diff options
| -rw-r--r-- | include/linux/netfilter.h | 5 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv4.h | 5 | ||||
| -rw-r--r-- | net/core/netfilter.c | 6 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_nat_core.c | 4 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_nat_helper.c | 8 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_nat_proto_icmp.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_nat_proto_tcp.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_nat_proto_udp.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_nat_snmp_basic.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_queue.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ipt_DSCP.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ipt_ECN.c | 4 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ipt_TCPMSS.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ipt_TOS.c | 2 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6_queue.c | 2 |
15 files changed, 25 insertions, 25 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index ec60856408fd..54b97a1baba5 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h | |||
| @@ -193,6 +193,11 @@ extern void nf_ct_attach(struct sk_buff *, struct sk_buff *); | |||
| 193 | /* FIXME: Before cache is ever used, this must be implemented for real. */ | 193 | /* FIXME: Before cache is ever used, this must be implemented for real. */ |
| 194 | extern void nf_invalidate_cache(int pf); | 194 | extern void nf_invalidate_cache(int pf); |
| 195 | 195 | ||
| 196 | /* Call this before modifying an existing packet: ensures it is | ||
| 197 | modifiable and linear to the point you care about (writable_len). | ||
| 198 | Returns true or false. */ | ||
| 199 | extern int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len); | ||
| 200 | |||
| 196 | #else /* !CONFIG_NETFILTER */ | 201 | #else /* !CONFIG_NETFILTER */ |
| 197 | #define NF_HOOK(pf, hook, skb, indev, outdev, okfn) (okfn)(skb) | 202 | #define NF_HOOK(pf, hook, skb, indev, outdev, okfn) (okfn)(skb) |
| 198 | static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {} | 203 | static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {} |
diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h index 552815b8193e..fdc4a9527343 100644 --- a/include/linux/netfilter_ipv4.h +++ b/include/linux/netfilter_ipv4.h | |||
| @@ -80,11 +80,6 @@ enum nf_ip_hook_priorities { | |||
| 80 | #ifdef __KERNEL__ | 80 | #ifdef __KERNEL__ |
| 81 | extern int ip_route_me_harder(struct sk_buff **pskb); | 81 | extern int ip_route_me_harder(struct sk_buff **pskb); |
| 82 | 82 | ||
| 83 | /* Call this before modifying an existing IP packet: ensures it is | ||
| 84 | modifiable and linear to the point you care about (writable_len). | ||
| 85 | Returns true or false. */ | ||
| 86 | extern int skb_ip_make_writable(struct sk_buff **pskb, | ||
| 87 | unsigned int writable_len); | ||
| 88 | #endif /*__KERNEL__*/ | 83 | #endif /*__KERNEL__*/ |
| 89 | 84 | ||
| 90 | #endif /*__LINUX_IP_NETFILTER_H*/ | 85 | #endif /*__LINUX_IP_NETFILTER_H*/ |
