aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorArnaldo Carvalho de Melo <acme@redhat.com>2007-04-21 01:47:35 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-04-26 01:25:10 -0400
commiteddc9ec53be2ecdbf4efe0efd4a83052594f0ac0 (patch)
tree4a38ab4dbd9d61fdf5a5ea6ed61463e0b9e33ba7 /net/ipv4
parente023dd643798c4f06c16466af90b4d250e4b8bd7 (diff)
[SK_BUFF]: Introduce ip_hdr(), remove skb->nh.iph
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/af_inet.c10
-rw-r--r--net/ipv4/ah4.c4
-rw-r--r--net/ipv4/arp.c6
-rw-r--r--net/ipv4/cipso_ipv4.c2
-rw-r--r--net/ipv4/esp4.c4
-rw-r--r--net/ipv4/icmp.c10
-rw-r--r--net/ipv4/igmp.c14
-rw-r--r--net/ipv4/ip_forward.c4
-rw-r--r--net/ipv4/ip_fragment.c7
-rw-r--r--net/ipv4/ip_gre.c10
-rw-r--r--net/ipv4/ip_input.c18
-rw-r--r--net/ipv4/ip_options.c14
-rw-r--r--net/ipv4/ip_output.c20
-rw-r--r--net/ipv4/ip_sockglue.c13
-rw-r--r--net/ipv4/ipcomp.c50
-rw-r--r--net/ipv4/ipconfig.c6
-rw-r--r--net/ipv4/ipip.c15
-rw-r--r--net/ipv4/ipmr.c55
-rw-r--r--net/ipv4/ipvs/ip_vs_app.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_core.c38
-rw-r--r--net/ipv4/ipvs/ip_vs_dh.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_ftp.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_lblc.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_lblcr.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_proto_tcp.c12
-rw-r--r--net/ipv4/ipvs/ip_vs_proto_udp.c14
-rw-r--r--net/ipv4/ipvs/ip_vs_sh.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_xmit.c24
-rw-r--r--net/ipv4/netfilter.c8
-rw-r--r--net/ipv4/netfilter/ip_conntrack_core.c20
-rw-r--r--net/ipv4/netfilter/ip_conntrack_helper_h323.c12
-rw-r--r--net/ipv4/netfilter/ip_conntrack_netbios_ns.c2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_sctp.c4
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_tcp.c16
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_udp.c8
-rw-r--r--net/ipv4/netfilter/ip_conntrack_standalone.c2
-rw-r--r--net/ipv4/netfilter/ip_nat_helper.c12
-rw-r--r--net/ipv4/netfilter/ip_nat_helper_h323.c2
-rw-r--r--net/ipv4/netfilter/ip_nat_rule.c2
-rw-r--r--net/ipv4/netfilter/ip_nat_snmp_basic.c4
-rw-r--r--net/ipv4/netfilter/ip_nat_standalone.c10
-rw-r--r--net/ipv4/netfilter/ip_tables.c4
-rw-r--r--net/ipv4/netfilter/ipt_CLUSTERIP.c4
-rw-r--r--net/ipv4/netfilter/ipt_ECN.c8
-rw-r--r--net/ipv4/netfilter/ipt_NETMAP.c4
-rw-r--r--net/ipv4/netfilter/ipt_REJECT.c26
-rw-r--r--net/ipv4/netfilter/ipt_TOS.c4
-rw-r--r--net/ipv4/netfilter/ipt_TTL.c2
-rw-r--r--net/ipv4/netfilter/ipt_addrtype.c2
-rw-r--r--net/ipv4/netfilter/ipt_ecn.c4
-rw-r--r--net/ipv4/netfilter/ipt_iprange.c2
-rw-r--r--net/ipv4/netfilter/ipt_recent.c6
-rw-r--r--net/ipv4/netfilter/ipt_tos.c2
-rw-r--r--net/ipv4/netfilter/ipt_ttl.c9
-rw-r--r--net/ipv4/netfilter/iptable_mangle.c25
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c10
-rw-r--r--net/ipv4/netfilter/nf_nat_h323.c2
-rw-r--r--net/ipv4/netfilter/nf_nat_helper.c12
-rw-r--r--net/ipv4/netfilter/nf_nat_rule.c2
-rw-r--r--net/ipv4/netfilter/nf_nat_snmp_basic.c4
-rw-r--r--net/ipv4/netfilter/nf_nat_standalone.c11
-rw-r--r--net/ipv4/raw.c4
-rw-r--r--net/ipv4/route.c6
-rw-r--r--net/ipv4/syncookies.c8
-rw-r--r--net/ipv4/tcp_ipv4.c64
-rw-r--r--net/ipv4/udp.c17
-rw-r--r--net/ipv4/xfrm4_input.c21
-rw-r--r--net/ipv4/xfrm4_mode_beet.c10
-rw-r--r--net/ipv4/xfrm4_mode_transport.c11
-rw-r--r--net/ipv4/xfrm4_mode_tunnel.c10
-rw-r--r--net/ipv4/xfrm4_output.c3
-rw-r--r--net/ipv4/xfrm4_policy.c2
-rw-r--r--net/ipv4/xfrm4_tunnel.c3
73 files changed, 379 insertions, 391 deletions
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index ab552a6098f9..e7720c72a6e2 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1112,7 +1112,7 @@ static int inet_gso_send_check(struct sk_buff *skb)
1112 if (unlikely(!pskb_may_pull(skb, sizeof(*iph)))) 1112 if (unlikely(!pskb_may_pull(skb, sizeof(*iph))))
1113 goto out; 1113 goto out;
1114 1114
1115 iph = skb->nh.iph; 1115 iph = ip_hdr(skb);
1116 ihl = iph->ihl * 4; 1116 ihl = iph->ihl * 4;
1117 if (ihl < sizeof(*iph)) 1117 if (ihl < sizeof(*iph))
1118 goto out; 1118 goto out;
@@ -1121,7 +1121,7 @@ static int inet_gso_send_check(struct sk_buff *skb)
1121 goto out; 1121 goto out;
1122 1122
1123 skb->h.raw = __skb_pull(skb, ihl); 1123 skb->h.raw = __skb_pull(skb, ihl);
1124 iph = skb->nh.iph; 1124 iph = ip_hdr(skb);
1125 proto = iph->protocol & (MAX_INET_PROTOS - 1); 1125 proto = iph->protocol & (MAX_INET_PROTOS - 1);
1126 err = -EPROTONOSUPPORT; 1126 err = -EPROTONOSUPPORT;
1127 1127
@@ -1155,7 +1155,7 @@ static struct sk_buff *inet_gso_segment(struct sk_buff *skb, int features)
1155 if (unlikely(!pskb_may_pull(skb, sizeof(*iph)))) 1155 if (unlikely(!pskb_may_pull(skb, sizeof(*iph))))
1156 goto out; 1156 goto out;
1157 1157
1158 iph = skb->nh.iph; 1158 iph = ip_hdr(skb);
1159 ihl = iph->ihl * 4; 1159 ihl = iph->ihl * 4;
1160 if (ihl < sizeof(*iph)) 1160 if (ihl < sizeof(*iph))
1161 goto out; 1161 goto out;
@@ -1164,7 +1164,7 @@ static struct sk_buff *inet_gso_segment(struct sk_buff *skb, int features)
1164 goto out; 1164 goto out;
1165 1165
1166 skb->h.raw = __skb_pull(skb, ihl); 1166 skb->h.raw = __skb_pull(skb, ihl);
1167 iph = skb->nh.iph; 1167 iph = ip_hdr(skb);
1168 id = ntohs(iph->id); 1168 id = ntohs(iph->id);
1169 proto = iph->protocol & (MAX_INET_PROTOS - 1); 1169 proto = iph->protocol & (MAX_INET_PROTOS - 1);
1170 segs = ERR_PTR(-EPROTONOSUPPORT); 1170 segs = ERR_PTR(-EPROTONOSUPPORT);
@@ -1180,7 +1180,7 @@ static struct sk_buff *inet_gso_segment(struct sk_buff *skb, int features)
1180 1180
1181 skb = segs; 1181 skb = segs;
1182 do { 1182 do {
1183 iph = skb->nh.iph; 1183 iph = ip_hdr(skb);
1184 iph->id = htons(id++); 1184 iph->id = htons(id++);
1185 iph->tot_len = htons(skb->len - skb->mac_len); 1185 iph->tot_len = htons(skb->len - skb->mac_len);
1186 iph->check = 0; 1186 iph->check = 0;
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
index 95ddbbd1552a..00fd31da252e 100644
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@@ -65,7 +65,7 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb)
65 char buf[60]; 65 char buf[60];
66 } tmp_iph; 66 } tmp_iph;
67 67
68 top_iph = skb->nh.iph; 68 top_iph = ip_hdr(skb);
69 iph = &tmp_iph.iph; 69 iph = &tmp_iph.iph;
70 70
71 iph->tos = top_iph->tos; 71 iph->tos = top_iph->tos;
@@ -152,7 +152,7 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb)
152 skb->ip_summed = CHECKSUM_NONE; 152 skb->ip_summed = CHECKSUM_NONE;
153 153
154 ah = (struct ip_auth_hdr*)skb->data; 154 ah = (struct ip_auth_hdr*)skb->data;
155 iph = skb->nh.iph; 155 iph = ip_hdr(skb);
156 156
157 ihl = skb->data - skb_network_header(skb); 157 ihl = skb->data - skb_network_header(skb);
158 memcpy(work_buf, iph, ihl); 158 memcpy(work_buf, iph, ihl);
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index fd36eebbd90a..01d0e8dd17d8 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -342,13 +342,13 @@ static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb)
342 switch (IN_DEV_ARP_ANNOUNCE(in_dev)) { 342 switch (IN_DEV_ARP_ANNOUNCE(in_dev)) {
343 default: 343 default:
344 case 0: /* By default announce any local IP */ 344 case 0: /* By default announce any local IP */
345 if (skb && inet_addr_type(skb->nh.iph->saddr) == RTN_LOCAL) 345 if (skb && inet_addr_type(ip_hdr(skb)->saddr) == RTN_LOCAL)
346 saddr = skb->nh.iph->saddr; 346 saddr = ip_hdr(skb)->saddr;
347 break; 347 break;
348 case 1: /* Restrict announcements of saddr in same subnet */ 348 case 1: /* Restrict announcements of saddr in same subnet */
349 if (!skb) 349 if (!skb)
350 break; 350 break;
351 saddr = skb->nh.iph->saddr; 351 saddr = ip_hdr(skb)->saddr;
352 if (inet_addr_type(saddr) == RTN_LOCAL) { 352 if (inet_addr_type(saddr) == RTN_LOCAL) {
353 /* saddr should be known to target */ 353 /* saddr should be known to target */
354 if (inet_addr_onlink(in_dev, target, saddr)) 354 if (inet_addr_onlink(in_dev, target, saddr))
diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index b0182aa2c81a..11a3404d65af 100644
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -1676,7 +1676,7 @@ validate_return:
1676 */ 1676 */
1677void cipso_v4_error(struct sk_buff *skb, int error, u32 gateway) 1677void cipso_v4_error(struct sk_buff *skb, int error, u32 gateway)
1678{ 1678{
1679 if (skb->nh.iph->protocol == IPPROTO_ICMP || error != -EACCES) 1679 if (ip_hdr(skb)->protocol == IPPROTO_ICMP || error != -EACCES)
1680 return; 1680 return;
1681 1681
1682 if (gateway) 1682 if (gateway)
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 222d21e5bbeb..ed3deed66445 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -58,7 +58,7 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
58 pskb_put(skb, trailer, clen - skb->len); 58 pskb_put(skb, trailer, clen - skb->len);
59 59
60 __skb_push(skb, skb->data - skb_network_header(skb)); 60 __skb_push(skb, skb->data - skb_network_header(skb));
61 top_iph = skb->nh.iph; 61 top_iph = ip_hdr(skb);
62 esph = (struct ip_esp_hdr *)(skb_network_header(skb) + 62 esph = (struct ip_esp_hdr *)(skb_network_header(skb) +
63 top_iph->ihl * 4); 63 top_iph->ihl * 4);
64 top_iph->tot_len = htons(skb->len + alen); 64 top_iph->tot_len = htons(skb->len + alen);
@@ -218,7 +218,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
218 218
219 /* ... check padding bits here. Silly. :-) */ 219 /* ... check padding bits here. Silly. :-) */
220 220
221 iph = skb->nh.iph; 221 iph = ip_hdr(skb);
222 ihl = iph->ihl * 4; 222 ihl = iph->ihl * 4;
223 223
224 if (x->encap) { 224 if (x->encap) {
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index ff124d40c585..4d70c21c50aa 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -392,7 +392,7 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb)
392 icmp_param->data.icmph.checksum = 0; 392 icmp_param->data.icmph.checksum = 0;
393 icmp_out_count(icmp_param->data.icmph.type); 393 icmp_out_count(icmp_param->data.icmph.type);
394 394
395 inet->tos = skb->nh.iph->tos; 395 inet->tos = ip_hdr(skb)->tos;
396 daddr = ipc.addr = rt->rt_src; 396 daddr = ipc.addr = rt->rt_src;
397 ipc.opt = NULL; 397 ipc.opt = NULL;
398 if (icmp_param->replyopts.optlen) { 398 if (icmp_param->replyopts.optlen) {
@@ -404,7 +404,7 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb)
404 struct flowi fl = { .nl_u = { .ip4_u = 404 struct flowi fl = { .nl_u = { .ip4_u =
405 { .daddr = daddr, 405 { .daddr = daddr,
406 .saddr = rt->rt_spec_dst, 406 .saddr = rt->rt_spec_dst,
407 .tos = RT_TOS(skb->nh.iph->tos) } }, 407 .tos = RT_TOS(ip_hdr(skb)->tos) } },
408 .proto = IPPROTO_ICMP }; 408 .proto = IPPROTO_ICMP };
409 security_skb_classify_flow(skb, &fl); 409 security_skb_classify_flow(skb, &fl);
410 if (ip_route_output_key(&rt, &fl)) 410 if (ip_route_output_key(&rt, &fl))
@@ -448,7 +448,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
448 * Check this, icmp_send is called from the most obscure devices 448 * Check this, icmp_send is called from the most obscure devices
449 * sometimes. 449 * sometimes.
450 */ 450 */
451 iph = skb_in->nh.iph; 451 iph = ip_hdr(skb_in);
452 452
453 if ((u8 *)iph < skb_in->head || (u8 *)(iph + 1) > skb_in->tail) 453 if ((u8 *)iph < skb_in->head || (u8 *)(iph + 1) > skb_in->tail)
454 goto out; 454 goto out;
@@ -676,7 +676,7 @@ static void icmp_unreach(struct sk_buff *skb)
676 printk(KERN_WARNING "%u.%u.%u.%u sent an invalid ICMP " 676 printk(KERN_WARNING "%u.%u.%u.%u sent an invalid ICMP "
677 "type %u, code %u " 677 "type %u, code %u "
678 "error to a broadcast: %u.%u.%u.%u on %s\n", 678 "error to a broadcast: %u.%u.%u.%u on %s\n",
679 NIPQUAD(skb->nh.iph->saddr), 679 NIPQUAD(ip_hdr(skb)->saddr),
680 icmph->type, icmph->code, 680 icmph->type, icmph->code,
681 NIPQUAD(iph->daddr), 681 NIPQUAD(iph->daddr),
682 skb->dev->name); 682 skb->dev->name);
@@ -751,7 +751,7 @@ static void icmp_redirect(struct sk_buff *skb)
751 */ 751 */
752 case ICMP_REDIR_HOST: 752 case ICMP_REDIR_HOST:
753 case ICMP_REDIR_HOSTTOS: 753 case ICMP_REDIR_HOSTTOS:
754 ip_rt_redirect(skb->nh.iph->saddr, iph->daddr, 754 ip_rt_redirect(ip_hdr(skb)->saddr, iph->daddr,
755 skb->h.icmph->un.gateway, 755 skb->h.icmph->un.gateway,
756 iph->saddr, skb->dev); 756 iph->saddr, skb->dev);
757 break; 757 break;
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index 0687a7235a6c..f511d03e2439 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -315,7 +315,7 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size)
315 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 315 skb_reserve(skb, LL_RESERVED_SPACE(dev));
316 316
317 skb_reset_network_header(skb); 317 skb_reset_network_header(skb);
318 pip = skb->nh.iph; 318 pip = ip_hdr(skb);
319 skb_put(skb, sizeof(struct iphdr) + 4); 319 skb_put(skb, sizeof(struct iphdr) + 4);
320 320
321 pip->version = 4; 321 pip->version = 4;
@@ -345,16 +345,14 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size)
345 345
346static int igmpv3_sendpack(struct sk_buff *skb) 346static int igmpv3_sendpack(struct sk_buff *skb)
347{ 347{
348 struct iphdr *pip = skb->nh.iph; 348 struct iphdr *pip = ip_hdr(skb);
349 struct igmphdr *pig = skb->h.igmph; 349 struct igmphdr *pig = skb->h.igmph;
350 int iplen, igmplen; 350 const int iplen = skb->tail - skb->nh.raw;
351 const int igmplen = skb->tail - skb->h.raw;
351 352
352 iplen = skb->tail - (unsigned char *)skb->nh.iph;
353 pip->tot_len = htons(iplen); 353 pip->tot_len = htons(iplen);
354 ip_send_check(pip); 354 ip_send_check(pip);
355 355 pig->csum = ip_compute_csum(skb->h.igmph, igmplen);
356 igmplen = skb->tail - (unsigned char *)skb->h.igmph;
357 pig->csum = ip_compute_csum((void *)skb->h.igmph, igmplen);
358 356
359 return NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, skb->dev, 357 return NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, skb->dev,
360 dst_output); 358 dst_output);
@@ -667,7 +665,7 @@ static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc,
667 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 665 skb_reserve(skb, LL_RESERVED_SPACE(dev));
668 666
669 skb_reset_network_header(skb); 667 skb_reset_network_header(skb);
670 iph = skb->nh.iph; 668 iph = ip_hdr(skb);
671 skb_put(skb, sizeof(struct iphdr) + 4); 669 skb_put(skb, sizeof(struct iphdr) + 4);
672 670
673 iph->version = 4; 671 iph->version = 4;
diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index 369e721c4bab..467ebedb99ba 100644
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -74,7 +74,7 @@ int ip_forward(struct sk_buff *skb)
74 * that reaches zero, we must reply an ICMP control message telling 74 * that reaches zero, we must reply an ICMP control message telling
75 * that the packet's lifetime expired. 75 * that the packet's lifetime expired.
76 */ 76 */
77 if (skb->nh.iph->ttl <= 1) 77 if (ip_hdr(skb)->ttl <= 1)
78 goto too_many_hops; 78 goto too_many_hops;
79 79
80 if (!xfrm4_route_forward(skb)) 80 if (!xfrm4_route_forward(skb))
@@ -88,7 +88,7 @@ int ip_forward(struct sk_buff *skb)
88 /* We are about to mangle packet. Copy it! */ 88 /* We are about to mangle packet. Copy it! */
89 if (skb_cow(skb, LL_RESERVED_SPACE(rt->u.dst.dev)+rt->u.dst.header_len)) 89 if (skb_cow(skb, LL_RESERVED_SPACE(rt->u.dst.dev)+rt->u.dst.header_len))
90 goto drop; 90 goto drop;
91 iph = skb->nh.iph; 91 iph = ip_hdr(skb);
92 92
93 /* Decrease ttl after skb cow done */ 93 /* Decrease ttl after skb cow done */
94 ip_decrease_ttl(iph); 94 ip_decrease_ttl(iph);
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index af120b2d5331..0231bdcb2ab7 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -479,7 +479,7 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb)
479 goto err; 479 goto err;
480 } 480 }
481 481
482 offset = ntohs(skb->nh.iph->frag_off); 482 offset = ntohs(ip_hdr(skb)->frag_off);
483 flags = offset & ~IP_OFFSET; 483 flags = offset & ~IP_OFFSET;
484 offset &= IP_OFFSET; 484 offset &= IP_OFFSET;
485 offset <<= 3; /* offset is in 8-byte chunks */ 485 offset <<= 3; /* offset is in 8-byte chunks */
@@ -676,7 +676,7 @@ static struct sk_buff *ip_frag_reasm(struct ipq *qp, struct net_device *dev)
676 head->dev = dev; 676 head->dev = dev;
677 head->tstamp = qp->stamp; 677 head->tstamp = qp->stamp;
678 678
679 iph = head->nh.iph; 679 iph = ip_hdr(head);
680 iph->frag_off = 0; 680 iph->frag_off = 0;
681 iph->tot_len = htons(len); 681 iph->tot_len = htons(len);
682 IP_INC_STATS_BH(IPSTATS_MIB_REASMOKS); 682 IP_INC_STATS_BH(IPSTATS_MIB_REASMOKS);
@@ -700,7 +700,6 @@ out_fail:
700/* Process an incoming IP datagram fragment. */ 700/* Process an incoming IP datagram fragment. */
701struct sk_buff *ip_defrag(struct sk_buff *skb, u32 user) 701struct sk_buff *ip_defrag(struct sk_buff *skb, u32 user)
702{ 702{
703 struct iphdr *iph = skb->nh.iph;
704 struct ipq *qp; 703 struct ipq *qp;
705 struct net_device *dev; 704 struct net_device *dev;
706 705
@@ -713,7 +712,7 @@ struct sk_buff *ip_defrag(struct sk_buff *skb, u32 user)
713 dev = skb->dev; 712 dev = skb->dev;
714 713
715 /* Lookup (or create) queue header */ 714 /* Lookup (or create) queue header */
716 if ((qp = ip_find(iph, user)) != NULL) { 715 if ((qp = ip_find(ip_hdr(skb), user)) != NULL) {
717 struct sk_buff *ret = NULL; 716 struct sk_buff *ret = NULL;
718 717
719 spin_lock(&qp->lock); 718 spin_lock(&qp->lock);
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index 7c6fda6fe846..851f46b910f2 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -533,7 +533,7 @@ static inline void ipgre_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb)
533{ 533{
534 if (INET_ECN_is_ce(iph->tos)) { 534 if (INET_ECN_is_ce(iph->tos)) {
535 if (skb->protocol == htons(ETH_P_IP)) { 535 if (skb->protocol == htons(ETH_P_IP)) {
536 IP_ECN_set_ce(skb->nh.iph); 536 IP_ECN_set_ce(ip_hdr(skb));
537 } else if (skb->protocol == htons(ETH_P_IPV6)) { 537 } else if (skb->protocol == htons(ETH_P_IPV6)) {
538 IP6_ECN_set_ce(skb->nh.ipv6h); 538 IP6_ECN_set_ce(skb->nh.ipv6h);
539 } 539 }
@@ -565,7 +565,7 @@ static int ipgre_rcv(struct sk_buff *skb)
565 if (!pskb_may_pull(skb, 16)) 565 if (!pskb_may_pull(skb, 16))
566 goto drop_nolock; 566 goto drop_nolock;
567 567
568 iph = skb->nh.iph; 568 iph = ip_hdr(skb);
569 h = skb->data; 569 h = skb->data;
570 flags = *(__be16*)h; 570 flags = *(__be16*)h;
571 571
@@ -670,7 +670,7 @@ static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
670{ 670{
671 struct ip_tunnel *tunnel = netdev_priv(dev); 671 struct ip_tunnel *tunnel = netdev_priv(dev);
672 struct net_device_stats *stats = &tunnel->stat; 672 struct net_device_stats *stats = &tunnel->stat;
673 struct iphdr *old_iph = skb->nh.iph; 673 struct iphdr *old_iph = ip_hdr(skb);
674 struct iphdr *tiph; 674 struct iphdr *tiph;
675 u8 tos; 675 u8 tos;
676 __be16 df; 676 __be16 df;
@@ -825,7 +825,7 @@ static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
825 skb_set_owner_w(new_skb, skb->sk); 825 skb_set_owner_w(new_skb, skb->sk);
826 dev_kfree_skb(skb); 826 dev_kfree_skb(skb);
827 skb = new_skb; 827 skb = new_skb;
828 old_iph = skb->nh.iph; 828 old_iph = ip_hdr(skb);
829 } 829 }
830 830
831 skb->h.raw = skb->nh.raw; 831 skb->h.raw = skb->nh.raw;
@@ -841,7 +841,7 @@ static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
841 * Push down and install the IPIP header. 841 * Push down and install the IPIP header.
