aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2007-10-15 03:53:15 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-15 15:26:29 -0400
commit3db05fea51cdb162cfa8f69e9cfb9e228919d2a9 (patch)
tree0d0e4c18cdf2dcb7321035f6614628a2ddfb502d /net/ipv4
parent2ca7b0ac022aa0158599178fe1056b1ba9ec8b97 (diff)
[NETFILTER]: Replace sk_buff ** with sk_buff *
With all the users of the double pointers removed, this patch mops up by finally replacing all occurances of sk_buff ** in the netfilter API by sk_buff *. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/ipvs/ip_vs_app.c32
-rw-r--r--net/ipv4/ipvs/ip_vs_core.c36
-rw-r--r--net/ipv4/ipvs/ip_vs_ftp.c18
-rw-r--r--net/ipv4/ipvs/ip_vs_proto_tcp.c50
-rw-r--r--net/ipv4/ipvs/ip_vs_proto_udp.c50
-rw-r--r--net/ipv4/ipvs/ip_vs_xmit.c2
-rw-r--r--net/ipv4/netfilter.c58
-rw-r--r--net/ipv4/netfilter/arp_tables.c20
-rw-r--r--net/ipv4/netfilter/arpt_mangle.c16
-rw-r--r--net/ipv4/netfilter/arptable_filter.c4
-rw-r--r--net/ipv4/netfilter/ip_tables.c20
-rw-r--r--net/ipv4/netfilter/ipt_CLUSTERIP.c14
-rw-r--r--net/ipv4/netfilter/ipt_ECN.c27
-rw-r--r--net/ipv4/netfilter/ipt_LOG.c4
-rw-r--r--net/ipv4/netfilter/ipt_MASQUERADE.c6
-rw-r--r--net/ipv4/netfilter/ipt_NETMAP.c8
-rw-r--r--net/ipv4/netfilter/ipt_REDIRECT.c6
-rw-r--r--net/ipv4/netfilter/ipt_REJECT.c22
-rw-r--r--net/ipv4/netfilter/ipt_SAME.c4
-rw-r--r--net/ipv4/netfilter/ipt_TOS.c8
-rw-r--r--net/ipv4/netfilter/ipt_TTL.c6
-rw-r--r--net/ipv4/netfilter/ipt_ULOG.c4
-rw-r--r--net/ipv4/netfilter/iptable_filter.c12
-rw-r--r--net/ipv4/netfilter/iptable_mangle.c22
-rw-r--r--net/ipv4/netfilter/iptable_raw.c12
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c30
-rw-r--r--net/ipv4/netfilter/nf_nat_amanda.c4
-rw-r--r--net/ipv4/netfilter/nf_nat_core.c50
-rw-r--r--net/ipv4/netfilter/nf_nat_ftp.c18
-rw-r--r--net/ipv4/netfilter/nf_nat_h323.c58
-rw-r--r--net/ipv4/netfilter/nf_nat_helper.c110
-rw-r--r--net/ipv4/netfilter/nf_nat_irc.c4
-rw-r--r--net/ipv4/netfilter/nf_nat_pptp.c8
-rw-r--r--net/ipv4/netfilter/nf_nat_proto_gre.c8
-rw-r--r--net/ipv4/netfilter/nf_nat_proto_icmp.c10
-rw-r--r--net/ipv4/netfilter/nf_nat_proto_tcp.c16
-rw-r--r--net/ipv4/netfilter/nf_nat_proto_udp.c16
-rw-r--r--net/ipv4/netfilter/nf_nat_proto_unknown.c2
-rw-r--r--net/ipv4/netfilter/nf_nat_rule.c14
-rw-r--r--net/ipv4/netfilter/nf_nat_sip.c56
-rw-r--r--net/ipv4/netfilter/nf_nat_snmp_basic.c14
-rw-r--r--net/ipv4/netfilter/nf_nat_standalone.c62
-rw-r--r--net/ipv4/netfilter/nf_nat_tftp.c2
-rw-r--r--net/ipv4/xfrm4_output.c4
44 files changed, 463 insertions, 484 deletions
diff --git a/net/ipv4/ipvs/ip_vs_app.c b/net/ipv4/ipvs/ip_vs_app.c
index 8ca5f4806a63..664cb8e97c1c 100644
--- a/net/ipv4/ipvs/ip_vs_app.c
+++ b/net/ipv4/ipvs/ip_vs_app.c
@@ -329,18 +329,18 @@ static inline void vs_seq_update(struct ip_vs_conn *cp, struct ip_vs_seq *vseq,
329 spin_unlock(&cp->lock); 329 spin_unlock(&cp->lock);
330} 330}
331 331
332static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb, 332static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff *skb,
333 struct ip_vs_app *app) 333 struct ip_vs_app *app)
334{ 334{
335 int diff; 335 int diff;
336 const unsigned int tcp_offset = ip_hdrlen(*pskb); 336 const unsigned int tcp_offset = ip_hdrlen(skb);
337 struct tcphdr *th; 337 struct tcphdr *th;
338 __u32 seq; 338 __u32 seq;
339 339
340 if (!skb_make_writable(*pskb, tcp_offset + sizeof(*th))) 340 if (!skb_make_writable(skb, tcp_offset + sizeof(*th)))
341 return 0; 341 return 0;
342 342
343 th = (struct tcphdr *)(skb_network_header(*pskb) + tcp_offset); 343 th = (struct tcphdr *)(skb_network_header(skb) + tcp_offset);
344 344
345 /* 345 /*
346 * Remember seq number in case this pkt gets resized 346 * Remember seq number in case this pkt gets resized
@@ -361,7 +361,7 @@ static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb,
361 if (app->pkt_out == NULL) 361 if (app->pkt_out == NULL)
362 return 1; 362 return 1;
363 363
364 if (!app->pkt_out(app, cp, pskb, &diff)) 364 if (!app->pkt_out(app, cp, skb, &diff))
365 return 0; 365 return 0;
366 366
367 /* 367 /*
@@ -379,7 +379,7 @@ static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb,
379 * called by ipvs packet handler, assumes previously checked cp!=NULL 379 * called by ipvs packet handler, assumes previously checked cp!=NULL
380 * returns false if it can't handle packet (oom) 380 * returns false if it can't handle packet (oom)
381 */ 381 */
382int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb) 382int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff *skb)
383{ 383{
384 struct ip_vs_app *app; 384 struct ip_vs_app *app;
385 385
@@ -392,7 +392,7 @@ int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb)
392 392
393 /* TCP is complicated */ 393 /* TCP is complicated */
394 if (cp->protocol == IPPROTO_TCP) 394 if (cp->protocol == IPPROTO_TCP)
395 return app_tcp_pkt_out(cp, pskb, app); 395 return app_tcp_pkt_out(cp, skb, app);
396 396
397 /* 397 /*
398 * Call private output hook function 398 * Call private output hook function
@@ -400,22 +400,22 @@ int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb)
400 if (app->pkt_out == NULL) 400 if (app->pkt_out == NULL)
401 return 1; 401 return 1;
402 402
403 return app->pkt_out(app, cp, pskb, NULL); 403 return app->pkt_out(app, cp, skb, NULL);
404} 404}
405 405
406 406
407static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb, 407static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff *skb,
408 struct ip_vs_app *app) 408 struct ip_vs_app *app)
409{ 409{
410 int diff; 410 int diff;
411 const unsigned int tcp_offset = ip_hdrlen(*pskb); 411 const unsigned int tcp_offset = ip_hdrlen(skb);
412 struct tcphdr *th; 412 struct tcphdr *th;
413 __u32 seq; 413 __u32 seq;
414 414
415 if (!skb_make_writable(*pskb, tcp_offset + sizeof(*th))) 415 if (!skb_make_writable(skb, tcp_offset + sizeof(*th)))
416 return 0; 416 return 0;
417 417
418 th = (struct tcphdr *)(skb_network_header(*pskb) + tcp_offset); 418 th = (struct tcphdr *)(skb_network_header(skb) + tcp_offset);
419 419
420 /* 420 /*
421 * Remember seq number in case this pkt gets resized 421 * Remember seq number in case this pkt gets resized
@@ -436,7 +436,7 @@ static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb,
436 if (app->pkt_in == NULL) 436 if (app->pkt_in == NULL)
437 return 1; 437 return 1;
438 438
439 if (!app->pkt_in(app, cp, pskb, &diff)) 439 if (!app->pkt_in(app, cp, skb, &diff))
440 return 0; 440 return 0;
441 441
442 /* 442 /*
@@ -454,7 +454,7 @@ static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb,
454 * called by ipvs packet handler, assumes previously checked cp!=NULL. 454 * called by ipvs packet handler, assumes previously checked cp!=NULL.
455 * returns false if can't handle packet (oom). 455 * returns false if can't handle packet (oom).
456 */ 456 */
457int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb) 457int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff *skb)
458{ 458{
459 struct ip_vs_app *app; 459 struct ip_vs_app *app;
460 460
@@ -467,7 +467,7 @@ int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb)
467 467
468 /* TCP is complicated */ 468 /* TCP is complicated */
469 if (cp->protocol == IPPROTO_TCP) 469 if (cp->protocol == IPPROTO_TCP)
470 return app_tcp_pkt_in(cp, pskb, app); 470 return app_tcp_pkt_in(cp, skb, app);
471 471
472 /* 472 /*
473 * Call private input hook function 473 * Call private input hook function
@@ -475,7 +475,7 @@ int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb)
475 if (app->pkt_in == NULL) 475 if (app->pkt_in == NULL)
476 return 1; 476 return 1;
477 477
478 return app->pkt_in(app, cp, pskb, NULL); 478 return app->pkt_in(app, cp, skb, NULL);
479} 479}
480 480
481 481
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
index 09cac38580fe..c6ed7654e839 100644
--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -488,12 +488,12 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
488 * for VS/NAT. 488 * for VS/NAT.
489 */ 489 */
490static unsigned int ip_vs_post_routing(unsigned int hooknum, 490static unsigned int ip_vs_post_routing(unsigned int hooknum,
491 struct sk_buff **pskb, 491 struct sk_buff *skb,
492 const struct net_device *in, 492 const struct net_device *in,
493 const struct net_device *out, 493 const struct net_device *out,
494 int (*okfn)(struct sk_buff *)) 494 int (*okfn)(struct sk_buff *))
495{ 495{
496 if (!((*pskb)->ipvs_property)) 496 if (!skb->ipvs_property)
497 return NF_ACCEPT; 497 return NF_ACCEPT;
498 /* The packet was sent from IPVS, exit this chain */ 498 /* The packet was sent from IPVS, exit this chain */
499 return NF_STOP; 499 return NF_STOP;
@@ -569,9 +569,8 @@ void ip_vs_nat_icmp(struct sk_buff *skb, struct ip_vs_protocol *pp,
569 * Currently handles error types - unreachable, quench, ttl exceeded. 569 * Currently handles error types - unreachable, quench, ttl exceeded.
570 * (Only used in VS/NAT) 570 * (Only used in VS/NAT)
571 */ 571 */
572static int ip_vs_out_icmp(struct sk_buff **pskb, int *related) 572static int ip_vs_out_icmp(struct sk_buff *skb, int *related)
573{ 573{
574 struct sk_buff *skb = *pskb;
575 struct iphdr *iph; 574 struct iphdr *iph;
576 struct icmphdr _icmph, *ic; 575 struct icmphdr _icmph, *ic;
577 struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ 576 struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */
@@ -685,11 +684,10 @@ static inline int is_tcp_reset(const struct sk_buff *skb)
685 * rewrite addresses of the packet and send it on its way... 684 * rewrite addresses of the packet and send it on its way...
686 */ 685 */
687static unsigned int 686static unsigned int
688ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, 687ip_vs_out(unsigned int hooknum, struct sk_buff *skb,
689 const struct net_device *in, const struct net_device *out, 688 const struct net_device *in, const struct net_device *out,
690 int (*okfn)(struct sk_buff *)) 689 int (*okfn)(struct sk_buff *))
691{ 690{
692 struct sk_buff *skb = *pskb;
693 struct iphdr *iph; 691 struct iphdr *iph;
694 struct ip_vs_protocol *pp; 692 struct ip_vs_protocol *pp;
695 struct ip_vs_conn *cp; 693 struct ip_vs_conn *cp;
@@ -702,11 +700,10 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
702 700
703 iph = ip_hdr(skb); 701 iph = ip_hdr(skb);
704 if (unlikely(iph->protocol == IPPROTO_ICMP)) { 702 if (unlikely(iph->protocol == IPPROTO_ICMP)) {
705 int related, verdict = ip_vs_out_icmp(pskb, &related); 703 int related, verdict = ip_vs_out_icmp(skb, &related);
706 704
707 if (related) 705 if (related)
708 return verdict; 706 return verdict;
709 skb = *pskb;
710 iph = ip_hdr(skb); 707 iph = ip_hdr(skb);
711 } 708 }
712 709
@@ -765,9 +762,8 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
765 goto drop; 762 goto drop;
766 763
767 /* mangle the packet */ 764 /* mangle the packet */
768 if (pp->snat_handler && !pp->snat_handler(pskb, pp, cp)) 765 if (pp->snat_handler && !pp->snat_handler(skb, pp, cp))
769 goto drop; 766 goto drop;
770 skb = *pskb;
771 ip_hdr(skb)->saddr = cp->vaddr; 767 ip_hdr(skb)->saddr = cp->vaddr;
772 ip_send_check(ip_hdr(skb)); 768 ip_send_check(ip_hdr(skb));
773 769
@@ -777,9 +773,8 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
777 * if it came from this machine itself. So re-compute 773 * if it came from this machine itself. So re-compute
778 * the routing information. 774 * the routing information.
779 */ 775 */
780 if (ip_route_me_harder(pskb, RTN_LOCAL) != 0) 776 if (ip_route_me_harder(skb, RTN_LOCAL) != 0)
781 goto drop; 777 goto drop;
782 skb = *pskb;
783 778
784 IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT"); 779 IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT");
785 780
@@ -794,7 +789,7 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
794 789
795 drop: 790 drop:
796 ip_vs_conn_put(cp); 791 ip_vs_conn_put(cp);
797 kfree_skb(*pskb); 792 kfree_skb(skb);
798 return NF_STOLEN; 793 return NF_STOLEN;
799} 794}
800 795
@@ -806,9 +801,8 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
806 * Currently handles error types - unreachable, quench, ttl exceeded. 801 * Currently handles error types - unreachable, quench, ttl exceeded.
807 */ 802 */
808static int 803static int
809ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum) 804ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum)
810{ 805{
811 struct sk_buff *skb = *pskb;
812 struct iphdr *iph; 806 struct iphdr *iph;
813 struct icmphdr _icmph, *ic; 807 struct icmphdr _icmph, *ic;
814 struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ 808 struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */
@@ -901,11 +895,10 @@ ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum)
901 * and send it on its way... 895 * and send it on its way...
902 */ 896 */
903static unsigned int 897static unsigned int
904ip_vs_in(unsigned int hooknum, struct sk_buff **pskb, 898ip_vs_in(unsigned int hooknum, struct sk_buff *skb,
905 const struct net_device *in, const struct net_device *out, 899 const struct net_device *in, const struct net_device *out,
906 int (*okfn)(struct sk_buff *)) 900 int (*okfn)(struct sk_buff *))
907{ 901{
908 struct sk_buff *skb = *pskb;
909 struct iphdr *iph; 902 struct iphdr *iph;
910 struct ip_vs_protocol *pp; 903 struct ip_vs_protocol *pp;
911 struct ip_vs_conn *cp; 904 struct ip_vs_conn *cp;
@@ -927,11 +920,10 @@ ip_vs_in(unsigned int hooknum, struct sk_buff **pskb,
927 920
928 iph = ip_hdr(skb); 921 iph = ip_hdr(skb);
929 if (unlikely(iph->protocol == IPPROTO_ICMP)) { 922 if (unlikely(iph->protocol == IPPROTO_ICMP)) {
930 int related, verdict = ip_vs_in_icmp(pskb, &related, hooknum); 923 int related, verdict = ip_vs_in_icmp(skb, &related, hooknum);
931 924
932 if (related) 925 if (related)
933 return verdict; 926 return verdict;
934 skb = *pskb;
935 iph = ip_hdr(skb); 927 iph = ip_hdr(skb);
936 } 928 }
937 929
@@ -1012,16 +1004,16 @@ ip_vs_in(unsigned int hooknum, struct sk_buff **pskb,
1012 * and send them to ip_vs_in_icmp. 1004 * and send them to ip_vs_in_icmp.
1013 */ 1005 */
1014static unsigned int 1006static unsigned int
1015ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff **pskb, 1007ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff *skb,
1016 const struct net_device *in, const struct net_device *out, 1008 const struct net_device *in, const struct net_device *out,
1017 int (*okfn)(struct sk_buff *)) 1009 int (*okfn)(struct sk_buff *))
1018{ 1010{
1019 int r; 1011 int r;
1020 1012
1021 if (ip_hdr(*pskb)->protocol != IPPROTO_ICMP) 1013 if (ip_hdr(skb)->protocol != IPPROTO_ICMP)
1022 return NF_ACCEPT; 1014 return NF_ACCEPT;
1023 1015
1024 return ip_vs_in_icmp(pskb, &r, hooknum); 1016 return ip_vs_in_icmp(skb, &r, hooknum);
1025} 1017}
1026 1018
1027 1019
diff --git a/net/ipv4/ipvs/ip_vs_ftp.c b/net/ipv4/ipvs/ip_vs_ftp.c
index 4167d419b666..59aa166b7678 100644
--- a/net/ipv4/ipvs/ip_vs_ftp.c
+++ b/net/ipv4/ipvs/ip_vs_ftp.c
@@ -136,7 +136,7 @@ static int ip_vs_ftp_get_addrport(char *data, char *data_limit,
136 * xxx,xxx,xxx,xxx is the server address, ppp,ppp is the server port number. 136 * xxx,xxx,xxx,xxx is the server address, ppp,ppp is the server port number.
137 */ 137 */
138static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp, 138static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
139 struct sk_buff **pskb, int *diff) 139 struct sk_buff *skb, int *diff)
140{ 140{
141 struct iphdr *iph; 141 struct iphdr *iph;
142 struct tcphdr *th; 142 struct tcphdr *th;
@@ -156,14 +156,14 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
156 return 1; 156 return 1;
157 157
158 /* Linear packets are much easier to deal with. */ 158 /* Linear packets are much easier to deal with. */
159 if (!skb_make_writable(*pskb, (*pskb)->len)) 159 if (!skb_make_writable(skb, skb->len))
160 return 0; 160 return 0;
161 161
162 if (cp->app_data == &ip_vs_ftp_pasv) { 162 if (cp->app_data == &ip_vs_ftp_pasv) {
163 iph = ip_hdr(*pskb); 163 iph = ip_hdr(skb);
164 th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); 164 th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]);
165 data = (char *)th + (th->doff << 2); 165 data = (char *)th + (th->doff << 2);
166 data_limit = skb_tail_pointer(*pskb); 166 data_limit = skb_tail_pointer(skb);
167 167
168 if (ip_vs_ftp_get_addrport(data, data_limit, 168 if (ip_vs_ftp_get_addrport(data, data_limit,
169 SERVER_STRING, 169 SERVER_STRING,
@@ -214,7 +214,7 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
214 memcpy(start, buf, buf_len); 214 memcpy(start, buf, buf_len);
215 ret = 1; 215 ret = 1;
216 } else { 216 } else {
217 ret = !ip_vs_skb_replace(*pskb, GFP_ATOMIC, start, 217 ret = !ip_vs_skb_replace(skb, GFP_ATOMIC, start,
218 end-start, buf, buf_len); 218 end-start, buf, buf_len);
219 } 219 }
220 220
@@ -239,7 +239,7 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
239 * the client. 239 * the client.
240 */ 240 */
241static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp, 241static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp,
242 struct sk_buff **pskb, int *diff) 242 struct sk_buff *skb, int *diff)
243{ 243{
244 struct iphdr *iph; 244 struct iphdr *iph;
245 struct tcphdr *th; 245 struct tcphdr *th;
@@ -257,20 +257,20 @@ static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp,
257 return 1; 257 return 1;
258 258
259 /* Linear packets are much easier to deal with. */ 259 /* Linear packets are much easier to deal with. */
260 if (!skb_make_writable(*pskb, (*pskb)->len)) 260 if (!skb_make_writable(skb, skb->len))
261 return 0; 261 return 0;
262 262
263 /* 263 /*
264 * Detecting whether it is passive 264 * Detecting whether it is passive
265 */ 265 */
266 iph = ip_hdr(*pskb); 266 iph = ip_hdr(skb);
267 th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); 267 th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]);
268 268
269 /* Since there may be OPTIONS in the TCP packet and the HLEN is 269 /* Since there may be OPTIONS in the TCP packet and the HLEN is
270 the length of the header in 32-bit multiples, it is accurate 270 the length of the header in 32-bit multiples, it is accurate
271 to calculate data address by th+HLEN*4 */ 271 to calculate data address by th+HLEN*4 */
272 data = data_start = (char *)th + (th->doff << 2); 272 data = data_start = (char *)th + (th->doff << 2);
273 data_limit = skb_tail_pointer(*pskb); 273 data_limit = skb_tail_pointer(skb);
274 274
275 while (data <= data_limit - 6) { 275 while (data <= data_limit - 6) {
276 if (strnicmp(data, "PASV\r\n", 6) == 0) { 276 if (strnicmp(data, "PASV\r\n", 6) == 0) {
diff --git a/net/ipv4/ipvs/ip_vs_proto_tcp.c b/net/ipv4/ipvs/ip_vs_proto_tcp.c
index b65b1a352ba3..12dc0d640b6d 100644
--- a/net/ipv4/ipvs/ip_vs_proto_tcp.c
+++ b/net/ipv4/ipvs/ip_vs_proto_tcp.c
@@ -123,27 +123,27 @@ tcp_fast_csum_update(struct tcphdr *tcph, __be32 oldip, __be32 newip,
123 123
124 124
125static int 125static int
126tcp_snat_handler(struct sk_buff **pskb, 126tcp_snat_handler(struct sk_buff *skb,
127 struct ip_vs_protocol *pp, struct ip_vs_conn *cp) 127 struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
128{ 128{
129 struct tcphdr *tcph; 129 struct tcphdr *tcph;
130 const unsigned int tcphoff = ip_hdrlen(*pskb); 130 const unsigned int tcphoff = ip_hdrlen(skb);
131 131
132 /* csum_check requires unshared skb */ 132 /* csum_check requires unshared skb */
133 if (!skb_make_writable(*pskb, tcphoff+sizeof(*tcph))) 133 if (!skb_make_writable(skb, tcphoff+sizeof(*tcph)))
134 return 0; 134 return 0;
135 135
136 if (unlikely(cp->app != NULL)) { 136 if (unlikely(cp->app != NULL)) {
137 /* Some checks before mangling */ 137 /* Some checks before mangling */
138 if (pp->csum_check && !pp->csum_check(*pskb, pp)) 138 if (pp->csum_check && !pp->csum_check(skb, pp))
139 return 0; 139 return 0;
140 140
141 /* Call application helper if needed */ 141 /* Call application helper if needed */
142 if (!ip_vs_app_pkt_out(cp, pskb)) 142 if (!ip_vs_app_pkt_out(cp, skb))
143 return 0; 143 return 0;
144 } 144 }
145 145
146 tcph = (void *)ip_hdr(*pskb) + tcphoff; 146 tcph = (void *)ip_hdr(skb) + tcphoff;
147 tcph->source = cp->vport; 147 tcph->source = cp->vport;
148 148
149 /* Adjust TCP checksums */ 149 /* Adjust TCP checksums */
@@ -151,17 +151,15 @@ tcp_snat_handler(struct sk_buff **pskb,
151 /* Only port and addr are changed, do fast csum update */ 151 /* Only port and addr are changed, do fast csum update */
152 tcp_fast_csum_update(tcph, cp->daddr, cp->vaddr, 152 tcp_fast_csum_update(tcph, cp->daddr, cp->vaddr,
153 cp->dport, cp->vport); 153 cp->dport, cp->vport);
154 if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) 154 if (skb->ip_summed == CHECKSUM_COMPLETE)
155 (*pskb)->ip_summed = CHECKSUM_NONE; 155 skb->ip_summed = CHECKSUM_NONE;
156 } else { 156 } else {
157 /* full checksum calculation */ 157 /* full checksum calculation */
158 tcph->check = 0; 158 tcph->check = 0;
159 (*pskb)->csum = skb_checksum(*pskb, tcphoff, 159 skb->csum = skb_checksum(skb, tcphoff, skb->len - tcphoff, 0);
160 (*pskb)->len - tcphoff, 0);
161 tcph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr, 160 tcph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr,
162 (*pskb)->len - tcphoff, 161 skb->len - tcphoff,
163 cp->protocol, 162 cp->protocol, skb->csum);
164 (*pskb)->csum);
165 IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n", 163 IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n",
166 pp->name, tcph->check, 164 pp->name, tcph->check,
167 (char*)&(tcph->check) - (char*)tcph); 165 (char*)&(tcph->check) - (char*)tcph);
@@ -171,30 +169,30 @@ tcp_snat_handler(struct sk_buff **pskb,
171 169
172 170
173static int 171static int
174tcp_dnat_handler(struct sk_buff **pskb, 172tcp_dnat_handler(struct sk_buff *skb,
175 struct ip_vs_protocol *pp, struct ip_vs_conn *cp) 173 struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
176{ 174{
177 struct tcphdr *tcph; 175 struct tcphdr *tcph;
178 const unsigned int tcphoff = ip_hdrlen(*pskb); 176 const unsigned int tcphoff = ip_hdrlen(skb);
179 177
180 /* csum_check requires unshared skb */ 178 /* csum_check requires unshared skb */
181 if (!skb_make_writable(*pskb, tcphoff+sizeof(*tcph))) 179 if (!skb_make_writable(skb, tcphoff+sizeof(*tcph)))
182 return 0; 180 return 0;
183 181
184 if (unlikely(cp->app != NULL)) { 182 if (unlikely(cp->app != NULL)) {
185 /* Some checks before mangling */ 183 /* Some checks before mangling */
186 if (pp->csum_check && !pp->csum_check(*pskb, pp)) 184 if (pp->csum_check && !pp->csum_check(skb, pp))
187 return 0; 185 return 0;
188 186
189 /* 187 /*
190 * Attempt ip_vs_app call. 188 * Attempt ip_vs_app call.