diff --git a/net/core/netfilter.c b/net/core/netfilter.c index 076c156d5eda..bbf9081a6804 100644 --- a/net/core/netfilter.c +++ b/net/core/netfilter.c | |||
| @@ -512,8 +512,9 @@ int ip_route_me_harder(struct sk_buff **pskb) | |||
| 512 | return 0; | 512 | return 0; |
| 513 | } | 513 | } |
| 514 | EXPORT_SYMBOL(ip_route_me_harder); | 514 | EXPORT_SYMBOL(ip_route_me_harder); |
| 515 | #endif /*CONFIG_INET*/ | ||
| 515 | 516 | ||
| 516 | int skb_ip_make_writable(struct sk_buff **pskb, unsigned int writable_len) | 517 | int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len) |
| 517 | { | 518 | { |
| 518 | struct sk_buff *nskb; | 519 | struct sk_buff *nskb; |
| 519 | 520 | ||
| @@ -540,8 +541,7 @@ copy_skb: | |||
| 540 | *pskb = nskb; | 541 | *pskb = nskb; |
| 541 | return 1; | 542 | return 1; |
| 542 | } | 543 | } |
| 543 | EXPORT_SYMBOL(skb_ip_make_writable); | 544 | EXPORT_SYMBOL(skb_make_writable); |
| 544 | #endif /*CONFIG_INET*/ | ||
| 545 | 545 | ||
| 546 | /* Internal logging interface, which relies on the real | 546 | /* Internal logging interface, which relies on the real |
| 547 | LOG target modules */ | 547 | LOG target modules */ |
diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c index 567c802fecf0..1adedb743f60 100644 --- a/net/ipv4/netfilter/ip_nat_core.c +++ b/net/ipv4/netfilter/ip_nat_core.c | |||
| @@ -359,7 +359,7 @@ manip_pkt(u_int16_t proto, | |||
| 359 | struct iphdr *iph; | 359 | struct iphdr *iph; |
| 360 | struct ip_nat_protocol *p; | 360 | struct ip_nat_protocol *p; |
| 361 | 361 | ||
| 362 | if (!skb_ip_make_writable(pskb, iphdroff + sizeof(*iph))) | 362 | if (!skb_make_writable(pskb, iphdroff + sizeof(*iph))) |
| 363 | return 0; | 363 | return 0; |
| 364 | 364 | ||
| 365 | iph = (void *)(*pskb)->data + iphdroff; | 365 | iph = (void *)(*pskb)->data + iphdroff; |
| @@ -431,7 +431,7 @@ int icmp_reply_translation(struct sk_buff **pskb, | |||
| 431 | struct ip_conntrack_tuple inner, target; | 431 | struct ip_conntrack_tuple inner, target; |
| 432 | int hdrlen = (*pskb)->nh.iph->ihl * 4; | 432 | int hdrlen = (*pskb)->nh.iph->ihl * 4; |
| 433 | 433 | ||
| 434 | if (!skb_ip_make_writable(pskb, hdrlen + sizeof(*inside))) | 434 | if (!skb_make_writable(pskb, hdrlen + sizeof(*inside))) |
| 435 | return 0; | 435 | return 0; |
| 436 | 436 | ||
| 437 | inside = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; | 437 | inside = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; |
diff --git a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c index 158f34f32c04..d2dd5d313556 100644 --- a/net/ipv4/netfilter/ip_nat_helper.c +++ b/net/ipv4/netfilter/ip_nat_helper.c | |||
| @@ -168,7 +168,7 @@ ip_nat_mangle_tcp_packet(struct sk_buff **pskb, | |||
| 168 | struct tcphdr *tcph; | 168 | struct tcphdr *tcph; |
| 169 | int datalen; | 169 | int datalen; |
| 170 | 170 | ||
| 171 | if (!skb_ip_make_writable(pskb, (*pskb)->len)) | 171 | if (!skb_make_writable(pskb, (*pskb)->len)) |
| 172 | return 0; | 172 | return 0; |
| 173 | 173 | ||
| 174 | if (rep_len > match_len | 174 | if (rep_len > match_len |
| @@ -228,7 +228,7 @@ ip_nat_mangle_udp_packet(struct sk_buff **pskb, | |||
| 228 | match_offset + match_len) | 228 | match_offset + match_len) |
