diff options
Diffstat (limited to 'net/bridge')
| -rw-r--r-- | net/bridge/br.c | 2 | ||||
| -rw-r--r-- | net/bridge/br_input.c | 2 | ||||
| -rw-r--r-- | net/bridge/br_netfilter.c | 33 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebt_arpreply.c | 3 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebt_dnat.c | 6 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebt_mark.c | 10 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebt_redirect.c | 10 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebt_snat.c | 12 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebtable_broute.c | 4 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebtable_filter.c | 4 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebtable_nat.c | 8 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebtables.c | 12 |
12 files changed, 49 insertions, 57 deletions
diff --git a/net/bridge/br.c b/net/bridge/br.c index 848b8fa8bedd..93867bb6cc97 100644 --- a/net/bridge/br.c +++ b/net/bridge/br.c | |||
| @@ -23,7 +23,7 @@ | |||
| 23 | 23 | ||
| 24 | #include "br_private.h" | 24 | #include "br_private.h" |
| 25 | 25 | ||
| 26 | int (*br_should_route_hook) (struct sk_buff **pskb) = NULL; | 26 | int (*br_should_route_hook)(struct sk_buff *skb); |
| 27 | 27 | ||
| 28 | static struct llc_sap *br_stp_sap; | 28 | static struct llc_sap *br_stp_sap; |
| 29 | 29 | ||
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index f8e0a2fa796e..3cedd4eeeed6 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c | |||
| @@ -149,7 +149,7 @@ struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb) | |||
| 149 | case BR_STATE_FORWARDING: | 149 | case BR_STATE_FORWARDING: |
| 150 | 150 | ||
| 151 | if (br_should_route_hook) { | 151 | if (br_should_route_hook) { |
| 152 | if (br_should_route_hook(&skb)) | 152 | if (br_should_route_hook(skb)) |
| 153 | return skb; | 153 | return skb; |
| 154 | dest = eth_hdr(skb)->h_dest; | 154 | dest = eth_hdr(skb)->h_dest; |
| 155 | } | 155 | } |
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 8245f051ccbb..246bf23a8775 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c | |||
| @@ -503,13 +503,12 @@ inhdr_error: | |||
| 503 | * receiving device) to make netfilter happy, the REDIRECT | 503 | * receiving device) to make netfilter happy, the REDIRECT |
| 504 | * target in particular. Save the original destination IP | 504 | * target in particular. Save the original destination IP |
| 505 | * address to be able to detect DNAT afterwards. */ | 505 | * address to be able to detect DNAT afterwards. */ |
| 506 | static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb, | 506 | static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb, |
| 507 | const struct net_device *in, | 507 | const struct net_device *in, |
| 508 | const struct net_device *out, | 508 | const struct net_device *out, |
| 509 | int (*okfn)(struct sk_buff *)) | 509 | int (*okfn)(struct sk_buff *)) |
| 510 | { | 510 | { |
| 511 | struct iphdr *iph; | 511 | struct iphdr *iph; |
| 512 | struct sk_buff *skb = *pskb; | ||
| 513 | __u32 len = nf_bridge_encap_header_len(skb); | 512 | __u32 len = nf_bridge_encap_header_len(skb); |
| 514 | 513 | ||
| 515 | if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) | 514 | if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) |
| @@ -584,13 +583,11 @@ out: | |||
| 584 | * took place when the packet entered the bridge), but we | 583 | * took place when the packet entered the bridge), but we |
