diff options
| author | Herbert Xu <herbert@gondor.apana.org.au> | 2007-10-15 03:53:15 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-15 15:26:29 -0400 |
| commit | 3db05fea51cdb162cfa8f69e9cfb9e228919d2a9 (patch) | |
| tree | 0d0e4c18cdf2dcb7321035f6614628a2ddfb502d /net/ipv6 | |
| parent | 2ca7b0ac022aa0158599178fe1056b1ba9ec8b97 (diff) | |
[NETFILTER]: Replace sk_buff ** with sk_buff *
With all the users of the double pointers removed, this patch mops up by
finally replacing all occurances of sk_buff ** in the netfilter API by
sk_buff *.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter.c | 6 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 16 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_HL.c | 6 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_LOG.c | 5 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_REJECT.c | 14 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_filter.c | 12 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_mangle.c | 32 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_raw.c | 4 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 44 | ||||
| -rw-r--r-- | net/ipv6/xfrm6_output.c | 4 |
10 files changed, 71 insertions, 72 deletions
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c index 38b149613915..b1326c2bf8aa 100644 --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c | |||
| @@ -68,15 +68,15 @@ static void nf_ip6_saveroute(const struct sk_buff *skb, struct nf_info *info) | |||
| 68 | } | 68 | } |
| 69 | } | 69 | } |
| 70 | 70 | ||
| 71 | static int nf_ip6_reroute(struct sk_buff **pskb, const struct nf_info *info) | 71 | static int nf_ip6_reroute(struct sk_buff *skb, const struct nf_info *info) |
| 72 | { | 72 | { |
| 73 | struct ip6_rt_info *rt_info = nf_info_reroute(info); | 73 | struct ip6_rt_info *rt_info = nf_info_reroute(info); |
| 74 | 74 | ||
| 75 | if (info->hook == NF_IP6_LOCAL_OUT) { | 75 | if (info->hook == NF_IP6_LOCAL_OUT) { |
| 76 | struct ipv6hdr *iph = ipv6_hdr(*pskb); | 76 | struct ipv6hdr *iph = ipv6_hdr(skb); |
| 77 | if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) || | 77 | if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) || |
| 78 | !ipv6_addr_equal(&iph->saddr, &rt_info->saddr)) | 78 | !ipv6_addr_equal(&iph->saddr, &rt_info->saddr)) |
| 79 | return ip6_route_me_harder(*pskb); | 79 | return ip6_route_me_harder(skb); |
| 80 | } | 80 | } |
| 81 | return 0; | 81 | return 0; |
| 82 | } | 82 | } |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index cd9df02bb85c..acaba1537931 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -205,7 +205,7 @@ ip6_checkentry(const struct ip6t_ip6 *ipv6) | |||
| 205 | } | 205 | } |
| 206 | 206 | ||
| 207 | static unsigned int | 207 | static unsigned int |
| 208 | ip6t_error(struct sk_buff **pskb, | 208 | ip6t_error(struct sk_buff *skb, |
| 209 | const struct net_device *in, | 209 | const struct net_device *in, |
| 210 | const struct net_device *out, | 210 | const struct net_device *out, |
| 211 | unsigned int hooknum, | 211 | unsigned int hooknum, |
| @@ -350,7 +350,7 @@ static void trace_packet(struct sk_buff *skb, | |||
| 350 | 350 | ||
| 351 | /* Returns one of the generic firewall policies, like NF_ACCEPT. */ | 351 | /* Returns one of the generic firewall policies, like NF_ACCEPT. */ |
| 352 | unsigned int | 352 | unsigned int |
