diff options
47 files changed, 145 insertions, 141 deletions
diff --git a/drivers/net/bnx2.c b/drivers/net/bnx2.c index e85f5ec48f96..b8091c55d441 100644 --- a/drivers/net/bnx2.c +++ b/drivers/net/bnx2.c | |||
@@ -4527,7 +4527,7 @@ bnx2_start_xmit(struct sk_buff *skb, struct net_device *dev) | |||
4527 | if (skb->h.th->doff > 5) { | 4527 | if (skb->h.th->doff > 5) { |
4528 | tcp_opt_len = (skb->h.th->doff - 5) << 2; | 4528 | tcp_opt_len = (skb->h.th->doff - 5) << 2; |
4529 | } | 4529 | } |
4530 | ip_tcp_len = (skb->nh.iph->ihl << 2) + sizeof(struct tcphdr); | 4530 | ip_tcp_len = ip_hdrlen(skb) + sizeof(struct tcphdr); |
4531 | 4531 | ||
4532 | skb->nh.iph->check = 0; | 4532 | skb->nh.iph->check = 0; |
4533 | skb->nh.iph->tot_len = htons(mss + ip_tcp_len + tcp_opt_len); | 4533 | skb->nh.iph->tot_len = htons(mss + ip_tcp_len + tcp_opt_len); |
diff --git a/drivers/net/ehea/ehea_main.c b/drivers/net/ehea/ehea_main.c index 0e4042bc0a48..b1c90a4fe31e 100644 --- a/drivers/net/ehea/ehea_main.c +++ b/drivers/net/ehea/ehea_main.c | |||
@@ -1263,7 +1263,7 @@ static inline void write_ip_start_end(struct ehea_swqe *swqe, | |||
1263 | const struct sk_buff *skb) | 1263 | const struct sk_buff *skb) |
1264 | { | 1264 | { |
1265 | swqe->ip_start = (u8)(((u64)skb->nh.iph) - ((u64)skb->data)); | 1265 | swqe->ip_start = (u8)(((u64)skb->nh.iph) - ((u64)skb->data)); |
1266 | swqe->ip_end = (u8)(swqe->ip_start + skb->nh.iph->ihl * 4 - 1); | 1266 | swqe->ip_end = (u8)(swqe->ip_start + ip_hdrlen(skb) - 1); |
1267 | } | 1267 | } |
1268 | 1268 | ||
1269 | static inline void write_tcp_offset_end(struct ehea_swqe *swqe, | 1269 | static inline void write_tcp_offset_end(struct ehea_swqe *swqe, |
@@ -1300,7 +1300,7 @@ static void write_swqe2_TSO(struct sk_buff *skb, | |||
1300 | /* copy only eth/ip/tcp headers to immediate data and | 1300 | /* copy only eth/ip/tcp headers to immediate data and |
1301 | * the rest of skb->data to sg1entry | 1301 | * the rest of skb->data to sg1entry |
1302 | */ | 1302 | */ |
1303 | headersize = ETH_HLEN + (skb->nh.iph->ihl * 4) + (skb->h.th->doff * 4); | 1303 | headersize = ETH_HLEN + ip_hdrlen(skb) + (skb->h.th->doff * 4); |
1304 | 1304 | ||
1305 | skb_data_size = skb->len - skb->data_len; | 1305 | skb_data_size = skb->len - skb->data_len; |
1306 | 1306 | ||
diff --git a/drivers/net/netxen/netxen_nic_hw.c b/drivers/net/netxen/netxen_nic_hw.c index 625e11ed6aae..b2f5032937e3 100644 --- a/drivers/net/netxen/netxen_nic_hw.c +++ b/drivers/net/netxen/netxen_nic_hw.c | |||
@@ -35,6 +35,8 @@ | |||
35 | #include "netxen_nic_hw.h" | 35 | #include "netxen_nic_hw.h" |
36 | #include "netxen_nic_phan_reg.h" | 36 | #include "netxen_nic_phan_reg.h" |
37 | 37 | ||
38 | #include <net/ip.h> | ||
39 | |||
38 | /* PCI Windowing for DDR regions. */ | 40 | /* PCI Windowing for DDR regions. */ |
39 | 41 | ||
40 | #define ADDR_IN_RANGE(addr, low, high) \ | 42 | #define ADDR_IN_RANGE(addr, low, high) \ |
@@ -371,9 +373,9 @@ void netxen_tso_check(struct netxen_adapter *adapter, | |||
371 | struct cmd_desc_type0 *desc, struct sk_buff *skb) | 373 | struct cmd_desc_type0 *desc, struct sk_buff *skb) |
372 | { | 374 | { |
373 | if (desc->mss) { | 375 | if (desc->mss) { |
374 | desc->total_hdr_length = sizeof(struct ethhdr) + | 376 | desc->total_hdr_length = (sizeof(struct ethhdr) + |
375 | ((skb->nh.iph)->ihl * sizeof(u32)) + | 377 | ip_hdrlen(skb) + |
376 | ((skb->h.th)->doff * sizeof(u32)); | 378 | skb->h.th->doff * 4); |
377 | netxen_set_cmd_desc_opcode(desc, TX_TCP_LSO); | 379 | netxen_set_cmd_desc_opcode(desc, TX_TCP_LSO); |
378 | } else if (skb->ip_summed == CHECKSUM_PARTIAL) { | 380 | } else if (skb->ip_summed == CHECKSUM_PARTIAL) { |
379 | if (skb->nh.iph->protocol == IPPROTO_TCP) { | 381 | if (skb->nh.iph->protocol == IPPROTO_TCP) { |
diff --git a/drivers/net/netxen/netxen_nic_main.c b/drivers/net/netxen/netxen_nic_main.c index 7d2525e76abb..b548a30e5c8e 100644 --- a/drivers/net/netxen/netxen_nic_main.c +++ b/drivers/net/netxen/netxen_nic_main.c | |||
@@ -41,6 +41,7 @@ | |||
41 | 41 | ||
42 | #include <linux/dma-mapping.h> | 42 | #include <linux/dma-mapping.h> |
43 | #include <linux/vmalloc.h> | 43 | #include <linux/vmalloc.h> |
44 | #include <net/ip.h> | ||
44 | 45 | ||
45 | MODULE_DESCRIPTION("NetXen Multi port (1/10) Gigabit Network Driver"); | 46 | MODULE_DESCRIPTION("NetXen Multi port (1/10) Gigabit Network Driver"); |
46 | MODULE_LICENSE("GPL"); | 47 | MODULE_LICENSE("GPL"); |
@@ -778,9 +779,8 @@ static int netxen_nic_xmit_frame(struct sk_buff *skb, struct net_device *netdev) | |||
778 | if (skb_shinfo(skb)->gso_size > 0) { | 779 | if (skb_shinfo(skb)->gso_size > 0) { |
779 | 780 | ||
780 | no_of_desc++; | 781 | no_of_desc++; |
781 | if (((skb->nh.iph)->ihl * sizeof(u32)) + | 782 | if ((ip_hdrlen(skb) + skb->h.th->doff * 4 + |
782 | ((skb->h.th)->doff * sizeof(u32)) + | 783 | sizeof(struct ethhdr)) > |
783 | sizeof(struct ethhdr) > | ||
784 | (sizeof(struct cmd_desc_type0) - 2)) { | 784 | (sizeof(struct cmd_desc_type0) - 2)) { |
785 | no_of_desc++; | 785 | no_of_desc++; |
786 | } | 786 | } |
diff --git a/drivers/net/sky2.c b/drivers/net/sky2.c index ac36152c68bf..51e994f26a84 100644 --- a/drivers/net/sky2.c +++ b/drivers/net/sky2.c | |||
@@ -32,6 +32,7 @@ | |||
32 | #include <linux/ethtool.h> | 32 | #include <linux/ethtool.h> |
33 | #include <linux/pci.h> | 33 | #include <linux/pci.h> |
34 | #include <linux/ip.h> | 34 | #include <linux/ip.h> |
35 | #include <net/ip.h> | ||
35 | #include <linux/tcp.h> | 36 | #include <linux/tcp.h> |
36 | #include <linux/in.h> | 37 | #include <linux/in.h> |
37 | #include <linux/delay.h> | 38 | #include <linux/delay.h> |
@@ -1392,7 +1393,7 @@ static int sky2_xmit_frame(struct sk_buff *skb, struct net_device *dev) | |||
1392 | mss = skb_shinfo(skb)->gso_size; | 1393 | mss = skb_shinfo(skb)->gso_size; |
1393 | if (mss != 0) { | 1394 | if (mss != 0) { |
1394 | mss += ((skb->h.th->doff - 5) * 4); /* TCP options */ | 1395 | mss += ((skb->h.th->doff - 5) * 4); /* TCP options */ |
1395 | mss += (skb->nh.iph->ihl * 4) + sizeof(struct tcphdr); | 1396 | mss += ip_hdrlen(skb) + sizeof(struct tcphdr); |
1396 | mss += ETH_HLEN; | 1397 | mss += ETH_HLEN; |
1397 | 1398 | ||
1398 | if (mss != sky2->tx_last_mss) { | 1399 | if (mss != sky2->tx_last_mss) { |
diff --git a/drivers/net/tg3.c b/drivers/net/tg3.c index 256969e1300c..62a3bba0097d 100644 --- a/drivers/net/tg3.c +++ b/drivers/net/tg3.c | |||
@@ -40,6 +40,7 @@ | |||
40 | #include <linux/dma-mapping.h> | 40 | #include <linux/dma-mapping.h> |
41 | 41 | ||
42 | #include <net/checksum.h> | 42 | #include <net/checksum.h> |
43 | #include <net/ip.h> | ||
43 | 44 | ||
44 | #include <asm/system.h> | 45 | #include <asm/system.h> |
45 | #include <asm/io.h> | 46 | #include <asm/io.h> |
@@ -3909,8 +3910,7 @@ static int tg3_start_xmit(struct sk_buff *skb, struct net_device *dev) | |||
3909 | mss |= (skb_headlen(skb) - ETH_HLEN) << 9; | 3910 | mss |= (skb_headlen(skb) - ETH_HLEN) << 9; |
3910 | else { | 3911 | else { |
3911 | tcp_opt_len = ((skb->h.th->doff - 5) * 4); | 3912 | tcp_opt_len = ((skb->h.th->doff - 5) * 4); |
3912 | ip_tcp_len = (skb->nh.iph->ihl * 4) + | 3913 | ip_tcp_len = ip_hdrlen(skb) + sizeof(struct tcphdr); |
3913 | sizeof(struct tcphdr); | ||
3914 | 3914 | ||
3915 | skb->nh.iph->check = 0; | 3915 | skb->nh.iph->check = 0; |
3916 | skb->nh.iph->tot_len = htons(mss + ip_tcp_len + | 3916 | skb->nh.iph->tot_len = htons(mss + ip_tcp_len + |
@@ -4064,7 +4064,7 @@ static int tg3_start_xmit_dma_bug(struct sk_buff *skb, struct net_device *dev) | |||
4064 | } | 4064 | } |
4065 | 4065 | ||
4066 | tcp_opt_len = ((skb->h.th->doff - 5) * 4); | 4066 | tcp_opt_len = ((skb->h.th->doff - 5) * 4); |
4067 | ip_tcp_len = (skb->nh.iph->ihl * 4) + sizeof(struct tcphdr); | 4067 | ip_tcp_len = ip_hdrlen(skb) + sizeof(struct tcphdr); |
4068 | 4068 | ||
4069 | hdr_len = ip_tcp_len + tcp_opt_len; | 4069 | hdr_len = ip_tcp_len + tcp_opt_len; |
4070 | if (unlikely((ETH_HLEN + hdr_len) > 80) && | 4070 | if (unlikely((ETH_HLEN + hdr_len) > 80) && |
diff --git a/drivers/s390/net/qeth_eddp.c b/drivers/s390/net/qeth_eddp.c index 893125403c68..1574247abaa1 100644 --- a/drivers/s390/net/qeth_eddp.c +++ b/drivers/s390/net/qeth_eddp.c | |||
@@ -473,9 +473,11 @@ qeth_eddp_fill_context_tcp(struct qeth_eddp_context *ctx, | |||
473 | QETH_DBF_TEXT(trace, 5, "eddpficx"); | 473 | QETH_DBF_TEXT(trace, 5, "eddpficx"); |
474 | /* create our segmentation headers and copy original headers */ | 474 | /* create our segmentation headers and copy original headers */ |
475 | if (skb->protocol == htons(ETH_P_IP)) | 475 | if (skb->protocol == htons(ETH_P_IP)) |
476 | eddp = qeth_eddp_create_eddp_data(qhdr, (u8 *)skb->nh.iph, | 476 | eddp = qeth_eddp_create_eddp_data(qhdr, |
477 | skb->nh.iph->ihl*4, | 477 | skb_network_header(skb), |
478 | (u8 *)skb->h.th, skb->h.th->doff*4); | 478 | ip_hdrlen(skb), |
479 | skb->h.raw, | ||
480 | skb->h.th->doff * 4); | ||
479 | else | 481 | else |
480 | eddp = qeth_eddp_create_eddp_data(qhdr, (u8 *)skb->nh.ipv6h, | 482 | eddp = qeth_eddp_create_eddp_data(qhdr, (u8 *)skb->nh.ipv6h, |
481 | sizeof(struct ipv6hdr), | 483 | sizeof(struct ipv6hdr), |
@@ -590,8 +592,9 @@ qeth_eddp_create_context_tcp(struct qeth_card *card, struct sk_buff *skb, | |||
590 | QETH_DBF_TEXT(trace, 5, "creddpct"); | 592 | QETH_DBF_TEXT(trace, 5, "creddpct"); |
591 | if (skb->protocol == htons(ETH_P_IP)) | 593 | if (skb->protocol == htons(ETH_P_IP)) |
592 | ctx = qeth_eddp_create_context_generic(card, skb, | 594 | ctx = qeth_eddp_create_context_generic(card, skb, |
593 | sizeof(struct qeth_hdr) + skb->nh.iph->ihl*4 + | 595 | (sizeof(struct qeth_hdr) + |
