aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/bridge/br.c2
-rw-r--r--net/bridge/br_input.c6
-rw-r--r--net/bridge/br_netfilter.c36
-rw-r--r--net/bridge/netfilter/ebt_arpreply.c3
-rw-r--r--net/bridge/netfilter/ebt_dnat.c17
-rw-r--r--net/bridge/netfilter/ebt_mark.c10
-rw-r--r--net/bridge/netfilter/ebt_redirect.c21
-rw-r--r--net/bridge/netfilter/ebt_snat.c23
-rw-r--r--net/bridge/netfilter/ebtable_broute.c4
-rw-r--r--net/bridge/netfilter/ebtable_filter.c4
-rw-r--r--net/bridge/netfilter/ebtable_nat.c8
-rw-r--r--net/bridge/netfilter/ebtables.c12
-rw-r--r--net/core/dev.c89
-rw-r--r--net/core/neighbour.c2
-rw-r--r--net/core/skbuff.c195
-rw-r--r--net/dccp/ipv6.c3
-rw-r--r--net/decnet/netfilter/dn_rtmsg.c4
-rw-r--r--net/ipv4/Makefile3
-rw-r--r--net/ipv4/inet_fragment.c174
-rw-r--r--net/ipv4/ip_forward.c2
-rw-r--r--net/ipv4/ip_fragment.c421
-rw-r--r--net/ipv4/ip_input.c10
-rw-r--r--net/ipv4/ip_output.c2
-rw-r--r--net/ipv4/ipvs/ip_vs_app.c33
-rw-r--r--net/ipv4/ipvs/ip_vs_core.c104
-rw-r--r--net/ipv4/ipvs/ip_vs_ftp.c19
-rw-r--r--net/ipv4/ipvs/ip_vs_proto_tcp.c51
-rw-r--r--net/ipv4/ipvs/ip_vs_proto_udp.c51
-rw-r--r--net/ipv4/ipvs/ip_vs_xmit.c6
-rw-r--r--net/ipv4/netfilter.c77
-rw-r--r--net/ipv4/netfilter/arp_tables.c20
-rw-r--r--net/ipv4/netfilter/arpt_mangle.c28
-rw-r--r--net/ipv4/netfilter/arptable_filter.c4
-rw-r--r--net/ipv4/netfilter/ip_queue.c24
-rw-r--r--net/ipv4/netfilter/ip_tables.c20
-rw-r--r--net/ipv4/netfilter/ipt_CLUSTERIP.c14
-rw-r--r--net/ipv4/netfilter/ipt_ECN.c27
-rw-r--r--net/ipv4/netfilter/ipt_LOG.c4
-rw-r--r--net/ipv4/netfilter/ipt_MASQUERADE.c6
-rw-r--r--net/ipv4/netfilter/ipt_NETMAP.c8
-rw-r--r--net/ipv4/netfilter/ipt_REDIRECT.c6
-rw-r--r--net/ipv4/netfilter/ipt_REJECT.c22
-rw-r--r--net/ipv4/netfilter/ipt_SAME.c4
-rw-r--r--net/ipv4/netfilter/ipt_TOS.c8
-rw-r--r--net/ipv4/netfilter/ipt_TTL.c6
-rw-r--r--net/ipv4/netfilter/ipt_ULOG.c4
-rw-r--r--net/ipv4/netfilter/iptable_filter.c12
-rw-r--r--net/ipv4/netfilter/iptable_mangle.c22
-rw-r--r--net/ipv4/netfilter/iptable_raw.c12
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c48
-rw-r--r--net/ipv4/netfilter/nf_nat_amanda.c4
-rw-r--r--net/ipv4/netfilter/nf_nat_core.c50
-rw-r--r--net/ipv4/netfilter/nf_nat_ftp.c18
-rw-r--r--net/ipv4/netfilter/nf_nat_h323.c58
-rw-r--r--net/ipv4/netfilter/nf_nat_helper.c118
-rw-r--r--net/ipv4/netfilter/nf_nat_irc.c4
-rw-r--r--net/ipv4/netfilter/nf_nat_pptp.c8
-rw-r--r--net/ipv4/netfilter/nf_nat_proto_gre.c8
-rw-r--r--net/ipv4/netfilter/nf_nat_proto_icmp.c10
-rw-r--r--net/ipv4/netfilter/nf_nat_proto_tcp.c16
-rw-r--r--net/ipv4/netfilter/nf_nat_proto_udp.c16
-rw-r--r--net/ipv4/netfilter/nf_nat_proto_unknown.c2
-rw-r--r--net/ipv4/netfilter/nf_nat_rule.c14
-rw-r--r--net/ipv4/netfilter/nf_nat_sip.c56
-rw-r--r--net/ipv4/netfilter/nf_nat_snmp_basic.c14
-rw-r--r--net/ipv4/netfilter/nf_nat_standalone.c62
-rw-r--r--net/ipv4/netfilter/nf_nat_tftp.c2
-rw-r--r--net/ipv4/proc.c4
-rw-r--r--net/ipv4/sysctl_net_ipv4.c9
-rw-r--r--net/ipv4/tcp_input.c11
-rw-r--r--net/ipv4/xfrm4_output.c4
-rw-r--r--net/ipv6/exthdrs.c64
-rw-r--r--net/ipv6/icmp.c5
-rw-r--r--net/ipv6/inet6_connection_sock.c2
-rw-r--r--net/ipv6/ip6_input.c6
-rw-r--r--net/ipv6/ip6_output.c2
-rw-r--r--net/ipv6/netfilter.c6
-rw-r--r--net/ipv6/netfilter/ip6_queue.c20
-rw-r--r--net/ipv6/netfilter/ip6_tables.c16
-rw-r--r--net/ipv6/netfilter/ip6t_HL.c6
-rw-r--r--net/ipv6/netfilter/ip6t_LOG.c5
-rw-r--r--net/ipv6/netfilter/ip6t_REJECT.c14
-rw-r--r--net/ipv6/netfilter/ip6table_filter.c12
-rw-r--r--net/ipv6/netfilter/ip6table_mangle.c32
-rw-r--r--net/ipv6/netfilter/ip6table_raw.c4
-rw-r--r--net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c51
-rw-r--r--net/ipv6/netfilter/nf_conntrack_reasm.c314
-rw-r--r--net/ipv6/proc.c2
-rw-r--r--net/ipv6/reassembly.c361
-rw-r--r--net/ipv6/route.c77
-rw-r--r--net/ipv6/sysctl_net_ipv6.c9
-rw-r--r--net/ipv6/tcp_ipv6.c3
-rw-r--r--net/ipv6/tunnel6.c6
-rw-r--r--net/ipv6/udp.c7
-rw-r--r--net/ipv6/udp_impl.h2
-rw-r--r--net/ipv6/udplite.c4
-rw-r--r--net/ipv6/xfrm6_input.c4
-rw-r--r--net/ipv6/xfrm6_output.c4
-rw-r--r--net/netfilter/core.c48
-rw-r--r--net/netfilter/nf_conntrack_amanda.c20
-rw-r--r--net/netfilter/nf_conntrack_core.c30
-rw-r--r--net/netfilter/nf_conntrack_ftp.c18
-rw-r--r--net/netfilter/nf_conntrack_h323_main.c236
-rw-r--r--net/netfilter/nf_conntrack_irc.c16
-rw-r--r--net/netfilter/nf_conntrack_netbios_ns.c10
-rw-r--r--net/netfilter/nf_conntrack_pptp.c28
-rw-r--r--net/netfilter/nf_conntrack_sane.c10
-rw-r--r--net/netfilter/nf_conntrack_sip.c24
-rw-r--r--net/netfilter/nf_conntrack_tftp.c8
-rw-r--r--net/netfilter/nf_internals.h2
-rw-r--r--net/netfilter/nf_queue.c4
-rw-r--r--net/netfilter/nfnetlink_queue.c20
-rw-r--r--net/netfilter/xt_CLASSIFY.c4
-rw-r--r--net/netfilter/xt_CONNMARK.c14
-rw-r--r--net/netfilter/xt_CONNSECMARK.c3
-rw-r--r--net/netfilter/xt_DSCP.c16
-rw-r--r--net/netfilter/xt_MARK.c12
-rw-r--r--net/netfilter/xt_NFLOG.c4
-rw-r--r--net/netfilter/xt_NFQUEUE.c2
-rw-r--r--net/netfilter/xt_NOTRACK.c10
-rw-r--r--net/netfilter/xt_SECMARK.c4
-rw-r--r--net/netfilter/xt_TCPMSS.c58
-rw-r--r--net/netfilter/xt_TRACE.c4
-rw-r--r--net/netlink/af_netlink.c2
-rw-r--r--net/sched/act_ipt.c6
-rw-r--r--net/sched/sch_ingress.c5
-rw-r--r--net/sctp/ipv6.c4
127 files changed, 1759 insertions, 2080 deletions
diff --git a/net/bridge/br.c b/net/bridge/br.c
index 848b8fa8bedd..93867bb6cc97 100644
--- a/net/bridge/br.c
+++ b/net/bridge/br.c
@@ -23,7 +23,7 @@
23 23
24#include "br_private.h" 24#include "br_private.h"
25 25
26int (*br_should_route_hook) (struct sk_buff **pskb) = NULL; 26int (*br_should_route_hook)(struct sk_buff *skb);
27 27
28static struct llc_sap *br_stp_sap; 28static struct llc_sap *br_stp_sap;
29 29
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index 3a8a015c92e0..3cedd4eeeed6 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -126,6 +126,10 @@ struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb)
126 if (!is_valid_ether_addr(eth_hdr(skb)->h_source)) 126 if (!is_valid_ether_addr(eth_hdr(skb)->h_source))
127 goto drop; 127 goto drop;
128 128
129 skb = skb_share_check(skb, GFP_ATOMIC);
130 if (!skb)
131 return NULL;
132
129 if (unlikely(is_link_local(dest))) { 133 if (unlikely(is_link_local(dest))) {
130 /* Pause frames shouldn't be passed up by driver anyway */ 134 /* Pause frames shouldn't be passed up by driver anyway */
131 if (skb->protocol == htons(ETH_P_PAUSE)) 135 if (skb->protocol == htons(ETH_P_PAUSE))
@@ -145,7 +149,7 @@ struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb)
145 case BR_STATE_FORWARDING: 149 case BR_STATE_FORWARDING:
146 150
147 if (br_should_route_hook) { 151 if (br_should_route_hook) {
148 if (br_should_route_hook(&skb)) 152 if (br_should_route_hook(skb))
149 return skb; 153 return skb;
150 dest = eth_hdr(skb)->h_dest; 154 dest = eth_hdr(skb)->h_dest;
151 } 155 }
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 8245f051ccbb..da22f900e89d 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -503,18 +503,14 @@ inhdr_error:
503 * receiving device) to make netfilter happy, the REDIRECT 503 * receiving device) to make netfilter happy, the REDIRECT
504 * target in particular. Save the original destination IP 504 * target in particular. Save the original destination IP
505 * address to be able to detect DNAT afterwards. */ 505 * address to be able to detect DNAT afterwards. */
506static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb, 506static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb,
507 const struct net_device *in, 507 const struct net_device *in,
508 const struct net_device *out, 508 const struct net_device *out,
509 int (*okfn)(struct sk_buff *)) 509 int (*okfn)(struct sk_buff *))
510{ 510{
511 struct iphdr *iph; 511 struct iphdr *iph;
512 struct sk_buff *skb = *pskb;
513 __u32 len = nf_bridge_encap_header_len(skb); 512 __u32 len = nf_bridge_encap_header_len(skb);
514 513
515 if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
516 return NF_STOLEN;
517
518 if (unlikely(!pskb_may_pull(skb, len))) 514 if (unlikely(!pskb_may_pull(skb, len)))
519 goto out; 515 goto out;
520 516
@@ -584,13 +580,11 @@ out:
584 * took place when the packet entered the bridge), but we 580 * took place when the packet entered the bridge), but we
585 * register an IPv4 PRE_ROUTING 'sabotage' hook that will 581 * register an IPv4 PRE_ROUTING 'sabotage' hook that will
586 * prevent this from happening. */ 582 * prevent this from happening. */
587static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff **pskb, 583static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff *skb,
588 const struct net_device *in, 584 const struct net_device *in,
589 const struct net_device *out, 585 const struct net_device *out,
590 int (*okfn)(struct sk_buff *)) 586 int (*okfn)(struct sk_buff *))
591{ 587{
592 struct sk_buff *skb = *pskb;
593
594 if (skb->dst == (struct dst_entry *)&__fake_rtable) { 588 if (skb->dst == (struct dst_entry *)&__fake_rtable) {
595 dst_release(skb->dst); 589 dst_release(skb->dst);
596 skb->dst = NULL; 590 skb->dst = NULL;
@@ -625,12 +619,11 @@ static int br_nf_forward_finish(struct sk_buff *skb)
625 * but we are still able to filter on the 'real' indev/outdev 619 * but we are still able to filter on the 'real' indev/outdev
626 * because of the physdev module. For ARP, indev and outdev are the 620 * because of the physdev module. For ARP, indev and outdev are the
627 * bridge ports. */ 621 * bridge ports. */
628static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb, 622static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff *skb,
629 const struct net_device *in, 623 const struct net_device *in,
630 const struct net_device *out, 624 const struct net_device *out,
631 int (*okfn)(struct sk_buff *)) 625 int (*okfn)(struct sk_buff *))
632{ 626{
633 struct sk_buff *skb = *pskb;
634 struct nf_bridge_info *nf_bridge; 627 struct nf_bridge_info *nf_bridge;
635 struct net_device *parent; 628 struct net_device *parent;
636 int pf; 629 int pf;
@@ -648,7 +641,7 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb,
648 else 641 else
649 pf = PF_INET6; 642 pf = PF_INET6;
650 643
651 nf_bridge_pull_encap_header(*pskb); 644 nf_bridge_pull_encap_header(skb);
652 645
653 nf_bridge = skb->nf_bridge; 646 nf_bridge = skb->nf_bridge;
654 if (skb->pkt_type == PACKET_OTHERHOST) { 647 if (skb->pkt_type == PACKET_OTHERHOST) {
@@ -666,12 +659,11 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb,
666 return NF_STOLEN; 659 return NF_STOLEN;
667} 660}
668 661
669static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb, 662static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff *skb,
670 const struct net_device *in, 663 const struct net_device *in,
671 const struct net_device *out, 664 const struct net_device *out,
672 int (*okfn)(struct sk_buff *)) 665 int (*okfn)(struct sk_buff *))
673{ 666{
674 struct sk_buff *skb = *pskb;
675 struct net_device **d = (struct net_device **)(skb->cb); 667 struct net_device **d = (struct net_device **)(skb->cb);
676 668
677#ifdef CONFIG_SYSCTL 669#ifdef CONFIG_SYSCTL
@@ -682,12 +674,12 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb,
682 if (skb->protocol != htons(ETH_P_ARP)) { 674 if (skb->protocol != htons(ETH_P_ARP)) {
683 if (!IS_VLAN_ARP(skb)) 675 if (!IS_VLAN_ARP(skb))
684 return NF_ACCEPT; 676 return NF_ACCEPT;
685 nf_bridge_pull_encap_header(*pskb); 677 nf_bridge_pull_encap_header(skb);
686 } 678 }
687 679
688 if (arp_hdr(skb)->ar_pln != 4) { 680 if (arp_hdr(skb)->ar_pln != 4) {
689 if (IS_VLAN_ARP(skb)) 681 if (IS_VLAN_ARP(skb))
690 nf_bridge_push_encap_header(*pskb); 682 nf_bridge_push_encap_header(skb);
691 return NF_ACCEPT; 683 return NF_ACCEPT;
692 } 684 }
693 *d = (struct net_device *)in; 685 *d = (struct net_device *)in;
@@ -709,13 +701,12 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb,
709 * NF_BR_PRI_FIRST, so no relevant PF_BRIDGE/INPUT functions have been nor 701 * NF_BR_PRI_FIRST, so no relevant PF_BRIDGE/INPUT functions have been nor
710 * will be executed. 702 * will be executed.
711 */ 703 */
712static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff **pskb, 704static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff *skb,
713 const struct net_device *in, 705 const struct net_device *in,
714 const struct net_device *out, 706 const struct net_device *out,
715 int (*okfn)(struct sk_buff *)) 707 int (*okfn)(struct sk_buff *))
716{ 708{
717 struct net_device *realindev; 709 struct net_device *realindev;
718 struct sk_buff *skb = *pskb;
719 struct nf_bridge_info *nf_bridge; 710 struct nf_bridge_info *nf_bridge;
720 711
721 if (!skb->nf_bridge) 712 if (!skb->nf_bridge)
@@ -752,13 +743,12 @@ static int br_nf_dev_queue_xmit(struct sk_buff *skb)
752} 743}
753 744
754/* PF_BRIDGE/POST_ROUTING ********************************************/ 745/* PF_BRIDGE/POST_ROUTING ********************************************/
755static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb, 746static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,
756 const struct net_device *in, 747 const struct net_device *in,
757 const struct net_device *out, 748 const struct net_device *out,
758 int (*okfn)(struct sk_buff *)) 749 int (*okfn)(struct sk_buff *))
759{ 750{
760 struct sk_buff *skb = *pskb; 751 struct nf_bridge_info *nf_bridge = skb->nf_bridge;
761 struct nf_bridge_info *nf_bridge = (*pskb)->nf_bridge;
762 struct net_device *realoutdev = bridge_parent(skb->dev); 752 struct net_device *realoutdev = bridge_parent(skb->dev);
763 int pf; 753 int pf;
764 754
@@ -828,13 +818,13 @@ print_error:
828/* IP/SABOTAGE *****************************************************/ 818/* IP/SABOTAGE *****************************************************/
829/* Don't hand locally destined packets to PF_INET(6)/PRE_ROUTING 819/* Don't hand locally destined packets to PF_INET(6)/PRE_ROUTING
830 * for the second time. */ 820 * for the second time. */
831static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff **pskb, 821static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff *skb,
832 const struct net_device *in, 822 const struct net_device *in,
833 const struct net_device *out, 823 const struct net_device *out,
834 int (*okfn)(struct sk_buff *)) 824 int (*okfn)(struct sk_buff *))
835{ 825{
836 if ((*pskb)->nf_bridge && 826 if (skb->nf_bridge &&
837 !((*pskb)->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)) { 827 !(skb->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)) {
838 return NF_STOP; 828 return NF_STOP;
839 } 829 }
840 830
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c
index ffe468a632e7..48a80e423287 100644
--- a/net/bridge/netfilter/ebt_arpreply.c
+++ b/net/bridge/netfilter/ebt_arpreply.c
@@ -15,7 +15,7 @@
15#include <net/arp.h> 15#include <net/arp.h>
16#include <linux/module.h> 16#include <linux/module.h>
17 17
18static int ebt_target_reply(struct sk_buff **pskb, unsigned int hooknr, 18static int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr,
19 const struct net_device *in, const struct net_device *out, 19 const struct net_device *in, const struct net_device *out,
20 const void *data, unsigned int datalen) 20 const void *data, unsigned int datalen)
21{ 21{
@@ -23,7 +23,6 @@ static int ebt_target_reply(struct sk_buff **pskb, unsigned int hooknr,
23 __be32 _sip, *siptr, _dip, *diptr; 23 __be32 _sip, *siptr, _dip, *diptr;
24 struct arphdr _ah, *ap; 24 struct arphdr _ah, *ap;
25 unsigned char _sha[ETH_ALEN], *shp; 25 unsigned char _sha[ETH_ALEN], *shp;
26 struct sk_buff *skb = *pskb;
27 26
28 ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah); 27 ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah);
29 if (ap == NULL) 28 if (ap == NULL)
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c
index 4582659dff0e..74262e9a566a 100644
--- a/net/bridge/netfilter/ebt_dnat.c
+++ b/net/bridge/netfilter/ebt_dnat.c
@@ -8,29 +8,22 @@
8 * 8 *
9 */ 9 */
10 10
11#include <linux/netfilter.h>
11#include <linux/netfilter_bridge/ebtables.h> 12#include <linux/netfilter_bridge/ebtables.h>
12#include <linux/netfilter_bridge/ebt_nat.h> 13#include <linux/netfilter_bridge/ebt_nat.h>
13#include <linux/module.h> 14#include <linux/module.h>
14#include <net/sock.h> 15#include <net/sock.h>
15 16
16static int ebt_target_dnat(struct sk_buff **pskb, unsigned int hooknr, 17static int ebt_target_dnat(struct sk_buff *skb, unsigned int hooknr,
17 const struct net_device *in, const struct net_device *out, 18 const struct net_device *in, const struct net_device *out,
18 const void *data, unsigned int datalen) 19 const void *data, unsigned int datalen)
19{ 20{
20 struct ebt_nat_info *info = (struct ebt_nat_info *)data; 21 struct ebt_nat_info *info = (struct ebt_nat_info *)data;
21 22
22 if (skb_shared(*pskb) || skb_cloned(*pskb)) { 23 if (skb_make_writable(skb, 0))
23 struct sk_buff *nskb; 24 return NF_DROP;
24 25
25 nskb = skb_copy(*pskb, GFP_ATOMIC); 26 memcpy(eth_hdr(skb)->h_dest, info->mac, ETH_ALEN);
26 if (!nskb)
27 return NF_DROP;
28 if ((*pskb)->sk)
29 skb_set_owner_w(nskb, (*pskb)->sk);
30 kfree_skb(*pskb);
31 *pskb = nskb;
32 }
33 memcpy(eth_hdr(*pskb)->h_dest, info->mac, ETH_ALEN);
34 return info->target; 27 return info->target;
35} 28}
36 29
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c
index 62d23c7b25e6..6cba54309c09 100644
--- a/net/bridge/netfilter/ebt_mark.c
+++ b/net/bridge/netfilter/ebt_mark.c
@@ -17,7 +17,7 @@
17#include <linux/netfilter_bridge/ebt_mark_t.h> 17#include <linux/netfilter_bridge/ebt_mark_t.h>
18#include <linux/module.h> 18#include <linux/module.h>
19 19
20static int ebt_target_mark(struct sk_buff **pskb, unsigned int hooknr, 20static int ebt_target_mark(struct sk_buff *skb, unsigned int hooknr,
21 const struct net_device *in, const struct net_device *out, 21 const struct net_device *in, const struct net_device *out,
22 const void *data, unsigned int datalen) 22 const void *data, unsigned int datalen)
23{ 23{
@@ -25,13 +25,13 @@ static int ebt_target_mark(struct sk_buff **pskb, unsigned int hooknr,
25 int action = info->target & -16; 25 int action = info->target & -16;
26 26
27 if (action == MARK_SET_VALUE) 27 if (action == MARK_SET_VALUE)
28 (*pskb)->mark = info->mark; 28 skb->mark = info->mark;
29 else if (action == MARK_OR_VALUE) 29 else if (action == MARK_OR_VALUE)
30 (*pskb)->mark |= info->mark; 30 skb->mark |= info->mark;
31 else if (action == MARK_AND_VALUE) 31 else if (action == MARK_AND_VALUE)
32 (*pskb)->mark &= info->mark; 32 skb->mark &= info->mark;
33 else 33 else
34 (*pskb)->mark ^= info->mark; 34 skb->mark ^= info->mark;
35 35
36 return info->target | ~EBT_VERDICT_BITS; 36 return info->target | ~EBT_VERDICT_BITS;
37} 37}
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c
index 9f378eab72d0..422cb834cff9 100644
--- a/net/bridge/netfilter/ebt_redirect.c
+++ b/net/bridge/netfilter/ebt_redirect.c
@@ -8,35 +8,28 @@
8 * 8 *
9 */ 9 */
10 10
11#include <linux/netfilter.h>
11#include <linux/netfilter_bridge/ebtables.h> 12#include <linux/netfilter_bridge/ebtables.h>
12#include <linux/netfilter_bridge/ebt_redirect.h> 13#include <linux/netfilter_bridge/ebt_redirect.h>
13#include <linux/module.h> 14#include <linux/module.h>
14#include <net/sock.h> 15#include <net/sock.h>
15#include "../br_private.h" 16#include "../br_private.h"
16 17
17static int ebt_target_redirect(struct sk_buff **pskb, unsigned int hooknr, 18static int ebt_target_redirect(struct sk_buff *skb, unsigned int hooknr,
18 const struct net_device *in, const struct net_device *out, 19 const struct net_device *in, const struct net_device *out,
19 const void *data, unsigned int datalen) 20 const void *data, unsigned int datalen)
20{ 21{
21 struct ebt_redirect_info *info = (struct ebt_redirect_info *)data; 22 struct ebt_redirect_info *info = (struct ebt_redirect_info *)data;
22 23
23 if (skb_shared(*pskb) || skb_cloned(*pskb)) { 24 if (skb_make_writable(skb, 0))
24 struct sk_buff *nskb; 25 return NF_DROP;
25 26
26 nskb = skb_copy(*pskb, GFP_ATOMIC);
27 if (!nskb)
28 return NF_DROP;
29 if ((*pskb)->sk)
30 skb_set_owner_w(nskb, (*pskb)->sk);
31 kfree_skb(*pskb);
32 *pskb = nskb;
33 }
34 if (hooknr != NF_BR_BROUTING) 27 if (hooknr != NF_BR_BROUTING)
35 memcpy(eth_hdr(*pskb)->h_dest, 28 memcpy(eth_hdr(skb)->h_dest,
36 in->br_port->br->dev->dev_addr, ETH_ALEN); 29 in->br_port->br->dev->dev_addr, ETH_ALEN);
37 else 30 else
38 memcpy(eth_hdr(*pskb)->h_dest, in->dev_addr, ETH_ALEN); 31 memcpy(eth_hdr(skb)->h_dest, in->dev_addr, ETH_ALEN);
39 (*pskb)->pkt_type = PACKET_HOST; 32 skb->pkt_type = PACKET_HOST;
40 return info->target; 33 return info->target;
41} 34}
42 35
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c
index a50722182bfe..425ac920904d 100644
--- a/net/bridge/netfilter/ebt_snat.c
+++ b/net/bridge/netfilter/ebt_snat.c
@@ -8,6 +8,7 @@
8 * 8 *
9 */ 9 */
10 10
11#include <linux/netfilter.h>
11#include <linux/netfilter_bridge/ebtables.h> 12#include <linux/netfilter_bridge/ebtables.h>
12#include <linux/netfilter_bridge/ebt_nat.h> 13#include <linux/netfilter_bridge/ebt_nat.h>
13#include <linux/module.h> 14#include <linux/module.h>
@@ -15,34 +16,26 @@
15#include <linux/if_arp.h> 16#include <linux/if_arp.h>
16#include <net/arp.h> 17#include <net/arp.h>
17 18
18static int ebt_target_snat(struct sk_buff **pskb, unsigned int hooknr, 19static int ebt_target_snat(struct sk_buff *skb, unsigned int hooknr,
19 const struct net_device *in, const struct net_device *out, 20 const struct net_device *in, const struct net_device *out,
20 const void *data, unsigned int datalen) 21 const void *data, unsigned int datalen)
21{ 22{
22 struct ebt_nat_info *info = (struct ebt_nat_info *) data; 23 struct ebt_nat_info *info = (struct ebt_nat_info *) data;
23 24
24 if (skb_shared(*pskb) || skb_cloned(*pskb)) { 25 if (skb_make_writable(skb, 0))
25 struct sk_buff *nskb; 26 return NF_DROP;
26 27
27 nskb = skb_copy(*pskb, GFP_ATOMIC); 28 memcpy(eth_hdr(skb)->h_source, info->mac, ETH_ALEN);
28 if (!nskb)
29 return NF_DROP;
30 if ((*pskb)->sk)
31 skb_set_owner_w(nskb, (*pskb)->sk);
32 kfree_skb(*pskb);
33 *pskb = nskb;
34 }
35 memcpy(eth_hdr(*pskb)->h_source, info->mac, ETH_ALEN);
36 if (!(info->target & NAT_ARP_BIT) && 29 if (!(info->target & NAT_ARP_BIT) &&
37 eth_hdr(*pskb)->h_proto == htons(ETH_P_ARP)) { 30 eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) {
38 struct arphdr _ah, *ap; 31 struct arphdr _ah, *ap;
39 32
40 ap = skb_header_pointer(*pskb, 0, sizeof(_ah), &_ah); 33 ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah);
41 if (ap == NULL) 34 if (ap == NULL)
42 return EBT_DROP; 35 return EBT_DROP;
43 if (ap->ar_hln != ETH_ALEN) 36 if (ap->ar_hln != ETH_ALEN)
44 goto out; 37 goto out;
45 if (skb_store_bits(*pskb, sizeof(_ah), info->mac,ETH_ALEN)) 38 if (skb_store_bits(skb, sizeof(_ah), info->mac,ETH_ALEN))
46 return EBT_DROP; 39 return EBT_DROP;
47 } 40 }
48out: 41out:
diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c
index d37ce0478938..e44519ebf1d2 100644
--- a/net/bridge/netfilter/ebtable_broute.c
+++ b/net/bridge/netfilter/ebtable_broute.c
@@ -51,11 +51,11 @@ static struct ebt_table broute_table =
51 .me = THIS_MODULE, 51 .me = THIS_MODULE,
52}; 52};
53 53
54static int ebt_broute(struct sk_buff **pskb) 54static int ebt_broute(struct sk_buff *skb)
55{ 55{
56 int ret; 56 int ret;
57 57
58 ret = ebt_do_table(NF_BR_BROUTING, pskb, (*pskb)->dev, NULL, 58 ret = ebt_do_table(NF_BR_BROUTING, skb, skb->dev, NULL,
59 &broute_table); 59 &broute_table);
60 if (ret == NF_DROP) 60 if (ret == NF_DROP)
61 return 1; /* route it */ 61 return 1; /* route it */
diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c
index 81d84145c417..210493f99bc4 100644
--- a/net/bridge/netfilter/ebtable_filter.c
+++ b/net/bridge/netfilter/ebtable_filter.c
@@ -61,10 +61,10 @@ static struct ebt_table frame_filter =
61}; 61};
62 62
63static unsigned int 63static unsigned int
64ebt_hook (unsigned int hook, struct sk_buff **pskb, const struct net_device *in, 64ebt_hook(unsigned int hook, struct sk_buff *skb, const struct net_device *in,
65 const struct net_device *out, int (*okfn)(struct sk_buff *)) 65 const struct net_device *out, int (*okfn)(struct sk_buff *))
66{ 66{
67 return ebt_do_table(hook, pskb, in, out, &frame_filter); 67 return ebt_do_table(hook, skb, in, out, &frame_filter);
68} 68}
69 69
70static struct nf_hook_ops ebt_ops_filter[] = { 70static struct nf_hook_ops ebt_ops_filter[] = {
diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c
index 9c50488b62eb..3e58c2e5ee21 100644
--- a/net/bridge/netfilter/ebtable_nat.c
+++ b/net/bridge/netfilter/ebtable_nat.c
@@ -61,17 +61,17 @@ static struct ebt_table frame_nat =
61}; 61};
62 62
63static unsigned int 63static unsigned int
64ebt_nat_dst(unsigned int hook, struct sk_buff **pskb, const struct net_device *in 64ebt_nat_dst(unsigned int hook, struct sk_buff *skb, const struct net_device *in
65 , const struct net_device *out, int (*okfn)(struct sk_buff *)) 65 , const struct net_device *out, int (*okfn)(struct sk_buff *))
66{ 66{
67 return ebt_do_table(hook, pskb, in, out, &frame_nat); 67 return ebt_do_table(hook, skb, in, out, &frame_nat);
68} 68}
69 69
70static unsigned int 70static unsigned int
71ebt_nat_src(unsigned int hook, struct sk_buff **pskb, const struct net_device *in 71ebt_nat_src(unsigned int hook, struct sk_buff *skb, const struct net_device *in
72 , const struct net_device *out, int (*okfn)(struct sk_buff *)) 72 , const struct net_device *out, int (*okfn)(struct sk_buff *))
73{ 73{
74 return ebt_do_table(hook, pskb, in, out, &frame_nat); 74 return ebt_do_table(hook, skb, in, out, &frame_nat);
75} 75}
76 76
77static struct nf_hook_ops ebt_ops_nat[] = { 77static struct nf_hook_ops ebt_ops_nat[] = {
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 6018d0e51938..d5a09eaef915 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -142,7 +142,7 @@ static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
142} 142}
143 143
144/* Do some firewalling */ 144/* Do some firewalling */
145unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, 145unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
146 const struct net_device *in, const struct net_device *out, 146 const struct net_device *in, const struct net_device *out,
147 struct ebt_table *table) 147 struct ebt_table *table)
148{ 148{
@@ -172,19 +172,19 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
172 base = private->entries; 172 base = private->entries;
173 i = 0; 173 i = 0;
174 while (i < nentries) { 174 while (i < nentries) {
175 if (ebt_basic_match(point, eth_hdr(*pskb), in, out)) 175 if (ebt_basic_match(point, eth_hdr(skb), in, out))
176 goto letscontinue; 176 goto letscontinue;
177 177
178 if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0) 178 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, in, out) != 0)
179 goto letscontinue; 179 goto letscontinue;
180 180
181 /* increase counter */ 181 /* increase counter */
182 (*(counter_base + i)).pcnt++; 182 (*(counter_base + i)).pcnt++;
183 (*(counter_base + i)).bcnt+=(**pskb).len; 183 (*(counter_base + i)).bcnt += skb->len;
184 184
185 /* these should only watch: not modify, nor tell us 185 /* these should only watch: not modify, nor tell us
186 what to do with the packet */ 186 what to do with the packet */
187 EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in, 187 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, hook, in,
188 out); 188 out);
189 189
190 t = (struct ebt_entry_target *) 190 t = (struct ebt_entry_target *)
@@ -193,7 +193,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
193 if (!t->u.target->target) 193 if (!t->u.target->target)
194 verdict = ((struct ebt_standard_target *)t)->verdict; 194 verdict = ((struct ebt_standard_target *)t)->verdict;
195 else 195 else
196 verdict = t->u.target->target(pskb, hook, 196 verdict = t->u.target->target(skb, hook,
197 in, out, t->data, t->target_size); 197 in, out, t->data, t->target_size);
198 if (verdict == EBT_ACCEPT) { 198 if (verdict == EBT_ACCEPT) {
199 read_unlock_bh(&table->lock); 199 read_unlock_bh(&table->lock);
diff --git a/net/core/dev.c b/net/core/dev.c
index 99b7bda37d10..38b03da5c1ca 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1362,22 +1362,21 @@ int skb_checksum_help(struct sk_buff *skb)
1362 goto out_set_summed; 1362 goto out_set_summed;
1363 } 1363 }
1364 1364
1365 if (skb_cloned(skb)) { 1365 offset = skb->csum_start - skb_headroom(skb);
1366 BUG_ON(offset >= skb_headlen(skb));
1367 csum = skb_checksum(skb, offset, skb->len - offset, 0);
1368
1369 offset += skb->csum_offset;
1370 BUG_ON(offset + sizeof(__sum16) > skb_headlen(skb));
1371
1372 if (skb_cloned(skb) &&
1373 !skb_clone_writable(skb, offset + sizeof(__sum16))) {
1366 ret = pskb_expand_head(skb, 0, 0, GFP_ATOMIC); 1374 ret = pskb_expand_head(skb, 0, 0, GFP_ATOMIC);
1367 if (ret) 1375 if (ret)
1368 goto out; 1376 goto out;
1369 } 1377 }
1370 1378
1371 offset = skb->csum_start - skb_headroom(skb); 1379 *(__sum16 *)(skb->data + offset) = csum_fold(csum);
1372 BUG_ON(offset > (int)skb->len);
1373 csum = skb_checksum(skb, offset, skb->len-offset, 0);
1374
1375 offset = skb_headlen(skb) - offset;
1376 BUG_ON(offset <= 0);
1377 BUG_ON(skb->csum_offset + 2 > offset);
1378
1379 *(__sum16 *)(skb->head + skb->csum_start + skb->csum_offset) =
1380 csum_fold(csum);
1381out_set_summed: 1380out_set_summed:
1382 skb->ip_summed = CHECKSUM_NONE; 1381 skb->ip_summed = CHECKSUM_NONE;
1383out: 1382out:
@@ -1949,27 +1948,51 @@ static int ing_filter(struct sk_buff *skb)
1949 struct Qdisc *q; 1948 struct Qdisc *q;
1950 struct net_device *dev = skb->dev; 1949 struct net_device *dev = skb->dev;
1951 int result = TC_ACT_OK; 1950 int result = TC_ACT_OK;
1951 u32 ttl = G_TC_RTTL(skb->tc_verd);
1952 1952
1953 if (dev->qdisc_ingress) { 1953 if (MAX_RED_LOOP < ttl++) {
1954 __u32 ttl = (__u32) G_TC_RTTL(skb->tc_verd); 1954 printk(KERN_WARNING
1955 if (MAX_RED_LOOP < ttl++) { 1955 "Redir loop detected Dropping packet (%d->%d)\n",
1956 printk(KERN_WARNING "Redir loop detected Dropping packet (%d->%d)\n", 1956 skb->iif, dev->ifindex);
1957 skb->iif, skb->dev->ifindex); 1957 return TC_ACT_SHOT;
1958 return TC_ACT_SHOT; 1958 }
1959 } 1959
1960 skb->tc_verd = SET_TC_RTTL(skb->tc_verd, ttl);
1961 skb->tc_verd = SET_TC_AT(skb->tc_verd, AT_INGRESS);
1960 1962
1961 skb->tc_verd = SET_TC_RTTL(skb->tc_verd,ttl); 1963 spin_lock(&dev->ingress_lock);
1964 if ((q = dev->qdisc_ingress) != NULL)
1965 result = q->enqueue(skb, q);
1966 spin_unlock(&dev->ingress_lock);
1962 1967
1963 skb->tc_verd = SET_TC_AT(skb->tc_verd,AT_INGRESS); 1968 return result;
1969}
1970
1971static inline struct sk_buff *handle_ing(struct sk_buff *skb,
1972 struct packet_type **pt_prev,
1973 int *ret, struct net_device *orig_dev)
1974{
1975 if (!skb->dev->qdisc_ingress)
1976 goto out;
1964 1977
1965 spin_lock(&dev->ingress_lock); 1978 if (*pt_prev) {
1966 if ((q = dev->qdisc_ingress) != NULL) 1979 *ret = deliver_skb(skb, *pt_prev, orig_dev);
1967 result = q->enqueue(skb, q); 1980 *pt_prev = NULL;
1968 spin_unlock(&dev->ingress_lock); 1981 } else {
1982 /* Huh? Why does turning on AF_PACKET affect this? */
1983 skb->tc_verd = SET_TC_OK2MUNGE(skb->tc_verd);
1984 }
1969 1985
1986 switch (ing_filter(skb)) {
1987 case TC_ACT_SHOT:
1988 case TC_ACT_STOLEN:
1989 kfree_skb(skb);
1990 return NULL;
1970 } 1991 }
1971 1992
1972 return result; 1993out:
1994 skb->tc_verd = 0;
1995 return skb;
1973} 1996}
1974#endif 1997#endif
1975 1998
@@ -2021,21 +2044,9 @@ int netif_receive_skb(struct sk_buff *skb)
2021 } 2044 }
2022 2045
2023#ifdef CONFIG_NET_CLS_ACT 2046#ifdef CONFIG_NET_CLS_ACT
2024 if (pt_prev) { 2047 skb = handle_ing(skb, &pt_prev, &ret, orig_dev);
2025 ret = deliver_skb(skb, pt_prev, orig_dev); 2048 if (!skb)
2026 pt_prev = NULL; /* noone else should process this after*/
2027 } else {
2028 skb->tc_verd = SET_TC_OK2MUNGE(skb->tc_verd);
2029 }
2030
2031 ret = ing_filter(skb);
2032
2033 if (ret == TC_ACT_SHOT || (ret == TC_ACT_STOLEN)) {
2034 kfree_skb(skb);
2035 goto out; 2049 goto out;
2036 }
2037
2038 skb->tc_verd = 0;
2039ncls: 2050ncls:
2040#endif 2051#endif
2041 2052
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index c52df858d0be..cd3af59b38a1 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -481,6 +481,8 @@ struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl, const void *pkey,
481 if (!creat) 481 if (!creat)
482 goto out; 482 goto out;
483 483
484 ASSERT_RTNL();
485
484 n = kmalloc(sizeof(*n) + key_len, GFP_KERNEL); 486 n = kmalloc(sizeof(*n) + key_len, GFP_KERNEL);
485 if (!n) 487 if (!n)
486 goto out; 488 goto out;
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 944189d96323..70d9b5da96ae 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -362,6 +362,97 @@ void kfree_skb(struct sk_buff *skb)
362 __kfree_skb(skb); 362 __kfree_skb(skb);
363} 363}
364 364
365static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
366{
367 new->tstamp = old->tstamp;
368 new->dev = old->dev;
369 new->transport_header = old->transport_header;
370 new->network_header = old->network_header;
371 new->mac_header = old->mac_header;
372 new->dst = dst_clone(old->dst);
373#ifdef CONFIG_INET
374 new->sp = secpath_get(old->sp);
375#endif
376 memcpy(new->cb, old->cb, sizeof(old->cb));
377 new->csum_start = old->csum_start;
378 new->csum_offset = old->csum_offset;
379 new->local_df = old->local_df;
380 new->pkt_type = old->pkt_type;
381 new->ip_summed = old->ip_summed;
382 skb_copy_queue_mapping(new, old);
383 new->priority = old->priority;
384#if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
385 new->ipvs_property = old->ipvs_property;
386#endif
387 new->protocol = old->protocol;
388 new->mark = old->mark;
389 __nf_copy(new, old);
390#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
391 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
392 new->nf_trace = old->nf_trace;
393#endif
394#ifdef CONFIG_NET_SCHED
395 new->tc_index = old->tc_index;
396#ifdef CONFIG_NET_CLS_ACT
397 new->tc_verd = old->tc_verd;
398#endif
399#endif
400 skb_copy_secmark(new, old);
401}
402
403static struct sk_buff *__skb_clone(struct sk_buff *n, struct sk_buff *skb)
404{
405#define C(x) n->x = skb->x
406
407 n->next = n->prev = NULL;
408 n->sk = NULL;
409 __copy_skb_header(n, skb);
410
411 C(len);
412 C(data_len);
413 C(mac_len);
414 n->cloned = 1;
415 n->hdr_len = skb->nohdr ? skb_headroom(skb) : skb->hdr_len;
416 n->nohdr = 0;
417 n->destructor = NULL;
418#ifdef CONFIG_NET_CLS_ACT
419 /* FIXME What is this and why don't we do it in copy_skb_header? */
420 n->tc_verd = SET_TC_VERD(n->tc_verd,0);
421 n->tc_verd = CLR_TC_OK2MUNGE(n->tc_verd);
422 n->tc_verd = CLR_TC_MUNGED(n->tc_verd);
423 C(iif);
424#endif
425 C(truesize);
426 atomic_set(&n->users, 1);
427 C(head);
428 C(data);
429 C(tail);
430 C(end);
431
432 atomic_inc(&(skb_shinfo(skb)->dataref));
433 skb->cloned = 1;
434
435 return n;
436#undef C
437}
438
439/**
440 * skb_morph - morph one skb into another
441 * @dst: the skb to receive the contents
442 * @src: the skb to supply the contents
443 *
444 * This is identical to skb_clone except that the target skb is
445 * supplied by the user.
446 *
447 * The target skb is returned upon exit.
448 */
449struct sk_buff *skb_morph(struct sk_buff *dst, struct sk_buff *src)
450{
451 skb_release_data(dst);
452 return __skb_clone(dst, src);
453}
454EXPORT_SYMBOL_GPL(skb_morph);
455
365/** 456/**
366 * skb_clone - duplicate an sk_buff 457 * skb_clone - duplicate an sk_buff
367 * @skb: buffer to clone 458 * @skb: buffer to clone
@@ -393,66 +484,7 @@ struct sk_buff *skb_clone(struct sk_buff *skb, gfp_t gfp_mask)
393 n->fclone = SKB_FCLONE_UNAVAILABLE; 484 n->fclone = SKB_FCLONE_UNAVAILABLE;
394 } 485 }
395 486
396#define C(x) n->x = skb->x 487 return __skb_clone(n, skb);
397
398 n->next = n->prev = NULL;
399 n->sk = NULL;
400 C(tstamp);
401 C(dev);
402 C(transport_header);
403 C(network_header);
404 C(mac_header);
405 C(dst);
406 dst_clone(skb->dst);
407 C(sp);
408#ifdef CONFIG_INET
409 secpath_get(skb->sp);
410#endif
411 memcpy(n->cb, skb->cb, sizeof(skb->cb));
412 C(len);
413 C(data_len);
414 C(mac_len);
415 C(csum);
416 C(local_df);
417 n->cloned = 1;
418 n->hdr_len = skb->nohdr ? skb_headroom(skb) : skb->hdr_len;
419 n->nohdr = 0;
420 C(pkt_type);
421 C(ip_summed);
422 skb_copy_queue_mapping(n, skb);
423 C(priority);
424#if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
425 C(ipvs_property);
426#endif
427 C(protocol);
428 n->destructor = NULL;
429 C(mark);
430 __nf_copy(n, skb);
431#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
432 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
433 C(nf_trace);
434#endif
435#ifdef CONFIG_NET_SCHED
436 C(tc_index);
437#ifdef CONFIG_NET_CLS_ACT
438 n->tc_verd = SET_TC_VERD(skb->tc_verd,0);
439 n->tc_verd = CLR_TC_OK2MUNGE(n->tc_verd);
440 n->tc_verd = CLR_TC_MUNGED(n->tc_verd);
441 C(iif);
442#endif
443#endif
444 skb_copy_secmark(n, skb);
445 C(truesize);
446 atomic_set(&n->users, 1);
447 C(head);
448 C(data);
449 C(tail);
450 C(end);
451
452 atomic_inc(&(skb_shinfo(skb)->dataref));
453 skb->cloned = 1;
454
455 return n;
456} 488}
457 489
458static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old) 490static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
@@ -463,50 +495,15 @@ static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
463 */ 495 */
464 unsigned long offset = new->data - old->data; 496 unsigned long offset = new->data - old->data;
465#endif 497#endif
466 new->sk = NULL; 498
467 new->dev = old->dev; 499 __copy_skb_header(new, old);
468 skb_copy_queue_mapping(new, old); 500
469 new->priority = old->priority;
470 new->protocol = old->protocol;
471 new->dst = dst_clone(old->dst);
472#ifdef CONFIG_INET
473 new->sp = secpath_get(old->sp);
474#endif
475 new->csum_start = old->csum_start;
476 new->csum_offset = old->csum_offset;
477 new->ip_summed = old->ip_summed;
478 new->transport_header = old->transport_header;
479 new->network_header = old->network_header;
480 new->mac_header = old->mac_header;
481#ifndef NET_SKBUFF_DATA_USES_OFFSET 501#ifndef NET_SKBUFF_DATA_USES_OFFSET
482 /* {transport,network,mac}_header are relative to skb->head */ 502 /* {transport,network,mac}_header are relative to skb->head */
483 new->transport_header += offset; 503 new->transport_header += offset;
484 new->network_header += offset; 504 new->network_header += offset;
485 new->mac_header += offset; 505 new->mac_header += offset;
486#endif 506#endif
487 memcpy(new->cb, old->cb, sizeof(old->cb));
488 new->local_df = old->local_df;
489 new->fclone = SKB_FCLONE_UNAVAILABLE;
490 new->pkt_type = old->pkt_type;
491 new->tstamp = old->tstamp;
492 new->destructor = NULL;
493 new->mark = old->mark;
494 __nf_copy(new, old);
495#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
496 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
497 new->nf_trace = old->nf_trace;
498#endif
499#if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
500 new->ipvs_property = old->ipvs_property;
501#endif
502#ifdef CONFIG_NET_SCHED
503#ifdef CONFIG_NET_CLS_ACT
504 new->tc_verd = old->tc_verd;
505#endif
506 new->tc_index = old->tc_index;
507#endif
508 skb_copy_secmark(new, old);
509 atomic_set(&new->users, 1);
510 skb_shinfo(new)->gso_size = skb_shinfo(old)->gso_size; 507 skb_shinfo(new)->gso_size = skb_shinfo(old)->gso_size;
511 skb_shinfo(new)->gso_segs = skb_shinfo(old)->gso_segs; 508 skb_shinfo(new)->gso_segs = skb_shinfo(old)->gso_segs;
512 skb_shinfo(new)->gso_type = skb_shinfo(old)->gso_type; 509 skb_shinfo(new)->gso_type = skb_shinfo(old)->gso_type;
@@ -685,7 +682,7 @@ int pskb_expand_head(struct sk_buff *skb, int nhead, int ntail,
685 skb->transport_header += off; 682 skb->transport_header += off;
686 skb->network_header += off; 683 skb->network_header += off;
687 skb->mac_header += off; 684 skb->mac_header += off;
688 skb->csum_start += off; 685 skb->csum_start += nhead;
689 skb->cloned = 0; 686 skb->cloned = 0;
690 skb->hdr_len = 0; 687 skb->hdr_len = 0;
691 skb->nohdr = 0; 688 skb->nohdr = 0;
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index 006a3834fbcd..cac53548c2d8 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -767,10 +767,9 @@ discard:
767 return 0; 767 return 0;
768} 768}
769 769
770static int dccp_v6_rcv(struct sk_buff **pskb) 770static int dccp_v6_rcv(struct sk_buff *skb)
771{ 771{
772 const struct dccp_hdr *dh; 772 const struct dccp_hdr *dh;
773 struct sk_buff *skb = *pskb;
774 struct sock *sk; 773 struct sock *sk;
775 int min_cov; 774 int min_cov;
776 775
diff --git a/net/decnet/netfilter/dn_rtmsg.c b/net/decnet/netfilter/dn_rtmsg.c
index f7fba7721e63..43fcd29046d1 100644
--- a/net/decnet/netfilter/dn_rtmsg.c
+++ b/net/decnet/netfilter/dn_rtmsg.c
@@ -88,12 +88,12 @@ static void dnrmg_send_peer(struct sk_buff *skb)
88 88
89 89
90static unsigned int dnrmg_hook(unsigned int hook, 90static unsigned int dnrmg_hook(unsigned int hook,
91 struct sk_buff **pskb, 91 struct sk_buff *skb,
92 const struct net_device *in, 92 const struct net_device *in,
93 const struct net_device *out, 93 const struct net_device *out,
94 int (*okfn)(struct sk_buff *)) 94 int (*okfn)(struct sk_buff *))
95{ 95{
96 dnrmg_send_peer(*pskb); 96 dnrmg_send_peer(skb);
97 return NF_ACCEPT; 97 return NF_ACCEPT;
98} 98}
99 99
diff --git a/net/ipv4/Makefile b/net/ipv4/Makefile
index a02c36d0a13e..93fe3966805d 100644
--- a/net/ipv4/Makefile
+++ b/net/ipv4/Makefile
@@ -10,7 +10,8 @@ obj-y := route.o inetpeer.o protocol.o \
10 tcp_minisocks.o tcp_cong.o \ 10 tcp_minisocks.o tcp_cong.o \
11 datagram.o raw.o udp.o udplite.o \ 11 datagram.o raw.o udp.o udplite.o \
12 arp.o icmp.o devinet.o af_inet.o igmp.o \ 12 arp.o icmp.o devinet.o af_inet.o igmp.o \
13 sysctl_net_ipv4.o fib_frontend.o fib_semantics.o 13 sysctl_net_ipv4.o fib_frontend.o fib_semantics.o \
14 inet_fragment.o
14 15
15obj-$(CONFIG_IP_FIB_HASH) += fib_hash.o 16obj-$(CONFIG_IP_FIB_HASH) += fib_hash.o
16obj-$(CONFIG_IP_FIB_TRIE) += fib_trie.o 17obj-$(CONFIG_IP_FIB_TRIE) += fib_trie.o
diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c
new file mode 100644
index 000000000000..484cf512858f
--- /dev/null
+++ b/net/ipv4/inet_fragment.c
@@ -0,0 +1,174 @@
1/*
2 * inet fragments management
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
8 *
9 * Authors: Pavel Emelyanov <xemul@openvz.org>
10 * Started as consolidation of ipv4/ip_fragment.c,
11 * ipv6/reassembly. and ipv6 nf conntrack reassembly
12 */
13
14#include <linux/list.h>
15#include <linux/spinlock.h>
16#include <linux/module.h>
17#include <linux/timer.h>
18#include <linux/mm.h>
19#include <linux/random.h>
20#include <linux/skbuff.h>
21#include <linux/rtnetlink.h>
22
23#include <net/inet_frag.h>
24
25static void inet_frag_secret_rebuild(unsigned long dummy)
26{
27 struct inet_frags *f = (struct inet_frags *)dummy;
28 unsigned long now = jiffies;
29 int i;
30
31 write_lock(&f->lock);
32 get_random_bytes(&f->rnd, sizeof(u32));
33 for (i = 0; i < INETFRAGS_HASHSZ; i++) {
34 struct inet_frag_queue *q;
35 struct hlist_node *p, *n;
36
37 hlist_for_each_entry_safe(q, p, n, &f->hash[i], list) {
38 unsigned int hval = f->hashfn(q);
39
40 if (hval != i) {
41 hlist_del(&q->list);
42
43 /* Relink to new hash chain. */
44 hlist_add_head(&q->list, &f->hash[hval]);
45 }
46 }
47 }
48 write_unlock(&f->lock);
49
50 mod_timer(&f->secret_timer, now + f->ctl->secret_interval);
51}
52
53void inet_frags_init(struct inet_frags *f)
54{
55 int i;
56
57 for (i = 0; i < INETFRAGS_HASHSZ; i++)
58 INIT_HLIST_HEAD(&f->hash[i]);
59
60 INIT_LIST_HEAD(&f->lru_list);
61 rwlock_init(&f->lock);
62
63 f->rnd = (u32) ((num_physpages ^ (num_physpages>>7)) ^
64 (jiffies ^ (jiffies >> 6)));
65
66 f->nqueues = 0;
67 atomic_set(&f->mem, 0);
68
69 init_timer(&f->secret_timer);
70 f->secret_timer.function = inet_frag_secret_rebuild;
71 f->secret_timer.data = (unsigned long)f;
72 f->secret_timer.expires = jiffies + f->ctl->secret_interval;
73 add_timer(&f->secret_timer);
74}
75EXPORT_SYMBOL(inet_frags_init);
76
77void inet_frags_fini(struct inet_frags *f)
78{
79 del_timer(&f->secret_timer);
80}
81EXPORT_SYMBOL(inet_frags_fini);
82
83static inline void fq_unlink(struct inet_frag_queue *fq, struct inet_frags *f)
84{
85 write_lock(&f->lock);
86 hlist_del(&fq->list);
87 list_del(&fq->lru_list);
88 f->nqueues--;
89 write_unlock(&f->lock);
90}
91
92void inet_frag_kill(struct inet_frag_queue *fq, struct inet_frags *f)
93{
94 if (del_timer(&fq->timer))
95 atomic_dec(&fq->refcnt);
96
97 if (!(fq->last_in & COMPLETE)) {
98 fq_unlink(fq, f);
99 atomic_dec(&fq->refcnt);
100 fq->last_in |= COMPLETE;
101 }
102}
103
104EXPORT_SYMBOL(inet_frag_kill);
105
106static inline void frag_kfree_skb(struct inet_frags *f, struct sk_buff *skb,
107 int *work)
108{
109 if (work)
110 *work -= skb->truesize;
111
112 atomic_sub(skb->truesize, &f->mem);
113 if (f->skb_free)
114 f->skb_free(skb);
115 kfree_skb(skb);
116}
117
118void inet_frag_destroy(struct inet_frag_queue *q, struct inet_frags *f,
119 int *work)
120{
121 struct sk_buff *fp;
122
123 BUG_TRAP(q->last_in & COMPLETE);
124 BUG_TRAP(del_timer(&q->timer) == 0);
125
126 /* Release all fragment data. */
127 fp = q->fragments;
128 while (fp) {
129 struct sk_buff *xp = fp->next;
130
131 frag_kfree_skb(f, fp, work);
132 fp = xp;
133 }
134
135 if (work)
136 *work -= f->qsize;
137 atomic_sub(f->qsize, &f->mem);
138
139 f->destructor(q);
140
141}
142EXPORT_SYMBOL(inet_frag_destroy);
143
144int inet_frag_evictor(struct inet_frags *f)
145{
146 struct inet_frag_queue *q;
147 int work, evicted = 0;
148
149 work = atomic_read(&f->mem) - f->ctl->low_thresh;
150 while (work > 0) {
151 read_lock(&f->lock);
152 if (list_empty(&f->lru_list)) {
153 read_unlock(&f->lock);
154 break;
155 }
156
157 q = list_first_entry(&f->lru_list,
158 struct inet_frag_queue, lru_list);
159 atomic_inc(&q->refcnt);
160 read_unlock(&f->lock);
161
162 spin_lock(&q->lock);
163 if (!(q->last_in & COMPLETE))
164 inet_frag_kill(q, f);
165 spin_unlock(&q->lock);
166
167 if (atomic_dec_and_test(&q->refcnt))
168 inet_frag_destroy(q, f, &work);
169 evicted++;
170 }
171
172 return evicted;
173}
174EXPORT_SYMBOL(inet_frag_evictor);
diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index afbf938836f5..877da3ed52e2 100644
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -40,7 +40,7 @@
40#include <net/route.h> 40#include <net/route.h>
41#include <net/xfrm.h> 41#include <net/xfrm.h>
42 42
43static inline int ip_forward_finish(struct sk_buff *skb) 43static int ip_forward_finish(struct sk_buff *skb)
44{ 44{
45 struct ip_options * opt = &(IPCB(skb)->opt); 45 struct ip_options * opt = &(IPCB(skb)->opt);
46 46
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index fabb86db763b..443b3f89192f 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -39,6 +39,7 @@
39#include <net/icmp.h> 39#include <net/icmp.h>
40#include <net/checksum.h> 40#include <net/checksum.h>
41#include <net/inetpeer.h> 41#include <net/inetpeer.h>
42#include <net/inet_frag.h>
42#include <linux/tcp.h> 43#include <linux/tcp.h>
43#include <linux/udp.h> 44#include <linux/udp.h>
44#include <linux/inet.h> 45#include <linux/inet.h>
@@ -49,21 +50,8 @@
49 * as well. Or notify me, at least. --ANK 50 * as well. Or notify me, at least. --ANK
50 */ 51 */
51 52
52/* Fragment cache limits. We will commit 256K at one time. Should we
53 * cross that limit we will prune down to 192K. This should cope with
54 * even the most extreme cases without allowing an attacker to measurably
55 * harm machine performance.
