diff options
-rw-r--r-- | include/linux/netfilter.h | 5 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4.h | 5 | ||||
-rw-r--r-- | net/core/netfilter.c | 6 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_nat_core.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_nat_helper.c | 8 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_nat_proto_icmp.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_nat_proto_tcp.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_nat_proto_udp.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_nat_snmp_basic.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_queue.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_DSCP.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_ECN.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_TCPMSS.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ipt_TOS.c | 2 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6_queue.c | 2 |
15 files changed, 25 insertions, 25 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index ec60856408fd..54b97a1baba5 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h | |||
@@ -193,6 +193,11 @@ extern void nf_ct_attach(struct sk_buff *, struct sk_buff *); | |||
193 | /* FIXME: Before cache is ever used, this must be implemented for real. */ | 193 | /* FIXME: Before cache is ever used, this must be implemented for real. */ |
194 | extern void nf_invalidate_cache(int pf); | 194 | extern void nf_invalidate_cache(int pf); |
195 | 195 | ||
196 | /* Call this before modifying an existing packet: ensures it is | ||
197 | modifiable and linear to the point you care about (writable_len). | ||
198 | Returns true or false. */ | ||
199 | extern int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len); | ||
200 | |||
196 | #else /* !CONFIG_NETFILTER */ | 201 | #else /* !CONFIG_NETFILTER */ |
197 | #define NF_HOOK(pf, hook, skb, indev, outdev, okfn) (okfn)(skb) | 202 | #define NF_HOOK(pf, hook, skb, indev, outdev, okfn) (okfn)(skb) |
198 | static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {} | 203 | static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {} |
diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h index 552815b8193e..fdc4a9527343 100644 --- a/include/linux/netfilter_ipv4.h +++ b/include/linux/netfilter_ipv4.h | |||
@@ -80,11 +80,6 @@ enum nf_ip_hook_priorities { | |||
80 | #ifdef __KERNEL__ | 80 | #ifdef __KERNEL__ |
81 | extern int ip_route_me_harder(struct sk_buff **pskb); | 81 | extern int ip_route_me_harder(struct sk_buff **pskb); |
82 | 82 | ||
83 | /* Call this before modifying an existing IP packet: ensures it is | ||
84 | modifiable and linear to the point you care about (writable_len). | ||
85 | Returns true or false. */ | ||
86 | extern int skb_ip_make_writable(struct sk_buff **pskb, | ||
87 | unsigned int writable_len); | ||
88 | #endif /*__KERNEL__*/ | 83 | #endif /*__KERNEL__*/ |
89 | 84 | ||
90 | #endif /*__LINUX_IP_NETFILTER_H*/ | 85 | #endif /*__LINUX_IP_NETFILTER_H*/ |
diff --git a/net/core/netfilter.c b/net/core/netfilter.c index 076c156d5eda..bbf9081a6804 100644 --- a/net/core/netfilter.c +++ b/net/core/netfilter.c | |||
@@ -512,8 +512,9 @@ int ip_route_me_harder(struct sk_buff **pskb) | |||
512 | return 0; | 512 | return 0; |
513 | } | 513 | } |
514 | EXPORT_SYMBOL(ip_route_me_harder); | 514 | EXPORT_SYMBOL(ip_route_me_harder); |
515 | #endif /*CONFIG_INET*/ | ||
515 | 516 | ||
516 | int skb_ip_make_writable(struct sk_buff **pskb, unsigned int writable_len) | 517 | int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len) |
517 | { | 518 | { |
518 | struct sk_buff *nskb; | 519 | struct sk_buff *nskb; |
519 | 520 | ||
@@ -540,8 +541,7 @@ copy_skb: | |||
540 | *pskb = nskb; | 541 | *pskb = nskb; |
541 | return 1; | 542 | return 1; |
542 | } | 543 | } |
