diff options
author | Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> | 2007-03-14 19:44:01 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-04-26 01:25:55 -0400 |
commit | e7ac05f3407a3fb5a1b2ff5d5554899eaa0a10a3 (patch) | |
tree | d8360ce670e1a60110ef6ddff20399129c51eefc /net | |
parent | edda553c324bdc5bb5c2d553b524cab37058a855 (diff) |
[NETFILTER]: nf_conntrack: add nf_copy() to safely copy members in skb
This unifies the codes to copy netfilter related datas. Before copying,
nf_copy() puts original members in destination skb.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/ip_output.c | 13 | ||||
-rw-r--r-- | net/ipv6/ip6_output.c | 18 |
2 files changed, 2 insertions, 29 deletions
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 11029b9d4cf7..11ab100d6c6c 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c | |||
@@ -384,21 +384,10 @@ static void ip_copy_metadata(struct sk_buff *to, struct sk_buff *from) | |||
384 | #ifdef CONFIG_NET_SCHED | 384 | #ifdef CONFIG_NET_SCHED |
385 | to->tc_index = from->tc_index; | 385 | to->tc_index = from->tc_index; |
386 | #endif | 386 | #endif |
387 | #ifdef CONFIG_NETFILTER | 387 | nf_copy(to, from); |
388 | /* Connection association is same as pre-frag packet */ | ||
389 | nf_conntrack_put(to->nfct); | ||
390 | to->nfct = from->nfct; | ||
391 | nf_conntrack_get(to->nfct); | ||
392 | to->nfctinfo = from->nfctinfo; | ||
393 | #if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE) | 388 | #if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE) |
394 | to->ipvs_property = from->ipvs_property; | 389 | to->ipvs_property = from->ipvs_property; |
395 | #endif | 390 | #endif |
396 | #ifdef CONFIG_BRIDGE_NETFILTER | ||
397 | nf_bridge_put(to->nf_bridge); | ||
398 | to->nf_bridge = from->nf_bridge; | ||
399 | nf_bridge_get(to->nf_bridge); | ||
400 | #endif | ||
401 | #endif | ||
402 | skb_copy_secmark(to, from); | 391 | skb_copy_secmark(to, from); |
403 | } | 392 | } |
404 | 393 | ||
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 0f4434eff66a..49523c2a9f10 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c | |||
@@ -504,23 +504,7 @@ static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from) | |||
504 | #ifdef CONFIG_NET_SCHED | 504 | #ifdef CONFIG_NET_SCHED |
505 | to->tc_index = from->tc_index; | 505 | to->tc_index = from->tc_index; |
506 | #endif | 506 | #endif |
507 | #ifdef CONFIG_NETFILTER | 507 | nf_copy(to, from); |
508 | /* Connection association is same as pre-frag packet */ | ||
509 | nf_conntrack_put(to->nfct); | ||
510 | to->nfct = from->nfct; | ||
511 | nf_conntrack_get(to->nfct); | ||
512 | to->nfctinfo = from->nfctinfo; | ||
513 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | ||
514 | nf_conntrack_put_reasm(to->nfct_reasm); | ||
515 | to->nfct_reasm = from->nfct_reasm; | ||
516 | nf_conntrack_get_reasm(to->nfct_reasm); | ||
517 | #endif | ||
518 | #ifdef CONFIG_BRIDGE_NETFILTER | ||
519 | nf_bridge_put(to->nf_bridge); | ||
520 | to->nf_bridge = from->nf_bridge; | ||
521 | nf_bridge_get(to->nf_bridge); | ||
522 | #endif | ||
523 | #endif | ||
524 | skb_copy_secmark(to, from); | 508 | skb_copy_secmark(to, from); |
525 | } | 509 | } |
526 | 510 | ||