56 */
57int sysctl_ipfrag_high_thresh __read_mostly = 256*1024;
58int sysctl_ipfrag_low_thresh __read_mostly = 192*1024;
59
60int sysctl_ipfrag_max_dist __read_mostly = 64; 53int sysctl_ipfrag_max_dist __read_mostly = 64;
61 54
62/* Important NOTE! Fragment queue must be destroyed before MSL expires.
63 * RFC791 is wrong proposing to prolongate timer each fragment arrival by TTL.
64 */
65int sysctl_ipfrag_time __read_mostly = IP_FRAG_TIME;
66
67struct ipfrag_skb_cb 55struct ipfrag_skb_cb
68{ 56{
69 struct inet_skb_parm h; 57 struct inet_skb_parm h;
@@ -74,153 +62,102 @@ struct ipfrag_skb_cb
74 62
75/* Describe an entry in the "incomplete datagrams" queue. */ 63/* Describe an entry in the "incomplete datagrams" queue. */
76struct ipq { 64struct ipq {
77 struct hlist_node list; 65 struct inet_frag_queue q;
78 struct list_head lru_list; /* lru list member */ 66
79 u32 user; 67 u32 user;
80 __be32 saddr; 68 __be32 saddr;
81 __be32 daddr; 69 __be32 daddr;
82 __be16 id; 70 __be16 id;
83 u8 protocol; 71 u8 protocol;
84 u8 last_in;
85#define COMPLETE 4
86#define FIRST_IN 2
87#define LAST_IN 1
88
89 struct sk_buff *fragments; /* linked list of received fragments */
90 int len; /* total length of original datagram */
91 int meat;
92 spinlock_t lock;
93 atomic_t refcnt;
94 struct timer_list timer; /* when will this queue expire? */
95 ktime_t stamp;
96 int iif; 72 int iif;
97 unsigned int rid; 73 unsigned int rid;
98 struct inet_peer *peer; 74 struct inet_peer *peer;
99}; 75};
100 76
101/* Hash table. */ 77struct inet_frags_ctl ip4_frags_ctl __read_mostly = {
78 /*
79 * Fragment cache limits. We will commit 256K at one time. Should we
80 * cross that limit we will prune down to 192K. This should cope with
81 * even the most extreme cases without allowing an attacker to
82 * measurably harm machine performance.
83 */
84 .high_thresh = 256 * 1024,
85 .low_thresh = 192 * 1024,
102 86
103#define IPQ_HASHSZ 64 87 /*
88 * Important NOTE! Fragment queue must be destroyed before MSL expires.
89 * RFC791 is wrong proposing to prolongate timer each fragment arrival
90 * by TTL.
91 */
92 .timeout = IP_FRAG_TIME,
93 .secret_interval = 10 * 60 * HZ,
94};
104 95
105/* Per-bucket lock is easy to add now. */ 96static struct inet_frags ip4_frags;
106static struct hlist_head ipq_hash[IPQ_HASHSZ];
107static DEFINE_RWLOCK(ipfrag_lock);
108static u32 ipfrag_hash_rnd;
109static LIST_HEAD(ipq_lru_list);
110int ip_frag_nqueues = 0;
111 97
112static __inline__ void __ipq_unlink(struct ipq *qp) 98int ip_frag_nqueues(void)
113{ 99{
114 hlist_del(&qp->list); 100 return ip4_frags.nqueues;
115 list_del(&qp->lru_list);
116 ip_frag_nqueues--;
117} 101}
118 102
119static __inline__ void ipq_unlink(struct ipq *ipq) 103int ip_frag_mem(void)
120{ 104{
121 write_lock(&ipfrag_lock); 105 return atomic_read(&ip4_frags.mem);
122 __ipq_unlink(ipq);
123 write_unlock(&ipfrag_lock);
124} 106}
125 107
108static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev,
109 struct net_device *dev);
110
126static unsigned int ipqhashfn(__be16 id, __be32 saddr, __be32 daddr, u8 prot) 111static unsigned int ipqhashfn(__be16 id, __be32 saddr, __be32 daddr, u8 prot)
127{ 112{
128 return jhash_3words((__force u32)id << 16 | prot, 113 return jhash_3words((__force u32)id << 16 | prot,
129 (__force u32)saddr, (__force u32)daddr, 114 (__force u32)saddr, (__force u32)daddr,
130 ipfrag_hash_rnd) & (IPQ_HASHSZ - 1); 115 ip4_frags.rnd) & (INETFRAGS_HASHSZ - 1);
131} 116}
132 117
133static struct timer_list ipfrag_secret_timer; 118static unsigned int ip4_hashfn(struct inet_frag_queue *q)
134int sysctl_ipfrag_secret_interval __read_mostly = 10 * 60 * HZ;
135
136static void ipfrag_secret_rebuild(unsigned long dummy)
137{ 119{
138 unsigned long now = jiffies; 120 struct ipq *ipq;
139 int i;
140
141 write_lock(&ipfrag_lock);
142 get_random_bytes(&ipfrag_hash_rnd, sizeof(u32));
143 for (i = 0; i < IPQ_HASHSZ; i++) {
144 struct ipq *q;
145 struct hlist_node *p, *n;
146
147 hlist_for_each_entry_safe(q, p, n, &ipq_hash[i], list) {
148 unsigned int hval = ipqhashfn(q->id, q->saddr,
149 q->daddr, q->protocol);
150
151 if (hval != i) {
152 hlist_del(&q->list);
153 121
154 /* Relink to new hash chain. */ 122 ipq = container_of(q, struct ipq, q);
155 hlist_add_head(&q->list, &ipq_hash[hval]); 123 return ipqhashfn(ipq->id, ipq->saddr, ipq->daddr, ipq->protocol);
156 }
157 }
158 }
159 write_unlock(&ipfrag_lock);
160
161 mod_timer(&ipfrag_secret_timer, now + sysctl_ipfrag_secret_interval);
162} 124}
163 125
164atomic_t ip_frag_mem = ATOMIC_INIT(0); /* Memory used for fragments */
165
166/* Memory Tracking Functions. */ 126/* Memory Tracking Functions. */
167static __inline__ void frag_kfree_skb(struct sk_buff *skb, int *work) 127static __inline__ void frag_kfree_skb(struct sk_buff *skb, int *work)
168{ 128{
169 if (work) 129 if (work)
170 *work -= skb->truesize; 130 *work -= skb->truesize;
171 atomic_sub(skb->truesize, &ip_frag_mem); 131 atomic_sub(skb->truesize, &ip4_frags.mem);
172 kfree_skb(skb); 132 kfree_skb(skb);
173} 133}
174 134
175static __inline__ void frag_free_queue(struct ipq *qp, int *work) 135static __inline__ void ip4_frag_free(struct inet_frag_queue *q)
176{ 136{
177 if (work) 137 struct ipq *qp;
178 *work -= sizeof(struct ipq); 138
179 atomic_sub(sizeof(struct ipq), &ip_frag_mem); 139 qp = container_of(q, struct ipq, q);
140 if (qp->peer)
141 inet_putpeer(qp->peer);
180 kfree(qp); 142 kfree(qp);
181} 143}
182 144
183static __inline__ struct ipq *frag_alloc_queue(void) 145static __inline__ struct ipq *frag_alloc_queue(void)
184{ 146{
185 struct ipq *qp = kmalloc(sizeof(struct ipq), GFP_ATOMIC); 147 struct ipq *qp = kzalloc(sizeof(struct ipq), GFP_ATOMIC);
186 148
187 if (!qp) 149 if (!qp)
188 return NULL; 150 return NULL;
189 atomic_add(sizeof(struct ipq), &ip_frag_mem); 151 atomic_add(sizeof(struct ipq), &ip4_frags.mem);
190 return qp; 152 return qp;
191} 153}
192 154
193 155
194/* Destruction primitives. */ 156/* Destruction primitives. */
195 157
196/* Complete destruction of ipq. */ 158static __inline__ void ipq_put(struct ipq *ipq)
197static void ip_frag_destroy(struct ipq *qp, int *work)
198{
199 struct sk_buff *fp;
200
201 BUG_TRAP(qp->last_in&COMPLETE);
202 BUG_TRAP(del_timer(&qp->timer) == 0);
203
204 if (qp->peer)
205 inet_putpeer(qp->peer);
206
207 /* Release all fragment data. */
208 fp = qp->fragments;
209 while (fp) {
210 struct sk_buff *xp = fp->next;
211
212 frag_kfree_skb(fp, work);
213 fp = xp;
214 }
215
216 /* Finally, release the queue descriptor itself. */
217 frag_free_queue(qp, work);
218}
219
220static __inline__ void ipq_put(struct ipq *ipq, int *work)
221{ 159{
222 if (atomic_dec_and_test(&ipq->refcnt)) 160 inet_frag_put(&ipq->q, &ip4_frags);
223 ip_frag_destroy(ipq, work);
224} 161}
225 162
226/* Kill ipq entry. It is not destroyed immediately, 163/* Kill ipq entry. It is not destroyed immediately,
@@ -228,14 +165,7 @@ static __inline__ void ipq_put(struct ipq *ipq, int *work)
228 */ 165 */
229static void ipq_kill(struct ipq *ipq) 166static void ipq_kill(struct ipq *ipq)
230{ 167{
231 if (del_timer(&ipq->timer)) 168 inet_frag_kill(&ipq->q, &ip4_frags);
232 atomic_dec(&ipq->refcnt);
233
234 if (!(ipq->last_in & COMPLETE)) {
235 ipq_unlink(ipq);
236 atomic_dec(&ipq->refcnt);
237 ipq->last_in |= COMPLETE;
238 }
239} 169}
240 170
241/* Memory limiting on fragments. Evictor trashes the oldest 171/* Memory limiting on fragments. Evictor trashes the oldest
@@ -243,33 +173,11 @@ static void ipq_kill(struct ipq *ipq)
243 */ 173 */
244static void ip_evictor(void) 174static void ip_evictor(void)
245{ 175{
246 struct ipq *qp; 176 int evicted;
247 struct list_head *tmp;
248 int work;
249
250 work = atomic_read(&ip_frag_mem) - sysctl_ipfrag_low_thresh;
251 if (work <= 0)
252 return;
253
254 while (work > 0) {
255 read_lock(&ipfrag_lock);
256 if (list_empty(&ipq_lru_list)) {
257 read_unlock(&ipfrag_lock);
258 return;
259 }
260 tmp = ipq_lru_list.next;
261 qp = list_entry(tmp, struct ipq, lru_list);
262 atomic_inc(&qp->refcnt);
263 read_unlock(&ipfrag_lock);
264 177
265 spin_lock(&qp->lock); 178 evicted = inet_frag_evictor(&ip4_frags);
266 if (!(qp->last_in&COMPLETE)) 179 if (evicted)
267 ipq_kill(qp); 180 IP_ADD_STATS_BH(IPSTATS_MIB_REASMFAILS, evicted);
268 spin_unlock(&qp->lock);
269
270 ipq_put(qp, &work);
271 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS);
272 }
273} 181}
274 182
275/* 183/*
@@ -279,9 +187,9 @@ static void ip_expire(unsigned long arg)
279{ 187{
280 struct ipq *qp = (struct ipq *) arg; 188 struct ipq *qp = (struct ipq *) arg;
281 189
282 spin_lock(&qp->lock); 190 spin_lock(&qp->q.lock);
283 191
284 if (qp->last_in & COMPLETE) 192 if (qp->q.last_in & COMPLETE)
285 goto out; 193 goto out;
286 194
287 ipq_kill(qp); 195 ipq_kill(qp);
@@ -289,8 +197,8 @@ static void ip_expire(unsigned long arg)
289 IP_INC_STATS_BH(IPSTATS_MIB_REASMTIMEOUT); 197 IP_INC_STATS_BH(IPSTATS_MIB_REASMTIMEOUT);
290 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 198 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS);
291 199
292 if ((qp->last_in&FIRST_IN) && qp->fragments != NULL) { 200 if ((qp->q.last_in&FIRST_IN) && qp->q.fragments != NULL) {
293 struct sk_buff *head = qp->fragments; 201 struct sk_buff *head = qp->q.fragments;
294 /* Send an ICMP "Fragment Reassembly Timeout" message. */ 202 /* Send an ICMP "Fragment Reassembly Timeout" message. */
295 if ((head->dev = dev_get_by_index(&init_net, qp->iif)) != NULL) { 203 if ((head->dev = dev_get_by_index(&init_net, qp->iif)) != NULL) {
296 icmp_send(head, ICMP_TIME_EXCEEDED, ICMP_EXC_FRAGTIME, 0); 204 icmp_send(head, ICMP_TIME_EXCEEDED, ICMP_EXC_FRAGTIME, 0);
@@ -298,8 +206,8 @@ static void ip_expire(unsigned long arg)
298 } 206 }
299 } 207 }
300out: 208out:
301 spin_unlock(&qp->lock); 209 spin_unlock(&qp->q.lock);
302 ipq_put(qp, NULL); 210 ipq_put(qp);
303} 211}
304 212
305/* Creation primitives. */ 213/* Creation primitives. */
@@ -312,7 +220,7 @@ static struct ipq *ip_frag_intern(struct ipq *qp_in)
312#endif 220#endif
313 unsigned int hash; 221 unsigned int hash;
314 222
315 write_lock(&ipfrag_lock); 223 write_lock(&ip4_frags.lock);
316 hash = ipqhashfn(qp_in->id, qp_in->saddr, qp_in->daddr, 224 hash = ipqhashfn(qp_in->id, qp_in->saddr, qp_in->daddr,
317 qp_in->protocol); 225 qp_in->protocol);
318#ifdef CONFIG_SMP 226#ifdef CONFIG_SMP
@@ -320,31 +228,31 @@ static struct ipq *ip_frag_intern(struct ipq *qp_in)
320 * such entry could be created on other cpu, while we 228 * such entry could be created on other cpu, while we
321 * promoted read lock to write lock. 229 * promoted read lock to write lock.
322 */ 230 */
323 hlist_for_each_entry(qp, n, &ipq_hash[hash], list) { 231 hlist_for_each_entry(qp, n, &ip4_frags.hash[hash], q.list) {
324 if (qp->id == qp_in->id && 232 if (qp->id == qp_in->id &&
325 qp->saddr == qp_in->saddr && 233 qp->saddr == qp_in->saddr &&
326 qp->daddr == qp_in->daddr && 234 qp->daddr == qp_in->daddr &&
327 qp->protocol == qp_in->protocol && 235 qp->protocol == qp_in->protocol &&
328 qp->user == qp_in->user) { 236 qp->user == qp_in->user) {
329 atomic_inc(&qp->refcnt); 237 atomic_inc(&qp->q.refcnt);
330 write_unlock(&ipfrag_lock); 238 write_unlock(&ip4_frags.lock);
331 qp_in->last_in |= COMPLETE; 239 qp_in->q.last_in |= COMPLETE;
332 ipq_put(qp_in, NULL); 240 ipq_put(qp_in);
333 return qp; 241 return qp;
334 } 242 }
335 } 243 }
336#endif 244#endif
337 qp = qp_in; 245 qp = qp_in;
338 246
339 if (!mod_timer(&qp->timer, jiffies + sysctl_ipfrag_time)) 247 if (!mod_timer(&qp->q.timer, jiffies + ip4_frags_ctl.timeout))
340 atomic_inc(&qp->refcnt); 248 atomic_inc(&qp->q.refcnt);
341 249
342 atomic_inc(&qp->refcnt); 250 atomic_inc(&qp->q.refcnt);
343 hlist_add_head(&qp->list, &ipq_hash[hash]); 251 hlist_add_head(&qp->q.list, &ip4_frags.hash[hash]);
344 INIT_LIST_HEAD(&qp->lru_list); 252 INIT_LIST_HEAD(&qp->q.lru_list);
345 list_add_tail(&qp->lru_list, &ipq_lru_list); 253 list_add_tail(&qp->q.lru_list, &ip4_frags.lru_list);
346 ip_frag_nqueues++; 254 ip4_frags.nqueues++;
347 write_unlock(&ipfrag_lock); 255 write_unlock(&ip4_frags.lock);
348 return qp; 256 return qp;
349} 257}
350 258
@@ -357,23 +265,18 @@ static struct ipq *ip_frag_create(struct iphdr *iph, u32 user)
357 goto out_nomem; 265 goto out_nomem;
358 266
359 qp->protocol = iph->protocol; 267 qp->protocol = iph->protocol;
360 qp->last_in = 0;
361 qp->id = iph->id; 268 qp->id = iph->id;
362 qp->saddr = iph->saddr; 269 qp->saddr = iph->saddr;
363 qp->daddr = iph->daddr; 270 qp->daddr = iph->daddr;
364 qp->user = user; 271 qp->user = user;
365 qp->len = 0;
366 qp->meat = 0;
367 qp->fragments = NULL;
368 qp->iif = 0;
369 qp->peer = sysctl_ipfrag_max_dist ? inet_getpeer(iph->saddr, 1) : NULL; 272 qp->peer = sysctl_ipfrag_max_dist ? inet_getpeer(iph->saddr, 1) : NULL;
370 273
371 /* Initialize a timer for this entry. */ 274 /* Initialize a timer for this entry. */
372 init_timer(&qp->timer); 275 init_timer(&qp->q.timer);
373 qp->timer.data = (unsigned long) qp; /* pointer to queue */ 276 qp->q.timer.data = (unsigned long) qp; /* pointer to queue */
374 qp->timer.function = ip_expire; /* expire function */ 277 qp->q.timer.function = ip_expire; /* expire function */
375 spin_lock_init(&qp->lock); 278 spin_lock_init(&qp->q.lock);
376 atomic_set(&qp->refcnt, 1); 279 atomic_set(&qp->q.refcnt, 1);
377 280
378 return ip_frag_intern(qp); 281 return ip_frag_intern(qp);
379 282
@@ -395,20 +298,20 @@ static inline struct ipq *ip_find(struct iphdr *iph, u32 user)
395 struct ipq *qp; 298 struct ipq *qp;
396 struct hlist_node *n; 299 struct hlist_node *n;
397 300
398 read_lock(&ipfrag_lock); 301 read_lock(&ip4_frags.lock);
399 hash = ipqhashfn(id, saddr, daddr, protocol); 302 hash = ipqhashfn(id, saddr, daddr, protocol);
400 hlist_for_each_entry(qp, n, &ipq_hash[hash], list) { 303 hlist_for_each_entry(qp, n, &ip4_frags.hash[hash], q.list) {
401 if (qp->id == id && 304 if (qp->id == id &&
402 qp->saddr == saddr && 305 qp->saddr == saddr &&
403 qp->daddr == daddr && 306 qp->daddr == daddr &&
404 qp->protocol == protocol && 307 qp->protocol == protocol &&
405 qp->user == user) { 308 qp->user == user) {
406 atomic_inc(&qp->refcnt); 309 atomic_inc(&qp->q.refcnt);
407 read_unlock(&ipfrag_lock); 310 read_unlock(&ip4_frags.lock);
408 return qp; 311 return qp;
409 } 312 }
410 } 313 }
411 read_unlock(&ipfrag_lock); 314 read_unlock(&ip4_frags.lock);
412 315
413 return ip_frag_create(iph, user); 316 return ip_frag_create(iph, user);
414} 317}
@@ -429,7 +332,7 @@ static inline int ip_frag_too_far(struct ipq *qp)
429 end = atomic_inc_return(&peer->rid); 332 end = atomic_inc_return(&peer->rid);
430 qp->rid = end; 333 qp->rid = end;
431 334
432 rc = qp->fragments && (end - start) > max; 335 rc = qp->q.fragments && (end - start) > max;
433 336
434 if (rc) { 337 if (rc) {
435 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 338 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS);
@@ -442,39 +345,42 @@ static int ip_frag_reinit(struct ipq *qp)
442{ 345{
443 struct sk_buff *fp; 346 struct sk_buff *fp;
444 347
445 if (!mod_timer(&qp->timer, jiffies + sysctl_ipfrag_time)) { 348 if (!mod_timer(&qp->q.timer, jiffies + ip4_frags_ctl.timeout)) {
446 atomic_inc(&qp->refcnt); 349 atomic_inc(&qp->q.refcnt);
447 return -ETIMEDOUT; 350 return -ETIMEDOUT;
448 } 351 }
449 352
450 fp = qp->fragments; 353 fp = qp->q.fragments;
451 do { 354 do {
452 struct sk_buff *xp = fp->next; 355 struct sk_buff *xp = fp->next;
453 frag_kfree_skb(fp, NULL); 356 frag_kfree_skb(fp, NULL);
454 fp = xp; 357 fp = xp;
455 } while (fp); 358 } while (fp);
456 359
457 qp->last_in = 0; 360 qp->q.last_in = 0;
458 qp->len = 0; 361 qp->q.len = 0;
459 qp->meat = 0; 362 qp->q.meat = 0;
460 qp->fragments = NULL; 363 qp->q.fragments = NULL;
461 qp->iif = 0; 364 qp->iif = 0;
462 365
463 return 0; 366 return 0;
464} 367}
465 368
466/* Add new segment to existing queue. */ 369/* Add new segment to existing queue. */
467static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb) 370static int ip_frag_queue(struct ipq *qp, struct sk_buff *skb)
468{ 371{
469 struct sk_buff *prev, *next; 372 struct sk_buff *prev, *next;
373 struct net_device *dev;
470 int flags, offset; 374 int flags, offset;
471 int ihl, end; 375 int ihl, end;
376 int err = -ENOENT;
472 377
473 if (qp->last_in & COMPLETE) 378 if (qp->q.last_in & COMPLETE)
474 goto err; 379 goto err;
475 380
476 if (!(IPCB(skb)->flags & IPSKB_FRAG_COMPLETE) && 381 if (!(IPCB(skb)->flags & IPSKB_FRAG_COMPLETE) &&
477 unlikely(ip_frag_too_far(qp)) && unlikely(ip_frag_reinit(qp))) { 382 unlikely(ip_frag_too_far(qp)) &&
383 unlikely(err = ip_frag_reinit(qp))) {
478 ipq_kill(qp); 384 ipq_kill(qp);
479 goto err; 385 goto err;
480 } 386 }
@@ -487,36 +393,40 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb)
487 393
488 /* Determine the position of this fragment. */ 394 /* Determine the position of this fragment. */
489 end = offset + skb->len - ihl; 395 end = offset + skb->len - ihl;
396 err = -EINVAL;
490 397
491 /* Is this the final fragment? */ 398 /* Is this the final fragment? */
492 if ((flags & IP_MF) == 0) { 399 if ((flags & IP_MF) == 0) {
493 /* If we already have some bits beyond end 400 /* If we already have some bits beyond end
494 * or have different end, the segment is corrrupted. 401 * or have different end, the segment is corrrupted.
495 */ 402 */
496 if (end < qp->len || 403 if (end < qp->q.len ||
497 ((qp->last_in & LAST_IN) && end != qp->len)) 404 ((qp->q.last_in & LAST_IN) && end != qp->q.len))
498 goto err; 405 goto err;
499 qp->last_in |= LAST_IN; 406 qp->q.last_in |= LAST_IN;
500 qp->len = end; 407 qp->q.len = end;
501 } else { 408 } else {
502 if (end&7) { 409 if (end&7) {
503 end &= ~7; 410 end &= ~7;
504 if (skb->ip_summed != CHECKSUM_UNNECESSARY) 411 if (skb->ip_summed != CHECKSUM_UNNECESSARY)
505 skb->ip_summed = CHECKSUM_NONE; 412 skb->ip_summed = CHECKSUM_NONE;
506 } 413 }
507 if (end > qp->len) { 414 if (end > qp->q.len) {
508 /* Some bits beyond end -> corruption. */ 415 /* Some bits beyond end -> corruption. */
509 if (qp->last_in & LAST_IN) 416 if (qp->q.last_in & LAST_IN)
510 goto err; 417 goto err;
511 qp->len = end; 418 qp->q.len = end;
512 } 419 }
513 } 420 }
514 if (end == offset) 421 if (end == offset)
515 goto err; 422 goto err;
516 423
424 err = -ENOMEM;
517 if (pskb_pull(skb, ihl) == NULL) 425 if (pskb_pull(skb, ihl) == NULL)
518 goto err; 426 goto err;
519 if (pskb_trim_rcsum(skb, end-offset)) 427
428 err = pskb_trim_rcsum(skb, end - offset);
429 if (err)
520 goto err; 430 goto err;
521 431
522 /* Find out which fragments are in front and at the back of us 432 /* Find out which fragments are in front and at the back of us
@@ -524,7 +434,7 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb)
524 * this fragment, right? 434 * this fragment, right?
525 */ 435 */
526 prev = NULL; 436 prev = NULL;
527 for (next = qp->fragments; next != NULL; next = next->next) { 437 for (next = qp->q.fragments; next != NULL; next = next->next) {
528 if (FRAG_CB(next)->offset >= offset) 438 if (FRAG_CB(next)->offset >= offset)
529 break; /* bingo! */ 439 break; /* bingo! */
530 prev = next; 440 prev = next;
@@ -539,8 +449,10 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb)
539 449
540 if (i > 0) { 450 if (i > 0) {
541 offset += i; 451 offset += i;
452 err = -EINVAL;
542 if (end <= offset) 453 if (end <= offset)
543 goto err; 454 goto err;
455 err = -ENOMEM;
544 if (!pskb_pull(skb, i)) 456 if (!pskb_pull(skb, i))
545 goto err; 457 goto err;
546 if (skb->ip_summed != CHECKSUM_UNNECESSARY) 458 if (skb->ip_summed != CHECKSUM_UNNECESSARY)
@@ -548,6 +460,8 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb)
548 } 460 }
549 } 461 }
550 462
463 err = -ENOMEM;
464
551 while (next && FRAG_CB(next)->offset < end) { 465 while (next && FRAG_CB(next)->offset < end) {
552 int i = end - FRAG_CB(next)->offset; /* overlap is 'i' bytes */ 466 int i = end - FRAG_CB(next)->offset; /* overlap is 'i' bytes */
553 467
@@ -558,7 +472,7 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb)
558 if (!pskb_pull(next, i)) 472 if (!pskb_pull(next, i))
559 goto err; 473 goto err;
560 FRAG_CB(next)->offset += i; 474 FRAG_CB(next)->offset += i;
561 qp->meat -= i; 475 qp->q.meat -= i;
562 if (next->ip_summed != CHECKSUM_UNNECESSARY) 476 if (next->ip_summed != CHECKSUM_UNNECESSARY)
563 next->ip_summed = CHECKSUM_NONE; 477 next->ip_summed = CHECKSUM_NONE;
564 break; 478 break;
@@ -573,9 +487,9 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb)
573 if (prev) 487 if (prev)
574 prev->next = next; 488 prev->next = next;
575 else 489 else
576 qp->fragments = next; 490 qp->q.fragments = next;
577 491
578 qp->meat -= free_it->len; 492 qp->q.meat -= free_it->len;
579 frag_kfree_skb(free_it, NULL); 493 frag_kfree_skb(free_it, NULL);
580 } 494 }
581 } 495 }
@@ -587,50 +501,77 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb)
587 if (prev) 501 if (prev)
588 prev->next = skb; 502 prev->next = skb;
589 else 503 else
590 qp->fragments = skb; 504 qp->q.fragments = skb;
591 505
592 if (skb->dev) 506 dev = skb->dev;
593 qp->iif = skb->dev->ifindex; 507 if (dev) {
594 skb->dev = NULL; 508 qp->iif = dev->ifindex;
595 qp->stamp = skb->tstamp; 509 skb->dev = NULL;
596 qp->meat += skb->len; 510 }
597 atomic_add(skb->truesize, &ip_frag_mem); 511 qp->q.stamp = skb->tstamp;
512 qp->q.meat += skb->len;
513 atomic_add(skb->truesize, &ip4_frags.mem);
598 if (offset == 0) 514 if (offset == 0)
599 qp->last_in |= FIRST_IN; 515 qp->q.last_in |= FIRST_IN;
600 516
601 write_lock(&ipfrag_lock); 517 if (qp->q.last_in == (FIRST_IN | LAST_IN) && qp->q.meat == qp->q.len)
602 list_move_tail(&qp->lru_list, &ipq_lru_list); 518 return ip_frag_reasm(qp, prev, dev);
603 write_unlock(&ipfrag_lock);
604 519
605 return; 520 write_lock(&ip4_frags.lock);
521 list_move_tail(&qp->q.lru_list, &ip4_frags.lru_list);
522 write_unlock(&ip4_frags.lock);
523 return -EINPROGRESS;
606 524
607err: 525err:
608 kfree_skb(skb); 526 kfree_skb(skb);
527 return err;
609} 528}
610 529
611 530
612/* Build a new IP datagram from all its fragments. */ 531/* Build a new IP datagram from all its fragments. */
613 532
614static struct sk_buff *ip_frag_reasm(struct ipq *qp, struct net_device *dev) 533static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev,
534 struct net_device *dev)
615{ 535{
616 struct iphdr *iph; 536 struct iphdr *iph;
617 struct sk_buff *fp, *head = qp->fragments; 537 struct sk_buff *fp, *head = qp->q.fragments;
618 int len; 538 int len;
619 int ihlen; 539 int ihlen;
540 int err;
620 541
621 ipq_kill(qp); 542 ipq_kill(qp);
622 543
544 /* Make the one we just received the head. */
545 if (prev) {
546 head = prev->next;
547 fp = skb_clone(head, GFP_ATOMIC);
548
549 if (!fp)
550 goto out_nomem;
551
552 fp->next = head->next;
553 prev->next = fp;
554
555 skb_morph(head, qp->q.fragments);
556 head->next = qp->q.fragments->next;
557
558 kfree_skb(qp->q.fragments);
559 qp->q.fragments = head;
560 }
561
623 BUG_TRAP(head != NULL); 562 BUG_TRAP(head != NULL);
624 BUG_TRAP(FRAG_CB(head)->offset == 0); 563 BUG_TRAP(FRAG_CB(head)->offset == 0);
625 564
626 /* Allocate a new buffer for the datagram. */ 565 /* Allocate a new buffer for the datagram. */
627 ihlen = ip_hdrlen(head); 566 ihlen = ip_hdrlen(head);
628 len = ihlen + qp->len; 567 len = ihlen + qp->q.len;
629 568
569 err = -E2BIG;
630 if (len > 65535) 570 if (len > 65535)
631 goto out_oversize; 571 goto out_oversize;
632 572
633 /* Head of list must not be cloned. */ 573 /* Head of list must not be cloned. */
574 err = -ENOMEM;
634 if (skb_cloned(head) && pskb_expand_head(head, 0, 0, GFP_ATOMIC)) 575 if (skb_cloned(head) && pskb_expand_head(head, 0, 0, GFP_ATOMIC))
635 goto out_nomem; 576 goto out_nomem;
636 577
@@ -654,12 +595,12 @@ static struct sk_buff *ip_frag_reasm(struct ipq *qp, struct net_device *dev)
654 head->len -= clone->len; 595 head->len -= clone->len;
655 clone->csum = 0; 596 clone->csum = 0;
656 clone->ip_summed = head->ip_summed; 597 clone->ip_summed = head->ip_summed;
657 atomic_add(clone->truesize, &ip_frag_mem); 598 atomic_add(clone->truesize, &ip4_frags.mem);
658 } 599 }
659 600
660 skb_shinfo(head)->frag_list = head->next; 601 skb_shinfo(head)->frag_list = head->next;
661 skb_push(head, head->data - skb_network_header(head)); 602 skb_push(head, head->data - skb_network_header(head));
662 atomic_sub(head->truesize, &ip_frag_mem); 603 atomic_sub(head->truesize, &ip4_frags.mem);
663 604
664 for (fp=head->next; fp; fp = fp->next) { 605 for (fp=head->next; fp; fp = fp->next) {
665 head->data_len += fp->len; 606 head->data_len += fp->len;
@@ -669,19 +610,19 @@ static struct sk_buff *ip_frag_reasm(struct ipq *qp, struct net_device *dev)
669 else if (head->ip_summed == CHECKSUM_COMPLETE) 610 else if (head->ip_summed == CHECKSUM_COMPLETE)
670 head->csum = csum_add(head->csum, fp->csum); 611 head->csum = csum_add(head->csum, fp->csum);
671 head->truesize += fp->truesize; 612 head->truesize += fp->truesize;
672 atomic_sub(fp->truesize, &ip_frag_mem); 613 atomic_sub(fp->truesize, &ip4_frags.mem);
673 } 614 }
674 615
675 head->next = NULL; 616 head->next = NULL;
676 head->dev = dev; 617 head->dev = dev;
677 head->tstamp = qp->stamp; 618 head->tstamp = qp->q.stamp;
678 619
679 iph = ip_hdr(head); 620 iph = ip_hdr(head);
680 iph->frag_off = 0; 621 iph->frag_off = 0;
681 iph->tot_len = htons(len); 622 iph->tot_len = htons(len);
682 IP_INC_STATS_BH(IPSTATS_MIB_REASMOKS); 623 IP_INC_STATS_BH(IPSTATS_MIB_REASMOKS);
683 qp->fragments = NULL; 624 qp->q.fragments = NULL;
684 return head; 625 return 0;
685 626
686out_nomem: 627out_nomem:
687 LIMIT_NETDEBUG(KERN_ERR "IP: queue_glue: no memory for gluing " 628 LIMIT_NETDEBUG(KERN_ERR "IP: queue_glue: no memory for gluing "
@@ -694,54 +635,46 @@ out_oversize:
694 NIPQUAD(qp->saddr)); 635 NIPQUAD(qp->saddr));
695out_fail: 636out_fail:
696 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 637 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS);
697 return NULL; 638 return err;
698} 639}
699 640
700/* Process an incoming IP datagram fragment. */ 641/* Process an incoming IP datagram fragment. */
701struct sk_buff *ip_defrag(struct sk_buff *skb, u32 user) 642int ip_defrag(struct sk_buff *skb, u32 user)
702{ 643{
703 struct ipq *qp; 644 struct ipq *qp;
704 struct net_device *dev;
705 645
706 IP_INC_STATS_BH(IPSTATS_MIB_REASMREQDS); 646 IP_INC_STATS_BH(IPSTATS_MIB_REASMREQDS);
707 647
708 /* Start by cleaning up the memory. */ 648 /* Start by cleaning up the memory. */
709 if (atomic_read(&ip_frag_mem) > sysctl_ipfrag_high_thresh) 649 if (atomic_read(&ip4_frags.mem) > ip4_frags_ctl.high_thresh)
710 ip_evictor(); 650 ip_evictor();
711 651
712 dev = skb->dev;
713
714 /* Lookup (or create) queue header */ 652 /* Lookup (or create) queue header */
715 if ((qp = ip_find(ip_hdr(skb), user)) != NULL) { 653 if ((qp = ip_find(ip_hdr(skb), user)) != NULL) {
716 struct sk_buff *ret = NULL; 654 int ret;
717
718 spin_lock(&qp->lock);
719 655
720 ip_frag_queue(qp, skb); 656 spin_lock(&qp->q.lock);
721 657
722 if (qp->last_in == (FIRST_IN|LAST_IN) && 658 ret = ip_frag_queue(qp, skb);
723 qp->meat == qp->len)
724 ret = ip_frag_reasm(qp, dev);
725 659
726 spin_unlock(&qp->lock); 660 spin_unlock(&qp->q.lock);
727 ipq_put(qp, NULL); 661 ipq_put(qp);
728 return ret; 662 return ret;
729 } 663 }
730 664
731 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); 665 IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS);
732 kfree_skb(skb); 666 kfree_skb(skb);
733 return NULL; 667 return -ENOMEM;
734} 668}
735 669
736void __init ipfrag_init(void) 670void __init ipfrag_init(void)
737{ 671{
738 ipfrag_hash_rnd = (u32) ((num_physpages ^ (num_physpages>>7)) ^ 672 ip4_frags.ctl = &ip4_frags_ctl;
739 (jiffies ^ (jiffies >> 6))); 673 ip4_frags.hashfn = ip4_hashfn;
740 674 ip4_frags.destructor = ip4_frag_free;
741 init_timer(&ipfrag_secret_timer); 675 ip4_frags.skb_free = NULL;
742 ipfrag_secret_timer.function = ipfrag_secret_rebuild; 676 ip4_frags.qsize = sizeof(struct ipq);
743 ipfrag_secret_timer.expires = jiffies + sysctl_ipfrag_secret_interval; 677 inet_frags_init(&ip4_frags);
744 add_timer(&ipfrag_secret_timer);
745} 678}
746 679
747EXPORT_SYMBOL(ip_defrag); 680EXPORT_SYMBOL(ip_defrag);
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 41d8964591e7..168c871fcd79 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -172,8 +172,7 @@ int ip_call_ra_chain(struct sk_buff *skb)
172 (!sk->sk_bound_dev_if || 172 (!sk->sk_bound_dev_if ||
173 sk->sk_bound_dev_if == skb->dev->ifindex)) { 173 sk->sk_bound_dev_if == skb->dev->ifindex)) {
174 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { 174 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
175 skb = ip_defrag(skb, IP_DEFRAG_CALL_RA_CHAIN); 175 if (ip_defrag(skb, IP_DEFRAG_CALL_RA_CHAIN)) {
176 if (skb == NULL) {
177 read_unlock(&ip_ra_lock); 176 read_unlock(&ip_ra_lock);
178 return 1; 177 return 1;
179 } 178 }
@@ -196,7 +195,7 @@ int ip_call_ra_chain(struct sk_buff *skb)
196 return 0; 195 return 0;
197} 196}
198 197
199static inline int ip_local_deliver_finish(struct sk_buff *skb) 198static int ip_local_deliver_finish(struct sk_buff *skb)
200{ 199{
201 __skb_pull(skb, ip_hdrlen(skb)); 200 __skb_pull(skb, ip_hdrlen(skb));
202 201
@@ -265,8 +264,7 @@ int ip_local_deliver(struct sk_buff *skb)
265 */ 264 */
266 265
267 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { 266 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
268 skb = ip_defrag(skb, IP_DEFRAG_LOCAL_DELIVER); 267 if (ip_defrag(skb, IP_DEFRAG_LOCAL_DELIVER))
269 if (!skb)
270 return 0; 268 return 0;
271 } 269 }
272 270
@@ -326,7 +324,7 @@ drop:
326 return -1; 324 return -1;
327} 325}
328 326
329static inline int ip_rcv_finish(struct sk_buff *skb) 327static int ip_rcv_finish(struct sk_buff *skb)
330{ 328{
331 const struct iphdr *iph = ip_hdr(skb); 329 const struct iphdr *iph = ip_hdr(skb);
332 struct rtable *rt; 330 struct rtable *rt;
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 699f06781fd8..f508835ba713 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -202,7 +202,7 @@ static inline int ip_skb_dst_mtu(struct sk_buff *skb)
202 skb->dst->dev->mtu : dst_mtu(skb->dst); 202 skb->dst->dev->mtu : dst_mtu(skb->dst);
203} 203}
204 204
205static inline int ip_finish_output(struct sk_buff *skb) 205static int ip_finish_output(struct sk_buff *skb)
206{ 206{
207#if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM) 207#if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM)
208 /* Policy lookup after SNAT yielded a new policy */ 208 /* Policy lookup after SNAT yielded a new policy */
diff --git a/net/ipv4/ipvs/ip_vs_app.c b/net/ipv4/ipvs/ip_vs_app.c
index 341474eefa55..664cb8e97c1c 100644
--- a/net/ipv4/ipvs/ip_vs_app.c
+++ b/net/ipv4/ipvs/ip_vs_app.c
@@ -25,6 +25,7 @@
25#include <linux/skbuff.h> 25#include <linux/skbuff.h>
26#include <linux/in.h> 26#include <linux/in.h>
27#include <linux/ip.h> 27#include <linux/ip.h>
28#include <linux/netfilter.h>
28#include <net/net_namespace.h> 29#include <net/net_namespace.h>
29#include <net/protocol.h> 30#include <net/protocol.h>
30#include <net/tcp.h> 31#include <net/tcp.h>
@@ -328,18 +329,18 @@ static inline void vs_seq_update(struct ip_vs_conn *cp, struct ip_vs_seq *vseq,
328 spin_unlock(&cp->lock); 329 spin_unlock(&cp->lock);
329} 330}
330 331
331static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb, 332static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff *skb,
332 struct ip_vs_app *app) 333 struct ip_vs_app *app)
333{ 334{
334 int diff; 335 int diff;
335 const unsigned int tcp_offset = ip_hdrlen(*pskb); 336 const unsigned int tcp_offset = ip_hdrlen(skb);
336 struct tcphdr *th; 337 struct tcphdr *th;
337 __u32 seq; 338 __u32 seq;
338 339
339 if (!ip_vs_make_skb_writable(pskb, tcp_offset + sizeof(*th))) 340 if (!skb_make_writable(skb, tcp_offset + sizeof(*th)))
340 return 0; 341 return 0;
341 342
342 th = (struct tcphdr *)(skb_network_header(*pskb) + tcp_offset); 343 th = (struct tcphdr *)(skb_network_header(skb) + tcp_offset);
343 344
344 /* 345 /*
345 * Remember seq number in case this pkt gets resized 346 * Remember seq number in case this pkt gets resized
@@ -360,7 +361,7 @@ static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb,
360 if (app->pkt_out == NULL) 361 if (app->pkt_out == NULL)
361 return 1; 362 return 1;
362 363
363 if (!app->pkt_out(app, cp, pskb, &diff)) 364 if (!app->pkt_out(app, cp, skb, &diff))
364 return 0; 365 return 0;
365 366
366 /* 367 /*
@@ -378,7 +379,7 @@ static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb,
378 * called by ipvs packet handler, assumes previously checked cp!=NULL 379 * called by ipvs packet handler, assumes previously checked cp!=NULL
379 * returns false if it can't handle packet (oom) 380 * returns false if it can't handle packet (oom)
380 */ 381 */
381int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb) 382int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff *skb)
382{ 383{
383 struct ip_vs_app *app; 384 struct ip_vs_app *app;
384 385
@@ -391,7 +392,7 @@ int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb)
391 392
392 /* TCP is complicated */ 393 /* TCP is complicated */
393 if (cp->protocol == IPPROTO_TCP) 394 if (cp->protocol == IPPROTO_TCP)
394 return app_tcp_pkt_out(cp, pskb, app); 395 return app_tcp_pkt_out(cp, skb, app);
395 396
396 /* 397 /*
397 * Call private output hook function 398 * Call private output hook function
@@ -399,22 +400,22 @@ int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb)
399 if (app->pkt_out == NULL) 400 if (app->pkt_out == NULL)
400 return 1; 401 return 1;
401 402
402 return app->pkt_out(app, cp, pskb, NULL); 403 return app->pkt_out(app, cp, skb, NULL);
403} 404}
404 405
405 406
406static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb, 407static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff *skb,
407 struct ip_vs_app *app) 408 struct ip_vs_app *app)
408{ 409{
409 int diff; 410 int diff;
410 const unsigned int tcp_offset = ip_hdrlen(*pskb); 411 const unsigned int tcp_offset = ip_hdrlen(skb);
411 struct tcphdr *th; 412 struct tcphdr *th;
412 __u32 seq; 413 __u32 seq;
413 414
414 if (!ip_vs_make_skb_writable(pskb, tcp_offset + sizeof(*th))) 415 if (!skb_make_writable(skb, tcp_offset + sizeof(*th)))
415 return 0; 416 return 0;
416 417
417 th = (struct tcphdr *)(skb_network_header(*pskb) + tcp_offset); 418 th = (struct tcphdr *)(skb_network_header(skb) + tcp_offset);
418 419
419 /* 420 /*
420 * Remember seq number in case this pkt gets resized 421 * Remember seq number in case this pkt gets resized
@@ -435,7 +436,7 @@ static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb,
435 if (app->pkt_in == NULL) 436 if (app->pkt_in == NULL)
436 return 1; 437 return 1;
437 438
438 if (!app->pkt_in(app, cp, pskb, &diff)) 439 if (!app->pkt_in(app, cp, skb, &diff))
439 return 0; 440 return 0;
440 441
441 /* 442 /*
@@ -453,7 +454,7 @@ static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb,
453 * called by ipvs packet handler, assumes previously checked cp!=NULL. 454 * called by ipvs packet handler, assumes previously checked cp!=NULL.
454 * returns false if can't handle packet (oom). 455 * returns false if can't handle packet (oom).