543 | EXPORT_SYMBOL(skb_ip_make_writable); | 544 | EXPORT_SYMBOL(skb_make_writable); |
544 | #endif /*CONFIG_INET*/ | ||
545 | 545 | ||
546 | /* Internal logging interface, which relies on the real | 546 | /* Internal logging interface, which relies on the real |
547 | LOG target modules */ | 547 | LOG target modules */ |
diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c index 567c802fecf0..1adedb743f60 100644 --- a/net/ipv4/netfilter/ip_nat_core.c +++ b/net/ipv4/netfilter/ip_nat_core.c | |||
@@ -359,7 +359,7 @@ manip_pkt(u_int16_t proto, | |||
359 | struct iphdr *iph; | 359 | struct iphdr *iph; |
360 | struct ip_nat_protocol *p; | 360 | struct ip_nat_protocol *p; |
361 | 361 | ||
362 | if (!skb_ip_make_writable(pskb, iphdroff + sizeof(*iph))) | 362 | if (!skb_make_writable(pskb, iphdroff + sizeof(*iph))) |
363 | return 0; | 363 | return 0; |
364 | 364 | ||
365 | iph = (void *)(*pskb)->data + iphdroff; | 365 | iph = (void *)(*pskb)->data + iphdroff; |
@@ -431,7 +431,7 @@ int icmp_reply_translation(struct sk_buff **pskb, | |||
431 | struct ip_conntrack_tuple inner, target; | 431 | struct ip_conntrack_tuple inner, target; |
432 | int hdrlen = (*pskb)->nh.iph->ihl * 4; | 432 | int hdrlen = (*pskb)->nh.iph->ihl * 4; |
433 | 433 | ||
434 | if (!skb_ip_make_writable(pskb, hdrlen + sizeof(*inside))) | 434 | if (!skb_make_writable(pskb, hdrlen + sizeof(*inside))) |
435 | return 0; | 435 | return 0; |
436 | 436 | ||
437 | inside = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; | 437 | inside = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; |
diff --git a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c index 158f34f32c04..d2dd5d313556 100644 --- a/net/ipv4/netfilter/ip_nat_helper.c +++ b/net/ipv4/netfilter/ip_nat_helper.c | |||
@@ -168,7 +168,7 @@ ip_nat_mangle_tcp_packet(struct sk_buff **pskb, | |||
168 | struct tcphdr *tcph; | 168 | struct tcphdr *tcph; |
169 | int datalen; | 169 | int datalen; |
170 | 170 | ||
171 | if (!skb_ip_make_writable(pskb, (*pskb)->len)) | 171 | if (!skb_make_writable(pskb, (*pskb)->len)) |
172 | return 0; | 172 | return 0; |
173 | 173 | ||
174 | if (rep_len > match_len | 174 | if (rep_len > match_len |
@@ -228,7 +228,7 @@ ip_nat_mangle_udp_packet(struct sk_buff **pskb, | |||
228 | match_offset + match_len) | 228 | match_offset + match_len) |
229 | return 0; | 229 | return 0; |
230 | 230 | ||
231 | if (!skb_ip_make_writable(pskb, (*pskb)->len)) | 231 | if (!skb_make_writable(pskb, (*pskb)->len)) |
232 | return 0; | 232 | return 0; |
233 | 233 | ||
234 | if (rep_len > match_len | 234 | if (rep_len > match_len |
@@ -315,7 +315,7 @@ ip_nat_sack_adjust(struct sk_buff **pskb, | |||
315 | optoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct tcphdr); | 315 | optoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct tcphdr); |
316 | optend = (*pskb)->nh.iph->ihl*4 + tcph->doff*4; | 316 | optend = (*pskb)->nh.iph->ihl*4 + tcph->doff*4; |
317 | 317 | ||
318 | if (!skb_ip_make_writable(pskb, optend)) | 318 | if (!skb_make_writable(pskb, optend)) |
319 | return 0; | 319 | return 0; |
320 | 320 | ||
321 | dir = CTINFO2DIR(ctinfo); | 321 | dir = CTINFO2DIR(ctinfo); |
@@ -363,7 +363,7 @@ ip_nat_seq_adjust(struct sk_buff **pskb, | |||
363 | this_way = &ct->nat.info.seq[dir]; | 363 | this_way = &ct->nat.info.seq[dir]; |
364 | other_way = &ct->nat.info.seq[!dir]; | 364 | other_way = &ct->nat.info.seq[!dir]; |
365 | 365 | ||
366 | if (!skb_ip_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph))) | 366 | if (!skb_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph))) |
367 | return 0; | 367 | return 0; |
368 | 368 | ||
369 | tcph = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; | 369 | tcph = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; |
