diff options
27 files changed, 36 insertions, 64 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 2e2045482cb1..ec60856408fd 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h | |||
@@ -21,10 +21,13 @@ | |||
21 | #define NF_STOP 5 | 21 | #define NF_STOP 5 |
22 | #define NF_MAX_VERDICT NF_STOP | 22 | #define NF_MAX_VERDICT NF_STOP |
23 | 23 | ||
24 | /* only for userspace compatibility */ | ||
25 | #ifndef __KERNEL__ | ||
24 | /* Generic cache responses from hook functions. | 26 | /* Generic cache responses from hook functions. |
25 | <= 0x2000 is used for protocol-flags. */ | 27 | <= 0x2000 is used for protocol-flags. */ |
26 | #define NFC_UNKNOWN 0x4000 | 28 | #define NFC_UNKNOWN 0x4000 |
27 | #define NFC_ALTERED 0x8000 | 29 | #define NFC_ALTERED 0x8000 |
30 | #endif | ||
28 | 31 | ||
29 | #ifdef __KERNEL__ | 32 | #ifdef __KERNEL__ |
30 | #include <linux/config.h> | 33 | #include <linux/config.h> |
diff --git a/include/linux/netfilter_decnet.h b/include/linux/netfilter_decnet.h index 3064eec9cb8e..018979484150 100644 --- a/include/linux/netfilter_decnet.h +++ b/include/linux/netfilter_decnet.h | |||
@@ -9,6 +9,8 @@ | |||
9 | 9 | ||
10 | #include <linux/netfilter.h> | 10 | #include <linux/netfilter.h> |
11 | 11 | ||
12 | /* only for userspace compatibility */ | ||
13 | #ifndef __KERNEL__ | ||
12 | /* IP Cache bits. */ | 14 | /* IP Cache bits. */ |
13 | /* Src IP address. */ | 15 | /* Src IP address. */ |
14 | #define NFC_DN_SRC 0x0001 | 16 | #define NFC_DN_SRC 0x0001 |
@@ -18,6 +20,7 @@ | |||
18 | #define NFC_DN_IF_IN 0x0004 | 20 | #define NFC_DN_IF_IN 0x0004 |
19 | /* Output device. */ | 21 | /* Output device. */ |
20 | #define NFC_DN_IF_OUT 0x0008 | 22 | #define NFC_DN_IF_OUT 0x0008 |
23 | #endif /* ! __KERNEL__ */ | ||
21 | 24 | ||
22 | /* DECnet Hooks */ | 25 | /* DECnet Hooks */ |
23 | /* After promisc drops, checksum checks. */ | 26 | /* After promisc drops, checksum checks. */ |
diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h index 3ebc36afae1a..552815b8193e 100644 --- a/include/linux/netfilter_ipv4.h +++ b/include/linux/netfilter_ipv4.h | |||
@@ -8,6 +8,8 @@ | |||
8 | #include <linux/config.h> | 8 | #include <linux/config.h> |
9 | #include <linux/netfilter.h> | 9 | #include <linux/netfilter.h> |
10 | 10 | ||
11 | /* only for userspace compatibility */ | ||
12 | #ifndef __KERNEL__ | ||
11 | /* IP Cache bits. */ | 13 | /* IP Cache bits. */ |
12 | /* Src IP address. */ | 14 | /* Src IP address. */ |
13 | #define NFC_IP_SRC 0x0001 | 15 | #define NFC_IP_SRC 0x0001 |
@@ -35,6 +37,7 @@ | |||
35 | #define NFC_IP_DST_PT 0x0400 | 37 | #define NFC_IP_DST_PT 0x0400 |
36 | /* Something else about the proto */ | 38 | /* Something else about the proto */ |
37 | #define NFC_IP_PROTO_UNKNOWN 0x2000 | 39 | #define NFC_IP_PROTO_UNKNOWN 0x2000 |
40 | #endif /* ! __KERNEL__ */ | ||
38 | 41 | ||
39 | /* IP Hooks */ | 42 | /* IP Hooks */ |
40 | /* After promisc drops, checksum checks. */ | 43 | /* After promisc drops, checksum checks. */ |
diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h index bee7a5ec7c66..20c069a5e4ac 100644 --- a/include/linux/netfilter_ipv6.h +++ b/include/linux/netfilter_ipv6.h | |||
@@ -10,6 +10,8 @@ | |||
10 | 10 | ||
11 | #include <linux/netfilter.h> | 11 | #include <linux/netfilter.h> |
12 | 12 | ||
13 | /* only for userspace compatibility */ | ||
14 | #ifndef __KERNEL__ | ||
13 | /* IP Cache bits. */ | 15 | /* IP Cache bits. */ |
14 | /* Src IP address. */ | 16 | /* Src IP address. */ |
15 | #define NFC_IP6_SRC 0x0001 | 17 | #define NFC_IP6_SRC 0x0001 |
@@ -38,6 +40,7 @@ | |||
38 | #define NFC_IP6_DST_PT 0x0400 | 40 | #define NFC_IP6_DST_PT 0x0400 |
39 | /* Something else about the proto */ | 41 | /* Something else about the proto */ |
40 | #define NFC_IP6_PROTO_UNKNOWN 0x2000 | 42 | #define NFC_IP6_PROTO_UNKNOWN 0x2000 |
43 | #endif /* ! __KERNEL__ */ | ||
41 | 44 | ||
42 | 45 | ||
43 | /* IP6 Hooks */ | 46 | /* IP6 Hooks */ |
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 2e40f4c9f7a6..4b929c3c1a98 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h | |||
@@ -190,7 +190,6 @@ struct skb_shared_info { | |||
190 | * @end: End pointer | 190 | * @end: End pointer |
191 | * @destructor: Destruct function | 191 | * @destructor: Destruct function |
192 | * @nfmark: Can be used for communication between hooks | 192 | * @nfmark: Can be used for communication between hooks |
193 | * @nfcache: Cache info | ||
194 | * @nfct: Associated connection, if any | 193 | * @nfct: Associated connection, if any |
195 | * @nfctinfo: Relationship of this skb to the connection | 194 | * @nfctinfo: Relationship of this skb to the connection |
196 | * @nf_bridge: Saved data about a bridged frame - see br_netfilter.c | 195 | * @nf_bridge: Saved data about a bridged frame - see br_netfilter.c |
@@ -252,17 +251,18 @@ struct sk_buff { | |||
252 | __u8 local_df:1, | 251 | __u8 local_df:1, |
253 | cloned:1, | 252 | cloned:1, |
254 | ip_summed:2, | 253 | ip_summed:2, |
255 | nohdr:1; | 254 | nohdr:1, |
256 | /* 3 bits spare */ | 255 | nfctinfo:3; |
257 | __u8 pkt_type; | 256 | __u8 pkt_type; |
258 | __be16 protocol; | 257 | __be16 protocol; |
259 | 258 | ||
260 | void (*destructor)(struct sk_buff *skb); | 259 | void (*destructor)(struct sk_buff *skb); |
261 | #ifdef CONFIG_NETFILTER | 260 | #ifdef CONFIG_NETFILTER |
262 | __u32 nfmark; | 261 | __u32 nfmark; |
263 | __u32 nfcache; | ||
264 | __u32 nfctinfo; | ||
265 | struct nf_conntrack *nfct; | 262 | struct nf_conntrack *nfct; |
263 | #if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE) | ||
264 | __u8 ipvs_property:1; | ||
265 | #endif | ||
266 | #ifdef CONFIG_BRIDGE_NETFILTER | 266 | #ifdef CONFIG_BRIDGE_NETFILTER |
267 | struct nf_bridge_info *nf_bridge; | 267 | struct nf_bridge_info *nf_bridge; |
268 | #endif | 268 | #endif |
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c index 02c632b4d325..c93d35ab95c0 100644 --- a/net/bridge/netfilter/ebt_mark.c +++ b/net/bridge/netfilter/ebt_mark.c | |||
@@ -23,10 +23,9 @@ static int ebt_target_mark(struct sk_buff **pskb, unsigned int hooknr, | |||
23 | { | 23 | { |