191 * It will fix ip_vs_conn and iph ack_seq stuff 189 * It will fix ip_vs_conn and iph ack_seq stuff
192 */ 190 */
193 if (!ip_vs_app_pkt_in(cp, pskb)) 191 if (!ip_vs_app_pkt_in(cp, skb))
194 return 0; 192 return 0;
195 } 193 }
196 194
197 tcph = (void *)ip_hdr(*pskb) + tcphoff; 195 tcph = (void *)ip_hdr(skb) + tcphoff;
198 tcph->dest = cp->dport; 196 tcph->dest = cp->dport;
199 197
200 /* 198 /*
@@ -204,18 +202,16 @@ tcp_dnat_handler(struct sk_buff **pskb,
204 /* Only port and addr are changed, do fast csum update */ 202 /* Only port and addr are changed, do fast csum update */
205 tcp_fast_csum_update(tcph, cp->vaddr, cp->daddr, 203 tcp_fast_csum_update(tcph, cp->vaddr, cp->daddr,
206 cp->vport, cp->dport); 204 cp->vport, cp->dport);
207 if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) 205 if (skb->ip_summed == CHECKSUM_COMPLETE)
208 (*pskb)->ip_summed = CHECKSUM_NONE; 206 skb->ip_summed = CHECKSUM_NONE;
209 } else { 207 } else {
210 /* full checksum calculation */ 208 /* full checksum calculation */
211 tcph->check = 0; 209 tcph->check = 0;
212 (*pskb)->csum = skb_checksum(*pskb, tcphoff, 210 skb->csum = skb_checksum(skb, tcphoff, skb->len - tcphoff, 0);
213 (*pskb)->len - tcphoff, 0);
214 tcph->check = csum_tcpudp_magic(cp->caddr, cp->daddr, 211 tcph->check = csum_tcpudp_magic(cp->caddr, cp->daddr,
215 (*pskb)->len - tcphoff, 212 skb->len - tcphoff,
216 cp->protocol, 213 cp->protocol, skb->csum);
217 (*pskb)->csum); 214 skb->ip_summed = CHECKSUM_UNNECESSARY;
218 (*pskb)->ip_summed = CHECKSUM_UNNECESSARY;
219 } 215 }
220 return 1; 216 return 1;
221} 217}
diff --git a/net/ipv4/ipvs/ip_vs_proto_udp.c b/net/ipv4/ipvs/ip_vs_proto_udp.c
index c70aa40e2c9d..1fa7b330b9ac 100644
--- a/net/ipv4/ipvs/ip_vs_proto_udp.c
+++ b/net/ipv4/ipvs/ip_vs_proto_udp.c
@@ -130,29 +130,29 @@ udp_fast_csum_update(struct udphdr *uhdr, __be32 oldip, __be32 newip,
130} 130}
131 131
132static int 132static int
133udp_snat_handler(struct sk_buff **pskb, 133udp_snat_handler(struct sk_buff *skb,
134 struct ip_vs_protocol *pp, struct ip_vs_conn *cp) 134 struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
135{ 135{
136 struct udphdr *udph; 136 struct udphdr *udph;
137 const unsigned int udphoff = ip_hdrlen(*pskb); 137 const unsigned int udphoff = ip_hdrlen(skb);
138 138
139 /* csum_check requires unshared skb */ 139 /* csum_check requires unshared skb */
140 if (!skb_make_writable(*pskb, udphoff+sizeof(*udph))) 140 if (!skb_make_writable(skb, udphoff+sizeof(*udph)))
141 return 0; 141 return 0;
142 142
143 if (unlikely(cp->app != NULL)) { 143 if (unlikely(cp->app != NULL)) {
144 /* Some checks before mangling */ 144 /* Some checks before mangling */
145 if (pp->csum_check && !pp->csum_check(*pskb, pp)) 145 if (pp->csum_check && !pp->csum_check(skb, pp))
146 return 0; 146 return 0;
147 147
148 /* 148 /*
149 * Call application helper if needed 149 * Call application helper if needed
150 */ 150 */
151 if (!ip_vs_app_pkt_out(cp, pskb)) 151 if (!ip_vs_app_pkt_out(cp, skb))
152 return 0; 152 return 0;
153 } 153 }
154 154
155 udph = (void *)ip_hdr(*pskb) + udphoff; 155 udph = (void *)ip_hdr(skb) + udphoff;
156 udph->source = cp->vport; 156 udph->source = cp->vport;
157 157
158 /* 158 /*
@@ -162,17 +162,15 @@ udp_snat_handler(struct sk_buff **pskb,
162 /* Only port and addr are changed, do fast csum update */ 162 /* Only port and addr are changed, do fast csum update */
163 udp_fast_csum_update(udph, cp->daddr, cp->vaddr, 163 udp_fast_csum_update(udph, cp->daddr, cp->vaddr,
164 cp->dport, cp->vport); 164 cp->dport, cp->vport);
165 if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) 165 if (skb->ip_summed == CHECKSUM_COMPLETE)
166 (*pskb)->ip_summed = CHECKSUM_NONE; 166 skb->ip_summed = CHECKSUM_NONE;
167 } else { 167 } else {
168 /* full checksum calculation */ 168 /* full checksum calculation */
169 udph->check = 0; 169 udph->check = 0;
170 (*pskb)->csum = skb_checksum(*pskb, udphoff, 170 skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0);
171 (*pskb)->len - udphoff, 0);
172 udph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr, 171 udph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr,
173 (*pskb)->len - udphoff, 172 skb->len - udphoff,
174 cp->protocol, 173 cp->protocol, skb->csum);
175 (*pskb)->csum);
176 if (udph->check == 0) 174 if (udph->check == 0)
177 udph->check = CSUM_MANGLED_0; 175 udph->check = CSUM_MANGLED_0;
178 IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n", 176 IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n",
@@ -184,30 +182,30 @@ udp_snat_handler(struct sk_buff **pskb,
184 182
185 183
186static int 184static int
187udp_dnat_handler(struct sk_buff **pskb, 185udp_dnat_handler(struct sk_buff *skb,
188 struct ip_vs_protocol *pp, struct ip_vs_conn *cp) 186 struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
189{ 187{
190 struct udphdr *udph; 188 struct udphdr *udph;
191 unsigned int udphoff = ip_hdrlen(*pskb); 189 unsigned int udphoff = ip_hdrlen(skb);
192 190
193 /* csum_check requires unshared skb */ 191 /* csum_check requires unshared skb */
194 if (!skb_make_writable(*pskb, udphoff+sizeof(*udph))) 192 if (!skb_make_writable(skb, udphoff+sizeof(*udph)))
195 return 0; 193 return 0;
196 194
197 if (unlikely(cp->app != NULL)) { 195 if (unlikely(cp->app != NULL)) {
198 /* Some checks before mangling */ 196 /* Some checks before mangling */
199 if (pp->csum_check && !pp->csum_check(*pskb, pp)) 197 if (pp->csum_check && !pp->csum_check(skb, pp))
200 return 0; 198 return 0;
201 199
202 /* 200 /*
203 * Attempt ip_vs_app call. 201 * Attempt ip_vs_app call.
204 * It will fix ip_vs_conn 202 * It will fix ip_vs_conn
205 */ 203 */
206 if (!ip_vs_app_pkt_in(cp, pskb)) 204 if (!ip_vs_app_pkt_in(cp, skb))
207 return 0; 205 return 0;
208 } 206 }
209 207
210 udph = (void *)ip_hdr(*pskb) + udphoff; 208 udph = (void *)ip_hdr(skb) + udphoff;
211 udph->dest = cp->dport; 209 udph->dest = cp->dport;
212 210
213 /* 211 /*
@@ -217,20 +215,18 @@ udp_dnat_handler(struct sk_buff **pskb,
217 /* Only port and addr are changed, do fast csum update */ 215 /* Only port and addr are changed, do fast csum update */
218 udp_fast_csum_update(udph, cp->vaddr, cp->daddr, 216 udp_fast_csum_update(udph, cp->vaddr, cp->daddr,
219 cp->vport, cp->dport); 217 cp->vport, cp->dport);
220 if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) 218 if (skb->ip_summed == CHECKSUM_COMPLETE)
221 (*pskb)->ip_summed = CHECKSUM_NONE; 219 skb->ip_summed = CHECKSUM_NONE;
222 } else { 220 } else {
223 /* full checksum calculation */ 221 /* full checksum calculation */
224 udph->check = 0; 222 udph->check = 0;
225 (*pskb)->csum = skb_checksum(*pskb, udphoff, 223 skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0);
226 (*pskb)->len - udphoff, 0);
227 udph->check = csum_tcpudp_magic(cp->caddr, cp->daddr, 224 udph->check = csum_tcpudp_magic(cp->caddr, cp->daddr,
228 (*pskb)->len - udphoff, 225 skb->len - udphoff,
229 cp->protocol, 226 cp->protocol, skb->csum);
230 (*pskb)->csum);
231 if (udph->check == 0) 227 if (udph->check == 0)
232 udph->check = CSUM_MANGLED_0; 228 udph->check = CSUM_MANGLED_0;
233 (*pskb)->ip_summed = CHECKSUM_UNNECESSARY; 229 skb->ip_summed = CHECKSUM_UNNECESSARY;
234 } 230 }
235 return 1; 231 return 1;
236} 232}
diff --git a/net/ipv4/ipvs/ip_vs_xmit.c b/net/ipv4/ipvs/ip_vs_xmit.c
index afd90d4d7399..d0a92dec1050 100644
--- a/net/ipv4/ipvs/ip_vs_xmit.c
+++ b/net/ipv4/ipvs/ip_vs_xmit.c
@@ -264,7 +264,7 @@ ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
264 skb->dst = &rt->u.dst; 264 skb->dst = &rt->u.dst;
265 265
266 /* mangle the packet */ 266 /* mangle the packet */
267 if (pp->dnat_handler && !pp->dnat_handler(&skb, pp, cp)) 267 if (pp->dnat_handler && !pp->dnat_handler(skb, pp, cp))
268 goto tx_error; 268 goto tx_error;
269 ip_hdr(skb)->daddr = cp->daddr; 269 ip_hdr(skb)->daddr = cp->daddr;
270 ip_send_check(ip_hdr(skb)); 270 ip_send_check(ip_hdr(skb));
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index d1e3012d891f..5539debf4973 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -9,9 +9,9 @@
9#include <net/ip.h> 9#include <net/ip.h>
10 10
11/* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */ 11/* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */
12int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type) 12int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
13{ 13{
14 const struct iphdr *iph = ip_hdr(*pskb); 14 const struct iphdr *iph = ip_hdr(skb);
15 struct rtable *rt; 15 struct rtable *rt;
16 struct flowi fl = {}; 16 struct flowi fl = {};
17 struct dst_entry *odst; 17 struct dst_entry *odst;
@@ -30,14 +30,14 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type)
30 if (type == RTN_LOCAL) 30 if (type == RTN_LOCAL)
31 fl.nl_u.ip4_u.saddr = iph->saddr; 31 fl.nl_u.ip4_u.saddr = iph->saddr;
32 fl.nl_u.ip4_u.tos = RT_TOS(iph->tos); 32 fl.nl_u.ip4_u.tos = RT_TOS(iph->tos);
33 fl.oif = (*pskb)->sk ? (*pskb)->sk->sk_bound_dev_if : 0; 33 fl.oif = skb->sk ? skb->sk->sk_bound_dev_if : 0;
34 fl.mark = (*pskb)->mark; 34 fl.mark = skb->mark;
35 if (ip_route_output_key(&rt, &fl) != 0) 35 if (ip_route_output_key(&rt, &fl) != 0)
36 return -1; 36 return -1;
37 37
38 /* Drop old route. */ 38 /* Drop old route. */
39 dst_release((*pskb)->dst); 39 dst_release(skb->dst);
40 (*pskb)->dst = &rt->u.dst; 40 skb->dst = &rt->u.dst;
41 } else { 41 } else {
42 /* non-local src, find valid iif to satisfy 42 /* non-local src, find valid iif to satisfy
43 * rp-filter when calling ip_route_input. */ 43 * rp-filter when calling ip_route_input. */
@@ -45,8 +45,8 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type)
45 if (ip_route_output_key(&rt, &fl) != 0) 45 if (ip_route_output_key(&rt, &fl) != 0)
46 return -1; 46 return -1;
47 47
48 odst = (*pskb)->dst; 48 odst = skb->dst;
49 if (ip_route_input(*pskb, iph->daddr, iph->saddr, 49 if (ip_route_input(skb, iph->daddr, iph->saddr,
50 RT_TOS(iph->tos), rt->u.dst.dev) != 0) { 50 RT_TOS(iph->tos), rt->u.dst.dev) != 0) {
51 dst_release(&rt->u.dst); 51 dst_release(&rt->u.dst);
52 return -1; 52 return -1;
@@ -55,21 +55,20 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type)
55 dst_release(odst); 55 dst_release(odst);
56 } 56 }
57 57
58 if ((*pskb)->dst->error) 58 if (skb->dst->error)
59 return -1; 59 return -1;
60 60
61#ifdef CONFIG_XFRM 61#ifdef CONFIG_XFRM
62 if (!(IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED) && 62 if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) &&
63 xfrm_decode_session(*pskb, &fl, AF_INET) == 0) 63 xfrm_decode_session(skb, &fl, AF_INET) == 0)
64 if (xfrm_lookup(&(*pskb)->dst, &fl, (*pskb)->sk, 0)) 64 if (xfrm_lookup(&skb->dst, &fl, skb->sk, 0))
65 return -1; 65 return -1;
66#endif 66#endif
67 67
68 /* Change in oif may mean change in hh_len. */ 68 /* Change in oif may mean change in hh_len. */
69 hh_len = (*pskb)->dst->dev->hard_header_len; 69 hh_len = skb->dst->dev->hard_header_len;
70 if (skb_headroom(*pskb) < hh_len && 70 if (skb_headroom(skb) < hh_len &&
71 pskb_expand_head(*pskb, hh_len - skb_headroom(*pskb), 0, 71 pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC))
72 GFP_ATOMIC))
73 return -1; 72 return -1;
74 73
75 return 0; 74 return 0;
@@ -77,33 +76,32 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type)
77EXPORT_SYMBOL(ip_route_me_harder); 76EXPORT_SYMBOL(ip_route_me_harder);
78 77
79#ifdef CONFIG_XFRM 78#ifdef CONFIG_XFRM
80int ip_xfrm_me_harder(struct sk_buff **pskb) 79int ip_xfrm_me_harder(struct sk_buff *skb)
81{ 80{
82 struct flowi fl; 81 struct flowi fl;
83 unsigned int hh_len; 82 unsigned int hh_len;
84 struct dst_entry *dst; 83 struct dst_entry *dst;
85 84
86 if (IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED) 85 if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED)
87 return 0; 86 return 0;
88 if (xfrm_decode_session(*pskb, &fl, AF_INET) < 0) 87 if (xfrm_decode_session(skb, &fl, AF_INET) < 0)
89 return -1; 88 return -1;
90 89
91 dst = (*pskb)->dst; 90 dst = skb->dst;
92 if (dst->xfrm) 91 if (dst->xfrm)
93 dst = ((struct xfrm_dst *)dst)->route; 92 dst = ((struct xfrm_dst *)dst)->route;
94 dst_hold(dst); 93 dst_hold(dst);
95 94
96 if (xfrm_lookup(&dst, &fl, (*pskb)->sk, 0) < 0) 95 if (xfrm_lookup(&dst, &fl, skb->sk, 0) < 0)
97 return -1; 96 return -1;
98 97
99 dst_release((*pskb)->dst); 98 dst_release(skb->dst);
100 (*pskb)->dst = dst; 99 skb->dst = dst;
101 100
102 /* Change in oif may mean change in hh_len. */ 101 /* Change in oif may mean change in hh_len. */
103 hh_len = (*pskb)->dst->dev->hard_header_len; 102 hh_len = skb->dst->dev->hard_header_len;
104 if (skb_headroom(*pskb) < hh_len && 103 if (skb_headroom(skb) < hh_len &&
105 pskb_expand_head(*pskb, hh_len - skb_headroom(*pskb), 0, 104 pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC))
106 GFP_ATOMIC))
107 return -1; 105 return -1;
108 return 0; 106 return 0;
109} 107}
@@ -137,17 +135,17 @@ static void nf_ip_saveroute(const struct sk_buff *skb, struct nf_info *info)
137 } 135 }
138} 136}
139 137
140static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info) 138static int nf_ip_reroute(struct sk_buff *skb, const struct nf_info *info)
141{ 139{
142 const struct ip_rt_info *rt_info = nf_info_reroute(info); 140 const struct ip_rt_info *rt_info = nf_info_reroute(info);
143 141
144 if (info->hook == NF_IP_LOCAL_OUT) { 142 if (info->hook == NF_IP_LOCAL_OUT) {
145 const struct iphdr *iph = ip_hdr(*pskb); 143 const struct iphdr *iph = ip_hdr(skb);
146 144
147 if (!(iph->tos == rt_info->tos 145 if (!(iph->tos == rt_info->tos
148 && iph->daddr == rt_info->daddr 146 && iph->daddr == rt_info->daddr
149 && iph->saddr == rt_info->saddr)) 147 && iph->saddr == rt_info->saddr))
150 return ip_route_me_harder(pskb, RTN_UNSPEC); 148 return ip_route_me_harder(skb, RTN_UNSPEC);
151 } 149 }
152 return 0; 150 return 0;
153} 151}
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 29114a9ccd1d..2909c92ecd99 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -197,7 +197,7 @@ static inline int arp_checkentry(const struct arpt_arp *arp)
197 return 1; 197 return 1;
198} 198}
199 199
200static unsigned int arpt_error(struct sk_buff **pskb, 200static unsigned int arpt_error(struct sk_buff *skb,
201 const struct net_device *in, 201 const struct net_device *in,
202 const struct net_device *out, 202 const struct net_device *out,
203 unsigned int hooknum, 203 unsigned int hooknum,
@@ -215,7 +215,7 @@ static inline struct arpt_entry *get_entry(void *base, unsigned int offset)
215 return (struct arpt_entry *)(base + offset); 215 return (struct arpt_entry *)(base + offset);
216} 216}
217 217
218unsigned int arpt_do_table(struct sk_buff **pskb, 218unsigned int arpt_do_table(struct sk_buff *skb,
219 unsigned int hook, 219 unsigned int hook,
220 const struct net_device *in, 220 const struct net_device *in,
221 const struct net_device *out, 221 const struct net_device *out,
@@ -231,9 +231,9 @@ unsigned int arpt_do_table(struct sk_buff **pskb,
231 struct xt_table_info *private; 231 struct xt_table_info *private;
232 232
233 /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ 233 /* ARP header, plus 2 device addresses, plus 2 IP addresses. */
234 if (!pskb_may_pull((*pskb), (sizeof(struct arphdr) + 234 if (!pskb_may_pull(skb, (sizeof(struct arphdr) +
235 (2 * (*pskb)->dev->addr_len) + 235 (2 * skb->dev->addr_len) +
236 (2 * sizeof(u32))))) 236 (2 * sizeof(u32)))))
237 return NF_DROP; 237 return NF_DROP;
238 238
239 indev = in ? in->name : nulldevname; 239 indev = in ? in->name : nulldevname;
@@ -245,14 +245,14 @@ unsigned int arpt_do_table(struct sk_buff **pskb,
245 e = get_entry(table_base, private->hook_entry[hook]); 245 e = get_entry(table_base, private->hook_entry[hook]);
246 back = get_entry(table_base, private->underflow[hook]); 246 back = get_entry(table_base, private->underflow[hook]);
247 247
248 arp = arp_hdr(*pskb); 248 arp = arp_hdr(skb);
249 do { 249 do {
250 if (arp_packet_match(arp, (*pskb)->dev, indev, outdev, &e->arp)) { 250 if (arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) {
251 struct arpt_entry_target *t; 251 struct arpt_entry_target *t;
252 int hdr_len; 252 int hdr_len;
253 253
254 hdr_len = sizeof(*arp) + (2 * sizeof(struct in_addr)) + 254 hdr_len = sizeof(*arp) + (2 * sizeof(struct in_addr)) +
255 (2 * (*pskb)->dev->addr_len); 255 (2 * skb->dev->addr_len);
256 ADD_COUNTER(e->counters, hdr_len, 1); 256 ADD_COUNTER(e->counters, hdr_len, 1);
257 257
258 t = arpt_get_target(e); 258 t = arpt_get_target(e);
@@ -290,14 +290,14 @@ unsigned int arpt_do_table(struct sk_buff **pskb,
290 /* Targets which reenter must return 290 /* Targets which reenter must return
291 * abs. verdicts 291 * abs. verdicts
292 */ 292 */
293 verdict = t->u.kernel.target->target(pskb, 293 verdict = t->u.kernel.target->target(skb,
294 in, out, 294 in, out,
295 hook, 295 hook,
296 t->u.kernel.target, 296 t->u.kernel.target,
297 t->data); 297 t->data);
298 298
299 /* Target might have changed stuff. */ 299 /* Target might have changed stuff. */
300 arp = arp_hdr(*pskb); 300 arp = arp_hdr(skb);
301 301
302 if (verdict == ARPT_CONTINUE) 302 if (verdict == ARPT_CONTINUE)
303 e = (void *)e + e->next_offset; 303 e = (void *)e + e->next_offset;
diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c
index 0181f919a79c..45fa4e20094a 100644
--- a/net/ipv4/netfilter/arpt_mangle.c
+++ b/net/ipv4/netfilter/arpt_mangle.c
@@ -9,7 +9,7 @@ MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>");
9MODULE_DESCRIPTION("arptables arp payload mangle target"); 9MODULE_DESCRIPTION("arptables arp payload mangle target");
10 10
11static unsigned int 11static unsigned int
12target(struct sk_buff **pskb, 12target(struct sk_buff *skb,
13 const struct net_device *in, const struct net_device *out, 13 const struct net_device *in, const struct net_device *out,
14 unsigned int hooknum, const struct xt_target *target, 14 unsigned int hooknum, const struct xt_target *target,
15 const void *targinfo) 15 const void *targinfo)
@@ -19,38 +19,38 @@ target(struct sk_buff **pskb,
19 unsigned char *arpptr; 19 unsigned char *arpptr;
20 int pln, hln; 20 int pln, hln;
21 21
22 if (skb_make_writable(*pskb, (*pskb)->len)) 22 if (skb_make_writable(skb, skb->len))
23 return NF_DROP; 23 return NF_DROP;
24 24
25 arp = arp_hdr(*pskb); 25 arp = arp_hdr(skb);
26 arpptr = skb_network_header(*pskb) + sizeof(*arp); 26 arpptr = skb_network_header(skb) + sizeof(*arp);
27 pln = arp->ar_pln; 27 pln = arp->ar_pln;
28 hln = arp->ar_hln; 28 hln = arp->ar_hln;
29 /* We assume that pln and hln were checked in the match */ 29 /* We assume that pln and hln were checked in the match */
30 if (mangle->flags & ARPT_MANGLE_SDEV) { 30 if (mangle->flags & ARPT_MANGLE_SDEV) {
31 if (ARPT_DEV_ADDR_LEN_MAX < hln || 31 if (ARPT_DEV_ADDR_LEN_MAX < hln ||
32 (arpptr + hln > skb_tail_pointer(*pskb))) 32 (arpptr + hln > skb_tail_pointer(skb)))
33 return NF_DROP; 33 return NF_DROP;
34 memcpy(arpptr, mangle->src_devaddr, hln); 34 memcpy(arpptr, mangle->src_devaddr, hln);
35 } 35 }
36 arpptr += hln; 36 arpptr += hln;
37 if (mangle->flags & ARPT_MANGLE_SIP) { 37 if (mangle->flags & ARPT_MANGLE_SIP) {
38 if (ARPT_MANGLE_ADDR_LEN_MAX < pln || 38 if (ARPT_MANGLE_ADDR_LEN_MAX < pln ||
39 (arpptr + pln > skb_tail_pointer(*pskb))) 39 (arpptr + pln > skb_tail_pointer(skb)))
40 return NF_DROP; 40 return NF_DROP;
41 memcpy(arpptr, &mangle->u_s.src_ip, pln); 41 memcpy(arpptr, &mangle->u_s.src_ip, pln);
42 } 42 }
43 arpptr += pln; 43 arpptr += pln;
44 if (mangle->flags & ARPT_MANGLE_TDEV) { 44 if (mangle->flags & ARPT_MANGLE_TDEV) {
45 if (ARPT_DEV_ADDR_LEN_MAX < hln || 45 if (ARPT_DEV_ADDR_LEN_MAX < hln ||
46 (arpptr + hln > skb_tail_pointer(*pskb))) 46 (arpptr + hln > skb_tail_pointer(skb)))