| 353 | ip6t_do_table(struct sk_buff **pskb, | 353 | ip6t_do_table(struct sk_buff *skb, |
| 354 | unsigned int hook, | 354 | unsigned int hook, |
| 355 | const struct net_device *in, | 355 | const struct net_device *in, |
| 356 | const struct net_device *out, | 356 | const struct net_device *out, |
| @@ -389,17 +389,17 @@ ip6t_do_table(struct sk_buff **pskb, | |||
| 389 | do { | 389 | do { |
| 390 | IP_NF_ASSERT(e); | 390 | IP_NF_ASSERT(e); |
| 391 | IP_NF_ASSERT(back); | 391 | IP_NF_ASSERT(back); |
| 392 | if (ip6_packet_match(*pskb, indev, outdev, &e->ipv6, | 392 | if (ip6_packet_match(skb, indev, outdev, &e->ipv6, |
| 393 | &protoff, &offset, &hotdrop)) { | 393 | &protoff, &offset, &hotdrop)) { |
| 394 | struct ip6t_entry_target *t; | 394 | struct ip6t_entry_target *t; |
| 395 | 395 | ||
| 396 | if (IP6T_MATCH_ITERATE(e, do_match, | 396 | if (IP6T_MATCH_ITERATE(e, do_match, |
| 397 | *pskb, in, out, | 397 | skb, in, out, |
| 398 | offset, protoff, &hotdrop) != 0) | 398 | offset, protoff, &hotdrop) != 0) |
| 399 | goto no_match; | 399 | goto no_match; |
| 400 | 400 | ||
| 401 | ADD_COUNTER(e->counters, | 401 | ADD_COUNTER(e->counters, |
| 402 | ntohs(ipv6_hdr(*pskb)->payload_len) | 402 | ntohs(ipv6_hdr(skb)->payload_len) |
| 403 | + IPV6_HDR_LEN, | 403 | + IPV6_HDR_LEN, |
| 404 | 1); | 404 | 1); |
| 405 | 405 | ||
| @@ -409,8 +409,8 @@ ip6t_do_table(struct sk_buff **pskb, | |||
| 409 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ | 409 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ |
| 410 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) | 410 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) |
| 411 | /* The packet is traced: log it */ | 411 | /* The packet is traced: log it */ |
| 412 | if (unlikely((*pskb)->nf_trace)) | 412 | if (unlikely(skb->nf_trace)) |
| 413 | trace_packet(*pskb, hook, in, out, | 413 | trace_packet(skb, hook, in, out, |
| 414 | table->name, private, e); | 414 | table->name, private, e); |
| 415 | #endif | 415 | #endif |
| 416 | /* Standard target? */ | 416 | /* Standard target? */ |
| @@ -448,7 +448,7 @@ ip6t_do_table(struct sk_buff **pskb, | |||
| 448 | ((struct ip6t_entry *)table_base)->comefrom | 448 | ((struct ip6t_entry *)table_base)->comefrom |
| 449 | = 0xeeeeeeec; | 449 | = 0xeeeeeeec; |
| 450 | #endif | 450 | #endif |
| 451 | verdict = t->u.kernel.target->target(pskb, | 451 | verdict = t->u.kernel.target->target(skb, |
| 452 | in, out, | 452 | in, out, |
| 453 | hook, | 453 | hook, |
| 454 | t->u.kernel.target, | 454 | t->u.kernel.target, |
diff --git a/net/ipv6/netfilter/ip6t_HL.c b/net/ipv6/netfilter/ip6t_HL.c index f76197fc4dcc..9afc836fd454 100644 --- a/net/ipv6/netfilter/ip6t_HL.c +++ b/net/ipv6/netfilter/ip6t_HL.c | |||
| @@ -18,7 +18,7 @@ MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>"); | |||
| 18 | MODULE_DESCRIPTION("IP6 tables Hop Limit modification module"); | 18 | MODULE_DESCRIPTION("IP6 tables Hop Limit modification module"); |
| 19 | MODULE_LICENSE("GPL"); | 19 | MODULE_LICENSE("GPL"); |
| 20 | 20 | ||
| 21 | static unsigned int ip6t_hl_target(struct sk_buff **pskb, | 21 | static unsigned int ip6t_hl_target(struct sk_buff *skb, |
| 22 | const struct net_device *in, | 22 | const struct net_device *in, |
| 23 | const struct net_device *out, | 23 | const struct net_device *out, |
| 24 | unsigned int hooknum, | 24 | unsigned int hooknum, |