24 | struct ebt_mark_t_info *info = (struct ebt_mark_t_info *)data; | 24 | struct ebt_mark_t_info *info = (struct ebt_mark_t_info *)data; |
25 | 25 | ||
26 | if ((*pskb)->nfmark != info->mark) { | 26 | if ((*pskb)->nfmark != info->mark) |
27 | (*pskb)->nfmark = info->mark; | 27 | (*pskb)->nfmark = info->mark; |
28 | (*pskb)->nfcache |= NFC_ALTERED; | 28 | |
29 | } | ||
30 | return info->target; | 29 | return info->target; |
31 | } | 30 | } |
32 | 31 | ||
diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 7eab867ede59..096991cb09d9 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c | |||
@@ -361,7 +361,6 @@ struct sk_buff *skb_clone(struct sk_buff *skb, unsigned int __nocast gfp_mask) | |||
361 | n->destructor = NULL; | 361 | n->destructor = NULL; |
362 | #ifdef CONFIG_NETFILTER | 362 | #ifdef CONFIG_NETFILTER |
363 | C(nfmark); | 363 | C(nfmark); |
364 | C(nfcache); | ||
365 | C(nfct); | 364 | C(nfct); |
366 | nf_conntrack_get(skb->nfct); | 365 | nf_conntrack_get(skb->nfct); |
367 | C(nfctinfo); | 366 | C(nfctinfo); |
@@ -424,7 +423,6 @@ static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old) | |||
424 | new->destructor = NULL; | 423 | new->destructor = NULL; |
425 | #ifdef CONFIG_NETFILTER | 424 | #ifdef CONFIG_NETFILTER |
426 | new->nfmark = old->nfmark; | 425 | new->nfmark = old->nfmark; |
427 | new->nfcache = old->nfcache; | ||
428 | new->nfct = old->nfct; | 426 | new->nfct = old->nfct; |
429 | nf_conntrack_get(old->nfct); | 427 | nf_conntrack_get(old->nfct); |
430 | new->nfctinfo = old->nfctinfo; | 428 | new->nfctinfo = old->nfctinfo; |
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 80d13103b2b0..766564cb4207 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c | |||
@@ -392,7 +392,6 @@ static void ip_copy_metadata(struct sk_buff *to, struct sk_buff *from) | |||
392 | #endif | 392 | #endif |
393 | #ifdef CONFIG_NETFILTER | 393 | #ifdef CONFIG_NETFILTER |
394 | to->nfmark = from->nfmark; | 394 | to->nfmark = from->nfmark; |
395 | to->nfcache = from->nfcache; | ||
396 | /* Connection association is same as pre-frag packet */ | 395 | /* Connection association is same as pre-frag packet */ |
397 | nf_conntrack_put(to->nfct); | 396 | nf_conntrack_put(to->nfct); |
398 | to->nfct = from->nfct; | 397 | to->nfct = from->nfct; |
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c index 5fb257dd07cb..3ac7eeca04ac 100644 --- a/net/ipv4/ipvs/ip_vs_core.c +++ b/net/ipv4/ipvs/ip_vs_core.c | |||
@@ -22,6 +22,7 @@ | |||
22 | * | 22 | * |
23 | * Changes: | 23 | * Changes: |
24 | * Paul `Rusty' Russell properly handle non-linear skbs | 24 | * Paul `Rusty' Russell properly handle non-linear skbs |
25 | * Harald Welte don't use nfcache | ||
25 | * | 26 | * |
26 | */ | 27 | */ |
27 | 28 | ||
@@ -529,7 +530,7 @@ static unsigned int ip_vs_post_routing(unsigned int hooknum, | |||
529 | const struct net_device *out, | 530 | const struct net_device *out, |
530 | int (*okfn)(struct sk_buff *)) | 531 | int (*okfn)(struct sk_buff *)) |
531 | { | 532 | { |
532 | if (!((*pskb)->nfcache & NFC_IPVS_PROPERTY)) | 533 | if (!((*pskb)->ipvs_property)) |