594 | skb->h.th->doff*4); | 596 | ip_hdrlen(skb) + |
597 | skb->h.th->doff * 4)); | ||
595 | else if (skb->protocol == htons(ETH_P_IPV6)) | 598 | else if (skb->protocol == htons(ETH_P_IPV6)) |
596 | ctx = qeth_eddp_create_context_generic(card, skb, | 599 | ctx = qeth_eddp_create_context_generic(card, skb, |
597 | sizeof(struct qeth_hdr) + sizeof(struct ipv6hdr) + | 600 | sizeof(struct qeth_hdr) + sizeof(struct ipv6hdr) + |
diff --git a/include/net/ip.h b/include/net/ip.h index e79c3e3aa4f6..6f7ba32b199d 100644 --- a/include/net/ip.h +++ b/include/net/ip.h | |||
@@ -25,6 +25,7 @@ | |||
25 | #include <linux/types.h> | 25 | #include <linux/types.h> |
26 | #include <linux/ip.h> | 26 | #include <linux/ip.h> |
27 | #include <linux/in.h> | 27 | #include <linux/in.h> |
28 | #include <linux/skbuff.h> | ||
28 | 29 | ||
29 | #include <net/inet_sock.h> | 30 | #include <net/inet_sock.h> |
30 | #include <net/snmp.h> | 31 | #include <net/snmp.h> |
@@ -43,6 +44,11 @@ struct inet_skb_parm | |||
43 | #define IPSKB_REROUTED 16 | 44 | #define IPSKB_REROUTED 16 |
44 | }; | 45 | }; |
45 | 46 | ||
47 | static inline unsigned int ip_hdrlen(const struct sk_buff *skb) | ||
48 | { | ||
49 | return skb->nh.iph->ihl * 4; | ||
50 | } | ||
51 | |||
46 | struct ipcm_cookie | 52 | struct ipcm_cookie |
47 | { | 53 | { |
48 | __be32 addr; | 54 | __be32 addr; |
@@ -74,7 +80,6 @@ struct msghdr; | |||
74 | struct net_device; | 80 | struct net_device; |
75 | struct packet_type; | 81 | struct packet_type; |
76 | struct rtable; | 82 | struct rtable; |
77 | struct sk_buff; | ||
78 | struct sockaddr; | 83 | struct sockaddr; |
79 | 84 | ||
80 | extern void ip_mc_dropsocket(struct sock *); | 85 | extern void ip_mc_dropsocket(struct sock *); |
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index 268a6c7347f2..af120b2d5331 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c | |||
@@ -483,7 +483,7 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb) | |||
483 | flags = offset & ~IP_OFFSET; | 483 | flags = offset & ~IP_OFFSET; |
484 | offset &= IP_OFFSET; | 484 | offset &= IP_OFFSET; |
485 | offset <<= 3; /* offset is in 8-byte chunks */ | 485 | offset <<= 3; /* offset is in 8-byte chunks */ |
486 | ihl = skb->nh.iph->ihl * 4; | 486 | ihl = ip_hdrlen(skb); |
487 | 487 | ||
488 | /* Determine the position of this fragment. */ | 488 | /* Determine the position of this fragment. */ |
489 | end = offset + skb->len - ihl; | 489 | end = offset + skb->len - ihl; |
@@ -624,7 +624,7 @@ static struct sk_buff *ip_frag_reasm(struct ipq *qp, struct net_device *dev) | |||
624 | BUG_TRAP(FRAG_CB(head)->offset == 0); | 624 | BUG_TRAP(FRAG_CB(head)->offset == 0); |
625 | 625 | ||
626 | /* Allocate a new buffer for the datagram. */ | 626 | /* Allocate a new buffer for the datagram. */ |
627 | ihlen = head->nh.iph->ihl*4; | 627 | ihlen = ip_hdrlen(head); |
628 | len = ihlen + qp->len; | 628 | len = ihlen + qp->len; |
629 | 629 | ||
630 | if (len > 65535) | 630 | if (len > 65535) |
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index f38e97647ac0..2ee132b330fd 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c | |||
@@ -198,9 +198,7 @@ int ip_call_ra_chain(struct sk_buff *skb) | |||
198 | 198 | ||
199 | static inline int ip_local_deliver_finish(struct sk_buff *skb) | 199 | static inline int ip_local_deliver_finish(struct sk_buff *skb) |
200 | { | 200 | { |
201 | int ihl = skb->nh.iph->ihl*4; | 201 | __skb_pull(skb, ip_hdrlen(skb)); |
202 | |||
203 | __skb_pull(skb, ihl); | ||
204 | 202 | ||
205 | /* Point into the IP datagram, just past the header. */ | 203 | /* Point into the IP datagram, just past the header. */ |
206 | skb->h.raw = skb->data; | 204 | skb->h.raw = skb->data; |
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c index aba3ff0bec97..54b7543190f1 100644 --- a/net/ipv4/ipmr.c +++ b/net/ipv4/ipmr.c | |||
@@ -539,7 +539,7 @@ static void ipmr_cache_resolve(struct mfc_cache *uc, struct mfc_cache *c) | |||
539 | static int ipmr_cache_report(struct sk_buff *pkt, vifi_t vifi, int assert) | 539 | static int ipmr_cache_report(struct sk_buff *pkt, vifi_t vifi, int assert) |
540 | { | 540 | { |
541 | struct sk_buff *skb; | 541 | struct sk_buff *skb; |
542 | int ihl = pkt->nh.iph->ihl<<2; | 542 | const int ihl = ip_hdrlen(pkt); |
543 | struct igmphdr *igmp; | 543 | struct igmphdr *igmp; |
544 | struct igmpmsg *msg; | 544 | struct igmpmsg *msg; |
545 | int ret; | 545 | int ret; |
diff --git a/net/ipv4/ipvs/ip_vs_app.c b/net/ipv4/ipvs/ip_vs_app.c index f29d3a27eec6..e5beab28cd0f 100644 --- a/net/ipv4/ipvs/ip_vs_app.c +++ b/net/ipv4/ipvs/ip_vs_app.c | |||
@@ -331,7 +331,7 @@ static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb, | |||
331 | struct ip_vs_app *app) | 331 | struct ip_vs_app *app) |
332 | { | 332 | { |
333 | int diff; | 333 | int diff; |
334 | unsigned int tcp_offset = (*pskb)->nh.iph->ihl*4; | 334 | const unsigned int tcp_offset = ip_hdrlen(*pskb); |
335 | struct tcphdr *th; | 335 | struct tcphdr *th; |
336 | __u32 seq; | 336 | __u32 seq; |
337 | 337 | ||
@@ -406,7 +406,7 @@ static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb, | |||
406 | struct ip_vs_app *app) | 406 | struct ip_vs_app *app) |
407 | { | 407 | { |
408 | int diff; | 408 | int diff; |
409 | unsigned int tcp_offset = (*pskb)->nh.iph->ihl*4; | 409 | const unsigned int tcp_offset = ip_hdrlen(*pskb); |
410 | struct tcphdr *th; | 410 | struct tcphdr *th; |
411 | __u32 seq; | 411 | __u32 seq; |
412 | 412 | ||
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c index 5d54dd2ce12f..7893c00a91fe 100644 --- a/net/ipv4/ipvs/ip_vs_core.c +++ b/net/ipv4/ipvs/ip_vs_core.c | |||
@@ -713,8 +713,7 @@ static inline int is_tcp_reset(const struct sk_buff *skb) | |||
713 | { | 713 | { |
714 | struct tcphdr _tcph, *th; | 714 | struct tcphdr _tcph, *th; |
715 | 715 | ||
716 | th = skb_header_pointer(skb, skb->nh.iph->ihl * 4, | 716 | th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph); |
717 | sizeof(_tcph), &_tcph); | ||
718 | if (th == NULL) | 717 | if (th == NULL) |
719 | return 0; | 718 | return 0; |
720 | return th->rst; | 719 | return th->rst; |
diff --git a/net/ipv4/ipvs/ip_vs_proto_tcp.c b/net/ipv4/ipvs/ip_vs_proto_tcp.c index 16a9ebee2fe6..e65382da713e 100644 --- a/net/ipv4/ipvs/ip_vs_proto_tcp.c +++ b/net/ipv4/ipvs/ip_vs_proto_tcp.c | |||
@@ -76,8 +76,7 @@ tcp_conn_schedule(struct sk_buff *skb, | |||
76 | struct ip_vs_service *svc; | 76 | struct ip_vs_service *svc; |
77 | struct tcphdr _tcph, *th; | 77 | struct tcphdr _tcph, *th; |
78 | 78 | ||
79 | th = skb_header_pointer(skb, skb->nh.iph->ihl*4, | 79 | th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph); |
80 | sizeof(_tcph), &_tcph); | ||
81 | if (th == NULL) { | 80 | if (th == NULL) { |
82 | *verdict = NF_DROP; | 81 | *verdict = NF_DROP; |
83 | return 0; | 82 | return 0; |
@@ -127,7 +126,7 @@ tcp_snat_handler(struct sk_buff **pskb, | |||
127 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) | 126 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) |
128 | { | 127 | { |
129 | struct tcphdr *tcph; | 128 | struct tcphdr *tcph; |
130 | unsigned int tcphoff = (*pskb)->nh.iph->ihl * 4; | 129 | const unsigned int tcphoff = ip_hdrlen(*pskb); |
131 | 130 | ||
132 | /* csum_check requires unshared skb */ | 131 | /* csum_check requires unshared skb */ |
133 | if (!ip_vs_make_skb_writable(pskb, tcphoff+sizeof(*tcph))) | 132 | if (!ip_vs_make_skb_writable(pskb, tcphoff+sizeof(*tcph))) |
@@ -175,7 +174,7 @@ tcp_dnat_handler(struct sk_buff **pskb, | |||
175 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) | 174 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) |
176 | { | 175 | { |
177 | struct tcphdr *tcph; | 176 | struct tcphdr *tcph; |
178 | unsigned int tcphoff = (*pskb)->nh.iph->ihl * 4; | 177 | const unsigned int tcphoff = ip_hdrlen(*pskb); |
179 | 178 | ||
180 | /* csum_check requires unshared skb */ | 179 | /* csum_check requires unshared skb */ |
181 | if (!ip_vs_make_skb_writable(pskb, tcphoff+sizeof(*tcph))) | 180 | if (!ip_vs_make_skb_writable(pskb, tcphoff+sizeof(*tcph))) |
@@ -224,7 +223,7 @@ tcp_dnat_handler(struct sk_buff **pskb, | |||
224 | static int | 223 | static int |
225 | tcp_csum_check(struct sk_buff *skb, struct ip_vs_protocol *pp) | 224 | tcp_csum_check(struct sk_buff *skb, struct ip_vs_protocol *pp) |
226 | { | 225 | { |
227 | unsigned int tcphoff = skb->nh.iph->ihl*4; | 226 | const unsigned int tcphoff = ip_hdrlen(skb); |
228 | 227 | ||
229 | switch (skb->ip_summed) { | 228 | switch (skb->ip_summed) { |
230 | case CHECKSUM_NONE: | 229 | case CHECKSUM_NONE: |
@@ -467,8 +466,7 @@ tcp_state_transition(struct ip_vs_conn *cp, int direction, | |||
467 | { | 466 | { |
468 | struct tcphdr _tcph, *th; | 467 | struct tcphdr _tcph, *th; |
469 | 468 | ||
470 | th = skb_header_pointer(skb, skb->nh.iph->ihl*4, | 469 | th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph); |
471 | sizeof(_tcph), &_tcph); | ||
472 | if (th == NULL) | 470 | if (th == NULL) |
473 | return 0; | 471 | return 0; |
474 | 472 | ||
diff --git a/net/ipv4/ipvs/ip_vs_proto_udp.c b/net/ipv4/ipvs/ip_vs_proto_udp.c index 03f0a414cfa4..2cd950638923 100644 --- a/net/ipv4/ipvs/ip_vs_proto_udp.c +++ b/net/ipv4/ipvs/ip_vs_proto_udp.c | |||
@@ -22,7 +22,7 @@ | |||
22 | #include <linux/udp.h> | 22 | #include <linux/udp.h> |
23 | 23 | ||
24 | #include <net/ip_vs.h> | 24 | #include <net/ip_vs.h> |
25 | 25 | #include <net/ip.h> | |
26 | 26 | ||
27 | static struct ip_vs_conn * | 27 | static struct ip_vs_conn * |
28 | udp_conn_in_get(const struct sk_buff *skb, struct ip_vs_protocol *pp, | 28 | udp_conn_in_get(const struct sk_buff *skb, struct ip_vs_protocol *pp, |