diff --git a/net/ipv4/netfilter/ip_nat_proto_icmp.c b/net/ipv4/netfilter/ip_nat_proto_icmp.c index 7ed2fdb53457..938719043999 100644 --- a/net/ipv4/netfilter/ip_nat_proto_icmp.c +++ b/net/ipv4/netfilter/ip_nat_proto_icmp.c | |||
@@ -62,7 +62,7 @@ icmp_manip_pkt(struct sk_buff **pskb, | |||
62 | struct icmphdr *hdr; | 62 | struct icmphdr *hdr; |
63 | unsigned int hdroff = iphdroff + iph->ihl*4; | 63 | unsigned int hdroff = iphdroff + iph->ihl*4; |
64 | 64 | ||
65 | if (!skb_ip_make_writable(pskb, hdroff + sizeof(*hdr))) | 65 | if (!skb_make_writable(pskb, hdroff + sizeof(*hdr))) |
66 | return 0; | 66 | return 0; |
67 | 67 | ||
68 | hdr = (struct icmphdr *)((*pskb)->data + hdroff); | 68 | hdr = (struct icmphdr *)((*pskb)->data + hdroff); |
diff --git a/net/ipv4/netfilter/ip_nat_proto_tcp.c b/net/ipv4/netfilter/ip_nat_proto_tcp.c index 6113a16af867..1d381bf68574 100644 --- a/net/ipv4/netfilter/ip_nat_proto_tcp.c +++ b/net/ipv4/netfilter/ip_nat_proto_tcp.c | |||
@@ -103,7 +103,7 @@ tcp_manip_pkt(struct sk_buff **pskb, | |||
103 | if ((*pskb)->len >= hdroff + sizeof(struct tcphdr)) | 103 | if ((*pskb)->len >= hdroff + sizeof(struct tcphdr)) |
104 | hdrsize = sizeof(struct tcphdr); | 104 | hdrsize = sizeof(struct tcphdr); |
105 | 105 | ||
106 | if (!skb_ip_make_writable(pskb, hdroff + hdrsize)) | 106 | if (!skb_make_writable(pskb, hdroff + hdrsize)) |
107 | return 0; | 107 | return 0; |
108 | 108 | ||
109 | iph = (struct iphdr *)((*pskb)->data + iphdroff); | 109 | iph = (struct iphdr *)((*pskb)->data + iphdroff); |
diff --git a/net/ipv4/netfilter/ip_nat_proto_udp.c b/net/ipv4/netfilter/ip_nat_proto_udp.c index 689478e637a7..c4906e1aa24a 100644 --- a/net/ipv4/netfilter/ip_nat_proto_udp.c +++ b/net/ipv4/netfilter/ip_nat_proto_udp.c | |||
@@ -94,7 +94,7 @@ udp_manip_pkt(struct sk_buff **pskb, | |||
94 | u32 oldip, newip; | 94 | u32 oldip, newip; |
95 | u16 *portptr, newport; | 95 | u16 *portptr, newport; |
96 | 96 | ||
97 | if (!skb_ip_make_writable(pskb, hdroff + sizeof(*hdr))) | 97 | if (!skb_make_writable(pskb, hdroff + sizeof(*hdr))) |
98 | return 0; | 98 | return 0; |
99 | 99 | ||
100 | iph = (struct iphdr *)((*pskb)->data + iphdroff); | 100 | iph = (struct iphdr *)((*pskb)->data + iphdroff); |
diff --git a/net/ipv4/netfilter/ip_nat_snmp_basic.c b/net/ipv4/netfilter/ip_nat_snmp_basic.c index 2a48b6e635ae..93b2c5111bb2 100644 --- a/net/ipv4/netfilter/ip_nat_snmp_basic.c +++ b/net/ipv4/netfilter/ip_nat_snmp_basic.c | |||
@@ -1275,7 +1275,7 @@ static int help(struct sk_buff **pskb, | |||
1275 | return NF_DROP; | 1275 | return NF_DROP; |
1276 | } | 1276 | } |
1277 | 1277 | ||
1278 | if (!skb_ip_make_writable(pskb, (*pskb)->len)) | 1278 | if (!skb_make_writable(pskb, (*pskb)->len)) |
1279 | return NF_DROP; | 1279 | return NF_DROP; |
1280 | 1280 | ||
1281 | spin_lock_bh(&snmp_lock); | 1281 | spin_lock_bh(&snmp_lock); |
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c index bc0af8d8e910..ae975ac59c6a 100644 --- a/net/ipv4/netfilter/ip_queue.c +++ b/net/ipv4/netfilter/ip_queue.c | |||
@@ -388,7 +388,7 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) | |||
388 | } | 388 | } |
389 | skb_put(e->skb, diff); | 389 | skb_put(e->skb, diff); |
390 | } | 390 | } |
391 | if (!skb_ip_make_writable(&e->skb, v->data_len)) | 391 | if (!skb_make_writable(&e->skb, v->data_len)) |
392 | return -ENOMEM; | 392 | return -ENOMEM; |
393 | memcpy(e->skb->data, v->payload, v->data_len); | 393 | memcpy(e->skb->data, v->payload, v->data_len); |
394 | e->skb->ip_summed = CHECKSUM_NONE; | 394 | e->skb->ip_summed = CHECKSUM_NONE; |
diff --git a/net/ipv4/netfilter/ipt_DSCP.c b/net/ipv4/netfilter/ipt_DSCP.c index 975476fef27a..6e319570a28c 100644 --- a/net/ipv4/netfilter/ipt_DSCP.c +++ b/net/ipv4/netfilter/ipt_DSCP.c | |||
@@ -39,7 +39,7 @@ target(struct sk_buff **pskb, | |||
39 | if (((*pskb)->nh.iph->tos & IPT_DSCP_MASK) != sh_dscp) { | 39 | if (((*pskb)->nh.iph->tos & IPT_DSCP_MASK) != sh_dscp) { |
