); |
100 | return 0; | 100 | return 0; |
101 | } | 101 | } |
@@ -104,53 +104,53 @@ tcpmss_mangle_packet(struct sk_buff **pskb, | |||
104 | /* | 104 | /* |
105 | * MSS Option not found ?! add it.. | 105 | * MSS Option not found ?! add it.. |
106 | */ | 106 | */ |
107 | if (skb_tailroom((*pskb)) < TCPOLEN_MSS) { | 107 | if (skb_tailroom(skb) < TCPOLEN_MSS) { |
108 | if (pskb_expand_head(*pskb, 0, | 108 | if (pskb_expand_head(skb, 0, |
109 | TCPOLEN_MSS - skb_tailroom(*pskb), | 109 | TCPOLEN_MSS - skb_tailroom(skb), |
110 | GFP_ATOMIC)) | 110 | GFP_ATOMIC)) |
111 | return -1; | 111 | return -1; |
112 | tcph = (struct tcphdr *)(skb_network_header(*pskb) + tcphoff); | 112 | tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff); |
113 | } | 113 | } |
114 | 114 | ||
115 | skb_put((*pskb), TCPOLEN_MSS); | 115 | skb_put(skb, TCPOLEN_MSS); |
116 | 116 | ||
117 | opt = (u_int8_t *)tcph + sizeof(struct tcphdr); | 117 | opt = (u_int8_t *)tcph + sizeof(struct tcphdr); |
118 | memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr)); | 118 | memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr)); |
119 | 119 | ||
120 | nf_proto_csum_replace2(&tcph->check, *pskb, | 120 | nf_proto_csum_replace2(&tcph->check, skb, |
121 | htons(tcplen), htons(tcplen + TCPOLEN_MSS), 1); | 121 | htons(tcplen), htons(tcplen + TCPOLEN_MSS), 1); |
122 | opt[0] = TCPOPT_MSS; | 122 | opt[0] = TCPOPT_MSS; |
123 | opt[1] = TCPOLEN_MSS; | 123 | opt[1] = TCPOLEN_MSS; |
124 | opt[2] = (newmss & 0xff00) >> 8; | 124 | opt[2] = (newmss & 0xff00) >> 8; |
125 | opt[3] = newmss & 0x00ff; | 125 | opt[3] = newmss & 0x00ff; |
126 | 126 | ||
127 | nf_proto_csum_replace4(&tcph->check, *pskb, 0, *((__be32 *)opt), 0); | 127 | nf_proto_csum_replace4(&tcph->check, skb, 0, *((__be32 *)opt), 0); |
128 | 128 | ||
129 | oldval = ((__be16 *)tcph)[6]; | 129 | oldval = ((__be16 *)tcph)[6]; |
130 | tcph->doff += TCPOLEN_MSS/4; | 130 | tcph->doff += TCPOLEN_MSS/4; |
131 | nf_proto_csum_replace2(&tcph->check, *pskb, | 131 | nf_proto_csum_replace2(&tcph->check, skb, |
132 | oldval, ((__be16 *)tcph)[6], 0); | 132 | oldval, ((__be16 *)tcph)[6], 0); |
133 | return TCPOLEN_MSS; | 133 | return TCPOLEN_MSS; |
134 | } | 134 | } |
135 | 135 | ||
136 | static unsigned int | 136 | static unsigned int |
137 | xt_tcpmss_target4(struct sk_buff **pskb, | 137 | xt_tcpmss_target4(struct sk_buff *skb, |
138 | const struct net_device *in, | 138 | const struct net_device *in, |
139 | const struct net_device *out, | 139 | const struct net_device *out, |
140 | unsigned int hooknum, | 140 | unsigned int hooknum, |
141 | const struct xt_target *target, | 141 | const struct xt_target *target, |
142 | const void *targinfo) | 142 | const void *targinfo) |
143 | { | 143 | { |
144 | struct iphdr *iph = ip_hdr(*pskb); | 144 | struct iphdr *iph = ip_hdr(skb); |
145 | __be16 newlen; | 145 | __be16 newlen; |
146 | int ret; | 146 | int ret; |
147 | 147 | ||
148 | ret = tcpmss_mangle_packet(pskb, targinfo, iph->ihl * 4, | 148 | ret = tcpmss_mangle_packet(skb, targinfo, iph->ihl * 4, |