455 */ 456 */
456int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb) 457int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff *skb)
457{ 458{
458 struct ip_vs_app *app; 459 struct ip_vs_app *app;
459 460
@@ -466,7 +467,7 @@ int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb)
466 467
467 /* TCP is complicated */ 468 /* TCP is complicated */
468 if (cp->protocol == IPPROTO_TCP) 469 if (cp->protocol == IPPROTO_TCP)
469 return app_tcp_pkt_in(cp, pskb, app); 470 return app_tcp_pkt_in(cp, skb, app);
470 471
471 /* 472 /*
472 * Call private input hook function 473 * Call private input hook function
@@ -474,7 +475,7 @@ int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb)
474 if (app->pkt_in == NULL) 475 if (app->pkt_in == NULL)
475 return 1; 476 return 1;
476 477
477 return app->pkt_in(app, cp, pskb, NULL); 478 return app->pkt_in(app, cp, skb, NULL);
478} 479}
479 480
480 481
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
index fbca2a2ff29f..c6ed7654e839 100644
--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -58,7 +58,6 @@ EXPORT_SYMBOL(ip_vs_conn_put);
58#ifdef CONFIG_IP_VS_DEBUG 58#ifdef CONFIG_IP_VS_DEBUG
59EXPORT_SYMBOL(ip_vs_get_debug_level); 59EXPORT_SYMBOL(ip_vs_get_debug_level);
60#endif 60#endif
61EXPORT_SYMBOL(ip_vs_make_skb_writable);
62 61
63 62
64/* ID used in ICMP lookups */ 63/* ID used in ICMP lookups */
@@ -163,42 +162,6 @@ ip_vs_set_state(struct ip_vs_conn *cp, int direction,
163} 162}
164 163
165 164
166int ip_vs_make_skb_writable(struct sk_buff **pskb, int writable_len)
167{
168 struct sk_buff *skb = *pskb;
169
170 /* skb is already used, better copy skb and its payload */
171 if (unlikely(skb_shared(skb) || skb->sk))
172 goto copy_skb;
173
174 /* skb data is already used, copy it */
175 if (unlikely(skb_cloned(skb)))
176 goto copy_data;
177
178 return pskb_may_pull(skb, writable_len);
179
180 copy_data:
181 if (unlikely(writable_len > skb->len))
182 return 0;
183 return !pskb_expand_head(skb, 0, 0, GFP_ATOMIC);
184
185 copy_skb:
186 if (unlikely(writable_len > skb->len))
187 return 0;
188 skb = skb_copy(skb, GFP_ATOMIC);
189 if (!skb)
190 return 0;
191 BUG_ON(skb_is_nonlinear(skb));
192
193 /* Rest of kernel will get very unhappy if we pass it a
194 suddenly-orphaned skbuff */
195 if ((*pskb)->sk)
196 skb_set_owner_w(skb, (*pskb)->sk);
197 kfree_skb(*pskb);
198 *pskb = skb;
199 return 1;
200}
201
202/* 165/*
203 * IPVS persistent scheduling function 166 * IPVS persistent scheduling function
204 * It creates a connection entry according to its template if exists, 167 * It creates a connection entry according to its template if exists,
@@ -525,12 +488,12 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
525 * for VS/NAT. 488 * for VS/NAT.
526 */ 489 */
527static unsigned int ip_vs_post_routing(unsigned int hooknum, 490static unsigned int ip_vs_post_routing(unsigned int hooknum,
528 struct sk_buff **pskb, 491 struct sk_buff *skb,
529 const struct net_device *in, 492 const struct net_device *in,
530 const struct net_device *out, 493 const struct net_device *out,
531 int (*okfn)(struct sk_buff *)) 494 int (*okfn)(struct sk_buff *))
532{ 495{
533 if (!((*pskb)->ipvs_property)) 496 if (!skb->ipvs_property)
534 return NF_ACCEPT; 497 return NF_ACCEPT;
535 /* The packet was sent from IPVS, exit this chain */ 498 /* The packet was sent from IPVS, exit this chain */
536 return NF_STOP; 499 return NF_STOP;
@@ -541,13 +504,14 @@ __sum16 ip_vs_checksum_complete(struct sk_buff *skb, int offset)
541 return csum_fold(skb_checksum(skb, offset, skb->len - offset, 0)); 504 return csum_fold(skb_checksum(skb, offset, skb->len - offset, 0));
542} 505}
543 506
544static inline struct sk_buff * 507static inline int ip_vs_gather_frags(struct sk_buff *skb, u_int32_t user)
545ip_vs_gather_frags(struct sk_buff *skb, u_int32_t user)
546{ 508{
547 skb = ip_defrag(skb, user); 509 int err = ip_defrag(skb, user);
548 if (skb) 510
511 if (!err)
549 ip_send_check(ip_hdr(skb)); 512 ip_send_check(ip_hdr(skb));
550 return skb; 513
514 return err;
551} 515}
552 516
553/* 517/*
@@ -605,9 +569,8 @@ void ip_vs_nat_icmp(struct sk_buff *skb, struct ip_vs_protocol *pp,
605 * Currently handles error types - unreachable, quench, ttl exceeded. 569 * Currently handles error types - unreachable, quench, ttl exceeded.
606 * (Only used in VS/NAT) 570 * (Only used in VS/NAT)
607 */ 571 */
608static int ip_vs_out_icmp(struct sk_buff **pskb, int *related) 572static int ip_vs_out_icmp(struct sk_buff *skb, int *related)
609{ 573{
610 struct sk_buff *skb = *pskb;
611 struct iphdr *iph; 574 struct iphdr *iph;
612 struct icmphdr _icmph, *ic; 575 struct icmphdr _icmph, *ic;
613 struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ 576 struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */
@@ -619,10 +582,8 @@ static int ip_vs_out_icmp(struct sk_buff **pskb, int *related)
619 582
620 /* reassemble IP fragments */ 583 /* reassemble IP fragments */
621 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { 584 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
622 skb = ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT); 585 if (ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT))
623 if (!skb)
624 return NF_STOLEN; 586 return NF_STOLEN;
625 *pskb = skb;
626 } 587 }
627 588
628 iph = ip_hdr(skb); 589 iph = ip_hdr(skb);
@@ -690,9 +651,8 @@ static int ip_vs_out_icmp(struct sk_buff **pskb, int *related)
690 651
691 if (IPPROTO_TCP == cih->protocol || IPPROTO_UDP == cih->protocol) 652 if (IPPROTO_TCP == cih->protocol || IPPROTO_UDP == cih->protocol)
692 offset += 2 * sizeof(__u16); 653 offset += 2 * sizeof(__u16);
693 if (!ip_vs_make_skb_writable(pskb, offset)) 654 if (!skb_make_writable(skb, offset))
694 goto out; 655 goto out;
695 skb = *pskb;
696 656
697 ip_vs_nat_icmp(skb, pp, cp, 1); 657 ip_vs_nat_icmp(skb, pp, cp, 1);
698 658
@@ -724,11 +684,10 @@ static inline int is_tcp_reset(const struct sk_buff *skb)
724 * rewrite addresses of the packet and send it on its way... 684 * rewrite addresses of the packet and send it on its way...
725 */ 685 */
726static unsigned int 686static unsigned int
727ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, 687ip_vs_out(unsigned int hooknum, struct sk_buff *skb,
728 const struct net_device *in, const struct net_device *out, 688 const struct net_device *in, const struct net_device *out,
729 int (*okfn)(struct sk_buff *)) 689 int (*okfn)(struct sk_buff *))
730{ 690{
731 struct sk_buff *skb = *pskb;
732 struct iphdr *iph; 691 struct iphdr *iph;
733 struct ip_vs_protocol *pp; 692 struct ip_vs_protocol *pp;
734 struct ip_vs_conn *cp; 693 struct ip_vs_conn *cp;
@@ -741,11 +700,10 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
741 700
742 iph = ip_hdr(skb); 701 iph = ip_hdr(skb);
743 if (unlikely(iph->protocol == IPPROTO_ICMP)) { 702 if (unlikely(iph->protocol == IPPROTO_ICMP)) {
744 int related, verdict = ip_vs_out_icmp(pskb, &related); 703 int related, verdict = ip_vs_out_icmp(skb, &related);
745 704
746 if (related) 705 if (related)
747 return verdict; 706 return verdict;
748 skb = *pskb;
749 iph = ip_hdr(skb); 707 iph = ip_hdr(skb);
750 } 708 }
751 709
@@ -756,11 +714,9 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
756 /* reassemble IP fragments */ 714 /* reassemble IP fragments */
757 if (unlikely(iph->frag_off & htons(IP_MF|IP_OFFSET) && 715 if (unlikely(iph->frag_off & htons(IP_MF|IP_OFFSET) &&
758 !pp->dont_defrag)) { 716 !pp->dont_defrag)) {
759 skb = ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT); 717 if (ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT))
760 if (!skb)
761 return NF_STOLEN; 718 return NF_STOLEN;
762 iph = ip_hdr(skb); 719 iph = ip_hdr(skb);
763 *pskb = skb;
764 } 720 }
765 721
766 ihl = iph->ihl << 2; 722 ihl = iph->ihl << 2;
@@ -802,13 +758,12 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
802 758
803 IP_VS_DBG_PKT(11, pp, skb, 0, "Outgoing packet"); 759 IP_VS_DBG_PKT(11, pp, skb, 0, "Outgoing packet");
804 760
805 if (!ip_vs_make_skb_writable(pskb, ihl)) 761 if (!skb_make_writable(skb, ihl))
806 goto drop; 762 goto drop;
807 763
808 /* mangle the packet */ 764 /* mangle the packet */
809 if (pp->snat_handler && !pp->snat_handler(pskb, pp, cp)) 765 if (pp->snat_handler && !pp->snat_handler(skb, pp, cp))
810 goto drop; 766 goto drop;
811 skb = *pskb;
812 ip_hdr(skb)->saddr = cp->vaddr; 767 ip_hdr(skb)->saddr = cp->vaddr;
813 ip_send_check(ip_hdr(skb)); 768 ip_send_check(ip_hdr(skb));
814 769
@@ -818,9 +773,8 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
818 * if it came from this machine itself. So re-compute 773 * if it came from this machine itself. So re-compute
819 * the routing information. 774 * the routing information.
820 */ 775 */
821 if (ip_route_me_harder(pskb, RTN_LOCAL) != 0) 776 if (ip_route_me_harder(skb, RTN_LOCAL) != 0)
822 goto drop; 777 goto drop;
823 skb = *pskb;
824 778
825 IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT"); 779 IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT");
826 780
@@ -835,7 +789,7 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
835 789
836 drop: 790 drop:
837 ip_vs_conn_put(cp); 791 ip_vs_conn_put(cp);
838 kfree_skb(*pskb); 792 kfree_skb(skb);
839 return NF_STOLEN; 793 return NF_STOLEN;
840} 794}
841 795
@@ -847,9 +801,8 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
847 * Currently handles error types - unreachable, quench, ttl exceeded. 801 * Currently handles error types - unreachable, quench, ttl exceeded.
848 */ 802 */
849static int 803static int
850ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum) 804ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum)
851{ 805{
852 struct sk_buff *skb = *pskb;
853 struct iphdr *iph; 806 struct iphdr *iph;
854 struct icmphdr _icmph, *ic; 807 struct icmphdr _icmph, *ic;
855 struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ 808 struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */
@@ -861,12 +814,9 @@ ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum)
861 814
862 /* reassemble IP fragments */ 815 /* reassemble IP fragments */
863 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { 816 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
864 skb = ip_vs_gather_frags(skb, 817 if (ip_vs_gather_frags(skb, hooknum == NF_IP_LOCAL_IN ?
865 hooknum == NF_IP_LOCAL_IN ? 818 IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD))
866 IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD);
867 if (!skb)
868 return NF_STOLEN; 819 return NF_STOLEN;
869 *pskb = skb;
870 } 820 }
871 821
872 iph = ip_hdr(skb); 822 iph = ip_hdr(skb);
@@ -945,11 +895,10 @@ ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum)
945 * and send it on its way... 895 * and send it on its way...
946 */ 896 */
947static unsigned int 897static unsigned int
948ip_vs_in(unsigned int hooknum, struct sk_buff **pskb, 898ip_vs_in(unsigned int hooknum, struct sk_buff *skb,
949 const struct net_device *in, const struct net_device *out, 899 const struct net_device *in, const struct net_device *out,
950 int (*okfn)(struct sk_buff *)) 900 int (*okfn)(struct sk_buff *))
951{ 901{
952 struct sk_buff *skb = *pskb;
953 struct iphdr *iph; 902 struct iphdr *iph;
954 struct ip_vs_protocol *pp; 903 struct ip_vs_protocol *pp;
955 struct ip_vs_conn *cp; 904 struct ip_vs_conn *cp;
@@ -971,11 +920,10 @@ ip_vs_in(unsigned int hooknum, struct sk_buff **pskb,
971 920
972 iph = ip_hdr(skb); 921 iph = ip_hdr(skb);
973 if (unlikely(iph->protocol == IPPROTO_ICMP)) { 922 if (unlikely(iph->protocol == IPPROTO_ICMP)) {
974 int related, verdict = ip_vs_in_icmp(pskb, &related, hooknum); 923 int related, verdict = ip_vs_in_icmp(skb, &related, hooknum);
975 924
976 if (related) 925 if (related)
977 return verdict; 926 return verdict;
978 skb = *pskb;
979 iph = ip_hdr(skb); 927 iph = ip_hdr(skb);
980 } 928 }
981 929
@@ -1056,16 +1004,16 @@ ip_vs_in(unsigned int hooknum, struct sk_buff **pskb,
1056 * and send them to ip_vs_in_icmp. 1004 * and send them to ip_vs_in_icmp.
1057 */ 1005 */
1058static unsigned int 1006static unsigned int
1059ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff **pskb, 1007ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff *skb,
1060 const struct net_device *in, const struct net_device *out, 1008 const struct net_device *in, const struct net_device *out,
1061 int (*okfn)(struct sk_buff *)) 1009 int (*okfn)(struct sk_buff *))
1062{ 1010{
1063 int r; 1011 int r;
1064 1012
1065 if (ip_hdr(*pskb)->protocol != IPPROTO_ICMP) 1013 if (ip_hdr(skb)->protocol != IPPROTO_ICMP)
1066 return NF_ACCEPT; 1014 return NF_ACCEPT;
1067 1015
1068 return ip_vs_in_icmp(pskb, &r, hooknum); 1016 return ip_vs_in_icmp(skb, &r, hooknum);
1069} 1017}
1070 1018
1071 1019
diff --git a/net/ipv4/ipvs/ip_vs_ftp.c b/net/ipv4/ipvs/ip_vs_ftp.c
index 344ddbbdc756..59aa166b7678 100644
--- a/net/ipv4/ipvs/ip_vs_ftp.c
+++ b/net/ipv4/ipvs/ip_vs_ftp.c
@@ -30,6 +30,7 @@
30#include <linux/skbuff.h> 30#include <linux/skbuff.h>
31#include <linux/in.h> 31#include <linux/in.h>
32#include <linux/ip.h> 32#include <linux/ip.h>
33#include <linux/netfilter.h>
33#include <net/protocol.h> 34#include <net/protocol.h>
34#include <net/tcp.h> 35#include <net/tcp.h>
35#include <asm/unaligned.h> 36#include <asm/unaligned.h>
@@ -135,7 +136,7 @@ static int ip_vs_ftp_get_addrport(char *data, char *data_limit,
135 * xxx,xxx,xxx,xxx is the server address, ppp,ppp is the server port number. 136 * xxx,xxx,xxx,xxx is the server address, ppp,ppp is the server port number.
136 */ 137 */
137static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp, 138static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
138 struct sk_buff **pskb, int *diff) 139 struct sk_buff *skb, int *diff)
139{ 140{
140 struct iphdr *iph; 141 struct iphdr *iph;
141 struct tcphdr *th; 142 struct tcphdr *th;
@@ -155,14 +156,14 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
155 return 1; 156 return 1;
156 157
157 /* Linear packets are much easier to deal with. */ 158 /* Linear packets are much easier to deal with. */
158 if (!ip_vs_make_skb_writable(pskb, (*pskb)->len)) 159 if (!skb_make_writable(skb, skb->len))
159 return 0; 160 return 0;
160 161
161 if (cp->app_data == &ip_vs_ftp_pasv) { 162 if (cp->app_data == &ip_vs_ftp_pasv) {
162 iph = ip_hdr(*pskb); 163 iph = ip_hdr(skb);
163 th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); 164 th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]);
164 data = (char *)th + (th->doff << 2); 165 data = (char *)th + (th->doff << 2);
165 data_limit = skb_tail_pointer(*pskb); 166 data_limit = skb_tail_pointer(skb);
166 167
167 if (ip_vs_ftp_get_addrport(data, data_limit, 168 if (ip_vs_ftp_get_addrport(data, data_limit,
168 SERVER_STRING, 169 SERVER_STRING,
@@ -213,7 +214,7 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
213 memcpy(start, buf, buf_len); 214 memcpy(start, buf, buf_len);
214 ret = 1; 215 ret = 1;
215 } else { 216 } else {
216 ret = !ip_vs_skb_replace(*pskb, GFP_ATOMIC, start, 217 ret = !ip_vs_skb_replace(skb, GFP_ATOMIC, start,
217 end-start, buf, buf_len); 218 end-start, buf, buf_len);
218 } 219 }
219 220
@@ -238,7 +239,7 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
238 * the client. 239 * the client.
239 */ 240 */
240static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp, 241static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp,
241 struct sk_buff **pskb, int *diff) 242 struct sk_buff *skb, int *diff)
242{ 243{
243 struct iphdr *iph; 244 struct iphdr *iph;
244 struct tcphdr *th; 245 struct tcphdr *th;
@@ -256,20 +257,20 @@ static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp,
256 return 1; 257 return 1;
257 258
258 /* Linear packets are much easier to deal with. */ 259 /* Linear packets are much easier to deal with. */
259 if (!ip_vs_make_skb_writable(pskb, (*pskb)->len)) 260 if (!skb_make_writable(skb, skb->len))
260 return 0; 261 return 0;
261 262
262 /* 263 /*
263 * Detecting whether it is passive 264 * Detecting whether it is passive
264 */ 265 */
265 iph = ip_hdr(*pskb); 266 iph = ip_hdr(skb);
266 th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); 267 th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]);
267 268
268 /* Since there may be OPTIONS in the TCP packet and the HLEN is 269 /* Since there may be OPTIONS in the TCP packet and the HLEN is
269 the length of the header in 32-bit multiples, it is accurate 270 the length of the header in 32-bit multiples, it is accurate
270 to calculate data address by th+HLEN*4 */ 271 to calculate data address by th+HLEN*4 */
271 data = data_start = (char *)th + (th->doff << 2); 272 data = data_start = (char *)th + (th->doff << 2);
272 data_limit = skb_tail_pointer(*pskb); 273 data_limit = skb_tail_pointer(skb);
273 274
274 while (data <= data_limit - 6) { 275 while (data <= data_limit - 6) {
275 if (strnicmp(data, "PASV\r\n", 6) == 0) { 276 if (strnicmp(data, "PASV\r\n", 6) == 0) {
diff --git a/net/ipv4/ipvs/ip_vs_proto_tcp.c b/net/ipv4/ipvs/ip_vs_proto_tcp.c
index e65577a77006..12dc0d640b6d 100644
--- a/net/ipv4/ipvs/ip_vs_proto_tcp.c
+++ b/net/ipv4/ipvs/ip_vs_proto_tcp.c
@@ -20,6 +20,7 @@
20#include <linux/tcp.h> /* for tcphdr */ 20#include <linux/tcp.h> /* for tcphdr */
21#include <net/ip.h> 21#include <net/ip.h>
22#include <net/tcp.h> /* for csum_tcpudp_magic */ 22#include <net/tcp.h> /* for csum_tcpudp_magic */
23#include <linux/netfilter.h>
23#include <linux/netfilter_ipv4.h> 24#include <linux/netfilter_ipv4.h>
24 25
25#include <net/ip_vs.h> 26#include <net/ip_vs.h>
@@ -122,27 +123,27 @@ tcp_fast_csum_update(struct tcphdr *tcph, __be32 oldip, __be32 newip,
122 123
123 124
124static int 125static int
125tcp_snat_handler(struct sk_buff **pskb, 126tcp_snat_handler(struct sk_buff *skb,
126 struct ip_vs_protocol *pp, struct ip_vs_conn *cp) 127 struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
127{ 128{
128 struct tcphdr *tcph; 129 struct tcphdr *tcph;
129 const unsigned int tcphoff = ip_hdrlen(*pskb); 130 const unsigned int tcphoff = ip_hdrlen(skb);
130 131
131 /* csum_check requires unshared skb */ 132 /* csum_check requires unshared skb */
132 if (!ip_vs_make_skb_writable(pskb, tcphoff+sizeof(*tcph))) 133 if (!skb_make_writable(skb, tcphoff+sizeof(*tcph)))
133 return 0; 134 return 0;
134 135
135 if (unlikely(cp->app != NULL)) { 136 if (unlikely(cp->app != NULL)) {
136 /* Some checks before mangling */ 137 /* Some checks before mangling */
137 if (pp->csum_check && !pp->csum_check(*pskb, pp)) 138 if (pp->csum_check && !pp->csum_check(skb, pp))
138 return 0; 139 return 0;
139 140
140 /* Call application helper if needed */ 141 /* Call application helper if needed */
141 if (!ip_vs_app_pkt_out(cp, pskb)) 142 if (!ip_vs_app_pkt_out(cp, skb))
142 return 0; 143 return 0;
143 } 144 }
144 145
145 tcph = (void *)ip_hdr(*pskb) + tcphoff; 146 tcph = (void *)ip_hdr(skb) + tcphoff;
146 tcph->source = cp->vport; 147 tcph->source = cp->vport;
147 148
148 /* Adjust TCP checksums */ 149 /* Adjust TCP checksums */
@@ -150,17 +151,15 @@ tcp_snat_handler(struct sk_buff **pskb,
150 /* Only port and addr are changed, do fast csum update */ 151 /* Only port and addr are changed, do fast csum update */
151 tcp_fast_csum_update(tcph, cp->daddr, cp->vaddr, 152 tcp_fast_csum_update(tcph, cp->daddr, cp->vaddr,
152 cp->dport, cp->vport); 153 cp->dport, cp->vport);
153 if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) 154 if (skb->ip_summed == CHECKSUM_COMPLETE)
154 (*pskb)->ip_summed = CHECKSUM_NONE; 155 skb->ip_summed = CHECKSUM_NONE;
155 } else { 156 } else {
156 /* full checksum calculation */ 157 /* full checksum calculation */
157 tcph->check = 0; 158 tcph->check = 0;
158 (*pskb)->csum = skb_checksum(*pskb, tcphoff, 159 skb->csum = skb_checksum(skb, tcphoff, skb->len - tcphoff, 0);
159 (*pskb)->len - tcphoff, 0);
160 tcph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr, 160 tcph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr,
161 (*pskb)->len - tcphoff, 161 skb->len - tcphoff,
162 cp->protocol, 162 cp->protocol, skb->csum);
163 (*pskb)->csum);
164 IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n", 163 IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n",
165 pp->name, tcph->check, 164 pp->name, tcph->check,
166 (char*)&(tcph->check) - (char*)tcph); 165 (char*)&(tcph->check) - (char*)tcph);
@@ -170,30 +169,30 @@ tcp_snat_handler(struct sk_buff **pskb,
170 169
171 170
172static int 171static int
173tcp_dnat_handler(struct sk_buff **pskb, 172tcp_dnat_handler(struct sk_buff *skb,
174 struct ip_vs_protocol *pp, struct ip_vs_conn *cp) 173 struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
175{ 174{
176 struct tcphdr *tcph; 175 struct tcphdr *tcph;
177 const unsigned int tcphoff = ip_hdrlen(*pskb); 176 const unsigned int tcphoff = ip_hdrlen(skb);
178 177
179 /* csum_check requires unshared skb */ 178 /* csum_check requires unshared skb */
180 if (!ip_vs_make_skb_writable(pskb, tcphoff+sizeof(*tcph))) 179 if (!skb_make_writable(skb, tcphoff+sizeof(*tcph)))
181 return 0; 180 return 0;
182 181
183 if (unlikely(cp->app != NULL)) { 182 if (unlikely(cp->app != NULL)) {
184 /* Some checks before mangling */ 183 /* Some checks before mangling */
185 if (pp->csum_check && !pp->csum_check(*pskb, pp)) 184 if (pp->csum_check && !pp->csum_check(skb, pp))
186 return 0; 185 return 0;
187 186
188 /* 187 /*
189 * Attempt ip_vs_app call. 188 * Attempt ip_vs_app call.
190 * It will fix ip_vs_conn and iph ack_seq stuff 189 * It will fix ip_vs_conn and iph ack_seq stuff
191 */ 190 */
192 if (!ip_vs_app_pkt_in(cp, pskb)) 191 if (!ip_vs_app_pkt_in(cp, skb))
193 return 0; 192 return 0;
194 } 193 }
195 194
196 tcph = (void *)ip_hdr(*pskb) + tcphoff; 195 tcph = (void *)ip_hdr(skb) + tcphoff;
197 tcph->dest = cp->dport; 196 tcph->dest = cp->dport;
198 197
199 /* 198 /*
@@ -203,18 +202,16 @@ tcp_dnat_handler(struct sk_buff **pskb,
203 /* Only port and addr are changed, do fast csum update */ 202 /* Only port and addr are changed, do fast csum update */
204 tcp_fast_csum_update(tcph, cp->vaddr, cp->daddr, 203 tcp_fast_csum_update(tcph, cp->vaddr, cp->daddr,
205 cp->vport, cp->dport); 204 cp->vport, cp->dport);
206 if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) 205 if (skb->ip_summed == CHECKSUM_COMPLETE)
207 (*pskb)->ip_summed = CHECKSUM_NONE; 206 skb->ip_summed = CHECKSUM_NONE;
208 } else { 207 } else {
209 /* full checksum calculation */ 208 /* full checksum calculation */
210 tcph->check = 0; 209 tcph->check = 0;
211 (*pskb)->csum = skb_checksum(*pskb, tcphoff, 210 skb->csum = skb_checksum(skb, tcphoff, skb->len - tcphoff, 0);
212 (*pskb)->len - tcphoff, 0);
213 tcph->check = csum_tcpudp_magic(cp->caddr, cp->daddr, 211 tcph->check = csum_tcpudp_magic(cp->caddr, cp->daddr,
214 (*pskb)->len - tcphoff, 212 skb->len - tcphoff,
215 cp->protocol, 213 cp->protocol, skb->csum);
216 (*pskb)->csum); 214 skb->ip_summed = CHECKSUM_UNNECESSARY;
217 (*pskb)->ip_summed = CHECKSUM_UNNECESSARY;
218 } 215 }
219 return 1; 216 return 1;
220} 217}
diff --git a/net/ipv4/ipvs/ip_vs_proto_udp.c b/net/ipv4/ipvs/ip_vs_proto_udp.c
index 8ee5fe6a101d..1fa7b330b9ac 100644
--- a/net/ipv4/ipvs/ip_vs_proto_udp.c
+++ b/net/ipv4/ipvs/ip_vs_proto_udp.c
@@ -18,6 +18,7 @@
18#include <linux/in.h> 18#include <linux/in.h>
19#include <linux/ip.h> 19#include <linux/ip.h>
20#include <linux/kernel.h> 20#include <linux/kernel.h>
21#include <linux/netfilter.h>
21#include <linux/netfilter_ipv4.h> 22#include <linux/netfilter_ipv4.h>
22#include <linux/udp.h> 23#include <linux/udp.h>
23 24
@@ -129,29 +130,29 @@ udp_fast_csum_update(struct udphdr *uhdr, __be32 oldip, __be32 newip,
129} 130}
130 131
131static int 132static int
132udp_snat_handler(struct sk_buff **pskb, 133udp_snat_handler(struct sk_buff *skb,
133 struct ip_vs_protocol *pp, struct ip_vs_conn *cp) 134 struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
134{ 135{
135 struct udphdr *udph; 136 struct udphdr *udph;
136 const unsigned int udphoff = ip_hdrlen(*pskb); 137 const unsigned int udphoff = ip_hdrlen(skb);
137 138
138 /* csum_check requires unshared skb */ 139 /* csum_check requires unshared skb */
139 if (!ip_vs_make_skb_writable(pskb, udphoff+sizeof(*udph))) 140 if (!skb_make_writable(skb, udphoff+sizeof(*udph)))
140 return 0; 141 return 0;
141 142
142 if (unlikely(cp->app != NULL)) { 143 if (unlikely(cp->app != NULL)) {
143 /* Some checks before mangling */ 144 /* Some checks before mangling */
144 if (pp->csum_check && !pp->csum_check(*pskb, pp)) 145 if (pp->csum_check && !pp->csum_check(skb, pp))
145 return 0; 146 return 0;
146 147
147 /* 148 /*
148 * Call application helper if needed 149 * Call application helper if needed
149 */ 150 */
150 if (!ip_vs_app_pkt_out(cp, pskb)) 151 if (!ip_vs_app_pkt_out(cp, skb))
151 return 0; 152 return 0;
152 } 153 }
153 154
154 udph = (void *)ip_hdr(*pskb) + udphoff; 155 udph = (void *)ip_hdr(skb) + udphoff;
155 udph->source = cp->vport; 156 udph->source = cp->vport;
156 157
157 /* 158 /*
@@ -161,17 +162,15 @@ udp_snat_handler(struct sk_buff **pskb,
161 /* Only port and addr are changed, do fast csum update */ 162 /* Only port and addr are changed, do fast csum update */
162 udp_fast_csum_update(udph, cp->daddr, cp->vaddr, 163 udp_fast_csum_update(udph, cp->daddr, cp->vaddr,
163 cp->dport, cp->vport); 164 cp->dport, cp->vport);
164 if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) 165 if (skb->ip_summed == CHECKSUM_COMPLETE)
165 (*pskb)->ip_summed = CHECKSUM_NONE; 166 skb->ip_summed = CHECKSUM_NONE;
166 } else { 167 } else {
167 /* full checksum calculation */ 168 /* full checksum calculation */
168 udph->check = 0; 169 udph->check = 0;
169 (*pskb)->csum = skb_checksum(*pskb, udphoff, 170 skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0);
170 (*pskb)->len - udphoff, 0);
171 udph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr, 171 udph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr,
172 (*pskb)->len - udphoff, 172 skb->len - udphoff,
173 cp->protocol, 173 cp->protocol, skb->csum);
174 (*pskb)->csum);
175 if (udph->check == 0) 174 if (udph->check == 0)
176 udph->check = CSUM_MANGLED_0; 175 udph->check = CSUM_MANGLED_0;
177 IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n", 176 IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n",
@@ -183,30 +182,30 @@ udp_snat_handler(struct sk_buff **pskb,
183 182
184 183
185static int 184static int
186udp_dnat_handler(struct sk_buff **pskb, 185udp_dnat_handler(struct sk_buff *skb,
187 struct ip_vs_protocol *pp, struct ip_vs_conn *cp) 186 struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
188{ 187{
189 struct udphdr *udph; 188 struct udphdr *udph;
190 unsigned int udphoff = ip_hdrlen(*pskb); 189 unsigned int udphoff = ip_hdrlen(skb);
191 190
192 /* csum_check requires unshared skb */ 191 /* csum_check requires unshared skb */
193 if (!ip_vs_make_skb_writable(pskb, udphoff+sizeof(*udph))) 192 if (!skb_make_writable(skb, udphoff+sizeof(*udph)))
194 return 0; 193 return 0;
195 194
196 if (unlikely(cp->app != NULL)) { 195 if (unlikely(cp->app != NULL)) {
197 /* Some checks before mangling */ 196 /* Some checks before mangling */
198 if (pp->csum_check && !pp->csum_check(*pskb, pp)) 197 if (pp->csum_check && !pp->csum_check(skb, pp))
199 return 0; 198 return 0;
200 199
201 /* 200 /*
202 * Attempt ip_vs_app call. 201 * Attempt ip_vs_app call.
203 * It will fix ip_vs_conn 202 * It will fix ip_vs_conn
204 */ 203 */
205 if (!ip_vs_app_pkt_in(cp, pskb)) 204 if (!ip_vs_app_pkt_in(cp, skb))
206 return 0; 205 return 0;
207 } 206 }
208 207
209 udph = (void *)ip_hdr(*pskb) + udphoff; 208 udph = (void *)ip_hdr(skb) + udphoff;
210 udph->dest = cp->dport; 209 udph->dest = cp->dport;
211 210
212 /* 211 /*
@@ -216,20 +215,18 @@ udp_dnat_handler(struct sk_buff **pskb,
216 /* Only port and addr are changed, do fast csum update */ 215 /* Only port and addr are changed, do fast csum update */
217 udp_fast_csum_update(udph, cp->vaddr, cp->daddr, 216 udp_fast_csum_update(udph, cp->vaddr, cp->daddr,
218 cp->vport, cp->dport); 217 cp->vport, cp->dport);
219 if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) 218 if (skb->ip_summed == CHECKSUM_COMPLETE)
220 (*pskb)->ip_summed = CHECKSUM_NONE; 219 skb->ip_summed = CHECKSUM_NONE;
221 } else { 220 } else {
222 /* full checksum calculation */ 221 /* full checksum calculation */
223 udph->check = 0; 222 udph->check = 0;
224 (*pskb)->csum = skb_checksum(*pskb, udphoff, 223 skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0);
225 (*pskb)->len - udphoff, 0);
226 udph->check = csum_tcpudp_magic(cp->caddr, cp->daddr, 224 udph->check = csum_tcpudp_magic(cp->caddr, cp->daddr,
227 (*pskb)->len - udphoff, 225 skb->len - udphoff,
228 cp->protocol, 226 cp->protocol, skb->csum);
229 (*pskb)->csum);
230 if (udph->check == 0) 227 if (udph->check == 0)
231 udph->check = CSUM_MANGLED_0; 228 udph->check = CSUM_MANGLED_0;
232 (*pskb)->ip_summed = CHECKSUM_UNNECESSARY; 229 skb->ip_summed = CHECKSUM_UNNECESSARY;
233 } 230 }
234 return 1; 231 return 1;
235} 232}
diff --git a/net/ipv4/ipvs/ip_vs_xmit.c b/net/ipv4/ipvs/ip_vs_xmit.c
index 666e080a74a3..d0a92dec1050 100644
--- a/net/ipv4/ipvs/ip_vs_xmit.c
+++ b/net/ipv4/ipvs/ip_vs_xmit.c
@@ -253,7 +253,7 @@ ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
253 } 253 }
254 254
255 /* copy-on-write the packet before mangling it */ 255 /* copy-on-write the packet before mangling it */
256 if (!ip_vs_make_skb_writable(&skb, sizeof(struct iphdr))) 256 if (!skb_make_writable(skb, sizeof(struct iphdr)))
257 goto tx_error_put; 257 goto tx_error_put;
258 258
259 if (skb_cow(skb, rt->u.dst.dev->hard_header_len)) 259 if (skb_cow(skb, rt->u.dst.dev->hard_header_len))
@@ -264,7 +264,7 @@ ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
264 skb->dst = &rt->u.dst; 264 skb->dst = &rt->u.dst;
265 265
266 /* mangle the packet */ 266 /* mangle the packet */
267 if (pp->dnat_handler && !pp->dnat_handler(&skb, pp, cp)) 267 if (pp->dnat_handler && !pp->dnat_handler(skb, pp, cp))
268 goto tx_error; 268 goto tx_error;
269 ip_hdr(skb)->daddr = cp->daddr; 269 ip_hdr(skb)->daddr = cp->daddr;
270 ip_send_check(ip_hdr(skb)); 270 ip_send_check(ip_hdr(skb));
@@ -529,7 +529,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
529 } 529 }
530 530
531 /* copy-on-write the packet before mangling it */ 531 /* copy-on-write the packet before mangling it */
532 if (!ip_vs_make_skb_writable(&skb, offset)) 532 if (!skb_make_writable(skb, offset))
533 goto tx_error_put; 533 goto tx_error_put;
534 534
535 if (skb_cow(skb, rt->u.dst.dev->hard_header_len)) 535 if (skb_cow(skb, rt->u.dst.dev->hard_header_len))
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index b44192924f95..5539debf4973 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -3,14 +3,15 @@
3#include <linux/netfilter.h> 3#include <linux/netfilter.h>
4#include <linux/netfilter_ipv4.h> 4#include <linux/netfilter_ipv4.h>
5#include <linux/ip.h> 5#include <linux/ip.h>
6#include <linux/skbuff.h>
6#include <net/route.h> 7#include <net/route.h>
7#include <net/xfrm.h> 8#include <net/xfrm.h>
8#include <net/ip.h> 9#include <net/ip.h>
9 10
10/* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */ 11/* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */
11int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type) 12int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
12{ 13{
13 const struct iphdr *iph = ip_hdr(*pskb); 14 const struct iphdr *iph = ip_hdr(skb);
14 struct rtable *rt; 15 struct rtable *rt;
15 struct flowi fl = {}; 16 struct flowi fl = {};
16 struct dst_entry *odst; 17 struct dst_entry *odst;
@@ -29,14 +30,14 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type)
29 if (type == RTN_LOCAL) 30 if (type == RTN_LOCAL)
30 fl.nl_u.ip4_u.saddr = iph->saddr; 31 fl.nl_u.ip4_u.saddr = iph->saddr;
31 fl.nl_u.ip4_u.tos = RT_TOS(iph->tos); 32 fl.nl_u.ip4_u.tos = RT_TOS(iph->tos);
32 fl.oif = (*pskb)->sk ? (*pskb)->sk->sk_bound_dev_if : 0; 33 fl.oif = skb->sk ? skb->sk->sk_bound_dev_if : 0;
33 fl.mark = (*pskb)->mark; 34 fl.mark = skb->mark;
34 if (ip_route_output_key(&rt, &fl) != 0) 35 if (ip_route_output_key(&rt, &fl) != 0)
35 return -1; 36 return -1;
36 37
37 /* Drop old route. */ 38 /* Drop old route. */
38 dst_release((*pskb)->dst); 39 dst_release(skb->dst);
39 (*pskb)->dst = &rt->u.dst; 40 skb->dst = &rt->u.dst;
40 } else { 41 } else {
41 /* non-local src, find valid iif to satisfy 42 /* non-local src, find valid iif to satisfy
42 * rp-filter when calling ip_route_input. */ 43 * rp-filter when calling ip_route_input. */
@@ -44,8 +45,8 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type)
44 if (ip_route_output_key(&rt, &fl) != 0) 45 if (ip_route_output_key(&rt, &fl) != 0)
45 return -1; 46 return -1;
46 47
47 odst = (*pskb)->dst; 48 odst = skb->dst;
48 if (ip_route_input(*pskb, iph->daddr, iph->saddr, 49 if (ip_route_input(skb, iph->daddr, iph->saddr,
49 RT_TOS(iph->tos), rt->u.dst.dev) != 0) { 50 RT_TOS(iph->tos), rt->u.dst.dev) != 0) {
50 dst_release(&rt->u.dst); 51 dst_release(&rt->u.dst);
51 return -1; 52 return -1;
@@ -54,70 +55,54 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type)
54 dst_release(odst); 55 dst_release(odst);
55 } 56 }
56 57
57 if ((*pskb)->dst->error) 58 if (skb->dst->error)
58 return -1; 59 return -1;
59 60
60#ifdef CONFIG_XFRM 61#ifdef CONFIG_XFRM
61 if (!(IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED) && 62 if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) &&
62 xfrm_decode_session(*pskb, &fl, AF_INET) == 0) 63 xfrm_decode_session(skb, &fl, AF_INET) == 0)
63 if (xfrm_lookup(&(*pskb)->dst, &fl, (*pskb)->sk, 0)) 64 if (xfrm_lookup(&skb->dst, &fl, skb->sk, 0))
64 return -1; 65 return -1;
65#endif 66#endif
66 67
67 /* Change in oif may mean change in hh_len. */ 68 /* Change in oif may mean change in hh_len. */
68 hh_len = (*pskb)->dst->dev->hard_header_len; 69 hh_len = skb->dst->dev->hard_header_len;
69 if (skb_headroom(*pskb) < hh_len) { 70 if (skb_headroom(skb) < hh_len &&
70 struct sk_buff *nskb; 71 pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC))
71 72 return -1;
72 nskb = skb_realloc_headroom(*pskb, hh_len);
73 if (!nskb)
74 return -1;
75 if ((*pskb)->sk)
76 skb_set_owner_w(nskb, (*pskb)->sk);
77 kfree_skb(*pskb);
78 *pskb = nskb;
79 }
80 73
81 return 0; 74 return 0;
82} 75}
83EXPORT_SYMBOL(ip_route_me_harder); 76EXPORT_SYMBOL(ip_route_me_harder);
84 77
85#ifdef CONFIG_XFRM 78#ifdef CONFIG_XFRM
86int ip_xfrm_me_harder(struct sk_buff **pskb) 79int ip_xfrm_me_harder(struct sk_buff *skb)
87{ 80{
88 struct flowi fl; 81 struct flowi fl;
89 unsigned int hh_len; 82 unsigned int hh_len;
90 struct dst_entry *dst; 83 struct dst_entry *dst;
91 84
92 if (IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED) 85 if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED)
93 return 0; 86 return 0;
94 if (xfrm_decode_session(*pskb, &fl, AF_INET) < 0) 87 if (xfrm_decode_session(skb, &fl, AF_INET) < 0)
95 return -1; 88 return -1;
96 89
97 dst = (*pskb)->dst; 90 dst = skb->dst;
98 if (dst->xfrm) 91 if (dst->xfrm)
99 dst = ((struct xfrm_dst *)dst)->route; 92 dst = ((struct xfrm_dst *)dst)->route;
100 dst_hold(dst); 93 dst_hold(dst);
101 94
102 if (xfrm_lookup(&dst, &fl, (*pskb)->sk, 0) < 0) 95 if (xfrm_lookup(&dst, &fl, skb->sk, 0) < 0)
103 return -1; 96 return -1;
104 97
105 dst_release((*pskb)->dst); 98 dst_release(skb->dst);
106 (*pskb)->dst = dst; 99 skb->dst = dst;
107 100
108 /* Change in oif may mean change in hh_len. */ 101 /* Change in oif may mean change in hh_len. */
109 hh_len = (*pskb)->dst->dev->hard_header_len; 102 hh_len = skb->dst->dev->hard_header_len;
110 if (skb_headroom(*pskb) < hh_len) { 103 if (skb_headroom(skb) < hh_len &&
111 struct sk_buff *nskb; 104 pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC))
112 105 return -1;
113 nskb = skb_realloc_headroom(*pskb, hh_len);
114 if (!nskb)
115 return -1;
116 if ((*pskb)->sk)
117 skb_set_owner_w(nskb, (*pskb)->sk);
118 kfree_skb(*pskb);
119 *pskb = nskb;
120 }
121 return 0; 106 return 0;
122} 107}
123EXPORT_SYMBOL(ip_xfrm_me_harder); 108EXPORT_SYMBOL(ip_xfrm_me_harder);
@@ -150,17 +135,17 @@ static void nf_ip_saveroute(const struct sk_buff *skb, struct nf_info *info)
150 } 135 }
151} 136}
152 137
153static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info) 138static int nf_ip_reroute(struct sk_buff *skb, const struct nf_info *info)
154{ 139{
155 const struct ip_rt_info *rt_info = nf_info_reroute(info); 140 const struct ip_rt_info *rt_info = nf_info_reroute(info);
156 141
157 if (info->hook == NF_IP_LOCAL_OUT) { 142 if (info->hook == NF_IP_LOCAL_OUT) {
158 const struct iphdr *iph = ip_hdr(*pskb); 143 const struct iphdr *iph = ip_hdr(skb);
159 144
160 if (!(iph->tos == rt_info->tos 145 if (!(iph->tos == rt_info->tos
161 && iph->daddr == rt_info->daddr 146 && iph->daddr == rt_info->daddr
162 && iph->saddr == rt_info->saddr)) 147 && iph->saddr == rt_info->saddr))
163 return ip_route_me_harder(pskb, RTN_UNSPEC); 148 return ip_route_me_harder(skb, RTN_UNSPEC);
164 } 149 }
165 return 0; 150 return 0;
166} 151}
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 29114a9ccd1d..2909c92ecd99 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -197,7 +197,7 @@ static inline int arp_checkentry(const struct arpt_arp *arp)
197 return 1; 197 return 1;
198} 198}
199 199
200static unsigned int arpt_error(struct sk_buff **pskb, 200static unsigned int arpt_error(struct sk_buff *skb,
201 const struct net_device *in, 201 const struct net_device *in,
202 const struct net_device *out, 202 const struct net_device *out,
203 unsigned int hooknum, 203 unsigned int hooknum,
@@ -215,7 +215,7 @@ static inline struct arpt_entry *get_entry(void *base, unsigned int offset)
215 return (struct arpt_entry *)(base + offset); 215 return (struct arpt_entry *)(base + offset);
216} 216}
217 217
218unsigned int arpt_do_table(struct sk_buff **pskb, 218unsigned int arpt_do_table(struct sk_buff *skb,
219 unsigned int hook, 219 unsigned int hook,
220 const struct net_device *in, 220 const struct net_device *in,
221 const struct net_device *out, 221 const struct net_device *out,
@@ -231,9 +231,9 @@ unsigned int arpt_do_table(struct sk_buff **pskb,
231 struct xt_table_info *private; 231 struct xt_table_info *private;
232 232
233 /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ 233 /* ARP header, plus 2 device addresses, plus 2 IP addresses. */
234 if (!pskb_may_pull((*pskb), (sizeof(struct arphdr) + 234 if (!pskb_may_pull(skb, (sizeof(struct arphdr) +
235 (2 * (*pskb)->dev->addr_len) + 235 (2 * skb->dev->addr_len) +
236 (2 * sizeof(u32))))) 236 (2 * sizeof(u32)))))
237 return NF_DROP; 237 return NF_DROP;
238 238
239 indev = in ? in->name : nulldevname; 239 indev = in ? in->name : nulldevname;
@@ -245,14 +245,14 @@ unsigned int arpt_do_table(struct sk_buff **pskb,
245 e = get_entry(table_base, private->hook_entry[hook]); 245 e = get_entry(table_base, private->hook_entry[hook]);
246 back = get_entry(table_base, private->underflow[hook]); 246 back = get_entry(table_base, private->underflow[hook]);
247 247
248 arp = arp_hdr(*pskb); 248 arp = arp_hdr(skb);
249 do { 249 do {
250 if (arp_packet_match(arp, (*pskb)->dev, indev, outdev, &e->arp)) { 250 if (arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) {
251 struct arpt_entry_target *t; 251 struct arpt_entry_target *t;
252 int hdr_len; 252 int hdr_len;
253 253
254 hdr_len = sizeof(*arp) + (2 * sizeof(struct in_addr)) + 254 hdr_len = sizeof(*arp) + (2 * sizeof(struct in_addr)) +
255 (2 * (*pskb)->dev->addr_len); 255 (2 * skb->dev->addr_len);
256 ADD_COUNTER(e->counters, hdr_len, 1); 256 ADD_COUNTER(e->counters, hdr_len, 1);
257 257
258 t = arpt_get_target(e); 258 t = arpt_get_target(e);
@@ -290,14 +290,14 @@ unsigned int arpt_do_table(struct sk_buff **pskb,
290 /* Targets which reenter must return 290 /* Targets which reenter must return
291 * abs. verdicts 291 * abs. verdicts
292 */ 292 */
293 verdict = t->u.kernel.target->target(pskb, 293 verdict = t->u.kernel.target->target(skb,
294 in, out, 294 in, out,
295 hook, 295 hook,
296 t->u.kernel.target, 296 t->u.kernel.target,
297 t->data); 297 t->data);
298 298
299 /* Target might have changed stuff. */ 299 /* Target might have changed stuff. */
300 arp = arp_hdr(*pskb); 300 arp = arp_hdr(skb);
301 301
302 if (verdict == ARPT_CONTINUE) 302 if (verdict == ARPT_CONTINUE)
303 e = (void *)e + e->next_offset; 303 e = (void *)e + e->next_offset;
diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c
index c4bdab47597f..45fa4e20094a 100644
--- a/net/ipv4/netfilter/arpt_mangle.c
+++ b/net/ipv4/netfilter/arpt_mangle.c
@@ -1,5 +1,6 @@
1/* module that allows mangling of the arp payload */ 1/* module that allows mangling of the arp payload */
2#include <linux/module.h> 2#include <linux/module.h>
3#include <linux/netfilter.h>
3#include <linux/netfilter_arp/arpt_mangle.h> 4#include <linux/netfilter_arp/arpt_mangle.h>
4#include <net/sock.h> 5#include <net/sock.h>
5 6
@@ -8,7 +9,7 @@ MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>");
8MODULE_DESCRIPTION("arptables arp payload mangle target"); 9MODULE_DESCRIPTION("arptables arp payload mangle target");
9 10
10static unsigned int 11static unsigned int
11target(struct sk_buff **pskb, 12target(struct sk_buff *skb,
12 const struct net_device *in, const struct net_device *out, 13 const struct net_device *in, const struct net_device *out,
13 unsigned int hooknum, const struct xt_target *target, 14 unsigned int hooknum, const struct xt_target *target,
14 const void *targinfo) 15 const void *targinfo)
@@ -18,47 +19,38 @@ target(struct sk_buff **pskb,
18 unsigned char *arpptr; 19 unsigned char *arpptr;
19 int pln, hln; 20 int pln, hln;
20 21
21 if (skb_shared(*pskb) || skb_cloned(*pskb)) { 22 if (skb_make_writable(skb, skb->len))
22 struct sk_buff *nskb; 23 return NF_DROP;
23 24
24 nskb = skb_copy(*pskb, GFP_ATOMIC); 25 arp = arp_hdr(skb);
25 if (!nskb) 26 arpptr = skb_network_header(skb) + sizeof(*arp);
26 return NF_DROP;
27 if ((*pskb)->sk)
28 skb_set_owner_w(nskb, (*pskb)->sk);
29 kfree_skb(*pskb);
30 *pskb = nskb;
31 }
32
33 arp = arp_hdr(*pskb);
34 arpptr = skb_network_header(*pskb) + sizeof(*arp);
35 pln = arp->ar_pln; 27 pln = arp->ar_pln;
36 hln = arp->ar_hln; 28 hln = arp->ar_hln;
37 /* We assume that pln and hln were checked in the match */ 29 /* We assume that pln and hln were checked in the match */
38 if (mangle->flags & ARPT_MANGLE_SDEV) { 30 if (mangle->flags & ARPT_MANGLE_SDEV) {
39 if (ARPT_DEV_ADDR_LEN_MAX < hln || 31 if (ARPT_DEV_ADDR_LEN_MAX < hln ||
40 (arpptr + hln > skb_tail_pointer(*pskb))) 32 (arpptr + hln > skb_tail_pointer(skb)))
41 return NF_DROP; 33 return NF_DROP;
42 memcpy(arpptr, mangle->src_devaddr, hln); 34 memcpy(arpptr, mangle->src_devaddr, hln);
43 } 35 }
44 arpptr += hln; 36 arpptr += hln;
45 if (mangle->flags & ARPT_MANGLE_SIP) { 37 if (mangle->flags & ARPT_MANGLE_SIP) {
46 if (ARPT_MANGLE_ADDR_LEN_MAX < pln || 38 if (ARPT_MANGLE_ADDR_LEN_MAX < pln ||
47 (arpptr + pln > skb_tail_pointer(*pskb))) 39 (arpptr + pln > skb_tail_pointer(skb)))
48 return NF_DROP; 40 return NF_DROP;
49 memcpy(arpptr, &mangle->u_s.src_ip, pln); 41 memcpy(arpptr, &mangle->u_s.src_ip, pln);
50 } 42 }
51 arpptr += pln; 43 arpptr += pln;
52 if (mangle->flags & ARPT_MANGLE_TDEV) { 44 if (mangle->flags & ARPT_MANGLE_TDEV) {
53 if (ARPT_DEV_ADDR_LEN_MAX < hln || 45 if (ARPT_DEV_ADDR_LEN_MAX < hln ||
54 (arpptr + hln > skb_tail_pointer(*pskb))) 46 (arpptr + hln > skb_tail_pointer(skb)))
55 return NF_DROP; 47 return NF_DROP;
56 memcpy(arpptr, mangle->tgt_devaddr, hln); 48 memcpy(arpptr, mangle->tgt_devaddr, hln);
57 } 49 }
58 arpptr += hln; 50 arpptr += hln;
59 if (mangle->flags & ARPT_MANGLE_TIP) { 51 if (mangle->flags & ARPT_MANGLE_TIP) {
60 if (ARPT_MANGLE_ADDR_LEN_MAX < pln || 52 if (ARPT_MANGLE_ADDR_LEN_MAX < pln ||
61 (arpptr + pln > skb_tail_pointer(*pskb))) 53 (arpptr + pln > skb_tail_pointer(skb)))
62 return NF_DROP; 54 return NF_DROP;
63 memcpy(arpptr, &mangle->u_t.tgt_ip, pln); 55 memcpy(arpptr, &mangle->u_t.tgt_ip, pln);
64 } 56 }
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c
index 75c023062533..302d3da5f696 100644
--- a/net/ipv4/netfilter/arptable_filter.c
+++ b/net/ipv4/netfilter/arptable_filter.c
@@ -56,12 +56,12 @@ static struct arpt_table packet_filter = {
56 56
57/* The work comes in here from netfilter.c */ 57/* The work comes in here from netfilter.c */
58static unsigned int arpt_hook(unsigned int hook, 58static unsigned int arpt_hook(unsigned int hook,
59 struct sk_buff **pskb, 59 struct sk_buff *skb,
60 const struct net_device *in, 60 const struct net_device *in,
61 const struct net_device *out, 61 const struct net_device *out,
62 int (*okfn)(struct sk_buff *)) 62 int (*okfn)(struct sk_buff *))
63{ 63{
64 return arpt_do_table(pskb, hook, in, out, &packet_filter); 64 return arpt_do_table(skb, hook, in, out, &packet_filter);
65} 65}
66 66
67static struct nf_hook_ops arpt_ops[] = { 67static struct nf_hook_ops arpt_ops[] = {
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index 23cbfc7c80fd..10a2ce09fd8e 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -335,6 +335,7 @@ static int
335ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) 335ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
336{ 336{
337 int diff; 337 int diff;
338 int err;
338 struct iphdr *user_iph = (struct iphdr *)v->payload; 339 struct iphdr *user_iph = (struct iphdr *)v->payload;
339 340
340 if (v->data_len < sizeof(*user_iph)) 341 if (v->data_len < sizeof(*user_iph))
@@ -347,25 +348,18 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
347 if (v->data_len > 0xFFFF) 348 if (v->data_len > 0xFFFF)
348 return -EINVAL; 349 return -EINVAL;
349 if (diff > skb_tailroom(e->skb)) { 350 if (diff > skb_tailroom(e->skb)) {
350 struct sk_buff *newskb; 351 err = pskb_expand_head(e->skb, 0,
351 352 diff - skb_tailroom(e->skb),
352 newskb = skb_copy_expand(e->skb, 353 GFP_ATOMIC);
353 skb_headroom(e->skb), 354 if (err) {
354 diff, 355 printk(KERN_WARNING "ip_queue: error "
355 GFP_ATOMIC); 356 "in mangle, dropping packet: %d\n", -err);
356 if (newskb == NULL) { 357 return err;
357 printk(KERN_WARNING "ip_queue: OOM "
358 "in mangle, dropping packet\n");
359 return -ENOMEM;
360 } 358 }
361 if (e->skb->sk)
362 skb_set_owner_w(newskb, e->skb->sk);
363 kfree_skb(e->skb);
364 e->skb = newskb;
365 } 359 }
366 skb_put(e->skb, diff); 360 skb_put(e->skb, diff);
367 } 361 }
368 if (!skb_make_writable(&e->skb, v->data_len)) 362 if (!skb_make_writable(e->skb, v->data_len))
369 return -ENOMEM; 363 return -ENOMEM;
370 skb_copy_to_linear_data(e->skb, v->payload, v->data_len); 364 skb_copy_to_linear_data(e->skb, v->payload, v->data_len);
371 e->skb->ip_summed = CHECKSUM_NONE; 365 e->skb->ip_summed = CHECKSUM_NONE;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 6486894f450c..4b10b98640ac 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -169,7 +169,7 @@ ip_checkentry(const struct ipt_ip *ip)
169} 169}
170 170
171static unsigned int 171static unsigned int
172ipt_error(struct sk_buff **pskb, 172ipt_error(struct sk_buff *skb,
173 const struct net_device *in, 173 const struct net_device *in,
174 const struct net_device *out, 174 const struct net_device *out,
175 unsigned int hooknum, 175 unsigned int hooknum,
@@ -312,7 +312,7 @@ static void trace_packet(struct sk_buff *skb,
312 312
313/* Returns one of the generic firewall policies, like NF_ACCEPT. */ 313/* Returns one of the generic firewall policies, like NF_ACCEPT. */
314unsigned int 314unsigned int
315ipt_do_table(struct sk_buff **pskb, 315ipt_do_table(struct sk_buff *skb,
316 unsigned int hook, 316 unsigned int hook,
317 const struct net_device *in, 317 const struct net_device *in,
318 const struct net_device *out, 318 const struct net_device *out,
@@ -331,8 +331,8 @@ ipt_do_table(struct sk_buff **pskb,
331 struct xt_table_info *private; 331 struct xt_table_info *private;
332 332
333 /* Initialization */ 333 /* Initialization */
334 ip = ip_hdr(*pskb); 334 ip = ip_hdr(skb);
335 datalen = (*pskb)->len - ip->ihl * 4; 335 datalen = skb->len - ip->ihl * 4;
336 indev = in ? in->name : nulldevname; 336 indev = in ? in->name : nulldevname;
337 outdev = out ? out->name : nulldevname; 337 outdev = out ? out->name : nulldevname;
338 /* We handle fragments by dealing with the first fragment as 338 /* We handle fragments by dealing with the first fragment as
@@ -359,7 +359,7 @@ ipt_do_table(struct sk_buff **pskb,
359 struct ipt_entry_target *t; 359 struct ipt_entry_target *t;
360 360
361 if (IPT_MATCH_ITERATE(e, do_match, 361 if (IPT_MATCH_ITERATE(e, do_match,
362 *pskb, in, out, 362 skb, in, out,
363 offset, &hotdrop) != 0) 363 offset, &hotdrop) != 0)
364 goto no_match; 364 goto no_match;
365 365
@@ -371,8 +371,8 @@ ipt_do_table(struct sk_buff **pskb,
371#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ 371#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
372 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) 372 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
373 /* The packet is traced: log it */ 373 /* The packet is traced: log it */
374 if (unlikely((*pskb)->nf_trace)) 374 if (unlikely(skb->nf_trace))
375 trace_packet(*pskb, hook, in, out, 375 trace_packet(skb, hook, in, out,
376 table->name, private, e); 376 table->name, private, e);
377#endif 377#endif
378 /* Standard target? */ 378 /* Standard target? */
@@ -410,7 +410,7 @@ ipt_do_table(struct sk_buff **pskb,
410 ((struct ipt_entry *)table_base)->comefrom 410 ((struct ipt_entry *)table_base)->comefrom
411 = 0xeeeeeeec; 411 = 0xeeeeeeec;
412#endif 412#endif
413 verdict = t->u.kernel.target->target(pskb, 413 verdict = t->u.kernel.target->target(skb,
414 in, out, 414 in, out,
415 hook, 415 hook,
416 t->u.kernel.target, 416 t->u.kernel.target,
@@ -428,8 +428,8 @@ ipt_do_table(struct sk_buff **pskb,
428 = 0x57acc001; 428 = 0x57acc001;
429#endif 429#endif
430 /* Target might have changed stuff. */ 430 /* Target might have changed stuff. */
431 ip = ip_hdr(*pskb); 431 ip = ip_hdr(skb);
432 datalen = (*pskb)->len - ip->ihl * 4; 432 datalen = skb->len - ip->ihl * 4;
433 433
434 if (verdict == IPT_CONTINUE) 434 if (verdict == IPT_CONTINUE)
435 e = (void *)e + e->next_offset; 435 e = (void *)e + e->next_offset;
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 27f14e1ebd8b..2f544dac72df 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -289,7 +289,7 @@ clusterip_responsible(const struct clusterip_config *config, u_int32_t hash)
289 ***********************************************************************/ 289 ***********************************************************************/
290 290
291static unsigned int 291static unsigned int
292target(struct sk_buff **pskb, 292target(struct sk_buff *skb,
293 const struct net_device *in, 293 const struct net_device *in,
294 const struct net_device *out, 294 const struct net_device *out,
295 unsigned int hooknum, 295 unsigned int hooknum,
@@ -305,7 +305,7 @@ target(struct sk_buff **pskb,
305 * is only decremented by destroy() - and ip_tables guarantees 305 * is only decremented by destroy() - and ip_tables guarantees
306 * that the ->target() function isn't called after ->destroy() */ 306 * that the ->target() function isn't called after ->destroy() */
307 307
308 ct = nf_ct_get(*pskb, &ctinfo); 308 ct = nf_ct_get(skb, &ctinfo);
309 if (ct == NULL) { 309 if (ct == NULL) {
310 printk(KERN_ERR "CLUSTERIP: no conntrack!\n"); 310 printk(KERN_ERR "CLUSTERIP: no conntrack!\n");
311 /* FIXME: need to drop invalid ones, since replies 311 /* FIXME: need to drop invalid ones, since replies
@@ -316,7 +316,7 @@ target(struct sk_buff **pskb,
316 316
317 /* special case: ICMP error handling. conntrack distinguishes between 317 /* special case: ICMP error handling. conntrack distinguishes between
318 * error messages (RELATED) and information requests (see below) */ 318 * error messages (RELATED) and information requests (see below) */
319 if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP 319 if (ip_hdr(skb)->protocol == IPPROTO_ICMP
320 && (ctinfo == IP_CT_RELATED 320 && (ctinfo == IP_CT_RELATED
321 || ctinfo == IP_CT_RELATED+IP_CT_IS_REPLY)) 321 || ctinfo == IP_CT_RELATED+IP_CT_IS_REPLY))
322 return XT_CONTINUE; 322 return XT_CONTINUE;
@@ -325,7 +325,7 @@ target(struct sk_buff **pskb,
325 * TIMESTAMP, INFO_REQUEST or ADDRESS type icmp packets from here 325 * TIMESTAMP, INFO_REQUEST or ADDRESS type icmp packets from here
326 * on, which all have an ID field [relevant for hashing]. */ 326 * on, which all have an ID field [relevant for hashing]. */
327 327
328 hash = clusterip_hashfn(*pskb, cipinfo->config); 328 hash = clusterip_hashfn(skb, cipinfo->config);
329 329
330 switch (ctinfo) { 330 switch (ctinfo) {
331 case IP_CT_NEW: 331 case IP_CT_NEW:
@@ -355,7 +355,7 @@ target(struct sk_buff **pskb,
355 355
356 /* despite being received via linklayer multicast, this is 356 /* despite being received via linklayer multicast, this is
357 * actually a unicast IP packet. TCP doesn't like PACKET_MULTICAST */ 357 * actually a unicast IP packet. TCP doesn't like PACKET_MULTICAST */
358 (*pskb)->pkt_type = PACKET_HOST; 358 skb->pkt_type = PACKET_HOST;
359 359
360 return XT_CONTINUE; 360 return XT_CONTINUE;
361} 361}
@@ -505,12 +505,12 @@ static void arp_print(struct arp_payload *payload)
505 505
506static unsigned int 506static unsigned int
507arp_mangle(unsigned int hook, 507arp_mangle(unsigned int hook,
508 struct sk_buff **pskb, 508 struct sk_buff *skb,
509 const struct net_device *in, 509 const struct net_device *in,
510 const struct net_device *out, 510 const struct net_device *out,
511 int (*okfn)(struct sk_buff *)) 511 int (*okfn)(struct sk_buff *))
512{ 512{
513 struct arphdr *arp = arp_hdr(*pskb); 513 struct arphdr *arp = arp_hdr(skb);
514 struct arp_payload *payload; 514 struct arp_payload *payload;
515 struct clusterip_config *c; 515 struct clusterip_config *c;
516 516
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c
index f1253bd3837f..add110060a22 100644
--- a/net/ipv4/netfilter/ipt_ECN.c
+++ b/net/ipv4/netfilter/ipt_ECN.c
@@ -26,15 +26,15 @@ MODULE_DESCRIPTION("iptables ECN modification module");
26/* set ECT codepoint from IP header. 26/* set ECT codepoint from IP header.
