aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--drivers/net/bnx2.c2
-rw-r--r--drivers/net/ehea/ehea_main.c4
-rw-r--r--drivers/net/netxen/netxen_nic_hw.c8
-rw-r--r--drivers/net/netxen/netxen_nic_main.c6
-rw-r--r--drivers/net/sky2.c3
-rw-r--r--drivers/net/tg3.c6
-rw-r--r--drivers/s390/net/qeth_eddp.c13
-rw-r--r--include/net/ip.h7
-rw-r--r--net/ipv4/ip_fragment.c4
-rw-r--r--net/ipv4/ip_input.c4
-rw-r--r--net/ipv4/ipmr.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_app.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_core.c3
-rw-r--r--net/ipv4/ipvs/ip_vs_proto_tcp.c12
-rw-r--r--net/ipv4/ipvs/ip_vs_proto_udp.c12
-rw-r--r--net/ipv4/netfilter/ip_conntrack_amanda.c2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_core.c3
-rw-r--r--net/ipv4/netfilter/ip_conntrack_ftp.c4
-rw-r--r--net/ipv4/netfilter/ip_conntrack_helper_h323.c9
-rw-r--r--net/ipv4/netfilter/ip_conntrack_helper_pptp.c4
-rw-r--r--net/ipv4/netfilter/ip_conntrack_irc.c4
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_icmp.c8
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_sctp.c2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_tcp.c2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_sip.c2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_standalone.c2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_tftp.c2
-rw-r--r--net/ipv4/netfilter/ip_nat_core.c11
-rw-r--r--net/ipv4/netfilter/ip_nat_helper.c8
-rw-r--r--net/ipv4/netfilter/ip_nat_helper_h323.c8
-rw-r--r--net/ipv4/netfilter/ip_nat_sip.c10
-rw-r--r--net/ipv4/netfilter/ip_nat_standalone.c7
-rw-r--r--net/ipv4/netfilter/ip_tables.c2
-rw-r--r--net/ipv4/netfilter/ipt_ECN.c7
-rw-r--r--net/ipv4/netfilter/ipt_REJECT.c19
-rw-r--r--net/ipv4/netfilter/ipt_ecn.c4
-rw-r--r--net/ipv4/netfilter/iptable_filter.c3
-rw-r--r--net/ipv4/netfilter/iptable_mangle.c3
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c8
-rw-r--r--net/ipv4/netfilter/nf_conntrack_proto_icmp.c6
-rw-r--r--net/ipv4/netfilter/nf_nat_core.c14
-rw-r--r--net/ipv4/netfilter/nf_nat_h323.c8
-rw-r--r--net/ipv4/netfilter/nf_nat_helper.c12
-rw-r--r--net/ipv4/netfilter/nf_nat_sip.c11
-rw-r--r--net/ipv4/netfilter/nf_nat_standalone.c7
-rw-r--r--net/ipv6/netfilter/ip6table_filter.c2
-rw-r--r--net/ipv6/netfilter/ip6table_mangle.c2
47 files changed, 145 insertions, 141 deletions
diff --git a/drivers/net/bnx2.c b/drivers/net/bnx2.c
index e85f5ec48f96..b8091c55d441 100644
--- a/drivers/net/bnx2.c
+++ b/drivers/net/bnx2.c
@@ -4527,7 +4527,7 @@ bnx2_start_xmit(struct sk_buff *skb, struct net_device *dev)
4527 if (skb->h.th->doff > 5) { 4527 if (skb->h.th->doff > 5) {
4528 tcp_opt_len = (skb->h.th->doff - 5) << 2; 4528 tcp_opt_len = (skb->h.th->doff - 5) << 2;
4529 } 4529 }
4530 ip_tcp_len = (skb->nh.iph->ihl << 2) + sizeof(struct tcphdr); 4530 ip_tcp_len = ip_hdrlen(skb) + sizeof(struct tcphdr);
4531 4531
4532 skb->nh.iph->check = 0; 4532 skb->nh.iph->check = 0;
4533 skb->nh.iph->tot_len = htons(mss + ip_tcp_len + tcp_opt_len); 4533 skb->nh.iph->tot_len = htons(mss + ip_tcp_len + tcp_opt_len);
diff --git a/drivers/net/ehea/ehea_main.c b/drivers/net/ehea/ehea_main.c
index 0e4042bc0a48..b1c90a4fe31e 100644
--- a/drivers/net/ehea/ehea_main.c
+++ b/drivers/net/ehea/ehea_main.c
@@ -1263,7 +1263,7 @@ static inline void write_ip_start_end(struct ehea_swqe *swqe,
1263 const struct sk_buff *skb) 1263 const struct sk_buff *skb)
1264{ 1264{
1265 swqe->ip_start = (u8)(((u64)skb->nh.iph) - ((u64)skb->data)); 1265 swqe->ip_start = (u8)(((u64)skb->nh.iph) - ((u64)skb->data));
1266 swqe->ip_end = (u8)(swqe->ip_start + skb->nh.iph->ihl * 4 - 1); 1266 swqe->ip_end = (u8)(swqe->ip_start + ip_hdrlen(skb) - 1);
1267} 1267}
1268 1268
1269static inline void write_tcp_offset_end(struct ehea_swqe *swqe, 1269static inline void write_tcp_offset_end(struct ehea_swqe *swqe,
@@ -1300,7 +1300,7 @@ static void write_swqe2_TSO(struct sk_buff *skb,
1300 /* copy only eth/ip/tcp headers to immediate data and 1300 /* copy only eth/ip/tcp headers to immediate data and
1301 * the rest of skb->data to sg1entry 1301 * the rest of skb->data to sg1entry
1302 */ 1302 */
1303 headersize = ETH_HLEN + (skb->nh.iph->ihl * 4) + (skb->h.th->doff * 4); 1303 headersize = ETH_HLEN + ip_hdrlen(skb) + (skb->h.th->doff * 4);
1304 1304
1305 skb_data_size = skb->len - skb->data_len; 1305 skb_data_size = skb->len - skb->data_len;
1306 1306
diff --git a/drivers/net/netxen/netxen_nic_hw.c b/drivers/net/netxen/netxen_nic_hw.c
index 625e11ed6aae..b2f5032937e3 100644
--- a/drivers/net/netxen/netxen_nic_hw.c
+++ b/drivers/net/netxen/netxen_nic_hw.c
@@ -35,6 +35,8 @@
35#include "netxen_nic_hw.h" 35#include "netxen_nic_hw.h"
36#include "netxen_nic_phan_reg.h" 36#include "netxen_nic_phan_reg.h"
37 37
38#include <net/ip.h>
39
38/* PCI Windowing for DDR regions. */ 40/* PCI Windowing for DDR regions. */
39 41
40#define ADDR_IN_RANGE(addr, low, high) \ 42#define ADDR_IN_RANGE(addr, low, high) \
@@ -371,9 +373,9 @@ void netxen_tso_check(struct netxen_adapter *adapter,
371 struct cmd_desc_type0 *desc, struct sk_buff *skb) 373 struct cmd_desc_type0 *desc, struct sk_buff *skb)
372{ 374{
373 if (desc->mss) { 375 if (desc->mss) {
374 desc->total_hdr_length = sizeof(struct ethhdr) + 376 desc->total_hdr_length = (sizeof(struct ethhdr) +
375 ((skb->nh.iph)->ihl * sizeof(u32)) + 377 ip_hdrlen(skb) +
376 ((skb->h.th)->doff * sizeof(u32)); 378 skb->h.th->doff * 4);
377 netxen_set_cmd_desc_opcode(desc, TX_TCP_LSO); 379 netxen_set_cmd_desc_opcode(desc, TX_TCP_LSO);
378 } else if (skb->ip_summed == CHECKSUM_PARTIAL) { 380 } else if (skb->ip_summed == CHECKSUM_PARTIAL) {
379 if (skb->nh.iph->protocol == IPPROTO_TCP) { 381 if (skb->nh.iph->protocol == IPPROTO_TCP) {
diff --git a/drivers/net/netxen/netxen_nic_main.c b/drivers/net/netxen/netxen_nic_main.c
index 7d2525e76abb..b548a30e5c8e 100644
--- a/drivers/net/netxen/netxen_nic_main.c
+++ b/drivers/net/netxen/netxen_nic_main.c
@@ -41,6 +41,7 @@
41 41
42#include <linux/dma-mapping.h> 42#include <linux/dma-mapping.h>
43#include <linux/vmalloc.h> 43#include <linux/vmalloc.h>
44#include <net/ip.h>
44 45
45MODULE_DESCRIPTION("NetXen Multi port (1/10) Gigabit Network Driver"); 46MODULE_DESCRIPTION("NetXen Multi port (1/10) Gigabit Network Driver");
46MODULE_LICENSE("GPL"); 47MODULE_LICENSE("GPL");
@@ -778,9 +779,8 @@ static int netxen_nic_xmit_frame(struct sk_buff *skb, struct net_device *netdev)
778 if (skb_shinfo(skb)->gso_size > 0) { 779 if (skb_shinfo(skb)->gso_size > 0) {
779 780
780 no_of_desc++; 781 no_of_desc++;
781 if (((skb->nh.iph)->ihl * sizeof(u32)) + 782 if ((ip_hdrlen(skb) + skb->h.th->doff * 4 +
782 ((skb->h.th)->doff * sizeof(u32)) + 783 sizeof(struct ethhdr)) >
783 sizeof(struct ethhdr) >
784 (sizeof(struct cmd_desc_type0) - 2)) { 784 (sizeof(struct cmd_desc_type0) - 2)) {
785 no_of_desc++; 785 no_of_desc++;
786 } 786 }
diff --git a/drivers/net/sky2.c b/drivers/net/sky2.c
index ac36152c68bf..51e994f26a84 100644
--- a/drivers/net/sky2.c
+++ b/drivers/net/sky2.c
@@ -32,6 +32,7 @@
32#include <linux/ethtool.h> 32#include <linux/ethtool.h>
33#include <linux/pci.h> 33#include <linux/pci.h>
34#include <linux/ip.h> 34#include <linux/ip.h>
35#include <net/ip.h>
35#include <linux/tcp.h> 36#include <linux/tcp.h>
36#include <linux/in.h> 37#include <linux/in.h>
37#include <linux/delay.h> 38#include <linux/delay.h>
@@ -1392,7 +1393,7 @@ static int sky2_xmit_frame(struct sk_buff *skb, struct net_device *dev)
1392 mss = skb_shinfo(skb)->gso_size; 1393 mss = skb_shinfo(skb)->gso_size;
1393 if (mss != 0) { 1394 if (mss != 0) {
1394 mss += ((skb->h.th->doff - 5) * 4); /* TCP options */ 1395 mss += ((skb->h.th->doff - 5) * 4); /* TCP options */
1395 mss += (skb->nh.iph->ihl * 4) + sizeof(struct tcphdr); 1396 mss += ip_hdrlen(skb) + sizeof(struct tcphdr);
1396 mss += ETH_HLEN; 1397 mss += ETH_HLEN;
1397 1398
1398 if (mss != sky2->tx_last_mss) { 1399 if (mss != sky2->tx_last_mss) {
diff --git a/drivers/net/tg3.c b/drivers/net/tg3.c
index 256969e1300c..62a3bba0097d 100644
--- a/drivers/net/tg3.c
+++ b/drivers/net/tg3.c
@@ -40,6 +40,7 @@
40#include <linux/dma-mapping.h> 40#include <linux/dma-mapping.h>
41 41
42#include <net/checksum.h> 42#include <net/checksum.h>
43#include <net/ip.h>
43 44
44#include <asm/system.h> 45#include <asm/system.h>
45#include <asm/io.h> 46#include <asm/io.h>
@@ -3909,8 +3910,7 @@ static int tg3_start_xmit(struct sk_buff *skb, struct net_device *dev)
3909 mss |= (skb_headlen(skb) - ETH_HLEN) << 9; 3910 mss |= (skb_headlen(skb) - ETH_HLEN) << 9;
3910 else { 3911 else {
3911 tcp_opt_len = ((skb->h.th->doff - 5) * 4); 3912 tcp_opt_len = ((skb->h.th->doff - 5) * 4);