842 */ 842 */
843 843
844 iph = skb->nh.iph; 844 iph = ip_hdr(skb);
845 iph->version = 4; 845 iph->version = 4;
846 iph->ihl = sizeof(struct iphdr) >> 2; 846 iph->ihl = sizeof(struct iphdr) >> 2;
847 iph->frag_off = df; 847 iph->frag_off = df;
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 2ee132b330fd..237880a80432 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -158,7 +158,7 @@ DEFINE_SNMP_STAT(struct ipstats_mib, ip_statistics) __read_mostly;
158int ip_call_ra_chain(struct sk_buff *skb) 158int ip_call_ra_chain(struct sk_buff *skb)
159{ 159{
160 struct ip_ra_chain *ra; 160 struct ip_ra_chain *ra;
161 u8 protocol = skb->nh.iph->protocol; 161 u8 protocol = ip_hdr(skb)->protocol;
162 struct sock *last = NULL; 162 struct sock *last = NULL;
163 163
164 read_lock(&ip_ra_lock); 164 read_lock(&ip_ra_lock);
@@ -171,7 +171,7 @@ int ip_call_ra_chain(struct sk_buff *skb)
171 if (sk && inet_sk(sk)->num == protocol && 171 if (sk && inet_sk(sk)->num == protocol &&
172 (!sk->sk_bound_dev_if || 172 (!sk->sk_bound_dev_if ||
173 sk->sk_bound_dev_if == skb->dev->ifindex)) { 173 sk->sk_bound_dev_if == skb->dev->ifindex)) {
174 if (skb->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { 174 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
175 skb = ip_defrag(skb, IP_DEFRAG_CALL_RA_CHAIN); 175 skb = ip_defrag(skb, IP_DEFRAG_CALL_RA_CHAIN);
176 if (skb == NULL) { 176 if (skb == NULL) {
177 read_unlock(&ip_ra_lock); 177 read_unlock(&ip_ra_lock);
@@ -206,7 +206,7 @@ static inline int ip_local_deliver_finish(struct sk_buff *skb)
206 rcu_read_lock(); 206 rcu_read_lock();
207 { 207 {
208 /* Note: See raw.c and net/raw.h, RAWV4_HTABLE_SIZE==MAX_INET_PROTOS */ 208 /* Note: See raw.c and net/raw.h, RAWV4_HTABLE_SIZE==MAX_INET_PROTOS */
209 int protocol = skb->nh.iph->protocol; 209 int protocol = ip_hdr(skb)->protocol;
210 int hash; 210 int hash;
211 struct sock *raw_sk; 211 struct sock *raw_sk;
212 struct net_protocol *ipprot; 212 struct net_protocol *ipprot;
@@ -218,7 +218,7 @@ static inline int ip_local_deliver_finish(struct sk_buff *skb)
218 /* If there maybe a raw socket we must check - if not we 218 /* If there maybe a raw socket we must check - if not we
219 * don't care less 219 * don't care less
220 */ 220 */
221 if (raw_sk && !raw_v4_input(skb, skb->nh.iph, hash)) 221 if (raw_sk && !raw_v4_input(skb, ip_hdr(skb), hash))
222 raw_sk = NULL; 222 raw_sk = NULL;
223 223
224 if ((ipprot = rcu_dereference(inet_protos[hash])) != NULL) { 224 if ((ipprot = rcu_dereference(inet_protos[hash])) != NULL) {
@@ -264,7 +264,7 @@ int ip_local_deliver(struct sk_buff *skb)
264 * Reassemble IP fragments. 264 * Reassemble IP fragments.
265 */ 265 */
266 266
267 if (skb->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { 267 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
268 skb = ip_defrag(skb, IP_DEFRAG_LOCAL_DELIVER); 268 skb = ip_defrag(skb, IP_DEFRAG_LOCAL_DELIVER);
269 if (!skb) 269 if (!skb)
270 return 0; 270 return 0;
@@ -292,7 +292,7 @@ static inline int ip_rcv_options(struct sk_buff *skb)
292 goto drop; 292 goto drop;
293 } 293 }
294 294
295 iph = skb->nh.iph; 295 iph = ip_hdr(skb);
296 296
297 if (ip_options_compile(NULL, skb)) { 297 if (ip_options_compile(NULL, skb)) {
298 IP_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS); 298 IP_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
@@ -328,7 +328,7 @@ drop:
328 328
329static inline int ip_rcv_finish(struct sk_buff *skb) 329static inline int ip_rcv_finish(struct sk_buff *skb)
330{ 330{
331 struct iphdr *iph = skb->nh.iph; 331 const struct iphdr *iph = ip_hdr(skb);
332 332
333 /* 333 /*
334 * Initialise the virtual path cache for the packet. It describes 334 * Initialise the virtual path cache for the packet. It describes
@@ -389,7 +389,7 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
389 if (!pskb_may_pull(skb, sizeof(struct iphdr))) 389 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
390 goto inhdr_error; 390 goto inhdr_error;
391 391
392 iph = skb->nh.iph; 392 iph = ip_hdr(skb);
393 393
394 /* 394 /*
395 * RFC1122: 3.1.2.2 MUST silently discard any IP frame that fails the checksum. 395 * RFC1122: 3.1.2.2 MUST silently discard any IP frame that fails the checksum.
@@ -408,7 +408,7 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
408 if (!pskb_may_pull(skb, iph->ihl*4)) 408 if (!pskb_may_pull(skb, iph->ihl*4))
409 goto inhdr_error; 409 goto inhdr_error;
410 410
411 iph = skb->nh.iph; 411 iph = ip_hdr(skb);
412 412
413 if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl))) 413 if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl)))
414 goto inhdr_error; 414 goto inhdr_error;
diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c
index f7e9db612565..251346828cb4 100644
--- a/net/ipv4/ip_options.c
+++ b/net/ipv4/ip_options.c
@@ -110,7 +110,7 @@ int ip_options_echo(struct ip_options * dopt, struct sk_buff * skb)
110 if (skb->dst) 110 if (skb->dst)
111 daddr = ((struct rtable*)skb->dst)->rt_spec_dst; 111 daddr = ((struct rtable*)skb->dst)->rt_spec_dst;
112 else 112 else
113 daddr = skb->nh.iph->daddr; 113 daddr = ip_hdr(skb)->daddr;
114 114
115 if (sopt->rr) { 115 if (sopt->rr) {
116 optlen = sptr[sopt->rr+1]; 116 optlen = sptr[sopt->rr+1];
@@ -180,7 +180,8 @@ int ip_options_echo(struct ip_options * dopt, struct sk_buff * skb)
180 /* 180 /*
181 * RFC1812 requires to fix illegal source routes. 181 * RFC1812 requires to fix illegal source routes.
182 */ 182 */
183 if (memcmp(&skb->nh.iph->saddr, &start[soffset+3], 4) == 0) 183 if (memcmp(&ip_hdr(skb)->saddr,
184 &start[soffset + 3], 4) == 0)
184 doffset -= 4; 185 doffset -= 4;
185 } 186 }
186 if (doffset > 3) { 187 if (doffset > 3) {
@@ -269,7 +270,8 @@ int ip_options_compile(struct ip_options * opt, struct sk_buff * skb)
269 optptr = iph + sizeof(struct iphdr); 270 optptr = iph + sizeof(struct iphdr);
270 opt->is_data = 0; 271 opt->is_data = 0;
271 } else { 272 } else {
272 optptr = opt->is_data ? opt->__data : (unsigned char*)&(skb->nh.iph[1]); 273 optptr = opt->is_data ? opt->__data :
274 (unsigned char *)&(ip_hdr(skb)[1]);
273 iph = optptr - sizeof(struct iphdr); 275 iph = optptr - sizeof(struct iphdr);
274 } 276 }
275 277
@@ -587,7 +589,7 @@ void ip_forward_options(struct sk_buff *skb)
587 if (srrptr + 3 <= srrspace) { 589 if (srrptr + 3 <= srrspace) {
588 opt->is_changed = 1; 590 opt->is_changed = 1;
589 ip_rt_get_source(&optptr[srrptr-1], rt); 591 ip_rt_get_source(&optptr[srrptr-1], rt);
590 skb->nh.iph->daddr = rt->rt_dst; 592 ip_hdr(skb)->daddr = rt->rt_dst;
591 optptr[2] = srrptr+4; 593 optptr[2] = srrptr+4;
592 } else if (net_ratelimit()) 594 } else if (net_ratelimit())
593 printk(KERN_CRIT "ip_forward(): Argh! Destination lost!\n"); 595 printk(KERN_CRIT "ip_forward(): Argh! Destination lost!\n");
@@ -599,7 +601,7 @@ void ip_forward_options(struct sk_buff *skb)
599 } 601 }
600 if (opt->is_changed) { 602 if (opt->is_changed) {
601 opt->is_changed = 0; 603 opt->is_changed = 0;
602 ip_send_check(skb->nh.iph); 604 ip_send_check(ip_hdr(skb));
603 } 605 }
604} 606}
605 607
@@ -608,7 +610,7 @@ int ip_options_rcv_srr(struct sk_buff *skb)
608 struct ip_options *opt = &(IPCB(skb)->opt); 610 struct ip_options *opt = &(IPCB(skb)->opt);
609 int srrspace, srrptr; 611 int srrspace, srrptr;
610 __be32 nexthop; 612 __be32 nexthop;
611 struct iphdr *iph = skb->nh.iph; 613 struct iphdr *iph = ip_hdr(skb);
612 unsigned char *optptr = skb_network_header(skb) + opt->srr; 614 unsigned char *optptr = skb_network_header(skb) + opt->srr;
613 struct rtable *rt = (struct rtable*)skb->dst; 615 struct rtable *rt = (struct rtable*)skb->dst;
614 struct rtable *rt2; 616 struct rtable *rt2;
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 15de9d43950e..1abc48899f2d 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -127,7 +127,7 @@ int ip_build_and_send_pkt(struct sk_buff *skb, struct sock *sk,
127 /* Build the IP header. */ 127 /* Build the IP header. */
128 skb_push(skb, sizeof(struct iphdr) + (opt ? opt->optlen : 0)); 128 skb_push(skb, sizeof(struct iphdr) + (opt ? opt->optlen : 0));
129 skb_reset_network_header(skb); 129 skb_reset_network_header(skb);
130 iph = skb->nh.iph; 130 iph = ip_hdr(skb);
131 iph->version = 4; 131 iph->version = 4;
132 iph->ihl = 5; 132 iph->ihl = 5;
133 iph->tos = inet->tos; 133 iph->tos = inet->tos;
@@ -245,7 +245,7 @@ int ip_mc_output(struct sk_buff *skb)
245 245
246 /* Multicasts with ttl 0 must not go beyond the host */ 246 /* Multicasts with ttl 0 must not go beyond the host */
247 247
248 if (skb->nh.iph->ttl == 0) { 248 if (ip_hdr(skb)->ttl == 0) {
249 kfree_skb(skb); 249 kfree_skb(skb);
250 return 0; 250 return 0;
251 } 251 }
@@ -332,7 +332,7 @@ packet_routed:
332 /* OK, we know where to send it, allocate and build IP header. */ 332 /* OK, we know where to send it, allocate and build IP header. */
333 skb_push(skb, sizeof(struct iphdr) + (opt ? opt->optlen : 0)); 333 skb_push(skb, sizeof(struct iphdr) + (opt ? opt->optlen : 0));
334 skb_reset_network_header(skb); 334 skb_reset_network_header(skb);
335 iph = skb->nh.iph; 335 iph = ip_hdr(skb);
336 *((__be16 *)iph) = htons((4 << 12) | (5 << 8) | (inet->tos & 0xff)); 336 *((__be16 *)iph) = htons((4 << 12) | (5 << 8) | (inet->tos & 0xff));
337 iph->tot_len = htons(skb->len); 337 iph->tot_len = htons(skb->len);
338 if (ip_dont_fragment(sk, &rt->u.dst) && !ipfragok) 338 if (ip_dont_fragment(sk, &rt->u.dst) && !ipfragok)
@@ -428,7 +428,7 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*))
428 * Point into the IP datagram header. 428 * Point into the IP datagram header.
429 */ 429 */
430 430
431 iph = skb->nh.iph; 431 iph = ip_hdr(skb);
432 432
433 if (unlikely((iph->frag_off & htons(IP_DF)) && !skb->local_df)) { 433 if (unlikely((iph->frag_off & htons(IP_DF)) && !skb->local_df)) {
434 IP_INC_STATS(IPSTATS_MIB_FRAGFAILS); 434 IP_INC_STATS(IPSTATS_MIB_FRAGFAILS);
@@ -504,7 +504,7 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*))
504 __skb_push(frag, hlen); 504 __skb_push(frag, hlen);
505 skb_reset_network_header(frag); 505 skb_reset_network_header(frag);
506 memcpy(skb_network_header(frag), iph, hlen); 506 memcpy(skb_network_header(frag), iph, hlen);
507 iph = frag->nh.iph; 507 iph = ip_hdr(frag);
508 iph->tot_len = htons(frag->len); 508 iph->tot_len = htons(frag->len);
509 ip_copy_metadata(frag, skb); 509 ip_copy_metadata(frag, skb);
510 if (offset == 0) 510 if (offset == 0)
@@ -619,7 +619,7 @@ slow_path:
619 /* 619 /*
620 * Fill in the new header fields. 620 * Fill in the new header fields.
621 */ 621 */
622 iph = skb2->nh.iph; 622 iph = ip_hdr(skb2);
623 iph->frag_off = htons((offset >> 3)); 623 iph->frag_off = htons((offset >> 3));
624 624
625 /* ANK: dirty, but effective trick. Upgrade options only if 625 /* ANK: dirty, but effective trick. Upgrade options only if
@@ -1125,7 +1125,7 @@ ssize_t ip_append_page(struct sock *sk, struct page *page,
1125 */ 1125 */
1126 data = skb_put(skb, fragheaderlen + fraggap); 1126 data = skb_put(skb, fragheaderlen + fraggap);
1127 skb_reset_network_header(skb); 1127 skb_reset_network_header(skb);
1128 iph = skb->nh.iph; 1128 iph = ip_hdr(skb);
1129 data += fragheaderlen; 1129 data += fragheaderlen;
1130 skb->h.raw = data; 1130 skb->h.raw = data;
1131 1131
@@ -1352,7 +1352,7 @@ void ip_send_reply(struct sock *sk, struct sk_buff *skb, struct ip_reply_arg *ar
1352 struct flowi fl = { .nl_u = { .ip4_u = 1352 struct flowi fl = { .nl_u = { .ip4_u =
1353 { .daddr = daddr, 1353 { .daddr = daddr,
1354 .saddr = rt->rt_spec_dst, 1354 .saddr = rt->rt_spec_dst,
1355 .tos = RT_TOS(skb->nh.iph->tos) } }, 1355 .tos = RT_TOS(ip_hdr(skb)->tos) } },
1356 /* Not quite clean, but right. */ 1356 /* Not quite clean, but right. */
1357 .uli_u = { .ports = 1357 .uli_u = { .ports =
1358 { .sport = skb->h.th->dest, 1358 { .sport = skb->h.th->dest,
@@ -1370,9 +1370,9 @@ void ip_send_reply(struct sock *sk, struct sk_buff *skb, struct ip_reply_arg *ar
1370 with locally disabled BH and that sk cannot be already spinlocked. 1370 with locally disabled BH and that sk cannot be already spinlocked.
1371 */ 1371 */
1372 bh_lock_sock(sk); 1372 bh_lock_sock(sk);
1373 inet->tos = skb->nh.iph->tos; 1373 inet->tos = ip_hdr(skb)->tos;
1374 sk->sk_priority = skb->priority; 1374 sk->sk_priority = skb->priority;
1375 sk->sk_protocol = skb->nh.iph->protocol; 1375 sk->sk_protocol = ip_hdr(skb)->protocol;
1376 ip_append_data(sk, ip_reply_glue_bits, arg->iov->iov_base, len, 0, 1376 ip_append_data(sk, ip_reply_glue_bits, arg->iov->iov_base, len, 0,
1377 &ipc, rt, MSG_DONTWAIT); 1377 &ipc, rt, MSG_DONTWAIT);
1378 if ((skb = skb_peek(&sk->sk_write_queue)) != NULL) { 1378 if ((skb = skb_peek(&sk->sk_write_queue)) != NULL) {
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 70888e1ef6b7..fabc250e16dd 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -59,7 +59,7 @@ static void ip_cmsg_recv_pktinfo(struct msghdr *msg, struct sk_buff *skb)
59 struct in_pktinfo info; 59 struct in_pktinfo info;
60 struct rtable *rt = (struct rtable *)skb->dst; 60 struct rtable *rt = (struct rtable *)skb->dst;
61 61
62 info.ipi_addr.s_addr = skb->nh.iph->daddr; 62 info.ipi_addr.s_addr = ip_hdr(skb)->daddr;
63 if (rt) { 63 if (rt) {
64 info.ipi_ifindex = rt->rt_iif; 64 info.ipi_ifindex = rt->rt_iif;
65 info.ipi_spec_dst.s_addr = rt->rt_spec_dst; 65 info.ipi_spec_dst.s_addr = rt->rt_spec_dst;
@@ -73,13 +73,13 @@ static void ip_cmsg_recv_pktinfo(struct msghdr *msg, struct sk_buff *skb)
73 73
74static void ip_cmsg_recv_ttl(struct msghdr *msg, struct sk_buff *skb) 74static void ip_cmsg_recv_ttl(struct msghdr *msg, struct sk_buff *skb)
75{ 75{
76 int ttl = skb->nh.iph->ttl; 76 int ttl = ip_hdr(skb)->ttl;
77 put_cmsg(msg, SOL_IP, IP_TTL, sizeof(int), &ttl); 77 put_cmsg(msg, SOL_IP, IP_TTL, sizeof(int), &ttl);
78} 78}
79 79
80static void ip_cmsg_recv_tos(struct msghdr *msg, struct sk_buff *skb) 80static void ip_cmsg_recv_tos(struct msghdr *msg, struct sk_buff *skb)
81{ 81{
82 put_cmsg(msg, SOL_IP, IP_TOS, 1, &skb->nh.iph->tos); 82 put_cmsg(msg, SOL_IP, IP_TOS, 1, &ip_hdr(skb)->tos);
83} 83}
84 84
85static void ip_cmsg_recv_opts(struct msghdr *msg, struct sk_buff *skb) 85static void ip_cmsg_recv_opts(struct msghdr *msg, struct sk_buff *skb)
@@ -87,7 +87,8 @@ static void ip_cmsg_recv_opts(struct msghdr *msg, struct sk_buff *skb)
87 if (IPCB(skb)->opt.optlen == 0) 87 if (IPCB(skb)->opt.optlen == 0)
88 return; 88 return;
89 89
90 put_cmsg(msg, SOL_IP, IP_RECVOPTS, IPCB(skb)->opt.optlen, skb->nh.iph+1); 90 put_cmsg(msg, SOL_IP, IP_RECVOPTS, IPCB(skb)->opt.optlen,
91 ip_hdr(skb) + 1);
91} 92}
92 93
93 94
@@ -299,7 +300,7 @@ void ip_local_error(struct sock *sk, int err, __be32 daddr, __be16 port, u32 inf
299 300
300 skb_put(skb, sizeof(struct iphdr)); 301 skb_put(skb, sizeof(struct iphdr));
301 skb_reset_network_header(skb); 302 skb_reset_network_header(skb);
302 iph = skb->nh.iph; 303 iph = ip_hdr(skb);
303 iph->daddr = daddr; 304 iph->daddr = daddr;
304 305
305 serr = SKB_EXT_ERR(skb); 306 serr = SKB_EXT_ERR(skb);
@@ -369,7 +370,7 @@ int ip_recv_error(struct sock *sk, struct msghdr *msg, int len)
369 struct inet_sock *inet = inet_sk(sk); 370 struct inet_sock *inet = inet_sk(sk);
370 371
371 sin->sin_family = AF_INET; 372 sin->sin_family = AF_INET;
372 sin->sin_addr.s_addr = skb->nh.iph->saddr; 373 sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
373 sin->sin_port = 0; 374 sin->sin_port = 0;
374 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); 375 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
375 if (inet->cmsg_flags) 376 if (inet->cmsg_flags)
diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
index aa704b88f014..8eb46064c525 100644
--- a/net/ipv4/ipcomp.c
+++ b/net/ipv4/ipcomp.c
@@ -43,21 +43,15 @@ static LIST_HEAD(ipcomp_tfms_list);
43 43
44static int ipcomp_decompress(struct xfrm_state *x, struct sk_buff *skb) 44static int ipcomp_decompress(struct xfrm_state *x, struct sk_buff *skb)
45{ 45{
46 int err, plen, dlen;
47 struct ipcomp_data *ipcd = x->data; 46 struct ipcomp_data *ipcd = x->data;
48 u8 *start, *scratch; 47 const int plen = skb->len;
49 struct crypto_comp *tfm; 48 int dlen = IPCOMP_SCRATCH_SIZE;
50 int cpu; 49 const u8 *start = skb->data;
51 50 const int cpu = get_cpu();
52 plen = skb->len; 51 u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
53 dlen = IPCOMP_SCRATCH_SIZE; 52 struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu);
54 start = skb->data; 53 int err = crypto_comp_decompress(tfm, start, plen, scratch, &dlen);
55 54
56 cpu = get_cpu();
57 scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
58 tfm = *per_cpu_ptr(ipcd->tfms, cpu);
59
60 err = crypto_comp_decompress(tfm, start, plen, scratch, &dlen);
61 if (err) 55 if (err)
62 goto out; 56 goto out;
63 57
@@ -90,7 +84,7 @@ static int ipcomp_input(struct xfrm_state *x, struct sk_buff *skb)
90 skb->ip_summed = CHECKSUM_NONE; 84 skb->ip_summed = CHECKSUM_NONE;
91 85
92 /* Remove ipcomp header and decompress original payload */ 86 /* Remove ipcomp header and decompress original payload */
93 iph = skb->nh.iph; 87 iph = ip_hdr(skb);
94 ipch = (void *)skb->data; 88 ipch = (void *)skb->data;
95 iph->protocol = ipch->nexthdr; 89 iph->protocol = ipch->nexthdr;
96 skb->h.raw = skb->nh.raw + sizeof(*ipch); 90 skb->h.raw = skb->nh.raw + sizeof(*ipch);
@@ -103,23 +97,16 @@ out:
103 97
104static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb) 98static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb)
105{ 99{
106 int err, plen, dlen, ihlen;
107 struct iphdr *iph = skb->nh.iph;
108 struct ipcomp_data *ipcd = x->data; 100 struct ipcomp_data *ipcd = x->data;
109 u8 *start, *scratch; 101 const int ihlen = ip_hdrlen(skb);
110 struct crypto_comp *tfm; 102 const int plen = skb->len - ihlen;
111 int cpu; 103 int dlen = IPCOMP_SCRATCH_SIZE;
104 u8 *start = skb->data + ihlen;
105 const int cpu = get_cpu();
106 u8 *scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
107 struct crypto_comp *tfm = *per_cpu_ptr(ipcd->tfms, cpu);
108 int err = crypto_comp_compress(tfm, start, plen, scratch, &dlen);
112 109
113 ihlen = iph->ihl * 4;
114 plen = skb->len - ihlen;
115 dlen = IPCOMP_SCRATCH_SIZE;
116 start = skb->data + ihlen;
117
118 cpu = get_cpu();
119 scratch = *per_cpu_ptr(ipcomp_scratches, cpu);
120 tfm = *per_cpu_ptr(ipcd->tfms, cpu);
121
122 err = crypto_comp_compress(tfm, start, plen, scratch, &dlen);
123 if (err) 110 if (err)
124 goto out; 111 goto out;
125 112
@@ -142,12 +129,11 @@ out:
142static int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb) 129static int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb)
143{ 130{
144 int err; 131 int err;
145 struct iphdr *iph;
146 struct ip_comp_hdr *ipch; 132 struct ip_comp_hdr *ipch;
147 struct ipcomp_data *ipcd = x->data; 133 struct ipcomp_data *ipcd = x->data;
148 int hdr_len = 0; 134 int hdr_len = 0;
135 struct iphdr *iph = ip_hdr(skb);
149 136
150 iph = skb->nh.iph;
151 iph->tot_len = htons(skb->len); 137 iph->tot_len = htons(skb->len);
152 hdr_len = iph->ihl * 4; 138 hdr_len = iph->ihl * 4;
153 if ((skb->len - hdr_len) < ipcd->threshold) { 139 if ((skb->len - hdr_len) < ipcd->threshold) {
@@ -159,7 +145,7 @@ static int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb)
159 goto out_ok; 145 goto out_ok;
160 146
161 err = ipcomp_compress(x, skb); 147 err = ipcomp_compress(x, skb);
162 iph = skb->nh.iph; 148 iph = ip_hdr(skb);
163 149
164 if (err) { 150 if (err) {
165 goto out_ok; 151 goto out_ok;
diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
index 6e8998409cbe..6b91c9f5d57a 100644
--- a/net/ipv4/ipconfig.c
+++ b/net/ipv4/ipconfig.c
@@ -703,7 +703,7 @@ static void __init ic_bootp_send_if(struct ic_device *d, unsigned long jiffies_d
703 703
704 /* Construct IP header */ 704 /* Construct IP header */
705 skb_reset_network_header(skb); 705 skb_reset_network_header(skb);
706 h = skb->nh.iph; 706 h = ip_hdr(skb);
707 h->version = 4; 707 h->version = 4;
708 h->ihl = 5; 708 h->ihl = 5;
709 h->tot_len = htons(sizeof(struct bootp_pkt)); 709 h->tot_len = htons(sizeof(struct bootp_pkt));
@@ -846,7 +846,7 @@ static int __init ic_bootp_recv(struct sk_buff *skb, struct net_device *dev, str
846 sizeof(struct udphdr))) 846 sizeof(struct udphdr)))
847 goto drop; 847 goto drop;
848 848
849 b = (struct bootp_pkt *) skb->nh.iph; 849 b = (struct bootp_pkt *)skb_network_header(skb);
850 h = &b->iph; 850 h = &b->iph;
851 851
852 if (h->ihl != 5 || h->version != 4 || h->protocol != IPPROTO_UDP) 852 if (h->ihl != 5 || h->version != 4 || h->protocol != IPPROTO_UDP)
@@ -884,7 +884,7 @@ static int __init ic_bootp_recv(struct sk_buff *skb, struct net_device *dev, str
884 if (!pskb_may_pull(skb, skb->len)) 884 if (!pskb_may_pull(skb, skb->len))
885 goto drop; 885 goto drop;
886 886
887 b = (struct bootp_pkt *) skb->nh.iph; 887 b = (struct bootp_pkt *)skb_network_header(skb);
888 h = &b->iph; 888 h = &b->iph;
889 889
890 /* One reply at a time, please. */ 890 /* One reply at a time, please. */
diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
index 843cc09f961f..b7f6ff4705b0 100644
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -461,9 +461,10 @@ out:
461#endif 461#endif
462} 462}
463 463
464static inline void ipip_ecn_decapsulate(struct iphdr *outer_iph, struct sk_buff *skb) 464static inline void ipip_ecn_decapsulate(const struct iphdr *outer_iph,
465 struct sk_buff *skb)
465{ 466{
466 struct iphdr *inner_iph = skb->nh.iph; 467 struct iphdr *inner_iph = ip_hdr(skb);
467 468
468 if (INET_ECN_is_ce(outer_iph->tos)) 469 if (INET_ECN_is_ce(outer_iph->tos))
469 IP_ECN_set_ce(inner_iph); 470 IP_ECN_set_ce(inner_iph);
@@ -471,10 +472,8 @@ static inline void ipip_ecn_decapsulate(struct iphdr *outer_iph, struct sk_buff
471 472
472static int ipip_rcv(struct sk_buff *skb) 473static int ipip_rcv(struct sk_buff *skb)
473{ 474{
474 struct iphdr *iph;
475 struct ip_tunnel *tunnel; 475 struct ip_tunnel *tunnel;
476 476 const struct iphdr *iph = ip_hdr(skb);
477 iph = skb->nh.iph;
478 477
479 read_lock(&ipip_lock); 478 read_lock(&ipip_lock);
480 if ((tunnel = ipip_tunnel_lookup(iph->saddr, iph->daddr)) != NULL) { 479 if ((tunnel = ipip_tunnel_lookup(iph->saddr, iph->daddr)) != NULL) {
@@ -521,7 +520,7 @@ static int ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
521 __be16 df = tiph->frag_off; 520 __be16 df = tiph->frag_off;
522 struct rtable *rt; /* Route to the other host */ 521 struct rtable *rt; /* Route to the other host */
523 struct net_device *tdev; /* Device to other host */ 522 struct net_device *tdev; /* Device to other host */
524 struct iphdr *old_iph = skb->nh.iph; 523 struct iphdr *old_iph = ip_hdr(skb);
525 struct iphdr *iph; /* Our new IP header */ 524 struct iphdr *iph; /* Our new IP header */
526 int max_headroom; /* The extra header space needed */ 525 int max_headroom; /* The extra header space needed */
527 __be32 dst = tiph->daddr; 526 __be32 dst = tiph->daddr;
@@ -615,7 +614,7 @@ static int ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
615 skb_set_owner_w(new_skb, skb->sk); 614 skb_set_owner_w(new_skb, skb->sk);
616 dev_kfree_skb(skb); 615 dev_kfree_skb(skb);
617 skb = new_skb; 616 skb = new_skb;
618 old_iph = skb->nh.iph; 617 old_iph = ip_hdr(skb);
619 } 618 }
620 619
621 skb->h.raw = skb->nh.raw; 620 skb->h.raw = skb->nh.raw;
@@ -631,7 +630,7 @@ static int ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
631 * Push down and install the IPIP header. 630 * Push down and install the IPIP header.