| 229 | return 0; | 229 | return 0; |
| 230 | 230 | ||
| 231 | if (!skb_ip_make_writable(pskb, (*pskb)->len)) | 231 | if (!skb_make_writable(pskb, (*pskb)->len)) |
| 232 | return 0; | 232 | return 0; |
| 233 | 233 | ||
| 234 | if (rep_len > match_len | 234 | if (rep_len > match_len |
| @@ -315,7 +315,7 @@ ip_nat_sack_adjust(struct sk_buff **pskb, | |||
| 315 | optoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct tcphdr); | 315 | optoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct tcphdr); |
| 316 | optend = (*pskb)->nh.iph->ihl*4 + tcph->doff*4; | 316 | optend = (*pskb)->nh.iph->ihl*4 + tcph->doff*4; |
| 317 | 317 | ||
| 318 | if (!skb_ip_make_writable(pskb, optend)) | 318 | if (!skb_make_writable(pskb, optend)) |
| 319 | return 0; | 319 | return 0; |
| 320 | 320 | ||
| 321 | dir = CTINFO2DIR(ctinfo); | 321 | dir = CTINFO2DIR(ctinfo); |
| @@ -363,7 +363,7 @@ ip_nat_seq_adjust(struct sk_buff **pskb, | |||
| 363 | this_way = &ct->nat.info.seq[dir]; | 363 | this_way = &ct->nat.info.seq[dir]; |
| 364 | other_way = &ct->nat.info.seq[!dir]; | 364 | other_way = &ct->nat.info.seq[!dir]; |
| 365 | 365 | ||
| 366 | if (!skb_ip_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph))) | 366 | if (!skb_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph))) |
| 367 | return 0; | 367 | return 0; |
| 368 | 368 | ||
| 369 | tcph = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; | 369 | tcph = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; |
diff --git a/net/ipv4/netfilter/ip_nat_proto_icmp.c b/net/ipv4/netfilter/ip_nat_proto_icmp.c index 7ed2fdb53457..938719043999 100644 --- a/net/ipv4/netfilter/ip_nat_proto_icmp.c +++ b/net/ipv4/netfilter/ip_nat_proto_icmp.c | |||
| @@ -62,7 +62,7 @@ icmp_manip_pkt(struct sk_buff **pskb, | |||
| 62 | struct icmphdr *hdr; | 62 | struct icmphdr *hdr; |
| 63 | unsigned int hdroff = iphdroff + iph->ihl*4; | 63 | unsigned int hdroff = iphdroff + iph->ihl*4; |
| 64 | 64 | ||
| 65 | if (!skb_ip_make_writable(pskb, hdroff + sizeof(*hdr))) | 65 | if (!skb_make_writable(pskb, hdroff + sizeof(*hdr))) |
| 66 | return 0; | 66 | return 0; |
| 67 | 67 | ||
| 68 | hdr = (struct icmphdr *)((*pskb)->data + hdroff); | 68 | hdr = (struct icmphdr *)((*pskb)->data + hdroff); |
diff --git a/net/ipv4/netfilter/ip_nat_proto_tcp.c b/net/ipv4/netfilter/ip_nat_proto_tcp.c index 6113a16af867..1d381bf68574 100644 --- a/net/ipv4/netfilter/ip_nat_proto_tcp.c +++ b/net/ipv4/netfilter/ip_nat_proto_tcp.c | |||
| @@ -103,7 +103,7 @@ tcp_manip_pkt(struct sk_buff **pskb, | |||
| 103 | if ((*pskb)->len >= hdroff + sizeof(struct tcphdr)) | 103 | if ((*pskb)->len >= hdroff + sizeof(struct tcphdr)) |
| 104 | hdrsize = sizeof(struct tcphdr); | 104 | hdrsize = sizeof(struct tcphdr); |
| 105 | 105 | ||
| 106 | if (!skb_ip_make_writable(pskb, hdroff + hdrsize)) | 106 | if (!skb_make_writable(pskb, hdroff + hdrsize)) |
| 107 | return 0; | 107 | return 0; |
| 108 | 108 | ||
| 109 | iph = (struct iphdr *)((*pskb)->data + iphdroff); | 109 | iph = (struct iphdr *)((*pskb)->data + iphdroff); |