| 585 | * register an IPv4 PRE_ROUTING 'sabotage' hook that will | 584 | * register an IPv4 PRE_ROUTING 'sabotage' hook that will |
| 586 | * prevent this from happening. */ | 585 | * prevent this from happening. */ |
| 587 | static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff **pskb, | 586 | static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff *skb, |
| 588 | const struct net_device *in, | 587 | const struct net_device *in, |
| 589 | const struct net_device *out, | 588 | const struct net_device *out, |
| 590 | int (*okfn)(struct sk_buff *)) | 589 | int (*okfn)(struct sk_buff *)) |
| 591 | { | 590 | { |
| 592 | struct sk_buff *skb = *pskb; | ||
| 593 | |||
| 594 | if (skb->dst == (struct dst_entry *)&__fake_rtable) { | 591 | if (skb->dst == (struct dst_entry *)&__fake_rtable) { |
| 595 | dst_release(skb->dst); | 592 | dst_release(skb->dst); |
| 596 | skb->dst = NULL; | 593 | skb->dst = NULL; |
| @@ -625,12 +622,11 @@ static int br_nf_forward_finish(struct sk_buff *skb) | |||
| 625 | * but we are still able to filter on the 'real' indev/outdev | 622 | * but we are still able to filter on the 'real' indev/outdev |
| 626 | * because of the physdev module. For ARP, indev and outdev are the | 623 | * because of the physdev module. For ARP, indev and outdev are the |
| 627 | * bridge ports. */ | 624 | * bridge ports. */ |
| 628 | static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb, | 625 | static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff *skb, |
| 629 | const struct net_device *in, | 626 | const struct net_device *in, |
| 630 | const struct net_device *out, | 627 | const struct net_device *out, |
| 631 | int (*okfn)(struct sk_buff *)) | 628 | int (*okfn)(struct sk_buff *)) |
| 632 | { | 629 | { |
| 633 | struct sk_buff *skb = *pskb; | ||
| 634 | struct nf_bridge_info *nf_bridge; | 630 | struct nf_bridge_info *nf_bridge; |
| 635 | struct net_device *parent; | 631 | struct net_device *parent; |
| 636 | int pf; | 632 | int pf; |
| @@ -648,7 +644,7 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb, | |||
| 648 | else | 644 | else |
| 649 | pf = PF_INET6; | 645 | pf = PF_INET6; |
| 650 | 646 | ||
| 651 | nf_bridge_pull_encap_header(*pskb); | 647 | nf_bridge_pull_encap_header(skb); |
| 652 | 648 | ||
| 653 | nf_bridge = skb->nf_bridge; | 649 | nf_bridge = skb->nf_bridge; |
| 654 | if (skb->pkt_type == PACKET_OTHERHOST) { | 650 | if (skb->pkt_type == PACKET_OTHERHOST) { |
| @@ -666,12 +662,11 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb, | |||
| 666 | return NF_STOLEN; | 662 | return NF_STOLEN; |
| 667 | } | 663 | } |
| 668 | 664 | ||
| 669 | static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb, | 665 | static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff *skb, |
| 670 | const struct net_device *in, | 666 | const struct net_device *in, |
| 671 | const struct net_device *out, | 667 | const struct net_device *out, |
| 672 | int (*okfn)(struct sk_buff *)) | 668 | int (*okfn)(struct sk_buff *)) |
| 673 | { | 669 | { |
| 674 | struct sk_buff *skb = *pskb; | ||
| 675 | struct net_device **d = (struct net_device **)(skb->cb); | 670 | struct net_device **d = (struct net_device **)(skb->cb); |
| 676 | 671 | ||
| 677 | #ifdef CONFIG_SYSCTL | 672 | #ifdef CONFIG_SYSCTL |
| @@ -682,12 +677,12 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb, | |||
| 682 | if (skb->protocol != htons(ETH_P_ARP)) { | 677 | if (skb->protocol != htons(ETH_P_ARP)) { |
| 683 | if (!IS_VLAN_ARP(skb)) | 678 | if (!IS_VLAN_ARP(skb)) |
| 684 | return NF_ACCEPT; | 679 | return NF_ACCEPT; |