533 | return NF_ACCEPT; | 534 | return NF_ACCEPT; |
534 | 535 | ||
535 | /* The packet was sent from IPVS, exit this chain */ | 536 | /* The packet was sent from IPVS, exit this chain */ |
@@ -701,7 +702,7 @@ static int ip_vs_out_icmp(struct sk_buff **pskb, int *related) | |||
701 | /* do the statistics and put it back */ | 702 | /* do the statistics and put it back */ |
702 | ip_vs_out_stats(cp, skb); | 703 | ip_vs_out_stats(cp, skb); |
703 | 704 | ||
704 | skb->nfcache |= NFC_IPVS_PROPERTY; | 705 | skb->ipvs_property = 1; |
705 | verdict = NF_ACCEPT; | 706 | verdict = NF_ACCEPT; |
706 | 707 | ||
707 | out: | 708 | out: |
@@ -739,7 +740,7 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, | |||
739 | 740 | ||
740 | EnterFunction(11); | 741 | EnterFunction(11); |
741 | 742 | ||
742 | if (skb->nfcache & NFC_IPVS_PROPERTY) | 743 | if (skb->ipvs_property) |
743 | return NF_ACCEPT; | 744 | return NF_ACCEPT; |
744 | 745 | ||
745 | iph = skb->nh.iph; | 746 | iph = skb->nh.iph; |
@@ -821,7 +822,7 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, | |||
821 | ip_vs_set_state(cp, IP_VS_DIR_OUTPUT, skb, pp); | 822 | ip_vs_set_state(cp, IP_VS_DIR_OUTPUT, skb, pp); |
822 | ip_vs_conn_put(cp); | 823 | ip_vs_conn_put(cp); |
823 | 824 | ||
824 | skb->nfcache |= NFC_IPVS_PROPERTY; | 825 | skb->ipvs_property = 1; |
825 | 826 | ||
826 | LeaveFunction(11); | 827 | LeaveFunction(11); |
827 | return NF_ACCEPT; | 828 | return NF_ACCEPT; |
diff --git a/net/ipv4/ipvs/ip_vs_xmit.c b/net/ipv4/ipvs/ip_vs_xmit.c index a8512a3fd08a..3b87482049cf 100644 --- a/net/ipv4/ipvs/ip_vs_xmit.c +++ b/net/ipv4/ipvs/ip_vs_xmit.c | |||
@@ -127,7 +127,7 @@ ip_vs_dst_reset(struct ip_vs_dest *dest) | |||
127 | 127 | ||
128 | #define IP_VS_XMIT(skb, rt) \ | 128 | #define IP_VS_XMIT(skb, rt) \ |
129 | do { \ | 129 | do { \ |
130 | (skb)->nfcache |= NFC_IPVS_PROPERTY; \ | 130 | (skb)->ipvs_property = 1; \ |
131 | (skb)->ip_summed = CHECKSUM_NONE; \ | 131 | (skb)->ip_summed = CHECKSUM_NONE; \ |
132 | NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, (skb), NULL, \ | 132 | NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, (skb), NULL, \ |
133 | (rt)->u.dst.dev, dst_output); \ | 133 | (rt)->u.dst.dev, dst_output); \ |
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index a7f0c821a9b2..04c3414361d4 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c | |||
@@ -625,9 +625,6 @@ unsigned int ip_conntrack_in(unsigned int hooknum, | |||
625 | return NF_DROP; | 625 | return NF_DROP; |
626 | } | 626 | } |
627 | 627 | ||
628 | /* FIXME: Do this right please. --RR */ | ||
629 | (*pskb)->nfcache |= NFC_UNKNOWN; | ||
630 | |||
631 | /* Doesn't cover locally-generated broadcast, so not worth it. */ | 628 | /* Doesn't cover locally-generated broadcast, so not worth it. */ |
632 | #if 0 | 629 | #if 0 |
633 | /* Ignore broadcast: no `connection'. */ | 630 | /* Ignore broadcast: no `connection'. */ |
@@ -943,10 +940,8 @@ ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user) | |||
943 | skb = ip_defrag(skb, user); | 940 | skb = ip_defrag(skb, user); |