632 */ 631 */
633 632
634 iph = skb->nh.iph; 633 iph = ip_hdr(skb);
635 iph->version = 4; 634 iph->version = 4;
636 iph->ihl = sizeof(struct iphdr)>>2; 635 iph->ihl = sizeof(struct iphdr)>>2;
637 iph->frag_off = df; 636 iph->frag_off = df;
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index b24dffe3bd46..e0021499093f 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -303,7 +303,7 @@ static void ipmr_destroy_unres(struct mfc_cache *c)
303 atomic_dec(&cache_resolve_queue_len); 303 atomic_dec(&cache_resolve_queue_len);
304 304
305 while ((skb=skb_dequeue(&c->mfc_un.unres.unresolved))) { 305 while ((skb=skb_dequeue(&c->mfc_un.unres.unresolved))) {
306 if (skb->nh.iph->version == 0) { 306 if (ip_hdr(skb)->version == 0) {
307 struct nlmsghdr *nlh = (struct nlmsghdr *)skb_pull(skb, sizeof(struct iphdr)); 307 struct nlmsghdr *nlh = (struct nlmsghdr *)skb_pull(skb, sizeof(struct iphdr));
308 nlh->nlmsg_type = NLMSG_ERROR; 308 nlh->nlmsg_type = NLMSG_ERROR;
309 nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct nlmsgerr)); 309 nlh->nlmsg_len = NLMSG_LENGTH(sizeof(struct nlmsgerr));
@@ -509,7 +509,7 @@ static void ipmr_cache_resolve(struct mfc_cache *uc, struct mfc_cache *c)
509 */ 509 */
510 510
511 while ((skb=__skb_dequeue(&uc->mfc_un.unres.unresolved))) { 511 while ((skb=__skb_dequeue(&uc->mfc_un.unres.unresolved))) {
512 if (skb->nh.iph->version == 0) { 512 if (ip_hdr(skb)->version == 0) {
513 struct nlmsghdr *nlh = (struct nlmsghdr *)skb_pull(skb, sizeof(struct iphdr)); 513 struct nlmsghdr *nlh = (struct nlmsghdr *)skb_pull(skb, sizeof(struct iphdr));
514 514
515 if (ipmr_fill_mroute(skb, c, NLMSG_DATA(nlh)) > 0) { 515 if (ipmr_fill_mroute(skb, c, NLMSG_DATA(nlh)) > 0) {
@@ -569,8 +569,9 @@ static int ipmr_cache_report(struct sk_buff *pkt, vifi_t vifi, int assert)
569 msg->im_msgtype = IGMPMSG_WHOLEPKT; 569 msg->im_msgtype = IGMPMSG_WHOLEPKT;
570 msg->im_mbz = 0; 570 msg->im_mbz = 0;
571 msg->im_vif = reg_vif_num; 571 msg->im_vif = reg_vif_num;
572 skb->nh.iph->ihl = sizeof(struct iphdr) >> 2; 572 ip_hdr(skb)->ihl = sizeof(struct iphdr) >> 2;
573 skb->nh.iph->tot_len = htons(ntohs(pkt->nh.iph->tot_len) + sizeof(struct iphdr)); 573 ip_hdr(skb)->tot_len = htons(ntohs(ip_hdr(pkt)->tot_len) +
574 sizeof(struct iphdr));
574 } else 575 } else
575#endif 576#endif
576 { 577 {
@@ -579,10 +580,10 @@ static int ipmr_cache_report(struct sk_buff *pkt, vifi_t vifi, int assert)
579 * Copy the IP header 580 * Copy the IP header
580 */ 581 */
581 582
582 skb->nh.iph = (struct iphdr *)skb_put(skb, ihl); 583 skb->nh.raw = skb_put(skb, ihl);
583 memcpy(skb->data,pkt->data,ihl); 584 memcpy(skb->data,pkt->data,ihl);
584 skb->nh.iph->protocol = 0; /* Flag to the kernel this is a route add */ 585 ip_hdr(skb)->protocol = 0; /* Flag to the kernel this is a route add */
585 msg = (struct igmpmsg*)skb->nh.iph; 586 msg = (struct igmpmsg *)skb_network_header(skb);
586 msg->im_vif = vifi; 587 msg->im_vif = vifi;
587 skb->dst = dst_clone(pkt->dst); 588 skb->dst = dst_clone(pkt->dst);
588 589
@@ -594,7 +595,7 @@ static int ipmr_cache_report(struct sk_buff *pkt, vifi_t vifi, int assert)
594 igmp->type = 595 igmp->type =
595 msg->im_msgtype = assert; 596 msg->im_msgtype = assert;
596 igmp->code = 0; 597 igmp->code = 0;
597 skb->nh.iph->tot_len=htons(skb->len); /* Fix the length */ 598 ip_hdr(skb)->tot_len = htons(skb->len); /* Fix the length */
598 skb->h.raw = skb->nh.raw; 599 skb->h.raw = skb->nh.raw;
599 } 600 }
600 601
@@ -624,11 +625,12 @@ ipmr_cache_unresolved(vifi_t vifi, struct sk_buff *skb)
624{ 625{
625 int err; 626 int err;
626 struct mfc_cache *c; 627 struct mfc_cache *c;
628 const struct iphdr *iph = ip_hdr(skb);
627 629
628 spin_lock_bh(&mfc_unres_lock); 630 spin_lock_bh(&mfc_unres_lock);
629 for (c=mfc_unres_queue; c; c=c->next) { 631 for (c=mfc_unres_queue; c; c=c->next) {
630 if (c->mfc_mcastgrp == skb->nh.iph->daddr && 632 if (c->mfc_mcastgrp == iph->daddr &&
631 c->mfc_origin == skb->nh.iph->saddr) 633 c->mfc_origin == iph->saddr)
632 break; 634 break;
633 } 635 }
634 636
@@ -648,9 +650,9 @@ ipmr_cache_unresolved(vifi_t vifi, struct sk_buff *skb)
648 /* 650 /*
649 * Fill in the new cache entry 651 * Fill in the new cache entry
650 */ 652 */
651 c->mfc_parent=-1; 653 c->mfc_parent = -1;
652 c->mfc_origin=skb->nh.iph->saddr; 654 c->mfc_origin = iph->saddr;
653 c->mfc_mcastgrp=skb->nh.iph->daddr; 655 c->mfc_mcastgrp = iph->daddr;
654 656
655 /* 657 /*
656 * Reflect first query at mrouted. 658 * Reflect first query at mrouted.
@@ -1096,12 +1098,12 @@ static struct notifier_block ip_mr_notifier={
1096static void ip_encap(struct sk_buff *skb, __be32 saddr, __be32 daddr) 1098static void ip_encap(struct sk_buff *skb, __be32 saddr, __be32 daddr)
1097{ 1099{
1098 struct iphdr *iph; 1100 struct iphdr *iph;
1099 struct iphdr *old_iph = skb->nh.iph; 1101 struct iphdr *old_iph = ip_hdr(skb);
1100 1102
1101 skb_push(skb, sizeof(struct iphdr)); 1103 skb_push(skb, sizeof(struct iphdr));
1102 skb->h.ipiph = skb->nh.iph; 1104 skb->h.raw = skb->nh.raw;
1103 skb_reset_network_header(skb); 1105 skb_reset_network_header(skb);
1104 iph = skb->nh.iph; 1106 iph = ip_hdr(skb);
1105 1107
1106 iph->version = 4; 1108 iph->version = 4;
1107 iph->tos = old_iph->tos; 1109 iph->tos = old_iph->tos;
@@ -1137,7 +1139,7 @@ static inline int ipmr_forward_finish(struct sk_buff *skb)
1137 1139
1138static void ipmr_queue_xmit(struct sk_buff *skb, struct mfc_cache *c, int vifi) 1140static void ipmr_queue_xmit(struct sk_buff *skb, struct mfc_cache *c, int vifi)
1139{ 1141{
1140 struct iphdr *iph = skb->nh.iph; 1142 const struct iphdr *iph = ip_hdr(skb);
1141 struct vif_device *vif = &vif_table[vifi]; 1143 struct vif_device *vif = &vif_table[vifi];
1142 struct net_device *dev; 1144 struct net_device *dev;
1143 struct rtable *rt; 1145 struct rtable *rt;
@@ -1203,8 +1205,7 @@ static void ipmr_queue_xmit(struct sk_buff *skb, struct mfc_cache *c, int vifi)
1203 1205
1204 dst_release(skb->dst); 1206 dst_release(skb->dst);
1205 skb->dst = &rt->u.dst; 1207 skb->dst = &rt->u.dst;
1206 iph = skb->nh.iph; 1208 ip_decrease_ttl(ip_hdr(skb));
1207 ip_decrease_ttl(iph);
1208 1209
1209 /* FIXME: forward and output firewalls used to be called here. 1210 /* FIXME: forward and output firewalls used to be called here.
1210 * What do we do with netfilter? -- RR */ 1211 * What do we do with netfilter? -- RR */
@@ -1304,7 +1305,7 @@ static int ip_mr_forward(struct sk_buff *skb, struct mfc_cache *cache, int local
1304 * Forward the frame 1305 * Forward the frame
1305 */ 1306 */
1306 for (ct = cache->mfc_un.res.maxvif-1; ct >= cache->mfc_un.res.minvif; ct--) { 1307 for (ct = cache->mfc_un.res.maxvif-1; ct >= cache->mfc_un.res.minvif; ct--) {
1307 if (skb->nh.iph->ttl > cache->mfc_un.res.ttls[ct]) { 1308 if (ip_hdr(skb)->ttl > cache->mfc_un.res.ttls[ct]) {
1308 if (psend != -1) { 1309 if (psend != -1) {
1309 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); 1310 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
1310 if (skb2) 1311 if (skb2)
@@ -1350,7 +1351,7 @@ int ip_mr_input(struct sk_buff *skb)
1350 if (IPCB(skb)->opt.router_alert) { 1351 if (IPCB(skb)->opt.router_alert) {
1351 if (ip_call_ra_chain(skb)) 1352 if (ip_call_ra_chain(skb))
1352 return 0; 1353 return 0;
1353 } else if (skb->nh.iph->protocol == IPPROTO_IGMP){ 1354 } else if (ip_hdr(skb)->protocol == IPPROTO_IGMP){
1354 /* IGMPv1 (and broken IGMPv2 implementations sort of 1355 /* IGMPv1 (and broken IGMPv2 implementations sort of
1355 Cisco IOS <= 11.2(8)) do not put router alert 1356 Cisco IOS <= 11.2(8)) do not put router alert
1356 option to IGMP packets destined to routable 1357 option to IGMP packets destined to routable
@@ -1369,7 +1370,7 @@ int ip_mr_input(struct sk_buff *skb)
1369 } 1370 }
1370 1371
1371 read_lock(&mrt_lock); 1372 read_lock(&mrt_lock);
1372 cache = ipmr_cache_find(skb->nh.iph->saddr, skb->nh.iph->daddr); 1373 cache = ipmr_cache_find(ip_hdr(skb)->saddr, ip_hdr(skb)->daddr);
1373 1374
1374 /* 1375 /*
1375 * No usable cache entry 1376 * No usable cache entry
@@ -1580,6 +1581,7 @@ int ipmr_get_route(struct sk_buff *skb, struct rtmsg *rtm, int nowait)
1580 1581
1581 if (cache==NULL) { 1582 if (cache==NULL) {
1582 struct sk_buff *skb2; 1583 struct sk_buff *skb2;
1584 struct iphdr *iph;
1583 struct net_device *dev; 1585 struct net_device *dev;
1584 int vif; 1586 int vif;
1585 1587
@@ -1601,10 +1603,11 @@ int ipmr_get_route(struct sk_buff *skb, struct rtmsg *rtm, int nowait)
1601 1603
1602 skb_push(skb2, sizeof(struct iphdr)); 1604 skb_push(skb2, sizeof(struct iphdr));
1603 skb_reset_network_header(skb2); 1605 skb_reset_network_header(skb2);
1604 skb2->nh.iph->ihl = sizeof(struct iphdr)>>2; 1606 iph = ip_hdr(skb2);
1605 skb2->nh.iph->saddr = rt->rt_src; 1607 iph->ihl = sizeof(struct iphdr) >> 2;
1606 skb2->nh.iph->daddr = rt->rt_dst; 1608 iph->saddr = rt->rt_src;
1607 skb2->nh.iph->version = 0; 1609 iph->daddr = rt->rt_dst;
1610 iph->version = 0;
1608 err = ipmr_cache_unresolved(vif, skb2); 1611 err = ipmr_cache_unresolved(vif, skb2);
1609 read_unlock(&mrt_lock); 1612 read_unlock(&mrt_lock);
1610 return err; 1613 return err;
diff --git a/net/ipv4/ipvs/ip_vs_app.c b/net/ipv4/ipvs/ip_vs_app.c
index e5beab28cd0f..c8a822c0aa75 100644
--- a/net/ipv4/ipvs/ip_vs_app.c
+++ b/net/ipv4/ipvs/ip_vs_app.c
@@ -577,7 +577,6 @@ static const struct file_operations ip_vs_app_fops = {
577int ip_vs_skb_replace(struct sk_buff *skb, gfp_t pri, 577int ip_vs_skb_replace(struct sk_buff *skb, gfp_t pri,
578 char *o_buf, int o_len, char *n_buf, int n_len) 578 char *o_buf, int o_len, char *n_buf, int n_len)
579{ 579{
580 struct iphdr *iph;
581 int diff; 580 int diff;
582 int o_offset; 581 int o_offset;
583 int o_left; 582 int o_left;
@@ -607,8 +606,7 @@ int ip_vs_skb_replace(struct sk_buff *skb, gfp_t pri,
607 } 606 }
608 607
609 /* must update the iph total length here */ 608 /* must update the iph total length here */
610 iph = skb->nh.iph; 609 ip_hdr(skb)->tot_len = htons(skb->len);
611 iph->tot_len = htons(skb->len);
612 610
613 LeaveFunction(9); 611 LeaveFunction(9);
614 return 0; 612 return 0;
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
index 7893c00a91fe..62cfbed317bf 100644
--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -212,7 +212,7 @@ ip_vs_sched_persist(struct ip_vs_service *svc,
212 __be16 ports[2]) 212 __be16 ports[2])
213{ 213{
214 struct ip_vs_conn *cp = NULL; 214 struct ip_vs_conn *cp = NULL;
215 struct iphdr *iph = skb->nh.iph; 215 struct iphdr *iph = ip_hdr(skb);
216 struct ip_vs_dest *dest; 216 struct ip_vs_dest *dest;
217 struct ip_vs_conn *ct; 217 struct ip_vs_conn *ct;
218 __be16 dport; /* destination port to forward */ 218 __be16 dport; /* destination port to forward */
@@ -381,7 +381,7 @@ struct ip_vs_conn *
381ip_vs_schedule(struct ip_vs_service *svc, const struct sk_buff *skb) 381ip_vs_schedule(struct ip_vs_service *svc, const struct sk_buff *skb)
382{ 382{
383 struct ip_vs_conn *cp = NULL; 383 struct ip_vs_conn *cp = NULL;
384 struct iphdr *iph = skb->nh.iph; 384 struct iphdr *iph = ip_hdr(skb);
385 struct ip_vs_dest *dest; 385 struct ip_vs_dest *dest;
386 __be16 _ports[2], *pptr; 386 __be16 _ports[2], *pptr;
387 387
@@ -447,7 +447,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
447 struct ip_vs_protocol *pp) 447 struct ip_vs_protocol *pp)
448{ 448{
449 __be16 _ports[2], *pptr; 449 __be16 _ports[2], *pptr;
450 struct iphdr *iph = skb->nh.iph; 450 struct iphdr *iph = ip_hdr(skb);
451 451
452 pptr = skb_header_pointer(skb, iph->ihl*4, 452 pptr = skb_header_pointer(skb, iph->ihl*4,
453 sizeof(_ports), _ports); 453 sizeof(_ports), _ports);
@@ -546,7 +546,7 @@ ip_vs_gather_frags(struct sk_buff *skb, u_int32_t user)
546{ 546{
547 skb = ip_defrag(skb, user); 547 skb = ip_defrag(skb, user);
548 if (skb) 548 if (skb)
549 ip_send_check(skb->nh.iph); 549 ip_send_check(ip_hdr(skb));
550 return skb; 550 return skb;
551} 551}
552 552
@@ -557,7 +557,7 @@ ip_vs_gather_frags(struct sk_buff *skb, u_int32_t user)
557void ip_vs_nat_icmp(struct sk_buff *skb, struct ip_vs_protocol *pp, 557void ip_vs_nat_icmp(struct sk_buff *skb, struct ip_vs_protocol *pp,
558 struct ip_vs_conn *cp, int inout) 558 struct ip_vs_conn *cp, int inout)
559{ 559{
560 struct iphdr *iph = skb->nh.iph; 560 struct iphdr *iph = ip_hdr(skb);
561 unsigned int icmp_offset = iph->ihl*4; 561 unsigned int icmp_offset = iph->ihl*4;
562 struct icmphdr *icmph = (struct icmphdr *)(skb_network_header(skb) + 562 struct icmphdr *icmph = (struct icmphdr *)(skb_network_header(skb) +
563 icmp_offset); 563 icmp_offset);
@@ -618,14 +618,14 @@ static int ip_vs_out_icmp(struct sk_buff **pskb, int *related)
618 *related = 1; 618 *related = 1;
619 619
620 /* reassemble IP fragments */ 620 /* reassemble IP fragments */
621 if (skb->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { 621 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
622 skb = ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT); 622 skb = ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT);
623 if (!skb) 623 if (!skb)
624 return NF_STOLEN; 624 return NF_STOLEN;
625 *pskb = skb; 625 *pskb = skb;
626 } 626 }
627 627
628 iph = skb->nh.iph; 628 iph = ip_hdr(skb);
629 offset = ihl = iph->ihl * 4; 629 offset = ihl = iph->ihl * 4;
630 ic = skb_header_pointer(skb, offset, sizeof(_icmph), &_icmph); 630 ic = skb_header_pointer(skb, offset, sizeof(_icmph), &_icmph);
631 if (ic == NULL) 631 if (ic == NULL)
@@ -740,14 +740,14 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
740 if (skb->ipvs_property) 740 if (skb->ipvs_property)
741 return NF_ACCEPT; 741 return NF_ACCEPT;
742 742
743 iph = skb->nh.iph; 743 iph = ip_hdr(skb);
744 if (unlikely(iph->protocol == IPPROTO_ICMP)) { 744 if (unlikely(iph->protocol == IPPROTO_ICMP)) {
745 int related, verdict = ip_vs_out_icmp(pskb, &related); 745 int related, verdict = ip_vs_out_icmp(pskb, &related);
746 746
747 if (related) 747 if (related)
748 return verdict; 748 return verdict;
749 skb = *pskb; 749 skb = *pskb;
750 iph = skb->nh.iph; 750 iph = ip_hdr(skb);
751 } 751 }
752 752
753 pp = ip_vs_proto_get(iph->protocol); 753 pp = ip_vs_proto_get(iph->protocol);
@@ -760,7 +760,7 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
760 skb = ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT); 760 skb = ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT);
761 if (!skb) 761 if (!skb)
762 return NF_STOLEN; 762 return NF_STOLEN;
763 iph = skb->nh.iph; 763 iph = ip_hdr(skb);
764 *pskb = skb; 764 *pskb = skb;
765 } 765 }
766 766
@@ -810,8 +810,8 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
810 if (pp->snat_handler && !pp->snat_handler(pskb, pp, cp)) 810 if (pp->snat_handler && !pp->snat_handler(pskb, pp, cp))
811 goto drop; 811 goto drop;
812 skb = *pskb; 812 skb = *pskb;
813 skb->nh.iph->saddr = cp->vaddr; 813 ip_hdr(skb)->saddr = cp->vaddr;
814 ip_send_check(skb->nh.iph); 814 ip_send_check(ip_hdr(skb));
815 815
816 /* For policy routing, packets originating from this 816 /* For policy routing, packets originating from this
817 * machine itself may be routed differently to packets 817 * machine itself may be routed differently to packets
@@ -861,7 +861,7 @@ ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum)
861 *related = 1; 861 *related = 1;
862 862
863 /* reassemble IP fragments */ 863 /* reassemble IP fragments */
864 if (skb->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { 864 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
865 skb = ip_vs_gather_frags(skb, 865 skb = ip_vs_gather_frags(skb,
866 hooknum == NF_IP_LOCAL_IN ? 866 hooknum == NF_IP_LOCAL_IN ?
