[NETFILTER]: nf_conntrack: add nf_copy() to safely copy members in skb

This unifies the codes to copy netfilter related datas. Before copying, nf_copy() puts original members in destination skb. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> 2007-03-14 19:44:01 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2007-04-26 01:25:55 -0400
commit: e7ac05f3407a3fb5a1b2ff5d5554899eaa0a10a3 (patch)
tree: d8360ce670e1a60110ef6ddff20399129c51eefc
parent: edda553c324bdc5bb5c2d553b524cab37058a855 (diff)
3 files changed, 15 insertions, 29 deletions
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 62ab1ab07028..47c57be97d43 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -1514,9 +1514,22 @@ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src)
 #endif
 }
+static inline void nf_copy(struct sk_buff *dst, const struct sk_buff *src)
+{
+        nf_conntrack_put(dst->nfct);
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+        nf_conntrack_put_reasm(dst->nfct_reasm);
+#endif
+#ifdef CONFIG_BRIDGE_NETFILTER
+        nf_bridge_put(dst->nf_bridge);
+#endif
+        __nf_copy(dst, src);
+}
 #else /* CONFIG_NETFILTER */
 static inline void nf_reset(struct sk_buff *skb) {}
 static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src) {}
+static inline void nf_copy(struct sk_buff *dst, const struct sk_buff *src) {}
 #endif /* CONFIG_NETFILTER */
 #ifdef CONFIG_NETWORK_SECMARK
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 11029b9d4cf7..11ab100d6c6c 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -384,21 +384,10 @@ static void ip_copy_metadata(struct sk_buff *to, struct sk_buff *from)
 #ifdef CONFIG_NET_SCHED
        to->tc_index = from->tc_index;
 #endif
-#ifdef CONFIG_NETFILTER
+        nf_copy(to, from);
-        /* Connection association is same as pre-frag packet */
-        nf_conntrack_put(to->nfct);
-        to->nfct = from->nfct;
-        nf_conntrack_get(to->nfct);
-        to->nfctinfo = from->nfctinfo;
 #if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
        to->ipvs_property = from->ipvs_property;
 #endif
-#ifdef CONFIG_BRIDGE_NETFILTER
-        nf_bridge_put(to->nf_bridge);
-        to->nf_bridge = from->nf_bridge;
-        nf_bridge_get(to->nf_bridge);
-#endif
-#endif
        skb_copy_secmark(to, from);
 }
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 0f4434eff66a..49523c2a9f10 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -504,23 +504,7 @@ static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
 #ifdef CONFIG_NET_SCHED
        to->tc_index = from->tc_index;
 #endif
-#ifdef CONFIG_NETFILTER
+        nf_copy(to, from);
-        /* Connection association is same as pre-frag packet */
-        nf_conntrack_put(to->nfct);
-        to->nfct = from->nfct;
-        nf_conntrack_get(to->nfct);
-        to->nfctinfo = from->nfctinfo;
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
-        nf_conntrack_put_reasm(to->nfct_reasm);
-        to->nfct_reasm = from->nfct_reasm;
-        nf_conntrack_get_reasm(to->nfct_reasm);
-#endif
-#ifdef CONFIG_BRIDGE_NETFILTER
-        nf_bridge_put(to->nf_bridge);
-        to->nf_bridge = from->nf_bridge;
-        nf_bridge_get(to->nf_bridge);
-#endif
-#endif
        skb_copy_secmark(to, from);
 }
author	Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>	2007-03-14 19:44:01 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2007-04-26 01:25:55 -0400
commit	e7ac05f3407a3fb5a1b2ff5d5554899eaa0a10a3 (patch)
tree	d8360ce670e1a60110ef6ddff20399129c51eefc
parent	edda553c324bdc5bb5c2d553b524cab37058a855 (diff)