27 * return false if there was an error. */ 27 * return false if there was an error. */
28static inline bool 28static inline bool
29set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) 29set_ect_ip(struct sk_buff *skb, const struct ipt_ECN_info *einfo)
30{ 30{
31 struct iphdr *iph = ip_hdr(*pskb); 31 struct iphdr *iph = ip_hdr(skb);
32 32
33 if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) { 33 if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) {
34 __u8 oldtos; 34 __u8 oldtos;
35 if (!skb_make_writable(pskb, sizeof(struct iphdr))) 35 if (!skb_make_writable(skb, sizeof(struct iphdr)))
36 return false; 36 return false;
37 iph = ip_hdr(*pskb); 37 iph = ip_hdr(skb);
38 oldtos = iph->tos; 38 oldtos = iph->tos;
39 iph->tos &= ~IPT_ECN_IP_MASK; 39 iph->tos &= ~IPT_ECN_IP_MASK;
40 iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK); 40 iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK);
@@ -45,14 +45,13 @@ set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
45 45
46/* Return false if there was an error. */ 46/* Return false if there was an error. */
47static inline bool 47static inline bool
48set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) 48set_ect_tcp(struct sk_buff *skb, const struct ipt_ECN_info *einfo)
49{ 49{
50 struct tcphdr _tcph, *tcph; 50 struct tcphdr _tcph, *tcph;
51 __be16 oldval; 51 __be16 oldval;
52 52
53 /* Not enought header? */ 53 /* Not enought header? */
54 tcph = skb_header_pointer(*pskb, ip_hdrlen(*pskb), 54 tcph = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph);
55 sizeof(_tcph), &_tcph);
56 if (!tcph) 55 if (!tcph)
57 return false; 56 return false;
58 57
@@ -62,9 +61,9 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
62 tcph->cwr == einfo->proto.tcp.cwr)) 61 tcph->cwr == einfo->proto.tcp.cwr))
63 return true; 62 return true;
64 63
65 if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph))) 64 if (!skb_make_writable(skb, ip_hdrlen(skb) + sizeof(*tcph)))
66 return false; 65 return false;
67 tcph = (void *)ip_hdr(*pskb) + ip_hdrlen(*pskb); 66 tcph = (void *)ip_hdr(skb) + ip_hdrlen(skb);
68 67
69 oldval = ((__be16 *)tcph)[6]; 68 oldval = ((__be16 *)tcph)[6];
70 if (einfo->operation & IPT_ECN_OP_SET_ECE) 69 if (einfo->operation & IPT_ECN_OP_SET_ECE)
@@ -72,13 +71,13 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
72 if (einfo->operation & IPT_ECN_OP_SET_CWR) 71 if (einfo->operation & IPT_ECN_OP_SET_CWR)
73 tcph->cwr = einfo->proto.tcp.cwr; 72 tcph->cwr = einfo->proto.tcp.cwr;
74 73
75 nf_proto_csum_replace2(&tcph->check, *pskb, 74 nf_proto_csum_replace2(&tcph->check, skb,
76 oldval, ((__be16 *)tcph)[6], 0); 75 oldval, ((__be16 *)tcph)[6], 0);
77 return true; 76 return true;
78} 77}
79 78
80static unsigned int 79static unsigned int
81target(struct sk_buff **pskb, 80target(struct sk_buff *skb,
82 const struct net_device *in, 81 const struct net_device *in,
83 const struct net_device *out, 82 const struct net_device *out,
84 unsigned int hooknum, 83 unsigned int hooknum,
@@ -88,12 +87,12 @@ target(struct sk_buff **pskb,
88 const struct ipt_ECN_info *einfo = targinfo; 87 const struct ipt_ECN_info *einfo = targinfo;
89 88
90 if (einfo->operation & IPT_ECN_OP_SET_IP) 89 if (einfo->operation & IPT_ECN_OP_SET_IP)
91 if (!set_ect_ip(pskb, einfo)) 90 if (!set_ect_ip(skb, einfo))
92 return NF_DROP; 91 return NF_DROP;
93 92
94 if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR) 93 if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR)
95 && ip_hdr(*pskb)->protocol == IPPROTO_TCP) 94 && ip_hdr(skb)->protocol == IPPROTO_TCP)
96 if (!set_ect_tcp(pskb, einfo)) 95 if (!set_ect_tcp(skb, einfo))
97 return NF_DROP; 96 return NF_DROP;
98 97
99 return XT_CONTINUE; 98 return XT_CONTINUE;
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
index 127a5e89bf14..4b5e8216a4e7 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -418,7 +418,7 @@ ipt_log_packet(unsigned int pf,
418} 418}
419 419
420static unsigned int 420static unsigned int
421ipt_log_target(struct sk_buff **pskb, 421ipt_log_target(struct sk_buff *skb,
422 const struct net_device *in, 422 const struct net_device *in,
423 const struct net_device *out, 423 const struct net_device *out,
424 unsigned int hooknum, 424 unsigned int hooknum,
@@ -432,7 +432,7 @@ ipt_log_target(struct sk_buff **pskb,
432 li.u.log.level = loginfo->level; 432 li.u.log.level = loginfo->level;
433 li.u.log.logflags = loginfo->logflags; 433 li.u.log.logflags = loginfo->logflags;
434 434
435 ipt_log_packet(PF_INET, hooknum, *pskb, in, out, &li, 435 ipt_log_packet(PF_INET, hooknum, skb, in, out, &li,
436 loginfo->prefix); 436 loginfo->prefix);
437 return XT_CONTINUE; 437 return XT_CONTINUE;
438} 438}
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index 3e0b562b2db7..44b516e7cb79 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -52,7 +52,7 @@ masquerade_check(const char *tablename,
52} 52}
53 53
54static unsigned int 54static unsigned int
55masquerade_target(struct sk_buff **pskb, 55masquerade_target(struct sk_buff *skb,
56 const struct net_device *in, 56 const struct net_device *in,
57 const struct net_device *out, 57 const struct net_device *out,
58 unsigned int hooknum, 58 unsigned int hooknum,
@@ -69,7 +69,7 @@ masquerade_target(struct sk_buff **pskb,
69 69
70 NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); 70 NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING);
71 71
72 ct = nf_ct_get(*pskb, &ctinfo); 72 ct = nf_ct_get(skb, &ctinfo);
73 nat = nfct_nat(ct); 73 nat = nfct_nat(ct);
74 74
75 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED 75 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED
@@ -82,7 +82,7 @@ masquerade_target(struct sk_buff **pskb,
82 return NF_ACCEPT; 82 return NF_ACCEPT;
83 83
84 mr = targinfo; 84 mr = targinfo;
85 rt = (struct rtable *)(*pskb)->dst; 85 rt = (struct rtable *)skb->dst;
86 newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE); 86 newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
87 if (!newsrc) { 87 if (!newsrc) {
88 printk("MASQUERADE: %s ate my IP address\n", out->name); 88 printk("MASQUERADE: %s ate my IP address\n", out->name);
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
index 41a011d5a065..f8699291e33d 100644
--- a/net/ipv4/netfilter/ipt_NETMAP.c
+++ b/net/ipv4/netfilter/ipt_NETMAP.c
@@ -43,7 +43,7 @@ check(const char *tablename,
43} 43}
44 44
45static unsigned int 45static unsigned int
46target(struct sk_buff **pskb, 46target(struct sk_buff *skb,
47 const struct net_device *in, 47 const struct net_device *in,
48 const struct net_device *out, 48 const struct net_device *out,
49 unsigned int hooknum, 49 unsigned int hooknum,
@@ -59,14 +59,14 @@ target(struct sk_buff **pskb,
59 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING 59 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING
60 || hooknum == NF_IP_POST_ROUTING 60 || hooknum == NF_IP_POST_ROUTING
61 || hooknum == NF_IP_LOCAL_OUT); 61 || hooknum == NF_IP_LOCAL_OUT);
62 ct = nf_ct_get(*pskb, &ctinfo); 62 ct = nf_ct_get(skb, &ctinfo);
63 63
64 netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip); 64 netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
65 65
66 if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT) 66 if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT)
67 new_ip = ip_hdr(*pskb)->daddr & ~netmask; 67 new_ip = ip_hdr(skb)->daddr & ~netmask;
68 else 68 else
69 new_ip = ip_hdr(*pskb)->saddr & ~netmask; 69 new_ip = ip_hdr(skb)->saddr & ~netmask;
70 new_ip |= mr->range[0].min_ip & netmask; 70 new_ip |= mr->range[0].min_ip & netmask;
71 71
72 newrange = ((struct nf_nat_range) 72 newrange = ((struct nf_nat_range)
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c
index 6ac7a2373316..f7cf7d61a2d4 100644
--- a/net/ipv4/netfilter/ipt_REDIRECT.c
+++ b/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -47,7 +47,7 @@ redirect_check(const char *tablename,
47} 47}
48 48
49static unsigned int 49static unsigned int
50redirect_target(struct sk_buff **pskb, 50redirect_target(struct sk_buff *skb,
51 const struct net_device *in, 51 const struct net_device *in,
52 const struct net_device *out, 52 const struct net_device *out,
53 unsigned int hooknum, 53 unsigned int hooknum,
@@ -63,7 +63,7 @@ redirect_target(struct sk_buff **pskb,
63 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING 63 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING
64 || hooknum == NF_IP_LOCAL_OUT); 64 || hooknum == NF_IP_LOCAL_OUT);
65 65
66 ct = nf_ct_get(*pskb, &ctinfo); 66 ct = nf_ct_get(skb, &ctinfo);
67 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); 67 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
68 68
69 /* Local packets: make them go to loopback */ 69 /* Local packets: make them go to loopback */
@@ -76,7 +76,7 @@ redirect_target(struct sk_buff **pskb,
76 newdst = 0; 76 newdst = 0;
77 77
78 rcu_read_lock(); 78 rcu_read_lock();
79 indev = __in_dev_get_rcu((*pskb)->dev); 79 indev = __in_dev_get_rcu(skb->dev);
80 if (indev && (ifa = indev->ifa_list)) 80 if (indev && (ifa = indev->ifa_list))
81 newdst = ifa->ifa_local; 81 newdst = ifa->ifa_local;
82 rcu_read_unlock(); 82 rcu_read_unlock();
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index cb038c8fbc9d..dcf4d21d5116 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -131,7 +131,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
131 ) 131 )
132 addr_type = RTN_LOCAL; 132 addr_type = RTN_LOCAL;
133 133
134 if (ip_route_me_harder(&nskb, addr_type)) 134 if (ip_route_me_harder(nskb, addr_type))
135 goto free_nskb; 135 goto free_nskb;
136 136
137 nskb->ip_summed = CHECKSUM_NONE; 137 nskb->ip_summed = CHECKSUM_NONE;
@@ -162,7 +162,7 @@ static inline void send_unreach(struct sk_buff *skb_in, int code)
162 icmp_send(skb_in, ICMP_DEST_UNREACH, code, 0); 162 icmp_send(skb_in, ICMP_DEST_UNREACH, code, 0);
163} 163}
164 164
165static unsigned int reject(struct sk_buff **pskb, 165static unsigned int reject(struct sk_buff *skb,
166 const struct net_device *in, 166 const struct net_device *in,
167 const struct net_device *out, 167 const struct net_device *out,
168 unsigned int hooknum, 168 unsigned int hooknum,
@@ -173,7 +173,7 @@ static unsigned int reject(struct sk_buff **pskb,
173 173
174 /* Our naive response construction doesn't deal with IP 174 /* Our naive response construction doesn't deal with IP
175 options, and probably shouldn't try. */ 175 options, and probably shouldn't try. */
176 if (ip_hdrlen(*pskb) != sizeof(struct iphdr)) 176 if (ip_hdrlen(skb) != sizeof(struct iphdr))
177 return NF_DROP; 177 return NF_DROP;
178 178
179 /* WARNING: This code causes reentry within iptables. 179 /* WARNING: This code causes reentry within iptables.
@@ -181,28 +181,28 @@ static unsigned int reject(struct sk_buff **pskb,
181 must return an absolute verdict. --RR */ 181 must return an absolute verdict. --RR */
182 switch (reject->with) { 182 switch (reject->with) {
183 case IPT_ICMP_NET_UNREACHABLE: 183 case IPT_ICMP_NET_UNREACHABLE:
184 send_unreach(*pskb, ICMP_NET_UNREACH); 184 send_unreach(skb, ICMP_NET_UNREACH);
185 break; 185 break;
186 case IPT_ICMP_HOST_UNREACHABLE: 186 case IPT_ICMP_HOST_UNREACHABLE:
187 send_unreach(*pskb, ICMP_HOST_UNREACH); 187 send_unreach(skb, ICMP_HOST_UNREACH);
188 break; 188 break;
189 case IPT_ICMP_PROT_UNREACHABLE: 189 case IPT_ICMP_PROT_UNREACHABLE:
190 send_unreach(*pskb, ICMP_PROT_UNREACH); 190 send_unreach(skb, ICMP_PROT_UNREACH);
191 break; 191 break;
192 case IPT_ICMP_PORT_UNREACHABLE: 192 case IPT_ICMP_PORT_UNREACHABLE:
193 send_unreach(*pskb, ICMP_PORT_UNREACH); 193 send_unreach(skb, ICMP_PORT_UNREACH);
194 break; 194 break;
195 case IPT_ICMP_NET_PROHIBITED: 195 case IPT_ICMP_NET_PROHIBITED:
196 send_unreach(*pskb, ICMP_NET_ANO); 196 send_unreach(skb, ICMP_NET_ANO);
197 break; 197 break;
198 case IPT_ICMP_HOST_PROHIBITED: 198 case IPT_ICMP_HOST_PROHIBITED:
199 send_unreach(*pskb, ICMP_HOST_ANO); 199 send_unreach(skb, ICMP_HOST_ANO);
200 break; 200 break;
201 case IPT_ICMP_ADMIN_PROHIBITED: 201 case IPT_ICMP_ADMIN_PROHIBITED:
202 send_unreach(*pskb, ICMP_PKT_FILTERED); 202 send_unreach(skb, ICMP_PKT_FILTERED);
203 break; 203 break;
204 case IPT_TCP_RESET: 204 case IPT_TCP_RESET:
205 send_reset(*pskb, hooknum); 205 send_reset(skb, hooknum);
206 case IPT_ICMP_ECHOREPLY: 206 case IPT_ICMP_ECHOREPLY:
207 /* Doesn't happen. */ 207 /* Doesn't happen. */
208 break; 208 break;
diff --git a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c
index 97641f1a97f6..8988571436b8 100644
--- a/net/ipv4/netfilter/ipt_SAME.c
+++ b/net/ipv4/netfilter/ipt_SAME.c
@@ -104,7 +104,7 @@ same_destroy(const struct xt_target *target, void *targinfo)
104} 104}
105 105
106static unsigned int 106static unsigned int
107same_target(struct sk_buff **pskb, 107same_target(struct sk_buff *skb,
108 const struct net_device *in, 108 const struct net_device *in,
109 const struct net_device *out, 109 const struct net_device *out,
110 unsigned int hooknum, 110 unsigned int hooknum,
@@ -121,7 +121,7 @@ same_target(struct sk_buff **pskb,
121 121
122 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || 122 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING ||
123 hooknum == NF_IP_POST_ROUTING); 123 hooknum == NF_IP_POST_ROUTING);
124 ct = nf_ct_get(*pskb, &ctinfo); 124 ct = nf_ct_get(skb, &ctinfo);
125 125
126 t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; 126 t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
127 127
diff --git a/net/ipv4/netfilter/ipt_TOS.c b/net/ipv4/netfilter/ipt_TOS.c
index 25f5d0b39065..d4573baa7f27 100644
--- a/net/ipv4/netfilter/ipt_TOS.c
+++ b/net/ipv4/netfilter/ipt_TOS.c
@@ -21,7 +21,7 @@ MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
21MODULE_DESCRIPTION("iptables TOS mangling module"); 21MODULE_DESCRIPTION("iptables TOS mangling module");
22 22
23static unsigned int 23static unsigned int
24target(struct sk_buff **pskb, 24target(struct sk_buff *skb,
25 const struct net_device *in, 25 const struct net_device *in,
26 const struct net_device *out, 26 const struct net_device *out,
27 unsigned int hooknum, 27 unsigned int hooknum,
@@ -29,13 +29,13 @@ target(struct sk_buff **pskb,
29 const void *targinfo) 29 const void *targinfo)
30{ 30{
31 const struct ipt_tos_target_info *tosinfo = targinfo; 31 const struct ipt_tos_target_info *tosinfo = targinfo;
32 struct iphdr *iph = ip_hdr(*pskb); 32 struct iphdr *iph = ip_hdr(skb);
33 33
34 if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) { 34 if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) {
35 __u8 oldtos; 35 __u8 oldtos;
36 if (!skb_make_writable(pskb, sizeof(struct iphdr))) 36 if (!skb_make_writable(skb, sizeof(struct iphdr)))
37 return NF_DROP; 37 return NF_DROP;
38 iph = ip_hdr(*pskb); 38 iph = ip_hdr(skb);
39 oldtos = iph->tos; 39 oldtos = iph->tos;
40 iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos; 40 iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos;
41 nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos)); 41 nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos));
diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c
index 2b54e7b0cfe8..c620a0527666 100644
--- a/net/ipv4/netfilter/ipt_TTL.c
+++ b/net/ipv4/netfilter/ipt_TTL.c
@@ -20,7 +20,7 @@ MODULE_DESCRIPTION("IP tables TTL modification module");
20MODULE_LICENSE("GPL"); 20MODULE_LICENSE("GPL");
21 21
22static unsigned int 22static unsigned int
23ipt_ttl_target(struct sk_buff **pskb, 23ipt_ttl_target(struct sk_buff *skb,
24 const struct net_device *in, const struct net_device *out, 24 const struct net_device *in, const struct net_device *out,
25 unsigned int hooknum, const struct xt_target *target, 25 unsigned int hooknum, const struct xt_target *target,
26 const void *targinfo) 26 const void *targinfo)
@@ -29,10 +29,10 @@ ipt_ttl_target(struct sk_buff **pskb,
29 const struct ipt_TTL_info *info = targinfo; 29 const struct ipt_TTL_info *info = targinfo;
30 int new_ttl; 30 int new_ttl;
31 31
32 if (!skb_make_writable(pskb, (*pskb)->len)) 32 if (!skb_make_writable(skb, skb->len))
33 return NF_DROP; 33 return NF_DROP;
34 34
35 iph = ip_hdr(*pskb); 35 iph = ip_hdr(skb);
36 36
37 switch (info->mode) { 37 switch (info->mode) {
38 case IPT_TTL_SET: 38 case IPT_TTL_SET:
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index c636d6d63574..212b830765a4 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -279,7 +279,7 @@ alloc_failure:
279 spin_unlock_bh(&ulog_lock); 279 spin_unlock_bh(&ulog_lock);
280} 280}
281 281
282static unsigned int ipt_ulog_target(struct sk_buff **pskb, 282static unsigned int ipt_ulog_target(struct sk_buff *skb,
283 const struct net_device *in, 283 const struct net_device *in,
284 const struct net_device *out, 284 const struct net_device *out,
285 unsigned int hooknum, 285 unsigned int hooknum,
@@ -288,7 +288,7 @@ static unsigned int ipt_ulog_target(struct sk_buff **pskb,
288{ 288{
289 struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; 289 struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
290 290
291 ipt_ulog_packet(hooknum, *pskb, in, out, loginfo, NULL); 291 ipt_ulog_packet(hooknum, skb, in, out, loginfo, NULL);
292 292
293 return XT_CONTINUE; 293 return XT_CONTINUE;
294} 294}
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c
index 4f51c1d7d2d6..ba3262c60437 100644
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -62,31 +62,31 @@ static struct xt_table packet_filter = {
62/* The work comes in here from netfilter.c. */ 62/* The work comes in here from netfilter.c. */
63static unsigned int 63static unsigned int
64ipt_hook(unsigned int hook, 64ipt_hook(unsigned int hook,
65 struct sk_buff **pskb, 65 struct sk_buff *skb,
66 const struct net_device *in, 66 const struct net_device *in,
67 const struct net_device *out, 67 const struct net_device *out,
68 int (*okfn)(struct sk_buff *)) 68 int (*okfn)(struct sk_buff *))
69{ 69{
70 return ipt_do_table(pskb, hook, in, out, &packet_filter); 70 return ipt_do_table(skb, hook, in, out, &packet_filter);
71} 71}
72 72
73static unsigned int 73static unsigned int
74ipt_local_out_hook(unsigned int hook, 74ipt_local_out_hook(unsigned int hook,
75 struct sk_buff **pskb, 75 struct sk_buff *skb,
76 const struct net_device *in, 76 const struct net_device *in,
77 const struct net_device *out, 77 const struct net_device *out,
78 int (*okfn)(struct sk_buff *)) 78 int (*okfn)(struct sk_buff *))
79{ 79{
80 /* root is playing with raw sockets. */ 80 /* root is playing with raw sockets. */
81 if ((*pskb)->len < sizeof(struct iphdr) 81 if (skb->len < sizeof(struct iphdr) ||
82 || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 82 ip_hdrlen(skb) < sizeof(struct iphdr)) {
83 if (net_ratelimit()) 83 if (net_ratelimit())
84 printk("iptable_filter: ignoring short SOCK_RAW " 84 printk("iptable_filter: ignoring short SOCK_RAW "
85 "packet.\n"); 85 "packet.\n");
86 return NF_ACCEPT; 86 return NF_ACCEPT;
87 } 87 }
88 88
89 return ipt_do_table(pskb, hook, in, out, &packet_filter); 89 return ipt_do_table(skb, hook, in, out, &packet_filter);
90} 90}
91 91
92static struct nf_hook_ops ipt_ops[] = { 92static struct nf_hook_ops ipt_ops[] = {
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index 902446f7cbca..b4360a69d5ca 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -75,17 +75,17 @@ static struct xt_table packet_mangler = {
75/* The work comes in here from netfilter.c. */ 75/* The work comes in here from netfilter.c. */
76static unsigned int 76static unsigned int
77ipt_route_hook(unsigned int hook, 77ipt_route_hook(unsigned int hook,
78 struct sk_buff **pskb, 78 struct sk_buff *skb,
79 const struct net_device *in, 79 const struct net_device *in,
80 const struct net_device *out, 80 const struct net_device *out,
81 int (*okfn)(struct sk_buff *)) 81 int (*okfn)(struct sk_buff *))
82{ 82{
83 return ipt_do_table(pskb, hook, in, out, &packet_mangler); 83 return ipt_do_table(skb, hook, in, out, &packet_mangler);
84} 84}
85 85
86static unsigned int 86static unsigned int
87ipt_local_hook(unsigned int hook, 87ipt_local_hook(unsigned int hook,
88 struct sk_buff **pskb, 88 struct sk_buff *skb,
89 const struct net_device *in, 89 const struct net_device *in,
90 const struct net_device *out, 90 const struct net_device *out,
91 int (*okfn)(struct sk_buff *)) 91 int (*okfn)(struct sk_buff *))
@@ -97,8 +97,8 @@ ipt_local_hook(unsigned int hook,
97 u_int32_t mark; 97 u_int32_t mark;
98 98
99 /* root is playing with raw sockets. */ 99 /* root is playing with raw sockets. */
100 if ((*pskb)->len < sizeof(struct iphdr) 100 if (skb->len < sizeof(struct iphdr)
101 || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 101 || ip_hdrlen(skb) < sizeof(struct iphdr)) {
102 if (net_ratelimit()) 102 if (net_ratelimit())
103 printk("iptable_mangle: ignoring short SOCK_RAW " 103 printk("iptable_mangle: ignoring short SOCK_RAW "
104 "packet.\n"); 104 "packet.\n");
@@ -106,22 +106,22 @@ ipt_local_hook(unsigned int hook,
106 } 106 }
107 107
108 /* Save things which could affect route */ 108 /* Save things which could affect route */
109 mark = (*pskb)->mark; 109 mark = skb->mark;
110 iph = ip_hdr(*pskb); 110 iph = ip_hdr(skb);
111 saddr = iph->saddr; 111 saddr = iph->saddr;
112 daddr = iph->daddr; 112 daddr = iph->daddr;
113 tos = iph->tos; 113 tos = iph->tos;
114 114
115 ret = ipt_do_table(pskb, hook, in, out, &packet_mangler); 115 ret = ipt_do_table(skb, hook, in, out, &packet_mangler);
116 /* Reroute for ANY change. */ 116 /* Reroute for ANY change. */
117 if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) { 117 if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) {
118 iph = ip_hdr(*pskb); 118 iph = ip_hdr(skb);
119 119
120 if (iph->saddr != saddr || 120 if (iph->saddr != saddr ||
121 iph->daddr != daddr || 121 iph->daddr != daddr ||
122 (*pskb)->mark != mark || 122 skb->mark != mark ||
123 iph->tos != tos) 123 iph->tos != tos)
124 if (ip_route_me_harder(pskb, RTN_UNSPEC)) 124 if (ip_route_me_harder(skb, RTN_UNSPEC))
125 ret = NF_DROP; 125 ret = NF_DROP;
126 } 126 }
127 127
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c
index d6e503395684..5de6e57ac55c 100644
--- a/net/ipv4/netfilter/iptable_raw.c
+++ b/net/ipv4/netfilter/iptable_raw.c
@@ -47,30 +47,30 @@ static struct xt_table packet_raw = {
47/* The work comes in here from netfilter.c. */ 47/* The work comes in here from netfilter.c. */
48static unsigned int 48static unsigned int
49ipt_hook(unsigned int hook, 49ipt_hook(unsigned int hook,
50 struct sk_buff **pskb, 50 struct sk_buff *skb,
51 const struct net_device *in, 51 const struct net_device *in,
52 const struct net_device *out, 52 const struct net_device *out,
53 int (*okfn)(struct sk_buff *)) 53 int (*okfn)(struct sk_buff *))
54{ 54{
55 return ipt_do_table(pskb, hook, in, out, &packet_raw); 55 return ipt_do_table(skb, hook, in, out, &packet_raw);
56} 56}
57 57
58static unsigned int 58static unsigned int
59ipt_local_hook(unsigned int hook, 59ipt_local_hook(unsigned int hook,
60 struct sk_buff **pskb, 60 struct sk_buff *skb,
61 const struct net_device *in, 61 const struct net_device *in,
62 const struct net_device *out, 62 const struct net_device *out,
63 int (*okfn)(struct sk_buff *)) 63 int (*okfn)(struct sk_buff *))
64{ 64{
65 /* root is playing with raw sockets. */ 65 /* root is playing with raw sockets. */
66 if ((*pskb)->len < sizeof(struct iphdr) || 66 if (skb->len < sizeof(struct iphdr) ||
67 ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 67 ip_hdrlen(skb) < sizeof(struct iphdr)) {
68 if (net_ratelimit()) 68 if (net_ratelimit())
69 printk("iptable_raw: ignoring short SOCK_RAW" 69 printk("iptable_raw: ignoring short SOCK_RAW"
70 "packet.\n"); 70 "packet.\n");
71 return NF_ACCEPT; 71 return NF_ACCEPT;
72 } 72 }
73 return ipt_do_table(pskb, hook, in, out, &packet_raw); 73 return ipt_do_table(skb, hook, in, out, &packet_raw);
74} 74}
75 75
76/* 'raw' is the very first table. */ 76/* 'raw' is the very first table. */
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 2fcb9249a8da..831e9b29806d 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -63,19 +63,20 @@ static int ipv4_print_conntrack(struct seq_file *s,
63} 63}
64 64
65/* Returns new sk_buff, or NULL */ 65/* Returns new sk_buff, or NULL */
66static struct sk_buff * 66static int nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
67nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
68{ 67{
68 int err;
69
69 skb_orphan(skb); 70 skb_orphan(skb);
70 71
71 local_bh_disable(); 72 local_bh_disable();
72 skb = ip_defrag(skb, user); 73 err = ip_defrag(skb, user);
73 local_bh_enable(); 74 local_bh_enable();
74 75
75 if (skb) 76 if (!err)
76 ip_send_check(ip_hdr(skb)); 77 ip_send_check(ip_hdr(skb));
77 78
78 return skb; 79 return err;
79} 80}
80 81
81static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff, 82static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
@@ -99,17 +100,17 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
99} 100}
100 101
101static unsigned int ipv4_confirm(unsigned int hooknum, 102static unsigned int ipv4_confirm(unsigned int hooknum,
102 struct sk_buff **pskb, 103 struct sk_buff *skb,
103 const struct net_device *in, 104 const struct net_device *in,
104 const struct net_device *out, 105 const struct net_device *out,
105 int (*okfn)(struct sk_buff *)) 106 int (*okfn)(struct sk_buff *))
106{ 107{
107 /* We've seen it coming out the other side: confirm it */ 108 /* We've seen it coming out the other side: confirm it */
108 return nf_conntrack_confirm(pskb); 109 return nf_conntrack_confirm(skb);
109} 110}
110 111
111static unsigned int ipv4_conntrack_help(unsigned int hooknum, 112static unsigned int ipv4_conntrack_help(unsigned int hooknum,
112 struct sk_buff **pskb, 113 struct sk_buff *skb,
113 const struct net_device *in, 114 const struct net_device *in,
114 const struct net_device *out, 115 const struct net_device *out,
115 int (*okfn)(struct sk_buff *)) 116 int (*okfn)(struct sk_buff *))
@@ -120,7 +121,7 @@ static unsigned int ipv4_conntrack_help(unsigned int hooknum,
120 struct nf_conntrack_helper *helper; 121 struct nf_conntrack_helper *helper;
121 122
122 /* This is where we call the helper: as the packet goes out. */ 123 /* This is where we call the helper: as the packet goes out. */
123 ct = nf_ct_get(*pskb, &ctinfo); 124 ct = nf_ct_get(skb, &ctinfo);
124 if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY) 125 if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)
125 return NF_ACCEPT; 126 return NF_ACCEPT;
126 127
@@ -131,56 +132,55 @@ static unsigned int ipv4_conntrack_help(unsigned int hooknum,
131 helper = rcu_dereference(help->helper); 132 helper = rcu_dereference(help->helper);
132 if (!helper) 133 if (!helper)
133 return NF_ACCEPT; 134 return NF_ACCEPT;
134 return helper->help(pskb, skb_network_offset(*pskb) + ip_hdrlen(*pskb), 135 return helper->help(skb, skb_network_offset(skb) + ip_hdrlen(skb),
135 ct, ctinfo); 136 ct, ctinfo);
136} 137}
137 138
138static unsigned int ipv4_conntrack_defrag(unsigned int hooknum, 139static unsigned int ipv4_conntrack_defrag(unsigned int hooknum,
139 struct sk_buff **pskb, 140 struct sk_buff *skb,
140 const struct net_device *in, 141 const struct net_device *in,
141 const struct net_device *out, 142 const struct net_device *out,
142 int (*okfn)(struct sk_buff *)) 143 int (*okfn)(struct sk_buff *))
143{ 144{
144 /* Previously seen (loopback)? Ignore. Do this before 145 /* Previously seen (loopback)? Ignore. Do this before
145 fragment check. */ 146 fragment check. */
146 if ((*pskb)->nfct) 147 if (skb->nfct)
147 return NF_ACCEPT; 148 return NF_ACCEPT;
148 149
149 /* Gather fragments. */ 150 /* Gather fragments. */
150 if (ip_hdr(*pskb)->frag_off & htons(IP_MF | IP_OFFSET)) { 151 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
151 *pskb = nf_ct_ipv4_gather_frags(*pskb, 152 if (nf_ct_ipv4_gather_frags(skb,
152 hooknum == NF_IP_PRE_ROUTING ? 153 hooknum == NF_IP_PRE_ROUTING ?
153 IP_DEFRAG_CONNTRACK_IN : 154 IP_DEFRAG_CONNTRACK_IN :
154 IP_DEFRAG_CONNTRACK_OUT); 155 IP_DEFRAG_CONNTRACK_OUT))
155 if (!*pskb)
156 return NF_STOLEN; 156 return NF_STOLEN;
157 } 157 }
158 return NF_ACCEPT; 158 return NF_ACCEPT;
159} 159}
160 160
161static unsigned int ipv4_conntrack_in(unsigned int hooknum, 161static unsigned int ipv4_conntrack_in(unsigned int hooknum,
162 struct sk_buff **pskb, 162 struct sk_buff *skb,
163 const struct net_device *in, 163 const struct net_device *in,
164 const struct net_device *out, 164 const struct net_device *out,
165 int (*okfn)(struct sk_buff *)) 165 int (*okfn)(struct sk_buff *))
166{ 166{
167 return nf_conntrack_in(PF_INET, hooknum, pskb); 167 return nf_conntrack_in(PF_INET, hooknum, skb);
168} 168}
169 169
170static unsigned int ipv4_conntrack_local(unsigned int hooknum, 170static unsigned int ipv4_conntrack_local(unsigned int hooknum,
171 struct sk_buff **pskb, 171 struct sk_buff *skb,
172 const struct net_device *in, 172 const struct net_device *in,
173 const struct net_device *out, 173 const struct net_device *out,
174 int (*okfn)(struct sk_buff *)) 174 int (*okfn)(struct sk_buff *))
175{ 175{
176 /* root is playing with raw sockets. */ 176 /* root is playing with raw sockets. */
177 if ((*pskb)->len < sizeof(struct iphdr) 177 if (skb->len < sizeof(struct iphdr) ||
178 || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 178 ip_hdrlen(skb) < sizeof(struct iphdr)) {
179 if (net_ratelimit()) 179 if (net_ratelimit())
180 printk("ipt_hook: happy cracking.\n"); 180 printk("ipt_hook: happy cracking.\n");
181 return NF_ACCEPT; 181 return NF_ACCEPT;
182 } 182 }
183 return nf_conntrack_in(PF_INET, hooknum, pskb); 183 return nf_conntrack_in(PF_INET, hooknum, skb);
184} 184}
185 185
186/* Connection tracking may drop packets, but never alters them, so 186/* Connection tracking may drop packets, but never alters them, so
diff --git a/net/ipv4/netfilter/nf_nat_amanda.c b/net/ipv4/netfilter/nf_nat_amanda.c
index bd93a1d71052..35a5aa69cd92 100644
--- a/net/ipv4/netfilter/nf_nat_amanda.c
+++ b/net/ipv4/netfilter/nf_nat_amanda.c
@@ -24,7 +24,7 @@ MODULE_DESCRIPTION("Amanda NAT helper");
24MODULE_LICENSE("GPL"); 24MODULE_LICENSE("GPL");
25MODULE_ALIAS("ip_nat_amanda"); 25MODULE_ALIAS("ip_nat_amanda");
26 26
27static unsigned int help(struct sk_buff **pskb, 27static unsigned int help(struct sk_buff *skb,
28 enum ip_conntrack_info ctinfo, 28 enum ip_conntrack_info ctinfo,
29 unsigned int matchoff, 29 unsigned int matchoff,
30 unsigned int matchlen, 30 unsigned int matchlen,
@@ -53,7 +53,7 @@ static unsigned int help(struct sk_buff **pskb,
53 return NF_DROP; 53 return NF_DROP;
54 54
55 sprintf(buffer, "%u", port); 55 sprintf(buffer, "%u", port);
56 ret = nf_nat_mangle_udp_packet(pskb, exp->master, ctinfo, 56 ret = nf_nat_mangle_udp_packet(skb, exp->master, ctinfo,
57 matchoff, matchlen, 57 matchoff, matchlen,
58 buffer, strlen(buffer)); 58 buffer, strlen(buffer));
59 if (ret != NF_ACCEPT) 59 if (ret != NF_ACCEPT)
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 7221aa20e6ff..56e93f692e82 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -349,7 +349,7 @@ EXPORT_SYMBOL(nf_nat_setup_info);
349/* Returns true if succeeded. */ 349/* Returns true if succeeded. */
350static int 350static int
351manip_pkt(u_int16_t proto, 351manip_pkt(u_int16_t proto,
352 struct sk_buff **pskb, 352 struct sk_buff *skb,
353 unsigned int iphdroff, 353 unsigned int iphdroff,
354 const struct nf_conntrack_tuple *target, 354 const struct nf_conntrack_tuple *target,
355 enum nf_nat_manip_type maniptype) 355 enum nf_nat_manip_type maniptype)
@@ -357,19 +357,19 @@ manip_pkt(u_int16_t proto,
357 struct iphdr *iph; 357 struct iphdr *iph;
358 struct nf_nat_protocol *p; 358 struct nf_nat_protocol *p;
359 359
360 if (!skb_make_writable(pskb, iphdroff + sizeof(*iph))) 360 if (!skb_make_writable(skb, iphdroff + sizeof(*iph)))
361 return 0; 361 return 0;
362 362
363 iph = (void *)(*pskb)->data + iphdroff; 363 iph = (void *)skb->data + iphdroff;
364 364
365 /* Manipulate protcol part. */ 365 /* Manipulate protcol part. */
366 366
367 /* rcu_read_lock()ed by nf_hook_slow */ 367 /* rcu_read_lock()ed by nf_hook_slow */
368 p = __nf_nat_proto_find(proto); 368 p = __nf_nat_proto_find(proto);
369 if (!p->manip_pkt(pskb, iphdroff, target, maniptype)) 369 if (!p->manip_pkt(skb, iphdroff, target, maniptype))
370 return 0; 370 return 0;
371 371
372 iph = (void *)(*pskb)->data + iphdroff; 372 iph = (void *)skb->data + iphdroff;
373 373
374 if (maniptype == IP_NAT_MANIP_SRC) { 374 if (maniptype == IP_NAT_MANIP_SRC) {
375 nf_csum_replace4(&iph->check, iph->saddr, target->src.u3.ip); 375 nf_csum_replace4(&iph->check, iph->saddr, target->src.u3.ip);
@@ -385,7 +385,7 @@ manip_pkt(u_int16_t proto,
385unsigned int nf_nat_packet(struct nf_conn *ct, 385unsigned int nf_nat_packet(struct nf_conn *ct,
386 enum ip_conntrack_info ctinfo, 386 enum ip_conntrack_info ctinfo,
387 unsigned int hooknum, 387 unsigned int hooknum,
388 struct sk_buff **pskb) 388 struct sk_buff *skb)
389{ 389{
390 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 390 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
391 unsigned long statusbit; 391 unsigned long statusbit;
@@ -407,7 +407,7 @@ unsigned int nf_nat_packet(struct nf_conn *ct,
407 /* We are aiming to look like inverse of other direction. */ 407 /* We are aiming to look like inverse of other direction. */
408 nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple); 408 nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple);
409 409
410 if (!manip_pkt(target.dst.protonum, pskb, 0, &target, mtype)) 410 if (!manip_pkt(target.dst.protonum, skb, 0, &target, mtype))
411 return NF_DROP; 411 return NF_DROP;
412 } 412 }
413 return NF_ACCEPT; 413 return NF_ACCEPT;
@@ -418,7 +418,7 @@ EXPORT_SYMBOL_GPL(nf_nat_packet);
418int nf_nat_icmp_reply_translation(struct nf_conn *ct, 418int nf_nat_icmp_reply_translation(struct nf_conn *ct,
419 enum ip_conntrack_info ctinfo, 419 enum ip_conntrack_info ctinfo,
420 unsigned int hooknum, 420 unsigned int hooknum,
421 struct sk_buff **pskb) 421 struct sk_buff *skb)
422{ 422{
423 struct { 423 struct {
424 struct icmphdr icmp; 424 struct icmphdr icmp;
@@ -426,24 +426,24 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
426 } *inside; 426 } *inside;
427 struct nf_conntrack_l4proto *l4proto; 427 struct nf_conntrack_l4proto *l4proto;
428 struct nf_conntrack_tuple inner, target; 428 struct nf_conntrack_tuple inner, target;
429 int hdrlen = ip_hdrlen(*pskb); 429 int hdrlen = ip_hdrlen(skb);
430 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 430 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
431 unsigned long statusbit; 431 unsigned long statusbit;
432 enum nf_nat_manip_type manip = HOOK2MANIP(hooknum); 432 enum nf_nat_manip_type manip = HOOK2MANIP(hooknum);
433 433
434 if (!skb_make_writable(pskb, hdrlen + sizeof(*inside))) 434 if (!skb_make_writable(skb, hdrlen + sizeof(*inside)))
435 return 0; 435 return 0;
436 436
437 inside = (void *)(*pskb)->data + ip_hdrlen(*pskb); 437 inside = (void *)skb->data + ip_hdrlen(skb);
438 438
439 /* We're actually going to mangle it beyond trivial checksum 439 /* We're actually going to mangle it beyond trivial checksum
440 adjustment, so make sure the current checksum is correct. */ 440 adjustment, so make sure the current checksum is correct. */
441 if (nf_ip_checksum(*pskb, hooknum, hdrlen, 0)) 441 if (nf_ip_checksum(skb, hooknum, hdrlen, 0))
442 return 0; 442 return 0;
443 443
444 /* Must be RELATED */ 444 /* Must be RELATED */
445 NF_CT_ASSERT((*pskb)->nfctinfo == IP_CT_RELATED || 445 NF_CT_ASSERT(skb->nfctinfo == IP_CT_RELATED ||
446 (*pskb)->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY); 446 skb->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY);
447 447
448 /* Redirects on non-null nats must be dropped, else they'll 448 /* Redirects on non-null nats must be dropped, else they'll
449 start talking to each other without our translation, and be 449 start talking to each other without our translation, and be
@@ -458,15 +458,15 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
458 } 458 }
459 459
460 pr_debug("icmp_reply_translation: translating error %p manip %u " 460 pr_debug("icmp_reply_translation: translating error %p manip %u "
461 "dir %s\n", *pskb, manip, 461 "dir %s\n", skb, manip,
462 dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY"); 462 dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY");
463 463
464 /* rcu_read_lock()ed by nf_hook_slow */ 464 /* rcu_read_lock()ed by nf_hook_slow */
465 l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol); 465 l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol);
466 466
467 if (!nf_ct_get_tuple(*pskb, 467 if (!nf_ct_get_tuple(skb,
468 ip_hdrlen(*pskb) + sizeof(struct icmphdr), 468 ip_hdrlen(skb) + sizeof(struct icmphdr),
469 (ip_hdrlen(*pskb) + 469 (ip_hdrlen(skb) +
470 sizeof(struct icmphdr) + inside->ip.ihl * 4), 470 sizeof(struct icmphdr) + inside->ip.ihl * 4),
471 (u_int16_t)AF_INET, 471 (u_int16_t)AF_INET,
472 inside->ip.protocol, 472 inside->ip.protocol,
@@ -478,19 +478,19 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
478 pass all hooks (locally-generated ICMP). Consider incoming 478 pass all hooks (locally-generated ICMP). Consider incoming
479 packet: PREROUTING (DST manip), routing produces ICMP, goes 479 packet: PREROUTING (DST manip), routing produces ICMP, goes
480 through POSTROUTING (which must correct the DST manip). */ 480 through POSTROUTING (which must correct the DST manip). */
481 if (!manip_pkt(inside->ip.protocol, pskb, 481 if (!manip_pkt(inside->ip.protocol, skb,
482 ip_hdrlen(*pskb) + sizeof(inside->icmp), 482 ip_hdrlen(skb) + sizeof(inside->icmp),
483 &ct->tuplehash[!dir].tuple, 483 &ct->tuplehash[!dir].tuple,
484 !manip)) 484 !manip))
485 return 0; 485 return 0;
486 486
487 if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { 487 if (skb->ip_summed != CHECKSUM_PARTIAL) {
488 /* Reloading "inside" here since manip_pkt inner. */ 488 /* Reloading "inside" here since manip_pkt inner. */
489 inside = (void *)(*pskb)->data + ip_hdrlen(*pskb); 489 inside = (void *)skb->data + ip_hdrlen(skb);
490 inside->icmp.checksum = 0; 490 inside->icmp.checksum = 0;
491 inside->icmp.checksum = 491 inside->icmp.checksum =
492 csum_fold(skb_checksum(*pskb, hdrlen, 492 csum_fold(skb_checksum(skb, hdrlen,
493 (*pskb)->len - hdrlen, 0)); 493 skb->len - hdrlen, 0));
494 } 494 }
495 495
496 /* Change outer to look the reply to an incoming packet 496 /* Change outer to look the reply to an incoming packet
@@ -506,7 +506,7 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
506 506
507 if (ct->status & statusbit) { 507 if (ct->status & statusbit) {
508 nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple); 508 nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple);
509 if (!manip_pkt(0, pskb, 0, &target, manip)) 509 if (!manip_pkt(0, skb, 0, &target, manip))
510 return 0; 510 return 0;
511 } 511 }
512 512
diff --git a/net/ipv4/netfilter/nf_nat_ftp.c b/net/ipv4/netfilter/nf_nat_ftp.c
index 3663bd879c39..e1a16d3ea4cb 100644
--- a/net/ipv4/netfilter/nf_nat_ftp.c
+++ b/net/ipv4/netfilter/nf_nat_ftp.c
@@ -28,7 +28,7 @@ MODULE_ALIAS("ip_nat_ftp");
28/* FIXME: Time out? --RR */ 28/* FIXME: Time out? --RR */
29 29
30static int 30static int
31mangle_rfc959_packet(struct sk_buff **pskb, 31mangle_rfc959_packet(struct sk_buff *skb,
32 __be32 newip, 32 __be32 newip,
33 u_int16_t port, 33 u_int16_t port,
34 unsigned int matchoff, 34 unsigned int matchoff,
@@ -43,13 +43,13 @@ mangle_rfc959_packet(struct sk_buff **pskb,
43 43
44 pr_debug("calling nf_nat_mangle_tcp_packet\n"); 44 pr_debug("calling nf_nat_mangle_tcp_packet\n");
45 45
46 return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, 46 return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
47 matchlen, buffer, strlen(buffer)); 47 matchlen, buffer, strlen(buffer));
48} 48}
49 49
50/* |1|132.235.1.2|6275| */ 50/* |1|132.235.1.2|6275| */
51static int 51static int
52mangle_eprt_packet(struct sk_buff **pskb, 52mangle_eprt_packet(struct sk_buff *skb,
53 __be32 newip, 53 __be32 newip,
54 u_int16_t port, 54 u_int16_t port,
55 unsigned int matchoff, 55 unsigned int matchoff,
@@ -63,13 +63,13 @@ mangle_eprt_packet(struct sk_buff **pskb,
63 63
64 pr_debug("calling nf_nat_mangle_tcp_packet\n"); 64 pr_debug("calling nf_nat_mangle_tcp_packet\n");
65 65
66 return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, 66 return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
67 matchlen, buffer, strlen(buffer)); 67 matchlen, buffer, strlen(buffer));
68} 68}
69 69
70/* |1|132.235.1.2|6275| */ 70/* |1|132.235.1.2|6275| */
71static int 71static int
72mangle_epsv_packet(struct sk_buff **pskb, 72mangle_epsv_packet(struct sk_buff *skb,
73 __be32 newip, 73 __be32 newip,
74 u_int16_t port, 74 u_int16_t port,
75 unsigned int matchoff, 75 unsigned int matchoff,
@@ -83,11 +83,11 @@ mangle_epsv_packet(struct sk_buff **pskb,
83 83
84 pr_debug("calling nf_nat_mangle_tcp_packet\n"); 84 pr_debug("calling nf_nat_mangle_tcp_packet\n");
85 85
86 return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, 86 return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
87 matchlen, buffer, strlen(buffer)); 87 matchlen, buffer, strlen(buffer));
88} 88}
89 89
90static int (*mangle[])(struct sk_buff **, __be32, u_int16_t, 90static int (*mangle[])(struct sk_buff *, __be32, u_int16_t,
91 unsigned int, unsigned int, struct nf_conn *, 91 unsigned int, unsigned int, struct nf_conn *,
92 enum ip_conntrack_info) 92 enum ip_conntrack_info)
93= { 93= {
@@ -99,7 +99,7 @@ static int (*mangle[])(struct sk_buff **, __be32, u_int16_t,
99 99
100/* So, this packet has hit the connection tracking matching code. 100/* So, this packet has hit the connection tracking matching code.