3912 ip_tcp_len = (skb->nh.iph->ihl * 4) + 3913 ip_tcp_len = ip_hdrlen(skb) + sizeof(struct tcphdr);
3913 sizeof(struct tcphdr);
3914 3914
3915 skb->nh.iph->check = 0; 3915 skb->nh.iph->check = 0;
3916 skb->nh.iph->tot_len = htons(mss + ip_tcp_len + 3916 skb->nh.iph->tot_len = htons(mss + ip_tcp_len +
@@ -4064,7 +4064,7 @@ static int tg3_start_xmit_dma_bug(struct sk_buff *skb, struct net_device *dev)
4064 } 4064 }
4065 4065
4066 tcp_opt_len = ((skb->h.th->doff - 5) * 4); 4066 tcp_opt_len = ((skb->h.th->doff - 5) * 4);
4067 ip_tcp_len = (skb->nh.iph->ihl * 4) + sizeof(struct tcphdr); 4067 ip_tcp_len = ip_hdrlen(skb) + sizeof(struct tcphdr);
4068 4068
4069 hdr_len = ip_tcp_len + tcp_opt_len; 4069 hdr_len = ip_tcp_len + tcp_opt_len;
4070 if (unlikely((ETH_HLEN + hdr_len) > 80) && 4070 if (unlikely((ETH_HLEN + hdr_len) > 80) &&
diff --git a/drivers/s390/net/qeth_eddp.c b/drivers/s390/net/qeth_eddp.c
index 893125403c68..1574247abaa1 100644
--- a/drivers/s390/net/qeth_eddp.c
+++ b/drivers/s390/net/qeth_eddp.c
@@ -473,9 +473,11 @@ qeth_eddp_fill_context_tcp(struct qeth_eddp_context *ctx,
473 QETH_DBF_TEXT(trace, 5, "eddpficx"); 473 QETH_DBF_TEXT(trace, 5, "eddpficx");
474 /* create our segmentation headers and copy original headers */ 474 /* create our segmentation headers and copy original headers */
475 if (skb->protocol == htons(ETH_P_IP)) 475 if (skb->protocol == htons(ETH_P_IP))
476 eddp = qeth_eddp_create_eddp_data(qhdr, (u8 *)skb->nh.iph, 476 eddp = qeth_eddp_create_eddp_data(qhdr,
477 skb->nh.iph->ihl*4, 477 skb_network_header(skb),
478 (u8 *)skb->h.th, skb->h.th->doff*4); 478 ip_hdrlen(skb),
479 skb->h.raw,
480 skb->h.th->doff * 4);
479 else 481 else
480 eddp = qeth_eddp_create_eddp_data(qhdr, (u8 *)skb->nh.ipv6h, 482 eddp = qeth_eddp_create_eddp_data(qhdr, (u8 *)skb->nh.ipv6h,
481 sizeof(struct ipv6hdr), 483 sizeof(struct ipv6hdr),
@@ -590,8 +592,9 @@ qeth_eddp_create_context_tcp(struct qeth_card *card, struct sk_buff *skb,
590 QETH_DBF_TEXT(trace, 5, "creddpct"); 592 QETH_DBF_TEXT(trace, 5, "creddpct");
591 if (skb->protocol == htons(ETH_P_IP)) 593 if (skb->protocol == htons(ETH_P_IP))
592 ctx = qeth_eddp_create_context_generic(card, skb, 594 ctx = qeth_eddp_create_context_generic(card, skb,
593 sizeof(struct qeth_hdr) + skb->nh.iph->ihl*4 + 595 (sizeof(struct qeth_hdr) +
594 skb->h.th->doff*4); 596 ip_hdrlen(skb) +
597 skb->h.th->doff * 4));
595 else if (skb->protocol == htons(ETH_P_IPV6)) 598 else if (skb->protocol == htons(ETH_P_IPV6))
596 ctx = qeth_eddp_create_context_generic(card, skb, 599 ctx = qeth_eddp_create_context_generic(card, skb,
597 sizeof(struct qeth_hdr) + sizeof(struct ipv6hdr) + 600 sizeof(struct qeth_hdr) + sizeof(struct ipv6hdr) +
diff --git a/include/net/ip.h b/include/net/ip.h
index e79c3e3aa4f6..6f7ba32b199d 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -25,6 +25,7 @@
25#include <linux/types.h> 25#include <linux/types.h>
26#include <linux/ip.h> 26#include <linux/ip.h>
27#include <linux/in.h> 27#include <linux/in.h>
28#include <linux/skbuff.h>
28 29
29#include <net/inet_sock.h> 30#include <net/inet_sock.h>
30#include <net/snmp.h> 31#include <net/snmp.h>
@@ -43,6 +44,11 @@ struct inet_skb_parm
43#define IPSKB_REROUTED 16 44#define IPSKB_REROUTED 16
44}; 45};
45 46
47static inline unsigned int ip_hdrlen(const struct sk_buff *skb)
48{
49 return skb->nh.iph->ihl * 4;
50}
51
46struct ipcm_cookie 52struct ipcm_cookie
47{ 53{
48 __be32 addr; 54 __be32 addr;
@@ -74,7 +80,6 @@ struct msghdr;
74struct net_device; 80struct net_device;
75struct packet_type; 81struct packet_type;
76struct rtable; 82struct rtable;
77struct sk_buff;
78struct sockaddr; 83struct sockaddr;
79 84
80extern void ip_mc_dropsocket(struct sock *); 85extern void ip_mc_dropsocket(struct sock *);
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index 268a6c7347f2..af120b2d5331 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -483,7 +483,7 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb)
483 flags = offset & ~IP_OFFSET; 483 flags = offset & ~IP_OFFSET;
484 offset &= IP_OFFSET; 484 offset &= IP_OFFSET;
485 offset <<= 3; /* offset is in 8-byte chunks */ 485 offset <<= 3; /* offset is in 8-byte chunks */
486 ihl = skb->nh.iph->ihl * 4; 486 ihl = ip_hdrlen(skb);
487 487
488 /* Determine the position of this fragment. */ 488 /* Determine the position of this fragment. */
489 end = offset + skb->len - ihl; 489 end = offset + skb->len - ihl;
@@ -624,7 +624,7 @@ static struct sk_buff *ip_frag_reasm(struct ipq *qp, struct net_device *dev)
624 BUG_TRAP(FRAG_CB(head)->offset == 0); 624 BUG_TRAP(FRAG_CB(head)->offset == 0);
625 625
626 /* Allocate a new buffer for the datagram. */ 626 /* Allocate a new buffer for the datagram. */
627 ihlen = head->nh.iph->ihl*4; 627 ihlen = ip_hdrlen(head);
628 len = ihlen + qp->len; 628 len = ihlen + qp->len;
629 629
630 if (len > 65535) 630 if (len > 65535)
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index f38e97647ac0..2ee132b330fd 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -198,9 +198,7 @@ int ip_call_ra_chain(struct sk_buff *skb)
198 198
199static inline int ip_local_deliver_finish(struct sk_buff *skb) 199static inline int ip_local_deliver_finish(struct sk_buff *skb)
200{ 200{
201 int ihl = skb->nh.iph->ihl*4; 201 __skb_pull(skb, ip_hdrlen(skb));
202
203 __skb_pull(skb, ihl);
204 202
205 /* Point into the IP datagram, just past the header. */ 203 /* Point into the IP datagram, just past the header. */
206 skb->h.raw = skb->data; 204 skb->h.raw = skb->data;
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index aba3ff0bec97..54b7543190f1 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -539,7 +539,7 @@ static void ipmr_cache_resolve(struct mfc_cache *uc, struct mfc_cache *c)
539static int ipmr_cache_report(struct sk_buff *pkt, vifi_t vifi, int assert) 539static int ipmr_cache_report(struct sk_buff *pkt, vifi_t vifi, int assert)
540{ 540{
541 struct sk_buff *skb; 541 struct sk_buff *skb;
542 int ihl = pkt->nh.iph->ihl<<2; 542 const int ihl = ip_hdrlen(pkt);
543 struct igmphdr *igmp; 543 struct igmphdr *igmp;
544 struct igmpmsg *msg; 544 struct igmpmsg *msg;
545 int ret; 545 int ret;
diff --git a/net/ipv4/ipvs/ip_vs_app.c b/net/ipv4/ipvs/ip_vs_app.c
index f29d3a27eec6..e5beab28cd0f 100644
--- a/net/ipv4/ipvs/ip_vs_app.c
+++ b/net/ipv4/ipvs/ip_vs_app.c
@@ -331,7 +331,7 @@ static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb,
331 struct ip_vs_app *app) 331 struct ip_vs_app *app)
332{ 332{
333 int diff; 333 int diff;
334 unsigned int tcp_offset = (*pskb)->nh.iph->ihl*4; 334 const unsigned int tcp_offset = ip_hdrlen(*pskb);
335 struct tcphdr *th; 335 struct tcphdr *th;
336 __u32 seq; 336 __u32 seq;
337 337
@@ -406,7 +406,7 @@ static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb,
406 struct ip_vs_app *app) 406 struct ip_vs_app *app)
407{ 407{
408 int diff; 408 int diff;
409 unsigned int tcp_offset = (*pskb)->nh.iph->ihl*4; 409 const unsigned int tcp_offset = ip_hdrlen(*pskb);
410 struct tcphdr *th; 410 struct tcphdr *th;
411 __u32 seq; 411 __u32 seq;
412 412
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
index 5d54dd2ce12f..7893c00a91fe 100644
--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -713,8 +713,7 @@ static inline int is_tcp_reset(const struct sk_buff *skb)
713{ 713{
714 struct tcphdr _tcph, *th; 714 struct tcphdr _tcph, *th;
715 715
716 th = skb_header_pointer(skb, skb->nh.iph->ihl * 4, 716 th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph);
717 sizeof(_tcph), &_tcph);
718 if (th == NULL) 717 if (th == NULL)
719 return 0; 718 return 0;
720 return th->rst; 719 return th->rst;
diff --git a/net/ipv4/ipvs/ip_vs_proto_tcp.c b/net/ipv4/ipvs/ip_vs_proto_tcp.c
index 16a9ebee2fe6..e65382da713e 100644
--- a/net/ipv4/ipvs/ip_vs_proto_tcp.c
+++ b/net/ipv4/ipvs/ip_vs_proto_tcp.c
@@ -76,8 +76,7 @@ tcp_conn_schedule(struct sk_buff *skb,
76 struct ip_vs_service *svc; 76 struct ip_vs_service *svc;
77 struct tcphdr _tcph, *th; 77 struct tcphdr _tcph, *th;
78 78
79 th = skb_header_pointer(skb, skb->nh.iph->ihl*4, 79 th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph);
80 sizeof(_tcph), &_tcph);
81 if (th == NULL) { 80 if (th == NULL) {
82 *verdict = NF_DROP; 81 *verdict = NF_DROP;
83 return 0; 82 return 0;
@@ -127,7 +126,7 @@ tcp_snat_handler(struct sk_buff **pskb,
127 struct ip_vs_protocol *pp, struct ip_vs_conn *cp) 126 struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
128{ 127{
129 struct tcphdr *tcph; 128 struct tcphdr *tcph;
130 unsigned int tcphoff = (*pskb)->nh.iph->ihl * 4; 129 const unsigned int tcphoff = ip_hdrlen(*pskb);
131 130