| @@ -29,10 +29,10 @@ static unsigned int ip6t_hl_target(struct sk_buff **pskb, | |||
| 29 | const struct ip6t_HL_info *info = targinfo; | 29 | const struct ip6t_HL_info *info = targinfo; |
| 30 | int new_hl; | 30 | int new_hl; |
| 31 | 31 | ||
| 32 | if (!skb_make_writable(*pskb, (*pskb)->len)) | 32 | if (!skb_make_writable(skb, skb->len)) |
| 33 | return NF_DROP; | 33 | return NF_DROP; |
| 34 | 34 | ||
| 35 | ip6h = ipv6_hdr(*pskb); | 35 | ip6h = ipv6_hdr(skb); |
| 36 | 36 | ||
| 37 | switch (info->mode) { | 37 | switch (info->mode) { |
| 38 | case IP6T_HL_SET: | 38 | case IP6T_HL_SET: |
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c index 6ab99001dccc..7a48c342df46 100644 --- a/net/ipv6/netfilter/ip6t_LOG.c +++ b/net/ipv6/netfilter/ip6t_LOG.c | |||
| @@ -431,7 +431,7 @@ ip6t_log_packet(unsigned int pf, | |||
| 431 | } | 431 | } |
| 432 | 432 | ||
| 433 | static unsigned int | 433 | static unsigned int |
| 434 | ip6t_log_target(struct sk_buff **pskb, | 434 | ip6t_log_target(struct sk_buff *skb, |
| 435 | const struct net_device *in, | 435 | const struct net_device *in, |
| 436 | const struct net_device *out, | 436 | const struct net_device *out, |
| 437 | unsigned int hooknum, | 437 | unsigned int hooknum, |
| @@ -445,8 +445,7 @@ ip6t_log_target(struct sk_buff **pskb, | |||
| 445 | li.u.log.level = loginfo->level; | 445 | li.u.log.level = loginfo->level; |
| 446 | li.u.log.logflags = loginfo->logflags; | 446 | li.u.log.logflags = loginfo->logflags; |
| 447 | 447 | ||
| 448 | ip6t_log_packet(PF_INET6, hooknum, *pskb, in, out, &li, | 448 | ip6t_log_packet(PF_INET6, hooknum, skb, in, out, &li, loginfo->prefix); |
| 449 | loginfo->prefix); | ||
| 450 | return XT_CONTINUE; | 449 | return XT_CONTINUE; |
| 451 | } | 450 | } |
| 452 | 451 | ||
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c index 3fd08d5567a6..1a7d2917545d 100644 --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c | |||
| @@ -172,7 +172,7 @@ send_unreach(struct sk_buff *skb_in, unsigned char code, unsigned int hooknum) | |||
| 172 | icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0, NULL); | 172 | icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0, NULL); |
| 173 | } | 173 | } |
| 174 | 174 | ||
| 175 | static unsigned int reject6_target(struct sk_buff **pskb, | 175 | static unsigned int reject6_target(struct sk_buff *skb, |
| 176 | const struct net_device *in, | 176 | const struct net_device *in, |
| 177 | const struct net_device *out, | 177 | const struct net_device *out, |
| 178 | unsigned int hooknum, | 178 | unsigned int hooknum, |
| @@ -187,25 +187,25 @@ static unsigned int reject6_target(struct sk_buff **pskb, | |||
| 187 | must return an absolute verdict. --RR */ | 187 | must return an absolute verdict. --RR */ |
| 188 | switch (reject->with) { | 188 | switch (reject->with) { |
| 189 | case IP6T_ICMP6_NO_ROUTE: | 189 | case IP6T_ICMP6_NO_ROUTE: |
| 190 | send_unreach(*pskb, ICMPV6_NOROUTE, hooknum); | 190 | send_unreach(skb, ICMPV6_NOROUTE, hooknum); |
| 191 | break; | 191 | break; |
| 192 | case IP6T_ICMP6_ADM_PROHIBITED: | 192 | case IP6T_ICMP6_ADM_PROHIBITED: |
| 193 | send_unreach(*pskb, ICMPV6_ADM_PROHIBITED, hooknum); | 193 | send_unreach(skb, ICMPV6_ADM_PROHIBITED, hooknum); |
| 194 | break; | 194 | break; |
| 195 | case IP6T_ICMP6_NOT_NEIGHBOUR: | 195 | case IP6T_ICMP6_NOT_NEIGHBOUR: |
| 196 | send_unreach(*pskb, ICMPV6_NOT_NEIGHBOUR, hooknum); | 196 | send_unreach(skb, ICMPV6_NOT_NEIGHBOUR, hooknum); |