40 | u_int16_t diffs[2]; | 40 | u_int16_t diffs[2]; |
41 | 41 | ||
42 | if (!skb_ip_make_writable(pskb, sizeof(struct iphdr))) | 42 | if (!skb_make_writable(pskb, sizeof(struct iphdr))) |
43 | return NF_DROP; | 43 | return NF_DROP; |
44 | 44 | ||
45 | diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF; | 45 | diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF; |
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c index f63a9bc0e4d2..a1319693f648 100644 --- a/net/ipv4/netfilter/ipt_ECN.c +++ b/net/ipv4/netfilter/ipt_ECN.c | |||
@@ -31,7 +31,7 @@ set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) | |||
31 | != (einfo->ip_ect & IPT_ECN_IP_MASK)) { | 31 | != (einfo->ip_ect & IPT_ECN_IP_MASK)) { |
32 | u_int16_t diffs[2]; | 32 | u_int16_t diffs[2]; |
33 | 33 | ||
34 | if (!skb_ip_make_writable(pskb, sizeof(struct iphdr))) | 34 | if (!skb_make_writable(pskb, sizeof(struct iphdr))) |
35 | return 0; | 35 | return 0; |
36 | 36 | ||
37 | diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF; | 37 | diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF; |
@@ -66,7 +66,7 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo, int inward) | |||
66 | tcph->cwr == einfo->proto.tcp.cwr))) | 66 | tcph->cwr == einfo->proto.tcp.cwr))) |
67 | return 1; | 67 | return 1; |
68 | 68 | ||
69 | if (!skb_ip_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph))) | 69 | if (!skb_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph))) |
70 | return 0; | 70 | return 0; |
71 | tcph = (void *)(*pskb)->nh.iph + (*pskb)->nh.iph->ihl*4; | 71 | tcph = (void *)(*pskb)->nh.iph + (*pskb)->nh.iph->ihl*4; |
72 | 72 | ||
diff --git a/net/ipv4/netfilter/ipt_TCPMSS.c b/net/ipv4/netfilter/ipt_TCPMSS.c index 949288319ca8..8db70d6908c3 100644 --- a/net/ipv4/netfilter/ipt_TCPMSS.c +++ b/net/ipv4/netfilter/ipt_TCPMSS.c | |||
@@ -58,7 +58,7 @@ ipt_tcpmss_target(struct sk_buff **pskb, | |||
58 | unsigned int i; | 58 | unsigned int i; |
59 | u_int8_t *opt; | 59 | u_int8_t *opt; |
60 | 60 | ||
61 | if (!skb_ip_make_writable(pskb, (*pskb)->len)) | 61 | if (!skb_make_writable(pskb, (*pskb)->len)) |
62 | return NF_DROP; | 62 | return NF_DROP; |
63 | 63 | ||
64 | if ((*pskb)->ip_summed == CHECKSUM_HW && | 64 | if ((*pskb)->ip_summed == CHECKSUM_HW && |
diff --git a/net/ipv4/netfilter/ipt_TOS.c b/net/ipv4/netfilter/ipt_TOS.c index 49abb7eef0a4..deadb36d4428 100644 --- a/net/ipv4/netfilter/ipt_TOS.c +++ b/net/ipv4/netfilter/ipt_TOS.c | |||
@@ -33,7 +33,7 @@ target(struct sk_buff **pskb, | |||
33 | if (((*pskb)->nh.iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) { | 33 | if (((*pskb)->nh.iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) { |
34 | u_int16_t diffs[2]; | 34 | u_int16_t diffs[2]; |
35 | 35 | ||
36 | if (!skb_ip_make_writable(pskb, sizeof(struct iphdr))) | 36 | if (!skb_make_writable(pskb, sizeof(struct iphdr))) |
37 | return NF_DROP; | 37 | return NF_DROP; |
38 | 38 | ||
39 | diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF; | 39 | diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF; |
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c index 83ccedceed17..7130603a32c5 100644 --- a/net/ipv6/netfilter/ip6_queue.c +++ b/net/ipv6/netfilter/ip6_queue.c | |||
@@ -384,7 +384,7 @@ ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) | |||
384 | } | 384 | } |
385 | skb_put(e->skb, diff); | 385 | skb_put(e->skb, diff); |
386 | } | 386 | } |
387 | if (!skb_ip_make_writable(&e->skb, v->data_len)) | 387 | if (!skb_make_writable(&e->skb, v->data_len)) |
388 | return -ENOMEM; | 388 | return -ENOMEM; |
389 | memcpy(e->skb->data, v->payload, v->data_len); | 389 | memcpy(e->skb->data, v->payload, v->data_len); |
390 | e->skb->ip_summed = CHECKSUM_NONE; | 390 | e->skb->ip_summed = CHECKSUM_NONE; |