132 /* csum_check requires unshared skb */ 131 /* csum_check requires unshared skb */
133 if (!ip_vs_make_skb_writable(pskb, tcphoff+sizeof(*tcph))) 132 if (!ip_vs_make_skb_writable(pskb, tcphoff+sizeof(*tcph)))
@@ -175,7 +174,7 @@ tcp_dnat_handler(struct sk_buff **pskb,
175 struct ip_vs_protocol *pp, struct ip_vs_conn *cp) 174 struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
176{ 175{
177 struct tcphdr *tcph; 176 struct tcphdr *tcph;
178 unsigned int tcphoff = (*pskb)->nh.iph->ihl * 4; 177 const unsigned int tcphoff = ip_hdrlen(*pskb);
179 178
180 /* csum_check requires unshared skb */ 179 /* csum_check requires unshared skb */
181 if (!ip_vs_make_skb_writable(pskb, tcphoff+sizeof(*tcph))) 180 if (!ip_vs_make_skb_writable(pskb, tcphoff+sizeof(*tcph)))
@@ -224,7 +223,7 @@ tcp_dnat_handler(struct sk_buff **pskb,
224static int 223static int
225tcp_csum_check(struct sk_buff *skb, struct ip_vs_protocol *pp) 224tcp_csum_check(struct sk_buff *skb, struct ip_vs_protocol *pp)
226{ 225{
227 unsigned int tcphoff = skb->nh.iph->ihl*4; 226 const unsigned int tcphoff = ip_hdrlen(skb);
228 227
229 switch (skb->ip_summed) { 228 switch (skb->ip_summed) {
230 case CHECKSUM_NONE: 229 case CHECKSUM_NONE:
@@ -467,8 +466,7 @@ tcp_state_transition(struct ip_vs_conn *cp, int direction,
467{ 466{
468 struct tcphdr _tcph, *th; 467 struct tcphdr _tcph, *th;
469 468
470 th = skb_header_pointer(skb, skb->nh.iph->ihl*4, 469 th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph);
471 sizeof(_tcph), &_tcph);
472 if (th == NULL) 470 if (th == NULL)
473 return 0; 471 return 0;
474 472
diff --git a/net/ipv4/ipvs/ip_vs_proto_udp.c b/net/ipv4/ipvs/ip_vs_proto_udp.c
index 03f0a414cfa4..2cd950638923 100644
--- a/net/ipv4/ipvs/ip_vs_proto_udp.c
+++ b/net/ipv4/ipvs/ip_vs_proto_udp.c
@@ -22,7 +22,7 @@
22#include <linux/udp.h> 22#include <linux/udp.h>
23 23
24#include <net/ip_vs.h> 24#include <net/ip_vs.h>
25 25#include <net/ip.h>
26 26
27static struct ip_vs_conn * 27static struct ip_vs_conn *
28udp_conn_in_get(const struct sk_buff *skb, struct ip_vs_protocol *pp, 28udp_conn_in_get(const struct sk_buff *skb, struct ip_vs_protocol *pp,
@@ -56,7 +56,7 @@ udp_conn_out_get(const struct sk_buff *skb, struct ip_vs_protocol *pp,
56 struct ip_vs_conn *cp; 56 struct ip_vs_conn *cp;
57 __be16 _ports[2], *pptr; 57 __be16 _ports[2], *pptr;
58 58
59 pptr = skb_header_pointer(skb, skb->nh.iph->ihl*4, 59 pptr = skb_header_pointer(skb, ip_hdrlen(skb),
60 sizeof(_ports), _ports); 60 sizeof(_ports), _ports);
61 if (pptr == NULL) 61 if (pptr == NULL)
62 return NULL; 62 return NULL;
@@ -82,7 +82,7 @@ udp_conn_schedule(struct sk_buff *skb, struct ip_vs_protocol *pp,
82 struct ip_vs_service *svc; 82 struct ip_vs_service *svc;
83 struct udphdr _udph, *uh; 83 struct udphdr _udph, *uh;
84 84
85 uh = skb_header_pointer(skb, skb->nh.iph->ihl*4, 85 uh = skb_header_pointer(skb, ip_hdrlen(skb),
86 sizeof(_udph), &_udph); 86 sizeof(_udph), &_udph);
87 if (uh == NULL) { 87 if (uh == NULL) {
88 *verdict = NF_DROP; 88 *verdict = NF_DROP;
@@ -133,7 +133,7 @@ udp_snat_handler(struct sk_buff **pskb,
133 struct ip_vs_protocol *pp, struct ip_vs_conn *cp) 133 struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
134{ 134{
135 struct udphdr *udph; 135 struct udphdr *udph;
136 unsigned int udphoff = (*pskb)->nh.iph->ihl * 4; 136 const unsigned int udphoff = ip_hdrlen(*pskb);
137 137
138 /* csum_check requires unshared skb */ 138 /* csum_check requires unshared skb */
139 if (!ip_vs_make_skb_writable(pskb, udphoff+sizeof(*udph))) 139 if (!ip_vs_make_skb_writable(pskb, udphoff+sizeof(*udph)))
@@ -187,7 +187,7 @@ udp_dnat_handler(struct sk_buff **pskb,
187 struct ip_vs_protocol *pp, struct ip_vs_conn *cp) 187 struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
188{ 188{
189 struct udphdr *udph; 189 struct udphdr *udph;
190 unsigned int udphoff = (*pskb)->nh.iph->ihl * 4; 190 unsigned int udphoff = ip_hdrlen(*pskb);
191 191
192 /* csum_check requires unshared skb */ 192 /* csum_check requires unshared skb */
193 if (!ip_vs_make_skb_writable(pskb, udphoff+sizeof(*udph))) 193 if (!ip_vs_make_skb_writable(pskb, udphoff+sizeof(*udph)))
@@ -239,7 +239,7 @@ static int
239udp_csum_check(struct sk_buff *skb, struct ip_vs_protocol *pp) 239udp_csum_check(struct sk_buff *skb, struct ip_vs_protocol *pp)
240{ 240{
241 struct udphdr _udph, *uh; 241 struct udphdr _udph, *uh;
242 unsigned int udphoff = skb->nh.iph->ihl*4; 242 const unsigned int udphoff = ip_hdrlen(skb);
243 243
244 uh = skb_header_pointer(skb, udphoff, sizeof(_udph), &_udph); 244 uh = skb_header_pointer(skb, udphoff, sizeof(_udph), &_udph);
245 if (uh == NULL) 245 if (uh == NULL)
diff --git a/net/ipv4/netfilter/ip_conntrack_amanda.c b/net/ipv4/netfilter/ip_conntrack_amanda.c
index 4f561f52c83a..c40762c67d0e 100644
--- a/net/ipv4/netfilter/ip_conntrack_amanda.c
+++ b/net/ipv4/netfilter/ip_conntrack_amanda.c
@@ -103,7 +103,7 @@ static int help(struct sk_buff **pskb,
103 ip_ct_refresh(ct, *pskb, master_timeout * HZ); 103 ip_ct_refresh(ct, *pskb, master_timeout * HZ);
104 104
105 /* No data? */ 105 /* No data? */
106 dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); 106 dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
107 if (dataoff >= (*pskb)->len) { 107 if (dataoff >= (*pskb)->len) {
108 if (net_ratelimit()) 108 if (net_ratelimit())
109 printk("amanda_help: skblen = %u\n", (*pskb)->len); 109 printk("amanda_help: skblen = %u\n", (*pskb)->len);
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index 23b99ae2cc37..8c013d9f6907 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -750,8 +750,7 @@ resolve_normal_ct(struct sk_buff *skb,
750 750
751 IP_NF_ASSERT((skb->nh.iph->frag_off & htons(IP_OFFSET)) == 0); 751 IP_NF_ASSERT((skb->nh.iph->frag_off & htons(IP_OFFSET)) == 0);
752 752
753 if (!ip_ct_get_tuple(skb->nh.iph, skb, skb->nh.iph->ihl*4, 753 if (!ip_ct_get_tuple(skb->nh.iph, skb, ip_hdrlen(skb), &tuple,proto))
754 &tuple,proto))
755 return NULL; 754 return NULL;
756 755
757 /* look for tuple match */ 756 /* look for tuple match */
diff --git a/net/ipv4/netfilter/ip_conntrack_ftp.c b/net/ipv4/netfilter/ip_conntrack_ftp.c
index 1faa68ab9432..92389987e789 100644
--- a/net/ipv4/netfilter/ip_conntrack_ftp.c
+++ b/net/ipv4/netfilter/ip_conntrack_ftp.c
@@ -319,12 +319,12 @@ static int help(struct sk_buff **pskb,
319 return NF_ACCEPT; 319 return NF_ACCEPT;
320 } 320 }
321 321
322 th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4, 322 th = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
323 sizeof(_tcph), &_tcph); 323 sizeof(_tcph), &_tcph);
324 if (th == NULL) 324 if (th == NULL)
325 return NF_ACCEPT; 325 return NF_ACCEPT;
326 326
327 dataoff = (*pskb)->nh.iph->ihl*4 + th->doff*4; 327 dataoff = ip_hdrlen(*pskb) + th->doff * 4;
328 /* No data? */ 328 /* No data? */
329 if (dataoff >= (*pskb)->len) { 329 if (dataoff >= (*pskb)->len) {
330 DEBUGP("ftp: pskblen = %u\n", (*pskb)->len); 330 DEBUGP("ftp: pskblen = %u\n", (*pskb)->len);
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323.c b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
index 53eb365ccc7e..5d638149b0e0 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_h323.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
@@ -115,13 +115,13 @@ static int get_tpkt_data(struct sk_buff **pskb, struct ip_conntrack *ct,
115 int tpktoff; 115 int tpktoff;
116 116
117 /* Get TCP header */ 117 /* Get TCP header */
118 th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl * 4, 118 th = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
119 sizeof(_tcph), &_tcph); 119 sizeof(_tcph), &_tcph);
120 if (th == NULL) 120 if (th == NULL)
121 return 0; 121 return 0;
122 122
123 /* Get TCP data offset */ 123 /* Get TCP data offset */
124 tcpdataoff = (*pskb)->nh.iph->ihl * 4 + th->doff * 4; 124 tcpdataoff = ip_hdrlen(*pskb) + th->doff * 4;
125 125
126 /* Get TCP data length */ 126 /* Get TCP data length */
127 tcpdatalen = (*pskb)->len - tcpdataoff; 127 tcpdatalen = (*pskb)->len - tcpdataoff;
@@ -1185,11 +1185,10 @@ static unsigned char *get_udp_data(struct sk_buff **pskb, int *datalen)
1185 struct udphdr _uh, *uh; 1185 struct udphdr _uh, *uh;
1186 int dataoff; 1186 int dataoff;
1187 1187
1188 uh = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl * 4, sizeof(_uh), 1188 uh = skb_header_pointer(*pskb, ip_hdrlen(*pskb), sizeof(_uh), &_uh);
1189 &_uh);
1190 if (uh == NULL) 1189 if (uh == NULL)
1191 return NULL; 1190 return NULL;
1192 dataoff = (*pskb)->nh.iph->ihl * 4 + sizeof(_uh); 1191 dataoff = ip_hdrlen(*pskb) + sizeof(_uh);
1193 if (dataoff >= (*pskb)->len) 1192 if (dataoff >= (*pskb)->len)
1194 return NULL; 1193 return NULL;