47 return NF_DROP; 47 return NF_DROP;
48 memcpy(arpptr, mangle->tgt_devaddr, hln); 48 memcpy(arpptr, mangle->tgt_devaddr, hln);
49 } 49 }
50 arpptr += hln; 50 arpptr += hln;
51 if (mangle->flags & ARPT_MANGLE_TIP) { 51 if (mangle->flags & ARPT_MANGLE_TIP) {
52 if (ARPT_MANGLE_ADDR_LEN_MAX < pln || 52 if (ARPT_MANGLE_ADDR_LEN_MAX < pln ||
53 (arpptr + pln > skb_tail_pointer(*pskb))) 53 (arpptr + pln > skb_tail_pointer(skb)))
54 return NF_DROP; 54 return NF_DROP;
55 memcpy(arpptr, &mangle->u_t.tgt_ip, pln); 55 memcpy(arpptr, &mangle->u_t.tgt_ip, pln);
56 } 56 }
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c
index 75c023062533..302d3da5f696 100644
--- a/net/ipv4/netfilter/arptable_filter.c
+++ b/net/ipv4/netfilter/arptable_filter.c
@@ -56,12 +56,12 @@ static struct arpt_table packet_filter = {
56 56
57/* The work comes in here from netfilter.c */ 57/* The work comes in here from netfilter.c */
58static unsigned int arpt_hook(unsigned int hook, 58static unsigned int arpt_hook(unsigned int hook,
59 struct sk_buff **pskb, 59 struct sk_buff *skb,
60 const struct net_device *in, 60 const struct net_device *in,
61 const struct net_device *out, 61 const struct net_device *out,
62 int (*okfn)(struct sk_buff *)) 62 int (*okfn)(struct sk_buff *))
63{ 63{
64 return arpt_do_table(pskb, hook, in, out, &packet_filter); 64 return arpt_do_table(skb, hook, in, out, &packet_filter);
65} 65}
66 66
67static struct nf_hook_ops arpt_ops[] = { 67static struct nf_hook_ops arpt_ops[] = {
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 6486894f450c..4b10b98640ac 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -169,7 +169,7 @@ ip_checkentry(const struct ipt_ip *ip)
169} 169}
170 170
171static unsigned int 171static unsigned int
172ipt_error(struct sk_buff **pskb, 172ipt_error(struct sk_buff *skb,
173 const struct net_device *in, 173 const struct net_device *in,
174 const struct net_device *out, 174 const struct net_device *out,
175 unsigned int hooknum, 175 unsigned int hooknum,
@@ -312,7 +312,7 @@ static void trace_packet(struct sk_buff *skb,
312 312
313/* Returns one of the generic firewall policies, like NF_ACCEPT. */ 313/* Returns one of the generic firewall policies, like NF_ACCEPT. */
314unsigned int 314unsigned int
315ipt_do_table(struct sk_buff **pskb, 315ipt_do_table(struct sk_buff *skb,
316 unsigned int hook, 316 unsigned int hook,
317 const struct net_device *in, 317 const struct net_device *in,
318 const struct net_device *out, 318 const struct net_device *out,
@@ -331,8 +331,8 @@ ipt_do_table(struct sk_buff **pskb,
331 struct xt_table_info *private; 331 struct xt_table_info *private;
332 332
333 /* Initialization */ 333 /* Initialization */
334 ip = ip_hdr(*pskb); 334 ip = ip_hdr(skb);
335 datalen = (*pskb)->len - ip->ihl * 4; 335 datalen = skb->len - ip->ihl * 4;
336 indev = in ? in->name : nulldevname; 336 indev = in ? in->name : nulldevname;
337 outdev = out ? out->name : nulldevname; 337 outdev = out ? out->name : nulldevname;
338 /* We handle fragments by dealing with the first fragment as 338 /* We handle fragments by dealing with the first fragment as
@@ -359,7 +359,7 @@ ipt_do_table(struct sk_buff **pskb,
359 struct ipt_entry_target *t; 359 struct ipt_entry_target *t;
360 360
361 if (IPT_MATCH_ITERATE(e, do_match, 361 if (IPT_MATCH_ITERATE(e, do_match,
362 *pskb, in, out, 362 skb, in, out,
363 offset, &hotdrop) != 0) 363 offset, &hotdrop) != 0)
364 goto no_match; 364 goto no_match;
365 365
@@ -371,8 +371,8 @@ ipt_do_table(struct sk_buff **pskb,
371#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ 371#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
372 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) 372 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
373 /* The packet is traced: log it */ 373 /* The packet is traced: log it */
374 if (unlikely((*pskb)->nf_trace)) 374 if (unlikely(skb->nf_trace))
375 trace_packet(*pskb, hook, in, out, 375 trace_packet(skb, hook, in, out,
376 table->name, private, e); 376 table->name, private, e);
377#endif 377#endif
378 /* Standard target? */ 378 /* Standard target? */
@@ -410,7 +410,7 @@ ipt_do_table(struct sk_buff **pskb,
410 ((struct ipt_entry *)table_base)->comefrom 410 ((struct ipt_entry *)table_base)->comefrom
411 = 0xeeeeeeec; 411 = 0xeeeeeeec;
412#endif 412#endif
413 verdict = t->u.kernel.target->target(pskb, 413 verdict = t->u.kernel.target->target(skb,
414 in, out, 414 in, out,
415 hook, 415 hook,
416 t->u.kernel.target, 416 t->u.kernel.target,
@@ -428,8 +428,8 @@ ipt_do_table(struct sk_buff **pskb,
428 = 0x57acc001; 428 = 0x57acc001;
429#endif 429#endif
430 /* Target might have changed stuff. */ 430 /* Target might have changed stuff. */
431 ip = ip_hdr(*pskb); 431 ip = ip_hdr(skb);
432 datalen = (*pskb)->len - ip->ihl * 4; 432 datalen = skb->len - ip->ihl * 4;
433 433
434 if (verdict == IPT_CONTINUE) 434 if (verdict == IPT_CONTINUE)
435 e = (void *)e + e->next_offset; 435 e = (void *)e + e->next_offset;
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 27f14e1ebd8b..2f544dac72df 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -289,7 +289,7 @@ clusterip_responsible(const struct clusterip_config *config, u_int32_t hash)
289 ***********************************************************************/ 289 ***********************************************************************/
290 290
291static unsigned int 291static unsigned int
292target(struct sk_buff **pskb, 292target(struct sk_buff *skb,
293 const struct net_device *in, 293 const struct net_device *in,
294 const struct net_device *out, 294 const struct net_device *out,
295 unsigned int hooknum, 295 unsigned int hooknum,
@@ -305,7 +305,7 @@ target(struct sk_buff **pskb,
305 * is only decremented by destroy() - and ip_tables guarantees 305 * is only decremented by destroy() - and ip_tables guarantees
306 * that the ->target() function isn't called after ->destroy() */ 306 * that the ->target() function isn't called after ->destroy() */
307 307
308 ct = nf_ct_get(*pskb, &ctinfo); 308 ct = nf_ct_get(skb, &ctinfo);
309 if (ct == NULL) { 309 if (ct == NULL) {
310 printk(KERN_ERR "CLUSTERIP: no conntrack!\n"); 310 printk(KERN_ERR "CLUSTERIP: no conntrack!\n");
311 /* FIXME: need to drop invalid ones, since replies 311 /* FIXME: need to drop invalid ones, since replies
@@ -316,7 +316,7 @@ target(struct sk_buff **pskb,
316 316
317 /* special case: ICMP error handling. conntrack distinguishes between 317 /* special case: ICMP error handling. conntrack distinguishes between
318 * error messages (RELATED) and information requests (see below) */ 318 * error messages (RELATED) and information requests (see below) */
319 if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP 319 if (ip_hdr(skb)->protocol == IPPROTO_ICMP
320 && (ctinfo == IP_CT_RELATED 320 && (ctinfo == IP_CT_RELATED
321 || ctinfo == IP_CT_RELATED+IP_CT_IS_REPLY)) 321 || ctinfo == IP_CT_RELATED+IP_CT_IS_REPLY))
322 return XT_CONTINUE; 322 return XT_CONTINUE;
@@ -325,7 +325,7 @@ target(struct sk_buff **pskb,
325 * TIMESTAMP, INFO_REQUEST or ADDRESS type icmp packets from here 325 * TIMESTAMP, INFO_REQUEST or ADDRESS type icmp packets from here
326 * on, which all have an ID field [relevant for hashing]. */ 326 * on, which all have an ID field [relevant for hashing]. */
327 327
328 hash = clusterip_hashfn(*pskb, cipinfo->config); 328 hash = clusterip_hashfn(skb, cipinfo->config);
329 329
330 switch (ctinfo) { 330 switch (ctinfo) {
331 case IP_CT_NEW: 331 case IP_CT_NEW:
@@ -355,7 +355,7 @@ target(struct sk_buff **pskb,
355 355
356 /* despite being received via linklayer multicast, this is 356 /* despite being received via linklayer multicast, this is
357 * actually a unicast IP packet. TCP doesn't like PACKET_MULTICAST */ 357 * actually a unicast IP packet. TCP doesn't like PACKET_MULTICAST */
358 (*pskb)->pkt_type = PACKET_HOST; 358 skb->pkt_type = PACKET_HOST;
359 359
360 return XT_CONTINUE; 360 return XT_CONTINUE;
361} 361}
@@ -505,12 +505,12 @@ static void arp_print(struct arp_payload *payload)
505 505
506static unsigned int 506static unsigned int
507arp_mangle(unsigned int hook, 507arp_mangle(unsigned int hook,
508 struct sk_buff **pskb, 508 struct sk_buff *skb,
509 const struct net_device *in, 509 const struct net_device *in,
510 const struct net_device *out, 510 const struct net_device *out,
511 int (*okfn)(struct sk_buff *)) 511 int (*okfn)(struct sk_buff *))
512{ 512{
513 struct arphdr *arp = arp_hdr(*pskb); 513 struct arphdr *arp = arp_hdr(skb);
514 struct arp_payload *payload; 514 struct arp_payload *payload;
515 struct clusterip_config *c; 515 struct clusterip_config *c;
516 516
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c
index 92744be1c55e..add110060a22 100644
--- a/net/ipv4/netfilter/ipt_ECN.c
+++ b/net/ipv4/netfilter/ipt_ECN.c
@@ -26,15 +26,15 @@ MODULE_DESCRIPTION("iptables ECN modification module");
26/* set ECT codepoint from IP header. 26/* set ECT codepoint from IP header.
27 * return false if there was an error. */ 27 * return false if there was an error. */
28static inline bool 28static inline bool
29set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) 29set_ect_ip(struct sk_buff *skb, const struct ipt_ECN_info *einfo)
30{ 30{
31 struct iphdr *iph = ip_hdr(*pskb); 31 struct iphdr *iph = ip_hdr(skb);
32 32
33 if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) { 33 if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) {
34 __u8 oldtos; 34 __u8 oldtos;
35 if (!skb_make_writable(*pskb, sizeof(struct iphdr))) 35 if (!skb_make_writable(skb, sizeof(struct iphdr)))
36 return false; 36 return false;
37 iph = ip_hdr(*pskb); 37 iph = ip_hdr(skb);
38 oldtos = iph->tos; 38 oldtos = iph->tos;
39 iph->tos &= ~IPT_ECN_IP_MASK; 39 iph->tos &= ~IPT_ECN_IP_MASK;
40 iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK); 40 iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK);
@@ -45,14 +45,13 @@ set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
45 45
46/* Return false if there was an error. */ 46/* Return false if there was an error. */
47static inline bool 47static inline bool
48set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) 48set_ect_tcp(struct sk_buff *skb, const struct ipt_ECN_info *einfo)
49{ 49{
50 struct tcphdr _tcph, *tcph; 50 struct tcphdr _tcph, *tcph;
51 __be16 oldval; 51 __be16 oldval;
52 52
53 /* Not enought header? */ 53 /* Not enought header? */
54 tcph = skb_header_pointer(*pskb, ip_hdrlen(*pskb), 54 tcph = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph);
55 sizeof(_tcph), &_tcph);
56 if (!tcph) 55 if (!tcph)
57 return false; 56 return false;
58 57
@@ -62,9 +61,9 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
62 tcph->cwr == einfo->proto.tcp.cwr)) 61 tcph->cwr == einfo->proto.tcp.cwr))
63 return true; 62 return true;
64 63
65 if (!skb_make_writable(*pskb, ip_hdrlen(*pskb) + sizeof(*tcph))) 64 if (!skb_make_writable(skb, ip_hdrlen(skb) + sizeof(*tcph)))
66 return false; 65 return false;
67 tcph = (void *)ip_hdr(*pskb) + ip_hdrlen(*pskb); 66 tcph = (void *)ip_hdr(skb) + ip_hdrlen(skb);
68 67
69 oldval = ((__be16 *)tcph)[6]; 68 oldval = ((__be16 *)tcph)[6];
70 if (einfo->operation & IPT_ECN_OP_SET_ECE) 69 if (einfo->operation & IPT_ECN_OP_SET_ECE)
@@ -72,13 +71,13 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
72 if (einfo->operation & IPT_ECN_OP_SET_CWR) 71 if (einfo->operation & IPT_ECN_OP_SET_CWR)
73 tcph->cwr = einfo->proto.tcp.cwr; 72 tcph->cwr = einfo->proto.tcp.cwr;
74 73
75 nf_proto_csum_replace2(&tcph->check, *pskb, 74 nf_proto_csum_replace2(&tcph->check, skb,
76 oldval, ((__be16 *)tcph)[6], 0); 75 oldval, ((__be16 *)tcph)[6], 0);
77 return true; 76 return true;
78} 77}
79 78
80static unsigned int 79static unsigned int
81target(struct sk_buff **pskb, 80target(struct sk_buff *skb,
82 const struct net_device *in, 81 const struct net_device *in,
83 const struct net_device *out, 82 const struct net_device *out,
84 unsigned int hooknum, 83 unsigned int hooknum,
@@ -88,12 +87,12 @@ target(struct sk_buff **pskb,
88 const struct ipt_ECN_info *einfo = targinfo; 87 const struct ipt_ECN_info *einfo = targinfo;
89 88
90 if (einfo->operation & IPT_ECN_OP_SET_IP) 89 if (einfo->operation & IPT_ECN_OP_SET_IP)
91 if (!set_ect_ip(pskb, einfo)) 90 if (!set_ect_ip(skb, einfo))
92 return NF_DROP; 91 return NF_DROP;
93 92
94 if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR) 93 if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR)
95 && ip_hdr(*pskb)->protocol == IPPROTO_TCP) 94 && ip_hdr(skb)->protocol == IPPROTO_TCP)
96 if (!set_ect_tcp(pskb, einfo)) 95 if (!set_ect_tcp(skb, einfo))
97 return NF_DROP; 96 return NF_DROP;
98 97
99 return XT_CONTINUE; 98 return XT_CONTINUE;
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
index 127a5e89bf14..4b5e8216a4e7 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -418,7 +418,7 @@ ipt_log_packet(unsigned int pf,
418} 418}
419 419
420static unsigned int 420static unsigned int
421ipt_log_target(struct sk_buff **pskb, 421ipt_log_target(struct sk_buff *skb,
422 const struct net_device *in, 422 const struct net_device *in,
423 const struct net_device *out, 423 const struct net_device *out,
424 unsigned int hooknum, 424 unsigned int hooknum,
@@ -432,7 +432,7 @@ ipt_log_target(struct sk_buff **pskb,
432 li.u.log.level = loginfo->level; 432 li.u.log.level = loginfo->level;
433 li.u.log.logflags = loginfo->logflags; 433 li.u.log.logflags = loginfo->logflags;
434 434
435 ipt_log_packet(PF_INET, hooknum, *pskb, in, out, &li, 435 ipt_log_packet(PF_INET, hooknum, skb, in, out, &li,
436 loginfo->prefix); 436 loginfo->prefix);
437 return XT_CONTINUE; 437 return XT_CONTINUE;
438} 438}
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index 3e0b562b2db7..44b516e7cb79 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -52,7 +52,7 @@ masquerade_check(const char *tablename,
52} 52}
53 53
54static unsigned int 54static unsigned int
55masquerade_target(struct sk_buff **pskb, 55masquerade_target(struct sk_buff *skb,
56 const struct net_device *in, 56 const struct net_device *in,
57 const struct net_device *out, 57 const struct net_device *out,
58 unsigned int hooknum, 58 unsigned int hooknum,
@@ -69,7 +69,7 @@ masquerade_target(struct sk_buff **pskb,
69 69
70 NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); 70 NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING);
71 71
72 ct = nf_ct_get(*pskb, &ctinfo); 72 ct = nf_ct_get(skb, &ctinfo);
73 nat = nfct_nat(ct); 73 nat = nfct_nat(ct);
74 74
75 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED 75 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED
@@ -82,7 +82,7 @@ masquerade_target(struct sk_buff **pskb,
82 return NF_ACCEPT; 82 return NF_ACCEPT;
83 83
84 mr = targinfo; 84 mr = targinfo;
85 rt = (struct rtable *)(*pskb)->dst; 85 rt = (struct rtable *)skb->dst;
86 newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE); 86 newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
87 if (!newsrc) { 87 if (!newsrc) {
88 printk("MASQUERADE: %s ate my IP address\n", out->name); 88 printk("MASQUERADE: %s ate my IP address\n", out->name);
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
index 41a011d5a065..f8699291e33d 100644
--- a/net/ipv4/netfilter/ipt_NETMAP.c
+++ b/net/ipv4/netfilter/ipt_NETMAP.c
@@ -43,7 +43,7 @@ check(const char *tablename,
43} 43}
44 44
45static unsigned int 45static unsigned int
46target(struct sk_buff **pskb, 46target(struct sk_buff *skb,
47 const struct net_device *in, 47 const struct net_device *in,
48 const struct net_device *out, 48 const struct net_device *out,
49 unsigned int hooknum, 49 unsigned int hooknum,
@@ -59,14 +59,14 @@ target(struct sk_buff **pskb,
59 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING 59 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING
60 || hooknum == NF_IP_POST_ROUTING 60 || hooknum == NF_IP_POST_ROUTING
61 || hooknum == NF_IP_LOCAL_OUT); 61 || hooknum == NF_IP_LOCAL_OUT);
62 ct = nf_ct_get(*pskb, &ctinfo); 62 ct = nf_ct_get(skb, &ctinfo);
63 63
64 netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip); 64 netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
65 65
66 if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT) 66 if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT)
67 new_ip = ip_hdr(*pskb)->daddr & ~netmask; 67 new_ip = ip_hdr(skb)->daddr & ~netmask;
68 else 68 else
69 new_ip = ip_hdr(*pskb)->saddr & ~netmask; 69 new_ip = ip_hdr(skb)->saddr & ~netmask;
70 new_ip |= mr->range[0].min_ip & netmask; 70 new_ip |= mr->range[0].min_ip & netmask;
71 71
72 newrange = ((struct nf_nat_range) 72 newrange = ((struct nf_nat_range)
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c
index 6ac7a2373316..f7cf7d61a2d4 100644
--- a/net/ipv4/netfilter/ipt_REDIRECT.c
+++ b/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -47,7 +47,7 @@ redirect_check(const char *tablename,
47} 47}
48 48
49static unsigned int 49static unsigned int
50redirect_target(struct sk_buff **pskb, 50redirect_target(struct sk_buff *skb,
51 const struct net_device *in, 51 const struct net_device *in,
52 const struct net_device *out, 52 const struct net_device *out,
53 unsigned int hooknum, 53 unsigned int hooknum,
@@ -63,7 +63,7 @@ redirect_target(struct sk_buff **pskb,
63 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING 63 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING
64 || hooknum == NF_IP_LOCAL_OUT); 64 || hooknum == NF_IP_LOCAL_OUT);
65 65
66 ct = nf_ct_get(*pskb, &ctinfo); 66 ct = nf_ct_get(skb, &ctinfo);
67 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); 67 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
68 68
69 /* Local packets: make them go to loopback */ 69 /* Local packets: make them go to loopback */
@@ -76,7 +76,7 @@ redirect_target(struct sk_buff **pskb,
76 newdst = 0; 76 newdst = 0;
77 77
78 rcu_read_lock(); 78 rcu_read_lock();
79 indev = __in_dev_get_rcu((*pskb)->dev); 79 indev = __in_dev_get_rcu(skb->dev);
80 if (indev && (ifa = indev->ifa_list)) 80 if (indev && (ifa = indev->ifa_list))
81 newdst = ifa->ifa_local; 81 newdst = ifa->ifa_local;
82 rcu_read_unlock(); 82 rcu_read_unlock();
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index cb038c8fbc9d..dcf4d21d5116 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -131,7 +131,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
131 ) 131 )
132 addr_type = RTN_LOCAL; 132 addr_type = RTN_LOCAL;
133 133
134 if (ip_route_me_harder(&nskb, addr_type)) 134 if (ip_route_me_harder(nskb, addr_type))
135 goto free_nskb; 135 goto free_nskb;
136 136
137 nskb->ip_summed = CHECKSUM_NONE; 137 nskb->ip_summed = CHECKSUM_NONE;
@@ -162,7 +162,7 @@ static inline void send_unreach(struct sk_buff *skb_in, int code)
162 icmp_send(skb_in, ICMP_DEST_UNREACH, code, 0); 162 icmp_send(skb_in, ICMP_DEST_UNREACH, code, 0);
163} 163}
164 164
165static unsigned int reject(struct sk_buff **pskb, 165static unsigned int reject(struct sk_buff *skb,
166 const struct net_device *in, 166 const struct net_device *in,
167 const struct net_device *out, 167 const struct net_device *out,
168 unsigned int hooknum, 168 unsigned int hooknum,
@@ -173,7 +173,7 @@ static unsigned int reject(struct sk_buff **pskb,
173 173
174 /* Our naive response construction doesn't deal with IP 174 /* Our naive response construction doesn't deal with IP
175 options, and probably shouldn't try. */ 175 options, and probably shouldn't try. */
176 if (ip_hdrlen(*pskb) != sizeof(struct iphdr)) 176 if (ip_hdrlen(skb) != sizeof(struct iphdr))
177 return NF_DROP; 177 return NF_DROP;
178 178
179 /* WARNING: This code causes reentry within iptables. 179 /* WARNING: This code causes reentry within iptables.