diff --git a/net/ipv4/netfilter/ip_nat_proto_udp.c b/net/ipv4/netfilter/ip_nat_proto_udp.c index 689478e637a7..c4906e1aa24a 100644 --- a/net/ipv4/netfilter/ip_nat_proto_udp.c +++ b/net/ipv4/netfilter/ip_nat_proto_udp.c | |||
| @@ -94,7 +94,7 @@ udp_manip_pkt(struct sk_buff **pskb, | |||
| 94 | u32 oldip, newip; | 94 | u32 oldip, newip; |
| 95 | u16 *portptr, newport; | 95 | u16 *portptr, newport; |
| 96 | 96 | ||
| 97 | if (!skb_ip_make_writable(pskb, hdroff + sizeof(*hdr))) | 97 | if (!skb_make_writable(pskb, hdroff + sizeof(*hdr))) |
| 98 | return 0; | 98 | return 0; |
| 99 | 99 | ||
| 100 | iph = (struct iphdr *)((*pskb)->data + iphdroff); | 100 | iph = (struct iphdr *)((*pskb)->data + iphdroff); |
diff --git a/net/ipv4/netfilter/ip_nat_snmp_basic.c b/net/ipv4/netfilter/ip_nat_snmp_basic.c index 2a48b6e635ae..93b2c5111bb2 100644 --- a/net/ipv4/netfilter/ip_nat_snmp_basic.c +++ b/net/ipv4/netfilter/ip_nat_snmp_basic.c | |||
| @@ -1275,7 +1275,7 @@ static int help(struct sk_buff **pskb, | |||
| 1275 | return NF_DROP; | 1275 | return NF_DROP; |
| 1276 | } | 1276 | } |
| 1277 | 1277 | ||
| 1278 | if (!skb_ip_make_writable(pskb, (*pskb)->len)) | 1278 | if (!skb_make_writable(pskb, (*pskb)->len)) |
| 1279 | return NF_DROP; | 1279 | return NF_DROP; |
| 1280 | 1280 | ||
| 1281 | spin_lock_bh(&snmp_lock); | 1281 | spin_lock_bh(&snmp_lock); |
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c index bc0af8d8e910..ae975ac59c6a 100644 --- a/net/ipv4/netfilter/ip_queue.c +++ b/net/ipv4/netfilter/ip_queue.c | |||
| @@ -388,7 +388,7 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) | |||
| 388 | } | 388 | } |
| 389 | skb_put(e->skb, diff); | 389 | skb_put(e->skb, diff); |
| 390 | } | 390 | } |
| 391 | if (!skb_ip_make_writable(&e->skb, v->data_len)) | 391 | if (!skb_make_writable(&e->skb, v->data_len)) |
| 392 | return -ENOMEM; | 392 | return -ENOMEM; |
| 393 | memcpy(e->skb->data, v->payload, v->data_len); | 393 | memcpy(e->skb->data, v->payload, v->data_len); |
| 394 | e->skb->ip_summed = CHECKSUM_NONE; | 394 | e->skb->ip_summed = CHECKSUM_NONE; |
diff --git a/net/ipv4/netfilter/ipt_DSCP.c b/net/ipv4/netfilter/ipt_DSCP.c index 975476fef27a..6e319570a28c 100644 --- a/net/ipv4/netfilter/ipt_DSCP.c +++ b/net/ipv4/netfilter/ipt_DSCP.c | |||
| @@ -39,7 +39,7 @@ target(struct sk_buff **pskb, | |||
| 39 | if (((*pskb)->nh.iph->tos & IPT_DSCP_MASK) != sh_dscp) { | 39 | if (((*pskb)->nh.iph->tos & IPT_DSCP_MASK) != sh_dscp) { |
| 40 | u_int16_t diffs[2]; | 40 | u_int16_t diffs[2]; |
| 41 | 41 | ||
| 42 | if (!skb_ip_make_writable(pskb, sizeof(struct iphdr))) | 42 | if (!skb_make_writable(pskb, sizeof(struct iphdr))) |
| 43 | return NF_DROP; | 43 | return NF_DROP; |
| 44 | 44 | ||
| 45 | diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF; | 45 | diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF; |
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c index f63a9bc0e4d2..a1319693f648 100644 --- a/net/ipv4/netfilter/ipt_ECN.c +++ b/net/ipv4/netfilter/ipt_ECN.c | |||
| @@ -31,7 +31,7 @@ set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) | |||
| 31 | != (einfo->ip_ect & IPT_ECN_IP_MASK)) { | 31 | != (einfo->ip_ect & IPT_ECN_IP_MASK)) { |
