aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/netfilter.h5
-rw-r--r--include/linux/netfilter_ipv4.h5
-rw-r--r--net/core/netfilter.c6
-rw-r--r--net/ipv4/netfilter/ip_nat_core.c4
-rw-r--r--net/ipv4/netfilter/ip_nat_helper.c8
-rw-r--r--net/ipv4/netfilter/ip_nat_proto_icmp.c2
-rw-r--r--net/ipv4/netfilter/ip_nat_proto_tcp.c2
-rw-r--r--net/ipv4/netfilter/ip_nat_proto_udp.c2
-rw-r--r--net/ipv4/netfilter/ip_nat_snmp_basic.c2
-rw-r--r--net/ipv4/netfilter/ip_queue.c2
-rw-r--r--net/ipv4/netfilter/ipt_DSCP.c2
-rw-r--r--net/ipv4/netfilter/ipt_ECN.c4
-rw-r--r--net/ipv4/netfilter/ipt_TCPMSS.c2
-rw-r--r--net/ipv4/netfilter/ipt_TOS.c2
-rw-r--r--net/ipv6/netfilter/ip6_queue.c2
15 files changed, 25 insertions, 25 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index ec60856408fd..54b97a1baba5 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -193,6 +193,11 @@ extern void nf_ct_attach(struct sk_buff *, struct sk_buff *);
193/* FIXME: Before cache is ever used, this must be implemented for real. */ 193/* FIXME: Before cache is ever used, this must be implemented for real. */
194extern void nf_invalidate_cache(int pf); 194extern void nf_invalidate_cache(int pf);
195 195
196/* Call this before modifying an existing packet: ensures it is
197 modifiable and linear to the point you care about (writable_len).
198 Returns true or false. */
199extern int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len);
200
196#else /* !CONFIG_NETFILTER */ 201#else /* !CONFIG_NETFILTER */
197#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) (okfn)(skb) 202#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) (okfn)(skb)
198static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {} 203static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {}
diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h
index 552815b8193e..fdc4a9527343 100644
--- a/include/linux/netfilter_ipv4.h
+++ b/include/linux/netfilter_ipv4.h
@@ -80,11 +80,6 @@ enum nf_ip_hook_priorities {
80#ifdef __KERNEL__ 80#ifdef __KERNEL__
81extern int ip_route_me_harder(struct sk_buff **pskb); 81extern int ip_route_me_harder(struct sk_buff **pskb);
82 82
83/* Call this before modifying an existing IP packet: ensures it is
84 modifiable and linear to the point you care about (writable_len).
85 Returns true or false. */
86extern int skb_ip_make_writable(struct sk_buff **pskb,
87 unsigned int writable_len);
88#endif /*__KERNEL__*/ 83#endif /*__KERNEL__*/
89 84
90#endif /*__LINUX_IP_NETFILTER_H*/ 85#endif /*__LINUX_IP_NETFILTER_H*/
diff --git a/net/core/netfilter.c b/net/core/netfilter.c
index 076c156d5eda..bbf9081a6804 100644
--- a/net/core/netfilter.c
+++ b/net/core/netfilter.c
@@ -512,8 +512,9 @@ int ip_route_me_harder(struct sk_buff **pskb)
512 return 0; 512 return 0;
513} 513}
514EXPORT_SYMBOL(ip_route_me_harder); 514EXPORT_SYMBOL(ip_route_me_harder);
515#endif /*CONFIG_INET*/
515 516
516int skb_ip_make_writable(struct sk_buff **pskb, unsigned int writable_len) 517int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len)
517{ 518{
518 struct sk_buff *nskb; 519 struct sk_buff *nskb;
519 520
@@ -540,8 +541,7 @@ copy_skb:
540 *pskb = nskb; 541 *pskb = nskb;
541 return 1; 542 return 1;
542} 543}
543EXPORT_SYMBOL(skb_ip_make_writable); 544EXPORT_SYMBOL(skb_make_writable);
544#endif /*CONFIG_INET*/
545 545