@@ -56,7 +56,7 @@ udp_conn_out_get(const struct sk_buff *skb, struct ip_vs_protocol *pp, | |||
56 | struct ip_vs_conn *cp; | 56 | struct ip_vs_conn *cp; |
57 | __be16 _ports[2], *pptr; | 57 | __be16 _ports[2], *pptr; |
58 | 58 | ||
59 | pptr = skb_header_pointer(skb, skb->nh.iph->ihl*4, | 59 | pptr = skb_header_pointer(skb, ip_hdrlen(skb), |
60 | sizeof(_ports), _ports); | 60 | sizeof(_ports), _ports); |
61 | if (pptr == NULL) | 61 | if (pptr == NULL) |
62 | return NULL; | 62 | return NULL; |
@@ -82,7 +82,7 @@ udp_conn_schedule(struct sk_buff *skb, struct ip_vs_protocol *pp, | |||
82 | struct ip_vs_service *svc; | 82 | struct ip_vs_service *svc; |
83 | struct udphdr _udph, *uh; | 83 | struct udphdr _udph, *uh; |
84 | 84 | ||
85 | uh = skb_header_pointer(skb, skb->nh.iph->ihl*4, | 85 | uh = skb_header_pointer(skb, ip_hdrlen(skb), |
86 | sizeof(_udph), &_udph); | 86 | sizeof(_udph), &_udph); |
87 | if (uh == NULL) { | 87 | if (uh == NULL) { |
88 | *verdict = NF_DROP; | 88 | *verdict = NF_DROP; |
@@ -133,7 +133,7 @@ udp_snat_handler(struct sk_buff **pskb, | |||
133 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) | 133 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) |
134 | { | 134 | { |
135 | struct udphdr *udph; | 135 | struct udphdr *udph; |
136 | unsigned int udphoff = (*pskb)->nh.iph->ihl * 4; | 136 | const unsigned int udphoff = ip_hdrlen(*pskb); |
137 | 137 | ||
138 | /* csum_check requires unshared skb */ | 138 | /* csum_check requires unshared skb */ |
139 | if (!ip_vs_make_skb_writable(pskb, udphoff+sizeof(*udph))) | 139 | if (!ip_vs_make_skb_writable(pskb, udphoff+sizeof(*udph))) |
@@ -187,7 +187,7 @@ udp_dnat_handler(struct sk_buff **pskb, | |||
187 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) | 187 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) |
188 | { | 188 | { |
189 | struct udphdr *udph; | 189 | struct udphdr *udph; |
190 | unsigned int udphoff = (*pskb)->nh.iph->ihl * 4; | 190 | unsigned int udphoff = ip_hdrlen(*pskb); |
191 | 191 | ||
192 | /* csum_check requires unshared skb */ | 192 | /* csum_check requires unshared skb */ |
193 | if (!ip_vs_make_skb_writable(pskb, udphoff+sizeof(*udph))) | 193 | if (!ip_vs_make_skb_writable(pskb, udphoff+sizeof(*udph))) |
@@ -239,7 +239,7 @@ static int | |||
239 | udp_csum_check(struct sk_buff *skb, struct ip_vs_protocol *pp) | 239 | udp_csum_check(struct sk_buff *skb, struct ip_vs_protocol *pp) |
240 | { | 240 | { |
241 | struct udphdr _udph, *uh; | 241 | struct udphdr _udph, *uh; |
242 | unsigned int udphoff = skb->nh.iph->ihl*4; | 242 | const unsigned int udphoff = ip_hdrlen(skb); |
243 | 243 | ||
244 | uh = skb_header_pointer(skb, udphoff, sizeof(_udph), &_udph); | 244 | uh = skb_header_pointer(skb, udphoff, sizeof(_udph), &_udph); |
245 | if (uh == NULL) | 245 | if (uh == NULL) |
diff --git a/net/ipv4/netfilter/ip_conntrack_amanda.c b/net/ipv4/netfilter/ip_conntrack_amanda.c index 4f561f52c83a..c40762c67d0e 100644 --- a/net/ipv4/netfilter/ip_conntrack_amanda.c +++ b/net/ipv4/netfilter/ip_conntrack_amanda.c | |||
@@ -103,7 +103,7 @@ static int help(struct sk_buff **pskb, | |||
103 | ip_ct_refresh(ct, *pskb, master_timeout * HZ); | 103 | ip_ct_refresh(ct, *pskb, master_timeout * HZ); |
104 | 104 | ||
105 | /* No data? */ | 105 | /* No data? */ |
106 | dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); | 106 | dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); |
107 | if (dataoff >= (*pskb)->len) { | 107 | if (dataoff >= (*pskb)->len) { |
108 | if (net_ratelimit()) | 108 | if (net_ratelimit()) |
109 | printk("amanda_help: skblen = %u\n", (*pskb)->len); | 109 | printk("amanda_help: skblen = %u\n", (*pskb)->len); |
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index 23b99ae2cc37..8c013d9f6907 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c | |||
@@ -750,8 +750,7 @@ resolve_normal_ct(struct sk_buff *skb, | |||
750 | 750 | ||
751 | IP_NF_ASSERT((skb->nh.iph->frag_off & htons(IP_OFFSET)) == 0); | 751 | IP_NF_ASSERT((skb->nh.iph->frag_off & htons(IP_OFFSET)) == 0); |
752 | 752 | ||
753 | if (!ip_ct_get_tuple(skb->nh.iph, skb, skb->nh.iph->ihl*4, | 753 | if (!ip_ct_get_tuple(skb->nh.iph, skb, ip_hdrlen(skb), &tuple,proto)) |
754 | &tuple,proto)) | ||
755 | return NULL; | 754 | return NULL; |
756 | 755 | ||
757 | /* look for tuple match */ | 756 | /* look for tuple match */ |
diff --git a/net/ipv4/netfilter/ip_conntrack_ftp.c b/net/ipv4/netfilter/ip_conntrack_ftp.c index 1faa68ab9432..92389987e789 100644 --- a/net/ipv4/netfilter/ip_conntrack_ftp.c +++ b/net/ipv4/netfilter/ip_conntrack_ftp.c | |||
@@ -319,12 +319,12 @@ static int help(struct sk_buff **pskb, | |||
319 | return NF_ACCEPT; | 319 | return NF_ACCEPT; |
320 | } | 320 | } |
321 | 321 | ||
322 | th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4, | 322 | th = skb_header_pointer(*pskb, ip_hdrlen(*pskb), |
323 | sizeof(_tcph), &_tcph); | 323 | sizeof(_tcph), &_tcph); |
324 | if (th == NULL) | 324 | if (th == NULL) |
325 | return NF_ACCEPT; | 325 | return NF_ACCEPT; |
326 | 326 | ||
327 | dataoff = (*pskb)->nh.iph->ihl*4 + th->doff*4; | 327 | dataoff = ip_hdrlen(*pskb) + th->doff * 4; |
328 | /* No data? */ | 328 | /* No data? */ |
329 | if (dataoff >= (*pskb)->len) { | 329 | if (dataoff >= (*pskb)->len) { |
330 | DEBUGP("ftp: pskblen = %u\n", (*pskb)->len); | 330 | DEBUGP("ftp: pskblen = %u\n", (*pskb)->len); |
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323.c b/net/ipv4/netfilter/ip_conntrack_helper_h323.c index 53eb365ccc7e..5d638149b0e0 100644 --- a/net/ipv4/netfilter/ip_conntrack_helper_h323.c +++ b/net/ipv4/netfilter/ip_conntrack_helper_h323.c | |||
@@ -115,13 +115,13 @@ static int get_tpkt_data(struct sk_buff **pskb, struct ip_conntrack *ct, | |||
115 | int tpktoff; | 115 | int tpktoff; |
116 | 116 | ||
117 | /* Get TCP header */ | 117 | /* Get TCP header */ |
118 | th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl * 4, | 118 | th = skb_header_pointer(*pskb, ip_hdrlen(*pskb), |
119 | sizeof(_tcph), &_tcph); | 119 | sizeof(_tcph), &_tcph); |
120 | if (th == NULL) | 120 | if (th == NULL) |
121 | return 0; | 121 | return 0; |
122 | 122 | ||
123 | /* Get TCP data offset */ | 123 | /* Get TCP data offset */ |
124 | tcpdataoff = (*pskb)->nh.iph->ihl * 4 + th->doff * 4; | 124 | tcpdataoff = ip_hdrlen(*pskb) + th->doff * 4; |
125 | 125 | ||
126 | /* Get TCP data length */ | 126 | /* Get TCP data length */ |
127 | tcpdatalen = (*pskb)->len - tcpdataoff; | 127 | tcpdatalen = (*pskb)->len - tcpdataoff; |
@@ -1185,11 +1185,10 @@ static unsigned char *get_udp_data(struct sk_buff **pskb, int *datalen) | |||
1185 | struct udphdr _uh, *uh; | 1185 | struct udphdr _uh, *uh; |
1186 | int dataoff; | 1186 | int dataoff; |
1187 | 1187 | ||
1188 | uh = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl * 4, sizeof(_uh), | 1188 | uh = skb_header_pointer(*pskb, ip_hdrlen(*pskb), sizeof(_uh), &_uh); |
1189 | &_uh); | ||
1190 | if (uh == NULL) | 1189 | if (uh == NULL) |
1191 | return NULL; | 1190 | return NULL; |
1192 | dataoff = (*pskb)->nh.iph->ihl * 4 + sizeof(_uh); | 1191 | dataoff = ip_hdrlen(*pskb) + sizeof(_uh); |
1193 | if (dataoff >= (*pskb)->len) | 1192 | if (dataoff >= (*pskb)->len) |
1194 | return NULL; | 1193 | return NULL; |
1195 | *datalen = (*pskb)->len - dataoff; | 1194 | *datalen = (*pskb)->len - dataoff; |
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c index 2b760c5cf709..f5ab8e4b97cb 100644 --- a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c +++ b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c | |||
@@ -543,7 +543,7 @@ conntrack_pptp_help(struct sk_buff **pskb, | |||
543 | struct pptp_pkt_hdr _pptph, *pptph; | 543 | struct pptp_pkt_hdr _pptph, *pptph; |
544 | struct PptpControlHeader _ctlh, *ctlh; | 544 | struct PptpControlHeader _ctlh, *ctlh; |
545 | union pptp_ctrl_union _pptpReq, *pptpReq; | 545 | union pptp_ctrl_union _pptpReq, *pptpReq; |
546 | unsigned int tcplen = (*pskb)->len - (*pskb)->nh.iph->ihl * 4; | 546 | unsigned int tcplen = (*pskb)->len - ip_hdrlen(*pskb); |
547 | unsigned int datalen, reqlen, nexthdr_off; | 547 | unsigned int datalen, reqlen, nexthdr_off; |
548 | int oldsstate, oldcstate; | 548 | int oldsstate, oldcstate; |
549 | int ret; | 549 | int ret; |
@@ -556,7 +556,7 @@ conntrack_pptp_help(struct sk_buff **pskb, | |||
556 | return NF_ACCEPT; | 556 | return NF_ACCEPT; |
557 | } | 557 | } |
558 | 558 | ||
559 | nexthdr_off = (*pskb)->nh.iph->ihl*4; | 559 | nexthdr_off = ip_hdrlen(*pskb); |
560 | tcph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_tcph), &_tcph); | 560 | tcph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_tcph), &_tcph); |
561 | BUG_ON(!tcph); | 561 | BUG_ON(!tcph); |
562 | nexthdr_off += tcph->doff * 4; | 562 | nexthdr_off += tcph->doff * 4; |
diff --git a/net/ipv4/netfilter/ip_conntrack_irc.c b/net/ipv4/netfilter/ip_conntrack_irc.c index 053e591f407a..ee99abe482e3 100644 --- a/net/ipv4/netfilter/ip_conntrack_irc.c +++ b/net/ipv4/netfilter/ip_conntrack_irc.c | |||
@@ -130,13 +130,13 @@ static int help(struct sk_buff **pskb, | |||
130 | } | 130 | } |
131 | 131 | ||
132 | /* Not a full tcp header? */ | 132 | /* Not a full tcp header? */ |
133 | th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4, | 133 | th = skb_header_pointer(*pskb, ip_hdrlen(*pskb), |
134 | sizeof(_tcph), &_tcph); | 134 | sizeof(_tcph), &_tcph); |
135 | if (th == NULL) | 135 | if (th == NULL) |
136 | return NF_ACCEPT; | 136 | return NF_ACCEPT; |
137 | 137 | ||
138 | /* No data? */ | 138 | /* No data? */ |
139 | dataoff = (*pskb)->nh.iph->ihl*4 + th->doff*4; | 139 | dataoff = ip_hdrlen(*pskb) + th->doff * 4; |