101 Mangle it, and change the expectation to match the new version. */ 101 Mangle it, and change the expectation to match the new version. */
102static unsigned int nf_nat_ftp(struct sk_buff **pskb, 102static unsigned int nf_nat_ftp(struct sk_buff *skb,
103 enum ip_conntrack_info ctinfo, 103 enum ip_conntrack_info ctinfo,
104 enum nf_ct_ftp_type type, 104 enum nf_ct_ftp_type type,
105 unsigned int matchoff, 105 unsigned int matchoff,
@@ -132,7 +132,7 @@ static unsigned int nf_nat_ftp(struct sk_buff **pskb,
132 if (port == 0) 132 if (port == 0)
133 return NF_DROP; 133 return NF_DROP;
134 134
135 if (!mangle[type](pskb, newip, port, matchoff, matchlen, ct, ctinfo)) { 135 if (!mangle[type](skb, newip, port, matchoff, matchlen, ct, ctinfo)) {
136 nf_ct_unexpect_related(exp); 136 nf_ct_unexpect_related(exp);
137 return NF_DROP; 137 return NF_DROP;
138 } 138 }
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c
index c1b059a73708..a868c8c41328 100644
--- a/net/ipv4/netfilter/nf_nat_h323.c
+++ b/net/ipv4/netfilter/nf_nat_h323.c
@@ -22,12 +22,12 @@
22#include <linux/netfilter/nf_conntrack_h323.h> 22#include <linux/netfilter/nf_conntrack_h323.h>
23 23
24/****************************************************************************/ 24/****************************************************************************/
25static int set_addr(struct sk_buff **pskb, 25static int set_addr(struct sk_buff *skb,
26 unsigned char **data, int dataoff, 26 unsigned char **data, int dataoff,
27 unsigned int addroff, __be32 ip, __be16 port) 27 unsigned int addroff, __be32 ip, __be16 port)
28{ 28{
29 enum ip_conntrack_info ctinfo; 29 enum ip_conntrack_info ctinfo;
30 struct nf_conn *ct = nf_ct_get(*pskb, &ctinfo); 30 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
31 struct { 31 struct {
32 __be32 ip; 32 __be32 ip;
33 __be16 port; 33 __be16 port;
@@ -38,8 +38,8 @@ static int set_addr(struct sk_buff **pskb,
38 buf.port = port; 38 buf.port = port;
39 addroff += dataoff; 39 addroff += dataoff;
40 40
41 if (ip_hdr(*pskb)->protocol == IPPROTO_TCP) { 41 if (ip_hdr(skb)->protocol == IPPROTO_TCP) {
42 if (!nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, 42 if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
43 addroff, sizeof(buf), 43 addroff, sizeof(buf),
44 (char *) &buf, sizeof(buf))) { 44 (char *) &buf, sizeof(buf))) {
45 if (net_ratelimit()) 45 if (net_ratelimit())
@@ -49,14 +49,13 @@ static int set_addr(struct sk_buff **pskb,
49 } 49 }
50 50
51 /* Relocate data pointer */ 51 /* Relocate data pointer */
52 th = skb_header_pointer(*pskb, ip_hdrlen(*pskb), 52 th = skb_header_pointer(skb, ip_hdrlen(skb),
53 sizeof(_tcph), &_tcph); 53 sizeof(_tcph), &_tcph);
54 if (th == NULL) 54 if (th == NULL)
55 return -1; 55 return -1;
56 *data = (*pskb)->data + ip_hdrlen(*pskb) + 56 *data = skb->data + ip_hdrlen(skb) + th->doff * 4 + dataoff;
57 th->doff * 4 + dataoff;
58 } else { 57 } else {
59 if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, 58 if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
60 addroff, sizeof(buf), 59 addroff, sizeof(buf),
61 (char *) &buf, sizeof(buf))) { 60 (char *) &buf, sizeof(buf))) {
62 if (net_ratelimit()) 61 if (net_ratelimit())
@@ -67,36 +66,35 @@ static int set_addr(struct sk_buff **pskb,
67 /* nf_nat_mangle_udp_packet uses skb_make_writable() to copy 66 /* nf_nat_mangle_udp_packet uses skb_make_writable() to copy
68 * or pull everything in a linear buffer, so we can safely 67 * or pull everything in a linear buffer, so we can safely
69 * use the skb pointers now */ 68 * use the skb pointers now */
70 *data = ((*pskb)->data + ip_hdrlen(*pskb) + 69 *data = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
71 sizeof(struct udphdr));
72 } 70 }
73 71
74 return 0; 72 return 0;
75} 73}
76 74
77/****************************************************************************/ 75/****************************************************************************/
78static int set_h225_addr(struct sk_buff **pskb, 76static int set_h225_addr(struct sk_buff *skb,
79 unsigned char **data, int dataoff, 77 unsigned char **data, int dataoff,
80 TransportAddress *taddr, 78 TransportAddress *taddr,
81 union nf_conntrack_address *addr, __be16 port) 79 union nf_conntrack_address *addr, __be16 port)
82{ 80{
83 return set_addr(pskb, data, dataoff, taddr->ipAddress.ip, 81 return set_addr(skb, data, dataoff, taddr->ipAddress.ip,
84 addr->ip, port); 82 addr->ip, port);
85} 83}
86 84
87/****************************************************************************/ 85/****************************************************************************/
88static int set_h245_addr(struct sk_buff **pskb, 86static int set_h245_addr(struct sk_buff *skb,
89 unsigned char **data, int dataoff, 87 unsigned char **data, int dataoff,
90 H245_TransportAddress *taddr, 88 H245_TransportAddress *taddr,
91 union nf_conntrack_address *addr, __be16 port) 89 union nf_conntrack_address *addr, __be16 port)
92{ 90{
93 return set_addr(pskb, data, dataoff, 91 return set_addr(skb, data, dataoff,
94 taddr->unicastAddress.iPAddress.network, 92 taddr->unicastAddress.iPAddress.network,
95 addr->ip, port); 93 addr->ip, port);
96} 94}
97 95
98/****************************************************************************/ 96/****************************************************************************/
99static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct, 97static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct,
100 enum ip_conntrack_info ctinfo, 98 enum ip_conntrack_info ctinfo,
101 unsigned char **data, 99 unsigned char **data,
102 TransportAddress *taddr, int count) 100 TransportAddress *taddr, int count)
@@ -125,7 +123,7 @@ static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct,
125 NIPQUAD(addr.ip), port, 123 NIPQUAD(addr.ip), port,
126 NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip), 124 NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip),
127 info->sig_port[!dir]); 125 info->sig_port[!dir]);
128 return set_h225_addr(pskb, data, 0, &taddr[i], 126 return set_h225_addr(skb, data, 0, &taddr[i],
129 &ct->tuplehash[!dir]. 127 &ct->tuplehash[!dir].
130 tuple.dst.u3, 128 tuple.dst.u3,
131 info->sig_port[!dir]); 129 info->sig_port[!dir]);
@@ -137,7 +135,7 @@ static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct,
137 NIPQUAD(addr.ip), port, 135 NIPQUAD(addr.ip), port,
138 NIPQUAD(ct->tuplehash[!dir].tuple.src.u3.ip), 136 NIPQUAD(ct->tuplehash[!dir].tuple.src.u3.ip),
139 info->sig_port[!dir]); 137 info->sig_port[!dir]);
140 return set_h225_addr(pskb, data, 0, &taddr[i], 138 return set_h225_addr(skb, data, 0, &taddr[i],
141 &ct->tuplehash[!dir]. 139 &ct->tuplehash[!dir].
142 tuple.src.u3, 140 tuple.src.u3,
143 info->sig_port[!dir]); 141 info->sig_port[!dir]);
@@ -149,7 +147,7 @@ static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct,
149} 147}
150 148
151/****************************************************************************/ 149/****************************************************************************/
152static int set_ras_addr(struct sk_buff **pskb, struct nf_conn *ct, 150static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct,
153 enum ip_conntrack_info ctinfo, 151 enum ip_conntrack_info ctinfo,
154 unsigned char **data, 152 unsigned char **data,
155 TransportAddress *taddr, int count) 153 TransportAddress *taddr, int count)
@@ -168,7 +166,7 @@ static int set_ras_addr(struct sk_buff **pskb, struct nf_conn *ct,
168 NIPQUAD(addr.ip), ntohs(port), 166 NIPQUAD(addr.ip), ntohs(port),
169 NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip), 167 NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip),
170 ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port)); 168 ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port));
171 return set_h225_addr(pskb, data, 0, &taddr[i], 169 return set_h225_addr(skb, data, 0, &taddr[i],
172 &ct->tuplehash[!dir].tuple.dst.u3, 170 &ct->tuplehash[!dir].tuple.dst.u3,
173 ct->tuplehash[!dir].tuple. 171 ct->tuplehash[!dir].tuple.
174 dst.u.udp.port); 172 dst.u.udp.port);
@@ -179,7 +177,7 @@ static int set_ras_addr(struct sk_buff **pskb, struct nf_conn *ct,
179} 177}
180 178
181/****************************************************************************/ 179/****************************************************************************/
182static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, 180static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
183 enum ip_conntrack_info ctinfo, 181 enum ip_conntrack_info ctinfo,
184 unsigned char **data, int dataoff, 182 unsigned char **data, int dataoff,
185 H245_TransportAddress *taddr, 183 H245_TransportAddress *taddr,
@@ -244,7 +242,7 @@ static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct,
244 } 242 }
245 243
246 /* Modify signal */ 244 /* Modify signal */
247 if (set_h245_addr(pskb, data, dataoff, taddr, 245 if (set_h245_addr(skb, data, dataoff, taddr,
248 &ct->tuplehash[!dir].tuple.dst.u3, 246 &ct->tuplehash[!dir].tuple.dst.u3,
249 htons((port & htons(1)) ? nated_port + 1 : 247 htons((port & htons(1)) ? nated_port + 1 :
250 nated_port)) == 0) { 248 nated_port)) == 0) {
@@ -273,7 +271,7 @@ static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct,
273} 271}
274 272
275/****************************************************************************/ 273/****************************************************************************/
276static int nat_t120(struct sk_buff **pskb, struct nf_conn *ct, 274static int nat_t120(struct sk_buff *skb, struct nf_conn *ct,
277 enum ip_conntrack_info ctinfo, 275 enum ip_conntrack_info ctinfo,
278 unsigned char **data, int dataoff, 276 unsigned char **data, int dataoff,
279 H245_TransportAddress *taddr, __be16 port, 277 H245_TransportAddress *taddr, __be16 port,
@@ -301,7 +299,7 @@ static int nat_t120(struct sk_buff **pskb, struct nf_conn *ct,
301 } 299 }
302 300
303 /* Modify signal */ 301 /* Modify signal */
304 if (set_h245_addr(pskb, data, dataoff, taddr, 302 if (set_h245_addr(skb, data, dataoff, taddr,
305 &ct->tuplehash[!dir].tuple.dst.u3, 303 &ct->tuplehash[!dir].tuple.dst.u3,
306 htons(nated_port)) < 0) { 304 htons(nated_port)) < 0) {
307 nf_ct_unexpect_related(exp); 305 nf_ct_unexpect_related(exp);
@@ -318,7 +316,7 @@ static int nat_t120(struct sk_buff **pskb, struct nf_conn *ct,
318} 316}
319 317
320/****************************************************************************/ 318/****************************************************************************/
321static int nat_h245(struct sk_buff **pskb, struct nf_conn *ct, 319static int nat_h245(struct sk_buff *skb, struct nf_conn *ct,
322 enum ip_conntrack_info ctinfo, 320 enum ip_conntrack_info ctinfo,
323 unsigned char **data, int dataoff, 321 unsigned char **data, int dataoff,
324 TransportAddress *taddr, __be16 port, 322 TransportAddress *taddr, __be16 port,
@@ -351,7 +349,7 @@ static int nat_h245(struct sk_buff **pskb, struct nf_conn *ct,
351 } 349 }
352 350
353 /* Modify signal */ 351 /* Modify signal */
354 if (set_h225_addr(pskb, data, dataoff, taddr, 352 if (set_h225_addr(skb, data, dataoff, taddr,
355 &ct->tuplehash[!dir].tuple.dst.u3, 353 &ct->tuplehash[!dir].tuple.dst.u3,
356 htons(nated_port)) == 0) { 354 htons(nated_port)) == 0) {
357 /* Save ports */ 355 /* Save ports */
@@ -406,7 +404,7 @@ static void ip_nat_q931_expect(struct nf_conn *new,
406} 404}
407 405
408/****************************************************************************/ 406/****************************************************************************/
409static int nat_q931(struct sk_buff **pskb, struct nf_conn *ct, 407static int nat_q931(struct sk_buff *skb, struct nf_conn *ct,
410 enum ip_conntrack_info ctinfo, 408 enum ip_conntrack_info ctinfo,
411 unsigned char **data, TransportAddress *taddr, int idx, 409 unsigned char **data, TransportAddress *taddr, int idx,
412 __be16 port, struct nf_conntrack_expect *exp) 410 __be16 port, struct nf_conntrack_expect *exp)
@@ -439,7 +437,7 @@ static int nat_q931(struct sk_buff **pskb, struct nf_conn *ct,
439 } 437 }
440 438
441 /* Modify signal */ 439 /* Modify signal */
442 if (set_h225_addr(pskb, data, 0, &taddr[idx], 440 if (set_h225_addr(skb, data, 0, &taddr[idx],
443 &ct->tuplehash[!dir].tuple.dst.u3, 441 &ct->tuplehash[!dir].tuple.dst.u3,
444 htons(nated_port)) == 0) { 442 htons(nated_port)) == 0) {
445 /* Save ports */ 443 /* Save ports */
@@ -450,7 +448,7 @@ static int nat_q931(struct sk_buff **pskb, struct nf_conn *ct,
450 if (idx > 0 && 448 if (idx > 0 &&
451 get_h225_addr(ct, *data, &taddr[0], &addr, &port) && 449 get_h225_addr(ct, *data, &taddr[0], &addr, &port) &&
452 (ntohl(addr.ip) & 0xff000000) == 0x7f000000) { 450 (ntohl(addr.ip) & 0xff000000) == 0x7f000000) {
453 set_h225_addr(pskb, data, 0, &taddr[0], 451 set_h225_addr(skb, data, 0, &taddr[0],
454 &ct->tuplehash[!dir].tuple.dst.u3, 452 &ct->tuplehash[!dir].tuple.dst.u3,
455 info->sig_port[!dir]); 453 info->sig_port[!dir]);
456 } 454 }
@@ -495,7 +493,7 @@ static void ip_nat_callforwarding_expect(struct nf_conn *new,
495} 493}
496 494
497/****************************************************************************/ 495/****************************************************************************/
498static int nat_callforwarding(struct sk_buff **pskb, struct nf_conn *ct, 496static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct,
499 enum ip_conntrack_info ctinfo, 497 enum ip_conntrack_info ctinfo,
500 unsigned char **data, int dataoff, 498 unsigned char **data, int dataoff,
501 TransportAddress *taddr, __be16 port, 499 TransportAddress *taddr, __be16 port,
@@ -525,7 +523,7 @@ static int nat_callforwarding(struct sk_buff **pskb, struct nf_conn *ct,
525 } 523 }
526 524
527 /* Modify signal */ 525 /* Modify signal */
528 if (!set_h225_addr(pskb, data, dataoff, taddr, 526 if (!set_h225_addr(skb, data, dataoff, taddr,
529 &ct->tuplehash[!dir].tuple.dst.u3, 527 &ct->tuplehash[!dir].tuple.dst.u3,
530 htons(nated_port)) == 0) { 528 htons(nated_port)) == 0) {
531 nf_ct_unexpect_related(exp); 529 nf_ct_unexpect_related(exp);
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c
index 93d8a0a8f035..8718da00ef2a 100644
--- a/net/ipv4/netfilter/nf_nat_helper.c
+++ b/net/ipv4/netfilter/nf_nat_helper.c
@@ -111,22 +111,14 @@ static void mangle_contents(struct sk_buff *skb,
111} 111}
112 112
113/* Unusual, but possible case. */ 113/* Unusual, but possible case. */
114static int enlarge_skb(struct sk_buff **pskb, unsigned int extra) 114static int enlarge_skb(struct sk_buff *skb, unsigned int extra)
115{ 115{
116 struct sk_buff *nskb; 116 if (skb->len + extra > 65535)
117
118 if ((*pskb)->len + extra > 65535)
119 return 0; 117 return 0;
120 118
121 nskb = skb_copy_expand(*pskb, skb_headroom(*pskb), extra, GFP_ATOMIC); 119 if (pskb_expand_head(skb, 0, extra - skb_tailroom(skb), GFP_ATOMIC))
122 if (!nskb)
123 return 0; 120 return 0;
124 121
125 /* Transfer socket to new skb. */
126 if ((*pskb)->sk)
127 skb_set_owner_w(nskb, (*pskb)->sk);
128 kfree_skb(*pskb);
129 *pskb = nskb;
130 return 1; 122 return 1;
131} 123}
132 124
@@ -139,7 +131,7 @@ static int enlarge_skb(struct sk_buff **pskb, unsigned int extra)
139 * 131 *
140 * */ 132 * */
141int 133int
142nf_nat_mangle_tcp_packet(struct sk_buff **pskb, 134nf_nat_mangle_tcp_packet(struct sk_buff *skb,
143 struct nf_conn *ct, 135 struct nf_conn *ct,
144 enum ip_conntrack_info ctinfo, 136 enum ip_conntrack_info ctinfo,
145 unsigned int match_offset, 137 unsigned int match_offset,
@@ -147,37 +139,37 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb,
147 const char *rep_buffer, 139 const char *rep_buffer,
148 unsigned int rep_len) 140 unsigned int rep_len)
149{ 141{
150 struct rtable *rt = (struct rtable *)(*pskb)->dst; 142 struct rtable *rt = (struct rtable *)skb->dst;
151 struct iphdr *iph; 143 struct iphdr *iph;
152 struct tcphdr *tcph; 144 struct tcphdr *tcph;
153 int oldlen, datalen; 145 int oldlen, datalen;
154 146
155 if (!skb_make_writable(pskb, (*pskb)->len)) 147 if (!skb_make_writable(skb, skb->len))
156 return 0; 148 return 0;
157 149
158 if (rep_len > match_len && 150 if (rep_len > match_len &&
159 rep_len - match_len > skb_tailroom(*pskb) && 151 rep_len - match_len > skb_tailroom(skb) &&
160 !enlarge_skb(pskb, rep_len - match_len)) 152 !enlarge_skb(skb, rep_len - match_len))
161 return 0; 153 return 0;
162 154
163 SKB_LINEAR_ASSERT(*pskb); 155 SKB_LINEAR_ASSERT(skb);
164 156
165 iph = ip_hdr(*pskb); 157 iph = ip_hdr(skb);
166 tcph = (void *)iph + iph->ihl*4; 158 tcph = (void *)iph + iph->ihl*4;
167 159
168 oldlen = (*pskb)->len - iph->ihl*4; 160 oldlen = skb->len - iph->ihl*4;
169 mangle_contents(*pskb, iph->ihl*4 + tcph->doff*4, 161 mangle_contents(skb, iph->ihl*4 + tcph->doff*4,
170 match_offset, match_len, rep_buffer, rep_len); 162 match_offset, match_len, rep_buffer, rep_len);
171 163
172 datalen = (*pskb)->len - iph->ihl*4; 164 datalen = skb->len - iph->ihl*4;
173 if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { 165 if (skb->ip_summed != CHECKSUM_PARTIAL) {
174 if (!(rt->rt_flags & RTCF_LOCAL) && 166 if (!(rt->rt_flags & RTCF_LOCAL) &&
175 (*pskb)->dev->features & NETIF_F_V4_CSUM) { 167 skb->dev->features & NETIF_F_V4_CSUM) {
176 (*pskb)->ip_summed = CHECKSUM_PARTIAL; 168 skb->ip_summed = CHECKSUM_PARTIAL;
177 (*pskb)->csum_start = skb_headroom(*pskb) + 169 skb->csum_start = skb_headroom(skb) +
178 skb_network_offset(*pskb) + 170 skb_network_offset(skb) +
179 iph->ihl * 4; 171 iph->ihl * 4;
180 (*pskb)->csum_offset = offsetof(struct tcphdr, check); 172 skb->csum_offset = offsetof(struct tcphdr, check);
181 tcph->check = ~tcp_v4_check(datalen, 173 tcph->check = ~tcp_v4_check(datalen,
182 iph->saddr, iph->daddr, 0); 174 iph->saddr, iph->daddr, 0);
183 } else { 175 } else {
@@ -188,7 +180,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb,
188 datalen, 0)); 180 datalen, 0));
189 } 181 }
190 } else 182 } else
191 nf_proto_csum_replace2(&tcph->check, *pskb, 183 nf_proto_csum_replace2(&tcph->check, skb,
192 htons(oldlen), htons(datalen), 1); 184 htons(oldlen), htons(datalen), 1);
193 185
194 if (rep_len != match_len) { 186 if (rep_len != match_len) {
@@ -197,7 +189,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb,
197 (int)rep_len - (int)match_len, 189 (int)rep_len - (int)match_len,
198 ct, ctinfo); 190 ct, ctinfo);
199 /* Tell TCP window tracking about seq change */ 191 /* Tell TCP window tracking about seq change */
200 nf_conntrack_tcp_update(*pskb, ip_hdrlen(*pskb), 192 nf_conntrack_tcp_update(skb, ip_hdrlen(skb),
201 ct, CTINFO2DIR(ctinfo)); 193 ct, CTINFO2DIR(ctinfo));
202 } 194 }
203 return 1; 195 return 1;
@@ -215,7 +207,7 @@ EXPORT_SYMBOL(nf_nat_mangle_tcp_packet);
215 * should be fairly easy to do. 207 * should be fairly easy to do.
216 */ 208 */
217int 209int
218nf_nat_mangle_udp_packet(struct sk_buff **pskb, 210nf_nat_mangle_udp_packet(struct sk_buff *skb,
219 struct nf_conn *ct, 211 struct nf_conn *ct,
220 enum ip_conntrack_info ctinfo, 212 enum ip_conntrack_info ctinfo,
221 unsigned int match_offset, 213 unsigned int match_offset,
@@ -223,48 +215,48 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb,
223 const char *rep_buffer, 215 const char *rep_buffer,
224 unsigned int rep_len) 216 unsigned int rep_len)
225{ 217{
226 struct rtable *rt = (struct rtable *)(*pskb)->dst; 218 struct rtable *rt = (struct rtable *)skb->dst;
227 struct iphdr *iph; 219 struct iphdr *iph;
228 struct udphdr *udph; 220 struct udphdr *udph;
229 int datalen, oldlen; 221 int datalen, oldlen;
230 222
231 /* UDP helpers might accidentally mangle the wrong packet */ 223 /* UDP helpers might accidentally mangle the wrong packet */
232 iph = ip_hdr(*pskb); 224 iph = ip_hdr(skb);
233 if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) + 225 if (skb->len < iph->ihl*4 + sizeof(*udph) +
234 match_offset + match_len) 226 match_offset + match_len)
235 return 0; 227 return 0;
236 228
237 if (!skb_make_writable(pskb, (*pskb)->len)) 229 if (!skb_make_writable(skb, skb->len))
238 return 0; 230 return 0;
239 231
240 if (rep_len > match_len && 232 if (rep_len > match_len &&
241 rep_len - match_len > skb_tailroom(*pskb) && 233 rep_len - match_len > skb_tailroom(skb) &&
242 !enlarge_skb(pskb, rep_len - match_len)) 234 !enlarge_skb(skb, rep_len - match_len))
243 return 0; 235 return 0;
244 236
245 iph = ip_hdr(*pskb); 237 iph = ip_hdr(skb);
246 udph = (void *)iph + iph->ihl*4; 238 udph = (void *)iph + iph->ihl*4;
247 239
248 oldlen = (*pskb)->len - iph->ihl*4; 240 oldlen = skb->len - iph->ihl*4;
249 mangle_contents(*pskb, iph->ihl*4 + sizeof(*udph), 241 mangle_contents(skb, iph->ihl*4 + sizeof(*udph),
250 match_offset, match_len, rep_buffer, rep_len); 242 match_offset, match_len, rep_buffer, rep_len);
251 243
252 /* update the length of the UDP packet */ 244 /* update the length of the UDP packet */
253 datalen = (*pskb)->len - iph->ihl*4; 245 datalen = skb->len - iph->ihl*4;
254 udph->len = htons(datalen); 246 udph->len = htons(datalen);
255 247
256 /* fix udp checksum if udp checksum was previously calculated */ 248 /* fix udp checksum if udp checksum was previously calculated */
257 if (!udph->check && (*pskb)->ip_summed != CHECKSUM_PARTIAL) 249 if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL)
258 return 1; 250 return 1;
259 251
260 if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { 252 if (skb->ip_summed != CHECKSUM_PARTIAL) {
261 if (!(rt->rt_flags & RTCF_LOCAL) && 253 if (!(rt->rt_flags & RTCF_LOCAL) &&
262 (*pskb)->dev->features & NETIF_F_V4_CSUM) { 254 skb->dev->features & NETIF_F_V4_CSUM) {
263 (*pskb)->ip_summed = CHECKSUM_PARTIAL; 255 skb->ip_summed = CHECKSUM_PARTIAL;
264 (*pskb)->csum_start = skb_headroom(*pskb) + 256 skb->csum_start = skb_headroom(skb) +
265 skb_network_offset(*pskb) + 257 skb_network_offset(skb) +
266 iph->ihl * 4; 258 iph->ihl * 4;
267 (*pskb)->csum_offset = offsetof(struct udphdr, check); 259 skb->csum_offset = offsetof(struct udphdr, check);
268 udph->check = ~csum_tcpudp_magic(iph->saddr, iph->daddr, 260 udph->check = ~csum_tcpudp_magic(iph->saddr, iph->daddr,
269 datalen, IPPROTO_UDP, 261 datalen, IPPROTO_UDP,
270 0); 262 0);
@@ -278,7 +270,7 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb,
278 udph->check = CSUM_MANGLED_0; 270 udph->check = CSUM_MANGLED_0;
279 } 271 }
280 } else 272 } else
281 nf_proto_csum_replace2(&udph->check, *pskb, 273 nf_proto_csum_replace2(&udph->check, skb,
282 htons(oldlen), htons(datalen), 1); 274 htons(oldlen), htons(datalen), 1);
283 275
284 return 1; 276 return 1;
@@ -330,7 +322,7 @@ sack_adjust(struct sk_buff *skb,
330 322
331/* TCP SACK sequence number adjustment */ 323/* TCP SACK sequence number adjustment */
332static inline unsigned int 324static inline unsigned int
333nf_nat_sack_adjust(struct sk_buff **pskb, 325nf_nat_sack_adjust(struct sk_buff *skb,
334 struct tcphdr *tcph, 326 struct tcphdr *tcph,
335 struct nf_conn *ct, 327 struct nf_conn *ct,
336 enum ip_conntrack_info ctinfo) 328 enum ip_conntrack_info ctinfo)
@@ -338,17 +330,17 @@ nf_nat_sack_adjust(struct sk_buff **pskb,
338 unsigned int dir, optoff, optend; 330 unsigned int dir, optoff, optend;
339 struct nf_conn_nat *nat = nfct_nat(ct); 331 struct nf_conn_nat *nat = nfct_nat(ct);
340 332
341 optoff = ip_hdrlen(*pskb) + sizeof(struct tcphdr); 333 optoff = ip_hdrlen(skb) + sizeof(struct tcphdr);
342 optend = ip_hdrlen(*pskb) + tcph->doff * 4; 334 optend = ip_hdrlen(skb) + tcph->doff * 4;
343 335
344 if (!skb_make_writable(pskb, optend)) 336 if (!skb_make_writable(skb, optend))
345 return 0; 337 return 0;
346 338
347 dir = CTINFO2DIR(ctinfo); 339 dir = CTINFO2DIR(ctinfo);
348 340
349 while (optoff < optend) { 341 while (optoff < optend) {
350 /* Usually: option, length. */ 342 /* Usually: option, length. */
351 unsigned char *op = (*pskb)->data + optoff; 343 unsigned char *op = skb->data + optoff;
352 344
353 switch (op[0]) { 345 switch (op[0]) {
354 case TCPOPT_EOL: 346 case TCPOPT_EOL:
@@ -365,7 +357,7 @@ nf_nat_sack_adjust(struct sk_buff **pskb,
365 if (op[0] == TCPOPT_SACK && 357 if (op[0] == TCPOPT_SACK &&
366 op[1] >= 2+TCPOLEN_SACK_PERBLOCK && 358 op[1] >= 2+TCPOLEN_SACK_PERBLOCK &&
367 ((op[1] - 2) % TCPOLEN_SACK_PERBLOCK) == 0) 359 ((op[1] - 2) % TCPOLEN_SACK_PERBLOCK) == 0)
368 sack_adjust(*pskb, tcph, optoff+2, 360 sack_adjust(skb, tcph, optoff+2,
369 optoff+op[1], &nat->seq[!dir]); 361 optoff+op[1], &nat->seq[!dir]);
370 optoff += op[1]; 362 optoff += op[1];
371 } 363 }
@@ -375,7 +367,7 @@ nf_nat_sack_adjust(struct sk_buff **pskb,
375 367
376/* TCP sequence number adjustment. Returns 1 on success, 0 on failure */ 368/* TCP sequence number adjustment. Returns 1 on success, 0 on failure */
377int 369int
378nf_nat_seq_adjust(struct sk_buff **pskb, 370nf_nat_seq_adjust(struct sk_buff *skb,
379 struct nf_conn *ct, 371 struct nf_conn *ct,
380 enum ip_conntrack_info ctinfo) 372 enum ip_conntrack_info ctinfo)
381{ 373{
@@ -390,10 +382,10 @@ nf_nat_seq_adjust(struct sk_buff **pskb,
390 this_way = &nat->seq[dir]; 382 this_way = &nat->seq[dir];
391 other_way = &nat->seq[!dir]; 383 other_way = &nat->seq[!dir];
392 384
393 if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph))) 385 if (!skb_make_writable(skb, ip_hdrlen(skb) + sizeof(*tcph)))
394 return 0; 386 return 0;
395 387
396 tcph = (void *)(*pskb)->data + ip_hdrlen(*pskb); 388 tcph = (void *)skb->data + ip_hdrlen(skb);
397 if (after(ntohl(tcph->seq), this_way->correction_pos)) 389 if (after(ntohl(tcph->seq), this_way->correction_pos))
398 newseq = htonl(ntohl(tcph->seq) + this_way->offset_after); 390 newseq = htonl(ntohl(tcph->seq) + this_way->offset_after);
399 else 391 else
@@ -405,8 +397,8 @@ nf_nat_seq_adjust(struct sk_buff **pskb,
405 else 397 else
406 newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before); 398 newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before);
407 399
408 nf_proto_csum_replace4(&tcph->check, *pskb, tcph->seq, newseq, 0); 400 nf_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, 0);
409 nf_proto_csum_replace4(&tcph->check, *pskb, tcph->ack_seq, newack, 0); 401 nf_proto_csum_replace4(&tcph->check, skb, tcph->ack_seq, newack, 0);
410 402
411 pr_debug("Adjusting sequence number from %u->%u, ack from %u->%u\n", 403 pr_debug("Adjusting sequence number from %u->%u, ack from %u->%u\n",
412 ntohl(tcph->seq), ntohl(newseq), ntohl(tcph->ack_seq), 404 ntohl(tcph->seq), ntohl(newseq), ntohl(tcph->ack_seq),
@@ -415,10 +407,10 @@ nf_nat_seq_adjust(struct sk_buff **pskb,
415 tcph->seq = newseq; 407 tcph->seq = newseq;
416 tcph->ack_seq = newack; 408 tcph->ack_seq = newack;
417 409
418 if (!nf_nat_sack_adjust(pskb, tcph, ct, ctinfo)) 410 if (!nf_nat_sack_adjust(skb, tcph, ct, ctinfo))
419 return 0; 411 return 0;
420 412
421 nf_conntrack_tcp_update(*pskb, ip_hdrlen(*pskb), ct, dir); 413 nf_conntrack_tcp_update(skb, ip_hdrlen(skb), ct, dir);
422 414
423 return 1; 415 return 1;
424} 416}
diff --git a/net/ipv4/netfilter/nf_nat_irc.c b/net/ipv4/netfilter/nf_nat_irc.c
index bcf274bba602..766e2c16c6b9 100644
--- a/net/ipv4/netfilter/nf_nat_irc.c
+++ b/net/ipv4/netfilter/nf_nat_irc.c
@@ -27,7 +27,7 @@ MODULE_DESCRIPTION("IRC (DCC) NAT helper");
27MODULE_LICENSE("GPL"); 27MODULE_LICENSE("GPL");
28MODULE_ALIAS("ip_nat_irc"); 28MODULE_ALIAS("ip_nat_irc");
29 29
30static unsigned int help(struct sk_buff **pskb, 30static unsigned int help(struct sk_buff *skb,
31 enum ip_conntrack_info ctinfo, 31 enum ip_conntrack_info ctinfo,
32 unsigned int matchoff, 32 unsigned int matchoff,
33 unsigned int matchlen, 33 unsigned int matchlen,
@@ -58,7 +58,7 @@ static unsigned int help(struct sk_buff **pskb,
58 pr_debug("nf_nat_irc: inserting '%s' == %u.%u.%u.%u, port %u\n", 58 pr_debug("nf_nat_irc: inserting '%s' == %u.%u.%u.%u, port %u\n",
59 buffer, NIPQUAD(ip), port); 59 buffer, NIPQUAD(ip), port);
60 60
61 ret = nf_nat_mangle_tcp_packet(pskb, exp->master, ctinfo, 61 ret = nf_nat_mangle_tcp_packet(skb, exp->master, ctinfo,
62 matchoff, matchlen, buffer, 62 matchoff, matchlen, buffer,
63 strlen(buffer)); 63 strlen(buffer));
64 if (ret != NF_ACCEPT) 64 if (ret != NF_ACCEPT)
diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c
index 984ec8308b2e..e1385a099079 100644
--- a/net/ipv4/netfilter/nf_nat_pptp.c
+++ b/net/ipv4/netfilter/nf_nat_pptp.c
@@ -110,7 +110,7 @@ static void pptp_nat_expected(struct nf_conn *ct,
110 110
111/* outbound packets == from PNS to PAC */ 111/* outbound packets == from PNS to PAC */
112static int 112static int
113pptp_outbound_pkt(struct sk_buff **pskb, 113pptp_outbound_pkt(struct sk_buff *skb,
114 struct nf_conn *ct, 114 struct nf_conn *ct,
115 enum ip_conntrack_info ctinfo, 115 enum ip_conntrack_info ctinfo,
116 struct PptpControlHeader *ctlh, 116 struct PptpControlHeader *ctlh,
@@ -175,7 +175,7 @@ pptp_outbound_pkt(struct sk_buff **pskb,
175 ntohs(REQ_CID(pptpReq, cid_off)), ntohs(new_callid)); 175 ntohs(REQ_CID(pptpReq, cid_off)), ntohs(new_callid));
176 176
177 /* mangle packet */ 177 /* mangle packet */
178 if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, 178 if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
179 cid_off + sizeof(struct pptp_pkt_hdr) + 179 cid_off + sizeof(struct pptp_pkt_hdr) +
180 sizeof(struct PptpControlHeader), 180 sizeof(struct PptpControlHeader),
181 sizeof(new_callid), (char *)&new_callid, 181 sizeof(new_callid), (char *)&new_callid,
@@ -213,7 +213,7 @@ pptp_exp_gre(struct nf_conntrack_expect *expect_orig,
213 213
214/* inbound packets == from PAC to PNS */ 214/* inbound packets == from PAC to PNS */
215static int 215static int
216pptp_inbound_pkt(struct sk_buff **pskb, 216pptp_inbound_pkt(struct sk_buff *skb,
217 struct nf_conn *ct, 217 struct nf_conn *ct,
218 enum ip_conntrack_info ctinfo, 218 enum ip_conntrack_info ctinfo,
219 struct PptpControlHeader *ctlh, 219 struct PptpControlHeader *ctlh,
@@ -268,7 +268,7 @@ pptp_inbound_pkt(struct sk_buff **pskb,
268 pr_debug("altering peer call id from 0x%04x to 0x%04x\n", 268 pr_debug("altering peer call id from 0x%04x to 0x%04x\n",
269 ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid)); 269 ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid));
270 270
271 if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, 271 if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
272 pcid_off + sizeof(struct pptp_pkt_hdr) + 272 pcid_off + sizeof(struct pptp_pkt_hdr) +
273 sizeof(struct PptpControlHeader), 273 sizeof(struct PptpControlHeader),
274 sizeof(new_pcid), (char *)&new_pcid, 274 sizeof(new_pcid), (char *)&new_pcid,
diff --git a/net/ipv4/netfilter/nf_nat_proto_gre.c b/net/ipv4/netfilter/nf_nat_proto_gre.c
index d562290b1820..b820f9960356 100644
--- a/net/ipv4/netfilter/nf_nat_proto_gre.c
+++ b/net/ipv4/netfilter/nf_nat_proto_gre.c
@@ -98,21 +98,21 @@ gre_unique_tuple(struct nf_conntrack_tuple *tuple,
98 98
99/* manipulate a GRE packet according to maniptype */ 99/* manipulate a GRE packet according to maniptype */
100static int 100static int
101gre_manip_pkt(struct sk_buff **pskb, unsigned int iphdroff, 101gre_manip_pkt(struct sk_buff *skb, unsigned int iphdroff,
102 const struct nf_conntrack_tuple *tuple, 102 const struct nf_conntrack_tuple *tuple,
103 enum nf_nat_manip_type maniptype) 103 enum nf_nat_manip_type maniptype)
104{ 104{
105 struct gre_hdr *greh; 105 struct gre_hdr *greh;
106 struct gre_hdr_pptp *pgreh; 106 struct gre_hdr_pptp *pgreh;
107 struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); 107 struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff);
108 unsigned int hdroff = iphdroff + iph->ihl * 4; 108 unsigned int hdroff = iphdroff + iph->ihl * 4;
109 109
110 /* pgreh includes two optional 32bit fields which are not required 110 /* pgreh includes two optional 32bit fields which are not required
111 * to be there. That's where the magic '8' comes from */ 111 * to be there. That's where the magic '8' comes from */
112 if (!skb_make_writable(pskb, hdroff + sizeof(*pgreh) - 8)) 112 if (!skb_make_writable(skb, hdroff + sizeof(*pgreh) - 8))
113 return 0; 113 return 0;
114 114
115 greh = (void *)(*pskb)->data + hdroff; 115 greh = (void *)skb->data + hdroff;
116 pgreh = (struct gre_hdr_pptp *)greh; 116 pgreh = (struct gre_hdr_pptp *)greh;
117 117
118 /* we only have destination manip of a packet, since 'source key' 118 /* we only have destination manip of a packet, since 'source key'
diff --git a/net/ipv4/netfilter/nf_nat_proto_icmp.c b/net/ipv4/netfilter/nf_nat_proto_icmp.c
index 898d73771155..b9fc724388fc 100644
--- a/net/ipv4/netfilter/nf_nat_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_nat_proto_icmp.c
@@ -52,20 +52,20 @@ icmp_unique_tuple(struct nf_conntrack_tuple *tuple,
52} 52}
53 53
54static int 54static int
55icmp_manip_pkt(struct sk_buff **pskb, 55icmp_manip_pkt(struct sk_buff *skb,
56 unsigned int iphdroff, 56 unsigned int iphdroff,
57 const struct nf_conntrack_tuple *tuple, 57 const struct nf_conntrack_tuple *tuple,
58 enum nf_nat_manip_type maniptype) 58 enum nf_nat_manip_type maniptype)
59{ 59{
60 struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); 60 struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff);
61 struct icmphdr *hdr; 61 struct icmphdr *hdr;
62 unsigned int hdroff = iphdroff + iph->ihl*4; 62 unsigned int hdroff = iphdroff + iph->ihl*4;
63 63
64 if (!skb_make_writable(pskb, hdroff + sizeof(*hdr))) 64 if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
65 return 0; 65 return 0;
66 66
67 hdr = (struct icmphdr *)((*pskb)->data + hdroff); 67 hdr = (struct icmphdr *)(skb->data + hdroff);
68 nf_proto_csum_replace2(&hdr->checksum, *pskb, 68 nf_proto_csum_replace2(&hdr->checksum, skb,
69 hdr->un.echo.id, tuple->src.u.icmp.id, 0); 69 hdr->un.echo.id, tuple->src.u.icmp.id, 0);
70 hdr->un.echo.id = tuple->src.u.icmp.id; 70 hdr->un.echo.id = tuple->src.u.icmp.id;
71 return 1; 71 return 1;
diff --git a/net/ipv4/netfilter/nf_nat_proto_tcp.c b/net/ipv4/netfilter/nf_nat_proto_tcp.c
index 5bbbb2acdc70..6bab2e184455 100644
--- a/net/ipv4/netfilter/nf_nat_proto_tcp.c
+++ b/net/ipv4/netfilter/nf_nat_proto_tcp.c
@@ -88,12 +88,12 @@ tcp_unique_tuple(struct nf_conntrack_tuple *tuple,
88} 88}
89 89
90static int 90static int
91tcp_manip_pkt(struct sk_buff **pskb, 91tcp_manip_pkt(struct sk_buff *skb,
92 unsigned int iphdroff, 92 unsigned int iphdroff,
93 const struct nf_conntrack_tuple *tuple, 93 const struct nf_conntrack_tuple *tuple,
94 enum nf_nat_manip_type maniptype) 94 enum nf_nat_manip_type maniptype)
95{ 95{
96 struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); 96 struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff);
97 struct tcphdr *hdr; 97 struct tcphdr *hdr;
98 unsigned int hdroff = iphdroff + iph->ihl*4; 98 unsigned int hdroff = iphdroff + iph->ihl*4;
99 __be32 oldip, newip; 99 __be32 oldip, newip;
@@ -103,14 +103,14 @@ tcp_manip_pkt(struct sk_buff **pskb,
103 /* this could be a inner header returned in icmp packet; in such 103 /* this could be a inner header returned in icmp packet; in such
104 cases we cannot update the checksum field since it is outside of 104 cases we cannot update the checksum field since it is outside of
105 the 8 bytes of transport layer headers we are guaranteed */ 105 the 8 bytes of transport layer headers we are guaranteed */
106 if ((*pskb)->len >= hdroff + sizeof(struct tcphdr)) 106 if (skb->len >= hdroff + sizeof(struct tcphdr))
107 hdrsize = sizeof(struct tcphdr); 107 hdrsize = sizeof(struct tcphdr);
108 108
109 if (!skb_make_writable(pskb, hdroff + hdrsize)) 109 if (!skb_make_writable(skb, hdroff + hdrsize))
110 return 0; 110 return 0;
111 111
112 iph = (struct iphdr *)((*pskb)->data + iphdroff); 112 iph = (struct iphdr *)(skb->data + iphdroff);
113 hdr = (struct tcphdr *)((*pskb)->data + hdroff); 113 hdr = (struct tcphdr *)(skb->data + hdroff);
114 114
115 if (maniptype == IP_NAT_MANIP_SRC) { 115 if (maniptype == IP_NAT_MANIP_SRC) {
116 /* Get rid of src ip and src pt */ 116 /* Get rid of src ip and src pt */
@@ -132,8 +132,8 @@ tcp_manip_pkt(struct sk_buff **pskb,
132 if (hdrsize < sizeof(*hdr)) 132 if (hdrsize < sizeof(*hdr))
133 return 1; 133 return 1;
134 134
135 nf_proto_csum_replace4(&hdr->check, *pskb, oldip, newip, 1); 135 nf_proto_csum_replace4(&hdr->check, skb, oldip, newip, 1);
136 nf_proto_csum_replace2(&hdr->check, *pskb, oldport, newport, 0); 136 nf_proto_csum_replace2(&hdr->check, skb, oldport, newport, 0);
137 return 1; 137 return 1;
138} 138}
139 139
diff --git a/net/ipv4/netfilter/nf_nat_proto_udp.c b/net/ipv4/netfilter/nf_nat_proto_udp.c
index a0af4fd95584..cbf1a61e2908 100644
--- a/net/ipv4/netfilter/nf_nat_proto_udp.c
+++ b/net/ipv4/netfilter/nf_nat_proto_udp.c
@@ -86,22 +86,22 @@ udp_unique_tuple(struct nf_conntrack_tuple *tuple,
86} 86}
87 87
88static int 88static int
89udp_manip_pkt(struct sk_buff **pskb, 89udp_manip_pkt(struct sk_buff *skb,
90 unsigned int iphdroff, 90 unsigned int iphdroff,
91 const struct nf_conntrack_tuple *tuple, 91 const struct nf_conntrack_tuple *tuple,
92 enum nf_nat_manip_type maniptype) 92 enum nf_nat_manip_type maniptype)
93{ 93{
94 struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); 94 struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff);
95 struct udphdr *hdr; 95 struct udphdr *hdr;
96 unsigned int hdroff = iphdroff + iph->ihl*4; 96 unsigned int hdroff = iphdroff + iph->ihl*4;
97 __be32 oldip, newip; 97 __be32 oldip, newip;
98 __be16 *portptr, newport; 98 __be16 *portptr, newport;
99 99
100 if (!skb_make_writable(pskb, hdroff + sizeof(*hdr))) 100 if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
101 return 0; 101 return 0;
102 102
103 iph = (struct iphdr *)((*pskb)->data + iphdroff); 103 iph = (struct iphdr *)(skb->data + iphdroff);
104 hdr = (struct udphdr *)((*pskb)->data + hdroff); 104 hdr = (struct udphdr *)(skb->data + hdroff);
105 105
106 if (maniptype == IP_NAT_MANIP_SRC) { 106 if (maniptype == IP_NAT_MANIP_SRC) {
107 /* Get rid of src ip and src pt */ 107 /* Get rid of src ip and src pt */
@@ -116,9 +116,9 @@ udp_manip_pkt(struct sk_buff **pskb,
116 newport = tuple->dst.u.udp.port; 116 newport = tuple->dst.u.udp.port;
117 portptr = &hdr->dest; 117 portptr = &hdr->dest;
118 } 118 }
119 if (hdr->check || (*pskb)->ip_summed == CHECKSUM_PARTIAL) { 119 if (hdr->check || skb->ip_summed == CHECKSUM_PARTIAL) {
120 nf_proto_csum_replace4(&hdr->check, *pskb, oldip, newip, 1); 120 nf_proto_csum_replace4(&hdr->check, skb, oldip, newip, 1);
121 nf_proto_csum_replace2(&hdr->check, *pskb, *portptr, newport, 121 nf_proto_csum_replace2(&hdr->check, skb, *portptr, newport,
122 0); 122 0);
123 if (!hdr->check) 123 if (!hdr->check)
124 hdr->check = CSUM_MANGLED_0; 124 hdr->check = CSUM_MANGLED_0;
diff --git a/net/ipv4/netfilter/nf_nat_proto_unknown.c b/net/ipv4/netfilter/nf_nat_proto_unknown.c
index f50d0203f9c0..cfd2742e9706 100644
--- a/net/ipv4/netfilter/nf_nat_proto_unknown.c
+++ b/net/ipv4/netfilter/nf_nat_proto_unknown.c