546/* Internal logging interface, which relies on the real 546/* Internal logging interface, which relies on the real
547 LOG target modules */ 547 LOG target modules */
diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c
index 567c802fecf0..1adedb743f60 100644
--- a/net/ipv4/netfilter/ip_nat_core.c
+++ b/net/ipv4/netfilter/ip_nat_core.c
@@ -359,7 +359,7 @@ manip_pkt(u_int16_t proto,
359 struct iphdr *iph; 359 struct iphdr *iph;
360 struct ip_nat_protocol *p; 360 struct ip_nat_protocol *p;
361 361
362 if (!skb_ip_make_writable(pskb, iphdroff + sizeof(*iph))) 362 if (!skb_make_writable(pskb, iphdroff + sizeof(*iph)))
363 return 0; 363 return 0;
364 364
365 iph = (void *)(*pskb)->data + iphdroff; 365 iph = (void *)(*pskb)->data + iphdroff;
@@ -431,7 +431,7 @@ int icmp_reply_translation(struct sk_buff **pskb,
431 struct ip_conntrack_tuple inner, target; 431 struct ip_conntrack_tuple inner, target;
432 int hdrlen = (*pskb)->nh.iph->ihl * 4; 432 int hdrlen = (*pskb)->nh.iph->ihl * 4;
433 433
434 if (!skb_ip_make_writable(pskb, hdrlen + sizeof(*inside))) 434 if (!skb_make_writable(pskb, hdrlen + sizeof(*inside)))
435 return 0; 435 return 0;
436 436
437 inside = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; 437 inside = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4;
diff --git a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c
index 158f34f32c04..d2dd5d313556 100644
--- a/net/ipv4/netfilter/ip_nat_helper.c
+++ b/net/ipv4/netfilter/ip_nat_helper.c
@@ -168,7 +168,7 @@ ip_nat_mangle_tcp_packet(struct sk_buff **pskb,
168 struct tcphdr *tcph; 168 struct tcphdr *tcph;
169 int datalen; 169 int datalen;
170 170
171 if (!skb_ip_make_writable(pskb, (*pskb)->len)) 171 if (!skb_make_writable(pskb, (*pskb)->len))
172 return 0; 172 return 0;
173 173
174 if (rep_len > match_len 174 if (rep_len > match_len
@@ -228,7 +228,7 @@ ip_nat_mangle_udp_packet(struct sk_buff **pskb,
228 match_offset + match_len) 228 match_offset + match_len)
229 return 0; 229 return 0;
230 230
231 if (!skb_ip_make_writable(pskb, (*pskb)->len)) 231 if (!skb_make_writable(pskb, (*pskb)->len))
232 return 0; 232 return 0;
233 233
234 if (rep_len > match_len 234 if (rep_len > match_len
@@ -315,7 +315,7 @@ ip_nat_sack_adjust(struct sk_buff **pskb,
315 optoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct tcphdr); 315 optoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct tcphdr);
316 optend = (*pskb)->nh.iph->ihl*4 + tcph->doff*4; 316 optend = (*pskb)->nh.iph->ihl*4 + tcph->doff*4;
317 317
318 if (!skb_ip_make_writable(pskb, optend)) 318 if (!skb_make_writable(pskb, optend))
319 return 0; 319 return 0;
320 320
321 dir = CTINFO2DIR(ctinfo); 321 dir = CTINFO2DIR(ctinfo);
@@ -363,7 +363,7 @@ ip_nat_seq_adjust(struct sk_buff **pskb,
363 this_way = &ct->nat.info.seq[dir]; 363 this_way = &ct->nat.info.seq[dir];
364 other_way = &ct->nat.info.seq[!dir]; 364 other_way = &ct->nat.info.seq[!dir];
365 365
366 if (!skb_ip_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph))) 366 if (!skb_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph)))
367 return 0; 367 return 0;
368 368
369 tcph = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; 369 tcph = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4;
diff --git a/net/ipv4/netfilter/ip_nat_proto_icmp.c b/net/ipv4/netfilter/ip_nat_proto_icmp.c
index 7ed2fdb53457..938719043999 100644
--- a/net/ipv4/netfilter/ip_nat_proto_icmp.c