140 | if (dataoff >= (*pskb)->len) | 140 | if (dataoff >= (*pskb)->len) |
141 | return NF_ACCEPT; | 141 | return NF_ACCEPT; |
142 | 142 | ||
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c index ad70c81a21e0..e253f3ee52d0 100644 --- a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c +++ b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c | |||
@@ -149,7 +149,7 @@ icmp_error_message(struct sk_buff *skb, | |||
149 | IP_NF_ASSERT(skb->nfct == NULL); | 149 | IP_NF_ASSERT(skb->nfct == NULL); |
150 | 150 | ||
151 | /* Not enough header? */ | 151 | /* Not enough header? */ |
152 | inside = skb_header_pointer(skb, skb->nh.iph->ihl*4, sizeof(_in), &_in); | 152 | inside = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_in), &_in); |
153 | if (inside == NULL) | 153 | if (inside == NULL) |
154 | return -NF_ACCEPT; | 154 | return -NF_ACCEPT; |
155 | 155 | ||
@@ -161,7 +161,7 @@ icmp_error_message(struct sk_buff *skb, | |||
161 | } | 161 | } |
162 | 162 | ||
163 | innerproto = ip_conntrack_proto_find_get(inside->ip.protocol); | 163 | innerproto = ip_conntrack_proto_find_get(inside->ip.protocol); |
164 | dataoff = skb->nh.iph->ihl*4 + sizeof(inside->icmp) + inside->ip.ihl*4; | 164 | dataoff = ip_hdrlen(skb) + sizeof(inside->icmp) + inside->ip.ihl * 4; |
165 | /* Are they talking about one of our connections? */ | 165 | /* Are they talking about one of our connections? */ |
166 | if (!ip_ct_get_tuple(&inside->ip, skb, dataoff, &origtuple, innerproto)) { | 166 | if (!ip_ct_get_tuple(&inside->ip, skb, dataoff, &origtuple, innerproto)) { |
167 | DEBUGP("icmp_error: ! get_tuple p=%u", inside->ip.protocol); | 167 | DEBUGP("icmp_error: ! get_tuple p=%u", inside->ip.protocol); |
@@ -214,7 +214,7 @@ icmp_error(struct sk_buff *skb, enum ip_conntrack_info *ctinfo, | |||
214 | struct icmphdr _ih, *icmph; | 214 | struct icmphdr _ih, *icmph; |
215 | 215 | ||
216 | /* Not enough header? */ | 216 | /* Not enough header? */ |
217 | icmph = skb_header_pointer(skb, skb->nh.iph->ihl*4, sizeof(_ih), &_ih); | 217 | icmph = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_ih), &_ih); |
218 | if (icmph == NULL) { | 218 | if (icmph == NULL) { |
219 | if (LOG_INVALID(IPPROTO_ICMP)) | 219 | if (LOG_INVALID(IPPROTO_ICMP)) |
220 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, | 220 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, |
@@ -224,7 +224,7 @@ icmp_error(struct sk_buff *skb, enum ip_conntrack_info *ctinfo, | |||
224 | 224 | ||
225 | /* See ip_conntrack_proto_tcp.c */ | 225 | /* See ip_conntrack_proto_tcp.c */ |
226 | if (ip_conntrack_checksum && hooknum == NF_IP_PRE_ROUTING && | 226 | if (ip_conntrack_checksum && hooknum == NF_IP_PRE_ROUTING && |
227 | nf_ip_checksum(skb, hooknum, skb->nh.iph->ihl * 4, 0)) { | 227 | nf_ip_checksum(skb, hooknum, ip_hdrlen(skb), 0)) { |
228 | if (LOG_INVALID(IPPROTO_ICMP)) | 228 | if (LOG_INVALID(IPPROTO_ICMP)) |
229 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, | 229 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, |
230 | "ip_ct_icmp: bad ICMP checksum "); | 230 | "ip_ct_icmp: bad ICMP checksum "); |
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c index e6942992b2f6..e29c436144b3 100644 --- a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c +++ b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c | |||
@@ -206,7 +206,7 @@ static int sctp_print_conntrack(struct seq_file *s, | |||
206 | } | 206 | } |
207 | 207 | ||
208 | #define for_each_sctp_chunk(skb, sch, _sch, offset, count) \ | 208 | #define for_each_sctp_chunk(skb, sch, _sch, offset, count) \ |
209 | for (offset = skb->nh.iph->ihl * 4 + sizeof(sctp_sctphdr_t), count = 0; \ | 209 | for (offset = ip_hdrlen(skb) + sizeof(sctp_sctphdr_t), count = 0; \ |
210 | offset < skb->len && \ | 210 | offset < skb->len && \ |
211 | (sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch)); \ | 211 | (sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch)); \ |
212 | offset += (ntohs(sch->length) + 3) & ~3, count++) | 212 | offset += (ntohs(sch->length) + 3) & ~3, count++) |
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c index 7ff11977eb4d..fce3a3c69815 100644 --- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c +++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c | |||
@@ -771,7 +771,7 @@ void ip_conntrack_tcp_update(struct sk_buff *skb, | |||
771 | enum ip_conntrack_dir dir) | 771 | enum ip_conntrack_dir dir) |
772 | { | 772 | { |
773 | struct iphdr *iph = skb->nh.iph; | 773 | struct iphdr *iph = skb->nh.iph; |
774 | struct tcphdr *tcph = (void *)skb->nh.iph + skb->nh.iph->ihl*4; | 774 | struct tcphdr *tcph = (void *)skb->nh.iph + ip_hdrlen(skb); |
775 | __u32 end; | 775 | __u32 end; |
776 | #ifdef DEBUGP_VARS | 776 | #ifdef DEBUGP_VARS |
777 | struct ip_ct_tcp_state *sender = &conntrack->proto.tcp.seen[dir]; | 777 | struct ip_ct_tcp_state *sender = &conntrack->proto.tcp.seen[dir]; |
diff --git a/net/ipv4/netfilter/ip_conntrack_sip.c b/net/ipv4/netfilter/ip_conntrack_sip.c index c59a962c1f61..7363e2a5cea4 100644 --- a/net/ipv4/netfilter/ip_conntrack_sip.c +++ b/net/ipv4/netfilter/ip_conntrack_sip.c | |||
@@ -402,7 +402,7 @@ static int sip_help(struct sk_buff **pskb, | |||
402 | typeof(ip_nat_sip_hook) ip_nat_sip; | 402 | typeof(ip_nat_sip_hook) ip_nat_sip; |
403 | 403 | ||
404 | /* No Data ? */ | 404 | /* No Data ? */ |
405 | dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); | 405 | dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); |
406 | if (dataoff >= (*pskb)->len) { | 406 | if (dataoff >= (*pskb)->len) { |
407 | DEBUGP("skb->len = %u\n", (*pskb)->len); | 407 | DEBUGP("skb->len = %u\n", (*pskb)->len); |
408 | return NF_ACCEPT; | 408 | return NF_ACCEPT; |
diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c index 56b2f7546d1e..92609a4dcd74 100644 --- a/net/ipv4/netfilter/ip_conntrack_standalone.c +++ b/net/ipv4/netfilter/ip_conntrack_standalone.c | |||
@@ -458,7 +458,7 @@ static unsigned int ip_conntrack_local(unsigned int hooknum, | |||
458 | { | 458 | { |
459 | /* root is playing with raw sockets. */ | 459 | /* root is playing with raw sockets. */ |
460 | if ((*pskb)->len < sizeof(struct iphdr) | 460 | if ((*pskb)->len < sizeof(struct iphdr) |
461 | || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) { | 461 | || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { |
462 | if (net_ratelimit()) | 462 | if (net_ratelimit()) |
463 | printk("ipt_hook: happy cracking.\n"); | 463 | printk("ipt_hook: happy cracking.\n"); |
464 | return NF_ACCEPT; | 464 | return NF_ACCEPT; |
diff --git a/net/ipv4/netfilter/ip_conntrack_tftp.c b/net/ipv4/netfilter/ip_conntrack_tftp.c index 76e175e7a972..afc6809a3888 100644 --- a/net/ipv4/netfilter/ip_conntrack_tftp.c +++ b/net/ipv4/netfilter/ip_conntrack_tftp.c | |||
@@ -53,7 +53,7 @@ static int tftp_help(struct sk_buff **pskb, | |||
53 | typeof(ip_nat_tftp_hook) ip_nat_tftp; | 53 | typeof(ip_nat_tftp_hook) ip_nat_tftp; |
54 | 54 | ||
55 | tfh = skb_header_pointer(*pskb, | 55 | tfh = skb_header_pointer(*pskb, |
56 | (*pskb)->nh.iph->ihl*4+sizeof(struct udphdr), | 56 | ip_hdrlen(*pskb) + sizeof(struct udphdr), |
57 | sizeof(_tftph), &_tftph); | 57 | sizeof(_tftph), &_tftph); |
58 | if (tfh == NULL) | 58 | if (tfh == NULL) |
59 | return NF_ACCEPT; | 59 | return NF_ACCEPT; |
diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c index 40737fdbe9a7..cf46930606f2 100644 --- a/net/ipv4/netfilter/ip_nat_core.c +++ b/net/ipv4/netfilter/ip_nat_core.c | |||
@@ -422,7 +422,7 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct, | |||
422 | } *inside; | 422 | } *inside; |
423 | struct ip_conntrack_protocol *proto; | 423 | struct ip_conntrack_protocol *proto; |
424 | struct ip_conntrack_tuple inner, target; | 424 | struct ip_conntrack_tuple inner, target; |
425 | int hdrlen = (*pskb)->nh.iph->ihl * 4; | 425 | int hdrlen = ip_hdrlen(*pskb); |
426 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); | 426 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); |
427 | unsigned long statusbit; | 427 | unsigned long statusbit; |
428 | enum ip_nat_manip_type manip = HOOK2MANIP(hooknum); | 428 | enum ip_nat_manip_type manip = HOOK2MANIP(hooknum); |
@@ -430,7 +430,7 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct, | |||
430 | if (!skb_make_writable(pskb, hdrlen + sizeof(*inside))) | 430 | if (!skb_make_writable(pskb, hdrlen + sizeof(*inside))) |
431 | return 0; | 431 | return 0; |
432 | 432 | ||
433 | inside = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; | 433 | inside = (void *)(*pskb)->data + ip_hdrlen(*pskb); |
434 | 434 | ||
435 | /* We're actually going to mangle it beyond trivial checksum | 435 | /* We're actually going to mangle it beyond trivial checksum |
436 | adjustment, so make sure the current checksum is correct. */ | 436 | adjustment, so make sure the current checksum is correct. */ |
@@ -458,7 +458,7 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct, | |||
458 | 458 | ||
459 | /* rcu_read_lock()ed by nf_hook_slow */ | 459 | /* rcu_read_lock()ed by nf_hook_slow */ |
460 | proto = __ip_conntrack_proto_find(inside->ip.protocol); | 460 | proto = __ip_conntrack_proto_find(inside->ip.protocol); |
461 | if (!ip_ct_get_tuple(&inside->ip, *pskb, (*pskb)->nh.iph->ihl*4 + | 461 | if (!ip_ct_get_tuple(&inside->ip, *pskb, ip_hdrlen(*pskb) + |
462 | sizeof(struct icmphdr) + inside->ip.ihl*4, | 462 | sizeof(struct icmphdr) + inside->ip.ihl*4, |
463 | &inner, proto)) | 463 | &inner, proto)) |
464 | return 0; | 464 | return 0; |
@@ -469,15 +469,14 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct, | |||