| 197 | break; | 197 | break; |
| 198 | case IP6T_ICMP6_ADDR_UNREACH: | 198 | case IP6T_ICMP6_ADDR_UNREACH: |
| 199 | send_unreach(*pskb, ICMPV6_ADDR_UNREACH, hooknum); | 199 | send_unreach(skb, ICMPV6_ADDR_UNREACH, hooknum); |
| 200 | break; | 200 | break; |
| 201 | case IP6T_ICMP6_PORT_UNREACH: | 201 | case IP6T_ICMP6_PORT_UNREACH: |
| 202 | send_unreach(*pskb, ICMPV6_PORT_UNREACH, hooknum); | 202 | send_unreach(skb, ICMPV6_PORT_UNREACH, hooknum); |
| 203 | break; | 203 | break; |
| 204 | case IP6T_ICMP6_ECHOREPLY: | 204 | case IP6T_ICMP6_ECHOREPLY: |
| 205 | /* Do nothing */ | 205 | /* Do nothing */ |
| 206 | break; | 206 | break; |
| 207 | case IP6T_TCP_RESET: | 207 | case IP6T_TCP_RESET: |
| 208 | send_reset(*pskb); | 208 | send_reset(skb); |
| 209 | break; | 209 | break; |
| 210 | default: | 210 | default: |
| 211 | if (net_ratelimit()) | 211 | if (net_ratelimit()) |
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c index 7e32e2aaf7f7..1d26b202bf30 100644 --- a/net/ipv6/netfilter/ip6table_filter.c +++ b/net/ipv6/netfilter/ip6table_filter.c | |||
| @@ -60,32 +60,32 @@ static struct xt_table packet_filter = { | |||
| 60 | /* The work comes in here from netfilter.c. */ | 60 | /* The work comes in here from netfilter.c. */ |
| 61 | static unsigned int | 61 | static unsigned int |
| 62 | ip6t_hook(unsigned int hook, | 62 | ip6t_hook(unsigned int hook, |
| 63 | struct sk_buff **pskb, | 63 | struct sk_buff *skb, |
| 64 | const struct net_device *in, | 64 | const struct net_device *in, |
| 65 | const struct net_device *out, | 65 | const struct net_device *out, |
| 66 | int (*okfn)(struct sk_buff *)) | 66 | int (*okfn)(struct sk_buff *)) |
| 67 | { | 67 | { |
| 68 | return ip6t_do_table(pskb, hook, in, out, &packet_filter); | 68 | return ip6t_do_table(skb, hook, in, out, &packet_filter); |
| 69 | } | 69 | } |
| 70 | 70 | ||
| 71 | static unsigned int | 71 | static unsigned int |
| 72 | ip6t_local_out_hook(unsigned int hook, | 72 | ip6t_local_out_hook(unsigned int hook, |
| 73 | struct sk_buff **pskb, | 73 | struct sk_buff *skb, |
| 74 | const struct net_device *in, | 74 | const struct net_device *in, |
| 75 | const struct net_device *out, | 75 | const struct net_device *out, |
| 76 | int (*okfn)(struct sk_buff *)) | 76 | int (*okfn)(struct sk_buff *)) |
| 77 | { | 77 | { |
| 78 | #if 0 | 78 | #if 0 |
| 79 | /* root is playing with raw sockets. */ | 79 | /* root is playing with raw sockets. */ |
| 80 | if ((*pskb)->len < sizeof(struct iphdr) | 80 | if (skb->len < sizeof(struct iphdr) |
| 81 | || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { | 81 | || ip_hdrlen(skb) < sizeof(struct iphdr)) { |
| 82 | if (net_ratelimit()) | 82 | if (net_ratelimit()) |
| 83 | printk("ip6t_hook: happy cracking.\n"); | 83 | printk("ip6t_hook: happy cracking.\n"); |
| 84 | return NF_ACCEPT; | 84 | return NF_ACCEPT; |
| 85 | } | 85 | } |
| 86 | #endif | 86 | #endif |
| 87 | 87 | ||
| 88 | return ip6t_do_table(pskb, hook, in, out, &packet_filter); | 88 | return ip6t_do_table(skb, hook, in, out, &packet_filter); |
| 89 | } | 89 | } |
| 90 | 90 | ||
| 91 | static struct nf_hook_ops ip6t_ops[] = { | 91 | static struct nf_hook_ops ip6t_ops[] = { |
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c index f0a9efa67fb5..a0b6381f1e8c 100644 --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c | |||