944 | local_bh_enable(); | 941 | local_bh_enable(); |
945 | 942 | ||
946 | if (skb) { | 943 | if (skb) |
947 | ip_send_check(skb->nh.iph); | 944 | ip_send_check(skb->nh.iph); |
948 | skb->nfcache |= NFC_ALTERED; | ||
949 | } | ||
950 | return skb; | 945 | return skb; |
951 | } | 946 | } |
952 | 947 | ||
diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c index 739b6dde1c82..ed4d731880f7 100644 --- a/net/ipv4/netfilter/ip_nat_core.c +++ b/net/ipv4/netfilter/ip_nat_core.c | |||
@@ -321,7 +321,6 @@ manip_pkt(u_int16_t proto, | |||
321 | { | 321 | { |
322 | struct iphdr *iph; | 322 | struct iphdr *iph; |
323 | 323 | ||
324 | (*pskb)->nfcache |= NFC_ALTERED; | ||
325 | if (!skb_ip_make_writable(pskb, iphdroff + sizeof(*iph))) | 324 | if (!skb_ip_make_writable(pskb, iphdroff + sizeof(*iph))) |
326 | return 0; | 325 | return 0; |
327 | 326 | ||
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c index 91d5ea1dbbc9..9ecba979033a 100644 --- a/net/ipv4/netfilter/ip_nat_standalone.c +++ b/net/ipv4/netfilter/ip_nat_standalone.c | |||
@@ -73,8 +73,6 @@ ip_nat_fn(unsigned int hooknum, | |||
73 | IP_NF_ASSERT(!((*pskb)->nh.iph->frag_off | 73 | IP_NF_ASSERT(!((*pskb)->nh.iph->frag_off |
74 | & htons(IP_MF|IP_OFFSET))); | 74 | & htons(IP_MF|IP_OFFSET))); |
75 | 75 | ||
76 | (*pskb)->nfcache |= NFC_UNKNOWN; | ||
77 | |||
78 | /* If we had a hardware checksum before, it's now invalid */ | 76 | /* If we had a hardware checksum before, it's now invalid */ |
79 | if ((*pskb)->ip_summed == CHECKSUM_HW) | 77 | if ((*pskb)->ip_summed == CHECKSUM_HW) |
80 | if (skb_checksum_help(*pskb, (out == NULL))) | 78 | if (skb_checksum_help(*pskb, (out == NULL))) |
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c index c6baa8174389..bc0af8d8e910 100644 --- a/net/ipv4/netfilter/ip_queue.c +++ b/net/ipv4/netfilter/ip_queue.c | |||
@@ -392,7 +392,6 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) | |||
392 | return -ENOMEM; | 392 | return -ENOMEM; |
393 | memcpy(e->skb->data, v->payload, v->data_len); | 393 | memcpy(e->skb->data, v->payload, v->data_len); |
394 | e->skb->ip_summed = CHECKSUM_NONE; | 394 | e->skb->ip_summed = CHECKSUM_NONE; |
395 | e->skb->nfcache |= NFC_ALTERED; | ||
396 | 395 | ||
397 | /* | 396 | /* |
398 | * Extra routing may needed on local out, as the QUEUE target never | 397 | * Extra routing may needed on local out, as the QUEUE target never |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index c88dfcd38c56..ff8d85d2070d 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -312,7 +312,6 @@ ipt_do_table(struct sk_buff **pskb, | |||
312 | do { | 312 | do { |
313 | IP_NF_ASSERT(e); | 313 | IP_NF_ASSERT(e); |
314 | IP_NF_ASSERT(back); | 314 | IP_NF_ASSERT(back); |
315 | (*pskb)->nfcache |= e->nfcache; | ||
316 | if (ip_packet_match(ip, indev, outdev, &e->ip, offset)) { | 315 | if (ip_packet_match(ip, indev, outdev, &e->ip, offset)) { |
317 | struct ipt_entry_target *t; | 316 | struct ipt_entry_target *t; |
318 | 317 | ||
diff --git a/net/ipv4/netfilter/ipt_CLASSIFY.c b/net/ipv4/netfilter/ipt_CLASSIFY.c index 9842e6e23184..dab78d8bd494 100644 --- a/net/ipv4/netfilter/ipt_CLASSIFY.c +++ b/net/ipv4/netfilter/ipt_CLASSIFY.c | |||