469 | packet: PREROUTING (DST manip), routing produces ICMP, goes | 469 | packet: PREROUTING (DST manip), routing produces ICMP, goes |
470 | through POSTROUTING (which must correct the DST manip). */ | 470 | through POSTROUTING (which must correct the DST manip). */ |
471 | if (!manip_pkt(inside->ip.protocol, pskb, | 471 | if (!manip_pkt(inside->ip.protocol, pskb, |
472 | (*pskb)->nh.iph->ihl*4 | 472 | ip_hdrlen(*pskb) + sizeof(inside->icmp), |
473 | + sizeof(inside->icmp), | ||
474 | &ct->tuplehash[!dir].tuple, | 473 | &ct->tuplehash[!dir].tuple, |
475 | !manip)) | 474 | !manip)) |
476 | return 0; | 475 | return 0; |
477 | 476 | ||
478 | if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { | 477 | if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { |
479 | /* Reloading "inside" here since manip_pkt inner. */ | 478 | /* Reloading "inside" here since manip_pkt inner. */ |
480 | inside = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; | 479 | inside = (void *)(*pskb)->data + ip_hdrlen(*pskb); |
481 | inside->icmp.checksum = 0; | 480 | inside->icmp.checksum = 0; |
482 | inside->icmp.checksum = csum_fold(skb_checksum(*pskb, hdrlen, | 481 | inside->icmp.checksum = csum_fold(skb_checksum(*pskb, hdrlen, |
483 | (*pskb)->len - hdrlen, | 482 | (*pskb)->len - hdrlen, |
diff --git a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c index dc778cfef58b..25624e558562 100644 --- a/net/ipv4/netfilter/ip_nat_helper.c +++ b/net/ipv4/netfilter/ip_nat_helper.c | |||
@@ -322,8 +322,8 @@ ip_nat_sack_adjust(struct sk_buff **pskb, | |||
322 | { | 322 | { |
323 | unsigned int dir, optoff, optend; | 323 | unsigned int dir, optoff, optend; |
324 | 324 | ||
325 | optoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct tcphdr); | 325 | optoff = ip_hdrlen(*pskb) + sizeof(struct tcphdr); |
326 | optend = (*pskb)->nh.iph->ihl*4 + tcph->doff*4; | 326 | optend = ip_hdrlen(*pskb) + tcph->doff * 4; |
327 | 327 | ||
328 | if (!skb_make_writable(pskb, optend)) | 328 | if (!skb_make_writable(pskb, optend)) |
329 | return 0; | 329 | return 0; |
@@ -374,10 +374,10 @@ ip_nat_seq_adjust(struct sk_buff **pskb, | |||
374 | this_way = &ct->nat.info.seq[dir]; | 374 | this_way = &ct->nat.info.seq[dir]; |
375 | other_way = &ct->nat.info.seq[!dir]; | 375 | other_way = &ct->nat.info.seq[!dir]; |
376 | 376 | ||
377 | if (!skb_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph))) | 377 | if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph))) |
378 | return 0; | 378 | return 0; |
379 | 379 | ||
380 | tcph = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; | 380 | tcph = (void *)(*pskb)->data + ip_hdrlen(*pskb); |
381 | if (after(ntohl(tcph->seq), this_way->correction_pos)) | 381 | if (after(ntohl(tcph->seq), this_way->correction_pos)) |
382 | newseq = htonl(ntohl(tcph->seq) + this_way->offset_after); | 382 | newseq = htonl(ntohl(tcph->seq) + this_way->offset_after); |
383 | else | 383 | else |
diff --git a/net/ipv4/netfilter/ip_nat_helper_h323.c b/net/ipv4/netfilter/ip_nat_helper_h323.c index bdc99ef6159e..8b1e3388bd08 100644 --- a/net/ipv4/netfilter/ip_nat_helper_h323.c +++ b/net/ipv4/netfilter/ip_nat_helper_h323.c | |||
@@ -57,11 +57,11 @@ static int set_addr(struct sk_buff **pskb, | |||
57 | } | 57 | } |
58 | 58 | ||
59 | /* Relocate data pointer */ | 59 | /* Relocate data pointer */ |
60 | th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl * 4, | 60 | th = skb_header_pointer(*pskb, ip_hdrlen(*pskb), |
61 | sizeof(_tcph), &_tcph); | 61 | sizeof(_tcph), &_tcph); |
62 | if (th == NULL) | 62 | if (th == NULL) |
63 | return -1; | 63 | return -1; |
64 | *data = (*pskb)->data + (*pskb)->nh.iph->ihl * 4 + | 64 | *data = (*pskb)->data + ip_hdrlen(*pskb) + |
65 | th->doff * 4 + dataoff; | 65 | th->doff * 4 + dataoff; |
66 | } else { | 66 | } else { |
67 | if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo, | 67 | if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo, |
@@ -75,8 +75,8 @@ static int set_addr(struct sk_buff **pskb, | |||
75 | /* ip_nat_mangle_udp_packet uses skb_make_writable() to copy | 75 | /* ip_nat_mangle_udp_packet uses skb_make_writable() to copy |
76 | * or pull everything in a linear buffer, so we can safely | 76 | * or pull everything in a linear buffer, so we can safely |
77 | * use the skb pointers now */ | 77 | * use the skb pointers now */ |
78 | *data = (*pskb)->data + (*pskb)->nh.iph->ihl * 4 + | 78 | *data = ((*pskb)->data + ip_hdrlen(*pskb) + |
79 | sizeof(struct udphdr); | 79 | sizeof(struct udphdr)); |
80 | } | 80 | } |
81 | 81 | ||
82 | return 0; | 82 | return 0; |
diff --git a/net/ipv4/netfilter/ip_nat_sip.c b/net/ipv4/netfilter/ip_nat_sip.c index 325c5a9dc2ef..84953601762d 100644 --- a/net/ipv4/netfilter/ip_nat_sip.c +++ b/net/ipv4/netfilter/ip_nat_sip.c | |||
@@ -90,7 +90,7 @@ static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo, | |||
90 | if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo, | 90 | if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo, |
91 | matchoff, matchlen, addr, addrlen)) | 91 | matchoff, matchlen, addr, addrlen)) |
92 | return 0; | 92 | return 0; |
93 | *dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); | 93 | *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr); |
94 | return 1; | 94 | return 1; |
95 | 95 | ||
96 | } | 96 | } |
@@ -104,7 +104,7 @@ static unsigned int ip_nat_sip(struct sk_buff **pskb, | |||
104 | struct addr_map map; | 104 | struct addr_map map; |
105 | int dataoff, datalen; | 105 | int dataoff, datalen; |
106 | 106 | ||
107 | dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); | 107 | dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); |
108 | datalen = (*pskb)->len - dataoff; | 108 | datalen = (*pskb)->len - dataoff; |
109 | if (datalen < sizeof("SIP/2.0") - 1) | 109 | if (datalen < sizeof("SIP/2.0") - 1) |
110 | return NF_DROP; | 110 | return NF_DROP; |
@@ -153,7 +153,7 @@ static unsigned int mangle_sip_packet(struct sk_buff **pskb, | |||
153 | return 0; | 153 | return 0; |
154 | 154 | ||
155 | /* We need to reload this. Thanks Patrick. */ | 155 | /* We need to reload this. Thanks Patrick. */ |
156 | *dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); | 156 | *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr); |
157 | return 1; | 157 | return 1; |
158 | } | 158 | } |
159 | 159 | ||
@@ -166,7 +166,7 @@ static int mangle_content_len(struct sk_buff **pskb, | |||
166 | char buffer[sizeof("65536")]; | 166 | char buffer[sizeof("65536")]; |
167 | int bufflen; | 167 | int bufflen; |
168 | 168 | ||
169 | dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); | 169 | dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); |
170 | 170 | ||
171 | /* Get actual SDP lenght */ | 171 | /* Get actual SDP lenght */ |
172 | if (ct_sip_get_info(dptr, (*pskb)->len - dataoff, &matchoff, | 172 | if (ct_sip_get_info(dptr, (*pskb)->len - dataoff, &matchoff, |
@@ -199,7 +199,7 @@ static unsigned int mangle_sdp(struct sk_buff **pskb, | |||
199 | char buffer[sizeof("nnn.nnn.nnn.nnn")]; | 199 | char buffer[sizeof("nnn.nnn.nnn.nnn")]; |
200 | unsigned int dataoff, bufflen; | 200 | unsigned int dataoff, bufflen; |
201 | 201 | ||
202 | dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); | 202 | dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); |
203 | 203 | ||
204 | /* Mangle owner and contact info. */ | 204 | /* Mangle owner and contact info. */ |
205 | bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip)); | 205 | bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip)); |
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c index 6bcfdf6dfcc9..dbaaf78ff9a3 100644 --- a/net/ipv4/netfilter/ip_nat_standalone.c +++ b/net/ipv4/netfilter/ip_nat_standalone.c | |||
@@ -112,8 +112,7 @@ ip_nat_fn(unsigned int hooknum, | |||
112 | if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) { | 112 | if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) { |
113 | struct icmphdr _hdr, *hp; | 113 | struct icmphdr _hdr, *hp; |
114 | 114 | ||
115 | hp = skb_header_pointer(*pskb, | 115 | hp = skb_header_pointer(*pskb, ip_hdrlen(*pskb), |
116 | (*pskb)->nh.iph->ihl*4, | ||
117 | sizeof(_hdr), &_hdr); | 116 | sizeof(_hdr), &_hdr); |
118 | if (hp != NULL && | 117 | if (hp != NULL && |
119 | hp->type == ICMP_REDIRECT) | 118 | hp->type == ICMP_REDIRECT) |
@@ -211,7 +210,7 @@ ip_nat_out(unsigned int hooknum, | |||
211 | 210 | ||
212 | /* root is playing with raw sockets. */ | 211 | /* root is playing with raw sockets. */ |
213 | if ((*pskb)->len < sizeof(struct iphdr) | 212 | if ((*pskb)->len < sizeof(struct iphdr) |
214 | || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) | 213 | || ip_hdrlen(*pskb) < sizeof(struct iphdr)) |
215 | return NF_ACCEPT; | 214 | return NF_ACCEPT; |
216 | 215 | ||
217 | ret = ip_nat_fn(hooknum, pskb, in, out, okfn); | 216 | ret = ip_nat_fn(hooknum, pskb, in, out, okfn); |
@@ -244,7 +243,7 @@ ip_nat_local_fn(unsigned int hooknum, | |||
244 | 243 | ||
245 | /* root is playing with raw sockets. */ | 244 | /* root is playing with raw sockets. */ |
246 | if ((*pskb)->len < sizeof(struct iphdr) | 245 | if ((*pskb)->len < sizeof(struct iphdr) |
247 | || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) | 246 | || ip_hdrlen(*pskb) < sizeof(struct iphdr)) |
248 | return NF_ACCEPT; | 247 | return NF_ACCEPT; |
249 | 248 | ||
250 | ret = ip_nat_fn(hooknum, pskb, in, out, okfn); | 249 | ret = ip_nat_fn(hooknum, pskb, in, out, okfn); |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 50cc4b92e284..f66966650212 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -198,7 +198,7 @@ int do_match(struct ipt_entry_match *m, | |||
198 | { | 198 | { |