| 685 | nf_bridge_pull_encap_header(*pskb); | 680 | nf_bridge_pull_encap_header(skb); |
| 686 | } | 681 | } |
| 687 | 682 | ||
| 688 | if (arp_hdr(skb)->ar_pln != 4) { | 683 | if (arp_hdr(skb)->ar_pln != 4) { |
| 689 | if (IS_VLAN_ARP(skb)) | 684 | if (IS_VLAN_ARP(skb)) |
| 690 | nf_bridge_push_encap_header(*pskb); | 685 | nf_bridge_push_encap_header(skb); |
| 691 | return NF_ACCEPT; | 686 | return NF_ACCEPT; |
| 692 | } | 687 | } |
| 693 | *d = (struct net_device *)in; | 688 | *d = (struct net_device *)in; |
| @@ -709,13 +704,12 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb, | |||
| 709 | * NF_BR_PRI_FIRST, so no relevant PF_BRIDGE/INPUT functions have been nor | 704 | * NF_BR_PRI_FIRST, so no relevant PF_BRIDGE/INPUT functions have been nor |
| 710 | * will be executed. | 705 | * will be executed. |
| 711 | */ | 706 | */ |
| 712 | static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff **pskb, | 707 | static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff *skb, |
| 713 | const struct net_device *in, | 708 | const struct net_device *in, |
| 714 | const struct net_device *out, | 709 | const struct net_device *out, |
| 715 | int (*okfn)(struct sk_buff *)) | 710 | int (*okfn)(struct sk_buff *)) |
| 716 | { | 711 | { |
| 717 | struct net_device *realindev; | 712 | struct net_device *realindev; |
| 718 | struct sk_buff *skb = *pskb; | ||
| 719 | struct nf_bridge_info *nf_bridge; | 713 | struct nf_bridge_info *nf_bridge; |
| 720 | 714 | ||
| 721 | if (!skb->nf_bridge) | 715 | if (!skb->nf_bridge) |
| @@ -752,13 +746,12 @@ static int br_nf_dev_queue_xmit(struct sk_buff *skb) | |||
| 752 | } | 746 | } |
| 753 | 747 | ||
| 754 | /* PF_BRIDGE/POST_ROUTING ********************************************/ | 748 | /* PF_BRIDGE/POST_ROUTING ********************************************/ |
| 755 | static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb, | 749 | static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb, |
| 756 | const struct net_device *in, | 750 | const struct net_device *in, |
| 757 | const struct net_device *out, | 751 | const struct net_device *out, |
| 758 | int (*okfn)(struct sk_buff *)) | 752 | int (*okfn)(struct sk_buff *)) |
| 759 | { | 753 | { |
| 760 | struct sk_buff *skb = *pskb; | 754 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; |
| 761 | struct nf_bridge_info *nf_bridge = (*pskb)->nf_bridge; | ||
| 762 | struct net_device *realoutdev = bridge_parent(skb->dev); | 755 | struct net_device *realoutdev = bridge_parent(skb->dev); |
| 763 | int pf; | 756 | int pf; |
| 764 | 757 | ||
| @@ -828,13 +821,13 @@ print_error: | |||
| 828 | /* IP/SABOTAGE *****************************************************/ | 821 | /* IP/SABOTAGE *****************************************************/ |
| 829 | /* Don't hand locally destined packets to PF_INET(6)/PRE_ROUTING | 822 | /* Don't hand locally destined packets to PF_INET(6)/PRE_ROUTING |
| 830 | * for the second time. */ | 823 | * for the second time. */ |
| 831 | static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff **pskb, | 824 | static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff *skb, |
| 832 | const struct net_device *in, | 825 | const struct net_device *in, |
| 833 | const struct net_device *out, | 826 | const struct net_device *out, |
| 834 | int (*okfn)(struct sk_buff *)) | 827 | int (*okfn)(struct sk_buff *)) |
| 835 | { | 828 | { |
| 836 | if ((*pskb)->nf_bridge && | 829 | if (skb->nf_bridge && |