1195 *datalen = (*pskb)->len - dataoff; 1194 *datalen = (*pskb)->len - dataoff;
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
index 2b760c5cf709..f5ab8e4b97cb 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
@@ -543,7 +543,7 @@ conntrack_pptp_help(struct sk_buff **pskb,
543 struct pptp_pkt_hdr _pptph, *pptph; 543 struct pptp_pkt_hdr _pptph, *pptph;
544 struct PptpControlHeader _ctlh, *ctlh; 544 struct PptpControlHeader _ctlh, *ctlh;
545 union pptp_ctrl_union _pptpReq, *pptpReq; 545 union pptp_ctrl_union _pptpReq, *pptpReq;
546 unsigned int tcplen = (*pskb)->len - (*pskb)->nh.iph->ihl * 4; 546 unsigned int tcplen = (*pskb)->len - ip_hdrlen(*pskb);
547 unsigned int datalen, reqlen, nexthdr_off; 547 unsigned int datalen, reqlen, nexthdr_off;
548 int oldsstate, oldcstate; 548 int oldsstate, oldcstate;
549 int ret; 549 int ret;
@@ -556,7 +556,7 @@ conntrack_pptp_help(struct sk_buff **pskb,
556 return NF_ACCEPT; 556 return NF_ACCEPT;
557 } 557 }
558 558
559 nexthdr_off = (*pskb)->nh.iph->ihl*4; 559 nexthdr_off = ip_hdrlen(*pskb);
560 tcph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_tcph), &_tcph); 560 tcph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_tcph), &_tcph);
561 BUG_ON(!tcph); 561 BUG_ON(!tcph);
562 nexthdr_off += tcph->doff * 4; 562 nexthdr_off += tcph->doff * 4;
diff --git a/net/ipv4/netfilter/ip_conntrack_irc.c b/net/ipv4/netfilter/ip_conntrack_irc.c
index 053e591f407a..ee99abe482e3 100644
--- a/net/ipv4/netfilter/ip_conntrack_irc.c
+++ b/net/ipv4/netfilter/ip_conntrack_irc.c
@@ -130,13 +130,13 @@ static int help(struct sk_buff **pskb,
130 } 130 }
131 131
132 /* Not a full tcp header? */ 132 /* Not a full tcp header? */
133 th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4, 133 th = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
134 sizeof(_tcph), &_tcph); 134 sizeof(_tcph), &_tcph);
135 if (th == NULL) 135 if (th == NULL)
136 return NF_ACCEPT; 136 return NF_ACCEPT;
137 137
138 /* No data? */ 138 /* No data? */
139 dataoff = (*pskb)->nh.iph->ihl*4 + th->doff*4; 139 dataoff = ip_hdrlen(*pskb) + th->doff * 4;
140 if (dataoff >= (*pskb)->len) 140 if (dataoff >= (*pskb)->len)
141 return NF_ACCEPT; 141 return NF_ACCEPT;
142 142
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
index ad70c81a21e0..e253f3ee52d0 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
@@ -149,7 +149,7 @@ icmp_error_message(struct sk_buff *skb,
149 IP_NF_ASSERT(skb->nfct == NULL); 149 IP_NF_ASSERT(skb->nfct == NULL);
150 150
151 /* Not enough header? */ 151 /* Not enough header? */
152 inside = skb_header_pointer(skb, skb->nh.iph->ihl*4, sizeof(_in), &_in); 152 inside = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_in), &_in);
153 if (inside == NULL) 153 if (inside == NULL)
154 return -NF_ACCEPT; 154 return -NF_ACCEPT;
155 155
@@ -161,7 +161,7 @@ icmp_error_message(struct sk_buff *skb,
161 } 161 }
162 162
163 innerproto = ip_conntrack_proto_find_get(inside->ip.protocol); 163 innerproto = ip_conntrack_proto_find_get(inside->ip.protocol);
164 dataoff = skb->nh.iph->ihl*4 + sizeof(inside->icmp) + inside->ip.ihl*4; 164 dataoff = ip_hdrlen(skb) + sizeof(inside->icmp) + inside->ip.ihl * 4;
165 /* Are they talking about one of our connections? */ 165 /* Are they talking about one of our connections? */
166 if (!ip_ct_get_tuple(&inside->ip, skb, dataoff, &origtuple, innerproto)) { 166 if (!ip_ct_get_tuple(&inside->ip, skb, dataoff, &origtuple, innerproto)) {
167 DEBUGP("icmp_error: ! get_tuple p=%u", inside->ip.protocol); 167 DEBUGP("icmp_error: ! get_tuple p=%u", inside->ip.protocol);
@@ -214,7 +214,7 @@ icmp_error(struct sk_buff *skb, enum ip_conntrack_info *ctinfo,
214 struct icmphdr _ih, *icmph; 214 struct icmphdr _ih, *icmph;
215 215
216 /* Not enough header? */ 216 /* Not enough header? */
217 icmph = skb_header_pointer(skb, skb->nh.iph->ihl*4, sizeof(_ih), &_ih); 217 icmph = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_ih), &_ih);
218 if (icmph == NULL) { 218 if (icmph == NULL) {
219 if (LOG_INVALID(IPPROTO_ICMP)) 219 if (LOG_INVALID(IPPROTO_ICMP))
220 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, 220 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
@@ -224,7 +224,7 @@ icmp_error(struct sk_buff *skb, enum ip_conntrack_info *ctinfo,
224 224
225 /* See ip_conntrack_proto_tcp.c */ 225 /* See ip_conntrack_proto_tcp.c */
226 if (ip_conntrack_checksum && hooknum == NF_IP_PRE_ROUTING && 226 if (ip_conntrack_checksum && hooknum == NF_IP_PRE_ROUTING &&
227 nf_ip_checksum(skb, hooknum, skb->nh.iph->ihl * 4, 0)) { 227 nf_ip_checksum(skb, hooknum, ip_hdrlen(skb), 0)) {
228 if (LOG_INVALID(IPPROTO_ICMP)) 228 if (LOG_INVALID(IPPROTO_ICMP))
229 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, 229 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
230 "ip_ct_icmp: bad ICMP checksum "); 230 "ip_ct_icmp: bad ICMP checksum ");
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
index e6942992b2f6..e29c436144b3 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
@@ -206,7 +206,7 @@ static int sctp_print_conntrack(struct seq_file *s,
206} 206}
207 207
208#define for_each_sctp_chunk(skb, sch, _sch, offset, count) \ 208#define for_each_sctp_chunk(skb, sch, _sch, offset, count) \
209for (offset = skb->nh.iph->ihl * 4 + sizeof(sctp_sctphdr_t), count = 0; \ 209for (offset = ip_hdrlen(skb) + sizeof(sctp_sctphdr_t), count = 0; \
210 offset < skb->len && \ 210 offset < skb->len && \
211 (sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch)); \ 211 (sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch)); \
212 offset += (ntohs(sch->length) + 3) & ~3, count++) 212 offset += (ntohs(sch->length) + 3) & ~3, count++)
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
index 7ff11977eb4d..fce3a3c69815 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
@@ -771,7 +771,7 @@ void ip_conntrack_tcp_update(struct sk_buff *skb,
771 enum ip_conntrack_dir dir) 771 enum ip_conntrack_dir dir)
772{ 772{
773 struct iphdr *iph = skb->nh.iph; 773 struct iphdr *iph = skb->nh.iph;
774 struct tcphdr *tcph = (void *)skb->nh.iph + skb->nh.iph->ihl*4; 774 struct tcphdr *tcph = (void *)skb->nh.iph + ip_hdrlen(skb);
775 __u32 end; 775 __u32 end;
776#ifdef DEBUGP_VARS 776#ifdef DEBUGP_VARS
777 struct ip_ct_tcp_state *sender = &conntrack->proto.tcp.seen[dir]; 777 struct ip_ct_tcp_state *sender = &conntrack->proto.tcp.seen[dir];
diff --git a/net/ipv4/netfilter/ip_conntrack_sip.c b/net/ipv4/netfilter/ip_conntrack_sip.c
index c59a962c1f61..7363e2a5cea4 100644
--- a/net/ipv4/netfilter/ip_conntrack_sip.c
+++ b/net/ipv4/netfilter/ip_conntrack_sip.c
@@ -402,7 +402,7 @@ static int sip_help(struct sk_buff **pskb,
402 typeof(ip_nat_sip_hook) ip_nat_sip; 402 typeof(ip_nat_sip_hook) ip_nat_sip;
403 403
404 /* No Data ? */ 404 /* No Data ? */
405 dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); 405 dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
406 if (dataoff >= (*pskb)->len) { 406 if (dataoff >= (*pskb)->len) {
407 DEBUGP("skb->len = %u\n", (*pskb)->len); 407 DEBUGP("skb->len = %u\n", (*pskb)->len);
408 return NF_ACCEPT; 408 return NF_ACCEPT;
diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c
index 56b2f7546d1e..92609a4dcd74 100644
--- a/net/ipv4/netfilter/ip_conntrack_standalone.c
+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c
@@ -458,7 +458,7 @@ static unsigned int ip_conntrack_local(unsigned int hooknum,
458{ 458{
459 /* root is playing with raw sockets. */ 459 /* root is playing with raw sockets. */
460 if ((*pskb)->len < sizeof(struct iphdr) 460 if ((*pskb)->len < sizeof(struct iphdr)
461 || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) { 461 || ip_hdrlen(*pskb) < sizeof(struct iphdr)) {
462 if (net_ratelimit()) 462 if (net_ratelimit())
463 printk("ipt_hook: happy cracking.\n"); 463 printk("ipt_hook: happy cracking.\n");
464 return NF_ACCEPT; 464 return NF_ACCEPT;
diff --git a/net/ipv4/netfilter/ip_conntrack_tftp.c b/net/ipv4/netfilter/ip_conntrack_tftp.c
index 76e175e7a972..afc6809a3888 100644
--- a/net/ipv4/netfilter/ip_conntrack_tftp.c
+++ b/net/ipv4/netfilter/ip_conntrack_tftp.c
@@ -53,7 +53,7 @@ static int tftp_help(struct sk_buff **pskb,
53 typeof(ip_nat_tftp_hook) ip_nat_tftp; 53 typeof(ip_nat_tftp_hook) ip_nat_tftp;
54 54
55 tfh = skb_header_pointer(*pskb, 55 tfh = skb_header_pointer(*pskb,
56 (*pskb)->nh.iph->ihl*4+sizeof(struct udphdr), 56 ip_hdrlen(*pskb) + sizeof(struct udphdr),
57 sizeof(_tftph), &_tftph); 57 sizeof(_tftph), &_tftph);
58 if (tfh == NULL) 58 if (tfh == NULL)
59 return NF_ACCEPT; 59 return NF_ACCEPT;
diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c