| @@ -68,17 +68,17 @@ static struct xt_table packet_mangler = { | |||
| 68 | /* The work comes in here from netfilter.c. */ | 68 | /* The work comes in here from netfilter.c. */ |
| 69 | static unsigned int | 69 | static unsigned int |
| 70 | ip6t_route_hook(unsigned int hook, | 70 | ip6t_route_hook(unsigned int hook, |
| 71 | struct sk_buff **pskb, | 71 | struct sk_buff *skb, |
| 72 | const struct net_device *in, | 72 | const struct net_device *in, |
| 73 | const struct net_device *out, | 73 | const struct net_device *out, |
| 74 | int (*okfn)(struct sk_buff *)) | 74 | int (*okfn)(struct sk_buff *)) |
| 75 | { | 75 | { |
| 76 | return ip6t_do_table(pskb, hook, in, out, &packet_mangler); | 76 | return ip6t_do_table(skb, hook, in, out, &packet_mangler); |
| 77 | } | 77 | } |
| 78 | 78 | ||
| 79 | static unsigned int | 79 | static unsigned int |
| 80 | ip6t_local_hook(unsigned int hook, | 80 | ip6t_local_hook(unsigned int hook, |
| 81 | struct sk_buff **pskb, | 81 | struct sk_buff *skb, |
| 82 | const struct net_device *in, | 82 | const struct net_device *in, |
| 83 | const struct net_device *out, | 83 | const struct net_device *out, |
| 84 | int (*okfn)(struct sk_buff *)) | 84 | int (*okfn)(struct sk_buff *)) |
| @@ -91,8 +91,8 @@ ip6t_local_hook(unsigned int hook, | |||
| 91 | 91 | ||
| 92 | #if 0 | 92 | #if 0 |
| 93 | /* root is playing with raw sockets. */ | 93 | /* root is playing with raw sockets. */ |
| 94 | if ((*pskb)->len < sizeof(struct iphdr) | 94 | if (skb->len < sizeof(struct iphdr) |
| 95 | || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { | 95 | || ip_hdrlen(skb) < sizeof(struct iphdr)) { |
| 96 | if (net_ratelimit()) | 96 | if (net_ratelimit()) |
| 97 | printk("ip6t_hook: happy cracking.\n"); | 97 | printk("ip6t_hook: happy cracking.\n"); |
| 98 | return NF_ACCEPT; | 98 | return NF_ACCEPT; |
| @@ -100,22 +100,22 @@ ip6t_local_hook(unsigned int hook, | |||
| 100 | #endif | 100 | #endif |
| 101 | 101 | ||
| 102 | /* save source/dest address, mark, hoplimit, flowlabel, priority, */ | 102 | /* save source/dest address, mark, hoplimit, flowlabel, priority, */ |
| 103 | memcpy(&saddr, &ipv6_hdr(*pskb)->saddr, sizeof(saddr)); | 103 | memcpy(&saddr, &ipv6_hdr(skb)->saddr, sizeof(saddr)); |
| 104 | memcpy(&daddr, &ipv6_hdr(*pskb)->daddr, sizeof(daddr)); | 104 | memcpy(&daddr, &ipv6_hdr(skb)->daddr, sizeof(daddr)); |
| 105 | mark = (*pskb)->mark; | 105 | mark = skb->mark; |
| 106 | hop_limit = ipv6_hdr(*pskb)->hop_limit; | 106 | hop_limit = ipv6_hdr(skb)->hop_limit; |
| 107 | 107 | ||
| 108 | /* flowlabel and prio (includes version, which shouldn't change either */ | 108 | /* flowlabel and prio (includes version, which shouldn't change either */ |
| 109 | flowlabel = *((u_int32_t *)ipv6_hdr(*pskb)); | 109 | flowlabel = *((u_int32_t *)ipv6_hdr(skb)); |
| 110 | 110 | ||
| 111 | ret = ip6t_do_table(pskb, hook, in, out, &packet_mangler); | 111 | ret = ip6t_do_table(skb, hook, in, out, &packet_mangler); |
| 112 | 112 | ||
| 113 | if (ret != NF_DROP && ret != NF_STOLEN | 113 | if (ret != NF_DROP && ret != NF_STOLEN |
| 114 | && (memcmp(&ipv6_hdr(*pskb)->saddr, &saddr, sizeof(saddr)) | 114 | && (memcmp(&ipv6_hdr(skb)->saddr, &saddr, sizeof(saddr)) |
| 115 | || memcmp(&ipv6_hdr(*pskb)->daddr, &daddr, sizeof(daddr)) | 115 | || memcmp(&ipv6_hdr(skb)->daddr, &daddr, sizeof(daddr)) |