@@ -181,28 +181,28 @@ static unsigned int reject(struct sk_buff **pskb,
181 must return an absolute verdict. --RR */ 181 must return an absolute verdict. --RR */
182 switch (reject->with) { 182 switch (reject->with) {
183 case IPT_ICMP_NET_UNREACHABLE: 183 case IPT_ICMP_NET_UNREACHABLE:
184 send_unreach(*pskb, ICMP_NET_UNREACH); 184 send_unreach(skb, ICMP_NET_UNREACH);
185 break; 185 break;
186 case IPT_ICMP_HOST_UNREACHABLE: 186 case IPT_ICMP_HOST_UNREACHABLE:
187 send_unreach(*pskb, ICMP_HOST_UNREACH); 187 send_unreach(skb, ICMP_HOST_UNREACH);
188 break; 188 break;
189 case IPT_ICMP_PROT_UNREACHABLE: 189 case IPT_ICMP_PROT_UNREACHABLE:
190 send_unreach(*pskb, ICMP_PROT_UNREACH); 190 send_unreach(skb, ICMP_PROT_UNREACH);
191 break; 191 break;
192 case IPT_ICMP_PORT_UNREACHABLE: 192 case IPT_ICMP_PORT_UNREACHABLE:
193 send_unreach(*pskb, ICMP_PORT_UNREACH); 193 send_unreach(skb, ICMP_PORT_UNREACH);
194 break; 194 break;
195 case IPT_ICMP_NET_PROHIBITED: 195 case IPT_ICMP_NET_PROHIBITED:
196 send_unreach(*pskb, ICMP_NET_ANO); 196 send_unreach(skb, ICMP_NET_ANO);
197 break; 197 break;
198 case IPT_ICMP_HOST_PROHIBITED: 198 case IPT_ICMP_HOST_PROHIBITED:
199 send_unreach(*pskb, ICMP_HOST_ANO); 199 send_unreach(skb, ICMP_HOST_ANO);
200 break; 200 break;
201 case IPT_ICMP_ADMIN_PROHIBITED: 201 case IPT_ICMP_ADMIN_PROHIBITED:
202 send_unreach(*pskb, ICMP_PKT_FILTERED); 202 send_unreach(skb, ICMP_PKT_FILTERED);
203 break; 203 break;
204 case IPT_TCP_RESET: 204 case IPT_TCP_RESET:
205 send_reset(*pskb, hooknum); 205 send_reset(skb, hooknum);
206 case IPT_ICMP_ECHOREPLY: 206 case IPT_ICMP_ECHOREPLY:
207 /* Doesn't happen. */ 207 /* Doesn't happen. */
208 break; 208 break;
diff --git a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c
index 97641f1a97f6..8988571436b8 100644
--- a/net/ipv4/netfilter/ipt_SAME.c
+++ b/net/ipv4/netfilter/ipt_SAME.c
@@ -104,7 +104,7 @@ same_destroy(const struct xt_target *target, void *targinfo)
104} 104}
105 105
106static unsigned int 106static unsigned int
107same_target(struct sk_buff **pskb, 107same_target(struct sk_buff *skb,
108 const struct net_device *in, 108 const struct net_device *in,
109 const struct net_device *out, 109 const struct net_device *out,
110 unsigned int hooknum, 110 unsigned int hooknum,
@@ -121,7 +121,7 @@ same_target(struct sk_buff **pskb,
121 121
122 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || 122 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING ||
123 hooknum == NF_IP_POST_ROUTING); 123 hooknum == NF_IP_POST_ROUTING);
124 ct = nf_ct_get(*pskb, &ctinfo); 124 ct = nf_ct_get(skb, &ctinfo);
125 125
126 t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; 126 t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
127 127
diff --git a/net/ipv4/netfilter/ipt_TOS.c b/net/ipv4/netfilter/ipt_TOS.c
index 87b689ac09a5..d4573baa7f27 100644
--- a/net/ipv4/netfilter/ipt_TOS.c
+++ b/net/ipv4/netfilter/ipt_TOS.c
@@ -21,7 +21,7 @@ MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
21MODULE_DESCRIPTION("iptables TOS mangling module"); 21MODULE_DESCRIPTION("iptables TOS mangling module");
22 22
23static unsigned int 23static unsigned int
24target(struct sk_buff **pskb, 24target(struct sk_buff *skb,
25 const struct net_device *in, 25 const struct net_device *in,
26 const struct net_device *out, 26 const struct net_device *out,
27 unsigned int hooknum, 27 unsigned int hooknum,
@@ -29,13 +29,13 @@ target(struct sk_buff **pskb,
29 const void *targinfo) 29 const void *targinfo)
30{ 30{
31 const struct ipt_tos_target_info *tosinfo = targinfo; 31 const struct ipt_tos_target_info *tosinfo = targinfo;
32 struct iphdr *iph = ip_hdr(*pskb); 32 struct iphdr *iph = ip_hdr(skb);
33 33
34 if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) { 34 if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) {
35 __u8 oldtos; 35 __u8 oldtos;
36 if (!skb_make_writable(*pskb, sizeof(struct iphdr))) 36 if (!skb_make_writable(skb, sizeof(struct iphdr)))
37 return NF_DROP; 37 return NF_DROP;
38 iph = ip_hdr(*pskb); 38 iph = ip_hdr(skb);
39 oldtos = iph->tos; 39 oldtos = iph->tos;
40 iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos; 40 iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos;
41 nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos)); 41 nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos));
diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c
index 3dd467611e11..c620a0527666 100644
--- a/net/ipv4/netfilter/ipt_TTL.c
+++ b/net/ipv4/netfilter/ipt_TTL.c
@@ -20,7 +20,7 @@ MODULE_DESCRIPTION("IP tables TTL modification module");
20MODULE_LICENSE("GPL"); 20MODULE_LICENSE("GPL");
21 21
22static unsigned int 22static unsigned int
23ipt_ttl_target(struct sk_buff **pskb, 23ipt_ttl_target(struct sk_buff *skb,
24 const struct net_device *in, const struct net_device *out, 24 const struct net_device *in, const struct net_device *out,
25 unsigned int hooknum, const struct xt_target *target, 25 unsigned int hooknum, const struct xt_target *target,
26 const void *targinfo) 26 const void *targinfo)
@@ -29,10 +29,10 @@ ipt_ttl_target(struct sk_buff **pskb,
29 const struct ipt_TTL_info *info = targinfo; 29 const struct ipt_TTL_info *info = targinfo;
30 int new_ttl; 30 int new_ttl;
31 31
32 if (!skb_make_writable(*pskb, (*pskb)->len)) 32 if (!skb_make_writable(skb, skb->len))
33 return NF_DROP; 33 return NF_DROP;
34 34
35 iph = ip_hdr(*pskb); 35 iph = ip_hdr(skb);
36 36
37 switch (info->mode) { 37 switch (info->mode) {
38 case IPT_TTL_SET: 38 case IPT_TTL_SET:
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index c636d6d63574..212b830765a4 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -279,7 +279,7 @@ alloc_failure:
279 spin_unlock_bh(&ulog_lock); 279 spin_unlock_bh(&ulog_lock);
280} 280}
281 281
282static unsigned int ipt_ulog_target(struct sk_buff **pskb, 282static unsigned int ipt_ulog_target(struct sk_buff *skb,
283 const struct net_device *in, 283 const struct net_device *in,
284 const struct net_device *out, 284 const struct net_device *out,
285 unsigned int hooknum, 285 unsigned int hooknum,
@@ -288,7 +288,7 @@ static unsigned int ipt_ulog_target(struct sk_buff **pskb,
288{ 288{
289 struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; 289 struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
290 290
291 ipt_ulog_packet(hooknum, *pskb, in, out, loginfo, NULL); 291 ipt_ulog_packet(hooknum, skb, in, out, loginfo, NULL);
292 292
293 return XT_CONTINUE; 293 return XT_CONTINUE;
294} 294}
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c
index 4f51c1d7d2d6..ba3262c60437 100644
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -62,31 +62,31 @@ static struct xt_table packet_filter = {
62/* The work comes in here from netfilter.c. */ 62/* The work comes in here from netfilter.c. */
63static unsigned int 63static unsigned int
64ipt_hook(unsigned int hook, 64ipt_hook(unsigned int hook,
65 struct sk_buff **pskb, 65 struct sk_buff *skb,
66 const struct net_device *in, 66 const struct net_device *in,
67 const struct net_device *out, 67 const struct net_device *out,
68 int (*okfn)(struct sk_buff *)) 68 int (*okfn)(struct sk_buff *))
69{ 69{
70 return ipt_do_table(pskb, hook, in, out, &packet_filter); 70 return ipt_do_table(skb, hook, in, out, &packet_filter);
71} 71}
72 72
73static unsigned int 73static unsigned int
74ipt_local_out_hook(unsigned int hook, 74ipt_local_out_hook(unsigned int hook,
75 struct sk_buff **pskb, 75 struct sk_buff *skb,
76 const struct net_device *in, 76 const struct net_device *in,
77 const struct net_device *out, 77 const struct net_device *out,
78 int (*okfn)(struct sk_buff *)) 78 int (*okfn)(struct sk_buff *))
79{ 79{
80 /* root is playing with raw sockets. */ 80 /* root is playing with raw sockets. */
81 if ((*pskb)->len < sizeof(struct iphdr) 81 if (skb->len < sizeof(struct iphdr) ||
82 || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 82 ip_hdrlen(skb) < sizeof(struct iphdr)) {
83 if (net_ratelimit()) 83 if (net_ratelimit())
84 printk("iptable_filter: ignoring short SOCK_RAW " 84 printk("iptable_filter: ignoring short SOCK_RAW "
85 "packet.\n"); 85 "packet.\n");
86 return NF_ACCEPT; 86 return NF_ACCEPT;
87 } 87 }
88 88
89 return ipt_do_table(pskb, hook, in, out, &packet_filter); 89 return ipt_do_table(skb, hook, in, out, &packet_filter);
90} 90}
91 91
92static struct nf_hook_ops ipt_ops[] = { 92static struct nf_hook_ops ipt_ops[] = {
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index 902446f7cbca..b4360a69d5ca 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -75,17 +75,17 @@ static struct xt_table packet_mangler = {
75/* The work comes in here from netfilter.c. */ 75/* The work comes in here from netfilter.c. */
76static unsigned int 76static unsigned int
77ipt_route_hook(unsigned int hook, 77ipt_route_hook(unsigned int hook,
78 struct sk_buff **pskb, 78 struct sk_buff *skb,
79 const struct net_device *in, 79 const struct net_device *in,
80 const struct net_device *out, 80 const struct net_device *out,
81 int (*okfn)(struct sk_buff *)) 81 int (*okfn)(struct sk_buff *))
82{ 82{
83 return ipt_do_table(pskb, hook, in, out, &packet_mangler); 83 return ipt_do_table(skb, hook, in, out, &packet_mangler);
84} 84}
85 85
86static unsigned int 86static unsigned int
87ipt_local_hook(unsigned int hook, 87ipt_local_hook(unsigned int hook,
88 struct sk_buff **pskb, 88 struct sk_buff *skb,
89 const struct net_device *in, 89 const struct net_device *in,
90 const struct net_device *out, 90 const struct net_device *out,
91 int (*okfn)(struct sk_buff *)) 91 int (*okfn)(struct sk_buff *))
@@ -97,8 +97,8 @@ ipt_local_hook(unsigned int hook,
97 u_int32_t mark; 97 u_int32_t mark;
98 98
99 /* root is playing with raw sockets. */ 99 /* root is playing with raw sockets. */
100 if ((*pskb)->len < sizeof(struct iphdr) 100 if (skb->len < sizeof(struct iphdr)
101 || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 101 || ip_hdrlen(skb) < sizeof(struct iphdr)) {
102 if (net_ratelimit()) 102 if (net_ratelimit())
103 printk("iptable_mangle: ignoring short SOCK_RAW " 103 printk("iptable_mangle: ignoring short SOCK_RAW "
104 "packet.\n"); 104 "packet.\n");
@@ -106,22 +106,22 @@ ipt_local_hook(unsigned int hook,
106 } 106 }
107 107
108 /* Save things which could affect route */ 108 /* Save things which could affect route */
109 mark = (*pskb)->mark; 109 mark = skb->mark;
110 iph = ip_hdr(*pskb); 110 iph = ip_hdr(skb);
111 saddr = iph->saddr; 111 saddr = iph->saddr;
112 daddr = iph->daddr; 112 daddr = iph->daddr;
113 tos = iph->tos; 113 tos = iph->tos;
114 114
115 ret = ipt_do_table(pskb, hook, in, out, &packet_mangler); 115 ret = ipt_do_table(skb, hook, in, out, &packet_mangler);
116 /* Reroute for ANY change. */ 116 /* Reroute for ANY change. */
117 if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) { 117 if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) {
118 iph = ip_hdr(*pskb); 118 iph = ip_hdr(skb);
119 119
120 if (iph->saddr != saddr || 120 if (iph->saddr != saddr ||
121 iph->daddr != daddr || 121 iph->daddr != daddr ||
122 (*pskb)->mark != mark || 122 skb->mark != mark ||
123 iph->tos != tos) 123 iph->tos != tos)
124 if (ip_route_me_harder(pskb, RTN_UNSPEC)) 124 if (ip_route_me_harder(skb, RTN_UNSPEC))
125 ret = NF_DROP; 125 ret = NF_DROP;
126 } 126 }
127 127
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c
index d6e503395684..5de6e57ac55c 100644
--- a/net/ipv4/netfilter/iptable_raw.c
+++ b/net/ipv4/netfilter/iptable_raw.c
@@ -47,30 +47,30 @@ static struct xt_table packet_raw = {
47/* The work comes in here from netfilter.c. */ 47/* The work comes in here from netfilter.c. */
48static unsigned int 48static unsigned int
49ipt_hook(unsigned int hook, 49ipt_hook(unsigned int hook,
50 struct sk_buff **pskb, 50 struct sk_buff *skb,
51 const struct net_device *in, 51 const struct net_device *in,
52 const struct net_device *out, 52 const struct net_device *out,
53 int (*okfn)(struct sk_buff *)) 53 int (*okfn)(struct sk_buff *))
54{ 54{
55 return ipt_do_table(pskb, hook, in, out, &packet_raw); 55 return ipt_do_table(skb, hook, in, out, &packet_raw);
56} 56}
57 57
58static unsigned int 58static unsigned int
59ipt_local_hook(unsigned int hook, 59ipt_local_hook(unsigned int hook,
60 struct sk_buff **pskb, 60 struct sk_buff *skb,
61 const struct net_device *in, 61 const struct net_device *in,
62 const struct net_device *out, 62 const struct net_device *out,
63 int (*okfn)(struct sk_buff *)) 63 int (*okfn)(struct sk_buff *))
64{ 64{
65 /* root is playing with raw sockets. */ 65 /* root is playing with raw sockets. */
66 if ((*pskb)->len < sizeof(struct iphdr) || 66 if (skb->len < sizeof(struct iphdr) ||
67 ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 67 ip_hdrlen(skb) < sizeof(struct iphdr)) {
68 if (net_ratelimit()) 68 if (net_ratelimit())
69 printk("iptable_raw: ignoring short SOCK_RAW" 69 printk("iptable_raw: ignoring short SOCK_RAW"
70 "packet.\n"); 70 "packet.\n");
71 return NF_ACCEPT; 71 return NF_ACCEPT;
72 } 72 }
73 return ipt_do_table(pskb, hook, in, out, &packet_raw); 73 return ipt_do_table(skb, hook, in, out, &packet_raw);
74} 74}
75 75
76/* 'raw' is the very first table. */ 76/* 'raw' is the very first table. */
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 48fdd9eb1c71..831e9b29806d 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -100,17 +100,17 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
100} 100}
101 101
102static unsigned int ipv4_confirm(unsigned int hooknum, 102static unsigned int ipv4_confirm(unsigned int hooknum,
103 struct sk_buff **pskb, 103 struct sk_buff *skb,
104 const struct net_device *in, 104 const struct net_device *in,
105 const struct net_device *out, 105 const struct net_device *out,
106 int (*okfn)(struct sk_buff *)) 106 int (*okfn)(struct sk_buff *))
107{ 107{
108 /* We've seen it coming out the other side: confirm it */ 108 /* We've seen it coming out the other side: confirm it */
109 return nf_conntrack_confirm(pskb); 109 return nf_conntrack_confirm(skb);
110} 110}
111 111
112static unsigned int ipv4_conntrack_help(unsigned int hooknum, 112static unsigned int ipv4_conntrack_help(unsigned int hooknum,
113 struct sk_buff **pskb, 113 struct sk_buff *skb,
114 const struct net_device *in, 114 const struct net_device *in,
115 const struct net_device *out, 115 const struct net_device *out,
116 int (*okfn)(struct sk_buff *)) 116 int (*okfn)(struct sk_buff *))
@@ -121,7 +121,7 @@ static unsigned int ipv4_conntrack_help(unsigned int hooknum,
121 struct nf_conntrack_helper *helper; 121 struct nf_conntrack_helper *helper;
122 122
123 /* This is where we call the helper: as the packet goes out. */ 123 /* This is where we call the helper: as the packet goes out. */
124 ct = nf_ct_get(*pskb, &ctinfo); 124 ct = nf_ct_get(skb, &ctinfo);
125 if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY) 125 if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)
126 return NF_ACCEPT; 126 return NF_ACCEPT;
127 127
@@ -132,24 +132,24 @@ static unsigned int ipv4_conntrack_help(unsigned int hooknum,
132 helper = rcu_dereference(help->helper); 132 helper = rcu_dereference(help->helper);
133 if (!helper) 133 if (!helper)
134 return NF_ACCEPT; 134 return NF_ACCEPT;
135 return helper->help(pskb, skb_network_offset(*pskb) + ip_hdrlen(*pskb), 135 return helper->help(skb, skb_network_offset(skb) + ip_hdrlen(skb),
136 ct, ctinfo); 136 ct, ctinfo);
137} 137}
138 138
139static unsigned int ipv4_conntrack_defrag(unsigned int hooknum, 139static unsigned int ipv4_conntrack_defrag(unsigned int hooknum,
140 struct sk_buff **pskb, 140 struct sk_buff *skb,
141 const struct net_device *in, 141 const struct net_device *in,
142 const struct net_device *out, 142 const struct net_device *out,
143 int (*okfn)(struct sk_buff *)) 143 int (*okfn)(struct sk_buff *))
144{ 144{
145 /* Previously seen (loopback)? Ignore. Do this before 145 /* Previously seen (loopback)? Ignore. Do this before
146 fragment check. */ 146 fragment check. */
147 if ((*pskb)->nfct) 147 if (skb->nfct)
148 return NF_ACCEPT; 148 return NF_ACCEPT;
149 149
150 /* Gather fragments. */ 150 /* Gather fragments. */
151 if (ip_hdr(*pskb)->frag_off & htons(IP_MF | IP_OFFSET)) { 151 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
152 if (nf_ct_ipv4_gather_frags(*pskb, 152 if (nf_ct_ipv4_gather_frags(skb,
153 hooknum == NF_IP_PRE_ROUTING ? 153 hooknum == NF_IP_PRE_ROUTING ?