| 837 | !((*pskb)->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)) { | 830 | !(skb->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)) { |
| 838 | return NF_STOP; | 831 | return NF_STOP; |
| 839 | } | 832 | } |
| 840 | 833 | ||
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c index ffe468a632e7..48a80e423287 100644 --- a/net/bridge/netfilter/ebt_arpreply.c +++ b/net/bridge/netfilter/ebt_arpreply.c | |||
| @@ -15,7 +15,7 @@ | |||
| 15 | #include <net/arp.h> | 15 | #include <net/arp.h> |
| 16 | #include <linux/module.h> | 16 | #include <linux/module.h> |
| 17 | 17 | ||
| 18 | static int ebt_target_reply(struct sk_buff **pskb, unsigned int hooknr, | 18 | static int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr, |
| 19 | const struct net_device *in, const struct net_device *out, | 19 | const struct net_device *in, const struct net_device *out, |
| 20 | const void *data, unsigned int datalen) | 20 | const void *data, unsigned int datalen) |
| 21 | { | 21 | { |
| @@ -23,7 +23,6 @@ static int ebt_target_reply(struct sk_buff **pskb, unsigned int hooknr, | |||
| 23 | __be32 _sip, *siptr, _dip, *diptr; | 23 | __be32 _sip, *siptr, _dip, *diptr; |
| 24 | struct arphdr _ah, *ap; | 24 | struct arphdr _ah, *ap; |
| 25 | unsigned char _sha[ETH_ALEN], *shp; | 25 | unsigned char _sha[ETH_ALEN], *shp; |
| 26 | struct sk_buff *skb = *pskb; | ||
| 27 | 26 | ||
| 28 | ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah); | 27 | ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah); |
| 29 | if (ap == NULL) | 28 | if (ap == NULL) |
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c index 9d74dee20ab0..74262e9a566a 100644 --- a/net/bridge/netfilter/ebt_dnat.c +++ b/net/bridge/netfilter/ebt_dnat.c | |||
| @@ -14,16 +14,16 @@ | |||
| 14 | #include <linux/module.h> | 14 | #include <linux/module.h> |
| 15 | #include <net/sock.h> | 15 | #include <net/sock.h> |
| 16 | 16 | ||
| 17 | static int ebt_target_dnat(struct sk_buff **pskb, unsigned int hooknr, | 17 | static int ebt_target_dnat(struct sk_buff *skb, unsigned int hooknr, |
| 18 | const struct net_device *in, const struct net_device *out, | 18 | const struct net_device *in, const struct net_device *out, |
| 19 | const void *data, unsigned int datalen) | 19 | const void *data, unsigned int datalen) |
| 20 | { | 20 | { |
| 21 | struct ebt_nat_info *info = (struct ebt_nat_info *)data; | 21 | struct ebt_nat_info *info = (struct ebt_nat_info *)data; |
| 22 | 22 | ||
| 23 | if (skb_make_writable(*pskb, 0)) | 23 | if (skb_make_writable(skb, 0)) |
| 24 | return NF_DROP; | 24 | return NF_DROP; |
| 25 | 25 | ||
| 26 | memcpy(eth_hdr(*pskb)->h_dest, info->mac, ETH_ALEN); | 26 | memcpy(eth_hdr(skb)->h_dest, info->mac, ETH_ALEN); |
| 27 | return info->target; | 27 | return info->target; |
| 28 | } | 28 | } |
| 29 | 29 | ||
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c index 62d23c7b25e6..6cba54309c09 100644 --- a/net/bridge/netfilter/ebt_mark.c +++ b/net/bridge/netfilter/ebt_mark.c | |||
| @@ -17,7 +17,7 @@ | |||
| 17 | #include <linux/netfilter_bridge/ebt_mark_t.h> | 17 | #include <linux/netfilter_bridge/ebt_mark_t.h> |
| 18 | #include <linux/module.h> | 18 | #include <linux/module.h> |
| 19 | 19 | ||
| 20 | static int ebt_target_mark(struct sk_buff **pskb, unsigned int hooknr, | 20 | static int ebt_target_mark(struct sk_buff *skb, unsigned int hooknr, |
| 21 | const struct net_device *in, const struct net_device *out, | 21 | const struct net_device *in, const struct net_device *out, |
| 22 | const void *data, unsigned int datalen) | 22 | const void *data, unsigned int datalen) |