@@ -37,7 +37,7 @@ static int unknown_unique_tuple(struct nf_conntrack_tuple *tuple,
37} 37}
38 38
39static int 39static int
40unknown_manip_pkt(struct sk_buff **pskb, 40unknown_manip_pkt(struct sk_buff *skb,
41 unsigned int iphdroff, 41 unsigned int iphdroff,
42 const struct nf_conntrack_tuple *tuple, 42 const struct nf_conntrack_tuple *tuple,
43 enum nf_nat_manip_type maniptype) 43 enum nf_nat_manip_type maniptype)
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index 76ec59ae524d..46b25ab5f78b 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -65,7 +65,7 @@ static struct xt_table nat_table = {
65}; 65};
66 66
67/* Source NAT */ 67/* Source NAT */
68static unsigned int ipt_snat_target(struct sk_buff **pskb, 68static unsigned int ipt_snat_target(struct sk_buff *skb,
69 const struct net_device *in, 69 const struct net_device *in,
70 const struct net_device *out, 70 const struct net_device *out,
71 unsigned int hooknum, 71 unsigned int hooknum,
@@ -78,7 +78,7 @@ static unsigned int ipt_snat_target(struct sk_buff **pskb,
78 78
79 NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); 79 NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING);
80 80
81 ct = nf_ct_get(*pskb, &ctinfo); 81 ct = nf_ct_get(skb, &ctinfo);
82 82
83 /* Connection must be valid and new. */ 83 /* Connection must be valid and new. */
84 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED || 84 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
@@ -107,7 +107,7 @@ static void warn_if_extra_mangle(__be32 dstip, __be32 srcip)
107 ip_rt_put(rt); 107 ip_rt_put(rt);
108} 108}
109 109
110static unsigned int ipt_dnat_target(struct sk_buff **pskb, 110static unsigned int ipt_dnat_target(struct sk_buff *skb,
111 const struct net_device *in, 111 const struct net_device *in,
112 const struct net_device *out, 112 const struct net_device *out,
113 unsigned int hooknum, 113 unsigned int hooknum,
@@ -121,14 +121,14 @@ static unsigned int ipt_dnat_target(struct sk_buff **pskb,
121 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || 121 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING ||
122 hooknum == NF_IP_LOCAL_OUT); 122 hooknum == NF_IP_LOCAL_OUT);
123 123
124 ct = nf_ct_get(*pskb, &ctinfo); 124 ct = nf_ct_get(skb, &ctinfo);
125 125
126 /* Connection must be valid and new. */ 126 /* Connection must be valid and new. */
127 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); 127 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
128 128
129 if (hooknum == NF_IP_LOCAL_OUT && 129 if (hooknum == NF_IP_LOCAL_OUT &&
130 mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) 130 mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)
131 warn_if_extra_mangle(ip_hdr(*pskb)->daddr, 131 warn_if_extra_mangle(ip_hdr(skb)->daddr,
132 mr->range[0].min_ip); 132 mr->range[0].min_ip);
133 133
134 return nf_nat_setup_info(ct, &mr->range[0], hooknum); 134 return nf_nat_setup_info(ct, &mr->range[0], hooknum);
@@ -204,7 +204,7 @@ alloc_null_binding_confirmed(struct nf_conn *ct, unsigned int hooknum)
204 return nf_nat_setup_info(ct, &range, hooknum); 204 return nf_nat_setup_info(ct, &range, hooknum);
205} 205}
206 206
207int nf_nat_rule_find(struct sk_buff **pskb, 207int nf_nat_rule_find(struct sk_buff *skb,
208 unsigned int hooknum, 208 unsigned int hooknum,
209 const struct net_device *in, 209 const struct net_device *in,
210 const struct net_device *out, 210 const struct net_device *out,
@@ -212,7 +212,7 @@ int nf_nat_rule_find(struct sk_buff **pskb,
212{ 212{
213 int ret; 213 int ret;
214 214
215 ret = ipt_do_table(pskb, hooknum, in, out, &nat_table); 215 ret = ipt_do_table(skb, hooknum, in, out, &nat_table);
216 216
217 if (ret == NF_ACCEPT) { 217 if (ret == NF_ACCEPT) {
218 if (!nf_nat_initialized(ct, HOOK2MANIP(hooknum))) 218 if (!nf_nat_initialized(ct, HOOK2MANIP(hooknum)))
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c
index e14d41976c27..ce9edbcc01e3 100644
--- a/net/ipv4/netfilter/nf_nat_sip.c
+++ b/net/ipv4/netfilter/nf_nat_sip.c
@@ -60,7 +60,7 @@ static void addr_map_init(struct nf_conn *ct, struct addr_map *map)
60 } 60 }
61} 61}
62 62
63static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo, 63static int map_sip_addr(struct sk_buff *skb, enum ip_conntrack_info ctinfo,
64 struct nf_conn *ct, const char **dptr, size_t dlen, 64 struct nf_conn *ct, const char **dptr, size_t dlen,
65 enum sip_header_pos pos, struct addr_map *map) 65 enum sip_header_pos pos, struct addr_map *map)
66{ 66{
@@ -84,15 +84,15 @@ static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo,
84 } else 84 } else
85 return 1; 85 return 1;
86 86
87 if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, 87 if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
88 matchoff, matchlen, addr, addrlen)) 88 matchoff, matchlen, addr, addrlen))
89 return 0; 89 return 0;
90 *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr); 90 *dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
91 return 1; 91 return 1;
92 92
93} 93}
94 94
95static unsigned int ip_nat_sip(struct sk_buff **pskb, 95static unsigned int ip_nat_sip(struct sk_buff *skb,
96 enum ip_conntrack_info ctinfo, 96 enum ip_conntrack_info ctinfo,
97 struct nf_conn *ct, 97 struct nf_conn *ct,
98 const char **dptr) 98 const char **dptr)
@@ -101,8 +101,8 @@ static unsigned int ip_nat_sip(struct sk_buff **pskb,
101 struct addr_map map; 101 struct addr_map map;
102 int dataoff, datalen; 102 int dataoff, datalen;
103 103
104 dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); 104 dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);
105 datalen = (*pskb)->len - dataoff; 105 datalen = skb->len - dataoff;
106 if (datalen < sizeof("SIP/2.0") - 1) 106 if (datalen < sizeof("SIP/2.0") - 1)
107 return NF_ACCEPT; 107 return NF_ACCEPT;
108 108
@@ -121,19 +121,19 @@ static unsigned int ip_nat_sip(struct sk_buff **pskb,
121 else 121 else
122 pos = POS_REQ_URI; 122 pos = POS_REQ_URI;
123 123
124 if (!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, pos, &map)) 124 if (!map_sip_addr(skb, ctinfo, ct, dptr, datalen, pos, &map))
125 return NF_DROP; 125 return NF_DROP;
126 } 126 }
127 127
128 if (!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_FROM, &map) || 128 if (!map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_FROM, &map) ||
129 !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_TO, &map) || 129 !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_TO, &map) ||
130 !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_VIA, &map) || 130 !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_VIA, &map) ||
131 !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_CONTACT, &map)) 131 !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_CONTACT, &map))
132 return NF_DROP; 132 return NF_DROP;
133 return NF_ACCEPT; 133 return NF_ACCEPT;
134} 134}
135 135
136static unsigned int mangle_sip_packet(struct sk_buff **pskb, 136static unsigned int mangle_sip_packet(struct sk_buff *skb,
137 enum ip_conntrack_info ctinfo, 137 enum ip_conntrack_info ctinfo,
138 struct nf_conn *ct, 138 struct nf_conn *ct,
139 const char **dptr, size_t dlen, 139 const char **dptr, size_t dlen,
@@ -145,16 +145,16 @@ static unsigned int mangle_sip_packet(struct sk_buff **pskb,
145 if (ct_sip_get_info(ct, *dptr, dlen, &matchoff, &matchlen, pos) <= 0) 145 if (ct_sip_get_info(ct, *dptr, dlen, &matchoff, &matchlen, pos) <= 0)
146 return 0; 146 return 0;
147 147
148 if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, 148 if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
149 matchoff, matchlen, buffer, bufflen)) 149 matchoff, matchlen, buffer, bufflen))
150 return 0; 150 return 0;
151 151
152 /* We need to reload this. Thanks Patrick. */ 152 /* We need to reload this. Thanks Patrick. */
153 *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr); 153 *dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
154 return 1; 154 return 1;
155} 155}
156 156
157static int mangle_content_len(struct sk_buff **pskb, 157static int mangle_content_len(struct sk_buff *skb,
158 enum ip_conntrack_info ctinfo, 158 enum ip_conntrack_info ctinfo,
159 struct nf_conn *ct, 159 struct nf_conn *ct,
160 const char *dptr) 160 const char *dptr)
@@ -163,22 +163,22 @@ static int mangle_content_len(struct sk_buff **pskb,
163 char buffer[sizeof("65536")]; 163 char buffer[sizeof("65536")];
164 int bufflen; 164 int bufflen;
165 165
166 dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); 166 dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);
167 167
168 /* Get actual SDP lenght */ 168 /* Get actual SDP lenght */
169 if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff, 169 if (ct_sip_get_info(ct, dptr, skb->len - dataoff, &matchoff,
170 &matchlen, POS_SDP_HEADER) > 0) { 170 &matchlen, POS_SDP_HEADER) > 0) {
171 171
172 /* since ct_sip_get_info() give us a pointer passing 'v=' 172 /* since ct_sip_get_info() give us a pointer passing 'v='
173 we need to add 2 bytes in this count. */ 173 we need to add 2 bytes in this count. */
174 int c_len = (*pskb)->len - dataoff - matchoff + 2; 174 int c_len = skb->len - dataoff - matchoff + 2;
175 175
176 /* Now, update SDP length */ 176 /* Now, update SDP length */
177 if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff, 177 if (ct_sip_get_info(ct, dptr, skb->len - dataoff, &matchoff,
178 &matchlen, POS_CONTENT) > 0) { 178 &matchlen, POS_CONTENT) > 0) {
179 179
180 bufflen = sprintf(buffer, "%u", c_len); 180 bufflen = sprintf(buffer, "%u", c_len);
181 return nf_nat_mangle_udp_packet(pskb, ct, ctinfo, 181 return nf_nat_mangle_udp_packet(skb, ct, ctinfo,
182 matchoff, matchlen, 182 matchoff, matchlen,
183 buffer, bufflen); 183 buffer, bufflen);
184 } 184 }
@@ -186,7 +186,7 @@ static int mangle_content_len(struct sk_buff **pskb,
186 return 0; 186 return 0;
187} 187}
188 188
189static unsigned int mangle_sdp(struct sk_buff **pskb, 189static unsigned int mangle_sdp(struct sk_buff *skb,
190 enum ip_conntrack_info ctinfo, 190 enum ip_conntrack_info ctinfo,
191 struct nf_conn *ct, 191 struct nf_conn *ct,
192 __be32 newip, u_int16_t port, 192 __be32 newip, u_int16_t port,
@@ -195,25 +195,25 @@ static unsigned int mangle_sdp(struct sk_buff **pskb,
195 char buffer[sizeof("nnn.nnn.nnn.nnn")]; 195 char buffer[sizeof("nnn.nnn.nnn.nnn")];
196 unsigned int dataoff, bufflen; 196 unsigned int dataoff, bufflen;
197 197
198 dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); 198 dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);
199 199
200 /* Mangle owner and contact info. */ 200 /* Mangle owner and contact info. */
201 bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip)); 201 bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip));
202 if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, 202 if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,
203 buffer, bufflen, POS_OWNER_IP4)) 203 buffer, bufflen, POS_OWNER_IP4))
204 return 0; 204 return 0;
205 205
206 if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, 206 if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,
207 buffer, bufflen, POS_CONNECTION_IP4)) 207 buffer, bufflen, POS_CONNECTION_IP4))
208 return 0; 208 return 0;
209 209
210 /* Mangle media port. */ 210 /* Mangle media port. */
211 bufflen = sprintf(buffer, "%u", port); 211 bufflen = sprintf(buffer, "%u", port);
212 if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, 212 if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,
213 buffer, bufflen, POS_MEDIA)) 213 buffer, bufflen, POS_MEDIA))
214 return 0; 214 return 0;
215 215
216 return mangle_content_len(pskb, ctinfo, ct, dptr); 216 return mangle_content_len(skb, ctinfo, ct, dptr);
217} 217}
218 218
219static void ip_nat_sdp_expect(struct nf_conn *ct, 219static void ip_nat_sdp_expect(struct nf_conn *ct,
@@ -241,7 +241,7 @@ static void ip_nat_sdp_expect(struct nf_conn *ct,
241 241
242/* So, this packet has hit the connection tracking matching code. 242/* So, this packet has hit the connection tracking matching code.
243 Mangle it, and change the expectation to match the new version. */ 243 Mangle it, and change the expectation to match the new version. */
244static unsigned int ip_nat_sdp(struct sk_buff **pskb, 244static unsigned int ip_nat_sdp(struct sk_buff *skb,
245 enum ip_conntrack_info ctinfo, 245 enum ip_conntrack_info ctinfo,
246 struct nf_conntrack_expect *exp, 246 struct nf_conntrack_expect *exp,
247 const char *dptr) 247 const char *dptr)
@@ -277,7 +277,7 @@ static unsigned int ip_nat_sdp(struct sk_buff **pskb,
277 if (port == 0) 277 if (port == 0)
278 return NF_DROP; 278 return NF_DROP;
279 279
280 if (!mangle_sdp(pskb, ctinfo, ct, newip, port, dptr)) { 280 if (!mangle_sdp(skb, ctinfo, ct, newip, port, dptr)) {
281 nf_ct_unexpect_related(exp); 281 nf_ct_unexpect_related(exp);
282 return NF_DROP; 282 return NF_DROP;
283 } 283 }
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c
index 6bfcd3a90f08..03709d6b4b06 100644
--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
@@ -1188,9 +1188,9 @@ static int snmp_parse_mangle(unsigned char *msg,
1188 */ 1188 */
1189static int snmp_translate(struct nf_conn *ct, 1189static int snmp_translate(struct nf_conn *ct,
1190 enum ip_conntrack_info ctinfo, 1190 enum ip_conntrack_info ctinfo,
1191 struct sk_buff **pskb) 1191 struct sk_buff *skb)
1192{ 1192{
1193 struct iphdr *iph = ip_hdr(*pskb); 1193 struct iphdr *iph = ip_hdr(skb);
1194 struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl); 1194 struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl);
1195 u_int16_t udplen = ntohs(udph->len); 1195 u_int16_t udplen = ntohs(udph->len);
1196 u_int16_t paylen = udplen - sizeof(struct udphdr); 1196 u_int16_t paylen = udplen - sizeof(struct udphdr);
@@ -1225,13 +1225,13 @@ static int snmp_translate(struct nf_conn *ct,
1225 1225
1226/* We don't actually set up expectations, just adjust internal IP 1226/* We don't actually set up expectations, just adjust internal IP
1227 * addresses if this is being NATted */ 1227 * addresses if this is being NATted */
1228static int help(struct sk_buff **pskb, unsigned int protoff, 1228static int help(struct sk_buff *skb, unsigned int protoff,
1229 struct nf_conn *ct, 1229 struct nf_conn *ct,
1230 enum ip_conntrack_info ctinfo) 1230 enum ip_conntrack_info ctinfo)
1231{ 1231{
1232 int dir = CTINFO2DIR(ctinfo); 1232 int dir = CTINFO2DIR(ctinfo);
1233 unsigned int ret; 1233 unsigned int ret;
1234 struct iphdr *iph = ip_hdr(*pskb); 1234 struct iphdr *iph = ip_hdr(skb);
1235 struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl); 1235 struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl);
1236 1236
1237 /* SNMP replies and originating SNMP traps get mangled */ 1237 /* SNMP replies and originating SNMP traps get mangled */
@@ -1250,7 +1250,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff,
1250 * enough room for a UDP header. Just verify the UDP length field so we 1250 * enough room for a UDP header. Just verify the UDP length field so we
1251 * can mess around with the payload. 1251 * can mess around with the payload.
1252 */ 1252 */
1253 if (ntohs(udph->len) != (*pskb)->len - (iph->ihl << 2)) { 1253 if (ntohs(udph->len) != skb->len - (iph->ihl << 2)) {
1254 if (net_ratelimit()) 1254 if (net_ratelimit())
1255 printk(KERN_WARNING "SNMP: dropping malformed packet " 1255 printk(KERN_WARNING "SNMP: dropping malformed packet "
1256 "src=%u.%u.%u.%u dst=%u.%u.%u.%u\n", 1256 "src=%u.%u.%u.%u dst=%u.%u.%u.%u\n",
@@ -1258,11 +1258,11 @@ static int help(struct sk_buff **pskb, unsigned int protoff,
1258 return NF_DROP; 1258 return NF_DROP;
1259 } 1259 }
1260 1260
1261 if (!skb_make_writable(pskb, (*pskb)->len)) 1261 if (!skb_make_writable(skb, skb->len))
1262 return NF_DROP; 1262 return NF_DROP;
1263 1263
1264 spin_lock_bh(&snmp_lock); 1264 spin_lock_bh(&snmp_lock);
1265 ret = snmp_translate(ct, ctinfo, pskb); 1265 ret = snmp_translate(ct, ctinfo, skb);
1266 spin_unlock_bh(&snmp_lock); 1266 spin_unlock_bh(&snmp_lock);
1267 return ret; 1267 return ret;
1268} 1268}
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c
index 46cc99def165..7db76ea9af91 100644
--- a/net/ipv4/netfilter/nf_nat_standalone.c
+++ b/net/ipv4/netfilter/nf_nat_standalone.c
@@ -67,7 +67,7 @@ static void nat_decode_session(struct sk_buff *skb, struct flowi *fl)
67 67
68static unsigned int 68static unsigned int
69nf_nat_fn(unsigned int hooknum, 69nf_nat_fn(unsigned int hooknum,
70 struct sk_buff **pskb, 70 struct sk_buff *skb,
71 const struct net_device *in, 71 const struct net_device *in,
72 const struct net_device *out, 72 const struct net_device *out,
73 int (*okfn)(struct sk_buff *)) 73 int (*okfn)(struct sk_buff *))
@@ -80,9 +80,9 @@ nf_nat_fn(unsigned int hooknum,
80 80
81 /* We never see fragments: conntrack defrags on pre-routing 81 /* We never see fragments: conntrack defrags on pre-routing
82 and local-out, and nf_nat_out protects post-routing. */ 82 and local-out, and nf_nat_out protects post-routing. */
83 NF_CT_ASSERT(!(ip_hdr(*pskb)->frag_off & htons(IP_MF | IP_OFFSET))); 83 NF_CT_ASSERT(!(ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)));
84 84
85 ct = nf_ct_get(*pskb, &ctinfo); 85 ct = nf_ct_get(skb, &ctinfo);
86 /* Can't track? It's not due to stress, or conntrack would 86 /* Can't track? It's not due to stress, or conntrack would
87 have dropped it. Hence it's the user's responsibilty to 87 have dropped it. Hence it's the user's responsibilty to
88 packet filter it out, or implement conntrack/NAT for that 88 packet filter it out, or implement conntrack/NAT for that
@@ -91,10 +91,10 @@ nf_nat_fn(unsigned int hooknum,
91 /* Exception: ICMP redirect to new connection (not in 91 /* Exception: ICMP redirect to new connection (not in
92 hash table yet). We must not let this through, in 92 hash table yet). We must not let this through, in
93 case we're doing NAT to the same network. */ 93 case we're doing NAT to the same network. */
94 if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP) { 94 if (ip_hdr(skb)->protocol == IPPROTO_ICMP) {
95 struct icmphdr _hdr, *hp; 95 struct icmphdr _hdr, *hp;
96 96
97 hp = skb_header_pointer(*pskb, ip_hdrlen(*pskb), 97 hp = skb_header_pointer(skb, ip_hdrlen(skb),
98 sizeof(_hdr), &_hdr); 98 sizeof(_hdr), &_hdr);
99 if (hp != NULL && 99 if (hp != NULL &&
100 hp->type == ICMP_REDIRECT) 100 hp->type == ICMP_REDIRECT)
@@ -119,9 +119,9 @@ nf_nat_fn(unsigned int hooknum,
119 switch (ctinfo) { 119 switch (ctinfo) {
120 case IP_CT_RELATED: 120 case IP_CT_RELATED:
121 case IP_CT_RELATED+IP_CT_IS_REPLY: 121 case IP_CT_RELATED+IP_CT_IS_REPLY:
122 if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP) { 122 if (ip_hdr(skb)->protocol == IPPROTO_ICMP) {
123 if (!nf_nat_icmp_reply_translation(ct, ctinfo, 123 if (!nf_nat_icmp_reply_translation(ct, ctinfo,
124 hooknum, pskb)) 124 hooknum, skb))
125 return NF_DROP; 125 return NF_DROP;
126 else 126 else
127 return NF_ACCEPT; 127 return NF_ACCEPT;
@@ -141,7 +141,7 @@ nf_nat_fn(unsigned int hooknum,
141 /* LOCAL_IN hook doesn't have a chain! */ 141 /* LOCAL_IN hook doesn't have a chain! */
142 ret = alloc_null_binding(ct, hooknum); 142 ret = alloc_null_binding(ct, hooknum);
143 else 143 else
144 ret = nf_nat_rule_find(pskb, hooknum, in, out, 144 ret = nf_nat_rule_find(skb, hooknum, in, out,
145 ct); 145 ct);
146 146
147 if (ret != NF_ACCEPT) { 147 if (ret != NF_ACCEPT) {
@@ -159,31 +159,31 @@ nf_nat_fn(unsigned int hooknum,
159 ctinfo == (IP_CT_ESTABLISHED+IP_CT_IS_REPLY)); 159 ctinfo == (IP_CT_ESTABLISHED+IP_CT_IS_REPLY));
160 } 160 }
161 161
162 return nf_nat_packet(ct, ctinfo, hooknum, pskb); 162 return nf_nat_packet(ct, ctinfo, hooknum, skb);
163} 163}
164 164
165static unsigned int 165static unsigned int
166nf_nat_in(unsigned int hooknum, 166nf_nat_in(unsigned int hooknum,
167 struct sk_buff **pskb, 167 struct sk_buff *skb,
168 const struct net_device *in, 168 const struct net_device *in,
169 const struct net_device *out, 169 const struct net_device *out,
170 int (*okfn)(struct sk_buff *)) 170 int (*okfn)(struct sk_buff *))
171{ 171{
172 unsigned int ret; 172 unsigned int ret;
173 __be32 daddr = ip_hdr(*pskb)->daddr; 173 __be32 daddr = ip_hdr(skb)->daddr;
174 174
175 ret = nf_nat_fn(hooknum, pskb, in, out, okfn); 175 ret = nf_nat_fn(hooknum, skb, in, out, okfn);
176 if (ret != NF_DROP && ret != NF_STOLEN && 176 if (ret != NF_DROP && ret != NF_STOLEN &&
177 daddr != ip_hdr(*pskb)->daddr) { 177 daddr != ip_hdr(skb)->daddr) {
178 dst_release((*pskb)->dst); 178 dst_release(skb->dst);
179 (*pskb)->dst = NULL; 179 skb->dst = NULL;
180 } 180 }
181 return ret; 181 return ret;
182} 182}
183 183
184static unsigned int 184static unsigned int
185nf_nat_out(unsigned int hooknum, 185nf_nat_out(unsigned int hooknum,
186 struct sk_buff **pskb, 186 struct sk_buff *skb,
187 const struct net_device *in, 187 const struct net_device *in,
188 const struct net_device *out, 188 const struct net_device *out,
189 int (*okfn)(struct sk_buff *)) 189 int (*okfn)(struct sk_buff *))
@@ -195,14 +195,14 @@ nf_nat_out(unsigned int hooknum,
195 unsigned int ret; 195 unsigned int ret;
196 196
197 /* root is playing with raw sockets. */ 197 /* root is playing with raw sockets. */
198 if ((*pskb)->len < sizeof(struct iphdr) || 198 if (skb->len < sizeof(struct iphdr) ||
199 ip_hdrlen(*pskb) < sizeof(struct iphdr)) 199 ip_hdrlen(skb) < sizeof(struct iphdr))
200 return NF_ACCEPT; 200 return NF_ACCEPT;
201 201
202 ret = nf_nat_fn(hooknum, pskb, in, out, okfn); 202 ret = nf_nat_fn(hooknum, skb, in, out, okfn);
203#ifdef CONFIG_XFRM 203#ifdef CONFIG_XFRM
204 if (ret != NF_DROP && ret != NF_STOLEN && 204 if (ret != NF_DROP && ret != NF_STOLEN &&
205 (ct = nf_ct_get(*pskb, &ctinfo)) != NULL) { 205 (ct = nf_ct_get(skb, &ctinfo)) != NULL) {
206 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 206 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
207 207
208 if (ct->tuplehash[dir].tuple.src.u3.ip != 208 if (ct->tuplehash[dir].tuple.src.u3.ip !=
@@ -210,7 +210,7 @@ nf_nat_out(unsigned int hooknum,
210 || ct->tuplehash[dir].tuple.src.u.all != 210 || ct->tuplehash[dir].tuple.src.u.all !=
211 ct->tuplehash[!dir].tuple.dst.u.all 211 ct->tuplehash[!dir].tuple.dst.u.all
212 ) 212 )
213 return ip_xfrm_me_harder(pskb) == 0 ? ret : NF_DROP; 213 return ip_xfrm_me_harder(skb) == 0 ? ret : NF_DROP;
214 } 214 }
215#endif 215#endif
216 return ret; 216 return ret;
@@ -218,7 +218,7 @@ nf_nat_out(unsigned int hooknum,
218 218
219static unsigned int 219static unsigned int
220nf_nat_local_fn(unsigned int hooknum, 220nf_nat_local_fn(unsigned int hooknum,
221 struct sk_buff **pskb, 221 struct sk_buff *skb,
222 const struct net_device *in, 222 const struct net_device *in,
223 const struct net_device *out, 223 const struct net_device *out,
224 int (*okfn)(struct sk_buff *)) 224 int (*okfn)(struct sk_buff *))
@@ -228,24 +228,24 @@ nf_nat_local_fn(unsigned int hooknum,
228 unsigned int ret; 228 unsigned int ret;
229 229
230 /* root is playing with raw sockets. */ 230 /* root is playing with raw sockets. */
231 if ((*pskb)->len < sizeof(struct iphdr) || 231 if (skb->len < sizeof(struct iphdr) ||
232 ip_hdrlen(*pskb) < sizeof(struct iphdr)) 232 ip_hdrlen(skb) < sizeof(struct iphdr))
233 return NF_ACCEPT; 233 return NF_ACCEPT;
234 234
235 ret = nf_nat_fn(hooknum, pskb, in, out, okfn); 235 ret = nf_nat_fn(hooknum, skb, in, out, okfn);
236 if (ret != NF_DROP && ret != NF_STOLEN && 236 if (ret != NF_DROP && ret != NF_STOLEN &&
237 (ct = nf_ct_get(*pskb, &ctinfo)) != NULL) { 237 (ct = nf_ct_get(skb, &ctinfo)) != NULL) {
238 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 238 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
239 239
240 if (ct->tuplehash[dir].tuple.dst.u3.ip != 240 if (ct->tuplehash[dir].tuple.dst.u3.ip !=
241 ct->tuplehash[!dir].tuple.src.u3.ip) { 241 ct->tuplehash[!dir].tuple.src.u3.ip) {
242 if (ip_route_me_harder(pskb, RTN_UNSPEC)) 242 if (ip_route_me_harder(skb, RTN_UNSPEC))
243 ret = NF_DROP; 243 ret = NF_DROP;
244 } 244 }
245#ifdef CONFIG_XFRM 245#ifdef CONFIG_XFRM
246 else if (ct->tuplehash[dir].tuple.dst.u.all != 246 else if (ct->tuplehash[dir].tuple.dst.u.all !=
247 ct->tuplehash[!dir].tuple.src.u.all) 247 ct->tuplehash[!dir].tuple.src.u.all)
248 if (ip_xfrm_me_harder(pskb)) 248 if (ip_xfrm_me_harder(skb))
249 ret = NF_DROP; 249 ret = NF_DROP;
250#endif 250#endif
251 } 251 }
@@ -254,7 +254,7 @@ nf_nat_local_fn(unsigned int hooknum,
254 254
255static unsigned int 255static unsigned int
256nf_nat_adjust(unsigned int hooknum, 256nf_nat_adjust(unsigned int hooknum,
257 struct sk_buff **pskb, 257 struct sk_buff *skb,
258 const struct net_device *in, 258 const struct net_device *in,
259 const struct net_device *out, 259 const struct net_device *out,
260 int (*okfn)(struct sk_buff *)) 260 int (*okfn)(struct sk_buff *))
@@ -262,10 +262,10 @@ nf_nat_adjust(unsigned int hooknum,
262 struct nf_conn *ct; 262 struct nf_conn *ct;
263 enum ip_conntrack_info ctinfo; 263 enum ip_conntrack_info ctinfo;
264 264
265 ct = nf_ct_get(*pskb, &ctinfo); 265 ct = nf_ct_get(skb, &ctinfo);
266 if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) { 266 if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) {
267 pr_debug("nf_nat_standalone: adjusting sequence number\n"); 267 pr_debug("nf_nat_standalone: adjusting sequence number\n");
268 if (!nf_nat_seq_adjust(pskb, ct, ctinfo)) 268 if (!nf_nat_seq_adjust(skb, ct, ctinfo))
269 return NF_DROP; 269 return NF_DROP;
270 } 270 }
271 return NF_ACCEPT; 271 return NF_ACCEPT;
diff --git a/net/ipv4/netfilter/nf_nat_tftp.c b/net/ipv4/netfilter/nf_nat_tftp.c
index 04dfeaefec02..0ecec701cb44 100644
--- a/net/ipv4/netfilter/nf_nat_tftp.c
+++ b/net/ipv4/netfilter/nf_nat_tftp.c
@@ -20,7 +20,7 @@ MODULE_DESCRIPTION("TFTP NAT helper");
20MODULE_LICENSE("GPL"); 20MODULE_LICENSE("GPL");
21MODULE_ALIAS("ip_nat_tftp"); 21MODULE_ALIAS("ip_nat_tftp");
22 22
23static unsigned int help(struct sk_buff **pskb, 23static unsigned int help(struct sk_buff *skb,
24 enum ip_conntrack_info ctinfo, 24 enum ip_conntrack_info ctinfo,
25 struct nf_conntrack_expect *exp) 25 struct nf_conntrack_expect *exp)
26{ 26{
diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c
index e5b05b039101..fd16cb8f8abe 100644
--- a/net/ipv4/proc.c
+++ b/net/ipv4/proc.c
@@ -70,8 +70,8 @@ static int sockstat_seq_show(struct seq_file *seq, void *v)
70 seq_printf(seq, "UDP: inuse %d\n", fold_prot_inuse(&udp_prot)); 70 seq_printf(seq, "UDP: inuse %d\n", fold_prot_inuse(&udp_prot));
71 seq_printf(seq, "UDPLITE: inuse %d\n", fold_prot_inuse(&udplite_prot)); 71 seq_printf(seq, "UDPLITE: inuse %d\n", fold_prot_inuse(&udplite_prot));
72 seq_printf(seq, "RAW: inuse %d\n", fold_prot_inuse(&raw_prot)); 72 seq_printf(seq, "RAW: inuse %d\n", fold_prot_inuse(&raw_prot));
73 seq_printf(seq, "FRAG: inuse %d memory %d\n", ip_frag_nqueues, 73 seq_printf(seq, "FRAG: inuse %d memory %d\n",
74 atomic_read(&ip_frag_mem)); 74 ip_frag_nqueues(), ip_frag_mem());
75 return 0; 75 return 0;
76} 76}
77 77
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index eb286abcf5dc..c98ef16effd2 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -19,6 +19,7 @@
19#include <net/route.h> 19#include <net/route.h>
20#include <net/tcp.h> 20#include <net/tcp.h>
21#include <net/cipso_ipv4.h> 21#include <net/cipso_ipv4.h>
22#include <net/inet_frag.h>
22 23
23/* From af_inet.c */ 24/* From af_inet.c */
24extern int sysctl_ip_nonlocal_bind; 25extern int sysctl_ip_nonlocal_bind;
@@ -357,7 +358,7 @@ ctl_table ipv4_table[] = {
357 { 358 {
358 .ctl_name = NET_IPV4_IPFRAG_HIGH_THRESH, 359 .ctl_name = NET_IPV4_IPFRAG_HIGH_THRESH,
359 .procname = "ipfrag_high_thresh", 360 .procname = "ipfrag_high_thresh",
360 .data = &sysctl_ipfrag_high_thresh, 361 .data = &ip4_frags_ctl.high_thresh,
361 .maxlen = sizeof(int), 362 .maxlen = sizeof(int),
362 .mode = 0644, 363 .mode = 0644,
363 .proc_handler = &proc_dointvec 364 .proc_handler = &proc_dointvec
@@ -365,7 +366,7 @@ ctl_table ipv4_table[] = {
365 { 366 {
366 .ctl_name = NET_IPV4_IPFRAG_LOW_THRESH, 367 .ctl_name = NET_IPV4_IPFRAG_LOW_THRESH,
367 .procname = "ipfrag_low_thresh", 368 .procname = "ipfrag_low_thresh",
368 .data = &sysctl_ipfrag_low_thresh, 369 .data = &ip4_frags_ctl.low_thresh,
369 .maxlen = sizeof(int), 370 .maxlen = sizeof(int),
370 .mode = 0644, 371 .mode = 0644,
371 .proc_handler = &proc_dointvec 372 .proc_handler = &proc_dointvec
@@ -381,7 +382,7 @@ ctl_table ipv4_table[] = {
381 { 382 {
382 .ctl_name = NET_IPV4_IPFRAG_TIME, 383 .ctl_name = NET_IPV4_IPFRAG_TIME,
383 .procname = "ipfrag_time", 384 .procname = "ipfrag_time",
384 .data = &sysctl_ipfrag_time, 385 .data = &ip4_frags_ctl.timeout,
385 .maxlen = sizeof(int), 386 .maxlen = sizeof(int),
386 .mode = 0644, 387 .mode = 0644,
387 .proc_handler = &proc_dointvec_jiffies, 388 .proc_handler = &proc_dointvec_jiffies,
@@ -732,7 +733,7 @@ ctl_table ipv4_table[] = {
732 { 733 {
733 .ctl_name = NET_IPV4_IPFRAG_SECRET_INTERVAL, 734 .ctl_name = NET_IPV4_IPFRAG_SECRET_INTERVAL,
734 .procname = "ipfrag_secret_interval", 735 .procname = "ipfrag_secret_interval",
735 .data = &sysctl_ipfrag_secret_interval, 736 .data = &ip4_frags_ctl.secret_interval,
736 .maxlen = sizeof(int), 737 .maxlen = sizeof(int),
737 .mode = 0644, 738 .mode = 0644,
738 .proc_handler = &proc_dointvec_jiffies, 739 .proc_handler = &proc_dointvec_jiffies,
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 0a42e9340346..0f00966b1784 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -1995,8 +1995,7 @@ static void tcp_verify_retransmit_hint(struct tcp_sock *tp,
1995} 1995}
1996 1996
1997/* Mark head of queue up as lost. */ 1997/* Mark head of queue up as lost. */
1998static void tcp_mark_head_lost(struct sock *sk, 1998static void tcp_mark_head_lost(struct sock *sk, int packets)
1999 int packets, u32 high_seq)
2000{ 1999{
2001 struct tcp_sock *tp = tcp_sk(sk); 2000 struct tcp_sock *tp = tcp_sk(sk);
2002 struct sk_buff *skb; 2001 struct sk_buff *skb;
@@ -2019,7 +2018,7 @@ static void tcp_mark_head_lost(struct sock *sk,
2019 tp->lost_skb_hint = skb; 2018 tp->lost_skb_hint = skb;
2020 tp->lost_cnt_hint = cnt; 2019 tp->lost_cnt_hint = cnt;
2021 cnt += tcp_skb_pcount(skb); 2020 cnt += tcp_skb_pcount(skb);
2022 if (cnt > packets || after(TCP_SKB_CB(skb)->end_seq, high_seq)) 2021 if (cnt > packets || after(TCP_SKB_CB(skb)->end_seq, tp->high_seq))
2023 break; 2022 break;
2024 if (!(TCP_SKB_CB(skb)->sacked & (TCPCB_SACKED_ACKED|TCPCB_LOST))) { 2023 if (!(TCP_SKB_CB(skb)->sacked & (TCPCB_SACKED_ACKED|TCPCB_LOST))) {
2025 TCP_SKB_CB(skb)->sacked |= TCPCB_LOST; 2024 TCP_SKB_CB(skb)->sacked |= TCPCB_LOST;
@@ -2040,9 +2039,9 @@ static void tcp_update_scoreboard(struct sock *sk)
2040 int lost = tp->fackets_out - tp->reordering; 2039 int lost = tp->fackets_out - tp->reordering;
2041 if (lost <= 0) 2040 if (lost <= 0)
2042 lost = 1; 2041 lost = 1;
2043 tcp_mark_head_lost(sk, lost, tp->high_seq); 2042 tcp_mark_head_lost(sk, lost);
2044 } else { 2043 } else {
2045 tcp_mark_head_lost(sk, 1, tp->high_seq); 2044 tcp_mark_head_lost(sk, 1);
2046 } 2045 }
2047 2046
2048 /* New heuristics: it is possible only after we switched 2047 /* New heuristics: it is possible only after we switched
@@ -2381,7 +2380,7 @@ tcp_fastretrans_alert(struct sock *sk, int pkts_acked, int flag)
2381 before(tp->snd_una, tp->high_seq) && 2380 before(tp->snd_una, tp->high_seq) &&
2382 icsk->icsk_ca_state != TCP_CA_Open && 2381 icsk->icsk_ca_state != TCP_CA_Open &&
2383 tp->fackets_out > tp->reordering) { 2382 tp->fackets_out > tp->reordering) {
2384 tcp_mark_head_lost(sk, tp->fackets_out-tp->reordering, tp->high_seq); 2383 tcp_mark_head_lost(sk, tp->fackets_out - tp->reordering);
2385 NET_INC_STATS_BH(LINUX_MIB_TCPLOSS); 2384 NET_INC_STATS_BH(LINUX_MIB_TCPLOSS);
2386 } 2385 }
2387 2386
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index 434ef302ba83..a4edd666318b 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -78,7 +78,7 @@ static int xfrm4_output_finish2(struct sk_buff *skb)
78 while (likely((err = xfrm4_output_one(skb)) == 0)) { 78 while (likely((err = xfrm4_output_one(skb)) == 0)) {
79 nf_reset(skb); 79 nf_reset(skb);
80 80
81 err = nf_hook(PF_INET, NF_IP_LOCAL_OUT, &skb, NULL, 81 err = nf_hook(PF_INET, NF_IP_LOCAL_OUT, skb, NULL,
82 skb->dst->dev, dst_output); 82 skb->dst->dev, dst_output);
83 if (unlikely(err != 1)) 83 if (unlikely(err != 1))
84 break; 84 break;
@@ -86,7 +86,7 @@ static int xfrm4_output_finish2(struct sk_buff *skb)
86 if (!skb->dst->xfrm) 86 if (!skb->dst->xfrm)
87 return dst_output(skb); 87 return dst_output(skb);
88 88
89 err = nf_hook(PF_INET, NF_IP_POST_ROUTING, &skb, NULL, 89 err = nf_hook(PF_INET, NF_IP_POST_ROUTING, skb, NULL,
90 skb->dst->dev, xfrm4_output_finish2); 90 skb->dst->dev, xfrm4_output_finish2);
91 if (unlikely(err != 1)) 91 if (unlikely(err != 1))
92 break; 92 break;
diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c
index c82d4d49f71f..1e89efd38a0c 100644
--- a/net/ipv6/exthdrs.c
+++ b/net/ipv6/exthdrs.c
@@ -102,7 +102,7 @@ EXPORT_SYMBOL_GPL(ipv6_find_tlv);
102 102
103struct tlvtype_proc { 103struct tlvtype_proc {
104 int type; 104 int type;
105 int (*func)(struct sk_buff **skbp, int offset); 105 int (*func)(struct sk_buff *skb, int offset);
106}; 106};
107 107
108/********************* 108/*********************
@@ -111,10 +111,8 @@ struct tlvtype_proc {
111 111
112/* An unknown option is detected, decide what to do */ 112/* An unknown option is detected, decide what to do */
113 113
114static int ip6_tlvopt_unknown(struct sk_buff **skbp, int optoff) 114static int ip6_tlvopt_unknown(struct sk_buff *skb, int optoff)
115{ 115{
116 struct sk_buff *skb = *skbp;
117
118 switch ((skb_network_header(skb)[optoff] & 0xC0) >> 6) { 116 switch ((skb_network_header(skb)[optoff] & 0xC0) >> 6) {
119 case 0: /* ignore */ 117 case 0: /* ignore */
120 return 1; 118 return 1;
@@ -139,9 +137,8 @@ static int ip6_tlvopt_unknown(struct sk_buff **skbp, int optoff)
139 137
140/* Parse tlv encoded option header (hop-by-hop or destination) */ 138/* Parse tlv encoded option header (hop-by-hop or destination) */
141 139
142static int ip6_parse_tlv(struct tlvtype_proc *procs, struct sk_buff **skbp) 140static int ip6_parse_tlv(struct tlvtype_proc *procs, struct sk_buff *skb)
143{ 141{
144 struct sk_buff *skb = *skbp;
145 struct tlvtype_proc *curr; 142 struct tlvtype_proc *curr;
146 const unsigned char *nh = skb_network_header(skb); 143 const unsigned char *nh = skb_network_header(skb);
147 int off = skb_network_header_len(skb); 144 int off = skb_network_header_len(skb);
@@ -172,13 +169,13 @@ static int ip6_parse_tlv(struct tlvtype_proc *procs, struct sk_buff **skbp)
172 /* type specific length/alignment 169 /* type specific length/alignment
173 checks will be performed in the 170 checks will be performed in the
174 func(). */ 171 func(). */
175 if (curr->func(skbp, off) == 0) 172 if (curr->func(skb, off) == 0)
176 return 0; 173 return 0;
177 break; 174 break;
178 } 175 }
179 } 176 }
180 if (curr->type < 0) { 177 if (curr->type < 0) {
181 if (ip6_tlvopt_unknown(skbp, off) == 0) 178 if (ip6_tlvopt_unknown(skb, off) == 0)
182 return 0; 179 return 0;
183 } 180 }
184 break; 181 break;
@@ -198,9 +195,8 @@ bad:
198 *****************************/ 195 *****************************/
199 196
200#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 197#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
201static int ipv6_dest_hao(struct sk_buff **skbp, int optoff) 198static int ipv6_dest_hao(struct sk_buff *skb, int optoff)
202{ 199{
203 struct sk_buff *skb = *skbp;
204 struct ipv6_destopt_hao *hao; 200 struct ipv6_destopt_hao *hao;
205 struct inet6_skb_parm *opt = IP6CB(skb); 201 struct inet6_skb_parm *opt = IP6CB(skb);
206 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 202 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
@@ -234,22 +230,13 @@ static int ipv6_dest_hao(struct sk_buff **skbp, int optoff)
234 goto discard; 230 goto discard;
235 231
236 if (skb_cloned(skb)) { 232 if (skb_cloned(skb)) {
237 struct sk_buff *skb2 = skb_copy(skb, GFP_ATOMIC); 233 if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
238 struct inet6_skb_parm *opt2;
239
240 if (skb2 == NULL)
241 goto discard; 234 goto discard;
242 235
243 opt2 = IP6CB(skb2);
244 memcpy(opt2, opt, sizeof(*opt2));
245
246 kfree_skb(skb);
247
248 /* update all variable using below by copied skbuff */ 236 /* update all variable using below by copied skbuff */
249 *skbp = skb = skb2; 237 hao = (struct ipv6_destopt_hao *)(skb_network_header(skb) +
250 hao = (struct ipv6_destopt_hao *)(skb_network_header(skb2) +
251 optoff); 238 optoff);
252 ipv6h = ipv6_hdr(skb2); 239 ipv6h = ipv6_hdr(skb);
253 } 240 }
254 241
255 if (skb->ip_summed == CHECKSUM_COMPLETE) 242 if (skb->ip_summed == CHECKSUM_COMPLETE)
@@ -280,9 +267,8 @@ static struct tlvtype_proc tlvprocdestopt_lst[] = {
280 {-1, NULL} 267 {-1, NULL}
281}; 268};
282 269
283static int ipv6_destopt_rcv(struct sk_buff **skbp) 270static int ipv6_destopt_rcv(struct sk_buff *skb)
284{ 271{
285 struct sk_buff *skb = *skbp;
286 struct inet6_skb_parm *opt = IP6CB(skb); 272 struct inet6_skb_parm *opt = IP6CB(skb);
287#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 273#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
288 __u16 dstbuf; 274 __u16 dstbuf;
@@ -304,9 +290,8 @@ static int ipv6_destopt_rcv(struct sk_buff **skbp)
304#endif 290#endif
305 291
306 dst = dst_clone(skb->dst); 292 dst = dst_clone(skb->dst);
307 if (ip6_parse_tlv(tlvprocdestopt_lst, skbp)) { 293 if (ip6_parse_tlv(tlvprocdestopt_lst, skb)) {
308 dst_release(dst); 294 dst_release(dst);
309 skb = *skbp;
310 skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3; 295 skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3;
311 opt = IP6CB(skb); 296 opt = IP6CB(skb);
312#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 297#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
@@ -337,10 +322,8 @@ void __init ipv6_destopt_init(void)
337 NONE header. No data in packet. 322 NONE header. No data in packet.
338 ********************************/ 323 ********************************/
339 324
340static int ipv6_nodata_rcv(struct sk_buff **skbp) 325static int ipv6_nodata_rcv(struct sk_buff *skb)
341{ 326{
342 struct sk_buff *skb = *skbp;
343
344 kfree_skb(skb); 327 kfree_skb(skb);
345 return 0; 328 return 0;
346} 329}
@@ -360,9 +343,8 @@ void __init ipv6_nodata_init(void)
360 Routing header. 343 Routing header.
361 ********************************/ 344 ********************************/
362 345
363static int ipv6_rthdr_rcv(struct sk_buff **skbp) 346static int ipv6_rthdr_rcv(struct sk_buff *skb)
364{ 347{
365 struct sk_buff *skb = *skbp;
366 struct inet6_skb_parm *opt = IP6CB(skb); 348 struct inet6_skb_parm *opt = IP6CB(skb);
367 struct in6_addr *addr = NULL; 349 struct in6_addr *addr = NULL;
368 struct in6_addr daddr; 350 struct in6_addr daddr;
@@ -464,18 +446,14 @@ looped_back:
464 Do not damage packets queued somewhere. 446 Do not damage packets queued somewhere.
465 */ 447 */
466 if (skb_cloned(skb)) { 448 if (skb_cloned(skb)) {
467 struct sk_buff *skb2 = skb_copy(skb, GFP_ATOMIC);
468 /* the copy is a forwarded packet */ 449 /* the copy is a forwarded packet */
469 if (skb2 == NULL) { 450 if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) {
470 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), 451 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
471 IPSTATS_MIB_OUTDISCARDS); 452 IPSTATS_MIB_OUTDISCARDS);
472 kfree_skb(skb); 453 kfree_skb(skb);
473 return -1; 454 return -1;
474 } 455 }
475 kfree_skb(skb); 456 hdr = (struct ipv6_rt_hdr *)skb_transport_header(skb);
476 *skbp = skb = skb2;
477 opt = IP6CB(skb2);
478 hdr = (struct ipv6_rt_hdr *)skb_transport_header(skb2);
479 } 457 }
480 458
481 if (skb->ip_summed == CHECKSUM_COMPLETE) 459 if (skb->ip_summed == CHECKSUM_COMPLETE)
@@ -578,9 +556,8 @@ static inline struct inet6_dev *ipv6_skb_idev(struct sk_buff *skb)
578 556
579/* Router Alert as of RFC 2711 */ 557/* Router Alert as of RFC 2711 */
580 558
581static int ipv6_hop_ra(struct sk_buff **skbp, int optoff) 559static int ipv6_hop_ra(struct sk_buff *skb, int optoff)
582{ 560{
583 struct sk_buff *skb = *skbp;
584 const unsigned char *nh = skb_network_header(skb); 561 const unsigned char *nh = skb_network_header(skb);
585 562
586 if (nh[optoff + 1] == 2) { 563 if (nh[optoff + 1] == 2) {
@@ -595,9 +572,8 @@ static int ipv6_hop_ra(struct sk_buff **skbp, int optoff)
595 572
596/* Jumbo payload */ 573/* Jumbo payload */
597 574
598static int ipv6_hop_jumbo(struct sk_buff **skbp, int optoff) 575static int ipv6_hop_jumbo(struct sk_buff *skb, int optoff)
599{ 576{
600 struct sk_buff *skb = *skbp;
601 const unsigned char *nh = skb_network_header(skb); 577 const unsigned char *nh = skb_network_header(skb);
602 u32 pkt_len; 578 u32 pkt_len;
603 579
@@ -648,9 +624,8 @@ static struct tlvtype_proc tlvprochopopt_lst[] = {
648 { -1, } 624 { -1, }
649}; 625};
650 626
651int ipv6_parse_hopopts(struct sk_buff **skbp) 627int ipv6_parse_hopopts(struct sk_buff *skb)
652{ 628{
653 struct sk_buff *skb = *skbp;
654 struct inet6_skb_parm *opt = IP6CB(skb); 629 struct inet6_skb_parm *opt = IP6CB(skb);
655 630
656 /* 631 /*
@@ -667,8 +642,7 @@ int ipv6_parse_hopopts(struct sk_buff **skbp)
667 } 642 }
668 643
669 opt->hop = sizeof(struct ipv6hdr); 644 opt->hop = sizeof(struct ipv6hdr);
670 if (ip6_parse_tlv(tlvprochopopt_lst, skbp)) { 645 if (ip6_parse_tlv(tlvprochopopt_lst, skb)) {
671 skb = *skbp;
672 skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3; 646 skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3;
673 opt = IP6CB(skb); 647 opt = IP6CB(skb);
674 opt->nhoff = sizeof(struct ipv6hdr); 648 opt->nhoff = sizeof(struct ipv6hdr);
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index 47b8ce232e84..9bb031fa1c2f 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -82,7 +82,7 @@ EXPORT_SYMBOL(icmpv6msg_statistics);
82static DEFINE_PER_CPU(struct socket *, __icmpv6_socket) = NULL; 82static DEFINE_PER_CPU(struct socket *, __icmpv6_socket) = NULL;
83#define icmpv6_socket __get_cpu_var(__icmpv6_socket) 83#define icmpv6_socket __get_cpu_var(__icmpv6_socket)
84 84
85static int icmpv6_rcv(struct sk_buff **pskb); 85static int icmpv6_rcv(struct sk_buff *skb);
86 86
87static struct inet6_protocol icmpv6_protocol = { 87static struct inet6_protocol icmpv6_protocol = {
88 .handler = icmpv6_rcv, 88 .handler = icmpv6_rcv,
@@ -614,9 +614,8 @@ static void icmpv6_notify(struct sk_buff *skb, int type, int code, __be32 info)
614 * Handle icmp messages 614 * Handle icmp messages
615 */ 615 */
616 616
617static int icmpv6_rcv(struct sk_buff **pskb) 617static int icmpv6_rcv(struct sk_buff *skb)
618{ 618{
619 struct sk_buff *skb = *pskb;
620 struct net_device *dev = skb->dev; 619 struct net_device *dev = skb->dev;
621 struct inet6_dev *idev = __in6_dev_get(dev); 620 struct inet6_dev *idev = __in6_dev_get(dev);
622 struct in6_addr *saddr, *daddr; 621 struct in6_addr *saddr, *daddr;
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c
index 25b931709749..78de42ada844 100644
--- a/net/ipv6/inet6_connection_sock.c
+++ b/net/ipv6/inet6_connection_sock.c
@@ -146,7 +146,7 @@ void __inet6_csk_dst_store(struct sock *sk, struct dst_entry *dst,
146 __ip6_dst_store(sk, dst, daddr, saddr); 146 __ip6_dst_store(sk, dst, daddr, saddr);
147 147
148#ifdef CONFIG_XFRM 148#ifdef CONFIG_XFRM
149 if (dst) { 149 {
150 struct rt6_info *rt = (struct rt6_info *)dst; 150 struct rt6_info *rt = (struct rt6_info *)dst;
151 rt->rt6i_flow_cache_genid = atomic_read(&flow_cache_genid); 151 rt->rt6i_flow_cache_genid = atomic_read(&flow_cache_genid);
152 } 152 }
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index 9149fc239759..fac6f7f9dd73 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -125,7 +125,7 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
125 } 125 }
126 126
127 if (hdr->nexthdr == NEXTHDR_HOP) { 127 if (hdr->nexthdr == NEXTHDR_HOP) {
128 if (ipv6_parse_hopopts(&skb) < 0) { 128 if (ipv6_parse_hopopts(skb) < 0) {
129 IP6_INC_STATS_BH(idev, IPSTATS_MIB_INHDRERRORS); 129 IP6_INC_STATS_BH(idev, IPSTATS_MIB_INHDRERRORS);
130 rcu_read_unlock(); 130 rcu_read_unlock();
131 return 0; 131 return 0;
@@ -149,7 +149,7 @@ out:
149 */ 149 */
150 150
151 151
152static inline int ip6_input_finish(struct sk_buff *skb) 152static int ip6_input_finish(struct sk_buff *skb)
153{ 153{
154 struct inet6_protocol *ipprot; 154 struct inet6_protocol *ipprot;
155 struct sock *raw_sk; 155 struct sock *raw_sk;
@@ -199,7 +199,7 @@ resubmit:
199 !xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) 199 !xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
200 goto discard; 200 goto discard;
201 201
202 ret = ipprot->handler(&skb); 202 ret = ipprot->handler(skb);
203 if (ret > 0) 203 if (ret > 0)
204 goto resubmit; 204 goto resubmit;
205 else if (ret == 0) 205 else if (ret == 0)
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 011082ed921a..13565dfb1b45 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -70,7 +70,7 @@ static __inline__ void ipv6_select_ident(struct sk_buff *skb, struct frag_hdr *f
70 spin_unlock_bh(&ip6_id_lock); 70 spin_unlock_bh(&ip6_id_lock);
71} 71}
72 72
73static inline int ip6_output_finish(struct sk_buff *skb) 73static int ip6_output_finish(struct sk_buff *skb)
74{ 74{
75 struct dst_entry *dst = skb->dst; 75 struct dst_entry *dst = skb->dst;
76 76
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index 38b149613915..b1326c2bf8aa 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -68,15 +68,15 @@ static void nf_ip6_saveroute(const struct sk_buff *skb, struct nf_info *info)
68 } 68 }
69} 69}
70 70
71static int nf_ip6_reroute(struct sk_buff **pskb, const struct nf_info *info) 71static int nf_ip6_reroute(struct sk_buff *skb, const struct nf_info *info)
72{ 72{
73 struct ip6_rt_info *rt_info = nf_info_reroute(info); 73 struct ip6_rt_info *rt_info = nf_info_reroute(info);
74 74
75 if (info->hook == NF_IP6_LOCAL_OUT) { 75 if (info->hook == NF_IP6_LOCAL_OUT) {
76 struct ipv6hdr *iph = ipv6_hdr(*pskb); 76 struct ipv6hdr *iph = ipv6_hdr(skb);
77 if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) || 77 if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) ||
78 !ipv6_addr_equal(&iph->saddr, &rt_info->saddr)) 78 !ipv6_addr_equal(&iph->saddr, &rt_info->saddr))
79 return ip6_route_me_harder(*pskb); 79 return ip6_route_me_harder(skb);
80 } 80 }
81 return 0; 81 return 0;
82} 82}
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index 0473145ac534..6413a30d9f68 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -332,6 +332,7 @@ static int
332ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) 332ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
333{ 333{
334 int diff; 334 int diff;
335 int err;
335 struct ipv6hdr *user_iph = (struct ipv6hdr *)v->payload; 336 struct ipv6hdr *user_iph = (struct ipv6hdr *)v->payload;
336 337
337 if (v->data_len < sizeof(*user_iph)) 338 if (v->data_len < sizeof(*user_iph))
@@ -344,25 +345,18 @@ ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
344 if (v->data_len > 0xFFFF) 345 if (v->data_len > 0xFFFF)
345 return -EINVAL; 346 return -EINVAL;
346 if (diff > skb_tailroom(e->skb)) { 347 if (diff > skb_tailroom(e->skb)) {
347 struct sk_buff *newskb; 348 err = pskb_expand_head(e->skb, 0,
348 349 diff - skb_tailroom(e->skb),
349 newskb = skb_copy_expand(e->skb, 350 GFP_ATOMIC);
350 skb_headroom(e->skb), 351 if (err) {
351 diff,
352 GFP_ATOMIC);
353 if (newskb == NULL) {
354 printk(KERN_WARNING "ip6_queue: OOM " 352 printk(KERN_WARNING "ip6_queue: OOM "
355 "in mangle, dropping packet\n"); 353 "in mangle, dropping packet\n");
356 return -ENOMEM; 354 return err;
357 } 355 }
358 if (e->skb->sk)
359 skb_set_owner_w(newskb, e->skb->sk);
360 kfree_skb(e->skb);
361 e->skb = newskb;
362 } 356 }
363 skb_put(e->skb, diff); 357 skb_put(e->skb, diff);
364 } 358 }
365 if (!skb_make_writable(&e->skb, v->data_len)) 359 if (!skb_make_writable(e->skb, v->data_len))
366 return -ENOMEM; 360 return -ENOMEM;
367 skb_copy_to_linear_data(e->skb, v->payload, v->data_len); 361 skb_copy_to_linear_data(e->skb, v->payload, v->data_len);
368 e->skb->ip_summed = CHECKSUM_NONE; 362 e->skb->ip_summed = CHECKSUM_NONE;
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index cd9df02bb85c..acaba1537931 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -205,7 +205,7 @@ ip6_checkentry(const struct ip6t_ip6 *ipv6)
205} 205}
206 206
207static unsigned int 207static unsigned int
208ip6t_error(struct sk_buff **pskb, 208ip6t_error(struct sk_buff *skb,
209 const struct net_device *in, 209 const struct net_device *in,
210 const struct net_device *out, 210 const struct net_device *out,
211 unsigned int hooknum, 211 unsigned int hooknum,
@@ -350,7 +350,7 @@ static void trace_packet(struct sk_buff *skb,
350 350
351/* Returns one of the generic firewall policies, like NF_ACCEPT. */ 351/* Returns one of the generic firewall policies, like NF_ACCEPT. */
352unsigned int 352unsigned int
353ip6t_do_table(struct sk_buff **pskb, 353ip6t_do_table(struct sk_buff *skb,
354 unsigned int hook, 354 unsigned int hook,
355 const struct net_device *in, 355 const struct net_device *in,
356 const struct net_device *out, 356 const struct net_device *out,
@@ -389,17 +389,17 @@ ip6t_do_table(struct sk_buff **pskb,
389 do { 389 do {
390 IP_NF_ASSERT(e); 390 IP_NF_ASSERT(e);
391 IP_NF_ASSERT(back); 391 IP_NF_ASSERT(back);
392 if (ip6_packet_match(*pskb, indev, outdev, &e->ipv6, 392 if (ip6_packet_match(skb, indev, outdev, &e->ipv6,
393 &protoff, &offset, &hotdrop)) { 393 &protoff, &offset, &hotdrop)) {
394 struct ip6t_entry_target *t; 394 struct ip6t_entry_target *t;
395 395
396 if (IP6T_MATCH_ITERATE(e, do_match, 396 if (IP6T_MATCH_ITERATE(e, do_match,
397 *pskb, in, out, 397 skb, in, out,
398 offset, protoff, &hotdrop) != 0) 398 offset, protoff, &hotdrop) != 0)
399 goto no_match; 399 goto no_match;
400 400
401 ADD_COUNTER(e->counters, 401 ADD_COUNTER(e->counters,
402 ntohs(ipv6_hdr(*pskb)->payload_len) 402 ntohs(ipv6_hdr(skb)->payload_len)
403 + IPV6_HDR_LEN, 403 + IPV6_HDR_LEN,
404 1); 404 1);
405 405
@@ -409,8 +409,8 @@ ip6t_do_table(struct sk_buff **pskb,
409#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ 409#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
410 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) 410 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
411 /* The packet is traced: log it */ 411 /* The packet is traced: log it */
412 if (unlikely((*pskb)->nf_trace)) 412 if (unlikely(skb->nf_trace))
413 trace_packet(*pskb, hook, in, out, 413 trace_packet(skb, hook, in, out,
414 table->name, private, e); 414 table->name, private, e);
415#endif 415#endif
416 /* Standard target? */ 416 /* Standard target? */
@@ -448,7 +448,7 @@ ip6t_do_table(struct sk_buff **pskb,
448 ((struct ip6t_entry *)table_base)->comefrom 448 ((struct ip6t_entry *)table_base)->comefrom
449 = 0xeeeeeeec; 449 = 0xeeeeeeec;
450#endif 450#endif
451 verdict = t->u.kernel.target->target(pskb, 451 verdict = t->u.kernel.target->target(skb,
452 in, out, 452 in, out,
453 hook, 453 hook,
454 t->u.kernel.target, 454 t->u.kernel.target,
diff --git a/net/ipv6/netfilter/ip6t_HL.c b/net/ipv6/netfilter/ip6t_HL.c
index ad4d94310b87..9afc836fd454 100644
--- a/net/ipv6/netfilter/ip6t_HL.c
+++ b/net/ipv6/netfilter/ip6t_HL.c
@@ -18,7 +18,7 @@ MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>");
18MODULE_DESCRIPTION("IP6 tables Hop Limit modification module"); 18MODULE_DESCRIPTION("IP6 tables Hop Limit modification module");
19MODULE_LICENSE("GPL"); 19MODULE_LICENSE("GPL");
20 20
21static unsigned int ip6t_hl_target(struct sk_buff **pskb, 21static unsigned int ip6t_hl_target(struct sk_buff *skb,
22 const struct net_device *in, 22 const struct net_device *in,
23 const struct net_device *out, 23 const struct net_device *out,
24 unsigned int hooknum, 24 unsigned int hooknum,
@@ -29,10 +29,10 @@ static unsigned int ip6t_hl_target(struct sk_buff **pskb,
29 const struct ip6t_HL_info *info = targinfo; 29 const struct ip6t_HL_info *info = targinfo;
30 int new_hl; 30 int new_hl;
31 31
32 if (!skb_make_writable(pskb, (*pskb)->len)) 32 if (!skb_make_writable(skb, skb->len))
33 return NF_DROP; 33 return NF_DROP;
34 34
35 ip6h = ipv6_hdr(*pskb); 35 ip6h = ipv6_hdr(skb);
36 36
37 switch (info->mode) { 37 switch (info->mode) {
38 case IP6T_HL_SET: 38 case IP6T_HL_SET:
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c
index 6ab99001dccc..7a48c342df46 100644
--- a/net/ipv6/netfilter/ip6t_LOG.c
+++ b/net/ipv6/netfilter/ip6t_LOG.c
@@ -431,7 +431,7 @@ ip6t_log_packet(unsigned int pf,
431} 431}
432 432
433static unsigned int 433static unsigned int
434ip6t_log_target(struct sk_buff **pskb, 434ip6t_log_target(struct sk_buff *skb,
435 const struct net_device *in, 435 const struct net_device *in,
436 const struct net_device *out, 436 const struct net_device *out,
437 unsigned int hooknum, 437 unsigned int hooknum,
@@ -445,8 +445,7 @@ ip6t_log_target(struct sk_buff **pskb,
445 li.u.log.level = loginfo->level; 445 li.u.log.level = loginfo->level;
446 li.u.log.logflags = loginfo->logflags; 446 li.u.log.logflags = loginfo->logflags;
447 447
448 ip6t_log_packet(PF_INET6, hooknum, *pskb, in, out, &li, 448 ip6t_log_packet(PF_INET6, hooknum, skb, in, out, &li, loginfo->prefix);
449 loginfo->prefix);
450 return XT_CONTINUE; 449 return XT_CONTINUE;
451} 450}
452 451
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index 3fd08d5567a6..1a7d2917545d 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -172,7 +172,7 @@ send_unreach(struct sk_buff *skb_in, unsigned char code, unsigned int hooknum)
172 icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0, NULL); 172 icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0, NULL);
173} 173}
174 174
175static unsigned int reject6_target(struct sk_buff **pskb, 175static unsigned int reject6_target(struct sk_buff *skb,
176 const struct net_device *in, 176 const struct net_device *in,
177 const struct net_device *out, 177 const struct net_device *out,
178 unsigned int hooknum, 178 unsigned int hooknum,
@@ -187,25 +187,25 @@ static unsigned int reject6_target(struct sk_buff **pskb,
187 must return an absolute verdict. --RR */ 187 must return an absolute verdict. --RR */
188 switch (reject->with) { 188 switch (reject->with) {
189 case IP6T_ICMP6_NO_ROUTE: 189 case IP6T_ICMP6_NO_ROUTE:
190 send_unreach(*pskb, ICMPV6_NOROUTE, hooknum); 190 send_unreach(skb, ICMPV6_NOROUTE, hooknum);
191 break; 191 break;
192 case IP6T_ICMP6_ADM_PROHIBITED: 192 case IP6T_ICMP6_ADM_PROHIBITED:
193 send_unreach(*pskb, ICMPV6_ADM_PROHIBITED, hooknum); 193 send_unreach(skb, ICMPV6_ADM_PROHIBITED, hooknum);
194 break; 194 break;
195 case IP6T_ICMP6_NOT_NEIGHBOUR: 195 case IP6T_ICMP6_NOT_NEIGHBOUR:
196 send_unreach(*pskb, ICMPV6_NOT_NEIGHBOUR, hooknum); 196 send_unreach(skb, ICMPV6_NOT_NEIGHBOUR, hooknum);
197 break; 197 break;
198 case IP6T_ICMP6_ADDR_UNREACH: 198 case IP6T_ICMP6_ADDR_UNREACH:
199 send_unreach(*pskb, ICMPV6_ADDR_UNREACH, hooknum); 199 send_unreach(skb, ICMPV6_ADDR_UNREACH, hooknum);
200 break; 200 break;
201 case IP6T_ICMP6_PORT_UNREACH: 201 case IP6T_ICMP6_PORT_UNREACH:
202 send_unreach(*pskb, ICMPV6_PORT_UNREACH, hooknum); 202 send_unreach(skb, ICMPV6_PORT_UNREACH, hooknum);
203 break; 203 break;
204 case IP6T_ICMP6_ECHOREPLY: 204 case IP6T_ICMP6_ECHOREPLY:
205 /* Do nothing */ 205 /* Do nothing */
206 break; 206 break;
207 case IP6T_TCP_RESET: 207 case IP6T_TCP_RESET:
208 send_reset(*pskb); 208 send_reset(skb);
209 break; 209 break;
210 default: 210 default:
211 if (net_ratelimit()) 211 if (net_ratelimit())
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c
index 7e32e2aaf7f7..1d26b202bf30 100644
--- a/net/ipv6/netfilter/ip6table_filter.c
+++ b/net/ipv6/netfilter/ip6table_filter.c
@@ -60,32 +60,32 @@ static struct xt_table packet_filter = {
60/* The work comes in here from netfilter.c. */ 60/* The work comes in here from netfilter.c. */
61static unsigned int 61static unsigned int
62ip6t_hook(unsigned int hook, 62ip6t_hook(unsigned int hook,
63 struct sk_buff **pskb, 63 struct sk_buff *skb,
64 const struct net_device *in, 64 const struct net_device *in,
65 const struct net_device *out, 65 const struct net_device *out,
66 int (*okfn)(struct sk_buff *)) 66 int (*okfn)(struct sk_buff *))
67{ 67{
68 return ip6t_do_table(pskb, hook, in, out, &packet_filter); 68 return ip6t_do_table(skb, hook, in, out, &packet_filter);
69} 69}
70 70
71static unsigned int 71static unsigned int
72ip6t_local_out_hook(unsigned int hook, 72ip6t_local_out_hook(unsigned int hook,
73 struct sk_buff **pskb, 73 struct sk_buff *skb,
74 const struct net_device *in, 74 const struct net_device *in,
75 const struct net_device *out, 75 const struct net_device *out,
76 int (*okfn)(struct sk_buff *)) 76 int (*okfn)(struct sk_buff *))
77{ 77{
78#if 0 78#if 0
79 /* root is playing with raw sockets. */ 79 /* root is playing with raw sockets. */
80 if ((*pskb)->len < sizeof(struct iphdr) 80 if (skb->len < sizeof(struct iphdr)
81 || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 81 || ip_hdrlen(skb) < sizeof(struct iphdr)) {
82 if (net_ratelimit()) 82 if (net_ratelimit())
83 printk("ip6t_hook: happy cracking.\n"); 83 printk("ip6t_hook: happy cracking.\n");
84 return NF_ACCEPT; 84 return NF_ACCEPT;
85 } 85 }
86#endif 86#endif
87 87
88 return ip6t_do_table(pskb, hook, in, out, &packet_filter); 88 return ip6t_do_table(skb, hook, in, out, &packet_filter);
89} 89}
90 90
91static struct nf_hook_ops ip6t_ops[] = { 91static struct nf_hook_ops ip6t_ops[] = {
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c
index f0a9efa67fb5..a0b6381f1e8c 100644
--- a/net/ipv6/netfilter/ip6table_mangle.c
+++ b/net/ipv6/netfilter/ip6table_mangle.c
@@ -68,17 +68,17 @@ static struct xt_table packet_mangler = {
68/* The work comes in here from netfilter.c. */ 68/* The work comes in here from netfilter.c. */
69static unsigned int 69static unsigned int
70ip6t_route_hook(unsigned int hook, 70ip6t_route_hook(unsigned int hook,
71 struct sk_buff **pskb, 71 struct sk_buff *skb,
72 const struct net_device *in, 72 const struct net_device *in,
73 const struct net_device *out, 73 const struct net_device *out,
74 int (*okfn)(struct sk_buff *)) 74 int (*okfn)(struct sk_buff *))
75{ 75{
76 return ip6t_do_table(pskb, hook, in, out, &packet_mangler); 76 return ip6t_do_table(skb, hook, in, out, &packet_mangler);
77} 77}
78 78
79static unsigned int 79static unsigned int
80ip6t_local_hook(unsigned int hook, 80ip6t_local_hook(unsigned int hook,
81 struct sk_buff **pskb, 81 struct sk_buff *skb,
82 const struct net_device *in, 82 const struct net_device *in,
83 const struct net_device *out, 83 const struct net_device *out,
84 int (*okfn)(struct sk_buff *)) 84 int (*okfn)(struct sk_buff *))
@@ -91,8 +91,8 @@ ip6t_local_hook(unsigned int hook,
91 91
92#if 0 92#if 0
93 /* root is playing with raw sockets. */ 93 /* root is playing with raw sockets. */
94 if ((*pskb)->len < sizeof(struct iphdr) 94 if (skb->len < sizeof(struct iphdr)
95 || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 95 || ip_hdrlen(skb) < sizeof(struct iphdr)) {
96 if (net_ratelimit()) 96 if (net_ratelimit())
97 printk("ip6t_hook: happy cracking.\n"); 97 printk("ip6t_hook: happy cracking.\n");
98 return NF_ACCEPT; 98 return NF_ACCEPT;
@@ -100,22 +100,22 @@ ip6t_local_hook(unsigned int hook,
100#endif 100#endif
101 101
102 /* save source/dest address, mark, hoplimit, flowlabel, priority, */ 102 /* save source/dest address, mark, hoplimit, flowlabel, priority, */
103 memcpy(&saddr, &ipv6_hdr(*pskb)->saddr, sizeof(saddr)); 103 memcpy(&saddr, &ipv6_hdr(skb)->saddr, sizeof(saddr));
104 memcpy(&daddr, &ipv6_hdr(*pskb)->daddr, sizeof(daddr)); 104 memcpy(&daddr, &ipv6_hdr(skb)->daddr, sizeof(daddr));
105 mark = (*pskb)->mark; 105 mark = skb->mark;
106 hop_limit = ipv6_hdr(*pskb)->hop_limit; 106 hop_limit = ipv6_hdr(skb)->hop_limit;
107 107
108 /* flowlabel and prio (includes version, which shouldn't change either */ 108 /* flowlabel and prio (includes version, which shouldn't change either */
109 flowlabel = *((u_int32_t *)ipv6_hdr(*pskb)); 109 flowlabel = *((u_int32_t *)ipv6_hdr(skb));
110 110
111 ret = ip6t_do_table(pskb, hook, in, out, &packet_mangler); 111 ret = ip6t_do_table(skb, hook, in, out, &packet_mangler);
112 112
113 if (ret != NF_DROP && ret != NF_STOLEN 113 if (ret != NF_DROP && ret != NF_STOLEN
114 && (memcmp(&ipv6_hdr(*pskb)->saddr, &saddr, sizeof(saddr)) 114 && (memcmp(&ipv6_hdr(skb)->saddr, &saddr, sizeof(saddr))
115 || memcmp(&ipv6_hdr(*pskb)->daddr, &daddr, sizeof(daddr)) 115 || memcmp(&ipv6_hdr(skb)->daddr, &daddr, sizeof(daddr))
116 || (*pskb)->mark != mark 116 || skb->mark != mark
117 || ipv6_hdr(*pskb)->hop_limit != hop_limit)) 117 || ipv6_hdr(skb)->hop_limit != hop_limit))
118 return ip6_route_me_harder(*pskb) == 0 ? ret : NF_DROP; 118 return ip6_route_me_harder(skb) == 0 ? ret : NF_DROP;
119 119
120 return ret; 120 return ret;
121} 121}
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c
index ec290e4ebdd8..8f7109f991e6 100644
--- a/net/ipv6/netfilter/ip6table_raw.c
+++ b/net/ipv6/netfilter/ip6table_raw.c
@@ -46,12 +46,12 @@ static struct xt_table packet_raw = {
46/* The work comes in here from netfilter.c. */ 46/* The work comes in here from netfilter.c. */
47static unsigned int 47static unsigned int
48ip6t_hook(unsigned int hook, 48ip6t_hook(unsigned int hook,
49 struct sk_buff **pskb, 49 struct sk_buff *skb,
50 const struct net_device *in, 50 const struct net_device *in,
51 const struct net_device *out, 51 const struct net_device *out,
52 int (*okfn)(struct sk_buff *)) 52 int (*okfn)(struct sk_buff *))
53{ 53{
54 return ip6t_do_table(pskb, hook, in, out, &packet_raw); 54 return ip6t_do_table(skb, hook, in, out, &packet_raw);
55} 55}
56 56
57static struct nf_hook_ops ip6t_ops[] = { 57static struct nf_hook_ops ip6t_ops[] = {
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index 37a3db926953..0e40948f4fc6 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -18,6 +18,7 @@
18#include <linux/icmp.h> 18#include <linux/icmp.h>
19#include <linux/sysctl.h> 19#include <linux/sysctl.h>
20#include <net/ipv6.h> 20#include <net/ipv6.h>
21#include <net/inet_frag.h>
21 22
22#include <linux/netfilter_ipv6.h> 23#include <linux/netfilter_ipv6.h>
23#include <net/netfilter/nf_conntrack.h> 24#include <net/netfilter/nf_conntrack.h>
@@ -145,7 +146,7 @@ static int ipv6_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
145} 146}
146 147
147static unsigned int ipv6_confirm(unsigned int hooknum, 148static unsigned int ipv6_confirm(unsigned int hooknum,
148 struct sk_buff **pskb, 149 struct sk_buff *skb,
149 const struct net_device *in, 150 const struct net_device *in,
150 const struct net_device *out, 151 const struct net_device *out,
151 int (*okfn)(struct sk_buff *)) 152 int (*okfn)(struct sk_buff *))
@@ -155,12 +156,12 @@ static unsigned int ipv6_confirm(unsigned int hooknum,
155 struct nf_conntrack_helper *helper; 156 struct nf_conntrack_helper *helper;
156 enum ip_conntrack_info ctinfo; 157 enum ip_conntrack_info ctinfo;
157 unsigned int ret, protoff; 158 unsigned int ret, protoff;
158 unsigned int extoff = (u8 *)(ipv6_hdr(*pskb) + 1) - (*pskb)->data; 159 unsigned int extoff = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
159 unsigned char pnum = ipv6_hdr(*pskb)->nexthdr; 160 unsigned char pnum = ipv6_hdr(skb)->nexthdr;
160 161
161 162
162 /* This is where we call the helper: as the packet goes out. */ 163 /* This is where we call the helper: as the packet goes out. */
163 ct = nf_ct_get(*pskb, &ctinfo); 164 ct = nf_ct_get(skb, &ctinfo);
164 if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY) 165 if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)
165 goto out; 166 goto out;
166 167
@@ -172,23 +173,23 @@ static unsigned int ipv6_confirm(unsigned int hooknum,
172 if (!helper) 173 if (!helper)
173 goto out; 174 goto out;
174 175
175 protoff = nf_ct_ipv6_skip_exthdr(*pskb, extoff, &pnum, 176 protoff = nf_ct_ipv6_skip_exthdr(skb, extoff, &pnum,
176 (*pskb)->len - extoff); 177 skb->len - extoff);
177 if (protoff > (*pskb)->len || pnum == NEXTHDR_FRAGMENT) { 178 if (protoff > skb->len || pnum == NEXTHDR_FRAGMENT) {
178 pr_debug("proto header not found\n"); 179 pr_debug("proto header not found\n");
179 return NF_ACCEPT; 180 return NF_ACCEPT;
180 } 181 }
181 182
182 ret = helper->help(pskb, protoff, ct, ctinfo); 183 ret = helper->help(skb, protoff, ct, ctinfo);
183 if (ret != NF_ACCEPT) 184 if (ret != NF_ACCEPT)
184 return ret; 185 return ret;
185out: 186out:
186 /* We've seen it coming out the other side: confirm it */ 187 /* We've seen it coming out the other side: confirm it */
187 return nf_conntrack_confirm(pskb); 188 return nf_conntrack_confirm(skb);
188} 189}
189 190
190static unsigned int ipv6_defrag(unsigned int hooknum, 191static unsigned int ipv6_defrag(unsigned int hooknum,
191 struct sk_buff **pskb, 192 struct sk_buff *skb,
192 const struct net_device *in, 193 const struct net_device *in,
193 const struct net_device *out, 194 const struct net_device *out,
194 int (*okfn)(struct sk_buff *)) 195 int (*okfn)(struct sk_buff *))
@@ -196,17 +197,17 @@ static unsigned int ipv6_defrag(unsigned int hooknum,
196 struct sk_buff *reasm; 197 struct sk_buff *reasm;
197 198
198 /* Previously seen (loopback)? */ 199 /* Previously seen (loopback)? */
199 if ((*pskb)->nfct) 200 if (skb->nfct)
200 return NF_ACCEPT; 201 return NF_ACCEPT;
201 202
202 reasm = nf_ct_frag6_gather(*pskb); 203 reasm = nf_ct_frag6_gather(skb);
203 204
204 /* queued */ 205 /* queued */
205 if (reasm == NULL) 206 if (reasm == NULL)
206 return NF_STOLEN; 207 return NF_STOLEN;
207 208
208 /* error occured or not fragmented */ 209 /* error occured or not fragmented */
209 if (reasm == *pskb) 210 if (reasm == skb)
210 return NF_ACCEPT; 211 return NF_ACCEPT;
211 212
212 nf_ct_frag6_output(hooknum, reasm, (struct net_device *)in, 213 nf_ct_frag6_output(hooknum, reasm, (struct net_device *)in,
@@ -216,12 +217,12 @@ static unsigned int ipv6_defrag(unsigned int hooknum,
216} 217}
217 218
218static unsigned int ipv6_conntrack_in(unsigned int hooknum, 219static unsigned int ipv6_conntrack_in(unsigned int hooknum,
219 struct sk_buff **pskb, 220 struct sk_buff *skb,
220 const struct net_device *in, 221 const struct net_device *in,
221 const struct net_device *out, 222 const struct net_device *out,
222 int (*okfn)(struct sk_buff *)) 223 int (*okfn)(struct sk_buff *))
223{ 224{
224 struct sk_buff *reasm = (*pskb)->nfct_reasm; 225 struct sk_buff *reasm = skb->nfct_reasm;
225 226
226 /* This packet is fragmented and has reassembled packet. */ 227 /* This packet is fragmented and has reassembled packet. */
227 if (reasm) { 228 if (reasm) {
@@ -229,32 +230,32 @@ static unsigned int ipv6_conntrack_in(unsigned int hooknum,
229 if (!reasm->nfct) { 230 if (!reasm->nfct) {
230 unsigned int ret; 231 unsigned int ret;
231 232
232 ret = nf_conntrack_in(PF_INET6, hooknum, &reasm); 233 ret = nf_conntrack_in(PF_INET6, hooknum, reasm);
233 if (ret != NF_ACCEPT) 234 if (ret != NF_ACCEPT)
234 return ret; 235 return ret;
235 } 236 }
236 nf_conntrack_get(reasm->nfct); 237 nf_conntrack_get(reasm->nfct);
237 (*pskb)->nfct = reasm->nfct; 238 skb->nfct = reasm->nfct;
238 (*pskb)->nfctinfo = reasm->nfctinfo; 239 skb->nfctinfo = reasm->nfctinfo;
239 return NF_ACCEPT; 240 return NF_ACCEPT;
240 } 241 }
241 242
242 return nf_conntrack_in(PF_INET6, hooknum, pskb); 243 return nf_conntrack_in(PF_INET6, hooknum, skb);
243} 244}
244 245
245static unsigned int ipv6_conntrack_local(unsigned int hooknum, 246static unsigned int ipv6_conntrack_local(unsigned int hooknum,
246 struct sk_buff **pskb, 247 struct sk_buff *skb,
247 const struct net_device *in, 248 const struct net_device *in,
248 const struct net_device *out, 249 const struct net_device *out,
249 int (*okfn)(struct sk_buff *)) 250 int (*okfn)(struct sk_buff *))
250{ 251{
251 /* root is playing with raw sockets. */ 252 /* root is playing with raw sockets. */
252 if ((*pskb)->len < sizeof(struct ipv6hdr)) { 253 if (skb->len < sizeof(struct ipv6hdr)) {
253 if (net_ratelimit()) 254 if (net_ratelimit())
254 printk("ipv6_conntrack_local: packet too short\n"); 255 printk("ipv6_conntrack_local: packet too short\n");
255 return NF_ACCEPT; 256 return NF_ACCEPT;
256 } 257 }
257 return ipv6_conntrack_in(hooknum, pskb, in, out, okfn); 258 return ipv6_conntrack_in(hooknum, skb, in, out, okfn);
258} 259}
259 260
260static struct nf_hook_ops ipv6_conntrack_ops[] = { 261static struct nf_hook_ops ipv6_conntrack_ops[] = {
@@ -307,7 +308,7 @@ static ctl_table nf_ct_ipv6_sysctl_table[] = {
307 { 308 {
308 .ctl_name = NET_NF_CONNTRACK_FRAG6_TIMEOUT, 309 .ctl_name = NET_NF_CONNTRACK_FRAG6_TIMEOUT,
309 .procname = "nf_conntrack_frag6_timeout", 310 .procname = "nf_conntrack_frag6_timeout",
310 .data = &nf_ct_frag6_timeout, 311 .data = &nf_frags_ctl.timeout,
311 .maxlen = sizeof(unsigned int), 312 .maxlen = sizeof(unsigned int),
312 .mode = 0644, 313 .mode = 0644,
313 .proc_handler = &proc_dointvec_jiffies, 314 .proc_handler = &proc_dointvec_jiffies,
@@ -315,7 +316,7 @@ static ctl_table nf_ct_ipv6_sysctl_table[] = {
315 { 316 {
316 .ctl_name = NET_NF_CONNTRACK_FRAG6_LOW_THRESH, 317 .ctl_name = NET_NF_CONNTRACK_FRAG6_LOW_THRESH,
317 .procname = "nf_conntrack_frag6_low_thresh", 318 .procname = "nf_conntrack_frag6_low_thresh",
318 .data = &nf_ct_frag6_low_thresh, 319 .data = &nf_frags_ctl.low_thresh,
319 .maxlen = sizeof(unsigned int), 320 .maxlen = sizeof(unsigned int),
320 .mode = 0644, 321 .mode = 0644,
321 .proc_handler = &proc_dointvec, 322 .proc_handler = &proc_dointvec,
@@ -323,7 +324,7 @@ static ctl_table nf_ct_ipv6_sysctl_table[] = {
323 { 324 {
324 .ctl_name = NET_NF_CONNTRACK_FRAG6_HIGH_THRESH, 325 .ctl_name = NET_NF_CONNTRACK_FRAG6_HIGH_THRESH,
325 .procname = "nf_conntrack_frag6_high_thresh", 326 .procname = "nf_conntrack_frag6_high_thresh",
326 .data = &nf_ct_frag6_high_thresh, 327 .data = &nf_frags_ctl.high_thresh,
327 .maxlen = sizeof(unsigned int), 328 .maxlen = sizeof(unsigned int),
328 .mode = 0644, 329 .mode = 0644,
329 .proc_handler = &proc_dointvec, 330 .proc_handler = &proc_dointvec,
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 25442a8c1ba8..726fafd41961 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -31,6 +31,7 @@
31 31
32#include <net/sock.h> 32#include <net/sock.h>
33#include <net/snmp.h> 33#include <net/snmp.h>
34#include <net/inet_frag.h>
34 35
35#include <net/ipv6.h> 36#include <net/ipv6.h>
36#include <net/protocol.h> 37#include <net/protocol.h>
@@ -48,10 +49,6 @@
48#define NF_CT_FRAG6_LOW_THRESH 196608 /* == 192*1024 */ 49#define NF_CT_FRAG6_LOW_THRESH 196608 /* == 192*1024 */
49#define NF_CT_FRAG6_TIMEOUT IPV6_FRAG_TIMEOUT 50#define NF_CT_FRAG6_TIMEOUT IPV6_FRAG_TIMEOUT
50 51
51unsigned int nf_ct_frag6_high_thresh __read_mostly = 256*1024;
52unsigned int nf_ct_frag6_low_thresh __read_mostly = 192*1024;
53unsigned long nf_ct_frag6_timeout __read_mostly = IPV6_FRAG_TIMEOUT;
54
55struct nf_ct_frag6_skb_cb 52struct nf_ct_frag6_skb_cb
56{ 53{
57 struct inet6_skb_parm h; 54 struct inet6_skb_parm h;
@@ -63,51 +60,24 @@ struct nf_ct_frag6_skb_cb
63 60
64struct nf_ct_frag6_queue 61struct nf_ct_frag6_queue
65{ 62{
66 struct hlist_node list; 63 struct inet_frag_queue q;
67 struct list_head lru_list; /* lru list member */
68 64
69 __be32 id; /* fragment id */ 65 __be32 id; /* fragment id */
70 struct in6_addr saddr; 66 struct in6_addr saddr;
71 struct in6_addr daddr; 67 struct in6_addr daddr;
72 68
73 spinlock_t lock;
74 atomic_t refcnt;
75 struct timer_list timer; /* expire timer */
76 struct sk_buff *fragments;
77 int len;
78 int meat;
79 ktime_t stamp;
80 unsigned int csum; 69 unsigned int csum;
81 __u8 last_in; /* has first/last segment arrived? */
82#define COMPLETE 4
83#define FIRST_IN 2
84#define LAST_IN 1
85 __u16 nhoffset; 70 __u16 nhoffset;
86}; 71};
87 72
88/* Hash table. */ 73struct inet_frags_ctl nf_frags_ctl __read_mostly = {
89 74 .high_thresh = 256 * 1024,
90#define FRAG6Q_HASHSZ 64 75 .low_thresh = 192 * 1024,
91 76 .timeout = IPV6_FRAG_TIMEOUT,
92static struct hlist_head nf_ct_frag6_hash[FRAG6Q_HASHSZ]; 77 .secret_interval = 10 * 60 * HZ,
93static DEFINE_RWLOCK(nf_ct_frag6_lock); 78};
94static u32 nf_ct_frag6_hash_rnd;
95static LIST_HEAD(nf_ct_frag6_lru_list);
96int nf_ct_frag6_nqueues = 0;
97
98static __inline__ void __fq_unlink(struct nf_ct_frag6_queue *fq)
99{
100 hlist_del(&fq->list);
101 list_del(&fq->lru_list);
102 nf_ct_frag6_nqueues--;
103}
104 79
105static __inline__ void fq_unlink(struct nf_ct_frag6_queue *fq) 80static struct inet_frags nf_frags;
106{
107 write_lock(&nf_ct_frag6_lock);
108 __fq_unlink(fq);
109 write_unlock(&nf_ct_frag6_lock);
110}
111 81
112static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr, 82static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr,
113 struct in6_addr *daddr) 83 struct in6_addr *daddr)
@@ -120,7 +90,7 @@ static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr,
120 90
121 a += JHASH_GOLDEN_RATIO; 91 a += JHASH_GOLDEN_RATIO;
122 b += JHASH_GOLDEN_RATIO; 92 b += JHASH_GOLDEN_RATIO;
123 c += nf_ct_frag6_hash_rnd; 93 c += nf_frags.rnd;
124 __jhash_mix(a, b, c); 94 __jhash_mix(a, b, c);
125 95
126 a += (__force u32)saddr->s6_addr32[3]; 96 a += (__force u32)saddr->s6_addr32[3];
@@ -133,100 +103,54 @@ static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr,
133 c += (__force u32)id; 103 c += (__force u32)id;
134 __jhash_mix(a, b, c); 104 __jhash_mix(a, b, c);
135 105
136 return c & (FRAG6Q_HASHSZ - 1); 106 return c & (INETFRAGS_HASHSZ - 1);
137} 107}
138 108
139static struct timer_list nf_ct_frag6_secret_timer; 109static unsigned int nf_hashfn(struct inet_frag_queue *q)
140int nf_ct_frag6_secret_interval = 10 * 60 * HZ;
141
142static void nf_ct_frag6_secret_rebuild(unsigned long dummy)
143{ 110{
144 unsigned long now = jiffies; 111 struct nf_ct_frag6_queue *nq;
145 int i;
146
147 write_lock(&nf_ct_frag6_lock);
148 get_random_bytes(&nf_ct_frag6_hash_rnd, sizeof(u32));
149 for (i = 0; i < FRAG6Q_HASHSZ; i++) {
150 struct nf_ct_frag6_queue *q;
151 struct hlist_node *p, *n;
152
153 hlist_for_each_entry_safe(q, p, n, &nf_ct_frag6_hash[i], list) {
154 unsigned int hval = ip6qhashfn(q->id,
155 &q->saddr,
156 &q->daddr);
157 if (hval != i) {
158 hlist_del(&q->list);
159 /* Relink to new hash chain. */
160 hlist_add_head(&q->list,
161 &nf_ct_frag6_hash[hval]);
162 }
163 }
164 }
165 write_unlock(&nf_ct_frag6_lock);
166 112
167 mod_timer(&nf_ct_frag6_secret_timer, now + nf_ct_frag6_secret_interval); 113 nq = container_of(q, struct nf_ct_frag6_queue, q);
114 return ip6qhashfn(nq->id, &nq->saddr, &nq->daddr);
168} 115}
169 116
170atomic_t nf_ct_frag6_mem = ATOMIC_INIT(0); 117static void nf_skb_free(struct sk_buff *skb)
118{
119 if (NFCT_FRAG6_CB(skb)->orig)
120 kfree_skb(NFCT_FRAG6_CB(skb)->orig);
121}
171 122
172/* Memory Tracking Functions. */ 123/* Memory Tracking Functions. */
173static inline void frag_kfree_skb(struct sk_buff *skb, unsigned int *work) 124static inline void frag_kfree_skb(struct sk_buff *skb, unsigned int *work)
174{ 125{
175 if (work) 126 if (work)
176 *work -= skb->truesize; 127 *work -= skb->truesize;
177 atomic_sub(skb->truesize, &nf_ct_frag6_mem); 128 atomic_sub(skb->truesize, &nf_frags.mem);
178 if (NFCT_FRAG6_CB(skb)->orig) 129 nf_skb_free(skb);
179 kfree_skb(NFCT_FRAG6_CB(skb)->orig);
180
181 kfree_skb(skb); 130 kfree_skb(skb);
182} 131}
183 132
184static inline void frag_free_queue(struct nf_ct_frag6_queue *fq, 133static void nf_frag_free(struct inet_frag_queue *q)
185 unsigned int *work)
186{ 134{
187 if (work) 135 kfree(container_of(q, struct nf_ct_frag6_queue, q));
188 *work -= sizeof(struct nf_ct_frag6_queue);
189 atomic_sub(sizeof(struct nf_ct_frag6_queue), &nf_ct_frag6_mem);
190 kfree(fq);
191} 136}
192 137
193static inline struct nf_ct_frag6_queue *frag_alloc_queue(void) 138static inline struct nf_ct_frag6_queue *frag_alloc_queue(void)
194{ 139{
195 struct nf_ct_frag6_queue *fq = kmalloc(sizeof(struct nf_ct_frag6_queue), GFP_ATOMIC); 140 struct nf_ct_frag6_queue *fq;
196 141
197 if (!fq) 142 fq = kzalloc(sizeof(struct nf_ct_frag6_queue), GFP_ATOMIC);
143 if (fq == NULL)
198 return NULL; 144 return NULL;
199 atomic_add(sizeof(struct nf_ct_frag6_queue), &nf_ct_frag6_mem); 145 atomic_add(sizeof(struct nf_ct_frag6_queue), &nf_frags.mem);
200 return fq; 146 return fq;
201} 147}
202 148
203/* Destruction primitives. */ 149/* Destruction primitives. */
204 150
205/* Complete destruction of fq. */ 151static __inline__ void fq_put(struct nf_ct_frag6_queue *fq)
206static void nf_ct_frag6_destroy(struct nf_ct_frag6_queue *fq,
207 unsigned int *work)
208{ 152{
209 struct sk_buff *fp; 153 inet_frag_put(&fq->q, &nf_frags);
210
211 BUG_TRAP(fq->last_in&COMPLETE);
212 BUG_TRAP(del_timer(&fq->timer) == 0);
213
214 /* Release all fragment data. */
215 fp = fq->fragments;
216 while (fp) {
217 struct sk_buff *xp = fp->next;
218
219 frag_kfree_skb(fp, work);
220 fp = xp;
221 }
222
223 frag_free_queue(fq, work);
224}
225
226static __inline__ void fq_put(struct nf_ct_frag6_queue *fq, unsigned int *work)
227{
228 if (atomic_dec_and_test(&fq->refcnt))
229 nf_ct_frag6_destroy(fq, work);
230} 154}
231 155
232/* Kill fq entry. It is not destroyed immediately, 156/* Kill fq entry. It is not destroyed immediately,
@@ -234,62 +158,28 @@ static __inline__ void fq_put(struct nf_ct_frag6_queue *fq, unsigned int *work)
234 */ 158 */
235static __inline__ void fq_kill(struct nf_ct_frag6_queue *fq) 159static __inline__ void fq_kill(struct nf_ct_frag6_queue *fq)
236{ 160{
237 if (del_timer(&fq->timer)) 161 inet_frag_kill(&fq->q, &nf_frags);
238 atomic_dec(&fq->refcnt);
239
240 if (!(fq->last_in & COMPLETE)) {
241 fq_unlink(fq);
242 atomic_dec(&fq->refcnt);
243 fq->last_in |= COMPLETE;
244 }
245} 162}
246 163
247static void nf_ct_frag6_evictor(void) 164static void nf_ct_frag6_evictor(void)
248{ 165{
249 struct nf_ct_frag6_queue *fq; 166 inet_frag_evictor(&nf_frags);
250 struct list_head *tmp;
251 unsigned int work;
252
253 work = atomic_read(&nf_ct_frag6_mem);
254 if (work <= nf_ct_frag6_low_thresh)
255 return;
256
257 work -= nf_ct_frag6_low_thresh;
258 while (work > 0) {
259 read_lock(&nf_ct_frag6_lock);
260 if (list_empty(&nf_ct_frag6_lru_list)) {
261 read_unlock(&nf_ct_frag6_lock);
262 return;
263 }
264 tmp = nf_ct_frag6_lru_list.next;
265 BUG_ON(tmp == NULL);
266 fq = list_entry(tmp, struct nf_ct_frag6_queue, lru_list);
267 atomic_inc(&fq->refcnt);
268 read_unlock(&nf_ct_frag6_lock);
269
270 spin_lock(&fq->lock);
271 if (!(fq->last_in&COMPLETE))
272 fq_kill(fq);
273 spin_unlock(&fq->lock);
274
275 fq_put(fq, &work);
276 }
277} 167}
278 168
279static void nf_ct_frag6_expire(unsigned long data) 169static void nf_ct_frag6_expire(unsigned long data)
280{ 170{
281 struct nf_ct_frag6_queue *fq = (struct nf_ct_frag6_queue *) data; 171 struct nf_ct_frag6_queue *fq = (struct nf_ct_frag6_queue *) data;
282 172
283 spin_lock(&fq->lock); 173 spin_lock(&fq->q.lock);
284 174
285 if (fq->last_in & COMPLETE) 175 if (fq->q.last_in & COMPLETE)
286 goto out; 176 goto out;
287 177
288 fq_kill(fq); 178 fq_kill(fq);
289 179
290out: 180out:
291 spin_unlock(&fq->lock); 181 spin_unlock(&fq->q.lock);
292 fq_put(fq, NULL); 182 fq_put(fq);
293} 183}
294 184
295/* Creation primitives. */ 185/* Creation primitives. */
@@ -302,31 +192,31 @@ static struct nf_ct_frag6_queue *nf_ct_frag6_intern(unsigned int hash,
302 struct hlist_node *n; 192 struct hlist_node *n;
303#endif 193#endif
304 194
305 write_lock(&nf_ct_frag6_lock); 195 write_lock(&nf_frags.lock);
306#ifdef CONFIG_SMP 196#ifdef CONFIG_SMP
307 hlist_for_each_entry(fq, n, &nf_ct_frag6_hash[hash], list) { 197 hlist_for_each_entry(fq, n, &nf_frags.hash[hash], q.list) {
308 if (fq->id == fq_in->id && 198 if (fq->id == fq_in->id &&
309 ipv6_addr_equal(&fq_in->saddr, &fq->saddr) && 199 ipv6_addr_equal(&fq_in->saddr, &fq->saddr) &&
310 ipv6_addr_equal(&fq_in->daddr, &fq->daddr)) { 200 ipv6_addr_equal(&fq_in->daddr, &fq->daddr)) {
311 atomic_inc(&fq->refcnt); 201 atomic_inc(&fq->q.refcnt);
312 write_unlock(&nf_ct_frag6_lock); 202 write_unlock(&nf_frags.lock);
313 fq_in->last_in |= COMPLETE; 203 fq_in->q.last_in |= COMPLETE;
314 fq_put(fq_in, NULL); 204 fq_put(fq_in);
315 return fq; 205 return fq;
316 } 206 }
317 } 207 }
318#endif 208#endif
319 fq = fq_in; 209 fq = fq_in;
320 210
321 if (!mod_timer(&fq->timer, jiffies + nf_ct_frag6_timeout)) 211 if (!mod_timer(&fq->q.timer, jiffies + nf_frags_ctl.timeout))
322 atomic_inc(&fq->refcnt); 212 atomic_inc(&fq->q.refcnt);
323 213
324 atomic_inc(&fq->refcnt); 214 atomic_inc(&fq->q.refcnt);
325 hlist_add_head(&fq->list, &nf_ct_frag6_hash[hash]); 215 hlist_add_head(&fq->q.list, &nf_frags.hash[hash]);
326 INIT_LIST_HEAD(&fq->lru_list); 216 INIT_LIST_HEAD(&fq->q.lru_list);
327 list_add_tail(&fq->lru_list, &nf_ct_frag6_lru_list); 217 list_add_tail(&fq->q.lru_list, &nf_frags.lru_list);
328 nf_ct_frag6_nqueues++; 218 nf_frags.nqueues++;
329 write_unlock(&nf_ct_frag6_lock); 219 write_unlock(&nf_frags.lock);
330 return fq; 220 return fq;
331} 221}
332 222
@@ -341,15 +231,13 @@ nf_ct_frag6_create(unsigned int hash, __be32 id, struct in6_addr *src, str
341 goto oom; 231 goto oom;
342 } 232 }
343 233
344 memset(fq, 0, sizeof(struct nf_ct_frag6_queue));
345
346 fq->id = id; 234 fq->id = id;
347 ipv6_addr_copy(&fq->saddr, src); 235 ipv6_addr_copy(&fq->saddr, src);
348 ipv6_addr_copy(&fq->daddr, dst); 236 ipv6_addr_copy(&fq->daddr, dst);
349 237
350 setup_timer(&fq->timer, nf_ct_frag6_expire, (unsigned long)fq); 238 setup_timer(&fq->q.timer, nf_ct_frag6_expire, (unsigned long)fq);
351 spin_lock_init(&fq->lock); 239 spin_lock_init(&fq->q.lock);
352 atomic_set(&fq->refcnt, 1); 240 atomic_set(&fq->q.refcnt, 1);
353 241
354 return nf_ct_frag6_intern(hash, fq); 242 return nf_ct_frag6_intern(hash, fq);
355 243
@@ -364,17 +252,17 @@ fq_find(__be32 id, struct in6_addr *src, struct in6_addr *dst)
364 struct hlist_node *n; 252 struct hlist_node *n;
365 unsigned int hash = ip6qhashfn(id, src, dst); 253 unsigned int hash = ip6qhashfn(id, src, dst);
366 254
367 read_lock(&nf_ct_frag6_lock); 255 read_lock(&nf_frags.lock);
368 hlist_for_each_entry(fq, n, &nf_ct_frag6_hash[hash], list) { 256 hlist_for_each_entry(fq, n, &nf_frags.hash[hash], q.list) {
369 if (fq->id == id && 257 if (fq->id == id &&
370 ipv6_addr_equal(src, &fq->saddr) && 258 ipv6_addr_equal(src, &fq->saddr) &&
371 ipv6_addr_equal(dst, &fq->daddr)) { 259 ipv6_addr_equal(dst, &fq->daddr)) {
372 atomic_inc(&fq->refcnt); 260 atomic_inc(&fq->q.refcnt);
373 read_unlock(&nf_ct_frag6_lock); 261 read_unlock(&nf_frags.lock);
374 return fq; 262 return fq;
375 } 263 }
376 } 264 }
377 read_unlock(&nf_ct_frag6_lock); 265 read_unlock(&nf_frags.lock);
378 266
379 return nf_ct_frag6_create(hash, id, src, dst); 267 return nf_ct_frag6_create(hash, id, src, dst);
380} 268}
@@ -386,7 +274,7 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb,
386 struct sk_buff *prev, *next; 274 struct sk_buff *prev, *next;
387 int offset, end; 275 int offset, end;
388 276
389 if (fq->last_in & COMPLETE) { 277 if (fq->q.last_in & COMPLETE) {
390 pr_debug("Allready completed\n"); 278 pr_debug("Allready completed\n");
391 goto err; 279 goto err;
392 } 280 }
@@ -412,13 +300,13 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb,
412 /* If we already have some bits beyond end 300 /* If we already have some bits beyond end
413 * or have different end, the segment is corrupted. 301 * or have different end, the segment is corrupted.