154 IP_DEFRAG_CONNTRACK_IN : 154 IP_DEFRAG_CONNTRACK_IN :
155 IP_DEFRAG_CONNTRACK_OUT)) 155 IP_DEFRAG_CONNTRACK_OUT))
@@ -159,28 +159,28 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum,
159} 159}
160 160
161static unsigned int ipv4_conntrack_in(unsigned int hooknum, 161static unsigned int ipv4_conntrack_in(unsigned int hooknum,
162 struct sk_buff **pskb, 162 struct sk_buff *skb,
163 const struct net_device *in, 163 const struct net_device *in,
164 const struct net_device *out, 164 const struct net_device *out,
165 int (*okfn)(struct sk_buff *)) 165 int (*okfn)(struct sk_buff *))
166{ 166{
167 return nf_conntrack_in(PF_INET, hooknum, pskb); 167 return nf_conntrack_in(PF_INET, hooknum, skb);
168} 168}
169 169
170static unsigned int ipv4_conntrack_local(unsigned int hooknum, 170static unsigned int ipv4_conntrack_local(unsigned int hooknum,
171 struct sk_buff **pskb, 171 struct sk_buff *skb,
172 const struct net_device *in, 172 const struct net_device *in,
173 const struct net_device *out, 173 const struct net_device *out,
174 int (*okfn)(struct sk_buff *)) 174 int (*okfn)(struct sk_buff *))
175{ 175{
176 /* root is playing with raw sockets. */ 176 /* root is playing with raw sockets. */
177 if ((*pskb)->len < sizeof(struct iphdr) 177 if (skb->len < sizeof(struct iphdr) ||
178 || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 178 ip_hdrlen(skb) < sizeof(struct iphdr)) {
179 if (net_ratelimit()) 179 if (net_ratelimit())
180 printk("ipt_hook: happy cracking.\n"); 180 printk("ipt_hook: happy cracking.\n");
181 return NF_ACCEPT; 181 return NF_ACCEPT;
182 } 182 }
183 return nf_conntrack_in(PF_INET, hooknum, pskb); 183 return nf_conntrack_in(PF_INET, hooknum, skb);
184} 184}
185 185
186/* Connection tracking may drop packets, but never alters them, so 186/* Connection tracking may drop packets, but never alters them, so
diff --git a/net/ipv4/netfilter/nf_nat_amanda.c b/net/ipv4/netfilter/nf_nat_amanda.c
index bd93a1d71052..35a5aa69cd92 100644
--- a/net/ipv4/netfilter/nf_nat_amanda.c
+++ b/net/ipv4/netfilter/nf_nat_amanda.c
@@ -24,7 +24,7 @@ MODULE_DESCRIPTION("Amanda NAT helper");
24MODULE_LICENSE("GPL"); 24MODULE_LICENSE("GPL");
25MODULE_ALIAS("ip_nat_amanda"); 25MODULE_ALIAS("ip_nat_amanda");
26 26
27static unsigned int help(struct sk_buff **pskb, 27static unsigned int help(struct sk_buff *skb,
28 enum ip_conntrack_info ctinfo, 28 enum ip_conntrack_info ctinfo,
29 unsigned int matchoff, 29 unsigned int matchoff,
30 unsigned int matchlen, 30 unsigned int matchlen,
@@ -53,7 +53,7 @@ static unsigned int help(struct sk_buff **pskb,
53 return NF_DROP; 53 return NF_DROP;
54 54
55 sprintf(buffer, "%u", port); 55 sprintf(buffer, "%u", port);
56 ret = nf_nat_mangle_udp_packet(pskb, exp->master, ctinfo, 56 ret = nf_nat_mangle_udp_packet(skb, exp->master, ctinfo,
57 matchoff, matchlen, 57 matchoff, matchlen,
58 buffer, strlen(buffer)); 58 buffer, strlen(buffer));
59 if (ret != NF_ACCEPT) 59 if (ret != NF_ACCEPT)
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 3b5eb7c1a13c..56e93f692e82 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -349,7 +349,7 @@ EXPORT_SYMBOL(nf_nat_setup_info);
349/* Returns true if succeeded. */ 349/* Returns true if succeeded. */
350static int 350static int
351manip_pkt(u_int16_t proto, 351manip_pkt(u_int16_t proto,
352 struct sk_buff **pskb, 352 struct sk_buff *skb,
353 unsigned int iphdroff, 353 unsigned int iphdroff,
354 const struct nf_conntrack_tuple *target, 354 const struct nf_conntrack_tuple *target,
355 enum nf_nat_manip_type maniptype) 355 enum nf_nat_manip_type maniptype)
@@ -357,19 +357,19 @@ manip_pkt(u_int16_t proto,
357 struct iphdr *iph; 357 struct iphdr *iph;
358 struct nf_nat_protocol *p; 358 struct nf_nat_protocol *p;
359 359
360 if (!skb_make_writable(*pskb, iphdroff + sizeof(*iph))) 360 if (!skb_make_writable(skb, iphdroff + sizeof(*iph)))
361 return 0; 361 return 0;
362 362
363 iph = (void *)(*pskb)->data + iphdroff; 363 iph = (void *)skb->data + iphdroff;
364 364
365 /* Manipulate protcol part. */ 365 /* Manipulate protcol part. */
366 366
367 /* rcu_read_lock()ed by nf_hook_slow */ 367 /* rcu_read_lock()ed by nf_hook_slow */
368 p = __nf_nat_proto_find(proto); 368 p = __nf_nat_proto_find(proto);
369 if (!p->manip_pkt(pskb, iphdroff, target, maniptype)) 369 if (!p->manip_pkt(skb, iphdroff, target, maniptype))
370 return 0; 370 return 0;
371 371
372 iph = (void *)(*pskb)->data + iphdroff; 372 iph = (void *)skb->data + iphdroff;
373 373
374 if (maniptype == IP_NAT_MANIP_SRC) { 374 if (maniptype == IP_NAT_MANIP_SRC) {
375 nf_csum_replace4(&iph->check, iph->saddr, target->src.u3.ip); 375 nf_csum_replace4(&iph->check, iph->saddr, target->src.u3.ip);
@@ -385,7 +385,7 @@ manip_pkt(u_int16_t proto,
385unsigned int nf_nat_packet(struct nf_conn *ct, 385unsigned int nf_nat_packet(struct nf_conn *ct,
386 enum ip_conntrack_info ctinfo, 386 enum ip_conntrack_info ctinfo,
387 unsigned int hooknum, 387 unsigned int hooknum,
388 struct sk_buff **pskb) 388 struct sk_buff *skb)
389{ 389{
390 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 390 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
391 unsigned long statusbit; 391 unsigned long statusbit;
@@ -407,7 +407,7 @@ unsigned int nf_nat_packet(struct nf_conn *ct,
407 /* We are aiming to look like inverse of other direction. */ 407 /* We are aiming to look like inverse of other direction. */
408 nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple); 408 nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple);
409 409
410 if (!manip_pkt(target.dst.protonum, pskb, 0, &target, mtype)) 410 if (!manip_pkt(target.dst.protonum, skb, 0, &target, mtype))
411 return NF_DROP; 411 return NF_DROP;
412 } 412 }
413 return NF_ACCEPT; 413 return NF_ACCEPT;
@@ -418,7 +418,7 @@ EXPORT_SYMBOL_GPL(nf_nat_packet);
418int nf_nat_icmp_reply_translation(struct nf_conn *ct, 418int nf_nat_icmp_reply_translation(struct nf_conn *ct,
419 enum ip_conntrack_info ctinfo, 419 enum ip_conntrack_info ctinfo,
420 unsigned int hooknum, 420 unsigned int hooknum,
421 struct sk_buff **pskb) 421 struct sk_buff *skb)
422{ 422{
423 struct { 423 struct {
424 struct icmphdr icmp; 424 struct icmphdr icmp;
@@ -426,24 +426,24 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
426 } *inside; 426 } *inside;
427 struct nf_conntrack_l4proto *l4proto; 427 struct nf_conntrack_l4proto *l4proto;
428 struct nf_conntrack_tuple inner, target; 428 struct nf_conntrack_tuple inner, target;
429 int hdrlen = ip_hdrlen(*pskb); 429 int hdrlen = ip_hdrlen(skb);
430 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 430 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
431 unsigned long statusbit; 431 unsigned long statusbit;
432 enum nf_nat_manip_type manip = HOOK2MANIP(hooknum); 432 enum nf_nat_manip_type manip = HOOK2MANIP(hooknum);
433 433
434 if (!skb_make_writable(*pskb, hdrlen + sizeof(*inside))) 434 if (!skb_make_writable(skb, hdrlen + sizeof(*inside)))
435 return 0; 435 return 0;
436 436
437 inside = (void *)(*pskb)->data + ip_hdrlen(*pskb); 437 inside = (void *)skb->data + ip_hdrlen(skb);
438 438
439 /* We're actually going to mangle it beyond trivial checksum 439 /* We're actually going to mangle it beyond trivial checksum
440 adjustment, so make sure the current checksum is correct. */ 440 adjustment, so make sure the current checksum is correct. */
441 if (nf_ip_checksum(*pskb, hooknum, hdrlen, 0)) 441 if (nf_ip_checksum(skb, hooknum, hdrlen, 0))
442 return 0; 442 return 0;
443 443
444 /* Must be RELATED */ 444 /* Must be RELATED */
445 NF_CT_ASSERT((*pskb)->nfctinfo == IP_CT_RELATED || 445 NF_CT_ASSERT(skb->nfctinfo == IP_CT_RELATED ||
446 (*pskb)->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY); 446 skb->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY);
447 447
448 /* Redirects on non-null nats must be dropped, else they'll 448 /* Redirects on non-null nats must be dropped, else they'll
449 start talking to each other without our translation, and be 449 start talking to each other without our translation, and be
@@ -458,15 +458,15 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
458 } 458 }
459 459
460 pr_debug("icmp_reply_translation: translating error %p manip %u " 460 pr_debug("icmp_reply_translation: translating error %p manip %u "
461 "dir %s\n", *pskb, manip, 461 "dir %s\n", skb, manip,
462 dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY"); 462 dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY");
463 463
464 /* rcu_read_lock()ed by nf_hook_slow */ 464 /* rcu_read_lock()ed by nf_hook_slow */
465 l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol); 465 l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol);
466 466
467 if (!nf_ct_get_tuple(*pskb, 467 if (!nf_ct_get_tuple(skb,
468 ip_hdrlen(*pskb) + sizeof(struct icmphdr), 468 ip_hdrlen(skb) + sizeof(struct icmphdr),
469 (ip_hdrlen(*pskb) + 469 (ip_hdrlen(skb) +
470 sizeof(struct icmphdr) + inside->ip.ihl * 4), 470 sizeof(struct icmphdr) + inside->ip.ihl * 4),
471 (u_int16_t)AF_INET, 471 (u_int16_t)AF_INET,
472 inside->ip.protocol, 472 inside->ip.protocol,
@@ -478,19 +478,19 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
478 pass all hooks (locally-generated ICMP). Consider incoming 478 pass all hooks (locally-generated ICMP). Consider incoming
479 packet: PREROUTING (DST manip), routing produces ICMP, goes 479 packet: PREROUTING (DST manip), routing produces ICMP, goes
480 through POSTROUTING (which must correct the DST manip). */ 480 through POSTROUTING (which must correct the DST manip). */
481 if (!manip_pkt(inside->ip.protocol, pskb, 481 if (!manip_pkt(inside->ip.protocol, skb,
482 ip_hdrlen(*pskb) + sizeof(inside->icmp), 482 ip_hdrlen(skb) + sizeof(inside->icmp),
483 &ct->tuplehash[!dir].tuple, 483 &ct->tuplehash[!dir].tuple,
484 !manip)) 484 !manip))
485 return 0; 485 return 0;
486 486
487 if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { 487 if (skb->ip_summed != CHECKSUM_PARTIAL) {
488 /* Reloading "inside" here since manip_pkt inner. */ 488 /* Reloading "inside" here since manip_pkt inner. */
489 inside = (void *)(*pskb)->data + ip_hdrlen(*pskb); 489 inside = (void *)skb->data + ip_hdrlen(skb);
490 inside->icmp.checksum = 0; 490 inside->icmp.checksum = 0;
491 inside->icmp.checksum = 491 inside->icmp.checksum =
492 csum_fold(skb_checksum(*pskb, hdrlen, 492 csum_fold(skb_checksum(skb, hdrlen,
493 (*pskb)->len - hdrlen, 0)); 493 skb->len - hdrlen, 0));
494 } 494 }
495 495
496 /* Change outer to look the reply to an incoming packet 496 /* Change outer to look the reply to an incoming packet
@@ -506,7 +506,7 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
506 506
507 if (ct->status & statusbit) { 507 if (ct->status & statusbit) {
508 nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple); 508 nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple);
509 if (!manip_pkt(0, pskb, 0, &target, manip)) 509 if (!manip_pkt(0, skb, 0, &target, manip))
510 return 0; 510 return 0;
511 } 511 }
512 512
diff --git a/net/ipv4/netfilter/nf_nat_ftp.c b/net/ipv4/netfilter/nf_nat_ftp.c
index 3663bd879c39..e1a16d3ea4cb 100644
--- a/net/ipv4/netfilter/nf_nat_ftp.c
+++ b/net/ipv4/netfilter/nf_nat_ftp.c
@@ -28,7 +28,7 @@ MODULE_ALIAS("ip_nat_ftp");
28/* FIXME: Time out? --RR */ 28/* FIXME: Time out? --RR */
29 29
30static int 30static int
31mangle_rfc959_packet(struct sk_buff **pskb, 31mangle_rfc959_packet(struct sk_buff *skb,
32 __be32 newip, 32 __be32 newip,
33 u_int16_t port, 33 u_int16_t port,
34 unsigned int matchoff, 34 unsigned int matchoff,
@@ -43,13 +43,13 @@ mangle_rfc959_packet(struct sk_buff **pskb,
43 43
44 pr_debug("calling nf_nat_mangle_tcp_packet\n"); 44 pr_debug("calling nf_nat_mangle_tcp_packet\n");
45 45
46 return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, 46 return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
47 matchlen, buffer, strlen(buffer)); 47 matchlen, buffer, strlen(buffer));
48} 48}
49 49
50/* |1|132.235.1.2|6275| */ 50/* |1|132.235.1.2|6275| */
51static int 51static int
52mangle_eprt_packet(struct sk_buff **pskb, 52mangle_eprt_packet(struct sk_buff *skb,
53 __be32 newip, 53 __be32 newip,
54 u_int16_t port, 54 u_int16_t port,
55 unsigned int matchoff, 55 unsigned int matchoff,
@@ -63,13 +63,13 @@ mangle_eprt_packet(struct sk_buff **pskb,
63 63
64 pr_debug("calling nf_nat_mangle_tcp_packet\n"); 64 pr_debug("calling nf_nat_mangle_tcp_packet\n");
65 65
66 return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, 66 return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
67 matchlen, buffer, strlen(buffer)); 67 matchlen, buffer, strlen(buffer));
68} 68}
69 69
70/* |1|132.235.1.2|6275| */ 70/* |1|132.235.1.2|6275| */
71static int 71static int
72mangle_epsv_packet(struct sk_buff **pskb, 72mangle_epsv_packet(struct sk_buff *skb,
73 __be32 newip, 73 __be32 newip,
74 u_int16_t port, 74 u_int16_t port,
75 unsigned int matchoff, 75 unsigned int matchoff,
@@ -83,11 +83,11 @@ mangle_epsv_packet(struct sk_buff **pskb,
83 83
84 pr_debug("calling nf_nat_mangle_tcp_packet\n"); 84 pr_debug("calling nf_nat_mangle_tcp_packet\n");
85 85
86 return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, 86 return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
87 matchlen, buffer, strlen(buffer)); 87 matchlen, buffer, strlen(buffer));
88} 88}
89 89
90static int (*mangle[])(struct sk_buff **, __be32, u_int16_t, 90static int (*mangle[])(struct sk_buff *, __be32, u_int16_t,
91 unsigned int, unsigned int, struct nf_conn *, 91 unsigned int, unsigned int, struct nf_conn *,
92 enum ip_conntrack_info) 92 enum ip_conntrack_info)
93= { 93= {
@@ -99,7 +99,7 @@ static int (*mangle[])(struct sk_buff **, __be32, u_int16_t,
99 99
100/* So, this packet has hit the connection tracking matching code. 100/* So, this packet has hit the connection tracking matching code.
101 Mangle it, and change the expectation to match the new version. */ 101 Mangle it, and change the expectation to match the new version. */
102static unsigned int nf_nat_ftp(struct sk_buff **pskb, 102static unsigned int nf_nat_ftp(struct sk_buff *skb,
103 enum ip_conntrack_info ctinfo, 103 enum ip_conntrack_info ctinfo,
104 enum nf_ct_ftp_type type, 104 enum nf_ct_ftp_type type,
105 unsigned int matchoff, 105 unsigned int matchoff,
@@ -132,7 +132,7 @@ static unsigned int nf_nat_ftp(struct sk_buff **pskb,
132 if (port == 0) 132 if (port == 0)
133 return NF_DROP; 133 return NF_DROP;
134 134
135 if (!mangle[type](pskb, newip, port, matchoff, matchlen, ct, ctinfo)) { 135 if (!mangle[type](skb, newip, port, matchoff, matchlen, ct, ctinfo)) {
136 nf_ct_unexpect_related(exp); 136 nf_ct_unexpect_related(exp);
137 return NF_DROP; 137 return NF_DROP;
138 } 138 }
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c
index c1b059a73708..a868c8c41328 100644
--- a/net/ipv4/netfilter/nf_nat_h323.c
+++ b/net/ipv4/netfilter/nf_nat_h323.c
@@ -22,12 +22,12 @@
22#include <linux/netfilter/nf_conntrack_h323.h> 22#include <linux/netfilter/nf_conntrack_h323.h>
23 23
24/****************************************************************************/ 24/****************************************************************************/
25static int set_addr(struct sk_buff **pskb, 25static int set_addr(struct sk_buff *skb,
26 unsigned char **data, int dataoff, 26 unsigned char **data, int dataoff,
27 unsigned int addroff, __be32 ip, __be16 port) 27 unsigned int addroff, __be32 ip, __be16 port)
28{ 28{
29 enum ip_conntrack_info ctinfo; 29 enum ip_conntrack_info ctinfo;
30 struct nf_conn *ct = nf_ct_get(*pskb, &ctinfo); 30 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
31 struct { 31 struct {
32 __be32 ip; 32 __be32 ip;
33 __be16 port; 33 __be16 port;
@@ -38,8 +38,8 @@ static int set_addr(struct sk_buff **pskb,
38 buf.port = port; 38 buf.port = port;
39 addroff += dataoff; 39 addroff += dataoff;
40 40
41 if (ip_hdr(*pskb)->protocol == IPPROTO_TCP) { 41 if (ip_hdr(skb)->protocol == IPPROTO_TCP) {
42 if (!nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, 42 if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
43 addroff, sizeof(buf), 43 addroff, sizeof(buf),
44 (char *) &buf, sizeof(buf))) { 44 (char *) &buf, sizeof(buf))) {
45 if (net_ratelimit()) 45 if (net_ratelimit())
@@ -49,14 +49,13 @@ static int set_addr(struct sk_buff **pskb,
49 } 49 }
50 50
51 /* Relocate data pointer */ 51 /* Relocate data pointer */
52 th = skb_header_pointer(*pskb, ip_hdrlen(*pskb), 52 th = skb_header_pointer(skb, ip_hdrlen(skb),
53 sizeof(_tcph), &_tcph); 53 sizeof(_tcph), &_tcph);
54 if (th == NULL) 54 if (th == NULL)
55 return -1; 55 return -1;
56 *data = (*pskb)->data + ip_hdrlen(*pskb) + 56 *data = skb->data + ip_hdrlen(skb) + th->doff * 4 + dataoff;
57 th->doff * 4 + dataoff;
58 } else { 57 } else {
59 if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, 58 if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
60 addroff, sizeof(buf), 59 addroff, sizeof(buf),
61 (char *) &buf, sizeof(buf))) { 60 (char *) &buf, sizeof(buf))) {
62 if (net_ratelimit()) 61 if (net_ratelimit())
@@ -67,36 +66,35 @@ static int set_addr(struct sk_buff **pskb,
67 /* nf_nat_mangle_udp_packet uses skb_make_writable() to copy 66 /* nf_nat_mangle_udp_packet uses skb_make_writable() to copy
68 * or pull everything in a linear buffer, so we can safely 67 * or pull everything in a linear buffer, so we can safely
69 * use the skb pointers now */ 68 * use the skb pointers now */
70 *data = ((*pskb)->data + ip_hdrlen(*pskb) + 69 *data = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
71 sizeof(struct udphdr));
72 } 70 }
73 71
74 return 0; 72 return 0;
75} 73}
76 74
77/****************************************************************************/ 75/****************************************************************************/
78static int set_h225_addr(struct sk_buff **pskb, 76static int set_h225_addr(struct sk_buff *skb,
79 unsigned char **data, int dataoff, 77 unsigned char **data, int dataoff,
80 TransportAddress *taddr, 78 TransportAddress *taddr,
81 union nf_conntrack_address *addr, __be16 port) 79 union nf_conntrack_address *addr, __be16 port)
82{ 80{
83 return set_addr(pskb, data, dataoff, taddr->ipAddress.ip, 81 return set_addr(skb, data, dataoff, taddr->ipAddress.ip,
84 addr->ip, port); 82 addr->ip, port);
85} 83}
86 84
87/****************************************************************************/ 85/****************************************************************************/
88static int set_h245_addr(struct sk_buff **pskb, 86static int set_h245_addr(struct sk_buff *skb,
89 unsigned char **data, int dataoff, 87 unsigned char **data, int dataoff,
90 H245_TransportAddress *taddr, 88 H245_TransportAddress *taddr,
91 union nf_conntrack_address *addr, __be16 port) 89 union nf_conntrack_address *addr, __be16 port)
92{ 90{
93 return set_addr(pskb, data, dataoff, 91 return set_addr(skb, data, dataoff,
94 taddr->unicastAddress.iPAddress.network, 92 taddr->unicastAddress.iPAddress.network,
95 addr->ip, port); 93 addr->ip, port);
96} 94}
97 95
98/****************************************************************************/ 96/****************************************************************************/
99static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct, 97static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct,
100 enum ip_conntrack_info ctinfo, 98 enum ip_conntrack_info ctinfo,
101 unsigned char **data, 99 unsigned char **data,
102 TransportAddress *taddr, int count) 100 TransportAddress *taddr, int count)
@@ -125,7 +123,7 @@ static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct,
125 NIPQUAD(addr.ip), port, 123 NIPQUAD(addr.ip), port,
126 NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip), 124 NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip),
127 info->sig_port[!dir]); 125 info->sig_port[!dir]);
128 return set_h225_addr(pskb, data, 0, &taddr[i], 126 return set_h225_addr(skb, data, 0, &taddr[i],
129 &ct->tuplehash[!dir]. 127 &ct->tuplehash[!dir].
130 tuple.dst.u3, 128 tuple.dst.u3,
131 info->sig_port[!dir]); 129 info->sig_port[!dir]);
@@ -137,7 +135,7 @@ static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct,
137 NIPQUAD(addr.ip), port, 135 NIPQUAD(addr.ip), port,
138 NIPQUAD(ct->tuplehash[!dir].tuple.src.u3.ip), 136 NIPQUAD(ct->tuplehash[!dir].tuple.src.u3.ip),
139 info->sig_port[!dir]); 137 info->sig_port[!dir]);
140 return set_h225_addr(pskb, data, 0, &taddr[i], 138 return set_h225_addr(skb, data, 0, &taddr[i],
141 &ct->tuplehash[!dir]. 139 &ct->tuplehash[!dir].
142 tuple.src.u3, 140 tuple.src.u3,
143 info->sig_port[!dir]); 141 info->sig_port[!dir]);
@@ -149,7 +147,7 @@ static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct,
149} 147}
150 148
151/****************************************************************************/ 149/****************************************************************************/
152static int set_ras_addr(struct sk_buff **pskb, struct nf_conn *ct, 150static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct,
153 enum ip_conntrack_info ctinfo, 151 enum ip_conntrack_info ctinfo,
154 unsigned char **data, 152 unsigned char **data,
155 TransportAddress *taddr, int count) 153 TransportAddress *taddr, int count)
@@ -168,7 +166,7 @@ static int set_ras_addr(struct sk_buff **pskb, struct nf_conn *ct,
168 NIPQUAD(addr.ip), ntohs(port), 166 NIPQUAD(addr.ip), ntohs(port),
169 NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip), 167 NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip),
170 ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port)); 168 ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port));
171 return set_h225_addr(pskb, data, 0, &taddr[i], 169 return set_h225_addr(skb, data, 0, &taddr[i],
172 &ct->tuplehash[!dir].tuple.dst.u3, 170 &ct->tuplehash[!dir].tuple.dst.u3,
173 ct->tuplehash[!dir].tuple. 171 ct->tuplehash[!dir].tuple.