| 23 | { | 23 | { |
| @@ -25,13 +25,13 @@ static int ebt_target_mark(struct sk_buff **pskb, unsigned int hooknr, | |||
| 25 | int action = info->target & -16; | 25 | int action = info->target & -16; |
| 26 | 26 | ||
| 27 | if (action == MARK_SET_VALUE) | 27 | if (action == MARK_SET_VALUE) |
| 28 | (*pskb)->mark = info->mark; | 28 | skb->mark = info->mark; |
| 29 | else if (action == MARK_OR_VALUE) | 29 | else if (action == MARK_OR_VALUE) |
| 30 | (*pskb)->mark |= info->mark; | 30 | skb->mark |= info->mark; |
| 31 | else if (action == MARK_AND_VALUE) | 31 | else if (action == MARK_AND_VALUE) |
| 32 | (*pskb)->mark &= info->mark; | 32 | skb->mark &= info->mark; |
| 33 | else | 33 | else |
| 34 | (*pskb)->mark ^= info->mark; | 34 | skb->mark ^= info->mark; |
| 35 | 35 | ||
| 36 | return info->target | ~EBT_VERDICT_BITS; | 36 | return info->target | ~EBT_VERDICT_BITS; |
| 37 | } | 37 | } |
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c index 81371cd01bd0..422cb834cff9 100644 --- a/net/bridge/netfilter/ebt_redirect.c +++ b/net/bridge/netfilter/ebt_redirect.c | |||
| @@ -15,21 +15,21 @@ | |||
| 15 | #include <net/sock.h> | 15 | #include <net/sock.h> |
| 16 | #include "../br_private.h" | 16 | #include "../br_private.h" |
| 17 | 17 | ||
| 18 | static int ebt_target_redirect(struct sk_buff **pskb, unsigned int hooknr, | 18 | static int ebt_target_redirect(struct sk_buff *skb, unsigned int hooknr, |
| 19 | const struct net_device *in, const struct net_device *out, | 19 | const struct net_device *in, const struct net_device *out, |
| 20 | const void *data, unsigned int datalen) | 20 | const void *data, unsigned int datalen) |
| 21 | { | 21 | { |
| 22 | struct ebt_redirect_info *info = (struct ebt_redirect_info *)data; | 22 | struct ebt_redirect_info *info = (struct ebt_redirect_info *)data; |
| 23 | 23 | ||
| 24 | if (skb_make_writable(*pskb, 0)) | 24 | if (skb_make_writable(skb, 0)) |
| 25 | return NF_DROP; | 25 | return NF_DROP; |
| 26 | 26 | ||
| 27 | if (hooknr != NF_BR_BROUTING) | 27 | if (hooknr != NF_BR_BROUTING) |
| 28 | memcpy(eth_hdr(*pskb)->h_dest, | 28 | memcpy(eth_hdr(skb)->h_dest, |
| 29 | in->br_port->br->dev->dev_addr, ETH_ALEN); | 29 | in->br_port->br->dev->dev_addr, ETH_ALEN); |
| 30 | else | 30 | else |
| 31 | memcpy(eth_hdr(*pskb)->h_dest, in->dev_addr, ETH_ALEN); | 31 | memcpy(eth_hdr(skb)->h_dest, in->dev_addr, ETH_ALEN); |
| 32 | (*pskb)->pkt_type = PACKET_HOST; | 32 | skb->pkt_type = PACKET_HOST; |
| 33 | return info->target; | 33 | return info->target; |
| 34 | } | 34 | } |
| 35 | 35 | ||
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c index b0c63684e2f5..425ac920904d 100644 --- a/net/bridge/netfilter/ebt_snat.c +++ b/net/bridge/netfilter/ebt_snat.c | |||
| @@ -16,26 +16,26 @@ | |||
| 16 | #include <linux/if_arp.h> | 16 | #include <linux/if_arp.h> |
| 17 | #include <net/arp.h> | 17 | #include <net/arp.h> |
| 18 | 18 | ||
| 19 | static int ebt_target_snat(struct sk_buff **pskb, unsigned int hooknr, | 19 | static int ebt_target_snat(struct sk_buff *skb, unsigned int hooknr, |
| 20 | const struct net_device *in, const struct net_device *out, | 20 | const struct net_device *in, const struct net_device *out, |
| 21 | const void *data, unsigned int datalen) | 21 | const void *data, unsigned int datalen) |
| 22 | { | 22 | { |
| 23 | struct ebt_nat_info *info = (struct ebt_nat_info *) data; | 23 | struct ebt_nat_info *info = (struct ebt_nat_info *) data; |
| 24 | 24 | ||
| 25 | if (skb_make_writable(*pskb, 0)) | 25 | if (skb_make_writable(skb, 0)) |