+++ b/net/ipv4/netfilter/ip_nat_proto_icmp.c
@@ -62,7 +62,7 @@ icmp_manip_pkt(struct sk_buff **pskb,
62 struct icmphdr *hdr; 62 struct icmphdr *hdr;
63 unsigned int hdroff = iphdroff + iph->ihl*4; 63 unsigned int hdroff = iphdroff + iph->ihl*4;
64 64
65 if (!skb_ip_make_writable(pskb, hdroff + sizeof(*hdr))) 65 if (!skb_make_writable(pskb, hdroff + sizeof(*hdr)))
66 return 0; 66 return 0;
67 67
68 hdr = (struct icmphdr *)((*pskb)->data + hdroff); 68 hdr = (struct icmphdr *)((*pskb)->data + hdroff);
diff --git a/net/ipv4/netfilter/ip_nat_proto_tcp.c b/net/ipv4/netfilter/ip_nat_proto_tcp.c
index 6113a16af867..1d381bf68574 100644
--- a/net/ipv4/netfilter/ip_nat_proto_tcp.c
+++ b/net/ipv4/netfilter/ip_nat_proto_tcp.c
@@ -103,7 +103,7 @@ tcp_manip_pkt(struct sk_buff **pskb,
103 if ((*pskb)->len >= hdroff + sizeof(struct tcphdr)) 103 if ((*pskb)->len >= hdroff + sizeof(struct tcphdr))
104 hdrsize = sizeof(struct tcphdr); 104 hdrsize = sizeof(struct tcphdr);
105 105
106 if (!skb_ip_make_writable(pskb, hdroff + hdrsize)) 106 if (!skb_make_writable(pskb, hdroff + hdrsize))
107 return 0; 107 return 0;
108 108
109 iph = (struct iphdr *)((*pskb)->data + iphdroff); 109 iph = (struct iphdr *)((*pskb)->data + iphdroff);
diff --git a/net/ipv4/netfilter/ip_nat_proto_udp.c b/net/ipv4/netfilter/ip_nat_proto_udp.c
index 689478e637a7..c4906e1aa24a 100644
--- a/net/ipv4/netfilter/ip_nat_proto_udp.c
+++ b/net/ipv4/netfilter/ip_nat_proto_udp.c
@@ -94,7 +94,7 @@ udp_manip_pkt(struct sk_buff **pskb,
94 u32 oldip, newip; 94 u32 oldip, newip;
95 u16 *portptr, newport; 95 u16 *portptr, newport;
96 96
97 if (!skb_ip_make_writable(pskb, hdroff + sizeof(*hdr))) 97 if (!skb_make_writable(pskb, hdroff + sizeof(*hdr)))
98 return 0; 98 return 0;
99 99
100 iph = (struct iphdr *)((*pskb)->data + iphdroff); 100 iph = (struct iphdr *)((*pskb)->data + iphdroff);
diff --git a/net/ipv4/netfilter/ip_nat_snmp_basic.c b/net/ipv4/netfilter/ip_nat_snmp_basic.c
index 2a48b6e635ae..93b2c5111bb2 100644
--- a/net/ipv4/netfilter/ip_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/ip_nat_snmp_basic.c
@@ -1275,7 +1275,7 @@ static int help(struct sk_buff **pskb,
1275 return NF_DROP; 1275 return NF_DROP;
1276 } 1276 }
1277 1277
1278 if (!skb_ip_make_writable(pskb, (*pskb)->len)) 1278 if (!skb_make_writable(pskb, (*pskb)->len))
1279 return NF_DROP; 1279 return NF_DROP;
1280 1280
1281 spin_lock_bh(&snmp_lock); 1281 spin_lock_bh(&snmp_lock);
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index bc0af8d8e910..ae975ac59c6a 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -388,7 +388,7 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
388 } 388 }
389 skb_put(e->skb, diff); 389 skb_put(e->skb, diff);
390 } 390 }
391 if (!skb_ip_make_writable(&e->skb, v->data_len)) 391 if (!skb_make_writable(&e->skb, v->data_len))
392 return -ENOMEM; 392 return -ENOMEM;
393 memcpy(e->skb->data, v->payload, v->data_len); 393 memcpy(e->skb->data, v->payload, v->data_len);
394 e->skb->ip_summed = CHECKSUM_NONE; 394 e->skb->ip_summed = CHECKSUM_NONE;
diff --git a/net/ipv4/netfilter/ipt_DSCP.c b/net/ipv4/netfilter/ipt_DSCP.c
index 975476fef27a..6e319570a28c 100644
--- a/net/ipv4/netfilter/ipt_DSCP.c
+++ b/net/ipv4/netfilter/ipt_DSCP.c
@@ -39,7 +39,7 @@ target(struct sk_buff **pskb,
39 if (((*pskb)->nh.iph->tos & IPT_DSCP_MASK) != sh_dscp) { 39 if (((*pskb)->nh.iph->tos & IPT_DSCP_MASK) != sh_dscp) {