867 IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD); 867 IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD);
@@ -870,7 +870,7 @@ ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum)
870 *pskb = skb; 870 *pskb = skb;
871 } 871 }
872 872
873 iph = skb->nh.iph; 873 iph = ip_hdr(skb);
874 offset = ihl = iph->ihl * 4; 874 offset = ihl = iph->ihl * 4;
875 ic = skb_header_pointer(skb, offset, sizeof(_icmph), &_icmph); 875 ic = skb_header_pointer(skb, offset, sizeof(_icmph), &_icmph);
876 if (ic == NULL) 876 if (ic == NULL)
@@ -966,19 +966,19 @@ ip_vs_in(unsigned int hooknum, struct sk_buff **pskb,
966 || skb->dev == &loopback_dev || skb->sk)) { 966 || skb->dev == &loopback_dev || skb->sk)) {
967 IP_VS_DBG(12, "packet type=%d proto=%d daddr=%d.%d.%d.%d ignored\n", 967 IP_VS_DBG(12, "packet type=%d proto=%d daddr=%d.%d.%d.%d ignored\n",
968 skb->pkt_type, 968 skb->pkt_type,
969 skb->nh.iph->protocol, 969 ip_hdr(skb)->protocol,
970 NIPQUAD(skb->nh.iph->daddr)); 970 NIPQUAD(ip_hdr(skb)->daddr));
971 return NF_ACCEPT; 971 return NF_ACCEPT;
972 } 972 }
973 973
974 iph = skb->nh.iph; 974 iph = ip_hdr(skb);
975 if (unlikely(iph->protocol == IPPROTO_ICMP)) { 975 if (unlikely(iph->protocol == IPPROTO_ICMP)) {
976 int related, verdict = ip_vs_in_icmp(pskb, &related, hooknum); 976 int related, verdict = ip_vs_in_icmp(pskb, &related, hooknum);
977 977
978 if (related) 978 if (related)
979 return verdict; 979 return verdict;
980 skb = *pskb; 980 skb = *pskb;
981 iph = skb->nh.iph; 981 iph = ip_hdr(skb);
982 } 982 }
983 983
984 /* Protocol supported? */ 984 /* Protocol supported? */
@@ -1064,7 +1064,7 @@ ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff **pskb,
1064{ 1064{
1065 int r; 1065 int r;
1066 1066
1067 if ((*pskb)->nh.iph->protocol != IPPROTO_ICMP) 1067 if (ip_hdr(*pskb)->protocol != IPPROTO_ICMP)
1068 return NF_ACCEPT; 1068 return NF_ACCEPT;
1069 1069
1070 return ip_vs_in_icmp(pskb, &r, hooknum); 1070 return ip_vs_in_icmp(pskb, &r, hooknum);
diff --git a/net/ipv4/ipvs/ip_vs_dh.c b/net/ipv4/ipvs/ip_vs_dh.c
index 502111fba872..dcf5d46aaa5e 100644
--- a/net/ipv4/ipvs/ip_vs_dh.c
+++ b/net/ipv4/ipvs/ip_vs_dh.c
@@ -204,7 +204,7 @@ ip_vs_dh_schedule(struct ip_vs_service *svc, const struct sk_buff *skb)
204{ 204{
205 struct ip_vs_dest *dest; 205 struct ip_vs_dest *dest;
206 struct ip_vs_dh_bucket *tbl; 206 struct ip_vs_dh_bucket *tbl;
207 struct iphdr *iph = skb->nh.iph; 207 struct iphdr *iph = ip_hdr(skb);
208 208
209 IP_VS_DBG(6, "ip_vs_dh_schedule(): Scheduling...\n"); 209 IP_VS_DBG(6, "ip_vs_dh_schedule(): Scheduling...\n");
210 210
diff --git a/net/ipv4/ipvs/ip_vs_ftp.c b/net/ipv4/ipvs/ip_vs_ftp.c
index 847c47af040c..25bd68967305 100644
--- a/net/ipv4/ipvs/ip_vs_ftp.c
+++ b/net/ipv4/ipvs/ip_vs_ftp.c
@@ -159,7 +159,7 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
159 return 0; 159 return 0;
160 160
161 if (cp->app_data == &ip_vs_ftp_pasv) { 161 if (cp->app_data == &ip_vs_ftp_pasv) {
162 iph = (*pskb)->nh.iph; 162 iph = ip_hdr(*pskb);
163 th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); 163 th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]);
164 data = (char *)th + (th->doff << 2); 164 data = (char *)th + (th->doff << 2);
165 data_limit = (*pskb)->tail; 165 data_limit = (*pskb)->tail;
@@ -262,7 +262,7 @@ static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp,
262 /* 262 /*
263 * Detecting whether it is passive 263 * Detecting whether it is passive
264 */ 264 */
265 iph = (*pskb)->nh.iph; 265 iph = ip_hdr(*pskb);
266 th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); 266 th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]);
267 267
268 /* Since there may be OPTIONS in the TCP packet and the HLEN is 268 /* Since there may be OPTIONS in the TCP packet and the HLEN is
diff --git a/net/ipv4/ipvs/ip_vs_lblc.c b/net/ipv4/ipvs/ip_vs_lblc.c
index c801273cb881..052f4ed59174 100644
--- a/net/ipv4/ipvs/ip_vs_lblc.c
+++ b/net/ipv4/ipvs/ip_vs_lblc.c
@@ -521,7 +521,7 @@ ip_vs_lblc_schedule(struct ip_vs_service *svc, const struct sk_buff *skb)
521 struct ip_vs_dest *dest; 521 struct ip_vs_dest *dest;
522 struct ip_vs_lblc_table *tbl; 522 struct ip_vs_lblc_table *tbl;
523 struct ip_vs_lblc_entry *en; 523 struct ip_vs_lblc_entry *en;
524 struct iphdr *iph = skb->nh.iph; 524 struct iphdr *iph = ip_hdr(skb);
525 525
526 IP_VS_DBG(6, "ip_vs_lblc_schedule(): Scheduling...\n"); 526 IP_VS_DBG(6, "ip_vs_lblc_schedule(): Scheduling...\n");
527 527
diff --git a/net/ipv4/ipvs/ip_vs_lblcr.c b/net/ipv4/ipvs/ip_vs_lblcr.c
index 23f9b9e73c85..6225acac7a3b 100644
--- a/net/ipv4/ipvs/ip_vs_lblcr.c
+++ b/net/ipv4/ipvs/ip_vs_lblcr.c
@@ -775,7 +775,7 @@ ip_vs_lblcr_schedule(struct ip_vs_service *svc, const struct sk_buff *skb)
775 struct ip_vs_dest *dest; 775 struct ip_vs_dest *dest;
776 struct ip_vs_lblcr_table *tbl; 776 struct ip_vs_lblcr_table *tbl;
777 struct ip_vs_lblcr_entry *en; 777 struct ip_vs_lblcr_entry *en;
778 struct iphdr *iph = skb->nh.iph; 778 struct iphdr *iph = ip_hdr(skb);
779 779
780 IP_VS_DBG(6, "ip_vs_lblcr_schedule(): Scheduling...\n"); 780 IP_VS_DBG(6, "ip_vs_lblcr_schedule(): Scheduling...\n");
781 781
diff --git a/net/ipv4/ipvs/ip_vs_proto_tcp.c b/net/ipv4/ipvs/ip_vs_proto_tcp.c
index e65382da713e..e65577a77006 100644
--- a/net/ipv4/ipvs/ip_vs_proto_tcp.c
+++ b/net/ipv4/ipvs/ip_vs_proto_tcp.c
@@ -83,8 +83,8 @@ tcp_conn_schedule(struct sk_buff *skb,
83 } 83 }
84 84
85 if (th->syn && 85 if (th->syn &&
86 (svc = ip_vs_service_get(skb->mark, skb->nh.iph->protocol, 86 (svc = ip_vs_service_get(skb->mark, ip_hdr(skb)->protocol,
87 skb->nh.iph->daddr, th->dest))) { 87 ip_hdr(skb)->daddr, th->dest))) {
88 if (ip_vs_todrop()) { 88 if (ip_vs_todrop()) {
89 /* 89 /*
90 * It seems that we are very loaded. 90 * It seems that we are very loaded.
@@ -142,7 +142,7 @@ tcp_snat_handler(struct sk_buff **pskb,
142 return 0; 142 return 0;
143 } 143 }
144 144
145 tcph = (void *)(*pskb)->nh.iph + tcphoff; 145 tcph = (void *)ip_hdr(*pskb) + tcphoff;
146 tcph->source = cp->vport; 146 tcph->source = cp->vport;
147 147
148 /* Adjust TCP checksums */ 148 /* Adjust TCP checksums */
@@ -193,7 +193,7 @@ tcp_dnat_handler(struct sk_buff **pskb,
193 return 0; 193 return 0;
194 } 194 }
195 195
196 tcph = (void *)(*pskb)->nh.iph + tcphoff; 196 tcph = (void *)ip_hdr(*pskb) + tcphoff;
197 tcph->dest = cp->dport; 197 tcph->dest = cp->dport;
198 198
199 /* 199 /*
@@ -229,9 +229,9 @@ tcp_csum_check(struct sk_buff *skb, struct ip_vs_protocol *pp)
229 case CHECKSUM_NONE: 229 case CHECKSUM_NONE:
230 skb->csum = skb_checksum(skb, tcphoff, skb->len - tcphoff, 0); 230 skb->csum = skb_checksum(skb, tcphoff, skb->len - tcphoff, 0);
231 case CHECKSUM_COMPLETE: 231 case CHECKSUM_COMPLETE:
232 if (csum_tcpudp_magic(skb->nh.iph->saddr, skb->nh.iph->daddr, 232 if (csum_tcpudp_magic(ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
233 skb->len - tcphoff, 233 skb->len - tcphoff,
234 skb->nh.iph->protocol, skb->csum)) { 234 ip_hdr(skb)->protocol, skb->csum)) {
235 IP_VS_DBG_RL_PKT(0, pp, skb, 0, 235 IP_VS_DBG_RL_PKT(0, pp, skb, 0,
236 "Failed checksum for"); 236 "Failed checksum for");
237 return 0; 237 return 0;
diff --git a/net/ipv4/ipvs/ip_vs_proto_udp.c b/net/ipv4/ipvs/ip_vs_proto_udp.c
index 2cd950638923..8ee5fe6a101d 100644
--- a/net/ipv4/ipvs/ip_vs_proto_udp.c
+++ b/net/ipv4/ipvs/ip_vs_proto_udp.c
@@ -89,8 +89,8 @@ udp_conn_schedule(struct sk_buff *skb, struct ip_vs_protocol *pp,
89 return 0; 89 return 0;
90 } 90 }
91 91
92 if ((svc = ip_vs_service_get(skb->mark, skb->nh.iph->protocol, 92 if ((svc = ip_vs_service_get(skb->mark, ip_hdr(skb)->protocol,
93 skb->nh.iph->daddr, uh->dest))) { 93 ip_hdr(skb)->daddr, uh->dest))) {
94 if (ip_vs_todrop()) { 94 if (ip_vs_todrop()) {
95 /* 95 /*
96 * It seems that we are very loaded. 96 * It seems that we are very loaded.
@@ -151,7 +151,7 @@ udp_snat_handler(struct sk_buff **pskb,
151 return 0; 151 return 0;
152 } 152 }
153 153
154 udph = (void *)(*pskb)->nh.iph + udphoff; 154 udph = (void *)ip_hdr(*pskb) + udphoff;
155 udph->source = cp->vport; 155 udph->source = cp->vport;
156 156
157 /* 157 /*
@@ -206,7 +206,7 @@ udp_dnat_handler(struct sk_buff **pskb,
206 return 0; 206 return 0;
207 } 207 }
208 208
209 udph = (void *)(*pskb)->nh.iph + udphoff; 209 udph = (void *)ip_hdr(*pskb) + udphoff;
210 udph->dest = cp->dport; 210 udph->dest = cp->dport;
211 211
212 /* 212 /*
@@ -251,10 +251,10 @@ udp_csum_check(struct sk_buff *skb, struct ip_vs_protocol *pp)
251 skb->csum = skb_checksum(skb, udphoff, 251 skb->csum = skb_checksum(skb, udphoff,
252 skb->len - udphoff, 0); 252 skb->len - udphoff, 0);
253 case CHECKSUM_COMPLETE: 253 case CHECKSUM_COMPLETE:
254 if (csum_tcpudp_magic(skb->nh.iph->saddr, 254 if (csum_tcpudp_magic(ip_hdr(skb)->saddr,
255 skb->nh.iph->daddr, 255 ip_hdr(skb)->daddr,
256 skb->len - udphoff, 256 skb->len - udphoff,
257 skb->nh.iph->protocol, 257 ip_hdr(skb)->protocol,
258 skb->csum)) { 258 skb->csum)) {
259 IP_VS_DBG_RL_PKT(0, pp, skb, 0, 259 IP_VS_DBG_RL_PKT(0, pp, skb, 0,
260 "Failed checksum for"); 260 "Failed checksum for");
diff --git a/net/ipv4/ipvs/ip_vs_sh.c b/net/ipv4/ipvs/ip_vs_sh.c
index 338668f88fe2..1b25b00ef1e1 100644
--- a/net/ipv4/ipvs/ip_vs_sh.c
+++ b/net/ipv4/ipvs/ip_vs_sh.c
@@ -201,7 +201,7 @@ ip_vs_sh_schedule(struct ip_vs_service *svc, const struct sk_buff *skb)
201{ 201{
202 struct ip_vs_dest *dest; 202 struct ip_vs_dest *dest;
203 struct ip_vs_sh_bucket *tbl; 203 struct ip_vs_sh_bucket *tbl;
204 struct iphdr *iph = skb->nh.iph; 204 struct iphdr *iph = ip_hdr(skb);
205 205
206 IP_VS_DBG(6, "ip_vs_sh_schedule(): Scheduling...\n"); 206 IP_VS_DBG(6, "ip_vs_sh_schedule(): Scheduling...\n");
207 207
diff --git a/net/ipv4/ipvs/ip_vs_xmit.c b/net/ipv4/ipvs/ip_vs_xmit.c
index d1403d0855ed..a7aee6822033 100644
--- a/net/ipv4/ipvs/ip_vs_xmit.c
+++ b/net/ipv4/ipvs/ip_vs_xmit.c
@@ -156,7 +156,7 @@ ip_vs_bypass_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
156 struct ip_vs_protocol *pp) 156 struct ip_vs_protocol *pp)
157{ 157{
158 struct rtable *rt; /* Route to the other host */ 158 struct rtable *rt; /* Route to the other host */
159 struct iphdr *iph = skb->nh.iph; 159 struct iphdr *iph = ip_hdr(skb);
160 u8 tos = iph->tos; 160 u8 tos = iph->tos;
161 int mtu; 161 int mtu;
162 struct flowi fl = { 162 struct flowi fl = {
@@ -193,7 +193,7 @@ ip_vs_bypass_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
193 ip_rt_put(rt); 193 ip_rt_put(rt);
194 return NF_STOLEN; 194 return NF_STOLEN;
195 } 195 }
196 ip_send_check(skb->nh.iph); 196 ip_send_check(ip_hdr(skb));
197 197
198 /* drop old route */ 198 /* drop old route */
199 dst_release(skb->dst); 199 dst_release(skb->dst);
@@ -226,7 +226,7 @@ ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
226{ 226{
227 struct rtable *rt; /* Route to the other host */ 227 struct rtable *rt; /* Route to the other host */
228 int mtu; 228 int mtu;
229 struct iphdr *iph = skb->nh.iph; 229 struct iphdr *iph = ip_hdr(skb);
230 230
231 EnterFunction(10); 231 EnterFunction(10);
232 232
@@ -266,8 +266,8 @@ ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
266 /* mangle the packet */ 266 /* mangle the packet */
267 if (pp->dnat_handler && !pp->dnat_handler(&skb, pp, cp)) 267 if (pp->dnat_handler && !pp->dnat_handler(&skb, pp, cp))
268 goto tx_error; 268 goto tx_error;
269 skb->nh.iph->daddr = cp->daddr; 269 ip_hdr(skb)->daddr = cp->daddr;
270 ip_send_check(skb->nh.iph); 270 ip_send_check(ip_hdr(skb));
271 271
272 IP_VS_DBG_PKT(10, pp, skb, 0, "After DNAT"); 272 IP_VS_DBG_PKT(10, pp, skb, 0, "After DNAT");
273 273
@@ -320,7 +320,7 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
320{ 320{
321 struct rtable *rt; /* Route to the other host */ 321 struct rtable *rt; /* Route to the other host */
322 struct net_device *tdev; /* Device to other host */ 322 struct net_device *tdev; /* Device to other host */
323 struct iphdr *old_iph = skb->nh.iph; 323 struct iphdr *old_iph = ip_hdr(skb);
324 u8 tos = old_iph->tos; 324 u8 tos = old_iph->tos;
325 __be16 df = old_iph->frag_off; 325 __be16 df = old_iph->frag_off;
326 struct iphdr *iph; /* Our new IP header */ 326 struct iphdr *iph; /* Our new IP header */
@@ -377,7 +377,7 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
377 } 377 }
378 kfree_skb(skb); 378 kfree_skb(skb);
379 skb = new_skb; 379 skb = new_skb;
380 old_iph = skb->nh.iph; 380 old_iph = ip_hdr(skb);
381 } 381 }
382 382
383 skb->h.raw = (void *) old_iph; 383 skb->h.raw = (void *) old_iph;
@@ -396,7 +396,7 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
396 /* 396 /*
397 * Push down and install the IPIP header. 397 * Push down and install the IPIP header.
398 */ 398 */
399 iph = skb->nh.iph; 399 iph = ip_hdr(skb);
400 iph->version = 4; 400 iph->version = 4;
401 iph->ihl = sizeof(struct iphdr)>>2; 401 iph->ihl = sizeof(struct iphdr)>>2;
402 iph->frag_off = df; 402 iph->frag_off = df;
@@ -436,7 +436,7 @@ ip_vs_dr_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
436 struct ip_vs_protocol *pp) 436 struct ip_vs_protocol *pp)
437{ 437{
438 struct rtable *rt; /* Route to the other host */ 438 struct rtable *rt; /* Route to the other host */
439 struct iphdr *iph = skb->nh.iph; 439 struct iphdr *iph = ip_hdr(skb);
440 int mtu; 440 int mtu;
441 441
442 EnterFunction(10); 442 EnterFunction(10);
@@ -461,7 +461,7 @@ ip_vs_dr_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
461 ip_rt_put(rt); 461 ip_rt_put(rt);
462 return NF_STOLEN; 462 return NF_STOLEN;
463 } 463 }
464 ip_send_check(skb->nh.iph); 464 ip_send_check(ip_hdr(skb));
465 465
466 /* drop old route */ 466 /* drop old route */
467 dst_release(skb->dst); 467 dst_release(skb->dst);
@@ -515,12 +515,12 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
515 * mangle and send the packet here (only for VS/NAT) 515 * mangle and send the packet here (only for VS/NAT)
516 */ 516 */
517 517
518 if (!(rt = __ip_vs_get_out_rt(cp, RT_TOS(skb->nh.iph->tos)))) 518 if (!(rt = __ip_vs_get_out_rt(cp, RT_TOS(ip_hdr(skb)->tos))))
519 goto tx_error_icmp; 519 goto tx_error_icmp;
520 520
521 /* MTU checking */ 521 /* MTU checking */
522 mtu = dst_mtu(&rt->u.dst); 522 mtu = dst_mtu(&rt->u.dst);
523 if ((skb->len > mtu) && (skb->nh.iph->frag_off & htons(IP_DF))) { 523 if ((skb->len > mtu) && (ip_hdr(skb)->frag_off & htons(IP_DF))) {
524 ip_rt_put(rt); 524 ip_rt_put(rt);
525 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu)); 525 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
526 IP_VS_DBG_RL("ip_vs_in_icmp(): frag needed\n"); 526 IP_VS_DBG_RL("ip_vs_in_icmp(): frag needed\n");
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index 6069a11514f6..b44192924f95 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -10,7 +10,7 @@
10/* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */ 10/* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */
11int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type) 11int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type)
12{ 12{
13 struct iphdr *iph = (*pskb)->nh.iph; 13 const struct iphdr *iph = ip_hdr(*pskb);
14 struct rtable *rt; 14 struct rtable *rt;
15 struct flowi fl = {}; 15 struct flowi fl = {};
16 struct dst_entry *odst; 16 struct dst_entry *odst;
@@ -142,7 +142,7 @@ static void nf_ip_saveroute(const struct sk_buff *skb, struct nf_info *info)
142 struct ip_rt_info *rt_info = nf_info_reroute(info); 142 struct ip_rt_info *rt_info = nf_info_reroute(info);
143 143
144 if (info->hook == NF_IP_LOCAL_OUT) { 144 if (info->hook == NF_IP_LOCAL_OUT) {
145 const struct iphdr *iph = skb->nh.iph; 145 const struct iphdr *iph = ip_hdr(skb);
146 146
147 rt_info->tos = iph->tos; 147 rt_info->tos = iph->tos;
148 rt_info->daddr = iph->daddr; 148 rt_info->daddr = iph->daddr;
@@ -155,7 +155,7 @@ static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info)
155 const struct ip_rt_info *rt_info = nf_info_reroute(info); 155 const struct ip_rt_info *rt_info = nf_info_reroute(info);
156 156
157 if (info->hook == NF_IP_LOCAL_OUT) { 157 if (info->hook == NF_IP_LOCAL_OUT) {
158 struct iphdr *iph = (*pskb)->nh.iph; 158 const struct iphdr *iph = ip_hdr(*pskb);
159 159
160 if (!(iph->tos == rt_info->tos 160 if (!(iph->tos == rt_info->tos
161 && iph->daddr == rt_info->daddr 161 && iph->daddr == rt_info->daddr
@@ -168,7 +168,7 @@ static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info)
168__sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook, 168__sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
169 unsigned int dataoff, u_int8_t protocol) 169 unsigned int dataoff, u_int8_t protocol)
170{ 170{
171 struct iphdr *iph = skb->nh.iph; 171 const struct iphdr *iph = ip_hdr(skb);
172 __sum16 csum = 0; 172 __sum16 csum = 0;
173 173
174 switch (skb->ip_summed) { 174 switch (skb->ip_summed) {
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index 8c013d9f6907..986c0c81294f 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -748,9 +748,9 @@ resolve_normal_ct(struct sk_buff *skb,
748 struct ip_conntrack_tuple_hash *h; 748 struct ip_conntrack_tuple_hash *h;
749 struct ip_conntrack *ct; 749 struct ip_conntrack *ct;
750 750
751 IP_NF_ASSERT((skb->nh.iph->frag_off & htons(IP_OFFSET)) == 0); 751 IP_NF_ASSERT((ip_hdr(skb)->frag_off & htons(IP_OFFSET)) == 0);
752 752
753 if (!ip_ct_get_tuple(skb->nh.iph, skb, ip_hdrlen(skb), &tuple,proto)) 753 if (!ip_ct_get_tuple(ip_hdr(skb), skb, ip_hdrlen(skb), &tuple,proto))
754 return NULL; 754 return NULL;
755 755
756 /* look for tuple match */ 756 /* look for tuple match */
@@ -811,10 +811,10 @@ unsigned int ip_conntrack_in(unsigned int hooknum,
811 } 811 }
812 812
813 /* Never happen */ 813 /* Never happen */
814 if ((*pskb)->nh.iph->frag_off & htons(IP_OFFSET)) { 814 if (ip_hdr(*pskb)->frag_off & htons(IP_OFFSET)) {
815 if (net_ratelimit()) { 815 if (net_ratelimit()) {
816 printk(KERN_ERR "ip_conntrack_in: Frag of proto %u (hook=%u)\n", 816 printk(KERN_ERR "ip_conntrack_in: Frag of proto %u (hook=%u)\n",
817 (*pskb)->nh.iph->protocol, hooknum); 817 ip_hdr(*pskb)->protocol, hooknum);
818 } 818 }
819 return NF_DROP; 819 return NF_DROP;
820 } 820 }
@@ -825,17 +825,17 @@ unsigned int ip_conntrack_in(unsigned int hooknum,
825 if ((*pskb)->pkt_type == PACKET_BROADCAST) { 825 if ((*pskb)->pkt_type == PACKET_BROADCAST) {
826 printk("Broadcast packet!\n"); 826 printk("Broadcast packet!\n");
827 return NF_ACCEPT; 827 return NF_ACCEPT;
828 } else if (((*pskb)->nh.iph->daddr & htonl(0x000000FF)) 828 } else if ((ip_hdr(*pskb)->daddr & htonl(0x000000FF))
829 == htonl(0x000000FF)) { 829 == htonl(0x000000FF)) {
830 printk("Should bcast: %u.%u.%u.%u->%u.%u.%u.%u (sk=%p, ptype=%u)\n", 830 printk("Should bcast: %u.%u.%u.%u->%u.%u.%u.%u (sk=%p, ptype=%u)\n",
831 NIPQUAD((*pskb)->nh.iph->saddr), 831 NIPQUAD(ip_hdr(*pskb)->saddr),
832 NIPQUAD((*pskb)->nh.iph->daddr), 832 NIPQUAD(ip_hdr(*pskb)->daddr),
833 (*pskb)->sk, (*pskb)->pkt_type); 833 (*pskb)->sk, (*pskb)->pkt_type);
834 } 834 }
835#endif 835#endif
836 836
837 /* rcu_read_lock()ed by nf_hook_slow */ 837 /* rcu_read_lock()ed by nf_hook_slow */
838 proto = __ip_conntrack_proto_find((*pskb)->nh.iph->protocol); 838 proto = __ip_conntrack_proto_find(ip_hdr(*pskb)->protocol);
839 839
840 /* It may be an special packet, error, unclean... 840 /* It may be an special packet, error, unclean...