| 26 | return NF_DROP; | 26 | return NF_DROP; |
| 27 | 27 | ||
| 28 | memcpy(eth_hdr(*pskb)->h_source, info->mac, ETH_ALEN); | 28 | memcpy(eth_hdr(skb)->h_source, info->mac, ETH_ALEN); |
| 29 | if (!(info->target & NAT_ARP_BIT) && | 29 | if (!(info->target & NAT_ARP_BIT) && |
| 30 | eth_hdr(*pskb)->h_proto == htons(ETH_P_ARP)) { | 30 | eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) { |
| 31 | struct arphdr _ah, *ap; | 31 | struct arphdr _ah, *ap; |
| 32 | 32 | ||
| 33 | ap = skb_header_pointer(*pskb, 0, sizeof(_ah), &_ah); | 33 | ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah); |
| 34 | if (ap == NULL) | 34 | if (ap == NULL) |
| 35 | return EBT_DROP; | 35 | return EBT_DROP; |
| 36 | if (ap->ar_hln != ETH_ALEN) | 36 | if (ap->ar_hln != ETH_ALEN) |
| 37 | goto out; | 37 | goto out; |
| 38 | if (skb_store_bits(*pskb, sizeof(_ah), info->mac,ETH_ALEN)) | 38 | if (skb_store_bits(skb, sizeof(_ah), info->mac,ETH_ALEN)) |
| 39 | return EBT_DROP; | 39 | return EBT_DROP; |
| 40 | } | 40 | } |
| 41 | out: | 41 | out: |
diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c index d37ce0478938..e44519ebf1d2 100644 --- a/net/bridge/netfilter/ebtable_broute.c +++ b/net/bridge/netfilter/ebtable_broute.c | |||
| @@ -51,11 +51,11 @@ static struct ebt_table broute_table = | |||
| 51 | .me = THIS_MODULE, | 51 | .me = THIS_MODULE, |
| 52 | }; | 52 | }; |
| 53 | 53 | ||
| 54 | static int ebt_broute(struct sk_buff **pskb) | 54 | static int ebt_broute(struct sk_buff *skb) |
| 55 | { | 55 | { |
| 56 | int ret; | 56 | int ret; |
| 57 | 57 | ||
| 58 | ret = ebt_do_table(NF_BR_BROUTING, pskb, (*pskb)->dev, NULL, | 58 | ret = ebt_do_table(NF_BR_BROUTING, skb, skb->dev, NULL, |
| 59 | &broute_table); | 59 | &broute_table); |
| 60 | if (ret == NF_DROP) | 60 | if (ret == NF_DROP) |
| 61 | return 1; /* route it */ | 61 | return 1; /* route it */ |
diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c index 81d84145c417..210493f99bc4 100644 --- a/net/bridge/netfilter/ebtable_filter.c +++ b/net/bridge/netfilter/ebtable_filter.c | |||
| @@ -61,10 +61,10 @@ static struct ebt_table frame_filter = | |||
| 61 | }; | 61 | }; |
| 62 | 62 | ||
| 63 | static unsigned int | 63 | static unsigned int |
| 64 | ebt_hook (unsigned int hook, struct sk_buff **pskb, const struct net_device *in, | 64 | ebt_hook(unsigned int hook, struct sk_buff *skb, const struct net_device *in, |
| 65 | const struct net_device *out, int (*okfn)(struct sk_buff *)) | 65 | const struct net_device *out, int (*okfn)(struct sk_buff *)) |
| 66 | { | 66 | { |
| 67 | return ebt_do_table(hook, pskb, in, out, &frame_filter); | 67 | return ebt_do_table(hook, skb, in, out, &frame_filter); |
| 68 | } | 68 | } |
| 69 | 69 | ||
| 70 | static struct nf_hook_ops ebt_ops_filter[] = { | 70 | static struct nf_hook_ops ebt_ops_filter[] = { |
diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c index 9c50488b62eb..3e58c2e5ee21 100644 --- a/net/bridge/netfilter/ebtable_nat.c +++ b/net/bridge/netfilter/ebtable_nat.c | |||
| @@ -61,17 +61,17 @@ static struct ebt_table frame_nat = | |||
| 61 | }; | 61 | }; |
| 62 | 62 | ||
| 63 | static unsigned int | 63 | static unsigned int |
| 64 | ebt_nat_dst(unsigned int hook, struct sk_buff **pskb, const struct net_device *in | 64 | ebt_nat_dst(unsigned int hook, struct sk_buff *skb, const struct net_device *in |
| 65 | , const struct net_device *out, int (*okfn)(struct sk_buff *)) | 65 | , const struct net_device *out, int (*okfn)(struct sk_buff *)) |
| 66 | { | 66 | { |