40 u_int16_t diffs[2]; 40 u_int16_t diffs[2];
41 41
42 if (!skb_ip_make_writable(pskb, sizeof(struct iphdr))) 42 if (!skb_make_writable(pskb, sizeof(struct iphdr)))
43 return NF_DROP; 43 return NF_DROP;
44 44
45 diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF; 45 diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF;
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c
index f63a9bc0e4d2..a1319693f648 100644
--- a/net/ipv4/netfilter/ipt_ECN.c
+++ b/net/ipv4/netfilter/ipt_ECN.c
@@ -31,7 +31,7 @@ set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
31 != (einfo->ip_ect & IPT_ECN_IP_MASK)) { 31 != (einfo->ip_ect & IPT_ECN_IP_MASK)) {
32 u_int16_t diffs[2]; 32 u_int16_t diffs[2];
33 33
34 if (!skb_ip_make_writable(pskb, sizeof(struct iphdr))) 34 if (!skb_make_writable(pskb, sizeof(struct iphdr)))
35 return 0; 35 return 0;
36 36
37 diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF; 37 diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF;
@@ -66,7 +66,7 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo, int inward)
66 tcph->cwr == einfo->proto.tcp.cwr))) 66 tcph->cwr == einfo->proto.tcp.cwr)))
67 return 1; 67 return 1;
68 68
69 if (!skb_ip_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph))) 69 if (!skb_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph)))
70 return 0; 70 return 0;
71 tcph = (void *)(*pskb)->nh.iph + (*pskb)->nh.iph->ihl*4; 71 tcph = (void *)(*pskb)->nh.iph + (*pskb)->nh.iph->ihl*4;
72 72
diff --git a/net/ipv4/netfilter/ipt_TCPMSS.c b/net/ipv4/netfilter/ipt_TCPMSS.c
index 949288319ca8..8db70d6908c3 100644
--- a/net/ipv4/netfilter/ipt_TCPMSS.c
+++ b/net/ipv4/netfilter/ipt_TCPMSS.c
@@ -58,7 +58,7 @@ ipt_tcpmss_target(struct sk_buff **pskb,
58 unsigned int i; 58 unsigned int i;
59 u_int8_t *opt; 59 u_int8_t *opt;
60 60
61 if (!skb_ip_make_writable(pskb, (*pskb)->len)) 61 if (!skb_make_writable(pskb, (*pskb)->len))
62 return NF_DROP; 62 return NF_DROP;
63 63
64 if ((*pskb)->ip_summed == CHECKSUM_HW && 64 if ((*pskb)->ip_summed == CHECKSUM_HW &&
diff --git a/net/ipv4/netfilter/ipt_TOS.c b/net/ipv4/netfilter/ipt_TOS.c
index 49abb7eef0a4..deadb36d4428 100644
--- a/net/ipv4/netfilter/ipt_TOS.c
+++ b/net/ipv4/netfilter/ipt_TOS.c
@@ -33,7 +33,7 @@ target(struct sk_buff **pskb,
33 if (((*pskb)->nh.iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) { 33 if (((*pskb)->nh.iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) {
34 u_int16_t diffs[2]; 34 u_int16_t diffs[2];
35 35
36 if (!skb_ip_make_writable(pskb, sizeof(struct iphdr))) 36 if (!skb_make_writable(pskb, sizeof(struct iphdr)))
37 return NF_DROP; 37 return NF_DROP;
38 38
39 diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF; 39 diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF;
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index 83ccedceed17..7130603a32c5 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -384,7 +384,7 @@ ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
384 } 384 }
385 skb_put(e->skb, diff); 385 skb_put(e->skb, diff);
386 } 386 }
387 if (!skb_ip_make_writable(&e->skb, v->data_len)) 387 if (!skb_make_writable(&e->skb, v->data_len))
388 return -ENOMEM; 388 return -ENOMEM;
389 memcpy(e->skb->data, v->payload, v->data_len); 389 memcpy(e->skb->data, v->payload, v->data_len);
390 e->skb->ip_summed = CHECKSUM_NONE; 390 e->skb->ip_summed = CHECKSUM_NONE;