| 32 | u_int16_t diffs[2]; | 32 | u_int16_t diffs[2]; |
| 33 | 33 | ||
| 34 | if (!skb_ip_make_writable(pskb, sizeof(struct iphdr))) | 34 | if (!skb_make_writable(pskb, sizeof(struct iphdr))) |
| 35 | return 0; | 35 | return 0; |
| 36 | 36 | ||
| 37 | diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF; | 37 | diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF; |
| @@ -66,7 +66,7 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo, int inward) | |||
| 66 | tcph->cwr == einfo->proto.tcp.cwr))) | 66 | tcph->cwr == einfo->proto.tcp.cwr))) |
| 67 | return 1; | 67 | return 1; |
| 68 | 68 | ||
| 69 | if (!skb_ip_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph))) | 69 | if (!skb_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph))) |
| 70 | return 0; | 70 | return 0; |
| 71 | tcph = (void *)(*pskb)->nh.iph + (*pskb)->nh.iph->ihl*4; | 71 | tcph = (void *)(*pskb)->nh.iph + (*pskb)->nh.iph->ihl*4; |
| 72 | 72 | ||
diff --git a/net/ipv4/netfilter/ipt_TCPMSS.c b/net/ipv4/netfilter/ipt_TCPMSS.c index 949288319ca8..8db70d6908c3 100644 --- a/net/ipv4/netfilter/ipt_TCPMSS.c +++ b/net/ipv4/netfilter/ipt_TCPMSS.c | |||
| @@ -58,7 +58,7 @@ ipt_tcpmss_target(struct sk_buff **pskb, | |||
| 58 | unsigned int i; | 58 | unsigned int i; |
| 59 | u_int8_t *opt; | 59 | u_int8_t *opt; |
| 60 | 60 | ||
| 61 | if (!skb_ip_make_writable(pskb, (*pskb)->len)) | 61 | if (!skb_make_writable(pskb, (*pskb)->len)) |
| 62 | return NF_DROP; | 62 | return NF_DROP; |
| 63 | 63 | ||
| 64 | if ((*pskb)->ip_summed == CHECKSUM_HW && | 64 | if ((*pskb)->ip_summed == CHECKSUM_HW && |
diff --git a/net/ipv4/netfilter/ipt_TOS.c b/net/ipv4/netfilter/ipt_TOS.c index 49abb7eef0a4..deadb36d4428 100644 --- a/net/ipv4/netfilter/ipt_TOS.c +++ b/net/ipv4/netfilter/ipt_TOS.c | |||
| @@ -33,7 +33,7 @@ target(struct sk_buff **pskb, | |||
| 33 | if (((*pskb)->nh.iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) { | 33 | if (((*pskb)->nh.iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) { |
| 34 | u_int16_t diffs[2]; | 34 | u_int16_t diffs[2]; |
| 35 | 35 | ||
| 36 | if (!skb_ip_make_writable(pskb, sizeof(struct iphdr))) | 36 | if (!skb_make_writable(pskb, sizeof(struct iphdr))) |
| 37 | return NF_DROP; | 37 | return NF_DROP; |
| 38 | 38 | ||
| 39 | diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF; | 39 | diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF; |
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c index 83ccedceed17..7130603a32c5 100644 --- a/net/ipv6/netfilter/ip6_queue.c +++ b/net/ipv6/netfilter/ip6_queue.c | |||
| @@ -384,7 +384,7 @@ ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) | |||
| 384 | } | 384 | } |
| 385 | skb_put(e->skb, diff); | 385 | skb_put(e->skb, diff); |
| 386 | } | 386 | } |
| 387 | if (!skb_ip_make_writable(&e->skb, v->data_len)) | 387 | if (!skb_make_writable(&e->skb, v->data_len)) |
| 388 | return -ENOMEM; | 388 | return -ENOMEM; |
| 389 | memcpy(e->skb->data, v->payload, v->data_len); | 389 | memcpy(e->skb->data, v->payload, v->data_len); |
| 390 | e->skb->ip_summed = CHECKSUM_NONE; | 390 | e->skb->ip_summed = CHECKSUM_NONE; |