| 67 | return ebt_do_table(hook, pskb, in, out, &frame_nat); | 67 | return ebt_do_table(hook, skb, in, out, &frame_nat); |
| 68 | } | 68 | } |
| 69 | 69 | ||
| 70 | static unsigned int | 70 | static unsigned int |
| 71 | ebt_nat_src(unsigned int hook, struct sk_buff **pskb, const struct net_device *in | 71 | ebt_nat_src(unsigned int hook, struct sk_buff *skb, const struct net_device *in |
| 72 | , const struct net_device *out, int (*okfn)(struct sk_buff *)) | 72 | , const struct net_device *out, int (*okfn)(struct sk_buff *)) |
| 73 | { | 73 | { |
| 74 | return ebt_do_table(hook, pskb, in, out, &frame_nat); | 74 | return ebt_do_table(hook, skb, in, out, &frame_nat); |
| 75 | } | 75 | } |
| 76 | 76 | ||
| 77 | static struct nf_hook_ops ebt_ops_nat[] = { | 77 | static struct nf_hook_ops ebt_ops_nat[] = { |
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 6018d0e51938..d5a09eaef915 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
| @@ -142,7 +142,7 @@ static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h, | |||
| 142 | } | 142 | } |
| 143 | 143 | ||
| 144 | /* Do some firewalling */ | 144 | /* Do some firewalling */ |
| 145 | unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, | 145 | unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, |
| 146 | const struct net_device *in, const struct net_device *out, | 146 | const struct net_device *in, const struct net_device *out, |
| 147 | struct ebt_table *table) | 147 | struct ebt_table *table) |
| 148 | { | 148 | { |
| @@ -172,19 +172,19 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, | |||
| 172 | base = private->entries; | 172 | base = private->entries; |
| 173 | i = 0; | 173 | i = 0; |
| 174 | while (i < nentries) { | 174 | while (i < nentries) { |
| 175 | if (ebt_basic_match(point, eth_hdr(*pskb), in, out)) | 175 | if (ebt_basic_match(point, eth_hdr(skb), in, out)) |
| 176 | goto letscontinue; | 176 | goto letscontinue; |
| 177 | 177 | ||
| 178 | if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0) | 178 | if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, in, out) != 0) |
| 179 | goto letscontinue; | 179 | goto letscontinue; |
| 180 | 180 | ||
| 181 | /* increase counter */ | 181 | /* increase counter */ |
| 182 | (*(counter_base + i)).pcnt++; | 182 | (*(counter_base + i)).pcnt++; |
| 183 | (*(counter_base + i)).bcnt+=(**pskb).len; | 183 | (*(counter_base + i)).bcnt += skb->len; |
| 184 | 184 | ||
| 185 | /* these should only watch: not modify, nor tell us | 185 | /* these should only watch: not modify, nor tell us |
| 186 | what to do with the packet */ | 186 | what to do with the packet */ |
| 187 | EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in, | 187 | EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, hook, in, |
| 188 | out); | 188 | out); |
| 189 | 189 | ||
| 190 | t = (struct ebt_entry_target *) | 190 | t = (struct ebt_entry_target *) |
| @@ -193,7 +193,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, | |||
| 193 | if (!t->u.target->target) | 193 | if (!t->u.target->target) |
| 194 | verdict = ((struct ebt_standard_target *)t)->verdict; | 194 | verdict = ((struct ebt_standard_target *)t)->verdict; |
| 195 | else | 195 | else |
| 196 | verdict = t->u.target->target(pskb, hook, | 196 | verdict = t->u.target->target(skb, hook, |
| 197 | in, out, t->data, t->target_size); | 197 | in, out, t->data, t->target_size); |
| 198 | if (verdict == EBT_ACCEPT) { | 198 | if (verdict == EBT_ACCEPT) { |
| 199 | read_unlock_bh(&table->lock); | 199 | read_unlock_bh(&table->lock); |