841 * inverse of the return code tells to the netfilter 841 * inverse of the return code tells to the netfilter
@@ -1152,7 +1152,7 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct,
1152 if (do_acct) { 1152 if (do_acct) {
1153 ct->counters[CTINFO2DIR(ctinfo)].packets++; 1153 ct->counters[CTINFO2DIR(ctinfo)].packets++;
1154 ct->counters[CTINFO2DIR(ctinfo)].bytes += 1154 ct->counters[CTINFO2DIR(ctinfo)].bytes +=
1155 ntohs(skb->nh.iph->tot_len); 1155 ntohs(ip_hdr(skb)->tot_len);
1156 if ((ct->counters[CTINFO2DIR(ctinfo)].packets & 0x80000000) 1156 if ((ct->counters[CTINFO2DIR(ctinfo)].packets & 0x80000000)
1157 || (ct->counters[CTINFO2DIR(ctinfo)].bytes & 0x80000000)) 1157 || (ct->counters[CTINFO2DIR(ctinfo)].bytes & 0x80000000))
1158 event |= IPCT_COUNTER_FILLING; 1158 event |= IPCT_COUNTER_FILLING;
@@ -1210,7 +1210,7 @@ ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user)
1210 local_bh_enable(); 1210 local_bh_enable();
1211 1211
1212 if (skb) 1212 if (skb)
1213 ip_send_check(skb->nh.iph); 1213 ip_send_check(ip_hdr(skb));
1214 return skb; 1214 return skb;
1215} 1215}
1216 1216
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323.c b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
index 5d638149b0e0..cecb6e0c8ed0 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_h323.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
@@ -576,8 +576,8 @@ static int h245_help(struct sk_buff **pskb, struct ip_conntrack *ct,
576 /* Process each TPKT */ 576 /* Process each TPKT */
577 while (get_tpkt_data(pskb, ct, ctinfo, &data, &datalen, &dataoff)) { 577 while (get_tpkt_data(pskb, ct, ctinfo, &data, &datalen, &dataoff)) {
578 DEBUGP("ip_ct_h245: TPKT %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n", 578 DEBUGP("ip_ct_h245: TPKT %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
579 NIPQUAD((*pskb)->nh.iph->saddr), 579 NIPQUAD(ip_hdr(*pskb)->saddr),
580 NIPQUAD((*pskb)->nh.iph->daddr), datalen); 580 NIPQUAD(ip_hdr(*pskb)->daddr), datalen);
581 581
582 /* Decode H.245 signal */ 582 /* Decode H.245 signal */
583 ret = DecodeMultimediaSystemControlMessage(data, datalen, 583 ret = DecodeMultimediaSystemControlMessage(data, datalen,
@@ -1128,8 +1128,8 @@ static int q931_help(struct sk_buff **pskb, struct ip_conntrack *ct,
1128 /* Process each TPKT */ 1128 /* Process each TPKT */
1129 while (get_tpkt_data(pskb, ct, ctinfo, &data, &datalen, &dataoff)) { 1129 while (get_tpkt_data(pskb, ct, ctinfo, &data, &datalen, &dataoff)) {
1130 DEBUGP("ip_ct_q931: TPKT %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n", 1130 DEBUGP("ip_ct_q931: TPKT %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
1131 NIPQUAD((*pskb)->nh.iph->saddr), 1131 NIPQUAD(ip_hdr(*pskb)->saddr),
1132 NIPQUAD((*pskb)->nh.iph->daddr), datalen); 1132 NIPQUAD(ip_hdr(*pskb)->daddr), datalen);
1133 1133
1134 /* Decode Q.931 signal */ 1134 /* Decode Q.931 signal */
1135 ret = DecodeQ931(data, datalen, &q931); 1135 ret = DecodeQ931(data, datalen, &q931);
@@ -1741,8 +1741,8 @@ static int ras_help(struct sk_buff **pskb, struct ip_conntrack *ct,
1741 if (data == NULL) 1741 if (data == NULL)
1742 goto accept; 1742 goto accept;
1743 DEBUGP("ip_ct_ras: RAS message %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n", 1743 DEBUGP("ip_ct_ras: RAS message %u.%u.%u.%u->%u.%u.%u.%u, len=%d\n",
1744 NIPQUAD((*pskb)->nh.iph->saddr), 1744 NIPQUAD(ip_hdr(*pskb)->saddr),
1745 NIPQUAD((*pskb)->nh.iph->daddr), datalen); 1745 NIPQUAD(ip_hdr(*pskb)->daddr), datalen);
1746 1746
1747 /* Decode RAS message */ 1747 /* Decode RAS message */
1748 ret = DecodeRasMessage(data, datalen, &ras); 1748 ret = DecodeRasMessage(data, datalen, &ras);
diff --git a/net/ipv4/netfilter/ip_conntrack_netbios_ns.c b/net/ipv4/netfilter/ip_conntrack_netbios_ns.c
index cc6dd49c9da0..df07c5f1d874 100644
--- a/net/ipv4/netfilter/ip_conntrack_netbios_ns.c
+++ b/net/ipv4/netfilter/ip_conntrack_netbios_ns.c
@@ -45,7 +45,7 @@ static int help(struct sk_buff **pskb,
45 struct ip_conntrack *ct, enum ip_conntrack_info ctinfo) 45 struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
46{ 46{
47 struct ip_conntrack_expect *exp; 47 struct ip_conntrack_expect *exp;
48 struct iphdr *iph = (*pskb)->nh.iph; 48 struct iphdr *iph = ip_hdr(*pskb);
49 struct rtable *rt = (struct rtable *)(*pskb)->dst; 49 struct rtable *rt = (struct rtable *)(*pskb)->dst;
50 struct in_device *in_dev; 50 struct in_device *in_dev;
51 __be32 mask = 0; 51 __be32 mask = 0;
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
index e29c436144b3..91d0c05c8e86 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
@@ -316,7 +316,7 @@ static int sctp_packet(struct ip_conntrack *conntrack,
316 enum ip_conntrack_info ctinfo) 316 enum ip_conntrack_info ctinfo)
317{ 317{
318 enum sctp_conntrack newconntrack, oldsctpstate; 318 enum sctp_conntrack newconntrack, oldsctpstate;
319 struct iphdr *iph = skb->nh.iph; 319 struct iphdr *iph = ip_hdr(skb);
320 sctp_sctphdr_t _sctph, *sh; 320 sctp_sctphdr_t _sctph, *sh;
321 sctp_chunkhdr_t _sch, *sch; 321 sctp_chunkhdr_t _sch, *sch;
322 u_int32_t offset, count; 322 u_int32_t offset, count;
@@ -430,7 +430,7 @@ static int sctp_new(struct ip_conntrack *conntrack,
430 const struct sk_buff *skb) 430 const struct sk_buff *skb)
431{ 431{
432 enum sctp_conntrack newconntrack; 432 enum sctp_conntrack newconntrack;
433 struct iphdr *iph = skb->nh.iph; 433 struct iphdr *iph = ip_hdr(skb);
434 sctp_sctphdr_t _sctph, *sh; 434 sctp_sctphdr_t _sctph, *sh;
435 sctp_chunkhdr_t _sch, *sch; 435 sctp_chunkhdr_t _sch, *sch;
436 u_int32_t offset, count; 436 u_int32_t offset, count;
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
index fce3a3c69815..d03436edfd93 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
@@ -770,8 +770,8 @@ void ip_conntrack_tcp_update(struct sk_buff *skb,
770 struct ip_conntrack *conntrack, 770 struct ip_conntrack *conntrack,
771 enum ip_conntrack_dir dir) 771 enum ip_conntrack_dir dir)
772{ 772{
773 struct iphdr *iph = skb->nh.iph; 773 struct iphdr *iph = ip_hdr(skb);
774 struct tcphdr *tcph = (void *)skb->nh.iph + ip_hdrlen(skb); 774 struct tcphdr *tcph = (void *)iph + ip_hdrlen(skb);
775 __u32 end; 775 __u32 end;
776#ifdef DEBUGP_VARS 776#ifdef DEBUGP_VARS
777 struct ip_ct_tcp_state *sender = &conntrack->proto.tcp.seen[dir]; 777 struct ip_ct_tcp_state *sender = &conntrack->proto.tcp.seen[dir];
@@ -834,13 +834,13 @@ static int tcp_error(struct sk_buff *skb,
834 enum ip_conntrack_info *ctinfo, 834 enum ip_conntrack_info *ctinfo,
835 unsigned int hooknum) 835 unsigned int hooknum)
836{ 836{
837 struct iphdr *iph = skb->nh.iph; 837 const unsigned int hdrlen = ip_hdrlen(skb);
838 struct tcphdr _tcph, *th; 838 struct tcphdr _tcph, *th;
839 unsigned int tcplen = skb->len - iph->ihl * 4; 839 unsigned int tcplen = skb->len - hdrlen;
840 u_int8_t tcpflags; 840 u_int8_t tcpflags;
841 841
842 /* Smaller that minimal TCP header? */ 842 /* Smaller that minimal TCP header? */
843 th = skb_header_pointer(skb, iph->ihl * 4, 843 th = skb_header_pointer(skb, hdrlen,
844 sizeof(_tcph), &_tcph); 844 sizeof(_tcph), &_tcph);
845 if (th == NULL) { 845 if (th == NULL) {
846 if (LOG_INVALID(IPPROTO_TCP)) 846 if (LOG_INVALID(IPPROTO_TCP))
@@ -863,7 +863,7 @@ static int tcp_error(struct sk_buff *skb,
863 */ 863 */
864 /* FIXME: Source route IP option packets --RR */ 864 /* FIXME: Source route IP option packets --RR */
865 if (ip_conntrack_checksum && hooknum == NF_IP_PRE_ROUTING && 865 if (ip_conntrack_checksum && hooknum == NF_IP_PRE_ROUTING &&
866 nf_ip_checksum(skb, hooknum, iph->ihl * 4, IPPROTO_TCP)) { 866 nf_ip_checksum(skb, hooknum, hdrlen, IPPROTO_TCP)) {
867 if (LOG_INVALID(IPPROTO_TCP)) 867 if (LOG_INVALID(IPPROTO_TCP))
868 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, 868 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
869 "ip_ct_tcp: bad TCP checksum "); 869 "ip_ct_tcp: bad TCP checksum ");
@@ -889,7 +889,7 @@ static int tcp_packet(struct ip_conntrack *conntrack,
889{ 889{
890 enum tcp_conntrack new_state, old_state; 890 enum tcp_conntrack new_state, old_state;
891 enum ip_conntrack_dir dir; 891 enum ip_conntrack_dir dir;
892 struct iphdr *iph = skb->nh.iph; 892 struct iphdr *iph = ip_hdr(skb);
893 struct tcphdr *th, _tcph; 893 struct tcphdr *th, _tcph;
894 unsigned long timeout; 894 unsigned long timeout;
895 unsigned int index; 895 unsigned int index;
@@ -1062,7 +1062,7 @@ static int tcp_new(struct ip_conntrack *conntrack,
1062 const struct sk_buff *skb) 1062 const struct sk_buff *skb)
1063{ 1063{
1064 enum tcp_conntrack new_state; 1064 enum tcp_conntrack new_state;
1065 struct iphdr *iph = skb->nh.iph; 1065 struct iphdr *iph = ip_hdr(skb);
1066 struct tcphdr *th, _tcph; 1066 struct tcphdr *th, _tcph;
1067#ifdef DEBUGP_VARS 1067#ifdef DEBUGP_VARS
1068 struct ip_ct_tcp_state *sender = &conntrack->proto.tcp.seen[0]; 1068 struct ip_ct_tcp_state *sender = &conntrack->proto.tcp.seen[0];
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_udp.c b/net/ipv4/netfilter/ip_conntrack_proto_udp.c
index 14c30c646c7f..3b47987bf1bb 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_udp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_udp.c
@@ -89,12 +89,12 @@ static int udp_new(struct ip_conntrack *conntrack, const struct sk_buff *skb)
89static int udp_error(struct sk_buff *skb, enum ip_conntrack_info *ctinfo, 89static int udp_error(struct sk_buff *skb, enum ip_conntrack_info *ctinfo,
90 unsigned int hooknum) 90 unsigned int hooknum)
91{ 91{
92 struct iphdr *iph = skb->nh.iph; 92 const unsigned int hdrlen = ip_hdrlen(skb);
93 unsigned int udplen = skb->len - iph->ihl * 4; 93 unsigned int udplen = skb->len - hdrlen;
94 struct udphdr _hdr, *hdr; 94 struct udphdr _hdr, *hdr;
95 95
96 /* Header is too small? */ 96 /* Header is too small? */
97 hdr = skb_header_pointer(skb, iph->ihl*4, sizeof(_hdr), &_hdr); 97 hdr = skb_header_pointer(skb, hdrlen, sizeof(_hdr), &_hdr);
98 if (hdr == NULL) { 98 if (hdr == NULL) {
99 if (LOG_INVALID(IPPROTO_UDP)) 99 if (LOG_INVALID(IPPROTO_UDP))
100 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, 100 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
@@ -119,7 +119,7 @@ static int udp_error(struct sk_buff *skb, enum ip_conntrack_info *ctinfo,
119 * because the checksum is assumed to be correct. 119 * because the checksum is assumed to be correct.
120 * FIXME: Source route IP option packets --RR */ 120 * FIXME: Source route IP option packets --RR */
121 if (ip_conntrack_checksum && hooknum == NF_IP_PRE_ROUTING && 121 if (ip_conntrack_checksum && hooknum == NF_IP_PRE_ROUTING &&
122 nf_ip_checksum(skb, hooknum, iph->ihl * 4, IPPROTO_UDP)) { 122 nf_ip_checksum(skb, hooknum, hdrlen, IPPROTO_UDP)) {
123 if (LOG_INVALID(IPPROTO_UDP)) 123 if (LOG_INVALID(IPPROTO_UDP))
124 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, 124 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
125 "ip_ct_udp: bad UDP checksum "); 125 "ip_ct_udp: bad UDP checksum ");
diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c
index 92609a4dcd74..c32200153d62 100644
--- a/net/ipv4/netfilter/ip_conntrack_standalone.c
+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c
@@ -439,7 +439,7 @@ static unsigned int ip_conntrack_defrag(unsigned int hooknum,
439#endif 439#endif
440 440
441 /* Gather fragments. */ 441 /* Gather fragments. */
442 if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { 442 if (ip_hdr(*pskb)->frag_off & htons(IP_MF | IP_OFFSET)) {
443 *pskb = ip_ct_gather_frags(*pskb, 443 *pskb = ip_ct_gather_frags(*pskb,
444 hooknum == NF_IP_PRE_ROUTING ? 444 hooknum == NF_IP_PRE_ROUTING ?