174 dst.u.udp.port); 172 dst.u.udp.port);
@@ -179,7 +177,7 @@ static int set_ras_addr(struct sk_buff **pskb, struct nf_conn *ct,
179} 177}
180 178
181/****************************************************************************/ 179/****************************************************************************/
182static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, 180static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
183 enum ip_conntrack_info ctinfo, 181 enum ip_conntrack_info ctinfo,
184 unsigned char **data, int dataoff, 182 unsigned char **data, int dataoff,
185 H245_TransportAddress *taddr, 183 H245_TransportAddress *taddr,
@@ -244,7 +242,7 @@ static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct,
244 } 242 }
245 243
246 /* Modify signal */ 244 /* Modify signal */
247 if (set_h245_addr(pskb, data, dataoff, taddr, 245 if (set_h245_addr(skb, data, dataoff, taddr,
248 &ct->tuplehash[!dir].tuple.dst.u3, 246 &ct->tuplehash[!dir].tuple.dst.u3,
249 htons((port & htons(1)) ? nated_port + 1 : 247 htons((port & htons(1)) ? nated_port + 1 :
250 nated_port)) == 0) { 248 nated_port)) == 0) {
@@ -273,7 +271,7 @@ static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct,
273} 271}
274 272
275/****************************************************************************/ 273/****************************************************************************/
276static int nat_t120(struct sk_buff **pskb, struct nf_conn *ct, 274static int nat_t120(struct sk_buff *skb, struct nf_conn *ct,
277 enum ip_conntrack_info ctinfo, 275 enum ip_conntrack_info ctinfo,
278 unsigned char **data, int dataoff, 276 unsigned char **data, int dataoff,
279 H245_TransportAddress *taddr, __be16 port, 277 H245_TransportAddress *taddr, __be16 port,
@@ -301,7 +299,7 @@ static int nat_t120(struct sk_buff **pskb, struct nf_conn *ct,
301 } 299 }
302 300
303 /* Modify signal */ 301 /* Modify signal */
304 if (set_h245_addr(pskb, data, dataoff, taddr, 302 if (set_h245_addr(skb, data, dataoff, taddr,
305 &ct->tuplehash[!dir].tuple.dst.u3, 303 &ct->tuplehash[!dir].tuple.dst.u3,
306 htons(nated_port)) < 0) { 304 htons(nated_port)) < 0) {
307 nf_ct_unexpect_related(exp); 305 nf_ct_unexpect_related(exp);
@@ -318,7 +316,7 @@ static int nat_t120(struct sk_buff **pskb, struct nf_conn *ct,
318} 316}
319 317
320/****************************************************************************/ 318/****************************************************************************/
321static int nat_h245(struct sk_buff **pskb, struct nf_conn *ct, 319static int nat_h245(struct sk_buff *skb, struct nf_conn *ct,
322 enum ip_conntrack_info ctinfo, 320 enum ip_conntrack_info ctinfo,
323 unsigned char **data, int dataoff, 321 unsigned char **data, int dataoff,
324 TransportAddress *taddr, __be16 port, 322 TransportAddress *taddr, __be16 port,
@@ -351,7 +349,7 @@ static int nat_h245(struct sk_buff **pskb, struct nf_conn *ct,
351 } 349 }
352 350
353 /* Modify signal */ 351 /* Modify signal */
354 if (set_h225_addr(pskb, data, dataoff, taddr, 352 if (set_h225_addr(skb, data, dataoff, taddr,
355 &ct->tuplehash[!dir].tuple.dst.u3, 353 &ct->tuplehash[!dir].tuple.dst.u3,
356 htons(nated_port)) == 0) { 354 htons(nated_port)) == 0) {
357 /* Save ports */ 355 /* Save ports */
@@ -406,7 +404,7 @@ static void ip_nat_q931_expect(struct nf_conn *new,
406} 404}
407 405
408/****************************************************************************/ 406/****************************************************************************/
409static int nat_q931(struct sk_buff **pskb, struct nf_conn *ct, 407static int nat_q931(struct sk_buff *skb, struct nf_conn *ct,
410 enum ip_conntrack_info ctinfo, 408 enum ip_conntrack_info ctinfo,
411 unsigned char **data, TransportAddress *taddr, int idx, 409 unsigned char **data, TransportAddress *taddr, int idx,
412 __be16 port, struct nf_conntrack_expect *exp) 410 __be16 port, struct nf_conntrack_expect *exp)
@@ -439,7 +437,7 @@ static int nat_q931(struct sk_buff **pskb, struct nf_conn *ct,
439 } 437 }
440 438
441 /* Modify signal */ 439 /* Modify signal */
442 if (set_h225_addr(pskb, data, 0, &taddr[idx], 440 if (set_h225_addr(skb, data, 0, &taddr[idx],
443 &ct->tuplehash[!dir].tuple.dst.u3, 441 &ct->tuplehash[!dir].tuple.dst.u3,
444 htons(nated_port)) == 0) { 442 htons(nated_port)) == 0) {
445 /* Save ports */ 443 /* Save ports */
@@ -450,7 +448,7 @@ static int nat_q931(struct sk_buff **pskb, struct nf_conn *ct,
450 if (idx > 0 && 448 if (idx > 0 &&
451 get_h225_addr(ct, *data, &taddr[0], &addr, &port) && 449 get_h225_addr(ct, *data, &taddr[0], &addr, &port) &&
452 (ntohl(addr.ip) & 0xff000000) == 0x7f000000) { 450 (ntohl(addr.ip) & 0xff000000) == 0x7f000000) {
453 set_h225_addr(pskb, data, 0, &taddr[0], 451 set_h225_addr(skb, data, 0, &taddr[0],
454 &ct->tuplehash[!dir].tuple.dst.u3, 452 &ct->tuplehash[!dir].tuple.dst.u3,
455 info->sig_port[!dir]); 453 info->sig_port[!dir]);
456 } 454 }
@@ -495,7 +493,7 @@ static void ip_nat_callforwarding_expect(struct nf_conn *new,
495} 493}
496 494
497/****************************************************************************/ 495/****************************************************************************/
498static int nat_callforwarding(struct sk_buff **pskb, struct nf_conn *ct, 496static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct,
499 enum ip_conntrack_info ctinfo, 497 enum ip_conntrack_info ctinfo,
500 unsigned char **data, int dataoff, 498 unsigned char **data, int dataoff,
501 TransportAddress *taddr, __be16 port, 499 TransportAddress *taddr, __be16 port,
@@ -525,7 +523,7 @@ static int nat_callforwarding(struct sk_buff **pskb, struct nf_conn *ct,
525 } 523 }
526 524
527 /* Modify signal */ 525 /* Modify signal */
528 if (!set_h225_addr(pskb, data, dataoff, taddr, 526 if (!set_h225_addr(skb, data, dataoff, taddr,
529 &ct->tuplehash[!dir].tuple.dst.u3, 527 &ct->tuplehash[!dir].tuple.dst.u3,
530 htons(nated_port)) == 0) { 528 htons(nated_port)) == 0) {
531 nf_ct_unexpect_related(exp); 529 nf_ct_unexpect_related(exp);
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c
index 40b429e4540d..8718da00ef2a 100644
--- a/net/ipv4/netfilter/nf_nat_helper.c
+++ b/net/ipv4/netfilter/nf_nat_helper.c
@@ -111,12 +111,12 @@ static void mangle_contents(struct sk_buff *skb,
111} 111}
112 112
113/* Unusual, but possible case. */ 113/* Unusual, but possible case. */
114static int enlarge_skb(struct sk_buff **pskb, unsigned int extra) 114static int enlarge_skb(struct sk_buff *skb, unsigned int extra)
115{ 115{
116 if ((*pskb)->len + extra > 65535) 116 if (skb->len + extra > 65535)
117 return 0; 117 return 0;
118 118
119 if (pskb_expand_head(*pskb, 0, extra - skb_tailroom(*pskb), GFP_ATOMIC)) 119 if (pskb_expand_head(skb, 0, extra - skb_tailroom(skb), GFP_ATOMIC))
120 return 0; 120 return 0;
121 121
122 return 1; 122 return 1;
@@ -131,7 +131,7 @@ static int enlarge_skb(struct sk_buff **pskb, unsigned int extra)
131 * 131 *
132 * */ 132 * */
133int 133int
134nf_nat_mangle_tcp_packet(struct sk_buff **pskb, 134nf_nat_mangle_tcp_packet(struct sk_buff *skb,
135 struct nf_conn *ct, 135 struct nf_conn *ct,
136 enum ip_conntrack_info ctinfo, 136 enum ip_conntrack_info ctinfo,
137 unsigned int match_offset, 137 unsigned int match_offset,
@@ -139,37 +139,37 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb,
139 const char *rep_buffer, 139 const char *rep_buffer,
140 unsigned int rep_len) 140 unsigned int rep_len)
141{ 141{
142 struct rtable *rt = (struct rtable *)(*pskb)->dst; 142 struct rtable *rt = (struct rtable *)skb->dst;
143 struct iphdr *iph; 143 struct iphdr *iph;
144 struct tcphdr *tcph; 144 struct tcphdr *tcph;
145 int oldlen, datalen; 145 int oldlen, datalen;
146 146
147 if (!skb_make_writable(*pskb, (*pskb)->len)) 147 if (!skb_make_writable(skb, skb->len))
148 return 0; 148 return 0;
149 149
150 if (rep_len > match_len && 150 if (rep_len > match_len &&
151 rep_len - match_len > skb_tailroom(*pskb) && 151 rep_len - match_len > skb_tailroom(skb) &&
152 !enlarge_skb(pskb, rep_len - match_len)) 152 !enlarge_skb(skb, rep_len - match_len))
153 return 0; 153 return 0;
154 154
155 SKB_LINEAR_ASSERT(*pskb); 155 SKB_LINEAR_ASSERT(skb);
156 156
157 iph = ip_hdr(*pskb); 157 iph = ip_hdr(skb);
158 tcph = (void *)iph + iph->ihl*4; 158 tcph = (void *)iph + iph->ihl*4;
159 159
160 oldlen = (*pskb)->len - iph->ihl*4; 160 oldlen = skb->len - iph->ihl*4;
161 mangle_contents(*pskb, iph->ihl*4 + tcph->doff*4, 161 mangle_contents(skb, iph->ihl*4 + tcph->doff*4,
162 match_offset, match_len, rep_buffer, rep_len); 162 match_offset, match_len, rep_buffer, rep_len);
163 163
164 datalen = (*pskb)->len - iph->ihl*4; 164 datalen = skb->len - iph->ihl*4;
165 if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { 165 if (skb->ip_summed != CHECKSUM_PARTIAL) {
166 if (!(rt->rt_flags & RTCF_LOCAL) && 166 if (!(rt->rt_flags & RTCF_LOCAL) &&
167 (*pskb)->dev->features & NETIF_F_V4_CSUM) { 167 skb->dev->features & NETIF_F_V4_CSUM) {
168 (*pskb)->ip_summed = CHECKSUM_PARTIAL; 168 skb->ip_summed = CHECKSUM_PARTIAL;
169 (*pskb)->csum_start = skb_headroom(*pskb) + 169 skb->csum_start = skb_headroom(skb) +
170 skb_network_offset(*pskb) + 170 skb_network_offset(skb) +
171 iph->ihl * 4; 171 iph->ihl * 4;
172 (*pskb)->csum_offset = offsetof(struct tcphdr, check); 172 skb->csum_offset = offsetof(struct tcphdr, check);
173 tcph->check = ~tcp_v4_check(datalen, 173 tcph->check = ~tcp_v4_check(datalen,
174 iph->saddr, iph->daddr, 0); 174 iph->saddr, iph->daddr, 0);
175 } else { 175 } else {
@@ -180,7 +180,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb,
180 datalen, 0)); 180 datalen, 0));
181 } 181 }
182 } else 182 } else
183 nf_proto_csum_replace2(&tcph->check, *pskb, 183 nf_proto_csum_replace2(&tcph->check, skb,
184 htons(oldlen), htons(datalen), 1); 184 htons(oldlen), htons(datalen), 1);
185 185
186 if (rep_len != match_len) { 186 if (rep_len != match_len) {
@@ -189,7 +189,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb,
189 (int)rep_len - (int)match_len, 189 (int)rep_len - (int)match_len,
190 ct, ctinfo); 190 ct, ctinfo);
191 /* Tell TCP window tracking about seq change */ 191 /* Tell TCP window tracking about seq change */
192 nf_conntrack_tcp_update(*pskb, ip_hdrlen(*pskb), 192 nf_conntrack_tcp_update(skb, ip_hdrlen(skb),
193 ct, CTINFO2DIR(ctinfo)); 193 ct, CTINFO2DIR(ctinfo));
194 } 194 }
195 return 1; 195 return 1;
@@ -207,7 +207,7 @@ EXPORT_SYMBOL(nf_nat_mangle_tcp_packet);
207 * should be fairly easy to do. 207 * should be fairly easy to do.
208 */ 208 */
209int 209int
210nf_nat_mangle_udp_packet(struct sk_buff **pskb, 210nf_nat_mangle_udp_packet(struct sk_buff *skb,
211 struct nf_conn *ct, 211 struct nf_conn *ct,
212 enum ip_conntrack_info ctinfo, 212 enum ip_conntrack_info ctinfo,
213 unsigned int match_offset, 213 unsigned int match_offset,
@@ -215,48 +215,48 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb,
215 const char *rep_buffer, 215 const char *rep_buffer,
216 unsigned int rep_len) 216 unsigned int rep_len)
217{ 217{
218 struct rtable *rt = (struct rtable *)(*pskb)->dst; 218 struct rtable *rt = (struct rtable *)skb->dst;
219 struct iphdr *iph; 219 struct iphdr *iph;
220 struct udphdr *udph; 220 struct udphdr *udph;
221 int datalen, oldlen; 221 int datalen, oldlen;
222 222
223 /* UDP helpers might accidentally mangle the wrong packet */ 223 /* UDP helpers might accidentally mangle the wrong packet */
224 iph = ip_hdr(*pskb); 224 iph = ip_hdr(skb);
225 if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) + 225 if (skb->len < iph->ihl*4 + sizeof(*udph) +
226 match_offset + match_len) 226 match_offset + match_len)
227 return 0; 227 return 0;
228 228
229 if (!skb_make_writable(*pskb, (*pskb)->len)) 229 if (!skb_make_writable(skb, skb->len))
230 return 0; 230 return 0;
231 231
232 if (rep_len > match_len && 232 if (rep_len > match_len &&
233 rep_len - match_len > skb_tailroom(*pskb) && 233 rep_len - match_len > skb_tailroom(skb) &&
234 !enlarge_skb(pskb, rep_len - match_len)) 234 !enlarge_skb(skb, rep_len - match_len))
235 return 0; 235 return 0;
236 236
237 iph = ip_hdr(*pskb); 237 iph = ip_hdr(skb);
238 udph = (void *)iph + iph->ihl*4; 238 udph = (void *)iph + iph->ihl*4;
239 239
240 oldlen = (*pskb)->len - iph->ihl*4; 240 oldlen = skb->len - iph->ihl*4;
241 mangle_contents(*pskb, iph->ihl*4 + sizeof(*udph), 241 mangle_contents(skb, iph->ihl*4 + sizeof(*udph),
242 match_offset, match_len, rep_buffer, rep_len); 242 match_offset, match_len, rep_buffer, rep_len);
243 243
244 /* update the length of the UDP packet */ 244 /* update the length of the UDP packet */
245 datalen = (*pskb)->len - iph->ihl*4; 245 datalen = skb->len - iph->ihl*4;
246 udph->len = htons(datalen); 246 udph->len = htons(datalen);
247 247
248 /* fix udp checksum if udp checksum was previously calculated */ 248 /* fix udp checksum if udp checksum was previously calculated */
249 if (!udph->check && (*pskb)->ip_summed != CHECKSUM_PARTIAL) 249 if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL)
250 return 1; 250 return 1;
251 251
252 if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { 252 if (skb->ip_summed != CHECKSUM_PARTIAL) {
253 if (!(rt->rt_flags & RTCF_LOCAL) && 253 if (!(rt->rt_flags & RTCF_LOCAL) &&
254 (*pskb)->dev->features & NETIF_F_V4_CSUM) { 254 skb->dev->features & NETIF_F_V4_CSUM) {
255 (*pskb)->ip_summed = CHECKSUM_PARTIAL; 255 skb->ip_summed = CHECKSUM_PARTIAL;
256 (*pskb)->csum_start = skb_headroom(*pskb) + 256 skb->csum_start = skb_headroom(skb) +
257 skb_network_offset(*pskb) + 257 skb_network_offset(skb) +
258 iph->ihl * 4; 258 iph->ihl * 4;
259 (*pskb)->csum_offset = offsetof(struct udphdr, check); 259 skb->csum_offset = offsetof(struct udphdr, check);
260 udph->check = ~csum_tcpudp_magic(iph->saddr, iph->daddr, 260 udph->check = ~csum_tcpudp_magic(iph->saddr, iph->daddr,
261 datalen, IPPROTO_UDP, 261 datalen, IPPROTO_UDP,
262 0); 262 0);
@@ -270,7 +270,7 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb,
270 udph->check = CSUM_MANGLED_0; 270 udph->check = CSUM_MANGLED_0;
271 } 271 }
272 } else 272 } else
273 nf_proto_csum_replace2(&udph->check, *pskb, 273 nf_proto_csum_replace2(&udph->check, skb,
274 htons(oldlen), htons(datalen), 1); 274 htons(oldlen), htons(datalen), 1);
275 275
276 return 1; 276 return 1;
@@ -322,7 +322,7 @@ sack_adjust(struct sk_buff *skb,
322 322
323/* TCP SACK sequence number adjustment */ 323/* TCP SACK sequence number adjustment */
324static inline unsigned int 324static inline unsigned int
325nf_nat_sack_adjust(struct sk_buff **pskb, 325nf_nat_sack_adjust(struct sk_buff *skb,
326 struct tcphdr *tcph, 326 struct tcphdr *tcph,
327 struct nf_conn *ct, 327 struct nf_conn *ct,
328 enum ip_conntrack_info ctinfo) 328 enum ip_conntrack_info ctinfo)
@@ -330,17 +330,17 @@ nf_nat_sack_adjust(struct sk_buff **pskb,
330 unsigned int dir, optoff, optend; 330 unsigned int dir, optoff, optend;
331 struct nf_conn_nat *nat = nfct_nat(ct); 331 struct nf_conn_nat *nat = nfct_nat(ct);
332 332
333 optoff = ip_hdrlen(*pskb) + sizeof(struct tcphdr); 333 optoff = ip_hdrlen(skb) + sizeof(struct tcphdr);
334 optend = ip_hdrlen(*pskb) + tcph->doff * 4; 334 optend = ip_hdrlen(skb) + tcph->doff * 4;
335 335
336 if (!skb_make_writable(*pskb, optend)) 336 if (!skb_make_writable(skb, optend))
337 return 0; 337 return 0;
338 338
339 dir = CTINFO2DIR(ctinfo); 339 dir = CTINFO2DIR(ctinfo);
340 340
341 while (optoff < optend) { 341 while (optoff < optend) {
342 /* Usually: option, length. */ 342 /* Usually: option, length. */
343 unsigned char *op = (*pskb)->data + optoff; 343 unsigned char *op = skb->data + optoff;
344 344
345 switch (op[0]) { 345 switch (op[0]) {
346 case TCPOPT_EOL: 346 case TCPOPT_EOL:
@@ -357,7 +357,7 @@ nf_nat_sack_adjust(struct sk_buff **pskb,
357 if (op[0] == TCPOPT_SACK && 357 if (op[0] == TCPOPT_SACK &&
358 op[1] >= 2+TCPOLEN_SACK_PERBLOCK && 358 op[1] >= 2+TCPOLEN_SACK_PERBLOCK &&
359 ((op[1] - 2) % TCPOLEN_SACK_PERBLOCK) == 0) 359 ((op[1] - 2) % TCPOLEN_SACK_PERBLOCK) == 0)
360 sack_adjust(*pskb, tcph, optoff+2, 360 sack_adjust(skb, tcph, optoff+2,
361 optoff+op[1], &nat->seq[!dir]); 361 optoff+op[1], &nat->seq[!dir]);
362 optoff += op[1]; 362 optoff += op[1];
363 } 363 }
@@ -367,7 +367,7 @@ nf_nat_sack_adjust(struct sk_buff **pskb,
367 367
368/* TCP sequence number adjustment. Returns 1 on success, 0 on failure */ 368/* TCP sequence number adjustment. Returns 1 on success, 0 on failure */
369int 369int
370nf_nat_seq_adjust(struct sk_buff **pskb, 370nf_nat_seq_adjust(struct sk_buff *skb,
371 struct nf_conn *ct, 371 struct nf_conn *ct,
372 enum ip_conntrack_info ctinfo) 372 enum ip_conntrack_info ctinfo)
373{ 373{
@@ -382,10 +382,10 @@ nf_nat_seq_adjust(struct sk_buff **pskb,
382 this_way = &nat->seq[dir]; 382 this_way = &nat->seq[dir];
383 other_way = &nat->seq[!dir]; 383 other_way = &nat->seq[!dir];
384 384
385 if (!skb_make_writable(*pskb, ip_hdrlen(*pskb) + sizeof(*tcph))) 385 if (!skb_make_writable(skb, ip_hdrlen(skb) + sizeof(*tcph)))
386 return 0; 386 return 0;
387 387
388 tcph = (void *)(*pskb)->data + ip_hdrlen(*pskb); 388 tcph = (void *)skb->data + ip_hdrlen(skb);
389 if (after(ntohl(tcph->seq), this_way->correction_pos)) 389 if (after(ntohl(tcph->seq), this_way->correction_pos))
390 newseq = htonl(ntohl(tcph->seq) + this_way->offset_after); 390 newseq = htonl(ntohl(tcph->seq) + this_way->offset_after);
391 else 391 else
@@ -397,8 +397,8 @@ nf_nat_seq_adjust(struct sk_buff **pskb,
397 else 397 else
398 newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before); 398 newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before);
399 399
400 nf_proto_csum_replace4(&tcph->check, *pskb, tcph->seq, newseq, 0); 400 nf_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, 0);
401 nf_proto_csum_replace4(&tcph->check, *pskb, tcph->ack_seq, newack, 0); 401 nf_proto_csum_replace4(&tcph->check, skb, tcph->ack_seq, newack, 0);
402 402
403 pr_debug("Adjusting sequence number from %u->%u, ack from %u->%u\n", 403 pr_debug("Adjusting sequence number from %u->%u, ack from %u->%u\n",
404 ntohl(tcph->seq), ntohl(newseq), ntohl(tcph->ack_seq), 404 ntohl(tcph->seq), ntohl(newseq), ntohl(tcph->ack_seq),
@@ -407,10 +407,10 @@ nf_nat_seq_adjust(struct sk_buff **pskb,
407 tcph->seq = newseq; 407 tcph->seq = newseq;
408 tcph->ack_seq = newack; 408 tcph->ack_seq = newack;
409 409
410 if (!nf_nat_sack_adjust(pskb, tcph, ct, ctinfo)) 410 if (!nf_nat_sack_adjust(skb, tcph, ct, ctinfo))
411 return 0; 411 return 0;
412 412
413 nf_conntrack_tcp_update(*pskb, ip_hdrlen(*pskb), ct, dir); 413 nf_conntrack_tcp_update(skb, ip_hdrlen(skb), ct, dir);
414 414
415 return 1; 415 return 1;
416} 416}
diff --git a/net/ipv4/netfilter/nf_nat_irc.c b/net/ipv4/netfilter/nf_nat_irc.c
index bcf274bba602..766e2c16c6b9 100644
--- a/net/ipv4/netfilter/nf_nat_irc.c
+++ b/net/ipv4/netfilter/nf_nat_irc.c
@@ -27,7 +27,7 @@ MODULE_DESCRIPTION("IRC (DCC) NAT helper");
27MODULE_LICENSE("GPL"); 27MODULE_LICENSE("GPL");
28MODULE_ALIAS("ip_nat_irc"); 28MODULE_ALIAS("ip_nat_irc");
29 29
30static unsigned int help(struct sk_buff **pskb, 30static unsigned int help(struct sk_buff *skb,
31 enum ip_conntrack_info ctinfo, 31 enum ip_conntrack_info ctinfo,
32 unsigned int matchoff, 32 unsigned int matchoff,
33 unsigned int matchlen, 33 unsigned int matchlen,
@@ -58,7 +58,7 @@ static unsigned int help(struct sk_buff **pskb,
58 pr_debug("nf_nat_irc: inserting '%s' == %u.%u.%u.%u, port %u\n", 58 pr_debug("nf_nat_irc: inserting '%s' == %u.%u.%u.%u, port %u\n",
59 buffer, NIPQUAD(ip), port); 59 buffer, NIPQUAD(ip), port);
60 60
61 ret = nf_nat_mangle_tcp_packet(pskb, exp->master, ctinfo, 61 ret = nf_nat_mangle_tcp_packet(skb, exp->master, ctinfo,
62 matchoff, matchlen, buffer, 62 matchoff, matchlen, buffer,
63 strlen(buffer)); 63 strlen(buffer));
64 if (ret != NF_ACCEPT) 64 if (ret != NF_ACCEPT)
diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c
index 984ec8308b2e..e1385a099079 100644
--- a/net/ipv4/netfilter/nf_nat_pptp.c
+++ b/net/ipv4/netfilter/nf_nat_pptp.c
@@ -110,7 +110,7 @@ static void pptp_nat_expected(struct nf_conn *ct,
110 110
111/* outbound packets == from PNS to PAC */ 111/* outbound packets == from PNS to PAC */
112static int 112static int
113pptp_outbound_pkt(struct sk_buff **pskb, 113pptp_outbound_pkt(struct sk_buff *skb,
114 struct nf_conn *ct, 114 struct nf_conn *ct,
115 enum ip_conntrack_info ctinfo, 115 enum ip_conntrack_info ctinfo,
116 struct PptpControlHeader *ctlh, 116 struct PptpControlHeader *ctlh,
@@ -175,7 +175,7 @@ pptp_outbound_pkt(struct sk_buff **pskb,
175 ntohs(REQ_CID(pptpReq, cid_off)), ntohs(new_callid)); 175 ntohs(REQ_CID(pptpReq, cid_off)), ntohs(new_callid));
176 176
177 /* mangle packet */ 177 /* mangle packet */
178 if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, 178 if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
179 cid_off + sizeof(struct pptp_pkt_hdr) + 179 cid_off + sizeof(struct pptp_pkt_hdr) +
180 sizeof(struct PptpControlHeader), 180 sizeof(struct PptpControlHeader),
181 sizeof(new_callid), (char *)&new_callid, 181 sizeof(new_callid), (char *)&new_callid,
@@ -213,7 +213,7 @@ pptp_exp_gre(struct nf_conntrack_expect *expect_orig,
213 213
214/* inbound packets == from PAC to PNS */ 214/* inbound packets == from PAC to PNS */
215static int 215static int