index 40737fdbe9a7..cf46930606f2 100644
--- a/net/ipv4/netfilter/ip_nat_core.c
+++ b/net/ipv4/netfilter/ip_nat_core.c
@@ -422,7 +422,7 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
422 } *inside; 422 } *inside;
423 struct ip_conntrack_protocol *proto; 423 struct ip_conntrack_protocol *proto;
424 struct ip_conntrack_tuple inner, target; 424 struct ip_conntrack_tuple inner, target;
425 int hdrlen = (*pskb)->nh.iph->ihl * 4; 425 int hdrlen = ip_hdrlen(*pskb);
426 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 426 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
427 unsigned long statusbit; 427 unsigned long statusbit;
428 enum ip_nat_manip_type manip = HOOK2MANIP(hooknum); 428 enum ip_nat_manip_type manip = HOOK2MANIP(hooknum);
@@ -430,7 +430,7 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
430 if (!skb_make_writable(pskb, hdrlen + sizeof(*inside))) 430 if (!skb_make_writable(pskb, hdrlen + sizeof(*inside)))
431 return 0; 431 return 0;
432 432
433 inside = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; 433 inside = (void *)(*pskb)->data + ip_hdrlen(*pskb);
434 434
435 /* We're actually going to mangle it beyond trivial checksum 435 /* We're actually going to mangle it beyond trivial checksum
436 adjustment, so make sure the current checksum is correct. */ 436 adjustment, so make sure the current checksum is correct. */
@@ -458,7 +458,7 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
458 458
459 /* rcu_read_lock()ed by nf_hook_slow */ 459 /* rcu_read_lock()ed by nf_hook_slow */
460 proto = __ip_conntrack_proto_find(inside->ip.protocol); 460 proto = __ip_conntrack_proto_find(inside->ip.protocol);
461 if (!ip_ct_get_tuple(&inside->ip, *pskb, (*pskb)->nh.iph->ihl*4 + 461 if (!ip_ct_get_tuple(&inside->ip, *pskb, ip_hdrlen(*pskb) +
462 sizeof(struct icmphdr) + inside->ip.ihl*4, 462 sizeof(struct icmphdr) + inside->ip.ihl*4,
463 &inner, proto)) 463 &inner, proto))
464 return 0; 464 return 0;
@@ -469,15 +469,14 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
469 packet: PREROUTING (DST manip), routing produces ICMP, goes 469 packet: PREROUTING (DST manip), routing produces ICMP, goes
470 through POSTROUTING (which must correct the DST manip). */ 470 through POSTROUTING (which must correct the DST manip). */
471 if (!manip_pkt(inside->ip.protocol, pskb, 471 if (!manip_pkt(inside->ip.protocol, pskb,
472 (*pskb)->nh.iph->ihl*4 472 ip_hdrlen(*pskb) + sizeof(inside->icmp),
473 + sizeof(inside->icmp),
474 &ct->tuplehash[!dir].tuple, 473 &ct->tuplehash[!dir].tuple,
475 !manip)) 474 !manip))
476 return 0; 475 return 0;
477 476
478 if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { 477 if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) {
479 /* Reloading "inside" here since manip_pkt inner. */ 478 /* Reloading "inside" here since manip_pkt inner. */
480 inside = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; 479 inside = (void *)(*pskb)->data + ip_hdrlen(*pskb);
481 inside->icmp.checksum = 0; 480 inside->icmp.checksum = 0;
482 inside->icmp.checksum = csum_fold(skb_checksum(*pskb, hdrlen, 481 inside->icmp.checksum = csum_fold(skb_checksum(*pskb, hdrlen,
483 (*pskb)->len - hdrlen, 482 (*pskb)->len - hdrlen,
diff --git a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c
index dc778cfef58b..25624e558562 100644
--- a/net/ipv4/netfilter/ip_nat_helper.c
+++ b/net/ipv4/netfilter/ip_nat_helper.c
@@ -322,8 +322,8 @@ ip_nat_sack_adjust(struct sk_buff **pskb,
322{ 322{
323 unsigned int dir, optoff, optend; 323 unsigned int dir, optoff, optend;
324 324
325 optoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct tcphdr); 325 optoff = ip_hdrlen(*pskb) + sizeof(struct tcphdr);
326 optend = (*pskb)->nh.iph->ihl*4 + tcph->doff*4; 326 optend = ip_hdrlen(*pskb) + tcph->doff * 4;
327 327
328 if (!skb_make_writable(pskb, optend)) 328 if (!skb_make_writable(pskb, optend))
329 return 0; 329 return 0;
@@ -374,10 +374,10 @@ ip_nat_seq_adjust(struct sk_buff **pskb,
374 this_way = &ct->nat.info.seq[dir]; 374 this_way = &ct->nat.info.seq[dir];
375 other_way = &ct->nat.info.seq[!dir]; 375 other_way = &ct->nat.info.seq[!dir];
376 376
377 if (!skb_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph))) 377 if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph)))
378 return 0; 378 return 0;
379 379
380 tcph = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; 380 tcph = (void *)(*pskb)->data + ip_hdrlen(*pskb);
381 if (after(ntohl(tcph->seq), this_way->correction_pos)) 381 if (after(ntohl(tcph->seq), this_way->correction_pos))
382 newseq = htonl(ntohl(tcph->seq) + this_way->offset_after); 382 newseq = htonl(ntohl(tcph->seq) + this_way->offset_after);
383 else 383 else
diff --git a/net/ipv4/netfilter/ip_nat_helper_h323.c b/net/ipv4/netfilter/ip_nat_helper_h323.c
index bdc99ef6159e..8b1e3388bd08 100644
--- a/net/ipv4/netfilter/ip_nat_helper_h323.c
+++ b/net/ipv4/netfilter/ip_nat_helper_h323.c
@@ -57,11 +57,11 @@ static int set_addr(struct sk_buff **pskb,
57 } 57 }
58 58
59 /* Relocate data pointer */ 59 /* Relocate data pointer */
60 th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl * 4, 60 th = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
61 sizeof(_tcph), &_tcph); 61 sizeof(_tcph), &_tcph);
62 if (th == NULL) 62 if (th == NULL)
63 return -1; 63 return -1;
64 *data = (*pskb)->data + (*pskb)->nh.iph->ihl * 4 + 64 *data = (*pskb)->data + ip_hdrlen(*pskb) +
65 th->doff * 4 + dataoff; 65 th->doff * 4 + dataoff;
66 } else { 66 } else {
67 if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo, 67 if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo,
@@ -75,8 +75,8 @@ static int set_addr(struct sk_buff **pskb,
75 /* ip_nat_mangle_udp_packet uses skb_make_writable() to copy 75 /* ip_nat_mangle_udp_packet uses skb_make_writable() to copy
76 * or pull everything in a linear buffer, so we can safely 76 * or pull everything in a linear buffer, so we can safely
77 * use the skb pointers now */ 77 * use the skb pointers now */
78 *data = (*pskb)->data + (*pskb)->nh.iph->ihl * 4 + 78 *data = ((*pskb)->data + ip_hdrlen(*pskb) +
79 sizeof(struct udphdr); 79 sizeof(struct udphdr));
80 } 80 }
81 81
82 return 0; 82 return 0;
diff --git a/net/ipv4/netfilter/ip_nat_sip.c b/net/ipv4/netfilter/ip_nat_sip.c
index 325c5a9dc2ef..84953601762d 100644
--- a/net/ipv4/netfilter/ip_nat_sip.c
+++ b/net/ipv4/netfilter/ip_nat_sip.c
@@ -90,7 +90,7 @@ static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo,
90 if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo, 90 if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo,
91 matchoff, matchlen, addr, addrlen)) 91 matchoff, matchlen, addr, addrlen))
92 return 0; 92 return 0;
93 *dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); 93 *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr);
94 return 1; 94 return 1;
95 95
96} 96}
@@ -104,7 +104,7 @@ static unsigned int ip_nat_sip(struct sk_buff **pskb,
104 struct addr_map map; 104 struct addr_map map;
105 int dataoff, datalen; 105 int dataoff, datalen;
106 106
107 dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); 107 dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
108 datalen = (*pskb)->len - dataoff; 108 datalen = (*pskb)->len - dataoff;
109 if (datalen < sizeof("SIP/2.0") - 1) 109 if (datalen < sizeof("SIP/2.0") - 1)
110 return NF_DROP; 110 return NF_DROP;
@@ -153,7 +153,7 @@ static unsigned int mangle_sip_packet(struct sk_buff **pskb,
153 return 0; 153 return 0;
154 154
155 /* We need to reload this. Thanks Patrick. */ 155 /* We need to reload this. Thanks Patrick. */
156 *dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); 156 *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr);
157 return 1; 157 return 1;
158} 158}
159 159
@@ -166,7 +166,7 @@ static int mangle_content_len(struct sk_buff **pskb,
166 char buffer[sizeof("65536")]; 166 char buffer[sizeof("65536")];
167 int bufflen; 167 int bufflen;
168 168
169 dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); 169 dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
170 170
171 /* Get actual SDP lenght */ 171 /* Get actual SDP lenght */
172 if (ct_sip_get_info(dptr, (*pskb)->len - dataoff, &matchoff, 172 if (ct_sip_get_info(dptr, (*pskb)->len - dataoff, &matchoff,
@@ -199,7 +199,7 @@ static unsigned int mangle_sdp(struct sk_buff **pskb,
199 char buffer[sizeof("nnn.nnn.nnn.nnn")]; 199 char buffer[sizeof("nnn.nnn.nnn.nnn")];
200 unsigned int dataoff, bufflen; 200 unsigned int dataoff, bufflen;
201 201
202 dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); 202 dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
203 203