149 | sizeof(*iph) + sizeof(struct tcphdr)); | 149 | sizeof(*iph) + sizeof(struct tcphdr)); |
150 | if (ret < 0) | 150 | if (ret < 0) |
151 | return NF_DROP; | 151 | return NF_DROP; |
152 | if (ret > 0) { | 152 | if (ret > 0) { |
153 | iph = ip_hdr(*pskb); | 153 | iph = ip_hdr(skb); |
154 | newlen = htons(ntohs(iph->tot_len) + ret); | 154 | newlen = htons(ntohs(iph->tot_len) + ret); |
155 | nf_csum_replace2(&iph->check, iph->tot_len, newlen); | 155 | nf_csum_replace2(&iph->check, iph->tot_len, newlen); |
156 | iph->tot_len = newlen; | 156 | iph->tot_len = newlen; |
@@ -160,30 +160,30 @@ xt_tcpmss_target4(struct sk_buff **pskb, | |||
160 | 160 | ||
161 | #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) | 161 | #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) |
162 | static unsigned int | 162 | static unsigned int |
163 | xt_tcpmss_target6(struct sk_buff **pskb, | 163 | xt_tcpmss_target6(struct sk_buff *skb, |
164 | const struct net_device *in, | 164 | const struct net_device *in, |
165 | const struct net_device *out, | 165 | const struct net_device *out, |
166 | unsigned int hooknum, | 166 | unsigned int hooknum, |
167 | const struct xt_target *target, | 167 | const struct xt_target *target, |
168 | const void *targinfo) | 168 | const void *targinfo) |
169 | { | 169 | { |
170 | struct ipv6hdr *ipv6h = ipv6_hdr(*pskb); | 170 | struct ipv6hdr *ipv6h = ipv6_hdr(skb); |
171 | u8 nexthdr; | 171 | u8 nexthdr; |
172 | int tcphoff; | 172 | int tcphoff; |
173 | int ret; | 173 | int ret; |
174 | 174 | ||
175 | nexthdr = ipv6h->nexthdr; | 175 | nexthdr = ipv6h->nexthdr; |
176 | tcphoff = ipv6_skip_exthdr(*pskb, sizeof(*ipv6h), &nexthdr); | 176 | tcphoff = ipv6_skip_exthdr(skb, sizeof(*ipv6h), &nexthdr); |
177 | if (tcphoff < 0) { | 177 | if (tcphoff < 0) { |
178 | WARN_ON(1); | 178 | WARN_ON(1); |
179 | return NF_DROP; | 179 | return NF_DROP; |
180 | } | 180 | } |
181 | ret = tcpmss_mangle_packet(pskb, targinfo, tcphoff, | 181 | ret = tcpmss_mangle_packet(skb, targinfo, tcphoff, |
182 | sizeof(*ipv6h) + sizeof(struct tcphdr)); | 182 | sizeof(*ipv6h) + sizeof(struct tcphdr)); |
183 | if (ret < 0) | 183 | if (ret < 0) |
184 | return NF_DROP; | 184 | return NF_DROP; |
185 | if (ret > 0) { | 185 | if (ret > 0) { |
186 | ipv6h = ipv6_hdr(*pskb); | 186 | ipv6h = ipv6_hdr(skb); |
187 | ipv6h->payload_len = htons(ntohs(ipv6h->payload_len) + ret); | 187 | ipv6h->payload_len = htons(ntohs(ipv6h->payload_len) + ret); |
188 | } | 188 | } |
189 | return XT_CONTINUE; | 189 | return XT_CONTINUE; |
diff --git a/net/netfilter/xt_TRACE.c b/net/netfilter/xt_TRACE.c index 4df2dedcc0b..26c5d08ab2c 100644 --- a/net/netfilter/xt_TRACE.c +++ b/net/netfilter/xt_TRACE.c | |||
@@ -10,14 +10,14 @@ MODULE_ALIAS("ipt_TRACE"); | |||
10 | MODULE_ALIAS("ip6t_TRACE"); | 10 | MODULE_ALIAS("ip6t_TRACE"); |
11 | 11 | ||
12 | static unsigned int | 12 | static unsigned int |
13 | target(struct sk_buff **pskb, | 13 | target(struct sk_buff *skb, |
14 | const struct net_device *in, | 14 | const struct net_device *in, |