216pptp_inbound_pkt(struct sk_buff **pskb, 216pptp_inbound_pkt(struct sk_buff *skb,
217 struct nf_conn *ct, 217 struct nf_conn *ct,
218 enum ip_conntrack_info ctinfo, 218 enum ip_conntrack_info ctinfo,
219 struct PptpControlHeader *ctlh, 219 struct PptpControlHeader *ctlh,
@@ -268,7 +268,7 @@ pptp_inbound_pkt(struct sk_buff **pskb,
268 pr_debug("altering peer call id from 0x%04x to 0x%04x\n", 268 pr_debug("altering peer call id from 0x%04x to 0x%04x\n",
269 ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid)); 269 ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid));
270 270
271 if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, 271 if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
272 pcid_off + sizeof(struct pptp_pkt_hdr) + 272 pcid_off + sizeof(struct pptp_pkt_hdr) +
273 sizeof(struct PptpControlHeader), 273 sizeof(struct PptpControlHeader),
274 sizeof(new_pcid), (char *)&new_pcid, 274 sizeof(new_pcid), (char *)&new_pcid,
diff --git a/net/ipv4/netfilter/nf_nat_proto_gre.c b/net/ipv4/netfilter/nf_nat_proto_gre.c
index e7a2aafcce5b..b820f9960356 100644
--- a/net/ipv4/netfilter/nf_nat_proto_gre.c
+++ b/net/ipv4/netfilter/nf_nat_proto_gre.c
@@ -98,21 +98,21 @@ gre_unique_tuple(struct nf_conntrack_tuple *tuple,
98 98
99/* manipulate a GRE packet according to maniptype */ 99/* manipulate a GRE packet according to maniptype */
100static int 100static int
101gre_manip_pkt(struct sk_buff **pskb, unsigned int iphdroff, 101gre_manip_pkt(struct sk_buff *skb, unsigned int iphdroff,
102 const struct nf_conntrack_tuple *tuple, 102 const struct nf_conntrack_tuple *tuple,
103 enum nf_nat_manip_type maniptype) 103 enum nf_nat_manip_type maniptype)
104{ 104{
105 struct gre_hdr *greh; 105 struct gre_hdr *greh;
106 struct gre_hdr_pptp *pgreh; 106 struct gre_hdr_pptp *pgreh;
107 struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); 107 struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff);
108 unsigned int hdroff = iphdroff + iph->ihl * 4; 108 unsigned int hdroff = iphdroff + iph->ihl * 4;
109 109
110 /* pgreh includes two optional 32bit fields which are not required 110 /* pgreh includes two optional 32bit fields which are not required
111 * to be there. That's where the magic '8' comes from */ 111 * to be there. That's where the magic '8' comes from */
112 if (!skb_make_writable(*pskb, hdroff + sizeof(*pgreh) - 8)) 112 if (!skb_make_writable(skb, hdroff + sizeof(*pgreh) - 8))
113 return 0; 113 return 0;
114 114
115 greh = (void *)(*pskb)->data + hdroff; 115 greh = (void *)skb->data + hdroff;
116 pgreh = (struct gre_hdr_pptp *)greh; 116 pgreh = (struct gre_hdr_pptp *)greh;
117 117
118 /* we only have destination manip of a packet, since 'source key' 118 /* we only have destination manip of a packet, since 'source key'
diff --git a/net/ipv4/netfilter/nf_nat_proto_icmp.c b/net/ipv4/netfilter/nf_nat_proto_icmp.c
index 4087f4f42c34..b9fc724388fc 100644
--- a/net/ipv4/netfilter/nf_nat_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_nat_proto_icmp.c
@@ -52,20 +52,20 @@ icmp_unique_tuple(struct nf_conntrack_tuple *tuple,
52} 52}
53 53
54static int 54static int
55icmp_manip_pkt(struct sk_buff **pskb, 55icmp_manip_pkt(struct sk_buff *skb,
56 unsigned int iphdroff, 56 unsigned int iphdroff,
57 const struct nf_conntrack_tuple *tuple, 57 const struct nf_conntrack_tuple *tuple,
58 enum nf_nat_manip_type maniptype) 58 enum nf_nat_manip_type maniptype)
59{ 59{
60 struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); 60 struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff);
61 struct icmphdr *hdr; 61 struct icmphdr *hdr;
62 unsigned int hdroff = iphdroff + iph->ihl*4; 62 unsigned int hdroff = iphdroff + iph->ihl*4;
63 63
64 if (!skb_make_writable(*pskb, hdroff + sizeof(*hdr))) 64 if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
65 return 0; 65 return 0;
66 66
67 hdr = (struct icmphdr *)((*pskb)->data + hdroff); 67 hdr = (struct icmphdr *)(skb->data + hdroff);
68 nf_proto_csum_replace2(&hdr->checksum, *pskb, 68 nf_proto_csum_replace2(&hdr->checksum, skb,
69 hdr->un.echo.id, tuple->src.u.icmp.id, 0); 69 hdr->un.echo.id, tuple->src.u.icmp.id, 0);
70 hdr->un.echo.id = tuple->src.u.icmp.id; 70 hdr->un.echo.id = tuple->src.u.icmp.id;
71 return 1; 71 return 1;
diff --git a/net/ipv4/netfilter/nf_nat_proto_tcp.c b/net/ipv4/netfilter/nf_nat_proto_tcp.c
index e544125dc037..6bab2e184455 100644
--- a/net/ipv4/netfilter/nf_nat_proto_tcp.c
+++ b/net/ipv4/netfilter/nf_nat_proto_tcp.c
@@ -88,12 +88,12 @@ tcp_unique_tuple(struct nf_conntrack_tuple *tuple,
88} 88}
89 89
90static int 90static int
91tcp_manip_pkt(struct sk_buff **pskb, 91tcp_manip_pkt(struct sk_buff *skb,
92 unsigned int iphdroff, 92 unsigned int iphdroff,
93 const struct nf_conntrack_tuple *tuple, 93 const struct nf_conntrack_tuple *tuple,
94 enum nf_nat_manip_type maniptype) 94 enum nf_nat_manip_type maniptype)
95{ 95{
96 struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); 96 struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff);
97 struct tcphdr *hdr; 97 struct tcphdr *hdr;
98 unsigned int hdroff = iphdroff + iph->ihl*4; 98 unsigned int hdroff = iphdroff + iph->ihl*4;
99 __be32 oldip, newip; 99 __be32 oldip, newip;
@@ -103,14 +103,14 @@ tcp_manip_pkt(struct sk_buff **pskb,
103 /* this could be a inner header returned in icmp packet; in such 103 /* this could be a inner header returned in icmp packet; in such
104 cases we cannot update the checksum field since it is outside of 104 cases we cannot update the checksum field since it is outside of
105 the 8 bytes of transport layer headers we are guaranteed */ 105 the 8 bytes of transport layer headers we are guaranteed */
106 if ((*pskb)->len >= hdroff + sizeof(struct tcphdr)) 106 if (skb->len >= hdroff + sizeof(struct tcphdr))
107 hdrsize = sizeof(struct tcphdr); 107 hdrsize = sizeof(struct tcphdr);
108 108
109 if (!skb_make_writable(*pskb, hdroff + hdrsize)) 109 if (!skb_make_writable(skb, hdroff + hdrsize))
110 return 0; 110 return 0;
111 111
112 iph = (struct iphdr *)((*pskb)->data + iphdroff); 112 iph = (struct iphdr *)(skb->data + iphdroff);
113 hdr = (struct tcphdr *)((*pskb)->data + hdroff); 113 hdr = (struct tcphdr *)(skb->data + hdroff);
114 114
115 if (maniptype == IP_NAT_MANIP_SRC) { 115 if (maniptype == IP_NAT_MANIP_SRC) {
116 /* Get rid of src ip and src pt */ 116 /* Get rid of src ip and src pt */
@@ -132,8 +132,8 @@ tcp_manip_pkt(struct sk_buff **pskb,
132 if (hdrsize < sizeof(*hdr)) 132 if (hdrsize < sizeof(*hdr))
133 return 1; 133 return 1;
134 134
135 nf_proto_csum_replace4(&hdr->check, *pskb, oldip, newip, 1); 135 nf_proto_csum_replace4(&hdr->check, skb, oldip, newip, 1);
136 nf_proto_csum_replace2(&hdr->check, *pskb, oldport, newport, 0); 136 nf_proto_csum_replace2(&hdr->check, skb, oldport, newport, 0);
137 return 1; 137 return 1;
138} 138}
139 139
diff --git a/net/ipv4/netfilter/nf_nat_proto_udp.c b/net/ipv4/netfilter/nf_nat_proto_udp.c
index ebe9b42a8e94..cbf1a61e2908 100644
--- a/net/ipv4/netfilter/nf_nat_proto_udp.c
+++ b/net/ipv4/netfilter/nf_nat_proto_udp.c
@@ -86,22 +86,22 @@ udp_unique_tuple(struct nf_conntrack_tuple *tuple,
86} 86}
87 87
88static int 88static int
89udp_manip_pkt(struct sk_buff **pskb, 89udp_manip_pkt(struct sk_buff *skb,
90 unsigned int iphdroff, 90 unsigned int iphdroff,
91 const struct nf_conntrack_tuple *tuple, 91 const struct nf_conntrack_tuple *tuple,
92 enum nf_nat_manip_type maniptype) 92 enum nf_nat_manip_type maniptype)
93{ 93{
94 struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); 94 struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff);
95 struct udphdr *hdr; 95 struct udphdr *hdr;
96 unsigned int hdroff = iphdroff + iph->ihl*4; 96 unsigned int hdroff = iphdroff + iph->ihl*4;
97 __be32 oldip, newip; 97 __be32 oldip, newip;
98 __be16 *portptr, newport; 98 __be16 *portptr, newport;
99 99
100 if (!skb_make_writable(*pskb, hdroff + sizeof(*hdr))) 100 if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
101 return 0; 101 return 0;
102 102
103 iph = (struct iphdr *)((*pskb)->data + iphdroff); 103 iph = (struct iphdr *)(skb->data + iphdroff);
104 hdr = (struct udphdr *)((*pskb)->data + hdroff); 104 hdr = (struct udphdr *)(skb->data + hdroff);
105 105
106 if (maniptype == IP_NAT_MANIP_SRC) { 106 if (maniptype == IP_NAT_MANIP_SRC) {
107 /* Get rid of src ip and src pt */ 107 /* Get rid of src ip and src pt */
@@ -116,9 +116,9 @@ udp_manip_pkt(struct sk_buff **pskb,
116 newport = tuple->dst.u.udp.port; 116 newport = tuple->dst.u.udp.port;
117 portptr = &hdr->dest; 117 portptr = &hdr->dest;
118 } 118 }
119 if (hdr->check || (*pskb)->ip_summed == CHECKSUM_PARTIAL) { 119 if (hdr->check || skb->ip_summed == CHECKSUM_PARTIAL) {
120 nf_proto_csum_replace4(&hdr->check, *pskb, oldip, newip, 1); 120 nf_proto_csum_replace4(&hdr->check, skb, oldip, newip, 1);
121 nf_proto_csum_replace2(&hdr->check, *pskb, *portptr, newport, 121 nf_proto_csum_replace2(&hdr->check, skb, *portptr, newport,
122 0); 122 0);
123 if (!hdr->check) 123 if (!hdr->check)
124 hdr->check = CSUM_MANGLED_0; 124 hdr->check = CSUM_MANGLED_0;
diff --git a/net/ipv4/netfilter/nf_nat_proto_unknown.c b/net/ipv4/netfilter/nf_nat_proto_unknown.c
index f50d0203f9c0..cfd2742e9706 100644
--- a/net/ipv4/netfilter/nf_nat_proto_unknown.c
+++ b/net/ipv4/netfilter/nf_nat_proto_unknown.c
@@ -37,7 +37,7 @@ static int unknown_unique_tuple(struct nf_conntrack_tuple *tuple,
37} 37}
38 38
39static int 39static int
40unknown_manip_pkt(struct sk_buff **pskb, 40unknown_manip_pkt(struct sk_buff *skb,
41 unsigned int iphdroff, 41 unsigned int iphdroff,
42 const struct nf_conntrack_tuple *tuple, 42 const struct nf_conntrack_tuple *tuple,
43 enum nf_nat_manip_type maniptype) 43 enum nf_nat_manip_type maniptype)
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index 76ec59ae524d..46b25ab5f78b 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -65,7 +65,7 @@ static struct xt_table nat_table = {
65}; 65};
66 66
67/* Source NAT */ 67/* Source NAT */
68static unsigned int ipt_snat_target(struct sk_buff **pskb, 68static unsigned int ipt_snat_target(struct sk_buff *skb,
69 const struct net_device *in, 69 const struct net_device *in,
70 const struct net_device *out, 70 const struct net_device *out,
71 unsigned int hooknum, 71 unsigned int hooknum,
@@ -78,7 +78,7 @@ static unsigned int ipt_snat_target(struct sk_buff **pskb,
78 78
79 NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); 79 NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING);
80 80
81 ct = nf_ct_get(*pskb, &ctinfo); 81 ct = nf_ct_get(skb, &ctinfo);
82 82
83 /* Connection must be valid and new. */ 83 /* Connection must be valid and new. */
84 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED || 84 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
@@ -107,7 +107,7 @@ static void warn_if_extra_mangle(__be32 dstip, __be32 srcip)
107 ip_rt_put(rt); 107 ip_rt_put(rt);
108} 108}
109 109
110static unsigned int ipt_dnat_target(struct sk_buff **pskb, 110static unsigned int ipt_dnat_target(struct sk_buff *skb,
111 const struct net_device *in, 111 const struct net_device *in,
112 const struct net_device *out, 112 const struct net_device *out,
113 unsigned int hooknum, 113 unsigned int hooknum,
@@ -121,14 +121,14 @@ static unsigned int ipt_dnat_target(struct sk_buff **pskb,
121 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || 121 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING ||
122 hooknum == NF_IP_LOCAL_OUT); 122 hooknum == NF_IP_LOCAL_OUT);
123 123
124 ct = nf_ct_get(*pskb, &ctinfo); 124 ct = nf_ct_get(skb, &ctinfo);
125 125
126 /* Connection must be valid and new. */ 126 /* Connection must be valid and new. */
127 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); 127 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
128 128
129 if (hooknum == NF_IP_LOCAL_OUT && 129 if (hooknum == NF_IP_LOCAL_OUT &&
130 mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) 130 mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)
131 warn_if_extra_mangle(ip_hdr(*pskb)->daddr, 131 warn_if_extra_mangle(ip_hdr(skb)->daddr,
132 mr->range[0].min_ip); 132 mr->range[0].min_ip);
133 133
134 return nf_nat_setup_info(ct, &mr->range[0], hooknum); 134 return nf_nat_setup_info(ct, &mr->range[0], hooknum);
@@ -204,7 +204,7 @@ alloc_null_binding_confirmed(struct nf_conn *ct, unsigned int hooknum)
204 return nf_nat_setup_info(ct, &range, hooknum); 204 return nf_nat_setup_info(ct, &range, hooknum);
205} 205}
206 206
207int nf_nat_rule_find(struct sk_buff **pskb, 207int nf_nat_rule_find(struct sk_buff *skb,
208 unsigned int hooknum, 208 unsigned int hooknum,
209 const struct net_device *in, 209 const struct net_device *in,
210 const struct net_device *out, 210 const struct net_device *out,
@@ -212,7 +212,7 @@ int nf_nat_rule_find(struct sk_buff **pskb,
212{ 212{
213 int ret; 213 int ret;
214 214
215 ret = ipt_do_table(pskb, hooknum, in, out, &nat_table); 215 ret = ipt_do_table(skb, hooknum, in, out, &nat_table);
216 216
217 if (ret == NF_ACCEPT) { 217 if (ret == NF_ACCEPT) {
218 if (!nf_nat_initialized(ct, HOOK2MANIP(hooknum))) 218 if (!nf_nat_initialized(ct, HOOK2MANIP(hooknum)))
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c
index e14d41976c27..ce9edbcc01e3 100644
--- a/net/ipv4/netfilter/nf_nat_sip.c
+++ b/net/ipv4/netfilter/nf_nat_sip.c
@@ -60,7 +60,7 @@ static void addr_map_init(struct nf_conn *ct, struct addr_map *map)
60 } 60 }
61} 61}
62 62
63static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo, 63static int map_sip_addr(struct sk_buff *skb, enum ip_conntrack_info ctinfo,
64 struct nf_conn *ct, const char **dptr, size_t dlen, 64 struct nf_conn *ct, const char **dptr, size_t dlen,
65 enum sip_header_pos pos, struct addr_map *map) 65 enum sip_header_pos pos, struct addr_map *map)
66{ 66{
@@ -84,15 +84,15 @@ static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo,
84 } else 84 } else
85 return 1; 85 return 1;
86 86
87 if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, 87 if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
88 matchoff, matchlen, addr, addrlen)) 88 matchoff, matchlen, addr, addrlen))
89 return 0; 89 return 0;
90 *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr); 90 *dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
91 return 1; 91 return 1;
92 92
93} 93}
94 94
95static unsigned int ip_nat_sip(struct sk_buff **pskb, 95static unsigned int ip_nat_sip(struct sk_buff *skb,
96 enum ip_conntrack_info ctinfo, 96 enum ip_conntrack_info ctinfo,
97 struct nf_conn *ct, 97 struct nf_conn *ct,
98 const char **dptr) 98 const char **dptr)
@@ -101,8 +101,8 @@ static unsigned int ip_nat_sip(struct sk_buff **pskb,
101 struct addr_map map; 101 struct addr_map map;
102 int dataoff, datalen; 102 int dataoff, datalen;
103 103
104 dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); 104 dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);
105 datalen = (*pskb)->len - dataoff; 105 datalen = skb->len - dataoff;
106 if (datalen < sizeof("SIP/2.0") - 1) 106 if (datalen < sizeof("SIP/2.0") - 1)
107 return NF_ACCEPT; 107 return NF_ACCEPT;
108 108
@@ -121,19 +121,19 @@ static unsigned int ip_nat_sip(struct sk_buff **pskb,
121 else 121 else
122 pos = POS_REQ_URI; 122 pos = POS_REQ_URI;
123 123
124 if (!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, pos, &map)) 124 if (!map_sip_addr(skb, ctinfo, ct, dptr, datalen, pos, &map))
125 return NF_DROP; 125 return NF_DROP;
126 } 126 }
127 127
128 if (!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_FROM, &map) || 128 if (!map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_FROM, &map) ||
129 !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_TO, &map) || 129 !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_TO, &map) ||
130 !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_VIA, &map) || 130 !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_VIA, &map) ||
131 !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_CONTACT, &map)) 131 !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_CONTACT, &map))
132 return NF_DROP; 132 return NF_DROP;
133 return NF_ACCEPT; 133 return NF_ACCEPT;
134} 134}
135 135
136static unsigned int mangle_sip_packet(struct sk_buff **pskb, 136static unsigned int mangle_sip_packet(struct sk_buff *skb,
137 enum ip_conntrack_info ctinfo, 137 enum ip_conntrack_info ctinfo,
138 struct nf_conn *ct, 138 struct nf_conn *ct,
139 const char **dptr, size_t dlen, 139 const char **dptr, size_t dlen,
@@ -145,16 +145,16 @@ static unsigned int mangle_sip_packet(struct sk_buff **pskb,
145 if (ct_sip_get_info(ct, *dptr, dlen, &matchoff, &matchlen, pos) <= 0) 145 if (ct_sip_get_info(ct, *dptr, dlen, &matchoff, &matchlen, pos) <= 0)
146 return 0; 146 return 0;
147 147
148 if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, 148 if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
149 matchoff, matchlen, buffer, bufflen)) 149 matchoff, matchlen, buffer, bufflen))
150 return 0; 150 return 0;
151 151
152 /* We need to reload this. Thanks Patrick. */ 152 /* We need to reload this. Thanks Patrick. */
153 *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr); 153 *dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
154 return 1; 154 return 1;
155} 155}
156 156
157static int mangle_content_len(struct sk_buff **pskb, 157static int mangle_content_len(struct sk_buff *skb,
158 enum ip_conntrack_info ctinfo, 158 enum ip_conntrack_info ctinfo,
159 struct nf_conn *ct, 159 struct nf_conn *ct,
160 const char *dptr) 160 const char *dptr)
@@ -163,22 +163,22 @@ static int mangle_content_len(struct sk_buff **pskb,
163 char buffer[sizeof("65536")]; 163 char buffer[sizeof("65536")];
164 int bufflen; 164 int bufflen;
165 165
166 dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); 166 dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);
167 167
168 /* Get actual SDP lenght */ 168 /* Get actual SDP lenght */
169 if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff, 169 if (ct_sip_get_info(ct, dptr, skb->len - dataoff, &matchoff,
170 &matchlen, POS_SDP_HEADER) > 0) { 170 &matchlen, POS_SDP_HEADER) > 0) {
171 171
172 /* since ct_sip_get_info() give us a pointer passing 'v=' 172 /* since ct_sip_get_info() give us a pointer passing 'v='
173 we need to add 2 bytes in this count. */ 173 we need to add 2 bytes in this count. */
174 int c_len = (*pskb)->len - dataoff - matchoff + 2; 174 int c_len = skb->len - dataoff - matchoff + 2;
175 175
176 /* Now, update SDP length */ 176 /* Now, update SDP length */
177 if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff, 177 if (ct_sip_get_info(ct, dptr, skb->len - dataoff, &matchoff,
178 &matchlen, POS_CONTENT) > 0) { 178 &matchlen, POS_CONTENT) > 0) {
179 179
180 bufflen = sprintf(buffer, "%u", c_len); 180 bufflen = sprintf(buffer, "%u", c_len);
181 return nf_nat_mangle_udp_packet(pskb, ct, ctinfo, 181 return nf_nat_mangle_udp_packet(skb, ct, ctinfo,
182 matchoff, matchlen, 182 matchoff, matchlen,
183 buffer, bufflen); 183 buffer, bufflen);
184 } 184 }
@@ -186,7 +186,7 @@ static int mangle_content_len(struct sk_buff **pskb,
186 return 0; 186 return 0;
187} 187}
188 188
189static unsigned int mangle_sdp(struct sk_buff **pskb, 189static unsigned int mangle_sdp(struct sk_buff *skb,
190 enum ip_conntrack_info ctinfo, 190 enum ip_conntrack_info ctinfo,
191 struct nf_conn *ct, 191 struct nf_conn *ct,
192 __be32 newip, u_int16_t port, 192 __be32 newip, u_int16_t port,
@@ -195,25 +195,25 @@ static unsigned int mangle_sdp(struct sk_buff **pskb,
195 char buffer[sizeof("nnn.nnn.nnn.nnn")]; 195 char buffer[sizeof("nnn.nnn.nnn.nnn")];
196 unsigned int dataoff, bufflen; 196 unsigned int dataoff, bufflen;
197 197
198 dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); 198 dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);
199 199
200 /* Mangle owner and contact info. */ 200 /* Mangle owner and contact info. */
201 bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip)); 201 bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip));
202 if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, 202 if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,
203 buffer, bufflen, POS_OWNER_IP4)) 203 buffer, bufflen, POS_OWNER_IP4))
204 return 0; 204 return 0;
205 205
206 if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, 206 if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,
207 buffer, bufflen, POS_CONNECTION_IP4)) 207 buffer, bufflen, POS_CONNECTION_IP4))
208 return 0; 208 return 0;
209 209
210 /* Mangle media port. */ 210 /* Mangle media port. */
211 bufflen = sprintf(buffer, "%u", port); 211 bufflen = sprintf(buffer, "%u", port);
212 if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, 212 if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,
213 buffer, bufflen, POS_MEDIA)) 213 buffer, bufflen, POS_MEDIA))
214 return 0; 214 return 0;
215 215
216 return mangle_content_len(pskb, ctinfo, ct, dptr); 216 return mangle_content_len(skb, ctinfo, ct, dptr);
217} 217}
218 218
219static void ip_nat_sdp_expect(struct nf_conn *ct, 219static void ip_nat_sdp_expect(struct nf_conn *ct,
@@ -241,7 +241,7 @@ static void ip_nat_sdp_expect(struct nf_conn *ct,
241 241
242/* So, this packet has hit the connection tracking matching code. 242/* So, this packet has hit the connection tracking matching code.