204 /* Mangle owner and contact info. */ 204 /* Mangle owner and contact info. */
205 bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip)); 205 bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip));
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
index 6bcfdf6dfcc9..dbaaf78ff9a3 100644
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -112,8 +112,7 @@ ip_nat_fn(unsigned int hooknum,
112 if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) { 112 if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) {
113 struct icmphdr _hdr, *hp; 113 struct icmphdr _hdr, *hp;
114 114
115 hp = skb_header_pointer(*pskb, 115 hp = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
116 (*pskb)->nh.iph->ihl*4,
117 sizeof(_hdr), &_hdr); 116 sizeof(_hdr), &_hdr);
118 if (hp != NULL && 117 if (hp != NULL &&
119 hp->type == ICMP_REDIRECT) 118 hp->type == ICMP_REDIRECT)
@@ -211,7 +210,7 @@ ip_nat_out(unsigned int hooknum,
211 210
212 /* root is playing with raw sockets. */ 211 /* root is playing with raw sockets. */
213 if ((*pskb)->len < sizeof(struct iphdr) 212 if ((*pskb)->len < sizeof(struct iphdr)
214 || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) 213 || ip_hdrlen(*pskb) < sizeof(struct iphdr))
215 return NF_ACCEPT; 214 return NF_ACCEPT;
216 215
217 ret = ip_nat_fn(hooknum, pskb, in, out, okfn); 216 ret = ip_nat_fn(hooknum, pskb, in, out, okfn);
@@ -244,7 +243,7 @@ ip_nat_local_fn(unsigned int hooknum,
244 243
245 /* root is playing with raw sockets. */ 244 /* root is playing with raw sockets. */
246 if ((*pskb)->len < sizeof(struct iphdr) 245 if ((*pskb)->len < sizeof(struct iphdr)
247 || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) 246 || ip_hdrlen(*pskb) < sizeof(struct iphdr))
248 return NF_ACCEPT; 247 return NF_ACCEPT;
249 248
250 ret = ip_nat_fn(hooknum, pskb, in, out, okfn); 249 ret = ip_nat_fn(hooknum, pskb, in, out, okfn);
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 50cc4b92e284..f66966650212 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -198,7 +198,7 @@ int do_match(struct ipt_entry_match *m,
198{ 198{
199 /* Stop iteration if it doesn't match */ 199 /* Stop iteration if it doesn't match */
200 if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data, 200 if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data,
201 offset, skb->nh.iph->ihl*4, hotdrop)) 201 offset, ip_hdrlen(skb), hotdrop))
202 return 1; 202 return 1;
203 else 203 else
204 return 0; 204 return 0;
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c
index 4f565633631d..44daf9e1da35 100644
--- a/net/ipv4/netfilter/ipt_ECN.c
+++ b/net/ipv4/netfilter/ipt_ECN.c
@@ -13,6 +13,7 @@
13#include <linux/module.h> 13#include <linux/module.h>
14#include <linux/skbuff.h> 14#include <linux/skbuff.h>
15#include <linux/ip.h> 15#include <linux/ip.h>
16#include <net/ip.h>
16#include <linux/tcp.h> 17#include <linux/tcp.h>
17#include <net/checksum.h> 18#include <net/checksum.h>
18 19
@@ -52,7 +53,7 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
52 __be16 oldval; 53 __be16 oldval;
53 54
54 /* Not enought header? */ 55 /* Not enought header? */
55 tcph = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4, 56 tcph = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
56 sizeof(_tcph), &_tcph); 57 sizeof(_tcph), &_tcph);
57 if (!tcph) 58 if (!tcph)
58 return 0; 59 return 0;
@@ -63,9 +64,9 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
63 tcph->cwr == einfo->proto.tcp.cwr))) 64 tcph->cwr == einfo->proto.tcp.cwr)))
64 return 1; 65 return 1;
65 66
66 if (!skb_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph))) 67 if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph)))
67 return 0; 68 return 0;
68 tcph = (void *)(*pskb)->nh.iph + (*pskb)->nh.iph->ihl*4; 69 tcph = (void *)(*pskb)->nh.iph + ip_hdrlen(*pskb);
69 70
70 oldval = ((__be16 *)tcph)[6]; 71 oldval = ((__be16 *)tcph)[6];
71 if (einfo->operation & IPT_ECN_OP_SET_ECE) 72 if (einfo->operation & IPT_ECN_OP_SET_ECE)
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index 80f739e21824..01c04f0e5c91 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -43,7 +43,6 @@ MODULE_DESCRIPTION("iptables REJECT target module");
43static void send_reset(struct sk_buff *oldskb, int hook) 43static void send_reset(struct sk_buff *oldskb, int hook)
44{ 44{
45 struct sk_buff *nskb; 45 struct sk_buff *nskb;
46 struct iphdr *iph = oldskb->nh.iph;
47 struct tcphdr _otcph, *oth, *tcph; 46 struct tcphdr _otcph, *oth, *tcph;
48 __be16 tmp_port; 47 __be16 tmp_port;
49 __be32 tmp_addr; 48 __be32 tmp_addr;
@@ -54,7 +53,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
54 if (oldskb->nh.iph->frag_off & htons(IP_OFFSET)) 53 if (oldskb->nh.iph->frag_off & htons(IP_OFFSET))
55 return; 54 return;
56 55
57 oth = skb_header_pointer(oldskb, oldskb->nh.iph->ihl * 4, 56 oth = skb_header_pointer(oldskb, ip_hdrlen(oldskb),
58 sizeof(_otcph), &_otcph); 57 sizeof(_otcph), &_otcph);
59 if (oth == NULL) 58 if (oth == NULL)
60 return; 59 return;
@@ -64,7 +63,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
64 return; 63 return;
65 64
66 /* Check checksum */ 65 /* Check checksum */
67 if (nf_ip_checksum(oldskb, hook, iph->ihl * 4, IPPROTO_TCP)) 66 if (nf_ip_checksum(oldskb, hook, ip_hdrlen(oldskb), IPPROTO_TCP))
68 return; 67 return;
69 68
70 /* We need a linear, writeable skb. We also need to expand 69 /* We need a linear, writeable skb. We also need to expand
@@ -84,7 +83,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
84 skb_shinfo(nskb)->gso_segs = 0; 83 skb_shinfo(nskb)->gso_segs = 0;
85 skb_shinfo(nskb)->gso_type = 0; 84 skb_shinfo(nskb)->gso_type = 0;
86 85
87 tcph = (struct tcphdr *)((u_int32_t*)nskb->nh.iph + nskb->nh.iph->ihl); 86 tcph = (struct tcphdr *)(skb_network_header(nskb) + ip_hdrlen(nskb));
88 87
89 /* Swap source and dest */ 88 /* Swap source and dest */
90 tmp_addr = nskb->nh.iph->saddr; 89 tmp_addr = nskb->nh.iph->saddr;
@@ -96,7 +95,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
96 95
97 /* Truncate to length (no data) */ 96 /* Truncate to length (no data) */
98 tcph->doff = sizeof(struct tcphdr)/4; 97 tcph->doff = sizeof(struct tcphdr)/4;
99 skb_trim(nskb, nskb->nh.iph->ihl*4 + sizeof(struct tcphdr)); 98 skb_trim(nskb, ip_hdrlen(nskb) + sizeof(struct tcphdr));
100 nskb->nh.iph->tot_len = htons(nskb->len); 99 nskb->nh.iph->tot_len = htons(nskb->len);
101 100
102 if (tcph->ack) { 101 if (tcph->ack) {
@@ -105,9 +104,9 @@ static void send_reset(struct sk_buff *oldskb, int hook)
105 tcph->ack_seq = 0; 104 tcph->ack_seq = 0;
106 } else { 105 } else {
107 needs_ack = 1; 106 needs_ack = 1;
108 tcph->ack_seq = htonl(ntohl(oth->seq) + oth->syn + oth->fin 107 tcph->ack_seq = htonl(ntohl(oth->seq) + oth->syn + oth->fin +
109 + oldskb->len - oldskb->nh.iph->ihl*4 108 oldskb->len - ip_hdrlen(oldskb) -
110 - (oth->doff<<2)); 109 (oth->doff << 2));
111 tcph->seq = 0; 110 tcph->seq = 0;
112 } 111 }
113 112
@@ -149,7 +148,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
149 148
150 /* Adjust IP checksum */ 149 /* Adjust IP checksum */
151 nskb->nh.iph->check = 0; 150 nskb->nh.iph->check = 0;
152 nskb->nh.iph->check = ip_fast_csum((unsigned char *)nskb->nh.iph, 151 nskb->nh.iph->check = ip_fast_csum(skb_network_header(nskb),
153 nskb->nh.iph->ihl); 152 nskb->nh.iph->ihl);
154 153
155 /* "Never happens" */ 154 /* "Never happens" */
@@ -182,7 +181,7 @@ static unsigned int reject(struct sk_buff **pskb,
182 181
183 /* Our naive response construction doesn't deal with IP 182 /* Our naive response construction doesn't deal with IP
184 options, and probably shouldn't try. */ 183 options, and probably shouldn't try. */
185 if ((*pskb)->nh.iph->ihl<<2 != sizeof(struct iphdr)) 184 if (ip_hdrlen(*pskb) != sizeof(struct iphdr))
186 return NF_DROP; 185 return NF_DROP;
187 186
188 /* WARNING: This code causes reentry within iptables. 187 /* WARNING: This code causes reentry within iptables.
diff --git a/net/ipv4/netfilter/ipt_ecn.c b/net/ipv4/netfilter/ipt_ecn.c
index 37508b2cfea6..b8ade3cc7757 100644
--- a/net/ipv4/netfilter/ipt_ecn.c
+++ b/net/ipv4/netfilter/ipt_ecn.c
@@ -11,6 +11,7 @@
11 11
12#include <linux/in.h> 12#include <linux/in.h>
13#include <linux/ip.h> 13#include <linux/ip.h>
14#include <net/ip.h>
14#include <linux/module.h> 15#include <linux/module.h>
15#include <linux/skbuff.h> 16#include <linux/skbuff.h>
16#include <linux/tcp.h> 17#include <linux/tcp.h>
@@ -38,8 +39,7 @@ static inline int match_tcp(const struct sk_buff *skb,
38 /* In practice, TCP match does this, so can't fail. But let's 39 /* In practice, TCP match does this, so can't fail. But let's
39 * be good citizens. 40 * be good citizens.