199 | /* Stop iteration if it doesn't match */ | 199 | /* Stop iteration if it doesn't match */ |
200 | if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data, | 200 | if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data, |
201 | offset, skb->nh.iph->ihl*4, hotdrop)) | 201 | offset, ip_hdrlen(skb), hotdrop)) |
202 | return 1; | 202 | return 1; |
203 | else | 203 | else |
204 | return 0; | 204 | return 0; |
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c index 4f565633631d..44daf9e1da35 100644 --- a/net/ipv4/netfilter/ipt_ECN.c +++ b/net/ipv4/netfilter/ipt_ECN.c | |||
@@ -13,6 +13,7 @@ | |||
13 | #include <linux/module.h> | 13 | #include <linux/module.h> |
14 | #include <linux/skbuff.h> | 14 | #include <linux/skbuff.h> |
15 | #include <linux/ip.h> | 15 | #include <linux/ip.h> |
16 | #include <net/ip.h> | ||
16 | #include <linux/tcp.h> | 17 | #include <linux/tcp.h> |
17 | #include <net/checksum.h> | 18 | #include <net/checksum.h> |
18 | 19 | ||
@@ -52,7 +53,7 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) | |||
52 | __be16 oldval; | 53 | __be16 oldval; |
53 | 54 | ||
54 | /* Not enought header? */ | 55 | /* Not enought header? */ |
55 | tcph = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4, | 56 | tcph = skb_header_pointer(*pskb, ip_hdrlen(*pskb), |
56 | sizeof(_tcph), &_tcph); | 57 | sizeof(_tcph), &_tcph); |
57 | if (!tcph) | 58 | if (!tcph) |
58 | return 0; | 59 | return 0; |
@@ -63,9 +64,9 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) | |||
63 | tcph->cwr == einfo->proto.tcp.cwr))) | 64 | tcph->cwr == einfo->proto.tcp.cwr))) |
64 | return 1; | 65 | return 1; |
65 | 66 | ||
66 | if (!skb_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph))) | 67 | if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph))) |
67 | return 0; | 68 | return 0; |
68 | tcph = (void *)(*pskb)->nh.iph + (*pskb)->nh.iph->ihl*4; | 69 | tcph = (void *)(*pskb)->nh.iph + ip_hdrlen(*pskb); |
69 | 70 | ||
70 | oldval = ((__be16 *)tcph)[6]; | 71 | oldval = ((__be16 *)tcph)[6]; |
71 | if (einfo->operation & IPT_ECN_OP_SET_ECE) | 72 | if (einfo->operation & IPT_ECN_OP_SET_ECE) |
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c index 80f739e21824..01c04f0e5c91 100644 --- a/net/ipv4/netfilter/ipt_REJECT.c +++ b/net/ipv4/netfilter/ipt_REJECT.c | |||
@@ -43,7 +43,6 @@ MODULE_DESCRIPTION("iptables REJECT target module"); | |||
43 | static void send_reset(struct sk_buff *oldskb, int hook) | 43 | static void send_reset(struct sk_buff *oldskb, int hook) |
44 | { | 44 | { |
45 | struct sk_buff *nskb; | 45 | struct sk_buff *nskb; |
46 | struct iphdr *iph = oldskb->nh.iph; | ||
47 | struct tcphdr _otcph, *oth, *tcph; | 46 | struct tcphdr _otcph, *oth, *tcph; |
48 | __be16 tmp_port; | 47 | __be16 tmp_port; |
49 | __be32 tmp_addr; | 48 | __be32 tmp_addr; |
@@ -54,7 +53,7 @@ static void send_reset(struct sk_buff *oldskb, int hook) | |||
54 | if (oldskb->nh.iph->frag_off & htons(IP_OFFSET)) | 53 | if (oldskb->nh.iph->frag_off & htons(IP_OFFSET)) |
55 | return; | 54 | return; |
56 | 55 | ||
57 | oth = skb_header_pointer(oldskb, oldskb->nh.iph->ihl * 4, | 56 | oth = skb_header_pointer(oldskb, ip_hdrlen(oldskb), |
58 | sizeof(_otcph), &_otcph); | 57 | sizeof(_otcph), &_otcph); |
59 | if (oth == NULL) | 58 | if (oth == NULL) |
60 | return; | 59 | return; |
@@ -64,7 +63,7 @@ static void send_reset(struct sk_buff *oldskb, int hook) | |||
64 | return; | 63 | return; |
65 | 64 | ||
66 | /* Check checksum */ | 65 | /* Check checksum */ |
67 | if (nf_ip_checksum(oldskb, hook, iph->ihl * 4, IPPROTO_TCP)) | 66 | if (nf_ip_checksum(oldskb, hook, ip_hdrlen(oldskb), IPPROTO_TCP)) |
68 | return; | 67 | return; |
69 | 68 | ||
70 | /* We need a linear, writeable skb. We also need to expand | 69 | /* We need a linear, writeable skb. We also need to expand |
@@ -84,7 +83,7 @@ static void send_reset(struct sk_buff *oldskb, int hook) | |||
84 | skb_shinfo(nskb)->gso_segs = 0; | 83 | skb_shinfo(nskb)->gso_segs = 0; |
85 | skb_shinfo(nskb)->gso_type = 0; | 84 | skb_shinfo(nskb)->gso_type = 0; |
86 | 85 | ||
87 | tcph = (struct tcphdr *)((u_int32_t*)nskb->nh.iph + nskb->nh.iph->ihl); | 86 | tcph = (struct tcphdr *)(skb_network_header(nskb) + ip_hdrlen(nskb)); |
88 | 87 | ||
89 | /* Swap source and dest */ | 88 | /* Swap source and dest */ |
90 | tmp_addr = nskb->nh.iph->saddr; | 89 | tmp_addr = nskb->nh.iph->saddr; |
@@ -96,7 +95,7 @@ static void send_reset(struct sk_buff *oldskb, int hook) | |||
96 | 95 | ||
97 | /* Truncate to length (no data) */ | 96 | /* Truncate to length (no data) */ |
98 | tcph->doff = sizeof(struct tcphdr)/4; | 97 | tcph->doff = sizeof(struct tcphdr)/4; |
99 | skb_trim(nskb, nskb->nh.iph->ihl*4 + sizeof(struct tcphdr)); | 98 | skb_trim(nskb, ip_hdrlen(nskb) + sizeof(struct tcphdr)); |
100 | nskb->nh.iph->tot_len = htons(nskb->len); | 99 | nskb->nh.iph->tot_len = htons(nskb->len); |
101 | 100 | ||
102 | if (tcph->ack) { | 101 | if (tcph->ack) { |
@@ -105,9 +104,9 @@ static void send_reset(struct sk_buff *oldskb, int hook) | |||
105 | tcph->ack_seq = 0; | 104 | tcph->ack_seq = 0; |
106 | } else { | 105 | } else { |
107 | needs_ack = 1; | 106 | needs_ack = 1; |
108 | tcph->ack_seq = htonl(ntohl(oth->seq) + oth->syn + oth->fin | 107 | tcph->ack_seq = htonl(ntohl(oth->seq) + oth->syn + oth->fin + |
109 | + oldskb->len - oldskb->nh.iph->ihl*4 | 108 | oldskb->len - ip_hdrlen(oldskb) - |
110 | - (oth->doff<<2)); | 109 | (oth->doff << 2)); |
111 | tcph->seq = 0; | 110 | tcph->seq = 0; |
112 | } | 111 | } |
113 | 112 | ||
@@ -149,7 +148,7 @@ static void send_reset(struct sk_buff *oldskb, int hook) | |||
149 | 148 | ||
150 | /* Adjust IP checksum */ | 149 | /* Adjust IP checksum */ |
151 | nskb->nh.iph->check = 0; | 150 | nskb->nh.iph->check = 0; |
152 | nskb->nh.iph->check = ip_fast_csum((unsigned char *)nskb->nh.iph, | 151 | nskb->nh.iph->check = ip_fast_csum(skb_network_header(nskb), |
153 | nskb->nh.iph->ihl); | 152 | nskb->nh.iph->ihl); |
154 | 153 | ||
155 | /* "Never happens" */ | 154 | /* "Never happens" */ |
@@ -182,7 +181,7 @@ static unsigned int reject(struct sk_buff **pskb, | |||
182 | 181 | ||
183 | /* Our naive response construction doesn't deal with IP | 182 | /* Our naive response construction doesn't deal with IP |
184 | options, and probably shouldn't try. */ | 183 | options, and probably shouldn't try. */ |
185 | if ((*pskb)->nh.iph->ihl<<2 != sizeof(struct iphdr)) | 184 | if (ip_hdrlen(*pskb) != sizeof(struct iphdr)) |
186 | return NF_DROP; | 185 | return NF_DROP; |
187 | 186 | ||
188 | /* WARNING: This code causes reentry within iptables. | 187 | /* WARNING: This code causes reentry within iptables. |
diff --git a/net/ipv4/netfilter/ipt_ecn.c b/net/ipv4/netfilter/ipt_ecn.c index 37508b2cfea6..b8ade3cc7757 100644 --- a/net/ipv4/netfilter/ipt_ecn.c +++ b/net/ipv4/netfilter/ipt_ecn.c | |||
@@ -11,6 +11,7 @@ | |||
11 | 11 | ||
12 | #include <linux/in.h> | 12 | #include <linux/in.h> |
13 | #include <linux/ip.h> | 13 | #include <linux/ip.h> |
14 | #include <net/ip.h> | ||
14 | #include <linux/module.h> | 15 | #include <linux/module.h> |
15 | #include <linux/skbuff.h> | 16 | #include <linux/skbuff.h> |
16 | #include <linux/tcp.h> | 17 | #include <linux/tcp.h> |
@@ -38,8 +39,7 @@ static inline int match_tcp(const struct sk_buff *skb, | |||
38 | /* In practice, TCP match does this, so can't fail. But let's | 39 | /* In practice, TCP match does this, so can't fail. But let's |
39 | * be good citizens. | 40 | * be good citizens. |
40 | */ | 41 | */ |
41 | th = skb_header_pointer(skb, skb->nh.iph->ihl * 4, | 42 | th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph); |
42 | sizeof(_tcph), &_tcph); | ||
43 | if (th == NULL) { | 43 | if (th == NULL) { |
44 | *hotdrop = 0; | 44 | *hotdrop = 0; |
45 | return 0; | 45 | return 0; |
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c index d1d61e97b976..42728909eba0 100644 --- a/net/ipv4/netfilter/iptable_filter.c +++ b/net/ipv4/netfilter/iptable_filter.c | |||
@@ -13,6 +13,7 @@ | |||
13 | #include <linux/module.h> | 13 | #include <linux/module.h> |
14 | #include <linux/moduleparam.h> | 14 | #include <linux/moduleparam.h> |
15 | #include <linux/netfilter_ipv4/ip_tables.h> | 15 | #include <linux/netfilter_ipv4/ip_tables.h> |
16 | #include <net/ip.h> | ||
16 | 17 | ||
17 | MODULE_LICENSE("GPL"); | 18 | MODULE_LICENSE("GPL"); |
18 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); | 19 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); |
@@ -102,7 +103,7 @@ ipt_local_out_hook(unsigned int hook, | |||
102 | { | 103 | { |
103 | /* root is playing with raw sockets. */ | 104 | /* root is playing with raw sockets. */ |
104 | if ((*pskb)->len < sizeof(struct iphdr) | 105 | if ((*pskb)->len < sizeof(struct iphdr) |
105 | || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) { | 106 | || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { |
106 | if (net_ratelimit()) | 107 | if (net_ratelimit()) |
107 | printk("ipt_hook: happy cracking.\n"); | 108 | printk("ipt_hook: happy cracking.\n"); |
108 | return NF_ACCEPT; | 109 | return NF_ACCEPT; |
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c index 98b66ef0c714..6cc3245f676a 100644 --- a/net/ipv4/netfilter/iptable_mangle.c +++ b/net/ipv4/netfilter/iptable_mangle.c | |||
@@ -17,6 +17,7 @@ | |||
17 | #include <net/sock.h> | 17 | #include <net/sock.h> |
18 | #include <net/route.h> | 18 | #include <net/route.h> |
19 | #include <linux/ip.h> | 19 | #include <linux/ip.h> |
20 | #include <net/ip.h> | ||
20 | 21 | ||
21 | MODULE_LICENSE("GPL"); | 22 | MODULE_LICENSE("GPL"); |
22 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); | 23 | MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); |