243 Mangle it, and change the expectation to match the new version. */ 243 Mangle it, and change the expectation to match the new version. */
244static unsigned int ip_nat_sdp(struct sk_buff **pskb, 244static unsigned int ip_nat_sdp(struct sk_buff *skb,
245 enum ip_conntrack_info ctinfo, 245 enum ip_conntrack_info ctinfo,
246 struct nf_conntrack_expect *exp, 246 struct nf_conntrack_expect *exp,
247 const char *dptr) 247 const char *dptr)
@@ -277,7 +277,7 @@ static unsigned int ip_nat_sdp(struct sk_buff **pskb,
277 if (port == 0) 277 if (port == 0)
278 return NF_DROP; 278 return NF_DROP;
279 279
280 if (!mangle_sdp(pskb, ctinfo, ct, newip, port, dptr)) { 280 if (!mangle_sdp(skb, ctinfo, ct, newip, port, dptr)) {
281 nf_ct_unexpect_related(exp); 281 nf_ct_unexpect_related(exp);
282 return NF_DROP; 282 return NF_DROP;
283 } 283 }
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c
index 87011fe806ca..03709d6b4b06 100644
--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
@@ -1188,9 +1188,9 @@ static int snmp_parse_mangle(unsigned char *msg,
1188 */ 1188 */
1189static int snmp_translate(struct nf_conn *ct, 1189static int snmp_translate(struct nf_conn *ct,
1190 enum ip_conntrack_info ctinfo, 1190 enum ip_conntrack_info ctinfo,
1191 struct sk_buff **pskb) 1191 struct sk_buff *skb)
1192{ 1192{
1193 struct iphdr *iph = ip_hdr(*pskb); 1193 struct iphdr *iph = ip_hdr(skb);
1194 struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl); 1194 struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl);
1195 u_int16_t udplen = ntohs(udph->len); 1195 u_int16_t udplen = ntohs(udph->len);
1196 u_int16_t paylen = udplen - sizeof(struct udphdr); 1196 u_int16_t paylen = udplen - sizeof(struct udphdr);
@@ -1225,13 +1225,13 @@ static int snmp_translate(struct nf_conn *ct,
1225 1225
1226/* We don't actually set up expectations, just adjust internal IP 1226/* We don't actually set up expectations, just adjust internal IP
1227 * addresses if this is being NATted */ 1227 * addresses if this is being NATted */
1228static int help(struct sk_buff **pskb, unsigned int protoff, 1228static int help(struct sk_buff *skb, unsigned int protoff,
1229 struct nf_conn *ct, 1229 struct nf_conn *ct,
1230 enum ip_conntrack_info ctinfo) 1230 enum ip_conntrack_info ctinfo)
1231{ 1231{
1232 int dir = CTINFO2DIR(ctinfo); 1232 int dir = CTINFO2DIR(ctinfo);
1233 unsigned int ret; 1233 unsigned int ret;
1234 struct iphdr *iph = ip_hdr(*pskb); 1234 struct iphdr *iph = ip_hdr(skb);
1235 struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl); 1235 struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl);
1236 1236
1237 /* SNMP replies and originating SNMP traps get mangled */ 1237 /* SNMP replies and originating SNMP traps get mangled */
@@ -1250,7 +1250,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff,
1250 * enough room for a UDP header. Just verify the UDP length field so we 1250 * enough room for a UDP header. Just verify the UDP length field so we
1251 * can mess around with the payload. 1251 * can mess around with the payload.
1252 */ 1252 */
1253 if (ntohs(udph->len) != (*pskb)->len - (iph->ihl << 2)) { 1253 if (ntohs(udph->len) != skb->len - (iph->ihl << 2)) {
1254 if (net_ratelimit()) 1254 if (net_ratelimit())
1255 printk(KERN_WARNING "SNMP: dropping malformed packet " 1255 printk(KERN_WARNING "SNMP: dropping malformed packet "
1256 "src=%u.%u.%u.%u dst=%u.%u.%u.%u\n", 1256 "src=%u.%u.%u.%u dst=%u.%u.%u.%u\n",
@@ -1258,11 +1258,11 @@ static int help(struct sk_buff **pskb, unsigned int protoff,
1258 return NF_DROP; 1258 return NF_DROP;
1259 } 1259 }
1260 1260
1261 if (!skb_make_writable(*pskb, (*pskb)->len)) 1261 if (!skb_make_writable(skb, skb->len))
1262 return NF_DROP; 1262 return NF_DROP;
1263 1263
1264 spin_lock_bh(&snmp_lock); 1264 spin_lock_bh(&snmp_lock);
1265 ret = snmp_translate(ct, ctinfo, pskb); 1265 ret = snmp_translate(ct, ctinfo, skb);
1266 spin_unlock_bh(&snmp_lock); 1266 spin_unlock_bh(&snmp_lock);
1267 return ret; 1267 return ret;
1268} 1268}
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c
index 46cc99def165..7db76ea9af91 100644
--- a/net/ipv4/netfilter/nf_nat_standalone.c
+++ b/net/ipv4/netfilter/nf_nat_standalone.c
@@ -67,7 +67,7 @@ static void nat_decode_session(struct sk_buff *skb, struct flowi *fl)
67 67
68static unsigned int 68static unsigned int
69nf_nat_fn(unsigned int hooknum, 69nf_nat_fn(unsigned int hooknum,
70 struct sk_buff **pskb, 70 struct sk_buff *skb,
71 const struct net_device *in, 71 const struct net_device *in,
72 const struct net_device *out, 72 const struct net_device *out,
73 int (*okfn)(struct sk_buff *)) 73 int (*okfn)(struct sk_buff *))
@@ -80,9 +80,9 @@ nf_nat_fn(unsigned int hooknum,
80 80
81 /* We never see fragments: conntrack defrags on pre-routing 81 /* We never see fragments: conntrack defrags on pre-routing
82 and local-out, and nf_nat_out protects post-routing. */ 82 and local-out, and nf_nat_out protects post-routing. */
83 NF_CT_ASSERT(!(ip_hdr(*pskb)->frag_off & htons(IP_MF | IP_OFFSET))); 83 NF_CT_ASSERT(!(ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)));
84 84
85 ct = nf_ct_get(*pskb, &ctinfo); 85 ct = nf_ct_get(skb, &ctinfo);
86 /* Can't track? It's not due to stress, or conntrack would 86 /* Can't track? It's not due to stress, or conntrack would
87 have dropped it. Hence it's the user's responsibilty to 87 have dropped it. Hence it's the user's responsibilty to
88 packet filter it out, or implement conntrack/NAT for that 88 packet filter it out, or implement conntrack/NAT for that
@@ -91,10 +91,10 @@ nf_nat_fn(unsigned int hooknum,
91 /* Exception: ICMP redirect to new connection (not in 91 /* Exception: ICMP redirect to new connection (not in
92 hash table yet). We must not let this through, in 92 hash table yet). We must not let this through, in
93 case we're doing NAT to the same network. */ 93 case we're doing NAT to the same network. */
94 if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP) { 94 if (ip_hdr(skb)->protocol == IPPROTO_ICMP) {
95 struct icmphdr _hdr, *hp; 95 struct icmphdr _hdr, *hp;
96 96
97 hp = skb_header_pointer(*pskb, ip_hdrlen(*pskb), 97 hp = skb_header_pointer(skb, ip_hdrlen(skb),
98 sizeof(_hdr), &_hdr); 98 sizeof(_hdr), &_hdr);
99 if (hp != NULL && 99 if (hp != NULL &&
100 hp->type == ICMP_REDIRECT) 100 hp->type == ICMP_REDIRECT)
@@ -119,9 +119,9 @@ nf_nat_fn(unsigned int hooknum,
119 switch (ctinfo) { 119 switch (ctinfo) {
120 case IP_CT_RELATED: 120 case IP_CT_RELATED:
121 case IP_CT_RELATED+IP_CT_IS_REPLY: 121 case IP_CT_RELATED+IP_CT_IS_REPLY:
122 if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP) { 122 if (ip_hdr(skb)->protocol == IPPROTO_ICMP) {
123 if (!nf_nat_icmp_reply_translation(ct, ctinfo, 123 if (!nf_nat_icmp_reply_translation(ct, ctinfo,
124 hooknum, pskb)) 124 hooknum, skb))
125 return NF_DROP; 125 return NF_DROP;
126 else 126 else
127 return NF_ACCEPT; 127 return NF_ACCEPT;
@@ -141,7 +141,7 @@ nf_nat_fn(unsigned int hooknum,
141 /* LOCAL_IN hook doesn't have a chain! */ 141 /* LOCAL_IN hook doesn't have a chain! */
142 ret = alloc_null_binding(ct, hooknum); 142 ret = alloc_null_binding(ct, hooknum);
143 else 143 else
144 ret = nf_nat_rule_find(pskb, hooknum, in, out, 144 ret = nf_nat_rule_find(skb, hooknum, in, out,
145 ct); 145 ct);
146 146
147 if (ret != NF_ACCEPT) { 147 if (ret != NF_ACCEPT) {
@@ -159,31 +159,31 @@ nf_nat_fn(unsigned int hooknum,
159 ctinfo == (IP_CT_ESTABLISHED+IP_CT_IS_REPLY)); 159 ctinfo == (IP_CT_ESTABLISHED+IP_CT_IS_REPLY));
160 } 160 }
161 161
162 return nf_nat_packet(ct, ctinfo, hooknum, pskb); 162 return nf_nat_packet(ct, ctinfo, hooknum, skb);
163} 163}
164 164
165static unsigned int 165static unsigned int
166nf_nat_in(unsigned int hooknum, 166nf_nat_in(unsigned int hooknum,
167 struct sk_buff **pskb, 167 struct sk_buff *skb,
168 const struct net_device *in, 168 const struct net_device *in,
169 const struct net_device *out, 169 const struct net_device *out,
170 int (*okfn)(struct sk_buff *)) 170 int (*okfn)(struct sk_buff *))
171{ 171{
172 unsigned int ret; 172 unsigned int ret;
173 __be32 daddr = ip_hdr(*pskb)->daddr; 173 __be32 daddr = ip_hdr(skb)->daddr;
174 174
175 ret = nf_nat_fn(hooknum, pskb, in, out, okfn); 175 ret = nf_nat_fn(hooknum, skb, in, out, okfn);
176 if (ret != NF_DROP && ret != NF_STOLEN && 176 if (ret != NF_DROP && ret != NF_STOLEN &&
177 daddr != ip_hdr(*pskb)->daddr) { 177 daddr != ip_hdr(skb)->daddr) {
178 dst_release((*pskb)->dst); 178 dst_release(skb->dst);
179 (*pskb)->dst = NULL; 179 skb->dst = NULL;
180 } 180 }
181 return ret; 181 return ret;
182} 182}
183 183
184static unsigned int 184static unsigned int
185nf_nat_out(unsigned int hooknum, 185nf_nat_out(unsigned int hooknum,
186 struct sk_buff **pskb, 186 struct sk_buff *skb,
187 const struct net_device *in, 187 const struct net_device *in,
188 const struct net_device *out, 188 const struct net_device *out,
189 int (*okfn)(struct sk_buff *)) 189 int (*okfn)(struct sk_buff *))
@@ -195,14 +195,14 @@ nf_nat_out(unsigned int hooknum,
195 unsigned int ret; 195 unsigned int ret;
196 196
197 /* root is playing with raw sockets. */ 197 /* root is playing with raw sockets. */
198 if ((*pskb)->len < sizeof(struct iphdr) || 198 if (skb->len < sizeof(struct iphdr) ||
199 ip_hdrlen(*pskb) < sizeof(struct iphdr)) 199 ip_hdrlen(skb) < sizeof(struct iphdr))
200 return NF_ACCEPT; 200 return NF_ACCEPT;
201 201
202 ret = nf_nat_fn(hooknum, pskb, in, out, okfn); 202 ret = nf_nat_fn(hooknum, skb, in, out, okfn);
203#ifdef CONFIG_XFRM 203#ifdef CONFIG_XFRM
204 if (ret != NF_DROP && ret != NF_STOLEN && 204 if (ret != NF_DROP && ret != NF_STOLEN &&
205 (ct = nf_ct_get(*pskb, &ctinfo)) != NULL) { 205 (ct = nf_ct_get(skb, &ctinfo)) != NULL) {
206 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 206 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
207 207
208 if (ct->tuplehash[dir].tuple.src.u3.ip != 208 if (ct->tuplehash[dir].tuple.src.u3.ip !=
@@ -210,7 +210,7 @@ nf_nat_out(unsigned int hooknum,
210 || ct->tuplehash[dir].tuple.src.u.all != 210 || ct->tuplehash[dir].tuple.src.u.all !=
211 ct->tuplehash[!dir].tuple.dst.u.all 211 ct->tuplehash[!dir].tuple.dst.u.all
212 ) 212 )
213 return ip_xfrm_me_harder(pskb) == 0 ? ret : NF_DROP; 213 return ip_xfrm_me_harder(skb) == 0 ? ret : NF_DROP;
214 } 214 }
215#endif 215#endif
216 return ret; 216 return ret;
@@ -218,7 +218,7 @@ nf_nat_out(unsigned int hooknum,
218 218
219static unsigned int 219static unsigned int
220nf_nat_local_fn(unsigned int hooknum, 220nf_nat_local_fn(unsigned int hooknum,
221 struct sk_buff **pskb, 221 struct sk_buff *skb,
222 const struct net_device *in, 222 const struct net_device *in,
223 const struct net_device *out, 223 const struct net_device *out,
224 int (*okfn)(struct sk_buff *)) 224 int (*okfn)(struct sk_buff *))
@@ -228,24 +228,24 @@ nf_nat_local_fn(unsigned int hooknum,
228 unsigned int ret; 228 unsigned int ret;
229 229
230 /* root is playing with raw sockets. */ 230 /* root is playing with raw sockets. */
231 if ((*pskb)->len < sizeof(struct iphdr) || 231 if (skb->len < sizeof(struct iphdr) ||
232 ip_hdrlen(*pskb) < sizeof(struct iphdr)) 232 ip_hdrlen(skb) < sizeof(struct iphdr))
233 return NF_ACCEPT; 233 return NF_ACCEPT;
234 234
235 ret = nf_nat_fn(hooknum, pskb, in, out, okfn); 235 ret = nf_nat_fn(hooknum, skb, in, out, okfn);
236 if (ret != NF_DROP && ret != NF_STOLEN && 236 if (ret != NF_DROP && ret != NF_STOLEN &&
237 (ct = nf_ct_get(*pskb, &ctinfo)) != NULL) { 237 (ct = nf_ct_get(skb, &ctinfo)) != NULL) {
238 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 238 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
239 239
240 if (ct->tuplehash[dir].tuple.dst.u3.ip != 240 if (ct->tuplehash[dir].tuple.dst.u3.ip !=
241 ct->tuplehash[!dir].tuple.src.u3.ip) { 241 ct->tuplehash[!dir].tuple.src.u3.ip) {
242 if (ip_route_me_harder(pskb, RTN_UNSPEC)) 242 if (ip_route_me_harder(skb, RTN_UNSPEC))
243 ret = NF_DROP; 243 ret = NF_DROP;
244 } 244 }
245#ifdef CONFIG_XFRM 245#ifdef CONFIG_XFRM
246 else if (ct->tuplehash[dir].tuple.dst.u.all != 246 else if (ct->tuplehash[dir].tuple.dst.u.all !=
247 ct->tuplehash[!dir].tuple.src.u.all) 247 ct->tuplehash[!dir].tuple.src.u.all)
248 if (ip_xfrm_me_harder(pskb)) 248 if (ip_xfrm_me_harder(skb))
249 ret = NF_DROP; 249 ret = NF_DROP;
250#endif 250#endif
251 } 251 }
@@ -254,7 +254,7 @@ nf_nat_local_fn(unsigned int hooknum,
254 254
255static unsigned int 255static unsigned int
256nf_nat_adjust(unsigned int hooknum, 256nf_nat_adjust(unsigned int hooknum,
257 struct sk_buff **pskb, 257 struct sk_buff *skb,
258 const struct net_device *in, 258 const struct net_device *in,
259 const struct net_device *out, 259 const struct net_device *out,
260 int (*okfn)(struct sk_buff *)) 260 int (*okfn)(struct sk_buff *))
@@ -262,10 +262,10 @@ nf_nat_adjust(unsigned int hooknum,
262 struct nf_conn *ct; 262 struct nf_conn *ct;
263 enum ip_conntrack_info ctinfo; 263 enum ip_conntrack_info ctinfo;
264 264
265 ct = nf_ct_get(*pskb, &ctinfo); 265 ct = nf_ct_get(skb, &ctinfo);
266 if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) { 266 if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) {
267 pr_debug("nf_nat_standalone: adjusting sequence number\n"); 267 pr_debug("nf_nat_standalone: adjusting sequence number\n");
268 if (!nf_nat_seq_adjust(pskb, ct, ctinfo)) 268 if (!nf_nat_seq_adjust(skb, ct, ctinfo))
269 return NF_DROP; 269 return NF_DROP;
270 } 270 }
271 return NF_ACCEPT; 271 return NF_ACCEPT;
diff --git a/net/ipv4/netfilter/nf_nat_tftp.c b/net/ipv4/netfilter/nf_nat_tftp.c
index 04dfeaefec02..0ecec701cb44 100644
--- a/net/ipv4/netfilter/nf_nat_tftp.c
+++ b/net/ipv4/netfilter/nf_nat_tftp.c
@@ -20,7 +20,7 @@ MODULE_DESCRIPTION("TFTP NAT helper");
20MODULE_LICENSE("GPL"); 20MODULE_LICENSE("GPL");
21MODULE_ALIAS("ip_nat_tftp"); 21MODULE_ALIAS("ip_nat_tftp");
22 22
23static unsigned int help(struct sk_buff **pskb, 23static unsigned int help(struct sk_buff *skb,
24 enum ip_conntrack_info ctinfo, 24 enum ip_conntrack_info ctinfo,
25 struct nf_conntrack_expect *exp) 25 struct nf_conntrack_expect *exp)
26{ 26{
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index 434ef302ba83..a4edd666318b 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -78,7 +78,7 @@ static int xfrm4_output_finish2(struct sk_buff *skb)
78 while (likely((err = xfrm4_output_one(skb)) == 0)) { 78 while (likely((err = xfrm4_output_one(skb)) == 0)) {
79 nf_reset(skb); 79 nf_reset(skb);
80 80
81 err = nf_hook(PF_INET, NF_IP_LOCAL_OUT, &skb, NULL, 81 err = nf_hook(PF_INET, NF_IP_LOCAL_OUT, skb, NULL,
82 skb->dst->dev, dst_output); 82 skb->dst->dev, dst_output);
83 if (unlikely(err != 1)) 83 if (unlikely(err != 1))
84 break; 84 break;
@@ -86,7 +86,7 @@ static int xfrm4_output_finish2(struct sk_buff *skb)
86 if (!skb->dst->xfrm) 86 if (!skb->dst->xfrm)
87 return dst_output(skb); 87 return dst_output(skb);
88 88
89 err = nf_hook(PF_INET, NF_IP_POST_ROUTING, &skb, NULL, 89 err = nf_hook(PF_INET, NF_IP_POST_ROUTING, skb, NULL,
90 skb->dst->dev, xfrm4_output_finish2); 90 skb->dst->dev, xfrm4_output_finish2);
91 if (unlikely(err != 1)) 91 if (unlikely(err != 1))
92 break; 92 break;
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-10 12:28:11 -0500