40 */ 41 */
41 th = skb_header_pointer(skb, skb->nh.iph->ihl * 4, 42 th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph);
42 sizeof(_tcph), &_tcph);
43 if (th == NULL) { 43 if (th == NULL) {
44 *hotdrop = 0; 44 *hotdrop = 0;
45 return 0; 45 return 0;
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c
index d1d61e97b976..42728909eba0 100644
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -13,6 +13,7 @@
13#include <linux/module.h> 13#include <linux/module.h>
14#include <linux/moduleparam.h> 14#include <linux/moduleparam.h>
15#include <linux/netfilter_ipv4/ip_tables.h> 15#include <linux/netfilter_ipv4/ip_tables.h>
16#include <net/ip.h>
16 17
17MODULE_LICENSE("GPL"); 18MODULE_LICENSE("GPL");
18MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); 19MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
@@ -102,7 +103,7 @@ ipt_local_out_hook(unsigned int hook,
102{ 103{
103 /* root is playing with raw sockets. */ 104 /* root is playing with raw sockets. */
104 if ((*pskb)->len < sizeof(struct iphdr) 105 if ((*pskb)->len < sizeof(struct iphdr)
105 || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) { 106 || ip_hdrlen(*pskb) < sizeof(struct iphdr)) {
106 if (net_ratelimit()) 107 if (net_ratelimit())
107 printk("ipt_hook: happy cracking.\n"); 108 printk("ipt_hook: happy cracking.\n");
108 return NF_ACCEPT; 109 return NF_ACCEPT;
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index 98b66ef0c714..6cc3245f676a 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -17,6 +17,7 @@
17#include <net/sock.h> 17#include <net/sock.h>
18#include <net/route.h> 18#include <net/route.h>
19#include <linux/ip.h> 19#include <linux/ip.h>
20#include <net/ip.h>
20 21
21MODULE_LICENSE("GPL"); 22MODULE_LICENSE("GPL");
22MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); 23MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
@@ -136,7 +137,7 @@ ipt_local_hook(unsigned int hook,
136 137
137 /* root is playing with raw sockets. */ 138 /* root is playing with raw sockets. */
138 if ((*pskb)->len < sizeof(struct iphdr) 139 if ((*pskb)->len < sizeof(struct iphdr)
139 || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) { 140 || ip_hdrlen(*pskb) < sizeof(struct iphdr)) {
140 if (net_ratelimit()) 141 if (net_ratelimit())
141 printk("ipt_hook: happy cracking.\n"); 142 printk("ipt_hook: happy cracking.\n");
142 return NF_ACCEPT; 143 return NF_ACCEPT;
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 7cebbff0b0c3..fa14eb77f9b6 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -105,7 +105,7 @@ ipv4_prepare(struct sk_buff **pskb, unsigned int hooknum, unsigned int *dataoff,
105 return -NF_DROP; 105 return -NF_DROP;
106 } 106 }
107 107
108 *dataoff = skb_network_offset(*pskb) + (*pskb)->nh.iph->ihl * 4; 108 *dataoff = skb_network_offset(*pskb) + ip_hdrlen(*pskb);
109 *protonum = (*pskb)->nh.iph->protocol; 109 *protonum = (*pskb)->nh.iph->protocol;
110 110
111 return NF_ACCEPT; 111 return NF_ACCEPT;
@@ -151,8 +151,8 @@ static unsigned int ipv4_conntrack_help(unsigned int hooknum,
151 if (!help || !help->helper) 151 if (!help || !help->helper)
152 return NF_ACCEPT; 152 return NF_ACCEPT;
153 153
154 return help->helper->help(pskb, (skb_network_offset(*pskb) + 154 return help->helper->help(pskb,
155 (*pskb)->nh.iph->ihl * 4), 155 skb_network_offset(*pskb) + ip_hdrlen(*pskb),
156 ct, ctinfo); 156 ct, ctinfo);
157} 157}
158 158
@@ -198,7 +198,7 @@ static unsigned int ipv4_conntrack_local(unsigned int hooknum,
198{ 198{
199 /* root is playing with raw sockets. */ 199 /* root is playing with raw sockets. */
200 if ((*pskb)->len < sizeof(struct iphdr) 200 if ((*pskb)->len < sizeof(struct iphdr)
201 || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) { 201 || ip_hdrlen(*pskb) < sizeof(struct iphdr)) {
202 if (net_ratelimit()) 202 if (net_ratelimit())
203 printk("ipt_hook: happy cracking.\n"); 203 printk("ipt_hook: happy cracking.\n");
204 return NF_ACCEPT; 204 return NF_ACCEPT;
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
index 5fd1e5363c1a..e090e929e6e2 100644
--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -158,7 +158,7 @@ icmp_error_message(struct sk_buff *skb,
158 NF_CT_ASSERT(skb->nfct == NULL); 158 NF_CT_ASSERT(skb->nfct == NULL);
159 159
160 /* Not enough header? */ 160 /* Not enough header? */
161 inside = skb_header_pointer(skb, skb->nh.iph->ihl*4, sizeof(_in), &_in); 161 inside = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_in), &_in);
162 if (inside == NULL) 162 if (inside == NULL)
163 return -NF_ACCEPT; 163 return -NF_ACCEPT;
164 164
@@ -172,7 +172,7 @@ icmp_error_message(struct sk_buff *skb,
172 /* rcu_read_lock()ed by nf_hook_slow */ 172 /* rcu_read_lock()ed by nf_hook_slow */
173 innerproto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol); 173 innerproto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol);
174 174
175 dataoff = skb->nh.iph->ihl*4 + sizeof(inside->icmp); 175 dataoff = ip_hdrlen(skb) + sizeof(inside->icmp);
176 /* Are they talking about one of our connections? */ 176 /* Are they talking about one of our connections? */
177 if (!nf_ct_get_tuple(skb, dataoff, dataoff + inside->ip.ihl*4, PF_INET, 177 if (!nf_ct_get_tuple(skb, dataoff, dataoff + inside->ip.ihl*4, PF_INET,
178 inside->ip.protocol, &origtuple, 178 inside->ip.protocol, &origtuple,
@@ -227,7 +227,7 @@ icmp_error(struct sk_buff *skb, unsigned int dataoff,
227 struct icmphdr _ih, *icmph; 227 struct icmphdr _ih, *icmph;
228 228
229 /* Not enough header? */ 229 /* Not enough header? */
230 icmph = skb_header_pointer(skb, skb->nh.iph->ihl*4, sizeof(_ih), &_ih); 230 icmph = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_ih), &_ih);
231 if (icmph == NULL) { 231 if (icmph == NULL) {
232 if (LOG_INVALID(IPPROTO_ICMP)) 232 if (LOG_INVALID(IPPROTO_ICMP))
233 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, 233 nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 452e9d326684..ea02f00d2dac 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -431,7 +431,7 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
431 } *inside; 431 } *inside;
432 struct nf_conntrack_l4proto *l4proto; 432 struct nf_conntrack_l4proto *l4proto;
433 struct nf_conntrack_tuple inner, target; 433 struct nf_conntrack_tuple inner, target;
434 int hdrlen = (*pskb)->nh.iph->ihl * 4; 434 int hdrlen = ip_hdrlen(*pskb);
435 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 435 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
436 unsigned long statusbit; 436 unsigned long statusbit;
437 enum nf_nat_manip_type manip = HOOK2MANIP(hooknum); 437 enum nf_nat_manip_type manip = HOOK2MANIP(hooknum);
@@ -439,7 +439,7 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
439 if (!skb_make_writable(pskb, hdrlen + sizeof(*inside))) 439 if (!skb_make_writable(pskb, hdrlen + sizeof(*inside)))
440 return 0; 440 return 0;
441 441
442 inside = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; 442 inside = (void *)(*pskb)->data + ip_hdrlen(*pskb);
443 443
444 /* We're actually going to mangle it beyond trivial checksum 444 /* We're actually going to mangle it beyond trivial checksum
445 adjustment, so make sure the current checksum is correct. */ 445 adjustment, so make sure the current checksum is correct. */
@@ -469,9 +469,9 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
469 l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol); 469 l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol);
470 470
471 if (!nf_ct_get_tuple(*pskb, 471 if (!nf_ct_get_tuple(*pskb,
472 (*pskb)->nh.iph->ihl*4 + sizeof(struct icmphdr), 472 ip_hdrlen(*pskb) + sizeof(struct icmphdr),
473 (*pskb)->nh.iph->ihl*4 + 473 (ip_hdrlen(*pskb) +
474 sizeof(struct icmphdr) + inside->ip.ihl*4, 474 sizeof(struct icmphdr) + inside->ip.ihl * 4),
475 (u_int16_t)AF_INET, 475 (u_int16_t)AF_INET,
476 inside->ip.protocol, 476 inside->ip.protocol,
477 &inner, l3proto, l4proto)) 477 &inner, l3proto, l4proto))
@@ -483,14 +483,14 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
483 packet: PREROUTING (DST manip), routing produces ICMP, goes 483 packet: PREROUTING (DST manip), routing produces ICMP, goes
484 through POSTROUTING (which must correct the DST manip). */ 484 through POSTROUTING (which must correct the DST manip). */
485 if (!manip_pkt(inside->ip.protocol, pskb, 485 if (!manip_pkt(inside->ip.protocol, pskb,
486 (*pskb)->nh.iph->ihl*4 + sizeof(inside->icmp), 486 ip_hdrlen(*pskb) + sizeof(inside->icmp),
487 &ct->tuplehash[!dir].tuple, 487 &ct->tuplehash[!dir].tuple,
488 !manip)) 488 !manip))
489 return 0; 489 return 0;
490 490
491 if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { 491 if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) {
492 /* Reloading "inside" here since manip_pkt inner. */ 492 /* Reloading "inside" here since manip_pkt inner. */
493 inside = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; 493 inside = (void *)(*pskb)->data + ip_hdrlen(*pskb);
494 inside->icmp.checksum = 0; 494 inside->icmp.checksum = 0;
495 inside->icmp.checksum = 495 inside->icmp.checksum =
496 csum_fold(skb_checksum(*pskb, hdrlen, 496 csum_fold(skb_checksum(*pskb, hdrlen,
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c
index 9cbf3f9be13b..2eb3832db3a4 100644
--- a/net/ipv4/netfilter/nf_nat_h323.c
+++ b/net/ipv4/netfilter/nf_nat_h323.c
@@ -55,11 +55,11 @@ static int set_addr(struct sk_buff **pskb,
55 } 55 }
56 56
57 /* Relocate data pointer */ 57 /* Relocate data pointer */
58 th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl * 4, 58 th = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