@@ -32,10 +32,8 @@ target(struct sk_buff **pskb, | |||
32 | { | 32 | { |
33 | const struct ipt_classify_target_info *clinfo = targinfo; | 33 | const struct ipt_classify_target_info *clinfo = targinfo; |
34 | 34 | ||
35 | if((*pskb)->priority != clinfo->priority) { | 35 | if((*pskb)->priority != clinfo->priority) |
36 | (*pskb)->priority = clinfo->priority; | 36 | (*pskb)->priority = clinfo->priority; |
37 | (*pskb)->nfcache |= NFC_ALTERED; | ||
38 | } | ||
39 | 37 | ||
40 | return IPT_CONTINUE; | 38 | return IPT_CONTINUE; |
41 | } | 39 | } |
diff --git a/net/ipv4/netfilter/ipt_CONNMARK.c b/net/ipv4/netfilter/ipt_CONNMARK.c index 8ed744157b1a..134638021339 100644 --- a/net/ipv4/netfilter/ipt_CONNMARK.c +++ b/net/ipv4/netfilter/ipt_CONNMARK.c | |||
@@ -61,10 +61,8 @@ target(struct sk_buff **pskb, | |||
61 | case IPT_CONNMARK_RESTORE: | 61 | case IPT_CONNMARK_RESTORE: |
62 | nfmark = (*pskb)->nfmark; | 62 | nfmark = (*pskb)->nfmark; |
63 | diff = (ct->mark ^ nfmark) & markinfo->mask; | 63 | diff = (ct->mark ^ nfmark) & markinfo->mask; |
64 | if (diff != 0) { | 64 | if (diff != 0) |
65 | (*pskb)->nfmark = nfmark ^ diff; | 65 | (*pskb)->nfmark = nfmark ^ diff; |
66 | (*pskb)->nfcache |= NFC_ALTERED; | ||
67 | } | ||
68 | break; | 66 | break; |
69 | } | 67 | } |
70 | } | 68 | } |
diff --git a/net/ipv4/netfilter/ipt_DSCP.c b/net/ipv4/netfilter/ipt_DSCP.c index 3ea4509099f9..975476fef27a 100644 --- a/net/ipv4/netfilter/ipt_DSCP.c +++ b/net/ipv4/netfilter/ipt_DSCP.c | |||
@@ -51,7 +51,6 @@ target(struct sk_buff **pskb, | |||
51 | sizeof(diffs), | 51 | sizeof(diffs), |
52 | (*pskb)->nh.iph->check | 52 | (*pskb)->nh.iph->check |
53 | ^ 0xFFFF)); | 53 | ^ 0xFFFF)); |
54 | (*pskb)->nfcache |= NFC_ALTERED; | ||
55 | } | 54 | } |
56 | return IPT_CONTINUE; | 55 | return IPT_CONTINUE; |
57 | } | 56 | } |
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c index 94a0ce1c1c9d..f63a9bc0e4d2 100644 --- a/net/ipv4/netfilter/ipt_ECN.c +++ b/net/ipv4/netfilter/ipt_ECN.c | |||
@@ -43,7 +43,6 @@ set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) | |||
43 | sizeof(diffs), | 43 | sizeof(diffs), |
44 | (*pskb)->nh.iph->check | 44 | (*pskb)->nh.iph->check |
45 | ^0xFFFF)); | 45 | ^0xFFFF)); |
46 | (*pskb)->nfcache |= NFC_ALTERED; | ||
47 | } | 46 | } |
48 | return 1; | 47 | return 1; |
49 | } | 48 | } |
@@ -87,7 +86,6 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo, int inward) | |||
87 | tcph->check = csum_fold(csum_partial((char *)diffs, | 86 | tcph->check = csum_fold(csum_partial((char *)diffs, |
88 | sizeof(diffs), | 87 | sizeof(diffs), |
89 | tcph->check^0xFFFF)); | 88 | tcph->check^0xFFFF)); |
90 | (*pskb)->nfcache |= NFC_ALTERED; | ||
91 | return 1; | 89 | return 1; |
92 | } | 90 | } |
93 | 91 | ||
diff --git a/net/ipv4/netfilter/ipt_MARK.c b/net/ipv4/netfilter/ipt_MARK.c index 8526398346cf..52b4f2c296bf 100644 --- a/net/ipv4/netfilter/ipt_MARK.c +++ b/net/ipv4/netfilter/ipt_MARK.c | |||
@@ -29,10 +29,9 @@ target_v0(struct sk_buff **pskb, | |||