445 IP_DEFRAG_CONNTRACK_IN : 445 IP_DEFRAG_CONNTRACK_IN :
diff --git a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c
index 25624e558562..4cddc2951744 100644
--- a/net/ipv4/netfilter/ip_nat_helper.c
+++ b/net/ipv4/netfilter/ip_nat_helper.c
@@ -94,7 +94,7 @@ static void mangle_contents(struct sk_buff *skb,
94 unsigned char *data; 94 unsigned char *data;
95 95
96 BUG_ON(skb_is_nonlinear(skb)); 96 BUG_ON(skb_is_nonlinear(skb));
97 data = (unsigned char *)skb->nh.iph + dataoff; 97 data = skb_network_header(skb) + dataoff;
98 98
99 /* move post-replacement */ 99 /* move post-replacement */
100 memmove(data + match_offset + rep_len, 100 memmove(data + match_offset + rep_len,
@@ -118,8 +118,8 @@ static void mangle_contents(struct sk_buff *skb,
118 } 118 }
119 119
120 /* fix IP hdr checksum information */ 120 /* fix IP hdr checksum information */
121 skb->nh.iph->tot_len = htons(skb->len); 121 ip_hdr(skb)->tot_len = htons(skb->len);
122 ip_send_check(skb->nh.iph); 122 ip_send_check(ip_hdr(skb));
123} 123}
124 124
125/* Unusual, but possible case. */ 125/* Unusual, but possible case. */
@@ -173,7 +173,7 @@ ip_nat_mangle_tcp_packet(struct sk_buff **pskb,
173 173
174 SKB_LINEAR_ASSERT(*pskb); 174 SKB_LINEAR_ASSERT(*pskb);
175 175
176 iph = (*pskb)->nh.iph; 176 iph = ip_hdr(*pskb);
177 tcph = (void *)iph + iph->ihl*4; 177 tcph = (void *)iph + iph->ihl*4;
178 178
179 oldlen = (*pskb)->len - iph->ihl*4; 179 oldlen = (*pskb)->len - iph->ihl*4;
@@ -227,7 +227,7 @@ ip_nat_mangle_udp_packet(struct sk_buff **pskb,
227 int datalen, oldlen; 227 int datalen, oldlen;
228 228
229 /* UDP helpers might accidentally mangle the wrong packet */ 229 /* UDP helpers might accidentally mangle the wrong packet */
230 iph = (*pskb)->nh.iph; 230 iph = ip_hdr(*pskb);
231 if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) + 231 if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) +
232 match_offset + match_len) 232 match_offset + match_len)
233 return 0; 233 return 0;
@@ -240,7 +240,7 @@ ip_nat_mangle_udp_packet(struct sk_buff **pskb,
240 && !enlarge_skb(pskb, rep_len - match_len)) 240 && !enlarge_skb(pskb, rep_len - match_len))
241 return 0; 241 return 0;
242 242
243 iph = (*pskb)->nh.iph; 243 iph = ip_hdr(*pskb);
244 udph = (void *)iph + iph->ihl*4; 244 udph = (void *)iph + iph->ihl*4;
245 245
246 oldlen = (*pskb)->len - iph->ihl*4; 246 oldlen = (*pskb)->len - iph->ihl*4;
diff --git a/net/ipv4/netfilter/ip_nat_helper_h323.c b/net/ipv4/netfilter/ip_nat_helper_h323.c
index 8b1e3388bd08..0d9444f9236b 100644
--- a/net/ipv4/netfilter/ip_nat_helper_h323.c
+++ b/net/ipv4/netfilter/ip_nat_helper_h323.c
@@ -46,7 +46,7 @@ static int set_addr(struct sk_buff **pskb,
46 buf.port = htons(port); 46 buf.port = htons(port);
47 addroff += dataoff; 47 addroff += dataoff;
48 48
49 if ((*pskb)->nh.iph->protocol == IPPROTO_TCP) { 49 if (ip_hdr(*pskb)->protocol == IPPROTO_TCP) {
50 if (!ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, 50 if (!ip_nat_mangle_tcp_packet(pskb, ct, ctinfo,
51 addroff, sizeof(buf), 51 addroff, sizeof(buf),
52 (char *) &buf, sizeof(buf))) { 52 (char *) &buf, sizeof(buf))) {
diff --git a/net/ipv4/netfilter/ip_nat_rule.c b/net/ipv4/netfilter/ip_nat_rule.c
index 080eb1d92200..25415a91e023 100644
--- a/net/ipv4/netfilter/ip_nat_rule.c
+++ b/net/ipv4/netfilter/ip_nat_rule.c
@@ -158,7 +158,7 @@ static unsigned int ipt_dnat_target(struct sk_buff **pskb,
158 158
159 if (hooknum == NF_IP_LOCAL_OUT 159 if (hooknum == NF_IP_LOCAL_OUT
160 && mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) 160 && mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)
161 warn_if_extra_mangle((*pskb)->nh.iph->daddr, 161 warn_if_extra_mangle(ip_hdr(*pskb)->daddr,
162 mr->range[0].min_ip); 162 mr->range[0].min_ip);
163 163
164 return ip_nat_setup_info(ct, &mr->range[0], hooknum); 164 return ip_nat_setup_info(ct, &mr->range[0], hooknum);
diff --git a/net/ipv4/netfilter/ip_nat_snmp_basic.c b/net/ipv4/netfilter/ip_nat_snmp_basic.c
index e41d0efae515..025e04587789 100644
--- a/net/ipv4/netfilter/ip_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/ip_nat_snmp_basic.c
@@ -1193,7 +1193,7 @@ static int snmp_translate(struct ip_conntrack *ct,
1193 enum ip_conntrack_info ctinfo, 1193 enum ip_conntrack_info ctinfo,
1194 struct sk_buff **pskb) 1194 struct sk_buff **pskb)
1195{ 1195{
1196 struct iphdr *iph = (*pskb)->nh.iph; 1196 struct iphdr *iph = ip_hdr(*pskb);
1197 struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl); 1197 struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl);
1198 u_int16_t udplen = ntohs(udph->len); 1198 u_int16_t udplen = ntohs(udph->len);
1199 u_int16_t paylen = udplen - sizeof(struct udphdr); 1199 u_int16_t paylen = udplen - sizeof(struct udphdr);
@@ -1234,7 +1234,7 @@ static int help(struct sk_buff **pskb,
1234{ 1234{
1235 int dir = CTINFO2DIR(ctinfo); 1235 int dir = CTINFO2DIR(ctinfo);
1236 unsigned int ret; 1236 unsigned int ret;
1237 struct iphdr *iph = (*pskb)->nh.iph; 1237 struct iphdr *iph = ip_hdr(*pskb);
1238 struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl); 1238 struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl);
1239 1239
1240 /* SNMP replies and originating SNMP traps get mangled */ 1240 /* SNMP replies and originating SNMP traps get mangled */
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
index dbaaf78ff9a3..32f7bf661fc8 100644
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -97,7 +97,7 @@ ip_nat_fn(unsigned int hooknum,
97 97
98 /* We never see fragments: conntrack defrags on pre-routing 98 /* We never see fragments: conntrack defrags on pre-routing
99 and local-out, and ip_nat_out protects post-routing. */ 99 and local-out, and ip_nat_out protects post-routing. */
100 IP_NF_ASSERT(!((*pskb)->nh.iph->frag_off 100 IP_NF_ASSERT(!(ip_hdr(*pskb)->frag_off
101 & htons(IP_MF|IP_OFFSET))); 101 & htons(IP_MF|IP_OFFSET)));
102 102
103 ct = ip_conntrack_get(*pskb, &ctinfo); 103 ct = ip_conntrack_get(*pskb, &ctinfo);
@@ -109,7 +109,7 @@ ip_nat_fn(unsigned int hooknum,
109 /* Exception: ICMP redirect to new connection (not in 109 /* Exception: ICMP redirect to new connection (not in
110 hash table yet). We must not let this through, in 110 hash table yet). We must not let this through, in
111 case we're doing NAT to the same network. */ 111 case we're doing NAT to the same network. */
112 if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) { 112 if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP) {
113 struct icmphdr _hdr, *hp; 113 struct icmphdr _hdr, *hp;
114 114
115 hp = skb_header_pointer(*pskb, ip_hdrlen(*pskb), 115 hp = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
@@ -128,7 +128,7 @@ ip_nat_fn(unsigned int hooknum,
128 switch (ctinfo) { 128 switch (ctinfo) {
129 case IP_CT_RELATED: 129 case IP_CT_RELATED:
130 case IP_CT_RELATED+IP_CT_IS_REPLY: 130 case IP_CT_RELATED+IP_CT_IS_REPLY:
131 if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) { 131 if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP) {
132 if (!ip_nat_icmp_reply_translation(ct, ctinfo, 132 if (!ip_nat_icmp_reply_translation(ct, ctinfo,
133 hooknum, pskb)) 133 hooknum, pskb))
134 return NF_DROP; 134 return NF_DROP;
@@ -184,11 +184,11 @@ ip_nat_in(unsigned int hooknum,
184 int (*okfn)(struct sk_buff *)) 184 int (*okfn)(struct sk_buff *))
185{ 185{
186 unsigned int ret; 186 unsigned int ret;
187 __be32 daddr = (*pskb)->nh.iph->daddr; 187 __be32 daddr = ip_hdr(*pskb)->daddr;
188 188
189 ret = ip_nat_fn(hooknum, pskb, in, out, okfn); 189 ret = ip_nat_fn(hooknum, pskb, in, out, okfn);
190 if (ret != NF_DROP && ret != NF_STOLEN 190 if (ret != NF_DROP && ret != NF_STOLEN
191 && daddr != (*pskb)->nh.iph->daddr) { 191 && daddr != ip_hdr(*pskb)->daddr) {
192 dst_release((*pskb)->dst); 192 dst_release((*pskb)->dst);
193 (*pskb)->dst = NULL; 193 (*pskb)->dst = NULL;
194 } 194 }
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index f66966650212..39ab8ae282e2 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -231,7 +231,7 @@ ipt_do_table(struct sk_buff **pskb,
231 struct xt_table_info *private; 231 struct xt_table_info *private;
232 232
233 /* Initialization */ 233 /* Initialization */
234 ip = (*pskb)->nh.iph; 234 ip = ip_hdr(*pskb);
235 datalen = (*pskb)->len - ip->ihl * 4; 235 datalen = (*pskb)->len - ip->ihl * 4;
236 indev = in ? in->name : nulldevname; 236 indev = in ? in->name : nulldevname;
237 outdev = out ? out->name : nulldevname; 237 outdev = out ? out->name : nulldevname;
@@ -320,7 +320,7 @@ ipt_do_table(struct sk_buff **pskb,
320 = 0x57acc001; 320 = 0x57acc001;
321#endif 321#endif
322 /* Target might have changed stuff. */ 322 /* Target might have changed stuff. */
323 ip = (*pskb)->nh.iph; 323 ip = ip_hdr(*pskb);
324 datalen = (*pskb)->len - ip->ihl * 4; 324 datalen = (*pskb)->len - ip->ihl * 4;
325 325
326 if (verdict == IPT_CONTINUE) 326 if (verdict == IPT_CONTINUE)
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 42b08029e867..af5b82b8ceb7 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -240,7 +240,7 @@ clusterip_del_node(struct clusterip_config *c, u_int16_t nodenum)
240static inline u_int32_t 240static inline u_int32_t
241clusterip_hashfn(struct sk_buff *skb, struct clusterip_config *config) 241clusterip_hashfn(struct sk_buff *skb, struct clusterip_config *config)
242{ 242{
243 struct iphdr *iph = skb->nh.iph; 243 struct iphdr *iph = ip_hdr(skb);
244 unsigned long hashval; 244 unsigned long hashval;
245 u_int16_t sport, dport; 245 u_int16_t sport, dport;
246 u_int16_t *ports; 246 u_int16_t *ports;
@@ -328,7 +328,7 @@ target(struct sk_buff **pskb,
328 328
329 /* special case: ICMP error handling. conntrack distinguishes between 329 /* special case: ICMP error handling. conntrack distinguishes between
330 * error messages (RELATED) and information requests (see below) */ 330 * error messages (RELATED) and information requests (see below) */
331 if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP 331 if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP
332 && (ctinfo == IP_CT_RELATED 332 && (ctinfo == IP_CT_RELATED
333 || ctinfo == IP_CT_RELATED+IP_CT_IS_REPLY)) 333 || ctinfo == IP_CT_RELATED+IP_CT_IS_REPLY))
334 return XT_CONTINUE; 334 return XT_CONTINUE;
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c
index 44daf9e1da35..97c0e53c8b22 100644
--- a/net/ipv4/netfilter/ipt_ECN.c
+++ b/net/ipv4/netfilter/ipt_ECN.c
@@ -30,13 +30,13 @@ MODULE_DESCRIPTION("iptables ECN modification module");
30static inline int 30static inline int
31set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) 31set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
32{ 32{
33 struct iphdr *iph = (*pskb)->nh.iph; 33 struct iphdr *iph = ip_hdr(*pskb);
34 34
35 if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) { 35 if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) {
36 __u8 oldtos; 36 __u8 oldtos;
37 if (!skb_make_writable(pskb, sizeof(struct iphdr))) 37 if (!skb_make_writable(pskb, sizeof(struct iphdr)))
38 return 0; 38 return 0;
39 iph = (*pskb)->nh.iph; 39 iph = ip_hdr(*pskb);
40 oldtos = iph->tos; 40 oldtos = iph->tos;
41 iph->tos &= ~IPT_ECN_IP_MASK; 41 iph->tos &= ~IPT_ECN_IP_MASK;
42 iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK); 42 iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK);
@@ -66,7 +66,7 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
66 66
67 if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph))) 67 if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph)))
68 return 0; 68 return 0;
69 tcph = (void *)(*pskb)->nh.iph + ip_hdrlen(*pskb); 69 tcph = (void *)ip_hdr(*pskb) + ip_hdrlen(*pskb);
70 70
71 oldval = ((__be16 *)tcph)[6]; 71 oldval = ((__be16 *)tcph)[6];
72 if (einfo->operation & IPT_ECN_OP_SET_ECE) 72 if (einfo->operation & IPT_ECN_OP_SET_ECE)
@@ -94,7 +94,7 @@ target(struct sk_buff **pskb,
94 return NF_DROP; 94 return NF_DROP;
95 95
96 if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR) 96 if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR)
97 && (*pskb)->nh.iph->protocol == IPPROTO_TCP) 97 && ip_hdr(*pskb)->protocol == IPPROTO_TCP)
98 if (!set_ect_tcp(pskb, einfo)) 98 if (!set_ect_tcp(pskb, einfo))
99 return NF_DROP; 99 return NF_DROP;
100 100
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
index fd7aaa347cd8..d03f165722da 100644
--- a/net/ipv4/netfilter/ipt_NETMAP.c
+++ b/net/ipv4/netfilter/ipt_NETMAP.c
@@ -75,9 +75,9 @@ target(struct sk_buff **pskb,
75 netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip); 75 netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
76 76
77 if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT) 77 if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT)
78 new_ip = (*pskb)->nh.iph->daddr & ~netmask; 78 new_ip = ip_hdr(*pskb)->daddr & ~netmask;
79 else 79 else
80 new_ip = (*pskb)->nh.iph->saddr & ~netmask; 80 new_ip = ip_hdr(*pskb)->saddr & ~netmask;
81 new_ip |= mr->range[0].min_ip & netmask; 81 new_ip |= mr->range[0].min_ip & netmask;
82 82
83 newrange = ((struct ip_nat_range) 83 newrange = ((struct ip_nat_range)
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index 01c04f0e5c91..1399e7c183ba 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -43,6 +43,7 @@ MODULE_DESCRIPTION("iptables REJECT target module");
43static void send_reset(struct sk_buff *oldskb, int hook) 43static void send_reset(struct sk_buff *oldskb, int hook)
44{ 44{
45 struct sk_buff *nskb; 45 struct sk_buff *nskb;
46 struct iphdr *niph;
46 struct tcphdr _otcph, *oth, *tcph; 47 struct tcphdr _otcph, *oth, *tcph;
47 __be16 tmp_port; 48 __be16 tmp_port;
48 __be32 tmp_addr; 49 __be32 tmp_addr;
@@ -50,7 +51,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
50 unsigned int addr_type; 51 unsigned int addr_type;
51 52
52 /* IP header checks: fragment. */ 53 /* IP header checks: fragment. */
53 if (oldskb->nh.iph->frag_off & htons(IP_OFFSET)) 54 if (ip_hdr(oldskb)->frag_off & htons(IP_OFFSET))
54 return; 55 return;
55 56
56 oth = skb_header_pointer(oldskb, ip_hdrlen(oldskb), 57 oth = skb_header_pointer(oldskb, ip_hdrlen(oldskb),
@@ -86,9 +87,10 @@ static void send_reset(struct sk_buff *oldskb, int hook)
86 tcph = (struct tcphdr *)(skb_network_header(nskb) + ip_hdrlen(nskb)); 87 tcph = (struct tcphdr *)(skb_network_header(nskb) + ip_hdrlen(nskb));
87 88
88 /* Swap source and dest */ 89 /* Swap source and dest */
89 tmp_addr = nskb->nh.iph->saddr; 90 niph = ip_hdr(nskb);
90 nskb->nh.iph->saddr = nskb->nh.iph->daddr; 91 tmp_addr = niph->saddr;
91 nskb->nh.iph->daddr = tmp_addr; 92 niph->saddr = niph->daddr;
93 niph->daddr = tmp_addr;
92 tmp_port = tcph->source; 94 tmp_port = tcph->source;
93 tcph->source = tcph->dest; 95 tcph->source = tcph->dest;
94 tcph->dest = tmp_port; 96 tcph->dest = tmp_port;
@@ -96,7 +98,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
96 /* Truncate to length (no data) */ 98 /* Truncate to length (no data) */
97 tcph->doff = sizeof(struct tcphdr)/4; 99 tcph->doff = sizeof(struct tcphdr)/4;
98 skb_trim(nskb, ip_hdrlen(nskb) + sizeof(struct tcphdr)); 100 skb_trim(nskb, ip_hdrlen(nskb) + sizeof(struct tcphdr));
99 nskb->nh.iph->tot_len = htons(nskb->len); 101 niph->tot_len = htons(nskb->len);
100 102
101 if (tcph->ack) { 103 if (tcph->ack) {
102 needs_ack = 0; 104 needs_ack = 0;
@@ -121,14 +123,13 @@ static void send_reset(struct sk_buff *oldskb, int hook)
121 /* Adjust TCP checksum */ 123 /* Adjust TCP checksum */
122 tcph->check = 0; 124 tcph->check = 0;
123 tcph->check = tcp_v4_check(sizeof(struct tcphdr), 125 tcph->check = tcp_v4_check(sizeof(struct tcphdr),
124 nskb->nh.iph->saddr, 126 niph->saddr, niph->daddr,
125 nskb->nh.iph->daddr,
126 csum_partial((char *)tcph, 127 csum_partial((char *)tcph,
127 sizeof(struct tcphdr), 0)); 128 sizeof(struct tcphdr), 0));
128 129
129 /* Set DF, id = 0 */ 130 /* Set DF, id = 0 */
130 nskb->nh.iph->frag_off = htons(IP_DF); 131 niph->frag_off = htons(IP_DF);
131 nskb->nh.iph->id = 0; 132 niph->id = 0;
132 133
133 addr_type = RTN_UNSPEC; 134 addr_type = RTN_UNSPEC;
134 if (hook != NF_IP_FORWARD 135 if (hook != NF_IP_FORWARD
@@ -144,12 +145,11 @@ static void send_reset(struct sk_buff *oldskb, int hook)
144 nskb->ip_summed = CHECKSUM_NONE; 145 nskb->ip_summed = CHECKSUM_NONE;
145 146
146 /* Adjust IP TTL */ 147 /* Adjust IP TTL */
147 nskb->nh.iph->ttl = dst_metric(nskb->dst, RTAX_HOPLIMIT); 148 niph->ttl = dst_metric(nskb->dst, RTAX_HOPLIMIT);
148 149
149 /* Adjust IP checksum */ 150 /* Adjust IP checksum */
150 nskb->nh.iph->check = 0; 151 niph->check = 0;
151 nskb->nh.iph->check = ip_fast_csum(skb_network_header(nskb), 152 niph->check = ip_fast_csum(skb_network_header(nskb), niph->ihl);
152 nskb->nh.iph->ihl);
153 153
154 /* "Never happens" */ 154 /* "Never happens" */
155 if (nskb->len > dst_mtu(nskb->dst)) 155 if (nskb->len > dst_mtu(nskb->dst))
diff --git a/net/ipv4/netfilter/ipt_TOS.c b/net/ipv4/netfilter/ipt_TOS.c
index cedf9f7d9d6e..0ad02f249837 100644
--- a/net/ipv4/netfilter/ipt_TOS.c
+++ b/net/ipv4/netfilter/ipt_TOS.c
@@ -29,13 +29,13 @@ target(struct sk_buff **pskb,
29 const void *targinfo) 29 const void *targinfo)
30{ 30{
31 const struct ipt_tos_target_info *tosinfo = targinfo; 31 const struct ipt_tos_target_info *tosinfo = targinfo;
32 struct iphdr *iph = (*pskb)->nh.iph; 32 struct iphdr *iph = ip_hdr(*pskb);
33 33
34 if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) { 34 if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) {
35 __u8 oldtos; 35 __u8 oldtos;
36 if (!skb_make_writable(pskb, sizeof(struct iphdr))) 36 if (!skb_make_writable(pskb, sizeof(struct iphdr)))
37 return NF_DROP; 37 return NF_DROP;
38 iph = (*pskb)->nh.iph; 38 iph = ip_hdr(*pskb);
39 oldtos = iph->tos; 39 oldtos = iph->tos;
40 iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos; 40 iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos;
41 nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos)); 41 nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos));
diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c
index 64be31c22ba9..a991ec7bd4e7 100644
--- a/net/ipv4/netfilter/ipt_TTL.c
+++ b/net/ipv4/netfilter/ipt_TTL.c
@@ -32,7 +32,7 @@ ipt_ttl_target(struct sk_buff **pskb,
32 if (!skb_make_writable(pskb, (*pskb)->len)) 32 if (!skb_make_writable(pskb, (*pskb)->len))
33 return NF_DROP; 33 return NF_DROP;
34 34
35 iph = (*pskb)->nh.iph; 35 iph = ip_hdr(*pskb);
36 36
37 switch (info->mode) { 37 switch (info->mode) {
38 case IPT_TTL_SET: 38 case IPT_TTL_SET:
diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/ipv4/netfilter/ipt_addrtype.c
index cfa0472617f6..a652a1451552 100644
--- a/net/ipv4/netfilter/ipt_addrtype.c
+++ b/net/ipv4/netfilter/ipt_addrtype.c
@@ -33,7 +33,7 @@ static int match(const struct sk_buff *skb,
33 int offset, unsigned int protoff, int *hotdrop) 33 int offset, unsigned int protoff, int *hotdrop)
34{ 34{
35 const struct ipt_addrtype_info *info = matchinfo; 35 const struct ipt_addrtype_info *info = matchinfo;
36 const struct iphdr *iph = skb->nh.iph; 36 const struct iphdr *iph = ip_hdr(skb);
37 int ret = 1; 37 int ret = 1;
38 38
39 if (info->source) 39 if (info->source)
diff --git a/net/ipv4/netfilter/ipt_ecn.c b/net/ipv4/netfilter/ipt_ecn.c
index b8ade3cc7757..3b4ca0c5c121 100644
--- a/net/ipv4/netfilter/ipt_ecn.c
+++ b/net/ipv4/netfilter/ipt_ecn.c
@@ -27,7 +27,7 @@ MODULE_LICENSE("GPL");
27static inline int match_ip(const struct sk_buff *skb, 27static inline int match_ip(const struct sk_buff *skb,
28 const struct ipt_ecn_info *einfo) 28 const struct ipt_ecn_info *einfo)
29{ 29{
30 return ((skb->nh.iph->tos&IPT_ECN_IP_MASK) == einfo->ip_ect); 30 return (ip_hdr(skb)->tos & IPT_ECN_IP_MASK) == einfo->ip_ect;
31} 31}
32 32
33static inline int match_tcp(const struct sk_buff *skb, 33static inline int match_tcp(const struct sk_buff *skb,
@@ -80,7 +80,7 @@ static int match(const struct sk_buff *skb,
80 return 0; 80 return 0;
81 81
82 if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)) { 82 if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)) {
83 if (skb->nh.iph->protocol != IPPROTO_TCP) 83 if (ip_hdr(skb)->protocol != IPPROTO_TCP)
84 return 0; 84 return 0;
85 if (!match_tcp(skb, info, hotdrop)) 85 if (!match_tcp(skb, info, hotdrop))
86 return 0; 86 return 0;
diff --git a/net/ipv4/netfilter/ipt_iprange.c b/net/ipv4/netfilter/ipt_iprange.c
index bc5d5e6091e4..33af9e940887 100644
--- a/net/ipv4/netfilter/ipt_iprange.c
+++ b/net/ipv4/netfilter/ipt_iprange.c
@@ -32,7 +32,7 @@ match(const struct sk_buff *skb,
32 int offset, unsigned int protoff, int *hotdrop) 32 int offset, unsigned int protoff, int *hotdrop)
33{ 33{
34 const struct ipt_iprange_info *info = matchinfo; 34 const struct ipt_iprange_info *info = matchinfo;
35 const struct iphdr *iph = skb->nh.iph; 35 const struct iphdr *iph = ip_hdr(skb);
36 36
37 if (info->flags & IPRANGE_SRC) { 37 if (info->flags & IPRANGE_SRC) {
38 if (((ntohl(iph->saddr) < ntohl(info->src.min_ip)) 38 if (((ntohl(iph->saddr) < ntohl(info->src.min_ip))
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c
index aecb9c48e152..15a9e8bbb7cc 100644
--- a/net/ipv4/netfilter/ipt_recent.c
+++ b/net/ipv4/netfilter/ipt_recent.c
@@ -183,11 +183,11 @@ ipt_recent_match(const struct sk_buff *skb,
183 int ret = info->invert; 183 int ret = info->invert;
184 184
185 if (info->side == IPT_RECENT_DEST) 185 if (info->side == IPT_RECENT_DEST)
186 addr = skb->nh.iph->daddr; 186 addr = ip_hdr(skb)->daddr;
187 else 187 else
188 addr = skb->nh.iph->saddr; 188 addr = ip_hdr(skb)->saddr;
189 189
190 ttl = skb->nh.iph->ttl; 190 ttl = ip_hdr(skb)->ttl;
191 /* use TTL as seen before forwarding */ 191 /* use TTL as seen before forwarding */
192 if (out && !skb->sk) 192 if (out && !skb->sk)
193 ttl++; 193 ttl++;
diff --git a/net/ipv4/netfilter/ipt_tos.c b/net/ipv4/netfilter/ipt_tos.c
index 5d33b51d49d8..d314844af12b 100644
--- a/net/ipv4/netfilter/ipt_tos.c
+++ b/net/ipv4/netfilter/ipt_tos.c
@@ -30,7 +30,7 @@ match(const struct sk_buff *skb,
30{ 30{
31 const struct ipt_tos_info *info = matchinfo; 31 const struct ipt_tos_info *info = matchinfo;
32 32
33 return (skb->nh.iph->tos == info->tos) ^ info->invert; 33 return (ip_hdr(skb)->tos == info->tos) ^ info->invert;
34} 34}
35 35
36static struct xt_match tos_match = { 36static struct xt_match tos_match = {
diff --git a/net/ipv4/netfilter/ipt_ttl.c b/net/ipv4/netfilter/ipt_ttl.c
index 1eca9f400374..9615c04a2fc6 100644
--- a/net/ipv4/netfilter/ipt_ttl.c
+++ b/net/ipv4/netfilter/ipt_ttl.c
@@ -26,19 +26,20 @@ static int match(const struct sk_buff *skb,
26 int offset, unsigned int protoff, int *hotdrop) 26 int offset, unsigned int protoff, int *hotdrop)
27{ 27{
28 const struct ipt_ttl_info *info = matchinfo; 28 const struct ipt_ttl_info *info = matchinfo;
29 const u8 ttl = ip_hdr(skb)->ttl;
29 30
30 switch (info->mode) { 31 switch (info->mode) {
31 case IPT_TTL_EQ: 32 case IPT_TTL_EQ:
32 return (skb->nh.iph->ttl == info->ttl); 33 return (ttl == info->ttl);
33 break; 34 break;
34 case IPT_TTL_NE: 35 case IPT_TTL_NE:
35 return (!(skb->nh.iph->ttl == info->ttl)); 36 return (!(ttl == info->ttl));
36 break; 37 break;
37 case IPT_TTL_LT: 38 case IPT_TTL_LT:
38 return (skb->nh.iph->ttl < info->ttl); 39 return (ttl < info->ttl);
39 break; 40 break;
40 case IPT_TTL_GT: 41 case IPT_TTL_GT:
41 return (skb->nh.iph->ttl > info->ttl); 42 return (ttl > info->ttl);
42 break; 43 break;
43 default: 44 default:
44 printk(KERN_WARNING "ipt_ttl: unknown mode %d\n", 45 printk(KERN_WARNING "ipt_ttl: unknown mode %d\n",
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index 6cc3245f676a..26e60fbe7ee0 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -131,6 +131,7 @@ ipt_local_hook(unsigned int hook,
131 int (*okfn)(struct sk_buff *)) 131 int (*okfn)(struct sk_buff *))
132{ 132{
133 unsigned int ret; 133 unsigned int ret;
134 const struct iphdr *iph;
134 u_int8_t tos; 135 u_int8_t tos;
135 __be32 saddr, daddr; 136 __be32 saddr, daddr;
136 u_int32_t mark; 137 u_int32_t mark;
@@ -145,19 +146,23 @@ ipt_local_hook(unsigned int hook,
145 146
146 /* Save things which could affect route */ 147 /* Save things which could affect route */
147 mark = (*pskb)->mark; 148 mark = (*pskb)->mark;
148 saddr = (*pskb)->nh.iph->saddr; 149 iph = ip_hdr(*pskb);
149 daddr = (*pskb)->nh.iph->daddr; 150 saddr = iph->saddr;
150 tos = (*pskb)->nh.iph->tos; 151 daddr = iph->daddr;
152 tos = iph->tos;
151 153
152 ret = ipt_do_table(pskb, hook, in, out, &packet_mangler); 154 ret = ipt_do_table(pskb, hook, in, out, &packet_mangler);
153 /* Reroute for ANY change. */ 155 /* Reroute for ANY change. */
154 if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE 156 if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) {
155 && ((*pskb)->nh.iph->saddr != saddr 157 iph = ip_hdr(*pskb);
156 || (*pskb)->nh.iph->daddr != daddr 158
157 || (*pskb)->mark != mark 159 if (iph->saddr != saddr ||
158 || (*pskb)->nh.iph->tos != tos)) 160 iph->daddr != daddr ||
159 if (ip_route_me_harder(pskb, RTN_UNSPEC)) 161 (*pskb)->mark != mark ||
160 ret = NF_DROP; 162 iph->tos != tos)
163 if (ip_route_me_harder(pskb, RTN_UNSPEC))
164 ret = NF_DROP;
165 }
161 166
162 return ret; 167 return ret;
163} 168}
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index fa14eb77f9b6..d52ca0c1ce8d 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -87,7 +87,7 @@ nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
87 local_bh_enable(); 87 local_bh_enable();
88 88
89 if (skb) 89 if (skb)
90 ip_send_check(skb->nh.iph); 90 ip_send_check(ip_hdr(skb));
91 91
92 return skb; 92 return skb;
93} 93}
@@ -97,16 +97,16 @@ ipv4_prepare(struct sk_buff **pskb, unsigned int hooknum, unsigned int *dataoff,
97 u_int8_t *protonum) 97 u_int8_t *protonum)
98{ 98{
99 /* Never happen */ 99 /* Never happen */
100 if ((*pskb)->nh.iph->frag_off & htons(IP_OFFSET)) { 100 if (ip_hdr(*pskb)->frag_off & htons(IP_OFFSET)) {
101 if (net_ratelimit()) { 101 if (net_ratelimit()) {
102 printk(KERN_ERR "ipv4_prepare: Frag of proto %u (hook=%u)\n", 102 printk(KERN_ERR "ipv4_prepare: Frag of proto %u (hook=%u)\n",
103 (*pskb)->nh.iph->protocol, hooknum); 103 ip_hdr(*pskb)->protocol, hooknum);
104 } 104 }
105 return -NF_DROP; 105 return -NF_DROP;
106 } 106 }
107 107
108 *dataoff = skb_network_offset(*pskb) + ip_hdrlen(*pskb); 108 *dataoff = skb_network_offset(*pskb) + ip_hdrlen(*pskb);
109 *protonum = (*pskb)->nh.iph->protocol; 109 *protonum = ip_hdr(*pskb)->protocol;
110 110
111 return NF_ACCEPT; 111 return NF_ACCEPT;
112} 112}
@@ -170,7 +170,7 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum,
170#endif 170#endif
171 171
172 /* Gather fragments. */ 172 /* Gather fragments. */
173 if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { 173 if (ip_hdr(*pskb)->frag_off & htons(IP_MF | IP_OFFSET)) {
174 *pskb = nf_ct_ipv4_gather_frags(*pskb, 174 *pskb = nf_ct_ipv4_gather_frags(*pskb,
175 hooknum == NF_IP_PRE_ROUTING ? 175 hooknum == NF_IP_PRE_ROUTING ?