| 116 | || (*pskb)->mark != mark | 116 | || skb->mark != mark |
| 117 | || ipv6_hdr(*pskb)->hop_limit != hop_limit)) | 117 | || ipv6_hdr(skb)->hop_limit != hop_limit)) |
| 118 | return ip6_route_me_harder(*pskb) == 0 ? ret : NF_DROP; | 118 | return ip6_route_me_harder(skb) == 0 ? ret : NF_DROP; |
| 119 | 119 | ||
| 120 | return ret; | 120 | return ret; |
| 121 | } | 121 | } |
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c index ec290e4ebdd8..8f7109f991e6 100644 --- a/net/ipv6/netfilter/ip6table_raw.c +++ b/net/ipv6/netfilter/ip6table_raw.c | |||
| @@ -46,12 +46,12 @@ static struct xt_table packet_raw = { | |||
| 46 | /* The work comes in here from netfilter.c. */ | 46 | /* The work comes in here from netfilter.c. */ |
| 47 | static unsigned int | 47 | static unsigned int |
| 48 | ip6t_hook(unsigned int hook, | 48 | ip6t_hook(unsigned int hook, |
| 49 | struct sk_buff **pskb, | 49 | struct sk_buff *skb, |
| 50 | const struct net_device *in, | 50 | const struct net_device *in, |
| 51 | const struct net_device *out, | 51 | const struct net_device *out, |
| 52 | int (*okfn)(struct sk_buff *)) | 52 | int (*okfn)(struct sk_buff *)) |
| 53 | { | 53 | { |
| 54 | return ip6t_do_table(pskb, hook, in, out, &packet_raw); | 54 | return ip6t_do_table(skb, hook, in, out, &packet_raw); |
| 55 | } | 55 | } |
| 56 | 56 | ||
| 57 | static struct nf_hook_ops ip6t_ops[] = { | 57 | static struct nf_hook_ops ip6t_ops[] = { |
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c index 37a3db926953..e9369dc02381 100644 --- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c +++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | |||
| @@ -145,7 +145,7 @@ static int ipv6_get_l4proto(const struct sk_buff *skb, unsigned int nhoff, | |||
| 145 | } | 145 | } |
| 146 | 146 | ||
| 147 | static unsigned int ipv6_confirm(unsigned int hooknum, | 147 | static unsigned int ipv6_confirm(unsigned int hooknum, |
| 148 | struct sk_buff **pskb, | 148 | struct sk_buff *skb, |
| 149 | const struct net_device *in, | 149 | const struct net_device *in, |
| 150 | const struct net_device *out, | 150 | const struct net_device *out, |
| 151 | int (*okfn)(struct sk_buff *)) | 151 | int (*okfn)(struct sk_buff *)) |
| @@ -155,12 +155,12 @@ static unsigned int ipv6_confirm(unsigned int hooknum, | |||
| 155 | struct nf_conntrack_helper *helper; | 155 | struct nf_conntrack_helper *helper; |
| 156 | enum ip_conntrack_info ctinfo; | 156 | enum ip_conntrack_info ctinfo; |
| 157 | unsigned int ret, protoff; | 157 | unsigned int ret, protoff; |
| 158 | unsigned int extoff = (u8 *)(ipv6_hdr(*pskb) + 1) - (*pskb)->data; | 158 | unsigned int extoff = (u8 *)(ipv6_hdr(skb) + 1) - skb->data; |
| 159 | unsigned char pnum = ipv6_hdr(*pskb)->nexthdr; | 159 | unsigned char pnum = ipv6_hdr(skb)->nexthdr; |
| 160 | 160 | ||
| 161 | 161 | ||
| 162 | /* This is where we call the helper: as the packet goes out. */ | 162 | /* This is where we call the helper: as the packet goes out. */ |
| 163 | ct = nf_ct_get(*pskb, &ctinfo); | 163 | ct = nf_ct_get(skb, &ctinfo); |
| 164 | if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY) | 164 | if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY) |
| 165 | goto out; | 165 | goto out; |
| 166 | 166 | ||
| @@ -172,23 +172,23 @@ static unsigned int ipv6_confirm(unsigned int hooknum, | |||
| 172 | if (!helper) | 172 | if (!helper) |
| 173 | goto out; | 173 | goto out; |