@@ -136,7 +137,7 @@ ipt_local_hook(unsigned int hook, | |||
136 | 137 | ||
137 | /* root is playing with raw sockets. */ | 138 | /* root is playing with raw sockets. */ |
138 | if ((*pskb)->len < sizeof(struct iphdr) | 139 | if ((*pskb)->len < sizeof(struct iphdr) |
139 | || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) { | 140 | || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { |
140 | if (net_ratelimit()) | 141 | if (net_ratelimit()) |
141 | printk("ipt_hook: happy cracking.\n"); | 142 | printk("ipt_hook: happy cracking.\n"); |
142 | return NF_ACCEPT; | 143 | return NF_ACCEPT; |
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 7cebbff0b0c3..fa14eb77f9b6 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
@@ -105,7 +105,7 @@ ipv4_prepare(struct sk_buff **pskb, unsigned int hooknum, unsigned int *dataoff, | |||
105 | return -NF_DROP; | 105 | return -NF_DROP; |
106 | } | 106 | } |
107 | 107 | ||
108 | *dataoff = skb_network_offset(*pskb) + (*pskb)->nh.iph->ihl * 4; | 108 | *dataoff = skb_network_offset(*pskb) + ip_hdrlen(*pskb); |
109 | *protonum = (*pskb)->nh.iph->protocol; | 109 | *protonum = (*pskb)->nh.iph->protocol; |
110 | 110 | ||
111 | return NF_ACCEPT; | 111 | return NF_ACCEPT; |
@@ -151,8 +151,8 @@ static unsigned int ipv4_conntrack_help(unsigned int hooknum, | |||
151 | if (!help || !help->helper) | 151 | if (!help || !help->helper) |
152 | return NF_ACCEPT; | 152 | return NF_ACCEPT; |
153 | 153 | ||
154 | return help->helper->help(pskb, (skb_network_offset(*pskb) + | 154 | return help->helper->help(pskb, |
155 | (*pskb)->nh.iph->ihl * 4), | 155 | skb_network_offset(*pskb) + ip_hdrlen(*pskb), |
156 | ct, ctinfo); | 156 | ct, ctinfo); |
157 | } | 157 | } |
158 | 158 | ||
@@ -198,7 +198,7 @@ static unsigned int ipv4_conntrack_local(unsigned int hooknum, | |||
198 | { | 198 | { |
199 | /* root is playing with raw sockets. */ | 199 | /* root is playing with raw sockets. */ |
200 | if ((*pskb)->len < sizeof(struct iphdr) | 200 | if ((*pskb)->len < sizeof(struct iphdr) |
201 | || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) { | 201 | || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { |
202 | if (net_ratelimit()) | 202 | if (net_ratelimit()) |
203 | printk("ipt_hook: happy cracking.\n"); | 203 | printk("ipt_hook: happy cracking.\n"); |
204 | return NF_ACCEPT; | 204 | return NF_ACCEPT; |
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c index 5fd1e5363c1a..e090e929e6e2 100644 --- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c +++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c | |||
@@ -158,7 +158,7 @@ icmp_error_message(struct sk_buff *skb, | |||
158 | NF_CT_ASSERT(skb->nfct == NULL); | 158 | NF_CT_ASSERT(skb->nfct == NULL); |
159 | 159 | ||
160 | /* Not enough header? */ | 160 | /* Not enough header? */ |
161 | inside = skb_header_pointer(skb, skb->nh.iph->ihl*4, sizeof(_in), &_in); | 161 | inside = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_in), &_in); |
162 | if (inside == NULL) | 162 | if (inside == NULL) |
163 | return -NF_ACCEPT; | 163 | return -NF_ACCEPT; |
164 | 164 | ||
@@ -172,7 +172,7 @@ icmp_error_message(struct sk_buff *skb, | |||
172 | /* rcu_read_lock()ed by nf_hook_slow */ | 172 | /* rcu_read_lock()ed by nf_hook_slow */ |
173 | innerproto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol); | 173 | innerproto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol); |
174 | 174 | ||
175 | dataoff = skb->nh.iph->ihl*4 + sizeof(inside->icmp); | 175 | dataoff = ip_hdrlen(skb) + sizeof(inside->icmp); |
176 | /* Are they talking about one of our connections? */ | 176 | /* Are they talking about one of our connections? */ |
177 | if (!nf_ct_get_tuple(skb, dataoff, dataoff + inside->ip.ihl*4, PF_INET, | 177 | if (!nf_ct_get_tuple(skb, dataoff, dataoff + inside->ip.ihl*4, PF_INET, |
178 | inside->ip.protocol, &origtuple, | 178 | inside->ip.protocol, &origtuple, |
@@ -227,7 +227,7 @@ icmp_error(struct sk_buff *skb, unsigned int dataoff, | |||
227 | struct icmphdr _ih, *icmph; | 227 | struct icmphdr _ih, *icmph; |
228 | 228 | ||
229 | /* Not enough header? */ | 229 | /* Not enough header? */ |
230 | icmph = skb_header_pointer(skb, skb->nh.iph->ihl*4, sizeof(_ih), &_ih); | 230 | icmph = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_ih), &_ih); |
231 | if (icmph == NULL) { | 231 | if (icmph == NULL) { |
232 | if (LOG_INVALID(IPPROTO_ICMP)) | 232 | if (LOG_INVALID(IPPROTO_ICMP)) |
233 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, | 233 | nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL, |
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index 452e9d326684..ea02f00d2dac 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c | |||
@@ -431,7 +431,7 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct, | |||
431 | } *inside; | 431 | } *inside; |
432 | struct nf_conntrack_l4proto *l4proto; | 432 | struct nf_conntrack_l4proto *l4proto; |
433 | struct nf_conntrack_tuple inner, target; | 433 | struct nf_conntrack_tuple inner, target; |
434 | int hdrlen = (*pskb)->nh.iph->ihl * 4; | 434 | int hdrlen = ip_hdrlen(*pskb); |
435 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); | 435 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); |
436 | unsigned long statusbit; | 436 | unsigned long statusbit; |
437 | enum nf_nat_manip_type manip = HOOK2MANIP(hooknum); | 437 | enum nf_nat_manip_type manip = HOOK2MANIP(hooknum); |
@@ -439,7 +439,7 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct, | |||
439 | if (!skb_make_writable(pskb, hdrlen + sizeof(*inside))) | 439 | if (!skb_make_writable(pskb, hdrlen + sizeof(*inside))) |
440 | return 0; | 440 | return 0; |
441 | 441 | ||
442 | inside = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; | 442 | inside = (void *)(*pskb)->data + ip_hdrlen(*pskb); |
443 | 443 | ||
444 | /* We're actually going to mangle it beyond trivial checksum | 444 | /* We're actually going to mangle it beyond trivial checksum |
445 | adjustment, so make sure the current checksum is correct. */ | 445 | adjustment, so make sure the current checksum is correct. */ |
@@ -469,9 +469,9 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct, | |||
469 | l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol); | 469 | l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol); |
470 | 470 | ||
471 | if (!nf_ct_get_tuple(*pskb, | 471 | if (!nf_ct_get_tuple(*pskb, |
472 | (*pskb)->nh.iph->ihl*4 + sizeof(struct icmphdr), | 472 | ip_hdrlen(*pskb) + sizeof(struct icmphdr), |
473 | (*pskb)->nh.iph->ihl*4 + | 473 | (ip_hdrlen(*pskb) + |
474 | sizeof(struct icmphdr) + inside->ip.ihl*4, | 474 | sizeof(struct icmphdr) + inside->ip.ihl * 4), |
475 | (u_int16_t)AF_INET, | 475 | (u_int16_t)AF_INET, |
476 | inside->ip.protocol, | 476 | inside->ip.protocol, |
477 | &inner, l3proto, l4proto)) | 477 | &inner, l3proto, l4proto)) |
@@ -483,14 +483,14 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct, | |||
483 | packet: PREROUTING (DST manip), routing produces ICMP, goes | 483 | packet: PREROUTING (DST manip), routing produces ICMP, goes |
484 | through POSTROUTING (which must correct the DST manip). */ | 484 | through POSTROUTING (which must correct the DST manip). */ |
485 | if (!manip_pkt(inside->ip.protocol, pskb, | 485 | if (!manip_pkt(inside->ip.protocol, pskb, |
486 | (*pskb)->nh.iph->ihl*4 + sizeof(inside->icmp), | 486 | ip_hdrlen(*pskb) + sizeof(inside->icmp), |
487 | &ct->tuplehash[!dir].tuple, | 487 | &ct->tuplehash[!dir].tuple, |
488 | !manip)) | 488 | !manip)) |
489 | return 0; | 489 | return 0; |
490 | 490 | ||
491 | if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { | 491 | if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { |
492 | /* Reloading "inside" here since manip_pkt inner. */ | 492 | /* Reloading "inside" here since manip_pkt inner. */ |
493 | inside = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; | 493 | inside = (void *)(*pskb)->data + ip_hdrlen(*pskb); |
494 | inside->icmp.checksum = 0; | 494 | inside->icmp.checksum = 0; |
495 | inside->icmp.checksum = | 495 | inside->icmp.checksum = |
496 | csum_fold(skb_checksum(*pskb, hdrlen, | 496 | csum_fold(skb_checksum(*pskb, hdrlen, |
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c index 9cbf3f9be13b..2eb3832db3a4 100644 --- a/net/ipv4/netfilter/nf_nat_h323.c +++ b/net/ipv4/netfilter/nf_nat_h323.c | |||
@@ -55,11 +55,11 @@ static int set_addr(struct sk_buff **pskb, | |||
55 | } | 55 | } |
56 | 56 | ||
57 | /* Relocate data pointer */ | 57 | /* Relocate data pointer */ |
58 | th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl * 4, | 58 | th = skb_header_pointer(*pskb, ip_hdrlen(*pskb), |
59 | sizeof(_tcph), &_tcph); | 59 | sizeof(_tcph), &_tcph); |
60 | if (th == NULL) | 60 | if (th == NULL) |
61 | return -1; | 61 | return -1; |
62 | *data = (*pskb)->data + (*pskb)->nh.iph->ihl * 4 + | 62 | *data = (*pskb)->data + ip_hdrlen(*pskb) + |
63 | th->doff * 4 + dataoff; | 63 | th->doff * 4 + dataoff; |
64 | } else { | 64 | } else { |
65 | if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, | 65 | if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, |
@@ -73,8 +73,8 @@ static int set_addr(struct sk_buff **pskb, | |||
73 | /* nf_nat_mangle_udp_packet uses skb_make_writable() to copy | 73 | /* nf_nat_mangle_udp_packet uses skb_make_writable() to copy |
74 | * or pull everything in a linear buffer, so we can safely | 74 | * or pull everything in a linear buffer, so we can safely |
75 | * use the skb pointers now */ | 75 | * use the skb pointers now */ |
76 | *data = (*pskb)->data + (*pskb)->nh.iph->ihl * 4 + | 76 | *data = ((*pskb)->data + ip_hdrlen(*pskb) + |