29 | { | 29 | { |
30 | const struct ipt_mark_target_info *markinfo = targinfo; | 30 | const struct ipt_mark_target_info *markinfo = targinfo; |
31 | 31 | ||
32 | if((*pskb)->nfmark != markinfo->mark) { | 32 | if((*pskb)->nfmark != markinfo->mark) |
33 | (*pskb)->nfmark = markinfo->mark; | 33 | (*pskb)->nfmark = markinfo->mark; |
34 | (*pskb)->nfcache |= NFC_ALTERED; | 34 | |
35 | } | ||
36 | return IPT_CONTINUE; | 35 | return IPT_CONTINUE; |
37 | } | 36 | } |
38 | 37 | ||
@@ -61,10 +60,9 @@ target_v1(struct sk_buff **pskb, | |||
61 | break; | 60 | break; |
62 | } | 61 | } |
63 | 62 | ||
64 | if((*pskb)->nfmark != mark) { | 63 | if((*pskb)->nfmark != mark) |
65 | (*pskb)->nfmark = mark; | 64 | (*pskb)->nfmark = mark; |
66 | (*pskb)->nfcache |= NFC_ALTERED; | 65 | |
67 | } | ||
68 | return IPT_CONTINUE; | 66 | return IPT_CONTINUE; |
69 | } | 67 | } |
70 | 68 | ||
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c index 915696446020..f115a84a4ac6 100644 --- a/net/ipv4/netfilter/ipt_REJECT.c +++ b/net/ipv4/netfilter/ipt_REJECT.c | |||
@@ -156,7 +156,6 @@ static void send_reset(struct sk_buff *oldskb, int hook) | |||
156 | 156 | ||
157 | /* This packet will not be the same as the other: clear nf fields */ | 157 | /* This packet will not be the same as the other: clear nf fields */ |
158 | nf_reset(nskb); | 158 | nf_reset(nskb); |
159 | nskb->nfcache = 0; | ||
160 | nskb->nfmark = 0; | 159 | nskb->nfmark = 0; |
161 | #ifdef CONFIG_BRIDGE_NETFILTER | 160 | #ifdef CONFIG_BRIDGE_NETFILTER |
162 | nf_bridge_put(nskb->nf_bridge); | 161 | nf_bridge_put(nskb->nf_bridge); |
diff --git a/net/ipv4/netfilter/ipt_TCPMSS.c b/net/ipv4/netfilter/ipt_TCPMSS.c index 7b84a254440e..949288319ca8 100644 --- a/net/ipv4/netfilter/ipt_TCPMSS.c +++ b/net/ipv4/netfilter/ipt_TCPMSS.c | |||
@@ -190,7 +190,6 @@ ipt_tcpmss_target(struct sk_buff **pskb, | |||
190 | newmss); | 190 | newmss); |
191 | 191 | ||
192 | retmodified: | 192 | retmodified: |
193 | (*pskb)->nfcache |= NFC_UNKNOWN | NFC_ALTERED; | ||
194 | return IPT_CONTINUE; | 193 | return IPT_CONTINUE; |
195 | } | 194 | } |
196 | 195 | ||
diff --git a/net/ipv4/netfilter/ipt_TOS.c b/net/ipv4/netfilter/ipt_TOS.c index 85c70d240f8b..49abb7eef0a4 100644 --- a/net/ipv4/netfilter/ipt_TOS.c +++ b/net/ipv4/netfilter/ipt_TOS.c | |||
@@ -46,7 +46,6 @@ target(struct sk_buff **pskb, | |||
46 | sizeof(diffs), | 46 | sizeof(diffs), |
47 | (*pskb)->nh.iph->check | 47 | (*pskb)->nh.iph->check |
48 | ^0xFFFF)); | 48 | ^0xFFFF)); |
49 | (*pskb)->nfcache |= NFC_ALTERED; | ||
50 | } | 49 | } |
51 | return IPT_CONTINUE; | 50 | return IPT_CONTINUE; |
52 | } | 51 | } |
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index ae652ca14bc9..590d2b797197 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c | |||
@@ -185,19 +185,6 @@ int ip6_route_me_harder(struct sk_buff *skb) | |||
185 | } | 185 | } |
186 | #endif | 186 | #endif |
187 | 187 | ||
188 | static inline int ip6_maybe_reroute(struct sk_buff *skb) | ||
189 | { | ||
190 | #ifdef CONFIG_NETFILTER | ||
191 | if (skb->nfcache & NFC_ALTERED){ | ||