| 174 | 174 | ||
| 175 | protoff = nf_ct_ipv6_skip_exthdr(*pskb, extoff, &pnum, | 175 | protoff = nf_ct_ipv6_skip_exthdr(skb, extoff, &pnum, |
| 176 | (*pskb)->len - extoff); | 176 | skb->len - extoff); |
| 177 | if (protoff > (*pskb)->len || pnum == NEXTHDR_FRAGMENT) { | 177 | if (protoff > skb->len || pnum == NEXTHDR_FRAGMENT) { |
| 178 | pr_debug("proto header not found\n"); | 178 | pr_debug("proto header not found\n"); |
| 179 | return NF_ACCEPT; | 179 | return NF_ACCEPT; |
| 180 | } | 180 | } |
| 181 | 181 | ||
| 182 | ret = helper->help(pskb, protoff, ct, ctinfo); | 182 | ret = helper->help(skb, protoff, ct, ctinfo); |
| 183 | if (ret != NF_ACCEPT) | 183 | if (ret != NF_ACCEPT) |
| 184 | return ret; | 184 | return ret; |
| 185 | out: | 185 | out: |
| 186 | /* We've seen it coming out the other side: confirm it */ | 186 | /* We've seen it coming out the other side: confirm it */ |
| 187 | return nf_conntrack_confirm(pskb); | 187 | return nf_conntrack_confirm(skb); |
| 188 | } | 188 | } |
| 189 | 189 | ||
| 190 | static unsigned int ipv6_defrag(unsigned int hooknum, | 190 | static unsigned int ipv6_defrag(unsigned int hooknum, |
| 191 | struct sk_buff **pskb, | 191 | struct sk_buff *skb, |
| 192 | const struct net_device *in, | 192 | const struct net_device *in, |
| 193 | const struct net_device *out, | 193 | const struct net_device *out, |
| 194 | int (*okfn)(struct sk_buff *)) | 194 | int (*okfn)(struct sk_buff *)) |
| @@ -196,17 +196,17 @@ static unsigned int ipv6_defrag(unsigned int hooknum, | |||
| 196 | struct sk_buff *reasm; | 196 | struct sk_buff *reasm; |
| 197 | 197 | ||
| 198 | /* Previously seen (loopback)? */ | 198 | /* Previously seen (loopback)? */ |
| 199 | if ((*pskb)->nfct) | 199 | if (skb->nfct) |
| 200 | return NF_ACCEPT; | 200 | return NF_ACCEPT; |
| 201 | 201 | ||
| 202 | reasm = nf_ct_frag6_gather(*pskb); | 202 | reasm = nf_ct_frag6_gather(skb); |
| 203 | 203 | ||
| 204 | /* queued */ | 204 | /* queued */ |
| 205 | if (reasm == NULL) | 205 | if (reasm == NULL) |
| 206 | return NF_STOLEN; | 206 | return NF_STOLEN; |
| 207 | 207 | ||
| 208 | /* error occured or not fragmented */ | 208 | /* error occured or not fragmented */ |
| 209 | if (reasm == *pskb) | 209 | if (reasm == skb) |
| 210 | return NF_ACCEPT; | 210 | return NF_ACCEPT; |
| 211 | 211 | ||
| 212 | nf_ct_frag6_output(hooknum, reasm, (struct net_device *)in, | 212 | nf_ct_frag6_output(hooknum, reasm, (struct net_device *)in, |
| @@ -216,12 +216,12 @@ static unsigned int ipv6_defrag(unsigned int hooknum, | |||
| 216 | } | 216 | } |
| 217 | 217 | ||
| 218 | static unsigned int ipv6_conntrack_in(unsigned int hooknum, | 218 | static unsigned int ipv6_conntrack_in(unsigned int hooknum, |
| 219 | struct sk_buff **pskb, | 219 | struct sk_buff *skb, |
| 220 | const struct net_device *in, | 220 | const struct net_device *in, |
| 221 | const struct net_device *out, | 221 | const struct net_device *out, |
| 222 | int (*okfn)(struct sk_buff *)) | 222 | int (*okfn)(struct sk_buff *)) |
| 223 | { | 223 | { |
| 224 | struct sk_buff *reasm = (*pskb)->nfct_reasm; | 224 | struct sk_buff *reasm = skb->nfct_reasm; |
| 225 | 225 | ||
| 226 | /* This packet is fragmented and has reassembled packet. */ | 226 | /* This packet is fragmented and has reassembled packet. */ |
| 227 | if (reasm) { | 227 | if (reasm) { |