77 | sizeof(struct udphdr); | 77 | sizeof(struct udphdr)); |
78 | } | 78 | } |
79 | 79 | ||
80 | return 0; | 80 | return 0; |
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c index 49a90c39ffce..723302afd840 100644 --- a/net/ipv4/netfilter/nf_nat_helper.c +++ b/net/ipv4/netfilter/nf_nat_helper.c | |||
@@ -190,7 +190,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb, | |||
190 | (int)rep_len - (int)match_len, | 190 | (int)rep_len - (int)match_len, |
191 | ct, ctinfo); | 191 | ct, ctinfo); |
192 | /* Tell TCP window tracking about seq change */ | 192 | /* Tell TCP window tracking about seq change */ |
193 | nf_conntrack_tcp_update(*pskb, (*pskb)->nh.iph->ihl*4, | 193 | nf_conntrack_tcp_update(*pskb, ip_hdrlen(*pskb), |
194 | ct, CTINFO2DIR(ctinfo)); | 194 | ct, CTINFO2DIR(ctinfo)); |
195 | } | 195 | } |
196 | return 1; | 196 | return 1; |
@@ -318,8 +318,8 @@ nf_nat_sack_adjust(struct sk_buff **pskb, | |||
318 | unsigned int dir, optoff, optend; | 318 | unsigned int dir, optoff, optend; |
319 | struct nf_conn_nat *nat = nfct_nat(ct); | 319 | struct nf_conn_nat *nat = nfct_nat(ct); |
320 | 320 | ||
321 | optoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct tcphdr); | 321 | optoff = ip_hdrlen(*pskb) + sizeof(struct tcphdr); |
322 | optend = (*pskb)->nh.iph->ihl*4 + tcph->doff*4; | 322 | optend = ip_hdrlen(*pskb) + tcph->doff * 4; |
323 | 323 | ||
324 | if (!skb_make_writable(pskb, optend)) | 324 | if (!skb_make_writable(pskb, optend)) |
325 | return 0; | 325 | return 0; |
@@ -371,10 +371,10 @@ nf_nat_seq_adjust(struct sk_buff **pskb, | |||
371 | this_way = &nat->info.seq[dir]; | 371 | this_way = &nat->info.seq[dir]; |
372 | other_way = &nat->info.seq[!dir]; | 372 | other_way = &nat->info.seq[!dir]; |
373 | 373 | ||
374 | if (!skb_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph))) | 374 | if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph))) |
375 | return 0; | 375 | return 0; |
376 | 376 | ||
377 | tcph = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4; | 377 | tcph = (void *)(*pskb)->data + ip_hdrlen(*pskb); |
378 | if (after(ntohl(tcph->seq), this_way->correction_pos)) | 378 | if (after(ntohl(tcph->seq), this_way->correction_pos)) |
379 | newseq = htonl(ntohl(tcph->seq) + this_way->offset_after); | 379 | newseq = htonl(ntohl(tcph->seq) + this_way->offset_after); |
380 | else | 380 | else |
@@ -399,7 +399,7 @@ nf_nat_seq_adjust(struct sk_buff **pskb, | |||
399 | if (!nf_nat_sack_adjust(pskb, tcph, ct, ctinfo)) | 399 | if (!nf_nat_sack_adjust(pskb, tcph, ct, ctinfo)) |
400 | return 0; | 400 | return 0; |
401 | 401 | ||
402 | nf_conntrack_tcp_update(*pskb, (*pskb)->nh.iph->ihl*4, ct, dir); | 402 | nf_conntrack_tcp_update(*pskb, ip_hdrlen(*pskb), ct, dir); |
403 | 403 | ||
404 | return 1; | 404 | return 1; |
405 | } | 405 | } |
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c index b12cd7c314ca..bfd88e4e0685 100644 --- a/net/ipv4/netfilter/nf_nat_sip.c +++ b/net/ipv4/netfilter/nf_nat_sip.c | |||
@@ -11,6 +11,7 @@ | |||
11 | #include <linux/module.h> | 11 | #include <linux/module.h> |
12 | #include <linux/skbuff.h> | 12 | #include <linux/skbuff.h> |
13 | #include <linux/ip.h> | 13 | #include <linux/ip.h> |
14 | #include <net/ip.h> | ||
14 | #include <linux/udp.h> | 15 | #include <linux/udp.h> |
15 | 16 | ||
16 | #include <net/netfilter/nf_nat.h> | 17 | #include <net/netfilter/nf_nat.h> |
@@ -92,7 +93,7 @@ static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo, | |||
92 | if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, | 93 | if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, |
93 | matchoff, matchlen, addr, addrlen)) | 94 | matchoff, matchlen, addr, addrlen)) |
94 | return 0; | 95 | return 0; |
95 | *dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); | 96 | *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr); |
96 | return 1; | 97 | return 1; |
97 | 98 | ||
98 | } | 99 | } |
@@ -106,7 +107,7 @@ static unsigned int ip_nat_sip(struct sk_buff **pskb, | |||
106 | struct addr_map map; | 107 | struct addr_map map; |
107 | int dataoff, datalen; | 108 | int dataoff, datalen; |
108 | 109 | ||
109 | dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); | 110 | dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); |
110 | datalen = (*pskb)->len - dataoff; | 111 | datalen = (*pskb)->len - dataoff; |
111 | if (datalen < sizeof("SIP/2.0") - 1) | 112 | if (datalen < sizeof("SIP/2.0") - 1) |
112 | return NF_DROP; | 113 | return NF_DROP; |
@@ -155,7 +156,7 @@ static unsigned int mangle_sip_packet(struct sk_buff **pskb, | |||
155 | return 0; | 156 | return 0; |
156 | 157 | ||
157 | /* We need to reload this. Thanks Patrick. */ | 158 | /* We need to reload this. Thanks Patrick. */ |
158 | *dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); | 159 | *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr); |
159 | return 1; | 160 | return 1; |
160 | } | 161 | } |
161 | 162 | ||
@@ -168,7 +169,7 @@ static int mangle_content_len(struct sk_buff **pskb, | |||
168 | char buffer[sizeof("65536")]; | 169 | char buffer[sizeof("65536")]; |
169 | int bufflen; | 170 | int bufflen; |
170 | 171 | ||
171 | dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); | 172 | dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); |
172 | 173 | ||
173 | /* Get actual SDP lenght */ | 174 | /* Get actual SDP lenght */ |
174 | if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff, | 175 | if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff, |
@@ -200,7 +201,7 @@ static unsigned int mangle_sdp(struct sk_buff **pskb, | |||
200 | char buffer[sizeof("nnn.nnn.nnn.nnn")]; | 201 | char buffer[sizeof("nnn.nnn.nnn.nnn")]; |
201 | unsigned int dataoff, bufflen; | 202 | unsigned int dataoff, bufflen; |
202 | 203 | ||
203 | dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr); | 204 | dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); |
204 | 205 | ||
205 | /* Mangle owner and contact info. */ | 206 | /* Mangle owner and contact info. */ |
206 | bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip)); | 207 | bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip)); |
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c index 15aa3db8cb33..61ca272165a1 100644 --- a/net/ipv4/netfilter/nf_nat_standalone.c +++ b/net/ipv4/netfilter/nf_nat_standalone.c | |||
@@ -101,8 +101,7 @@ nf_nat_fn(unsigned int hooknum, | |||
101 | if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) { | 101 | if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) { |
102 | struct icmphdr _hdr, *hp; | 102 | struct icmphdr _hdr, *hp; |
103 | 103 | ||
104 | hp = skb_header_pointer(*pskb, | 104 | hp = skb_header_pointer(*pskb, ip_hdrlen(*pskb), |
105 | (*pskb)->nh.iph->ihl*4, | ||
106 | sizeof(_hdr), &_hdr); | 105 | sizeof(_hdr), &_hdr); |
107 | if (hp != NULL && | 106 | if (hp != NULL && |
108 | hp->type == ICMP_REDIRECT) | 107 | hp->type == ICMP_REDIRECT) |
@@ -203,7 +202,7 @@ nf_nat_out(unsigned int hooknum, | |||
203 | 202 | ||
204 | /* root is playing with raw sockets. */ | 203 | /* root is playing with raw sockets. */ |
205 | if ((*pskb)->len < sizeof(struct iphdr) || | 204 | if ((*pskb)->len < sizeof(struct iphdr) || |
206 | (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) | 205 | ip_hdrlen(*pskb) < sizeof(struct iphdr)) |
207 | return NF_ACCEPT; | 206 | return NF_ACCEPT; |
208 | 207 | ||
209 | ret = nf_nat_fn(hooknum, pskb, in, out, okfn); | 208 | ret = nf_nat_fn(hooknum, pskb, in, out, okfn); |
@@ -236,7 +235,7 @@ nf_nat_local_fn(unsigned int hooknum, | |||
236 | 235 | ||
237 | /* root is playing with raw sockets. */ | 236 | /* root is playing with raw sockets. */ |
238 | if ((*pskb)->len < sizeof(struct iphdr) || | 237 | if ((*pskb)->len < sizeof(struct iphdr) || |
239 | (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) | 238 | ip_hdrlen(*pskb) < sizeof(struct iphdr)) |
240 | return NF_ACCEPT; | 239 | return NF_ACCEPT; |
241 | 240 | ||
242 | ret = nf_nat_fn(hooknum, pskb, in, out, okfn); | 241 | ret = nf_nat_fn(hooknum, pskb, in, out, okfn); |
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c index 112a21d0c6da..76f0cf66f95c 100644 --- a/net/ipv6/netfilter/ip6table_filter.c +++ b/net/ipv6/netfilter/ip6table_filter.c | |||
@@ -102,7 +102,7 @@ ip6t_local_out_hook(unsigned int hook, | |||
102 | #if 0 | 102 | #if 0 |
103 | /* root is playing with raw sockets. */ | 103 | /* root is playing with raw sockets. */ |
104 | if ((*pskb)->len < sizeof(struct iphdr) | 104 | if ((*pskb)->len < sizeof(struct iphdr) |
105 | || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) { | 105 | || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { |
106 | if (net_ratelimit()) | 106 | if (net_ratelimit()) |
107 | printk("ip6t_hook: happy cracking.\n"); | 107 | printk("ip6t_hook: happy cracking.\n"); |
108 | return NF_ACCEPT; | 108 | return NF_ACCEPT; |
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c index 0c468d35a937..da2c1994539b 100644 --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c | |||
@@ -138,7 +138,7 @@ ip6t_local_hook(unsigned int hook, | |||
138 | #if 0 | 138 | #if 0 |
139 | /* root is playing with raw sockets. */ | 139 | /* root is playing with raw sockets. */ |
140 | if ((*pskb)->len < sizeof(struct iphdr) | 140 | if ((*pskb)->len < sizeof(struct iphdr) |
141 | || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) { | 141 | || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { |
142 | if (net_ratelimit()) | 142 | if (net_ratelimit()) |
143 | printk("ip6t_hook: happy cracking.\n"); | 143 | printk("ip6t_hook: happy cracking.\n"); |
144 | return NF_ACCEPT; | 144 | return NF_ACCEPT; |