176 IP_DEFRAG_CONNTRACK_IN : 176 IP_DEFRAG_CONNTRACK_IN :
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c
index 2eb3832db3a4..3c58fea0d391 100644
--- a/net/ipv4/netfilter/nf_nat_h323.c
+++ b/net/ipv4/netfilter/nf_nat_h323.c
@@ -44,7 +44,7 @@ static int set_addr(struct sk_buff **pskb,
44 buf.port = port; 44 buf.port = port;
45 addroff += dataoff; 45 addroff += dataoff;
46 46
47 if ((*pskb)->nh.iph->protocol == IPPROTO_TCP) { 47 if (ip_hdr(*pskb)->protocol == IPPROTO_TCP) {
48 if (!nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, 48 if (!nf_nat_mangle_tcp_packet(pskb, ct, ctinfo,
49 addroff, sizeof(buf), 49 addroff, sizeof(buf),
50 (char *) &buf, sizeof(buf))) { 50 (char *) &buf, sizeof(buf))) {
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c
index 723302afd840..c2c92ff12781 100644
--- a/net/ipv4/netfilter/nf_nat_helper.c
+++ b/net/ipv4/netfilter/nf_nat_helper.c
@@ -87,7 +87,7 @@ static void mangle_contents(struct sk_buff *skb,
87 unsigned char *data; 87 unsigned char *data;
88 88
89 BUG_ON(skb_is_nonlinear(skb)); 89 BUG_ON(skb_is_nonlinear(skb));
90 data = (unsigned char *)skb->nh.iph + dataoff; 90 data = skb_network_header(skb) + dataoff;
91 91
92 /* move post-replacement */ 92 /* move post-replacement */
93 memmove(data + match_offset + rep_len, 93 memmove(data + match_offset + rep_len,
@@ -111,8 +111,8 @@ static void mangle_contents(struct sk_buff *skb,
111 } 111 }
112 112
113 /* fix IP hdr checksum information */ 113 /* fix IP hdr checksum information */
114 skb->nh.iph->tot_len = htons(skb->len); 114 ip_hdr(skb)->tot_len = htons(skb->len);
115 ip_send_check(skb->nh.iph); 115 ip_send_check(ip_hdr(skb));
116} 116}
117 117
118/* Unusual, but possible case. */ 118/* Unusual, but possible case. */
@@ -166,7 +166,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb,
166 166
167 SKB_LINEAR_ASSERT(*pskb); 167 SKB_LINEAR_ASSERT(*pskb);
168 168
169 iph = (*pskb)->nh.iph; 169 iph = ip_hdr(*pskb);
170 tcph = (void *)iph + iph->ihl*4; 170 tcph = (void *)iph + iph->ihl*4;
171 171
172 oldlen = (*pskb)->len - iph->ihl*4; 172 oldlen = (*pskb)->len - iph->ihl*4;
@@ -221,7 +221,7 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb,
221 int datalen, oldlen; 221 int datalen, oldlen;
222 222
223 /* UDP helpers might accidentally mangle the wrong packet */ 223 /* UDP helpers might accidentally mangle the wrong packet */
224 iph = (*pskb)->nh.iph; 224 iph = ip_hdr(*pskb);
225 if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) + 225 if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) +
226 match_offset + match_len) 226 match_offset + match_len)
227 return 0; 227 return 0;
@@ -234,7 +234,7 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb,
234 !enlarge_skb(pskb, rep_len - match_len)) 234 !enlarge_skb(pskb, rep_len - match_len))
235 return 0; 235 return 0;
236 236
237 iph = (*pskb)->nh.iph; 237 iph = ip_hdr(*pskb);
238 udph = (void *)iph + iph->ihl*4; 238 udph = (void *)iph + iph->ihl*4;
239 239
240 oldlen = (*pskb)->len - iph->ihl*4; 240 oldlen = (*pskb)->len - iph->ihl*4;
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index 147a4370cf03..2a283397a8b6 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -191,7 +191,7 @@ static unsigned int ipt_dnat_target(struct sk_buff **pskb,
191 191
192 if (hooknum == NF_IP_LOCAL_OUT && 192 if (hooknum == NF_IP_LOCAL_OUT &&
193 mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) 193 mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)
194 warn_if_extra_mangle((*pskb)->nh.iph->daddr, 194 warn_if_extra_mangle(ip_hdr(*pskb)->daddr,
195 mr->range[0].min_ip); 195 mr->range[0].min_ip);
196 196
197 return nf_nat_setup_info(ct, &mr->range[0], hooknum); 197 return nf_nat_setup_info(ct, &mr->range[0], hooknum);
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c
index ce5c4939a6ee..0cc0d97585df 100644
--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
@@ -1194,7 +1194,7 @@ static int snmp_translate(struct nf_conn *ct,
1194 enum ip_conntrack_info ctinfo, 1194 enum ip_conntrack_info ctinfo,
1195 struct sk_buff **pskb) 1195 struct sk_buff **pskb)
1196{ 1196{
1197 struct iphdr *iph = (*pskb)->nh.iph; 1197 struct iphdr *iph = ip_hdr(*pskb);
1198 struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl); 1198 struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl);
1199 u_int16_t udplen = ntohs(udph->len); 1199 u_int16_t udplen = ntohs(udph->len);
1200 u_int16_t paylen = udplen - sizeof(struct udphdr); 1200 u_int16_t paylen = udplen - sizeof(struct udphdr);
@@ -1235,7 +1235,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff,
1235{ 1235{
1236 int dir = CTINFO2DIR(ctinfo); 1236 int dir = CTINFO2DIR(ctinfo);
1237 unsigned int ret; 1237 unsigned int ret;
1238 struct iphdr *iph = (*pskb)->nh.iph; 1238 struct iphdr *iph = ip_hdr(*pskb);
1239 struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl); 1239 struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl);
1240 1240
1241 /* SNMP replies and originating SNMP traps get mangled */ 1241 /* SNMP replies and originating SNMP traps get mangled */
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c
index 61ca272165a1..64bbed2ba780 100644
--- a/net/ipv4/netfilter/nf_nat_standalone.c
+++ b/net/ipv4/netfilter/nf_nat_standalone.c
@@ -86,8 +86,7 @@ nf_nat_fn(unsigned int hooknum,
86 86
87 /* We never see fragments: conntrack defrags on pre-routing 87 /* We never see fragments: conntrack defrags on pre-routing
88 and local-out, and nf_nat_out protects post-routing. */ 88 and local-out, and nf_nat_out protects post-routing. */
89 NF_CT_ASSERT(!((*pskb)->nh.iph->frag_off 89 NF_CT_ASSERT(!(ip_hdr(*pskb)->frag_off & htons(IP_MF | IP_OFFSET)));
90 & htons(IP_MF|IP_OFFSET)));
91 90
92 ct = nf_ct_get(*pskb, &ctinfo); 91 ct = nf_ct_get(*pskb, &ctinfo);
93 /* Can't track? It's not due to stress, or conntrack would 92 /* Can't track? It's not due to stress, or conntrack would
@@ -98,7 +97,7 @@ nf_nat_fn(unsigned int hooknum,
98 /* Exception: ICMP redirect to new connection (not in 97 /* Exception: ICMP redirect to new connection (not in
99 hash table yet). We must not let this through, in 98 hash table yet). We must not let this through, in
100 case we're doing NAT to the same network. */ 99 case we're doing NAT to the same network. */
101 if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) { 100 if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP) {
102 struct icmphdr _hdr, *hp; 101 struct icmphdr _hdr, *hp;
103 102
104 hp = skb_header_pointer(*pskb, ip_hdrlen(*pskb), 103 hp = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
@@ -121,7 +120,7 @@ nf_nat_fn(unsigned int hooknum,
121 switch (ctinfo) { 120 switch (ctinfo) {
122 case IP_CT_RELATED: 121 case IP_CT_RELATED:
123 case IP_CT_RELATED+IP_CT_IS_REPLY: 122 case IP_CT_RELATED+IP_CT_IS_REPLY:
124 if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) { 123 if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP) {
125 if (!nf_nat_icmp_reply_translation(ct, ctinfo, 124 if (!nf_nat_icmp_reply_translation(ct, ctinfo,
126 hooknum, pskb)) 125 hooknum, pskb))
127 return NF_DROP; 126 return NF_DROP;
@@ -176,11 +175,11 @@ nf_nat_in(unsigned int hooknum,
176 int (*okfn)(struct sk_buff *)) 175 int (*okfn)(struct sk_buff *))
177{ 176{
178 unsigned int ret; 177 unsigned int ret;
179 __be32 daddr = (*pskb)->nh.iph->daddr; 178 __be32 daddr = ip_hdr(*pskb)->daddr;
180 179
181 ret = nf_nat_fn(hooknum, pskb, in, out, okfn); 180 ret = nf_nat_fn(hooknum, pskb, in, out, okfn);
182 if (ret != NF_DROP && ret != NF_STOLEN && 181 if (ret != NF_DROP && ret != NF_STOLEN &&
183 daddr != (*pskb)->nh.iph->daddr) { 182 daddr != ip_hdr(*pskb)->daddr) {
184 dst_release((*pskb)->dst); 183 dst_release((*pskb)->dst);
185 (*pskb)->dst = NULL; 184 (*pskb)->dst = NULL;
186 } 185 }
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index c3757bb270ca..ac57afa7c316 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -292,7 +292,7 @@ static int raw_send_hdrinc(struct sock *sk, void *from, size_t length,
292 skb->dst = dst_clone(&rt->u.dst); 292 skb->dst = dst_clone(&rt->u.dst);
293 293
294 skb_reset_network_header(skb); 294 skb_reset_network_header(skb);
295 iph = skb->nh.iph; 295 iph = ip_hdr(skb);
296 skb_put(skb, length); 296 skb_put(skb, length);
297 297
298 skb->ip_summed = CHECKSUM_NONE; 298 skb->ip_summed = CHECKSUM_NONE;
@@ -615,7 +615,7 @@ static int raw_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
615 /* Copy the address. */ 615 /* Copy the address. */
616 if (sin) { 616 if (sin) {
617 sin->sin_family = AF_INET; 617 sin->sin_family = AF_INET;
618 sin->sin_addr.s_addr = skb->nh.iph->saddr; 618 sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
619 sin->sin_port = 0; 619 sin->sin_port = 0;
620 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero)); 620 memset(&sin->sin_zero, 0, sizeof(sin->sin_zero));
621 } 621 }
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index e50ad7dbbde8..58417393dec1 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1519,7 +1519,7 @@ static void ipv4_link_failure(struct sk_buff *skb)
1519static int ip_rt_bug(struct sk_buff *skb) 1519static int ip_rt_bug(struct sk_buff *skb)
1520{ 1520{
1521 printk(KERN_DEBUG "ip_rt_bug: %u.%u.%u.%u -> %u.%u.%u.%u, %s\n", 1521 printk(KERN_DEBUG "ip_rt_bug: %u.%u.%u.%u -> %u.%u.%u.%u, %s\n",
1522 NIPQUAD(skb->nh.iph->saddr), NIPQUAD(skb->nh.iph->daddr), 1522 NIPQUAD(ip_hdr(skb)->saddr), NIPQUAD(ip_hdr(skb)->daddr),
1523 skb->dev ? skb->dev->name : "?"); 1523 skb->dev ? skb->dev->name : "?");
1524 kfree_skb(skb); 1524 kfree_skb(skb);
1525 return 0; 1525 return 0;
@@ -2134,7 +2134,7 @@ int ip_route_input(struct sk_buff *skb, __be32 daddr, __be32 saddr,
2134 rcu_read_lock(); 2134 rcu_read_lock();
2135 if ((in_dev = __in_dev_get_rcu(dev)) != NULL) { 2135 if ((in_dev = __in_dev_get_rcu(dev)) != NULL) {
2136 int our = ip_check_mc(in_dev, daddr, saddr, 2136 int our = ip_check_mc(in_dev, daddr, saddr,
2137 skb->nh.iph->protocol); 2137 ip_hdr(skb)->protocol);
2138 if (our 2138 if (our
2139#ifdef CONFIG_IP_MROUTE 2139#ifdef CONFIG_IP_MROUTE
2140 || (!LOCAL_MCAST(daddr) && IN_DEV_MFORWARD(in_dev)) 2140 || (!LOCAL_MCAST(daddr) && IN_DEV_MFORWARD(in_dev))
@@ -2751,7 +2751,7 @@ int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg)
2751 skb_reset_network_header(skb); 2751 skb_reset_network_header(skb);
2752 2752
2753 /* Bugfix: need to give ip_route_input enough of an IP header to not gag. */ 2753 /* Bugfix: need to give ip_route_input enough of an IP header to not gag. */
2754 skb->nh.iph->protocol = IPPROTO_ICMP; 2754 ip_hdr(skb)->protocol = IPPROTO_ICMP;
2755 skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr)); 2755 skb_reserve(skb, MAX_HEADER + sizeof(struct iphdr));
2756 2756
2757 src = tb[RTA_SRC] ? nla_get_be32(tb[RTA_SRC]) : 0; 2757 src = tb[RTA_SRC] ? nla_get_be32(tb[RTA_SRC]) : 0;
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
index 33016cc90f0b..261607178491 100644
--- a/net/ipv4/syncookies.c
+++ b/net/ipv4/syncookies.c
@@ -138,7 +138,7 @@ __u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp)
138 138
139 NET_INC_STATS_BH(LINUX_MIB_SYNCOOKIESSENT); 139 NET_INC_STATS_BH(LINUX_MIB_SYNCOOKIESSENT);
140 140
141 return secure_tcp_syn_cookie(skb->nh.iph->saddr, skb->nh.iph->daddr, 141 return secure_tcp_syn_cookie(ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
142 skb->h.th->source, skb->h.th->dest, 142 skb->h.th->source, skb->h.th->dest,
143 ntohl(skb->h.th->seq), 143 ntohl(skb->h.th->seq),
144 jiffies / (HZ * 60), mssind); 144 jiffies / (HZ * 60), mssind);
@@ -162,7 +162,7 @@ static inline int cookie_check(struct sk_buff *skb, __u32 cookie)
162 162
163 seq = ntohl(skb->h.th->seq)-1; 163 seq = ntohl(skb->h.th->seq)-1;
164 mssind = check_tcp_syn_cookie(cookie, 164 mssind = check_tcp_syn_cookie(cookie,
165 skb->nh.iph->saddr, skb->nh.iph->daddr, 165 ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
166 skb->h.th->source, skb->h.th->dest, 166 skb->h.th->source, skb->h.th->dest,
167 seq, jiffies / (HZ * 60), COUNTER_TRIES); 167 seq, jiffies / (HZ * 60), COUNTER_TRIES);
168 168
@@ -224,8 +224,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
224 treq->snt_isn = cookie; 224 treq->snt_isn = cookie;
225 req->mss = mss; 225 req->mss = mss;
226 ireq->rmt_port = skb->h.th->source; 226 ireq->rmt_port = skb->h.th->source;
227 ireq->loc_addr = skb->nh.iph->daddr; 227 ireq->loc_addr = ip_hdr(skb)->daddr;
228 ireq->rmt_addr = skb->nh.iph->saddr; 228 ireq->rmt_addr = ip_hdr(skb)->saddr;
229 ireq->opt = NULL; 229 ireq->opt = NULL;
230 230
231 /* We throwed the options of the initial SYN away, so we hope 231 /* We throwed the options of the initial SYN away, so we hope
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 3326681b8429..3a86d6b887ac 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -125,8 +125,8 @@ void tcp_unhash(struct sock *sk)
125 125
126static inline __u32 tcp_v4_init_sequence(struct sk_buff *skb) 126static inline __u32 tcp_v4_init_sequence(struct sk_buff *skb)
127{ 127{
128 return secure_tcp_sequence_number(skb->nh.iph->daddr, 128 return secure_tcp_sequence_number(ip_hdr(skb)->daddr,
129 skb->nh.iph->saddr, 129 ip_hdr(skb)->saddr,
130 skb->h.th->dest, 130 skb->h.th->dest,
131 skb->h.th->source); 131 skb->h.th->source);
132} 132}
@@ -515,13 +515,13 @@ void tcp_v4_send_check(struct sock *sk, int len, struct sk_buff *skb)
515 515
516int tcp_v4_gso_send_check(struct sk_buff *skb) 516int tcp_v4_gso_send_check(struct sk_buff *skb)
517{ 517{
518 struct iphdr *iph; 518 const struct iphdr *iph;
519 struct tcphdr *th; 519 struct tcphdr *th;
520 520
521 if (!pskb_may_pull(skb, sizeof(*th))) 521 if (!pskb_may_pull(skb, sizeof(*th)))
522 return -EINVAL; 522 return -EINVAL;
523 523
524 iph = skb->nh.iph; 524 iph = ip_hdr(skb);
525 th = skb->h.th; 525 th = skb->h.th;
526 526
527 th->check = 0; 527 th->check = 0;
@@ -585,7 +585,7 @@ static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
585 arg.iov[0].iov_len = sizeof(rep.th); 585 arg.iov[0].iov_len = sizeof(rep.th);
586 586
587#ifdef CONFIG_TCP_MD5SIG 587#ifdef CONFIG_TCP_MD5SIG
588 key = sk ? tcp_v4_md5_do_lookup(sk, skb->nh.iph->daddr) : NULL; 588 key = sk ? tcp_v4_md5_do_lookup(sk, ip_hdr(skb)->daddr) : NULL;
589 if (key) { 589 if (key) {
590 rep.opt[0] = htonl((TCPOPT_NOP << 24) | 590 rep.opt[0] = htonl((TCPOPT_NOP << 24) |
591 (TCPOPT_NOP << 16) | 591 (TCPOPT_NOP << 16) |
@@ -597,14 +597,14 @@ static void tcp_v4_send_reset(struct sock *sk, struct sk_buff *skb)
597 597
598 tcp_v4_do_calc_md5_hash((__u8 *)&rep.opt[1], 598 tcp_v4_do_calc_md5_hash((__u8 *)&rep.opt[1],
599 key, 599 key,
600 skb->nh.iph->daddr, 600 ip_hdr(skb)->daddr,
601 skb->nh.iph->saddr, 601 ip_hdr(skb)->saddr,
602 &rep.th, IPPROTO_TCP, 602 &rep.th, IPPROTO_TCP,
603 arg.iov[0].iov_len); 603 arg.iov[0].iov_len);
604 } 604 }
605#endif 605#endif
606 arg.csum = csum_tcpudp_nofold(skb->nh.iph->daddr, 606 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
607 skb->nh.iph->saddr, /* XXX */ 607 ip_hdr(skb)->saddr, /* XXX */
608 sizeof(struct tcphdr), IPPROTO_TCP, 0); 608 sizeof(struct tcphdr), IPPROTO_TCP, 0);
609 arg.csumoffset = offsetof(struct tcphdr, check) / 2; 609 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
610 610
@@ -670,7 +670,7 @@ static void tcp_v4_send_ack(struct tcp_timewait_sock *twsk,
670 * skb->sk) holds true, but we program defensively. 670 * skb->sk) holds true, but we program defensively.