| @@ -229,32 +229,32 @@ static unsigned int ipv6_conntrack_in(unsigned int hooknum, | |||
| 229 | if (!reasm->nfct) { | 229 | if (!reasm->nfct) { |
| 230 | unsigned int ret; | 230 | unsigned int ret; |
| 231 | 231 | ||
| 232 | ret = nf_conntrack_in(PF_INET6, hooknum, &reasm); | 232 | ret = nf_conntrack_in(PF_INET6, hooknum, reasm); |
| 233 | if (ret != NF_ACCEPT) | 233 | if (ret != NF_ACCEPT) |
| 234 | return ret; | 234 | return ret; |
| 235 | } | 235 | } |
| 236 | nf_conntrack_get(reasm->nfct); | 236 | nf_conntrack_get(reasm->nfct); |
| 237 | (*pskb)->nfct = reasm->nfct; | 237 | skb->nfct = reasm->nfct; |
| 238 | (*pskb)->nfctinfo = reasm->nfctinfo; | 238 | skb->nfctinfo = reasm->nfctinfo; |
| 239 | return NF_ACCEPT; | 239 | return NF_ACCEPT; |
| 240 | } | 240 | } |
| 241 | 241 | ||
| 242 | return nf_conntrack_in(PF_INET6, hooknum, pskb); | 242 | return nf_conntrack_in(PF_INET6, hooknum, skb); |
| 243 | } | 243 | } |
| 244 | 244 | ||
| 245 | static unsigned int ipv6_conntrack_local(unsigned int hooknum, | 245 | static unsigned int ipv6_conntrack_local(unsigned int hooknum, |
| 246 | struct sk_buff **pskb, | 246 | struct sk_buff *skb, |
| 247 | const struct net_device *in, | 247 | const struct net_device *in, |
| 248 | const struct net_device *out, | 248 | const struct net_device *out, |
| 249 | int (*okfn)(struct sk_buff *)) | 249 | int (*okfn)(struct sk_buff *)) |
| 250 | { | 250 | { |
| 251 | /* root is playing with raw sockets. */ | 251 | /* root is playing with raw sockets. */ |
| 252 | if ((*pskb)->len < sizeof(struct ipv6hdr)) { | 252 | if (skb->len < sizeof(struct ipv6hdr)) { |
| 253 | if (net_ratelimit()) | 253 | if (net_ratelimit()) |
| 254 | printk("ipv6_conntrack_local: packet too short\n"); | 254 | printk("ipv6_conntrack_local: packet too short\n"); |
| 255 | return NF_ACCEPT; | 255 | return NF_ACCEPT; |
| 256 | } | 256 | } |
| 257 | return ipv6_conntrack_in(hooknum, pskb, in, out, okfn); | 257 | return ipv6_conntrack_in(hooknum, skb, in, out, okfn); |
| 258 | } | 258 | } |
| 259 | 259 | ||
| 260 | static struct nf_hook_ops ipv6_conntrack_ops[] = { | 260 | static struct nf_hook_ops ipv6_conntrack_ops[] = { |
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c index 4618c18e611d..a5a32c17249d 100644 --- a/net/ipv6/xfrm6_output.c +++ b/net/ipv6/xfrm6_output.c | |||
| @@ -80,7 +80,7 @@ static int xfrm6_output_finish2(struct sk_buff *skb) | |||
| 80 | while (likely((err = xfrm6_output_one(skb)) == 0)) { | 80 | while (likely((err = xfrm6_output_one(skb)) == 0)) { |
| 81 | nf_reset(skb); | 81 | nf_reset(skb); |
| 82 | 82 | ||
| 83 | err = nf_hook(PF_INET6, NF_IP6_LOCAL_OUT, &skb, NULL, | 83 | err = nf_hook(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, |
| 84 | skb->dst->dev, dst_output); | 84 | skb->dst->dev, dst_output); |
| 85 | if (unlikely(err != 1)) | 85 | if (unlikely(err != 1)) |
| 86 | break; | 86 | break; |
| @@ -88,7 +88,7 @@ static int xfrm6_output_finish2(struct sk_buff *skb) | |||
| 88 | if (!skb->dst->xfrm) | 88 | if (!skb->dst->xfrm) |
| 89 | return dst_output(skb); | 89 | return dst_output(skb); |
| 90 | 90 | ||
| 91 | err = nf_hook(PF_INET6, NF_IP6_POST_ROUTING, &skb, NULL, | 91 | err = nf_hook(PF_INET6, NF_IP6_POST_ROUTING, skb, NULL, |
| 92 | skb->dst->dev, xfrm6_output_finish2); | 92 | skb->dst->dev, xfrm6_output_finish2); |
| 93 | if (unlikely(err != 1)) | 93 | if (unlikely(err != 1)) |
| 94 | break; | 94 | break; |