192 | if (ip6_route_me_harder(skb) != 0){ | ||
193 | kfree_skb(skb); | ||
194 | return -EINVAL; | ||
195 | } | ||
196 | } | ||
197 | #endif /* CONFIG_NETFILTER */ | ||
198 | return dst_output(skb); | ||
199 | } | ||
200 | |||
201 | /* | 188 | /* |
202 | * xmit an sk_buff (used by TCP) | 189 | * xmit an sk_buff (used by TCP) |
203 | */ | 190 | */ |
@@ -266,7 +253,8 @@ int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl, | |||
266 | mtu = dst_mtu(dst); | 253 | mtu = dst_mtu(dst); |
267 | if ((skb->len <= mtu) || ipfragok) { | 254 | if ((skb->len <= mtu) || ipfragok) { |
268 | IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS); | 255 | IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS); |
269 | return NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, ip6_maybe_reroute); | 256 | return NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, |
257 | dst_output); | ||
270 | } | 258 | } |
271 | 259 | ||
272 | if (net_ratelimit()) | 260 | if (net_ratelimit()) |
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c index a16df5b27c84..83ccedceed17 100644 --- a/net/ipv6/netfilter/ip6_queue.c +++ b/net/ipv6/netfilter/ip6_queue.c | |||
@@ -388,7 +388,6 @@ ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) | |||
388 | return -ENOMEM; | 388 | return -ENOMEM; |
389 | memcpy(e->skb->data, v->payload, v->data_len); | 389 | memcpy(e->skb->data, v->payload, v->data_len); |
390 | e->skb->ip_summed = CHECKSUM_NONE; | 390 | e->skb->ip_summed = CHECKSUM_NONE; |
391 | e->skb->nfcache |= NFC_ALTERED; | ||
392 | 391 | ||
393 | /* | 392 | /* |
394 | * Extra routing may needed on local out, as the QUEUE target never | 393 | * Extra routing may needed on local out, as the QUEUE target never |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 73034511c8db..41a67cf6e33a 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -401,7 +401,6 @@ ip6t_do_table(struct sk_buff **pskb, | |||
401 | do { | 401 | do { |
402 | IP_NF_ASSERT(e); | 402 | IP_NF_ASSERT(e); |
403 | IP_NF_ASSERT(back); | 403 | IP_NF_ASSERT(back); |
404 | (*pskb)->nfcache |= e->nfcache; | ||
405 | if (ip6_packet_match(*pskb, indev, outdev, &e->ipv6, | 404 | if (ip6_packet_match(*pskb, indev, outdev, &e->ipv6, |
406 | &protoff, &offset)) { | 405 | &protoff, &offset)) { |
407 | struct ip6t_entry_target *t; | 406 | struct ip6t_entry_target *t; |
diff --git a/net/ipv6/netfilter/ip6t_MARK.c b/net/ipv6/netfilter/ip6t_MARK.c index d09ceb05013a..81924fcc5857 100644 --- a/net/ipv6/netfilter/ip6t_MARK.c +++ b/net/ipv6/netfilter/ip6t_MARK.c | |||
@@ -28,10 +28,9 @@ target(struct sk_buff **pskb, | |||
28 | { | 28 | { |
29 | const struct ip6t_mark_target_info *markinfo = targinfo; | 29 | const struct ip6t_mark_target_info *markinfo = targinfo; |
30 | 30 | ||
31 | if((*pskb)->nfmark != markinfo->mark) { | 31 | if((*pskb)->nfmark != markinfo->mark) |
32 | (*pskb)->nfmark = markinfo->mark; | 32 | (*pskb)->nfmark = markinfo->mark; |
33 | (*pskb)->nfcache |= NFC_ALTERED; | 33 | |
34 | } | ||
35 | return IP6T_CONTINUE; | 34 | return IP6T_CONTINUE; |
36 | } | 35 | } |
37 | 36 | ||