671 */ 671 */
672 if (!twsk && skb->sk) { 672 if (!twsk && skb->sk) {
673 key = tcp_v4_md5_do_lookup(skb->sk, skb->nh.iph->daddr); 673 key = tcp_v4_md5_do_lookup(skb->sk, ip_hdr(skb)->daddr);
674 } else if (twsk && twsk->tw_md5_keylen) { 674 } else if (twsk && twsk->tw_md5_keylen) {
675 tw_key.key = twsk->tw_md5_key; 675 tw_key.key = twsk->tw_md5_key;
676 tw_key.keylen = twsk->tw_md5_keylen; 676 tw_key.keylen = twsk->tw_md5_keylen;
@@ -690,14 +690,14 @@ static void tcp_v4_send_ack(struct tcp_timewait_sock *twsk,
690 690
691 tcp_v4_do_calc_md5_hash((__u8 *)&rep.opt[offset], 691 tcp_v4_do_calc_md5_hash((__u8 *)&rep.opt[offset],
692 key, 692 key,
693 skb->nh.iph->daddr, 693 ip_hdr(skb)->daddr,
694 skb->nh.iph->saddr, 694 ip_hdr(skb)->saddr,
695 &rep.th, IPPROTO_TCP, 695 &rep.th, IPPROTO_TCP,
696 arg.iov[0].iov_len); 696 arg.iov[0].iov_len);
697 } 697 }
698#endif 698#endif
699 arg.csum = csum_tcpudp_nofold(skb->nh.iph->daddr, 699 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
700 skb->nh.iph->saddr, /* XXX */ 700 ip_hdr(skb)->saddr, /* XXX */
701 arg.iov[0].iov_len, IPPROTO_TCP, 0); 701 arg.iov[0].iov_len, IPPROTO_TCP, 0);
702 arg.csumoffset = offsetof(struct tcphdr, check) / 2; 702 arg.csumoffset = offsetof(struct tcphdr, check) / 2;
703 703
@@ -1133,7 +1133,7 @@ static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb)
1133 */ 1133 */
1134 __u8 *hash_location = NULL; 1134 __u8 *hash_location = NULL;
1135 struct tcp_md5sig_key *hash_expected; 1135 struct tcp_md5sig_key *hash_expected;
1136 struct iphdr *iph = skb->nh.iph; 1136 const struct iphdr *iph = ip_hdr(skb);
1137 struct tcphdr *th = skb->h.th; 1137 struct tcphdr *th = skb->h.th;
1138 int length = (th->doff << 2) - sizeof(struct tcphdr); 1138 int length = (th->doff << 2) - sizeof(struct tcphdr);
1139 int genhash; 1139 int genhash;
@@ -1251,8 +1251,8 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1251 struct inet_request_sock *ireq; 1251 struct inet_request_sock *ireq;
1252 struct tcp_options_received tmp_opt; 1252 struct tcp_options_received tmp_opt;
1253 struct request_sock *req; 1253 struct request_sock *req;
1254 __be32 saddr = skb->nh.iph->saddr; 1254 __be32 saddr = ip_hdr(skb)->saddr;
1255 __be32 daddr = skb->nh.iph->daddr; 1255 __be32 daddr = ip_hdr(skb)->daddr;
1256 __u32 isn = TCP_SKB_CB(skb)->when; 1256 __u32 isn = TCP_SKB_CB(skb)->when;
1257 struct dst_entry *dst = NULL; 1257 struct dst_entry *dst = NULL;
1258#ifdef CONFIG_SYN_COOKIES 1258#ifdef CONFIG_SYN_COOKIES
@@ -1439,7 +1439,7 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1439 newinet->opt = ireq->opt; 1439 newinet->opt = ireq->opt;
1440 ireq->opt = NULL; 1440 ireq->opt = NULL;
1441 newinet->mc_index = inet_iif(skb); 1441 newinet->mc_index = inet_iif(skb);
1442 newinet->mc_ttl = skb->nh.iph->ttl; 1442 newinet->mc_ttl = ip_hdr(skb)->ttl;
1443 inet_csk(newsk)->icsk_ext_hdr_len = 0; 1443 inet_csk(newsk)->icsk_ext_hdr_len = 0;
1444 if (newinet->opt) 1444 if (newinet->opt)
1445 inet_csk(newsk)->icsk_ext_hdr_len = newinet->opt->optlen; 1445 inet_csk(newsk)->icsk_ext_hdr_len = newinet->opt->optlen;
@@ -1482,7 +1482,7 @@ exit:
1482static struct sock *tcp_v4_hnd_req(struct sock *sk, struct sk_buff *skb) 1482static struct sock *tcp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
1483{ 1483{
1484 struct tcphdr *th = skb->h.th; 1484 struct tcphdr *th = skb->h.th;
1485 struct iphdr *iph = skb->nh.iph; 1485 const struct iphdr *iph = ip_hdr(skb);
1486 struct sock *nsk; 1486 struct sock *nsk;
1487 struct request_sock **prev; 1487 struct request_sock **prev;
1488 /* Find possible connection requests. */ 1488 /* Find possible connection requests. */
@@ -1491,9 +1491,8 @@ static struct sock *tcp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
1491 if (req) 1491 if (req)
1492 return tcp_check_req(sk, skb, req, prev); 1492 return tcp_check_req(sk, skb, req, prev);
1493 1493
1494 nsk = inet_lookup_established(&tcp_hashinfo, skb->nh.iph->saddr, 1494 nsk = inet_lookup_established(&tcp_hashinfo, iph->saddr, th->source,
1495 th->source, skb->nh.iph->daddr, 1495 iph->daddr, th->dest, inet_iif(skb));
1496 th->dest, inet_iif(skb));
1497 1496
1498 if (nsk) { 1497 if (nsk) {
1499 if (nsk->sk_state != TCP_TIME_WAIT) { 1498 if (nsk->sk_state != TCP_TIME_WAIT) {
@@ -1513,15 +1512,17 @@ static struct sock *tcp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
1513 1512
1514static __sum16 tcp_v4_checksum_init(struct sk_buff *skb) 1513static __sum16 tcp_v4_checksum_init(struct sk_buff *skb)
1515{ 1514{
1515 const struct iphdr *iph = ip_hdr(skb);
1516
1516 if (skb->ip_summed == CHECKSUM_COMPLETE) { 1517 if (skb->ip_summed == CHECKSUM_COMPLETE) {
1517 if (!tcp_v4_check(skb->len, skb->nh.iph->saddr, 1518 if (!tcp_v4_check(skb->len, iph->saddr,
1518 skb->nh.iph->daddr, skb->csum)) { 1519 iph->daddr, skb->csum)) {
1519 skb->ip_summed = CHECKSUM_UNNECESSARY; 1520 skb->ip_summed = CHECKSUM_UNNECESSARY;
1520 return 0; 1521 return 0;
1521 } 1522 }
1522 } 1523 }
1523 1524
1524 skb->csum = csum_tcpudp_nofold(skb->nh.iph->saddr, skb->nh.iph->daddr, 1525 skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
1525 skb->len, IPPROTO_TCP, 0); 1526 skb->len, IPPROTO_TCP, 0);
1526 1527
1527 if (skb->len <= 76) { 1528 if (skb->len <= 76) {
@@ -1610,6 +1611,7 @@ csum_err:
1610 1611
1611int tcp_v4_rcv(struct sk_buff *skb) 1612int tcp_v4_rcv(struct sk_buff *skb)
1612{ 1613{
1614 const struct iphdr *iph;
1613 struct tcphdr *th; 1615 struct tcphdr *th;
1614 struct sock *sk; 1616 struct sock *sk;
1615 int ret; 1617 int ret;
@@ -1639,18 +1641,17 @@ int tcp_v4_rcv(struct sk_buff *skb)
1639 goto bad_packet; 1641 goto bad_packet;
1640 1642
1641 th = skb->h.th; 1643 th = skb->h.th;
1644 iph = ip_hdr(skb);
1642 TCP_SKB_CB(skb)->seq = ntohl(th->seq); 1645 TCP_SKB_CB(skb)->seq = ntohl(th->seq);
1643 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin + 1646 TCP_SKB_CB(skb)->end_seq = (TCP_SKB_CB(skb)->seq + th->syn + th->fin +
1644 skb->len - th->doff * 4); 1647 skb->len - th->doff * 4);
1645 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq); 1648 TCP_SKB_CB(skb)->ack_seq = ntohl(th->ack_seq);
1646 TCP_SKB_CB(skb)->when = 0; 1649 TCP_SKB_CB(skb)->when = 0;
1647 TCP_SKB_CB(skb)->flags = skb->nh.iph->tos; 1650 TCP_SKB_CB(skb)->flags = iph->tos;
1648 TCP_SKB_CB(skb)->sacked = 0; 1651 TCP_SKB_CB(skb)->sacked = 0;
1649 1652
1650 sk = __inet_lookup(&tcp_hashinfo, skb->nh.iph->saddr, th->source, 1653 sk = __inet_lookup(&tcp_hashinfo, iph->saddr, th->source,
1651 skb->nh.iph->daddr, th->dest, 1654 iph->daddr, th->dest, inet_iif(skb));
1652 inet_iif(skb));
1653
1654 if (!sk) 1655 if (!sk)
1655 goto no_tcp_socket; 1656 goto no_tcp_socket;
1656 1657
@@ -1724,8 +1725,7 @@ do_time_wait:
1724 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { 1725 switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
1725 case TCP_TW_SYN: { 1726 case TCP_TW_SYN: {
1726 struct sock *sk2 = inet_lookup_listener(&tcp_hashinfo, 1727 struct sock *sk2 = inet_lookup_listener(&tcp_hashinfo,
1727 skb->nh.iph->daddr, 1728 iph->daddr, th->dest,
1728 th->dest,
1729 inet_iif(skb)); 1729 inet_iif(skb));
1730 if (sk2) { 1730 if (sk2) {
1731 inet_twsk_deschedule(inet_twsk(sk), &tcp_death_row); 1731 inet_twsk_deschedule(inet_twsk(sk), &tcp_death_row);
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 1bbf5510cf3a..b4cad50c18e9 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -867,7 +867,7 @@ try_again:
867 { 867 {
868 sin->sin_family = AF_INET; 868 sin->sin_family = AF_INET;
869 sin->sin_port = skb->h.uh->source; 869 sin->sin_port = skb->h.uh->source;
870 sin->sin_addr.s_addr = skb->nh.iph->saddr; 870 sin->sin_addr.s_addr = ip_hdr(skb)->saddr;
871 memset(sin->sin_zero, 0, sizeof(sin->sin_zero)); 871 memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
872 } 872 }
873 if (inet->cmsg_flags) 873 if (inet->cmsg_flags)
@@ -990,7 +990,7 @@ static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
990 return 0; 990 return 0;
991 991
992 /* Now we can update and verify the packet length... */ 992 /* Now we can update and verify the packet length... */
993 iph = skb->nh.iph; 993 iph = ip_hdr(skb);
994 iphlen = iph->ihl << 2; 994 iphlen = iph->ihl << 2;
995 iph->tot_len = htons(ntohs(iph->tot_len) - len); 995 iph->tot_len = htons(ntohs(iph->tot_len) - len);
996 if (skb->len < iphlen + len) { 996 if (skb->len < iphlen + len) {
@@ -1168,6 +1168,7 @@ static int __udp4_lib_mcast_deliver(struct sk_buff *skb,
1168static inline int udp4_csum_init(struct sk_buff *skb, struct udphdr *uh, 1168static inline int udp4_csum_init(struct sk_buff *skb, struct udphdr *uh,
1169 int proto) 1169 int proto)
1170{ 1170{
1171 const struct iphdr *iph;
1171 int err; 1172 int err;
1172 1173
1173 UDP_SKB_CB(skb)->partial_cov = 0; 1174 UDP_SKB_CB(skb)->partial_cov = 0;
@@ -1179,16 +1180,16 @@ static inline int udp4_csum_init(struct sk_buff *skb, struct udphdr *uh,
1179 return err; 1180 return err;
1180 } 1181 }
1181 1182
1183 iph = ip_hdr(skb);
1182 if (uh->check == 0) { 1184 if (uh->check == 0) {
1183 skb->ip_summed = CHECKSUM_UNNECESSARY; 1185 skb->ip_summed = CHECKSUM_UNNECESSARY;
1184 } else if (skb->ip_summed == CHECKSUM_COMPLETE) { 1186 } else if (skb->ip_summed == CHECKSUM_COMPLETE) {
1185 if (!csum_tcpudp_magic(skb->nh.iph->saddr, skb->nh.iph->daddr, 1187 if (!csum_tcpudp_magic(iph->saddr, iph->daddr, skb->len,
1186 skb->len, proto, skb->csum)) 1188 proto, skb->csum))
1187 skb->ip_summed = CHECKSUM_UNNECESSARY; 1189 skb->ip_summed = CHECKSUM_UNNECESSARY;
1188 } 1190 }
1189 if (skb->ip_summed != CHECKSUM_UNNECESSARY) 1191 if (skb->ip_summed != CHECKSUM_UNNECESSARY)
1190 skb->csum = csum_tcpudp_nofold(skb->nh.iph->saddr, 1192 skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr,
1191 skb->nh.iph->daddr,
1192 skb->len, proto, 0); 1193 skb->len, proto, 0);
1193 /* Probably, we should checksum udp header (it should be in cache 1194 /* Probably, we should checksum udp header (it should be in cache
1194 * in any case) and data in tiny packets (< rx copybreak). 1195 * in any case) and data in tiny packets (< rx copybreak).
@@ -1208,8 +1209,8 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
1208 struct udphdr *uh = skb->h.uh; 1209 struct udphdr *uh = skb->h.uh;
1209 unsigned short ulen; 1210 unsigned short ulen;
1210 struct rtable *rt = (struct rtable*)skb->dst; 1211 struct rtable *rt = (struct rtable*)skb->dst;
1211 __be32 saddr = skb->nh.iph->saddr; 1212 __be32 saddr = ip_hdr(skb)->saddr;
1212 __be32 daddr = skb->nh.iph->daddr; 1213 __be32 daddr = ip_hdr(skb)->daddr;
1213 1214
1214 /* 1215 /*
1215 * Validate the packet. 1216 * Validate the packet.
diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c
index d89969c502dd..5ceca951d73f 100644
--- a/net/ipv4/xfrm4_input.c
+++ b/net/ipv4/xfrm4_input.c
@@ -28,7 +28,7 @@ static int xfrm4_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32
28 switch (nexthdr) { 28 switch (nexthdr) {
29 case IPPROTO_IPIP: 29 case IPPROTO_IPIP:
30 case IPPROTO_IPV6: 30 case IPPROTO_IPV6:
31 *spi = skb->nh.iph->saddr; 31 *spi = ip_hdr(skb)->saddr;
32 *seq = 0; 32 *seq = 0;
33 return 0; 33 return 0;
34 } 34 }
@@ -39,9 +39,9 @@ static int xfrm4_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32
39#ifdef CONFIG_NETFILTER 39#ifdef CONFIG_NETFILTER
40static inline int xfrm4_rcv_encap_finish(struct sk_buff *skb) 40static inline int xfrm4_rcv_encap_finish(struct sk_buff *skb)
41{ 41{
42 struct iphdr *iph = skb->nh.iph;
43
44 if (skb->dst == NULL) { 42 if (skb->dst == NULL) {
43 const struct iphdr *iph = ip_hdr(skb);
44
45 if (ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, 45 if (ip_route_input(skb, iph->daddr, iph->saddr, iph->tos,
46 skb->dev)) 46 skb->dev))
47 goto drop; 47 goto drop;
@@ -55,18 +55,18 @@ drop:
55 55
56int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type) 56int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type)
57{ 57{
58 int err;
59 __be32 spi, seq; 58 __be32 spi, seq;
60 struct xfrm_state *xfrm_vec[XFRM_MAX_DEPTH]; 59 struct xfrm_state *xfrm_vec[XFRM_MAX_DEPTH];
61 struct xfrm_state *x; 60 struct xfrm_state *x;
62 int xfrm_nr = 0; 61 int xfrm_nr = 0;
63 int decaps = 0; 62 int decaps = 0;
63 int err = xfrm4_parse_spi(skb, ip_hdr(skb)->protocol, &spi, &seq);
64 64
65 if ((err = xfrm4_parse_spi(skb, skb->nh.iph->protocol, &spi, &seq)) != 0) 65 if (err != 0)
66 goto drop; 66 goto drop;
67 67
68 do { 68 do {
69 struct iphdr *iph = skb->nh.iph; 69 const struct iphdr *iph = ip_hdr(skb);
70 70
71 if (xfrm_nr == XFRM_MAX_DEPTH) 71 if (xfrm_nr == XFRM_MAX_DEPTH)
72 goto drop; 72 goto drop;
@@ -113,7 +113,8 @@ int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type)
113 break; 113 break;
114 } 114 }
115 115
116 if ((err = xfrm_parse_spi(skb, skb->nh.iph->protocol, &spi, &seq)) < 0) 116 err = xfrm_parse_spi(skb, ip_hdr(skb)->protocol, &spi, &seq);
117 if (err < 0)
117 goto drop; 118 goto drop;
118 } while (!err); 119 } while (!err);
119 120
@@ -147,14 +148,14 @@ int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type)
147 } else { 148 } else {
148#ifdef CONFIG_NETFILTER 149#ifdef CONFIG_NETFILTER
149 __skb_push(skb, skb->data - skb_network_header(skb)); 150 __skb_push(skb, skb->data - skb_network_header(skb));
150 skb->nh.iph->tot_len = htons(skb->len); 151 ip_hdr(skb)->tot_len = htons(skb->len);
151 ip_send_check(skb->nh.iph); 152 ip_send_check(ip_hdr(skb));
152 153
153 NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL, 154 NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL,
154 xfrm4_rcv_encap_finish); 155 xfrm4_rcv_encap_finish);
155 return 0; 156 return 0;
156#else 157#else
157 return -skb->nh.iph->protocol; 158 return -ip_hdr(skb)->protocol;
158#endif 159#endif
159 } 160 }
160 161
diff --git a/net/ipv4/xfrm4_mode_beet.c b/net/ipv4/xfrm4_mode_beet.c
index 505fca034a1f..9e5ba12c6c75 100644
--- a/net/ipv4/xfrm4_mode_beet.c
+++ b/net/ipv4/xfrm4_mode_beet.c
@@ -32,8 +32,8 @@ static int xfrm4_beet_output(struct xfrm_state *x, struct sk_buff *skb)
32 struct iphdr *iph, *top_iph = NULL; 32 struct iphdr *iph, *top_iph = NULL;
33 int hdrlen, optlen; 33 int hdrlen, optlen;
34 34
35 iph = skb->nh.iph; 35 iph = ip_hdr(skb);
36 skb->h.ipiph = iph; 36 skb->h.raw = skb->nh.raw;
37 37
38 hdrlen = 0; 38 hdrlen = 0;
39 optlen = iph->ihl * 4 - sizeof(*iph); 39 optlen = iph->ihl * 4 - sizeof(*iph);
@@ -42,7 +42,7 @@ static int xfrm4_beet_output(struct xfrm_state *x, struct sk_buff *skb)
42 42
43 skb_push(skb, x->props.header_len + hdrlen); 43 skb_push(skb, x->props.header_len + hdrlen);
44 skb_reset_network_header(skb); 44 skb_reset_network_header(skb);
45 top_iph = skb->nh.iph; 45 top_iph = ip_hdr(skb);
46 skb->h.raw += sizeof(*iph) - hdrlen; 46 skb->h.raw += sizeof(*iph) - hdrlen;
47 47
48 memmove(top_iph, iph, sizeof(*iph)); 48 memmove(top_iph, iph, sizeof(*iph));
@@ -70,7 +70,7 @@ static int xfrm4_beet_output(struct xfrm_state *x, struct sk_buff *skb)
70 70
71static int xfrm4_beet_input(struct xfrm_state *x, struct sk_buff *skb) 71static int xfrm4_beet_input(struct xfrm_state *x, struct sk_buff *skb)
72{ 72{
73 struct iphdr *iph = skb->nh.iph; 73 struct iphdr *iph = ip_hdr(skb);
74 int phlen = 0; 74 int phlen = 0;
75 int optlen = 0; 75 int optlen = 0;
76 __u8 ph_nexthdr = 0, protocol = 0; 76 __u8 ph_nexthdr = 0, protocol = 0;
@@ -102,7 +102,7 @@ static int xfrm4_beet_input(struct xfrm_state *x, struct sk_buff *skb)
102 skb->h.raw = skb->data + (phlen + optlen); 102 skb->h.raw = skb->data + (phlen + optlen);
103 skb->data = skb->h.raw; 103 skb->data = skb->h.raw;
104 104
105 iph = skb->nh.iph; 105 iph = ip_hdr(skb);
106 iph->ihl = (sizeof(*iph) + optlen) / 4; 106 iph->ihl = (sizeof(*iph) + optlen) / 4;
107 iph->tot_len = htons(skb->len + iph->ihl * 4); 107 iph->tot_len = htons(skb->len + iph->ihl * 4);
108 iph->daddr = x->sel.daddr.a4; 108 iph->daddr = x->sel.daddr.a4;
diff --git a/net/ipv4/xfrm4_mode_transport.c b/net/ipv4/xfrm4_mode_transport.c
index b198087c073e..124f24bc4dbc 100644
--- a/net/ipv4/xfrm4_mode_transport.c
+++ b/net/ipv4/xfrm4_mode_transport.c
@@ -23,13 +23,10 @@
23 */ 23 */
24static int xfrm4_transport_output(struct xfrm_state *x, struct sk_buff *skb) 24static int xfrm4_transport_output(struct xfrm_state *x, struct sk_buff *skb)
25{ 25{
26 struct iphdr *iph; 26 struct iphdr *iph = ip_hdr(skb);
27 int ihl; 27 int ihl = iph->ihl * 4;
28 28
29 iph = skb->nh.iph; 29 skb->h.raw = skb->nh.raw;
30 skb->h.ipiph = iph;
31
32 ihl = iph->ihl * 4;
33 skb->h.raw += ihl; 30 skb->h.raw += ihl;
34 31
35 skb_push(skb, x->props.header_len); 32 skb_push(skb, x->props.header_len);
@@ -54,7 +51,7 @@ static int xfrm4_transport_input(struct xfrm_state *x, struct sk_buff *skb)
54 memmove(skb->h.raw, skb_network_header(skb), ihl); 51 memmove(skb->h.raw, skb_network_header(skb), ihl);
55 skb->nh.raw = skb->h.raw; 52 skb->nh.raw = skb->h.raw;
56 } 53 }
57 skb->nh.iph->tot_len = htons(skb->len + ihl); 54 ip_hdr(skb)->tot_len = htons(skb->len + ihl);
58 skb->h.raw = skb->data; 55 skb->h.raw = skb->data;
59 return 0; 56 return 0;
60} 57}
diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c
index bec851f278e5..faa1b9a76e76 100644
--- a/net/ipv4/xfrm4_mode_tunnel.c
+++ b/net/ipv4/xfrm4_mode_tunnel.c
@@ -16,7 +16,7 @@
16 16
17static inline void ipip_ecn_decapsulate(struct sk_buff *skb) 17static inline void ipip_ecn_decapsulate(struct sk_buff *skb)
18{ 18{
19 struct iphdr *outer_iph = skb->nh.iph; 19 struct iphdr *outer_iph = ip_hdr(skb);
20 struct iphdr *inner_iph = skb->h.ipiph; 20 struct iphdr *inner_iph = skb->h.ipiph;
21 21
22 if (INET_ECN_is_ce(outer_iph->tos)) 22 if (INET_ECN_is_ce(outer_iph->tos))
@@ -46,12 +46,12 @@ static int xfrm4_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
46 struct iphdr *iph, *top_iph; 46 struct iphdr *iph, *top_iph;
47 int flags; 47 int flags;
48 48
49 iph = skb->nh.iph; 49 iph = ip_hdr(skb);
50 skb->h.ipiph = iph; 50 skb->h.ipiph = iph;
51 51
52 skb_push(skb, x->props.header_len); 52 skb_push(skb, x->props.header_len);
53 skb_reset_network_header(skb); 53 skb_reset_network_header(skb);
54 top_iph = skb->nh.iph; 54 top_iph = ip_hdr(skb);
55 55
56 top_iph->ihl = 5; 56 top_iph->ihl = 5;
57 top_iph->version = 4; 57 top_iph->version = 4;
@@ -91,7 +91,7 @@ static int xfrm4_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
91 91
92static int xfrm4_tunnel_input(struct xfrm_state *x, struct sk_buff *skb) 92static int xfrm4_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)
93{ 93{
94 struct iphdr *iph = skb->nh.iph; 94 struct iphdr *iph = ip_hdr(skb);
95 const unsigned char *old_mac; 95 const unsigned char *old_mac;
96 int err = -EINVAL; 96 int err = -EINVAL;
97 97
@@ -113,7 +113,7 @@ static int xfrm4_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)
113 (err = pskb_expand_head(skb, 0, 0, GFP_ATOMIC))) 113 (err = pskb_expand_head(skb, 0, 0, GFP_ATOMIC)))
114 goto out; 114 goto out;
115 115
116 iph = skb->nh.iph; 116 iph = ip_hdr(skb);
117 if (iph->protocol == IPPROTO_IPIP) { 117 if (iph->protocol == IPPROTO_IPIP) {
118 if (x->props.flags & XFRM_STATE_DECAP_DSCP) 118 if (x->props.flags & XFRM_STATE_DECAP_DSCP)
119 ipv4_copy_dscp(iph, skb->h.ipiph); 119 ipv4_copy_dscp(iph, skb->h.ipiph);
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index 038ca160fe2c..44ef208a75cb 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -22,14 +22,13 @@ static int xfrm4_tunnel_check_size(struct sk_buff *skb)
22{ 22{
23 int mtu, ret = 0; 23 int mtu, ret = 0;
24 struct dst_entry *dst; 24 struct dst_entry *dst;
25 struct iphdr *iph = skb->nh.iph;
26 25
27 if (IPCB(skb)->flags & IPSKB_XFRM_TUNNEL_SIZE) 26 if (IPCB(skb)->flags & IPSKB_XFRM_TUNNEL_SIZE)
28 goto out; 27 goto out;
29 28
30 IPCB(skb)->flags |= IPSKB_XFRM_TUNNEL_SIZE; 29 IPCB(skb)->flags |= IPSKB_XFRM_TUNNEL_SIZE;
31 30
32 if (!(iph->frag_off & htons(IP_DF)) || skb->local_df) 31 if (!(ip_hdr(skb)->frag_off & htons(IP_DF)) || skb->local_df)
33 goto out; 32 goto out;
34 33
35 dst = skb->dst; 34 dst = skb->dst;
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index fbb1d3decf02..f1c32ff59d16 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -209,7 +209,7 @@ error:
209static void 209static void
210_decode_session4(struct sk_buff *skb, struct flowi *fl) 210_decode_session4(struct sk_buff *skb, struct flowi *fl)
211{ 211{
212 struct iphdr *iph = skb->nh.iph; 212 struct iphdr *iph = ip_hdr(skb);
213 u8 *xprth = skb_network_header(skb) + iph->ihl * 4; 213 u8 *xprth = skb_network_header(skb) + iph->ihl * 4;
214 214
215 memset(fl, 0, sizeof(struct flowi)); 215 memset(fl, 0, sizeof(struct flowi));
diff --git a/net/ipv4/xfrm4_tunnel.c b/net/ipv4/xfrm4_tunnel.c
index 3eef06454da9..568510304553 100644
--- a/net/ipv4/xfrm4_tunnel.c
+++ b/net/ipv4/xfrm4_tunnel.c
@@ -12,9 +12,8 @@
12 12
13static int ipip_output(struct xfrm_state *x, struct sk_buff *skb) 13static int ipip_output(struct xfrm_state *x, struct sk_buff *skb)
14{ 14{
15 struct iphdr *iph; 15 struct iphdr *iph = ip_hdr(skb);
16 16
17 iph = skb->nh.iph;
18 iph->tot_len = htons(skb->len); 17 iph->tot_len = htons(skb->len);
19 ip_send_check(iph); 18 ip_send_check(iph);
20 19