59 sizeof(_tcph), &_tcph); 59 sizeof(_tcph), &_tcph);
60 if (th == NULL) 60 if (th == NULL)
61 return -1; 61 return -1;
62 *data = (*pskb)->data + (*pskb)->nh.iph->ihl * 4 + 62 *data = (*pskb)->data + ip_hdrlen(*pskb) +
63 th->doff * 4 + dataoff; 63 th->doff * 4 + dataoff;
64 } else { 64 } else {
65 if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, 65 if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo,
@@ -73,8 +73,8 @@ static int set_addr(struct sk_buff **pskb,
73 /* nf_nat_mangle_udp_packet uses skb_make_writable() to copy 73 /* nf_nat_mangle_udp_packet uses skb_make_writable() to copy
74 * or pull everything in a linear buffer, so we can safely 74 * or pull everything in a linear buffer, so we can safely
75 * use the skb pointers now */ 75 * use the skb pointers now */
76 *data = (*pskb)->data + (*pskb)->nh.iph->ihl * 4 + 76 *data = ((*pskb)->data + ip_hdrlen(*pskb) +
77 sizeof(struct udphdr); 77 sizeof(struct udphdr));
78 } 78 }
79 79
80 return 0; 80 return 0;
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c
index 49a90c39ffce..723302afd840 100644
--- a/net/ipv4/netfilter/nf_nat_helper.c
+++ b/net/ipv4/netfilter/nf_nat_helper.c
@@ -190,7 +190,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb,
190 (int)rep_len - (int)match_len, 190 (int)rep_len - (int)match_len,
191 ct, ctinfo); 191 ct, ctinfo);
192 /* Tell TCP window tracking about seq change */ 192 /* Tell TCP window tracking about seq change */
193 nf_conntrack_tcp_update(*pskb, (*pskb)->nh.iph->ihl*4, 193 nf_conntrack_tcp_update(*pskb, ip_hdrlen(*pskb),
194 ct, CTINFO2DIR(ctinfo)); 194 ct, CTINFO2DIR(ctinfo));
195 } 195 }
196 return 1; 196 return 1;
@@ -318,8 +318,8 @@ nf_nat_sack_adjust(struct sk_buff **pskb,
318 unsigned int dir, optoff, optend; 318 unsigned int dir, optoff, optend;
319 struct nf_conn_nat *nat = nfct_nat(ct); 319 struct nf_conn_nat *nat = nfct_nat(ct);
320 320
321 optoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct tcphdr); 321 optoff = ip_hdrlen(*pskb) + sizeof(struct tcphdr);
322 optend = (*pskb)->nh.iph->ihl*4 + tcph->doff*4; 322 optend = ip_hdrlen(*pskb) + tcph->doff * 4;
323 323
324 if (!skb_make_writable(pskb, optend)) 324 if (!skb_make_writable(pskb, optend))
325 return 0; 325 return 0;
@@ -371,10 +371,10 @@ nf_nat_seq_adjust(struct sk_buff **pskb,
371 this_way = &nat->info.seq[dir]; 371 this_way = &nat->info.seq[dir];
372 other_way = &nat->info.seq[!dir]; 372 other_way = &nat->info.seq[!dir];
373 373
374 if (!skb_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph))) 374 if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph)))
375 return 0; 375 return 0;
376 376
377 tcph = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; 377 tcph = (void *)(*pskb)->data + ip_hdrlen(*pskb);
378 if (after(ntohl(tcph->seq), this_way->correction_pos)) 378 if (after(ntohl(tcph->seq), this_way->correction_pos))
379 newseq = htonl(ntohl(tcph->seq) + this_way->offset_after); 379 newseq = htonl(ntohl(tcph->seq) + this_way->offset_after);
380 else 380 else
@@ -399,7 +399,7 @@ nf_nat_seq_adjust(struct sk_buff **pskb,
399 if (!nf_nat_sack_adjust(pskb, tcph, ct, ctinfo)) 399 if (!nf_nat_sack_adjust(pskb, tcph, ct, ctinfo))
400 return 0; 400 return 0;
401 401
402 nf_conntrack_tcp_update(*pskb, (*pskb)->nh.iph->ihl*4, ct, dir); 402 nf_conntrack_tcp_update(*pskb, ip_hdrlen(*pskb), ct, dir);
403 403
404 return 1; 404 return 1;
405} 405}
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c
index b12cd7c314ca..bfd88e4e0685 100644
--- a/net/ipv4/netfilter/nf_nat_sip.c
+++ b/net/ipv4/netfilter/nf_nat_sip.c
@@ -11,6 +11,7 @@
11#include <linux/module.h> 11#include <linux/module.h>
12#include <linux/skbuff.h> 12#include <linux/skbuff.h>
13#include <linux/ip.h> 13#include <linux/ip.h>
14#include <net/ip.h>
14#include <linux/udp.h> 15#include <linux/udp.h>
15 16
16#include <net/netfilter/nf_nat.h> 17#include <net/netfilter/nf_nat.h>
@@ -92,7 +93,7 @@ static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo,
92 if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, 93 if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo,
93 matchoff, matchlen, addr, addrlen)) 94 matchoff, matchlen, addr, addrlen))
94 return 0; 95 return 0;
95 *dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); 96 *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr);
96 return 1; 97 return 1;
97 98
98} 99}
@@ -106,7 +107,7 @@ static unsigned int ip_nat_sip(struct sk_buff **pskb,
106 struct addr_map map; 107 struct addr_map map;
107 int dataoff, datalen; 108 int dataoff, datalen;
108 109
109 dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); 110 dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
110 datalen = (*pskb)->len - dataoff; 111 datalen = (*pskb)->len - dataoff;
111 if (datalen < sizeof("SIP/2.0") - 1) 112 if (datalen < sizeof("SIP/2.0") - 1)
112 return NF_DROP; 113 return NF_DROP;
@@ -155,7 +156,7 @@ static unsigned int mangle_sip_packet(struct sk_buff **pskb,
155 return 0; 156 return 0;
156 157
157 /* We need to reload this. Thanks Patrick. */ 158 /* We need to reload this. Thanks Patrick. */
158 *dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); 159 *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr);
159 return 1; 160 return 1;
160} 161}
161 162
@@ -168,7 +169,7 @@ static int mangle_content_len(struct sk_buff **pskb,
168 char buffer[sizeof("65536")]; 169 char buffer[sizeof("65536")];
169 int bufflen; 170 int bufflen;
170 171
171 dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); 172 dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
172 173
173 /* Get actual SDP lenght */ 174 /* Get actual SDP lenght */
174 if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff, 175 if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff,
@@ -200,7 +201,7 @@ static unsigned int mangle_sdp(struct sk_buff **pskb,
200 char buffer[sizeof("nnn.nnn.nnn.nnn")]; 201 char buffer[sizeof("nnn.nnn.nnn.nnn")];
201 unsigned int dataoff, bufflen; 202 unsigned int dataoff, bufflen;
202 203
203 dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); 204 dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
204 205
205 /* Mangle owner and contact info. */ 206 /* Mangle owner and contact info. */
206 bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip)); 207 bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip));
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c
index 15aa3db8cb33..61ca272165a1 100644
--- a/net/ipv4/netfilter/nf_nat_standalone.c
+++ b/net/ipv4/netfilter/nf_nat_standalone.c
@@ -101,8 +101,7 @@ nf_nat_fn(unsigned int hooknum,
101 if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) { 101 if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) {
102 struct icmphdr _hdr, *hp; 102 struct icmphdr _hdr, *hp;
103 103
104 hp = skb_header_pointer(*pskb, 104 hp = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
105 (*pskb)->nh.iph->ihl*4,
106 sizeof(_hdr), &_hdr); 105 sizeof(_hdr), &_hdr);
107 if (hp != NULL && 106 if (hp != NULL &&
108 hp->type == ICMP_REDIRECT) 107 hp->type == ICMP_REDIRECT)
@@ -203,7 +202,7 @@ nf_nat_out(unsigned int hooknum,
203 202
204 /* root is playing with raw sockets. */ 203 /* root is playing with raw sockets. */
205 if ((*pskb)->len < sizeof(struct iphdr) || 204 if ((*pskb)->len < sizeof(struct iphdr) ||
206 (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) 205 ip_hdrlen(*pskb) < sizeof(struct iphdr))
207 return NF_ACCEPT; 206 return NF_ACCEPT;
208 207
209 ret = nf_nat_fn(hooknum, pskb, in, out, okfn); 208 ret = nf_nat_fn(hooknum, pskb, in, out, okfn);
@@ -236,7 +235,7 @@ nf_nat_local_fn(unsigned int hooknum,
236 235
237 /* root is playing with raw sockets. */ 236 /* root is playing with raw sockets. */
238 if ((*pskb)->len < sizeof(struct iphdr) || 237 if ((*pskb)->len < sizeof(struct iphdr) ||
239 (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) 238 ip_hdrlen(*pskb) < sizeof(struct iphdr))
240 return NF_ACCEPT; 239 return NF_ACCEPT;
241 240
242 ret = nf_nat_fn(hooknum, pskb, in, out, okfn); 241 ret = nf_nat_fn(hooknum, pskb, in, out, okfn);
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c
index 112a21d0c6da..76f0cf66f95c 100644
--- a/net/ipv6/netfilter/ip6table_filter.c
+++ b/net/ipv6/netfilter/ip6table_filter.c
@@ -102,7 +102,7 @@ ip6t_local_out_hook(unsigned int hook,
102#if 0 102#if 0
103 /* root is playing with raw sockets. */ 103 /* root is playing with raw sockets. */
104 if ((*pskb)->len < sizeof(struct iphdr) 104 if ((*pskb)->len < sizeof(struct iphdr)
105 || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) { 105 || ip_hdrlen(*pskb) < sizeof(struct iphdr)) {
106 if (net_ratelimit()) 106 if (net_ratelimit())
107 printk("ip6t_hook: happy cracking.\n"); 107 printk("ip6t_hook: happy cracking.\n");
108 return NF_ACCEPT; 108 return NF_ACCEPT;
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c
index 0c468d35a937..da2c1994539b 100644
--- a/net/ipv6/netfilter/ip6table_mangle.c
+++ b/net/ipv6/netfilter/ip6table_mangle.c
@@ -138,7 +138,7 @@ ip6t_local_hook(unsigned int hook,
138#if 0 138#if 0
139 /* root is playing with raw sockets. */ 139 /* root is playing with raw sockets. */
140 if ((*pskb)->len < sizeof(struct iphdr) 140 if ((*pskb)->len < sizeof(struct iphdr)
141 || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) { 141 || ip_hdrlen(*pskb) < sizeof(struct iphdr)) {
142 if (net_ratelimit()) 142 if (net_ratelimit())
143 printk("ip6t_hook: happy cracking.\n"); 143 printk("ip6t_hook: happy cracking.\n");
144 return NF_ACCEPT; 144 return NF_ACCEPT;