15 | const struct net_device *out, | 15 | const struct net_device *out, |
16 | unsigned int hooknum, | 16 | unsigned int hooknum, |
17 | const struct xt_target *target, | 17 | const struct xt_target *target, |
18 | const void *targinfo) | 18 | const void *targinfo) |
19 | { | 19 | { |
20 | (*pskb)->nf_trace = 1; | 20 | skb->nf_trace = 1; |
21 | return XT_CONTINUE; | 21 | return XT_CONTINUE; |
22 | } | 22 | } |
23 | 23 | ||
diff --git a/net/sched/act_ipt.c b/net/sched/act_ipt.c index 6b407ece953..fa006e06ce3 100644 --- a/net/sched/act_ipt.c +++ b/net/sched/act_ipt.c | |||
@@ -202,11 +202,7 @@ static int tcf_ipt(struct sk_buff *skb, struct tc_action *a, | |||
202 | /* yes, we have to worry about both in and out dev | 202 | /* yes, we have to worry about both in and out dev |
203 | worry later - danger - this API seems to have changed | 203 | worry later - danger - this API seems to have changed |
204 | from earlier kernels */ | 204 | from earlier kernels */ |
205 | 205 | ret = ipt->tcfi_t->u.kernel.target->target(skb, skb->dev, NULL, | |
206 | /* iptables targets take a double skb pointer in case the skb | ||
207 | * needs to be replaced. We don't own the skb, so this must not | ||
208 | * happen. The pskb_expand_head above should make sure of this */ | ||
209 | ret = ipt->tcfi_t->u.kernel.target->target(&skb, skb->dev, NULL, | ||
210 | ipt->tcfi_hook, | 206 | ipt->tcfi_hook, |
211 | ipt->tcfi_t->u.kernel.target, | 207 | ipt->tcfi_t->u.kernel.target, |
212 | ipt->tcfi_t->data); | 208 | ipt->tcfi_t->data); |
diff --git a/net/sched/sch_ingress.c b/net/sched/sch_ingress.c index 2d32fd27496..3f8335e6ea2 100644 --- a/net/sched/sch_ingress.c +++ b/net/sched/sch_ingress.c | |||
@@ -205,20 +205,19 @@ static unsigned int ingress_drop(struct Qdisc *sch) | |||
205 | #ifndef CONFIG_NET_CLS_ACT | 205 | #ifndef CONFIG_NET_CLS_ACT |
206 | #ifdef CONFIG_NETFILTER | 206 | #ifdef CONFIG_NETFILTER |
207 | static unsigned int | 207 | static unsigned int |
208 | ing_hook(unsigned int hook, struct sk_buff **pskb, | 208 | ing_hook(unsigned int hook, struct sk_buff *skb, |
209 | const struct net_device *indev, | 209 | const struct net_device *indev, |
210 | const struct net_device *outdev, | 210 | const struct net_device *outdev, |
211 | int (*okfn)(struct sk_buff *)) | 211 | int (*okfn)(struct sk_buff *)) |
212 | { | 212 | { |
213 | 213 | ||
214 | struct Qdisc *q; | 214 | struct Qdisc *q; |
215 | struct sk_buff *skb = *pskb; | ||
216 | struct net_device *dev = skb->dev; | 215 | struct net_device *dev = skb->dev; |
217 | int fwres=NF_ACCEPT; | 216 | int fwres=NF_ACCEPT; |
218 | 217 | ||
219 | DPRINTK("ing_hook: skb %s dev=%s len=%u\n", | 218 | DPRINTK("ing_hook: skb %s dev=%s len=%u\n", |
220 | skb->sk ? "(owned)" : "(unowned)", | 219 | skb->sk ? "(owned)" : "(unowned)", |
221 | skb->dev ? (*pskb)->dev->name : "(no dev)", | 220 | skb->dev ? skb->dev->name : "(no dev)", |
222 | skb->len); | 221 | skb->len); |
223 | 222 | ||
224 | if (dev->qdisc_ingress) { | 223 | if (dev->qdisc_ingress) { |