414 */ 302 */
415 if (end < fq->len || 303 if (end < fq->q.len ||
416 ((fq->last_in & LAST_IN) && end != fq->len)) { 304 ((fq->q.last_in & LAST_IN) && end != fq->q.len)) {
417 pr_debug("already received last fragment\n"); 305 pr_debug("already received last fragment\n");
418 goto err; 306 goto err;
419 } 307 }
420 fq->last_in |= LAST_IN; 308 fq->q.last_in |= LAST_IN;
421 fq->len = end; 309 fq->q.len = end;
422 } else { 310 } else {
423 /* Check if the fragment is rounded to 8 bytes. 311 /* Check if the fragment is rounded to 8 bytes.
424 * Required by the RFC. 312 * Required by the RFC.
@@ -430,13 +318,13 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb,
430 pr_debug("end of fragment not rounded to 8 bytes.\n"); 318 pr_debug("end of fragment not rounded to 8 bytes.\n");
431 return -1; 319 return -1;
432 } 320 }
433 if (end > fq->len) { 321 if (end > fq->q.len) {
434 /* Some bits beyond end -> corruption. */ 322 /* Some bits beyond end -> corruption. */
435 if (fq->last_in & LAST_IN) { 323 if (fq->q.last_in & LAST_IN) {
436 pr_debug("last packet already reached.\n"); 324 pr_debug("last packet already reached.\n");
437 goto err; 325 goto err;
438 } 326 }
439 fq->len = end; 327 fq->q.len = end;
440 } 328 }
441 } 329 }
442 330
@@ -458,7 +346,7 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb,
458 * this fragment, right? 346 * this fragment, right?
459 */ 347 */
460 prev = NULL; 348 prev = NULL;
461 for (next = fq->fragments; next != NULL; next = next->next) { 349 for (next = fq->q.fragments; next != NULL; next = next->next) {
462 if (NFCT_FRAG6_CB(next)->offset >= offset) 350 if (NFCT_FRAG6_CB(next)->offset >= offset)
463 break; /* bingo! */ 351 break; /* bingo! */
464 prev = next; 352 prev = next;
@@ -503,7 +391,7 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb,
503 391
504 /* next fragment */ 392 /* next fragment */
505 NFCT_FRAG6_CB(next)->offset += i; 393 NFCT_FRAG6_CB(next)->offset += i;
506 fq->meat -= i; 394 fq->q.meat -= i;
507 if (next->ip_summed != CHECKSUM_UNNECESSARY) 395 if (next->ip_summed != CHECKSUM_UNNECESSARY)
508 next->ip_summed = CHECKSUM_NONE; 396 next->ip_summed = CHECKSUM_NONE;
509 break; 397 break;
@@ -518,9 +406,9 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb,
518 if (prev) 406 if (prev)
519 prev->next = next; 407 prev->next = next;
520 else 408 else
521 fq->fragments = next; 409 fq->q.fragments = next;
522 410
523 fq->meat -= free_it->len; 411 fq->q.meat -= free_it->len;
524 frag_kfree_skb(free_it, NULL); 412 frag_kfree_skb(free_it, NULL);
525 } 413 }
526 } 414 }
@@ -532,23 +420,23 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb,
532 if (prev) 420 if (prev)
533 prev->next = skb; 421 prev->next = skb;
534 else 422 else
535 fq->fragments = skb; 423 fq->q.fragments = skb;
536 424
537 skb->dev = NULL; 425 skb->dev = NULL;
538 fq->stamp = skb->tstamp; 426 fq->q.stamp = skb->tstamp;
539 fq->meat += skb->len; 427 fq->q.meat += skb->len;
540 atomic_add(skb->truesize, &nf_ct_frag6_mem); 428 atomic_add(skb->truesize, &nf_frags.mem);
541 429
542 /* The first fragment. 430 /* The first fragment.
543 * nhoffset is obtained from the first fragment, of course. 431 * nhoffset is obtained from the first fragment, of course.
544 */ 432 */
545 if (offset == 0) { 433 if (offset == 0) {
546 fq->nhoffset = nhoff; 434 fq->nhoffset = nhoff;
547 fq->last_in |= FIRST_IN; 435 fq->q.last_in |= FIRST_IN;
548 } 436 }
549 write_lock(&nf_ct_frag6_lock); 437 write_lock(&nf_frags.lock);
550 list_move_tail(&fq->lru_list, &nf_ct_frag6_lru_list); 438 list_move_tail(&fq->q.lru_list, &nf_frags.lru_list);
551 write_unlock(&nf_ct_frag6_lock); 439 write_unlock(&nf_frags.lock);
552 return 0; 440 return 0;
553 441
554err: 442err:
@@ -567,7 +455,7 @@ err:
567static struct sk_buff * 455static struct sk_buff *
568nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev) 456nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev)
569{ 457{
570 struct sk_buff *fp, *op, *head = fq->fragments; 458 struct sk_buff *fp, *op, *head = fq->q.fragments;
571 int payload_len; 459 int payload_len;
572 460
573 fq_kill(fq); 461 fq_kill(fq);
@@ -577,7 +465,7 @@ nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev)
577 465
578 /* Unfragmented part is taken from the first segment. */ 466 /* Unfragmented part is taken from the first segment. */
579 payload_len = ((head->data - skb_network_header(head)) - 467 payload_len = ((head->data - skb_network_header(head)) -
580 sizeof(struct ipv6hdr) + fq->len - 468 sizeof(struct ipv6hdr) + fq->q.len -
581 sizeof(struct frag_hdr)); 469 sizeof(struct frag_hdr));
582 if (payload_len > IPV6_MAXPLEN) { 470 if (payload_len > IPV6_MAXPLEN) {
583 pr_debug("payload len is too large.\n"); 471 pr_debug("payload len is too large.\n");
@@ -614,7 +502,7 @@ nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev)
614 clone->ip_summed = head->ip_summed; 502 clone->ip_summed = head->ip_summed;
615 503
616 NFCT_FRAG6_CB(clone)->orig = NULL; 504 NFCT_FRAG6_CB(clone)->orig = NULL;
617 atomic_add(clone->truesize, &nf_ct_frag6_mem); 505 atomic_add(clone->truesize, &nf_frags.mem);
618 } 506 }
619 507
620 /* We have to remove fragment header from datagram and to relocate 508 /* We have to remove fragment header from datagram and to relocate
@@ -628,7 +516,7 @@ nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev)
628 skb_shinfo(head)->frag_list = head->next; 516 skb_shinfo(head)->frag_list = head->next;
629 skb_reset_transport_header(head); 517 skb_reset_transport_header(head);
630 skb_push(head, head->data - skb_network_header(head)); 518 skb_push(head, head->data - skb_network_header(head));
631 atomic_sub(head->truesize, &nf_ct_frag6_mem); 519 atomic_sub(head->truesize, &nf_frags.mem);
632 520
633 for (fp=head->next; fp; fp = fp->next) { 521 for (fp=head->next; fp; fp = fp->next) {
634 head->data_len += fp->len; 522 head->data_len += fp->len;
@@ -638,12 +526,12 @@ nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev)
638 else if (head->ip_summed == CHECKSUM_COMPLETE) 526 else if (head->ip_summed == CHECKSUM_COMPLETE)
639 head->csum = csum_add(head->csum, fp->csum); 527 head->csum = csum_add(head->csum, fp->csum);
640 head->truesize += fp->truesize; 528 head->truesize += fp->truesize;
641 atomic_sub(fp->truesize, &nf_ct_frag6_mem); 529 atomic_sub(fp->truesize, &nf_frags.mem);
642 } 530 }
643 531
644 head->next = NULL; 532 head->next = NULL;
645 head->dev = dev; 533 head->dev = dev;
646 head->tstamp = fq->stamp; 534 head->tstamp = fq->q.stamp;
647 ipv6_hdr(head)->payload_len = htons(payload_len); 535 ipv6_hdr(head)->payload_len = htons(payload_len);
648 536
649 /* Yes, and fold redundant checksum back. 8) */ 537 /* Yes, and fold redundant checksum back. 8) */
@@ -652,7 +540,7 @@ nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev)
652 skb_network_header_len(head), 540 skb_network_header_len(head),
653 head->csum); 541 head->csum);
654 542
655 fq->fragments = NULL; 543 fq->q.fragments = NULL;
656 544
657 /* all original skbs are linked into the NFCT_FRAG6_CB(head).orig */ 545 /* all original skbs are linked into the NFCT_FRAG6_CB(head).orig */
658 fp = skb_shinfo(head)->frag_list; 546 fp = skb_shinfo(head)->frag_list;
@@ -788,7 +676,7 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb)
788 goto ret_orig; 676 goto ret_orig;
789 } 677 }
790 678
791 if (atomic_read(&nf_ct_frag6_mem) > nf_ct_frag6_high_thresh) 679 if (atomic_read(&nf_frags.mem) > nf_frags_ctl.high_thresh)
792 nf_ct_frag6_evictor(); 680 nf_ct_frag6_evictor();
793 681
794 fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr); 682 fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr);
@@ -797,23 +685,23 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb)
797 goto ret_orig; 685 goto ret_orig;
798 } 686 }
799 687
800 spin_lock(&fq->lock); 688 spin_lock(&fq->q.lock);
801 689
802 if (nf_ct_frag6_queue(fq, clone, fhdr, nhoff) < 0) { 690 if (nf_ct_frag6_queue(fq, clone, fhdr, nhoff) < 0) {
803 spin_unlock(&fq->lock); 691 spin_unlock(&fq->q.lock);
804 pr_debug("Can't insert skb to queue\n"); 692 pr_debug("Can't insert skb to queue\n");
805 fq_put(fq, NULL); 693 fq_put(fq);
806 goto ret_orig; 694 goto ret_orig;
807 } 695 }
808 696
809 if (fq->last_in == (FIRST_IN|LAST_IN) && fq->meat == fq->len) { 697 if (fq->q.last_in == (FIRST_IN|LAST_IN) && fq->q.meat == fq->q.len) {
810 ret_skb = nf_ct_frag6_reasm(fq, dev); 698 ret_skb = nf_ct_frag6_reasm(fq, dev);
811 if (ret_skb == NULL) 699 if (ret_skb == NULL)
812 pr_debug("Can't reassemble fragmented packets\n"); 700 pr_debug("Can't reassemble fragmented packets\n");
813 } 701 }
814 spin_unlock(&fq->lock); 702 spin_unlock(&fq->q.lock);
815 703
816 fq_put(fq, NULL); 704 fq_put(fq);
817 return ret_skb; 705 return ret_skb;
818 706
819ret_orig: 707ret_orig:
@@ -859,20 +747,20 @@ int nf_ct_frag6_kfree_frags(struct sk_buff *skb)
859 747
860int nf_ct_frag6_init(void) 748int nf_ct_frag6_init(void)
861{ 749{
862 nf_ct_frag6_hash_rnd = (u32) ((num_physpages ^ (num_physpages>>7)) ^ 750 nf_frags.ctl = &nf_frags_ctl;
863 (jiffies ^ (jiffies >> 6))); 751 nf_frags.hashfn = nf_hashfn;
864 752 nf_frags.destructor = nf_frag_free;
865 setup_timer(&nf_ct_frag6_secret_timer, nf_ct_frag6_secret_rebuild, 0); 753 nf_frags.skb_free = nf_skb_free;
866 nf_ct_frag6_secret_timer.expires = jiffies 754 nf_frags.qsize = sizeof(struct nf_ct_frag6_queue);
867 + nf_ct_frag6_secret_interval; 755 inet_frags_init(&nf_frags);
868 add_timer(&nf_ct_frag6_secret_timer);
869 756
870 return 0; 757 return 0;
871} 758}
872 759
873void nf_ct_frag6_cleanup(void) 760void nf_ct_frag6_cleanup(void)
874{ 761{
875 del_timer(&nf_ct_frag6_secret_timer); 762 inet_frags_fini(&nf_frags);
876 nf_ct_frag6_low_thresh = 0; 763
764 nf_frags_ctl.low_thresh = 0;
877 nf_ct_frag6_evictor(); 765 nf_ct_frag6_evictor();
878} 766}
diff --git a/net/ipv6/proc.c b/net/ipv6/proc.c
index db945018579e..be526ad92543 100644
--- a/net/ipv6/proc.c
+++ b/net/ipv6/proc.c
@@ -54,7 +54,7 @@ static int sockstat6_seq_show(struct seq_file *seq, void *v)
54 seq_printf(seq, "RAW6: inuse %d\n", 54 seq_printf(seq, "RAW6: inuse %d\n",
55 fold_prot_inuse(&rawv6_prot)); 55 fold_prot_inuse(&rawv6_prot));
56 seq_printf(seq, "FRAG6: inuse %d memory %d\n", 56 seq_printf(seq, "FRAG6: inuse %d memory %d\n",
57 ip6_frag_nqueues, atomic_read(&ip6_frag_mem)); 57 ip6_frag_nqueues(), ip6_frag_mem());
58 return 0; 58 return 0;
59} 59}
60 60
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 31601c993541..6ad19cfc2025 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -42,6 +42,7 @@
42#include <linux/icmpv6.h> 42#include <linux/icmpv6.h>
43#include <linux/random.h> 43#include <linux/random.h>
44#include <linux/jhash.h> 44#include <linux/jhash.h>
45#include <linux/skbuff.h>
45 46
46#include <net/sock.h> 47#include <net/sock.h>
47#include <net/snmp.h> 48#include <net/snmp.h>
@@ -53,11 +54,7 @@
53#include <net/rawv6.h> 54#include <net/rawv6.h>
54#include <net/ndisc.h> 55#include <net/ndisc.h>
55#include <net/addrconf.h> 56#include <net/addrconf.h>
56 57#include <net/inet_frag.h>
57int sysctl_ip6frag_high_thresh __read_mostly = 256*1024;
58int sysctl_ip6frag_low_thresh __read_mostly = 192*1024;
59
60int sysctl_ip6frag_time __read_mostly = IPV6_FRAG_TIMEOUT;
61 58
62struct ip6frag_skb_cb 59struct ip6frag_skb_cb
63{ 60{
@@ -74,53 +71,39 @@ struct ip6frag_skb_cb
74 71
75struct frag_queue 72struct frag_queue
76{ 73{
77 struct hlist_node list; 74 struct inet_frag_queue q;
78 struct list_head lru_list; /* lru list member */
79 75
80 __be32 id; /* fragment id */ 76 __be32 id; /* fragment id */
81 struct in6_addr saddr; 77 struct in6_addr saddr;
82 struct in6_addr daddr; 78 struct in6_addr daddr;
83 79
84 spinlock_t lock;
85 atomic_t refcnt;
86 struct timer_list timer; /* expire timer */
87 struct sk_buff *fragments;
88 int len;
89 int meat;
90 int iif; 80 int iif;
91 ktime_t stamp;
92 unsigned int csum; 81 unsigned int csum;
93 __u8 last_in; /* has first/last segment arrived? */
94#define COMPLETE 4
95#define FIRST_IN 2
96#define LAST_IN 1
97 __u16 nhoffset; 82 __u16 nhoffset;
98}; 83};
99 84
100/* Hash table. */ 85struct inet_frags_ctl ip6_frags_ctl __read_mostly = {
101 86 .high_thresh = 256 * 1024,
102#define IP6Q_HASHSZ 64 87 .low_thresh = 192 * 1024,
88 .timeout = IPV6_FRAG_TIMEOUT,
89 .secret_interval = 10 * 60 * HZ,
90};
103 91
104static struct hlist_head ip6_frag_hash[IP6Q_HASHSZ]; 92static struct inet_frags ip6_frags;
105static DEFINE_RWLOCK(ip6_frag_lock);
106static u32 ip6_frag_hash_rnd;
107static LIST_HEAD(ip6_frag_lru_list);
108int ip6_frag_nqueues = 0;
109 93
110static __inline__ void __fq_unlink(struct frag_queue *fq) 94int ip6_frag_nqueues(void)
111{ 95{
112 hlist_del(&fq->list); 96 return ip6_frags.nqueues;
113 list_del(&fq->lru_list);
114 ip6_frag_nqueues--;
115} 97}
116 98
117static __inline__ void fq_unlink(struct frag_queue *fq) 99int ip6_frag_mem(void)
118{ 100{
119 write_lock(&ip6_frag_lock); 101 return atomic_read(&ip6_frags.mem);
120 __fq_unlink(fq);
121 write_unlock(&ip6_frag_lock);
122} 102}
123 103
104static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *prev,
105 struct net_device *dev);
106
124/* 107/*
125 * callers should be careful not to use the hash value outside the ipfrag_lock 108 * callers should be careful not to use the hash value outside the ipfrag_lock
126 * as doing so could race with ipfrag_hash_rnd being recalculated. 109 * as doing so could race with ipfrag_hash_rnd being recalculated.
@@ -136,7 +119,7 @@ static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr,
136 119
137 a += JHASH_GOLDEN_RATIO; 120 a += JHASH_GOLDEN_RATIO;
138 b += JHASH_GOLDEN_RATIO; 121 b += JHASH_GOLDEN_RATIO;
139 c += ip6_frag_hash_rnd; 122 c += ip6_frags.rnd;
140 __jhash_mix(a, b, c); 123 __jhash_mix(a, b, c);
141 124
142 a += (__force u32)saddr->s6_addr32[3]; 125 a += (__force u32)saddr->s6_addr32[3];
@@ -149,60 +132,29 @@ static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr,
149 c += (__force u32)id; 132 c += (__force u32)id;
150 __jhash_mix(a, b, c); 133 __jhash_mix(a, b, c);
151 134
152 return c & (IP6Q_HASHSZ - 1); 135 return c & (INETFRAGS_HASHSZ - 1);
153} 136}
154 137
155static struct timer_list ip6_frag_secret_timer; 138static unsigned int ip6_hashfn(struct inet_frag_queue *q)
156int sysctl_ip6frag_secret_interval __read_mostly = 10 * 60 * HZ;
157
158static void ip6_frag_secret_rebuild(unsigned long dummy)
159{ 139{
160 unsigned long now = jiffies; 140 struct frag_queue *fq;
161 int i;
162
163 write_lock(&ip6_frag_lock);
164 get_random_bytes(&ip6_frag_hash_rnd, sizeof(u32));
165 for (i = 0; i < IP6Q_HASHSZ; i++) {
166 struct frag_queue *q;
167 struct hlist_node *p, *n;
168
169 hlist_for_each_entry_safe(q, p, n, &ip6_frag_hash[i], list) {
170 unsigned int hval = ip6qhashfn(q->id,
171 &q->saddr,
172 &q->daddr);
173
174 if (hval != i) {
175 hlist_del(&q->list);
176
177 /* Relink to new hash chain. */
178 hlist_add_head(&q->list,
179 &ip6_frag_hash[hval]);
180
181 }
182 }
183 }
184 write_unlock(&ip6_frag_lock);
185 141
186 mod_timer(&ip6_frag_secret_timer, now + sysctl_ip6frag_secret_interval); 142 fq = container_of(q, struct frag_queue, q);
143 return ip6qhashfn(fq->id, &fq->saddr, &fq->daddr);
187} 144}
188 145
189atomic_t ip6_frag_mem = ATOMIC_INIT(0);
190
191/* Memory Tracking Functions. */ 146/* Memory Tracking Functions. */
192static inline void frag_kfree_skb(struct sk_buff *skb, int *work) 147static inline void frag_kfree_skb(struct sk_buff *skb, int *work)
193{ 148{
194 if (work) 149 if (work)
195 *work -= skb->truesize; 150 *work -= skb->truesize;
196 atomic_sub(skb->truesize, &ip6_frag_mem); 151 atomic_sub(skb->truesize, &ip6_frags.mem);
197 kfree_skb(skb); 152 kfree_skb(skb);
198} 153}
199 154
200static inline void frag_free_queue(struct frag_queue *fq, int *work) 155static void ip6_frag_free(struct inet_frag_queue *fq)
201{ 156{
202 if (work) 157 kfree(container_of(fq, struct frag_queue, q));
203 *work -= sizeof(struct frag_queue);
204 atomic_sub(sizeof(struct frag_queue), &ip6_frag_mem);
205 kfree(fq);
206} 158}
207 159
208static inline struct frag_queue *frag_alloc_queue(void) 160static inline struct frag_queue *frag_alloc_queue(void)
@@ -211,36 +163,15 @@ static inline struct frag_queue *frag_alloc_queue(void)
211 163
212 if(!fq) 164 if(!fq)
213 return NULL; 165 return NULL;
214 atomic_add(sizeof(struct frag_queue), &ip6_frag_mem); 166 atomic_add(sizeof(struct frag_queue), &ip6_frags.mem);
215 return fq; 167 return fq;
216} 168}
217 169
218/* Destruction primitives. */ 170/* Destruction primitives. */
219 171
220/* Complete destruction of fq. */ 172static __inline__ void fq_put(struct frag_queue *fq)
221static void ip6_frag_destroy(struct frag_queue *fq, int *work)
222{
223 struct sk_buff *fp;
224
225 BUG_TRAP(fq->last_in&COMPLETE);
226 BUG_TRAP(del_timer(&fq->timer) == 0);
227
228 /* Release all fragment data. */
229 fp = fq->fragments;
230 while (fp) {
231 struct sk_buff *xp = fp->next;
232
233 frag_kfree_skb(fp, work);
234 fp = xp;
235 }
236
237 frag_free_queue(fq, work);
238}
239
240static __inline__ void fq_put(struct frag_queue *fq, int *work)
241{ 173{
242 if (atomic_dec_and_test(&fq->refcnt)) 174 inet_frag_put(&fq->q, &ip6_frags);
243 ip6_frag_destroy(fq, work);
244} 175}
245 176
246/* Kill fq entry. It is not destroyed immediately, 177/* Kill fq entry. It is not destroyed immediately,
@@ -248,45 +179,16 @@ static __inline__ void fq_put(struct frag_queue *fq, int *work)
248 */ 179 */
249static __inline__ void fq_kill(struct frag_queue *fq) 180static __inline__ void fq_kill(struct frag_queue *fq)
250{ 181{
251 if (del_timer(&fq->timer)) 182 inet_frag_kill(&fq->q, &ip6_frags);
252 atomic_dec(&fq->refcnt);
253
254 if (!(fq->last_in & COMPLETE)) {
255 fq_unlink(fq);
256 atomic_dec(&fq->refcnt);
257 fq->last_in |= COMPLETE;
258 }
259} 183}
260 184
261static void ip6_evictor(struct inet6_dev *idev) 185static void ip6_evictor(struct inet6_dev *idev)
262{ 186{
263 struct frag_queue *fq; 187 int evicted;
264 struct list_head *tmp; 188
265 int work; 189 evicted = inet_frag_evictor(&ip6_frags);
266 190 if (evicted)
267 work = atomic_read(&ip6_frag_mem) - sysctl_ip6frag_low_thresh; 191 IP6_ADD_STATS_BH(idev, IPSTATS_MIB_REASMFAILS, evicted);
268 if (work <= 0)
269 return;
270
271 while(work > 0) {
272 read_lock(&ip6_frag_lock);
273 if (list_empty(&ip6_frag_lru_list)) {
274 read_unlock(&ip6_frag_lock);
275 return;
276 }
277 tmp = ip6_frag_lru_list.next;
278 fq = list_entry(tmp, struct frag_queue, lru_list);
279 atomic_inc(&fq->refcnt);
280 read_unlock(&ip6_frag_lock);
281
282 spin_lock(&fq->lock);
283 if (!(fq->last_in&COMPLETE))
284 fq_kill(fq);
285 spin_unlock(&fq->lock);
286
287 fq_put(fq, &work);
288 IP6_INC_STATS_BH(idev, IPSTATS_MIB_REASMFAILS);
289 }
290} 192}
291 193
292static void ip6_frag_expire(unsigned long data) 194static void ip6_frag_expire(unsigned long data)
@@ -294,9 +196,9 @@ static void ip6_frag_expire(unsigned long data)
294 struct frag_queue *fq = (struct frag_queue *) data; 196 struct frag_queue *fq = (struct frag_queue *) data;
295 struct net_device *dev = NULL; 197 struct net_device *dev = NULL;
296 198
297 spin_lock(&fq->lock); 199 spin_lock(&fq->q.lock);
298 200
299 if (fq->last_in & COMPLETE) 201 if (fq->q.last_in & COMPLETE)
300 goto out; 202 goto out;
301 203
302 fq_kill(fq); 204 fq_kill(fq);
@@ -311,7 +213,7 @@ static void ip6_frag_expire(unsigned long data)
311 rcu_read_unlock(); 213 rcu_read_unlock();
312 214
313 /* Don't send error if the first segment did not arrive. */ 215 /* Don't send error if the first segment did not arrive. */
314 if (!(fq->last_in&FIRST_IN) || !fq->fragments) 216 if (!(fq->q.last_in&FIRST_IN) || !fq->q.fragments)
315 goto out; 217 goto out;
316 218
317 /* 219 /*
@@ -319,13 +221,13 @@ static void ip6_frag_expire(unsigned long data)
319 segment was received. And do not use fq->dev 221 segment was received. And do not use fq->dev
320 pointer directly, device might already disappeared. 222 pointer directly, device might already disappeared.
321 */ 223 */
322 fq->fragments->dev = dev; 224 fq->q.fragments->dev = dev;
323 icmpv6_send(fq->fragments, ICMPV6_TIME_EXCEED, ICMPV6_EXC_FRAGTIME, 0, dev); 225 icmpv6_send(fq->q.fragments, ICMPV6_TIME_EXCEED, ICMPV6_EXC_FRAGTIME, 0, dev);
324out: 226out:
325 if (dev) 227 if (dev)
326 dev_put(dev); 228 dev_put(dev);
327 spin_unlock(&fq->lock); 229 spin_unlock(&fq->q.lock);
328 fq_put(fq, NULL); 230 fq_put(fq);
329} 231}
330 232
331/* Creation primitives. */ 233/* Creation primitives. */
@@ -339,32 +241,32 @@ static struct frag_queue *ip6_frag_intern(struct frag_queue *fq_in)
339 struct hlist_node *n; 241 struct hlist_node *n;
340#endif 242#endif
341 243
342 write_lock(&ip6_frag_lock); 244 write_lock(&ip6_frags.lock);
343 hash = ip6qhashfn(fq_in->id, &fq_in->saddr, &fq_in->daddr); 245 hash = ip6qhashfn(fq_in->id, &fq_in->saddr, &fq_in->daddr);
344#ifdef CONFIG_SMP 246#ifdef CONFIG_SMP
345 hlist_for_each_entry(fq, n, &ip6_frag_hash[hash], list) { 247 hlist_for_each_entry(fq, n, &ip6_frags.hash[hash], q.list) {
346 if (fq->id == fq_in->id && 248 if (fq->id == fq_in->id &&
347 ipv6_addr_equal(&fq_in->saddr, &fq->saddr) && 249 ipv6_addr_equal(&fq_in->saddr, &fq->saddr) &&
348 ipv6_addr_equal(&fq_in->daddr, &fq->daddr)) { 250 ipv6_addr_equal(&fq_in->daddr, &fq->daddr)) {
349 atomic_inc(&fq->refcnt); 251 atomic_inc(&fq->q.refcnt);
350 write_unlock(&ip6_frag_lock); 252 write_unlock(&ip6_frags.lock);
351 fq_in->last_in |= COMPLETE; 253 fq_in->q.last_in |= COMPLETE;
352 fq_put(fq_in, NULL); 254 fq_put(fq_in);
353 return fq; 255 return fq;
354 } 256 }
355 } 257 }
356#endif 258#endif
357 fq = fq_in; 259 fq = fq_in;
358 260
359 if (!mod_timer(&fq->timer, jiffies + sysctl_ip6frag_time)) 261 if (!mod_timer(&fq->q.timer, jiffies + ip6_frags_ctl.timeout))
360 atomic_inc(&fq->refcnt); 262 atomic_inc(&fq->q.refcnt);
361 263
362 atomic_inc(&fq->refcnt); 264 atomic_inc(&fq->q.refcnt);
363 hlist_add_head(&fq->list, &ip6_frag_hash[hash]); 265 hlist_add_head(&fq->q.list, &ip6_frags.hash[hash]);
364 INIT_LIST_HEAD(&fq->lru_list); 266 INIT_LIST_HEAD(&fq->q.lru_list);
365 list_add_tail(&fq->lru_list, &ip6_frag_lru_list); 267 list_add_tail(&fq->q.lru_list, &ip6_frags.lru_list);
366 ip6_frag_nqueues++; 268 ip6_frags.nqueues++;
367 write_unlock(&ip6_frag_lock); 269 write_unlock(&ip6_frags.lock);
368 return fq; 270 return fq;
369} 271}
370 272
@@ -382,11 +284,11 @@ ip6_frag_create(__be32 id, struct in6_addr *src, struct in6_addr *dst,
382 ipv6_addr_copy(&fq->saddr, src); 284 ipv6_addr_copy(&fq->saddr, src);
383 ipv6_addr_copy(&fq->daddr, dst); 285 ipv6_addr_copy(&fq->daddr, dst);
384 286
385 init_timer(&fq->timer); 287 init_timer(&fq->q.timer);
386 fq->timer.function = ip6_frag_expire; 288 fq->q.timer.function = ip6_frag_expire;
387 fq->timer.data = (long) fq; 289 fq->q.timer.data = (long) fq;
388 spin_lock_init(&fq->lock); 290 spin_lock_init(&fq->q.lock);
389 atomic_set(&fq->refcnt, 1); 291 atomic_set(&fq->q.refcnt, 1);
390 292
391 return ip6_frag_intern(fq); 293 return ip6_frag_intern(fq);
392 294
@@ -403,30 +305,31 @@ fq_find(__be32 id, struct in6_addr *src, struct in6_addr *dst,
403 struct hlist_node *n; 305 struct hlist_node *n;
404 unsigned int hash; 306 unsigned int hash;
405 307
406 read_lock(&ip6_frag_lock); 308 read_lock(&ip6_frags.lock);
407 hash = ip6qhashfn(id, src, dst); 309 hash = ip6qhashfn(id, src, dst);
408 hlist_for_each_entry(fq, n, &ip6_frag_hash[hash], list) { 310 hlist_for_each_entry(fq, n, &ip6_frags.hash[hash], q.list) {
409 if (fq->id == id && 311 if (fq->id == id &&
410 ipv6_addr_equal(src, &fq->saddr) && 312 ipv6_addr_equal(src, &fq->saddr) &&
411 ipv6_addr_equal(dst, &fq->daddr)) { 313 ipv6_addr_equal(dst, &fq->daddr)) {
412 atomic_inc(&fq->refcnt); 314 atomic_inc(&fq->q.refcnt);
413 read_unlock(&ip6_frag_lock); 315 read_unlock(&ip6_frags.lock);
414 return fq; 316 return fq;
415 } 317 }
416 } 318 }
417 read_unlock(&ip6_frag_lock); 319 read_unlock(&ip6_frags.lock);
418 320
419 return ip6_frag_create(id, src, dst, idev); 321 return ip6_frag_create(id, src, dst, idev);
420} 322}
421 323
422 324
423static void ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb, 325static int ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb,
424 struct frag_hdr *fhdr, int nhoff) 326 struct frag_hdr *fhdr, int nhoff)
425{ 327{
426 struct sk_buff *prev, *next; 328 struct sk_buff *prev, *next;
329 struct net_device *dev;
427 int offset, end; 330 int offset, end;
428 331
429 if (fq->last_in & COMPLETE) 332 if (fq->q.last_in & COMPLETE)
430 goto err; 333 goto err;
431 334
432 offset = ntohs(fhdr->frag_off) & ~0x7; 335 offset = ntohs(fhdr->frag_off) & ~0x7;
@@ -439,7 +342,7 @@ static void ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb,
439 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, 342 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD,
440 ((u8 *)&fhdr->frag_off - 343 ((u8 *)&fhdr->frag_off -
441 skb_network_header(skb))); 344 skb_network_header(skb)));
442 return; 345 return -1;
443 } 346 }
444 347
445 if (skb->ip_summed == CHECKSUM_COMPLETE) { 348 if (skb->ip_summed == CHECKSUM_COMPLETE) {
@@ -454,11 +357,11 @@ static void ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb,
454 /* If we already have some bits beyond end 357 /* If we already have some bits beyond end
455 * or have different end, the segment is corrupted. 358 * or have different end, the segment is corrupted.
456 */ 359 */
457 if (end < fq->len || 360 if (end < fq->q.len ||
458 ((fq->last_in & LAST_IN) && end != fq->len)) 361 ((fq->q.last_in & LAST_IN) && end != fq->q.len))
459 goto err; 362 goto err;
460 fq->last_in |= LAST_IN; 363 fq->q.last_in |= LAST_IN;
461 fq->len = end; 364 fq->q.len = end;
462 } else { 365 } else {
463 /* Check if the fragment is rounded to 8 bytes. 366 /* Check if the fragment is rounded to 8 bytes.
464 * Required by the RFC. 367 * Required by the RFC.
@@ -471,13 +374,13 @@ static void ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb,
471 IPSTATS_MIB_INHDRERRORS); 374 IPSTATS_MIB_INHDRERRORS);
472 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, 375 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD,
473 offsetof(struct ipv6hdr, payload_len)); 376 offsetof(struct ipv6hdr, payload_len));
474 return; 377 return -1;
475 } 378 }
476 if (end > fq->len) { 379 if (end > fq->q.len) {
477 /* Some bits beyond end -> corruption. */ 380 /* Some bits beyond end -> corruption. */
478 if (fq->last_in & LAST_IN) 381 if (fq->q.last_in & LAST_IN)
479 goto err; 382 goto err;
480 fq->len = end; 383 fq->q.len = end;
481 } 384 }
482 } 385 }
483 386
@@ -496,7 +399,7 @@ static void ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb,
496 * this fragment, right? 399 * this fragment, right?
497 */ 400 */
498 prev = NULL; 401 prev = NULL;
499 for(next = fq->fragments; next != NULL; next = next->next) { 402 for(next = fq->q.fragments; next != NULL; next = next->next) {
500 if (FRAG6_CB(next)->offset >= offset) 403 if (FRAG6_CB(next)->offset >= offset)
501 break; /* bingo! */ 404 break; /* bingo! */
502 prev = next; 405 prev = next;
@@ -533,7 +436,7 @@ static void ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb,
533 if (!pskb_pull(next, i)) 436 if (!pskb_pull(next, i))
534 goto err; 437 goto err;
535 FRAG6_CB(next)->offset += i; /* next fragment */ 438 FRAG6_CB(next)->offset += i; /* next fragment */
536 fq->meat -= i; 439 fq->q.meat -= i;
537 if (next->ip_summed != CHECKSUM_UNNECESSARY) 440 if (next->ip_summed != CHECKSUM_UNNECESSARY)
538 next->ip_summed = CHECKSUM_NONE; 441 next->ip_summed = CHECKSUM_NONE;
539 break; 442 break;
@@ -548,9 +451,9 @@ static void ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb,
548 if (prev) 451 if (prev)
549 prev->next = next; 452 prev->next = next;
550 else 453 else
551 fq->fragments = next; 454 fq->q.fragments = next;
552 455
553 fq->meat -= free_it->len; 456 fq->q.meat -= free_it->len;
554 frag_kfree_skb(free_it, NULL); 457 frag_kfree_skb(free_it, NULL);
555 } 458 }
556 } 459 }
@@ -562,30 +465,37 @@ static void ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb,
562 if (prev) 465 if (prev)
563 prev->next = skb; 466 prev->next = skb;
564 else 467 else
565 fq->fragments = skb; 468 fq->q.fragments = skb;
566 469
567 if (skb->dev) 470 dev = skb->dev;
568 fq->iif = skb->dev->ifindex; 471 if (dev) {
569 skb->dev = NULL; 472 fq->iif = dev->ifindex;
570 fq->stamp = skb->tstamp; 473 skb->dev = NULL;
571 fq->meat += skb->len; 474 }
572 atomic_add(skb->truesize, &ip6_frag_mem); 475 fq->q.stamp = skb->tstamp;
476 fq->q.meat += skb->len;
477 atomic_add(skb->truesize, &ip6_frags.mem);
573 478
574 /* The first fragment. 479 /* The first fragment.
575 * nhoffset is obtained from the first fragment, of course. 480 * nhoffset is obtained from the first fragment, of course.
576 */ 481 */
577 if (offset == 0) { 482 if (offset == 0) {
578 fq->nhoffset = nhoff; 483 fq->nhoffset = nhoff;
579 fq->last_in |= FIRST_IN; 484 fq->q.last_in |= FIRST_IN;
580 } 485 }
581 write_lock(&ip6_frag_lock); 486
582 list_move_tail(&fq->lru_list, &ip6_frag_lru_list); 487 if (fq->q.last_in == (FIRST_IN | LAST_IN) && fq->q.meat == fq->q.len)
583 write_unlock(&ip6_frag_lock); 488 return ip6_frag_reasm(fq, prev, dev);
584 return; 489
490 write_lock(&ip6_frags.lock);
491 list_move_tail(&fq->q.lru_list, &ip6_frags.lru_list);
492 write_unlock(&ip6_frags.lock);
493 return -1;
585 494
586err: 495err:
587 IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_REASMFAILS); 496 IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_REASMFAILS);
588 kfree_skb(skb); 497 kfree_skb(skb);
498 return -1;
589} 499}
590 500
591/* 501/*
@@ -597,21 +507,39 @@ err:
597 * queue is eligible for reassembly i.e. it is not COMPLETE, 507 * queue is eligible for reassembly i.e. it is not COMPLETE,
598 * the last and the first frames arrived and all the bits are here. 508 * the last and the first frames arrived and all the bits are here.
599 */ 509 */
600static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff **skb_in, 510static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *prev,
601 struct net_device *dev) 511 struct net_device *dev)
602{ 512{
603 struct sk_buff *fp, *head = fq->fragments; 513 struct sk_buff *fp, *head = fq->q.fragments;
604 int payload_len; 514 int payload_len;
605 unsigned int nhoff; 515 unsigned int nhoff;
606 516
607 fq_kill(fq); 517 fq_kill(fq);
608 518
519 /* Make the one we just received the head. */
520 if (prev) {
521 head = prev->next;
522 fp = skb_clone(head, GFP_ATOMIC);
523
524 if (!fp)
525 goto out_oom;
526
527 fp->next = head->next;
528 prev->next = fp;
529
530 skb_morph(head, fq->q.fragments);
531 head->next = fq->q.fragments->next;
532
533 kfree_skb(fq->q.fragments);
534 fq->q.fragments = head;
535 }
536
609 BUG_TRAP(head != NULL); 537 BUG_TRAP(head != NULL);
610 BUG_TRAP(FRAG6_CB(head)->offset == 0); 538 BUG_TRAP(FRAG6_CB(head)->offset == 0);
611 539
612 /* Unfragmented part is taken from the first segment. */ 540 /* Unfragmented part is taken from the first segment. */
613 payload_len = ((head->data - skb_network_header(head)) - 541 payload_len = ((head->data - skb_network_header(head)) -
614 sizeof(struct ipv6hdr) + fq->len - 542 sizeof(struct ipv6hdr) + fq->q.len -
615 sizeof(struct frag_hdr)); 543 sizeof(struct frag_hdr));
616 if (payload_len > IPV6_MAXPLEN) 544 if (payload_len > IPV6_MAXPLEN)
617 goto out_oversize; 545 goto out_oversize;
@@ -640,7 +568,7 @@ static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff **skb_in,
640 head->len -= clone->len; 568 head->len -= clone->len;
641 clone->csum = 0; 569 clone->csum = 0;
642 clone->ip_summed = head->ip_summed; 570 clone->ip_summed = head->ip_summed;
643 atomic_add(clone->truesize, &ip6_frag_mem); 571 atomic_add(clone->truesize, &ip6_frags.mem);
644 } 572 }
645 573
646 /* We have to remove fragment header from datagram and to relocate 574 /* We have to remove fragment header from datagram and to relocate
@@ -655,7 +583,7 @@ static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff **skb_in,
655 skb_shinfo(head)->frag_list = head->next; 583 skb_shinfo(head)->frag_list = head->next;
656 skb_reset_transport_header(head); 584 skb_reset_transport_header(head);
657 skb_push(head, head->data - skb_network_header(head)); 585 skb_push(head, head->data - skb_network_header(head));
658 atomic_sub(head->truesize, &ip6_frag_mem); 586 atomic_sub(head->truesize, &ip6_frags.mem);
659 587
660 for (fp=head->next; fp; fp = fp->next) { 588 for (fp=head->next; fp; fp = fp->next) {
661 head->data_len += fp->len; 589 head->data_len += fp->len;
@@ -665,17 +593,15 @@ static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff **skb_in,
665 else if (head->ip_summed == CHECKSUM_COMPLETE) 593 else if (head->ip_summed == CHECKSUM_COMPLETE)
666 head->csum = csum_add(head->csum, fp->csum); 594 head->csum = csum_add(head->csum, fp->csum);
667 head->truesize += fp->truesize; 595 head->truesize += fp->truesize;
668 atomic_sub(fp->truesize, &ip6_frag_mem); 596 atomic_sub(fp->truesize, &ip6_frags.mem);
669 } 597 }
670 598
671 head->next = NULL; 599 head->next = NULL;
672 head->dev = dev; 600 head->dev = dev;
673 head->tstamp = fq->stamp; 601 head->tstamp = fq->q.stamp;
674 ipv6_hdr(head)->payload_len = htons(payload_len); 602 ipv6_hdr(head)->payload_len = htons(payload_len);
675 IP6CB(head)->nhoff = nhoff; 603 IP6CB(head)->nhoff = nhoff;
676 604
677 *skb_in = head;
678
679 /* Yes, and fold redundant checksum back. 8) */ 605 /* Yes, and fold redundant checksum back. 8) */
680 if (head->ip_summed == CHECKSUM_COMPLETE) 606 if (head->ip_summed == CHECKSUM_COMPLETE)
681 head->csum = csum_partial(skb_network_header(head), 607 head->csum = csum_partial(skb_network_header(head),
@@ -685,7 +611,7 @@ static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff **skb_in,
685 rcu_read_lock(); 611 rcu_read_lock();
686 IP6_INC_STATS_BH(__in6_dev_get(dev), IPSTATS_MIB_REASMOKS); 612 IP6_INC_STATS_BH(__in6_dev_get(dev), IPSTATS_MIB_REASMOKS);
687 rcu_read_unlock(); 613 rcu_read_unlock();
688 fq->fragments = NULL; 614 fq->q.fragments = NULL;
689 return 1; 615 return 1;
690 616
691out_oversize: 617out_oversize:
@@ -702,10 +628,8 @@ out_fail:
702 return -1; 628 return -1;
703} 629}
704 630
705static int ipv6_frag_rcv(struct sk_buff **skbp) 631static int ipv6_frag_rcv(struct sk_buff *skb)
706{ 632{
707 struct sk_buff *skb = *skbp;
708 struct net_device *dev = skb->dev;
709 struct frag_hdr *fhdr; 633 struct frag_hdr *fhdr;
710 struct frag_queue *fq; 634 struct frag_queue *fq;
711 struct ipv6hdr *hdr = ipv6_hdr(skb); 635 struct ipv6hdr *hdr = ipv6_hdr(skb);
@@ -739,23 +663,19 @@ static int ipv6_frag_rcv(struct sk_buff **skbp)
739 return 1; 663 return 1;
740 } 664 }
741 665
742 if (atomic_read(&ip6_frag_mem) > sysctl_ip6frag_high_thresh) 666 if (atomic_read(&ip6_frags.mem) > ip6_frags_ctl.high_thresh)
743 ip6_evictor(ip6_dst_idev(skb->dst)); 667 ip6_evictor(ip6_dst_idev(skb->dst));
744 668
745 if ((fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr, 669 if ((fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr,
746 ip6_dst_idev(skb->dst))) != NULL) { 670 ip6_dst_idev(skb->dst))) != NULL) {
747 int ret = -1; 671 int ret;
748 672
749 spin_lock(&fq->lock); 673 spin_lock(&fq->q.lock);
750 674
751 ip6_frag_queue(fq, skb, fhdr, IP6CB(skb)->nhoff); 675 ret = ip6_frag_queue(fq, skb, fhdr, IP6CB(skb)->nhoff);
752 676
753 if (fq->last_in == (FIRST_IN|LAST_IN) && 677 spin_unlock(&fq->q.lock);
754 fq->meat == fq->len) 678 fq_put(fq);
755 ret = ip6_frag_reasm(fq, skbp, dev);
756
757 spin_unlock(&fq->lock);
758 fq_put(fq, NULL);
759 return ret; 679 return ret;
760 } 680 }
761 681
@@ -775,11 +695,10 @@ void __init ipv6_frag_init(void)
775 if (inet6_add_protocol(&frag_protocol, IPPROTO_FRAGMENT) < 0) 695 if (inet6_add_protocol(&frag_protocol, IPPROTO_FRAGMENT) < 0)
776 printk(KERN_ERR "ipv6_frag_init: Could not register protocol\n"); 696 printk(KERN_ERR "ipv6_frag_init: Could not register protocol\n");
777 697
778 ip6_frag_hash_rnd = (u32) ((num_physpages ^ (num_physpages>>7)) ^ 698 ip6_frags.ctl = &ip6_frags_ctl;
779 (jiffies ^ (jiffies >> 6))); 699 ip6_frags.hashfn = ip6_hashfn;
780 700 ip6_frags.destructor = ip6_frag_free;
781 init_timer(&ip6_frag_secret_timer); 701 ip6_frags.skb_free = NULL;
782 ip6_frag_secret_timer.function = ip6_frag_secret_rebuild; 702 ip6_frags.qsize = sizeof(struct frag_queue);
783 ip6_frag_secret_timer.expires = jiffies + sysctl_ip6frag_secret_interval; 703 inet_frags_init(&ip6_frags);
784 add_timer(&ip6_frag_secret_timer);
785} 704}
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 6ff19f9eb9ee..cce9941c11c6 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -663,7 +663,7 @@ static struct rt6_info *rt6_alloc_clone(struct rt6_info *ort, struct in6_addr *d
663 return rt; 663 return rt;
664} 664}
665 665
666static struct rt6_info *ip6_pol_route_input(struct fib6_table *table, 666static struct rt6_info *ip6_pol_route(struct fib6_table *table, int oif,
667 struct flowi *fl, int flags) 667 struct flowi *fl, int flags)
668{ 668{
669 struct fib6_node *fn; 669 struct fib6_node *fn;
@@ -682,7 +682,7 @@ restart_2:
682 fn = fib6_lookup(&table->tb6_root, &fl->fl6_dst, &fl->fl6_src); 682 fn = fib6_lookup(&table->tb6_root, &fl->fl6_dst, &fl->fl6_src);
683 683
684restart: 684restart:
685 rt = rt6_select(fn, fl->iif, strict | reachable); 685 rt = rt6_select(fn, oif, strict | reachable);
686 BACKTRACK(&fl->fl6_src); 686 BACKTRACK(&fl->fl6_src);
687 if (rt == &ip6_null_entry || 687 if (rt == &ip6_null_entry ||
688 rt->rt6i_flags & RTF_CACHE) 688 rt->rt6i_flags & RTF_CACHE)
@@ -735,6 +735,12 @@ out2:
735 return rt; 735 return rt;
736} 736}
737 737
738static struct rt6_info *ip6_pol_route_input(struct fib6_table *table,
739 struct flowi *fl, int flags)
740{
741 return ip6_pol_route(table, fl->iif, fl, flags);
742}
743
738void ip6_route_input(struct sk_buff *skb) 744void ip6_route_input(struct sk_buff *skb)
739{ 745{
740 struct ipv6hdr *iph = ipv6_hdr(skb); 746 struct ipv6hdr *iph = ipv6_hdr(skb);
@@ -761,72 +767,7 @@ void ip6_route_input(struct sk_buff *skb)
761static struct rt6_info *ip6_pol_route_output(struct fib6_table *table, 767static struct rt6_info *ip6_pol_route_output(struct fib6_table *table,
762 struct flowi *fl, int flags) 768 struct flowi *fl, int flags)
763{ 769{
764 struct fib6_node *fn; 770 return ip6_pol_route(table, fl->oif, fl, flags);
765 struct rt6_info *rt, *nrt;
766 int strict = 0;
767 int attempts = 3;
768 int err;
769 int reachable = ipv6_devconf.forwarding ? 0 : RT6_LOOKUP_F_REACHABLE;
770
771 strict |= flags & RT6_LOOKUP_F_IFACE;
772
773relookup:
774 read_lock_bh(&table->tb6_lock);
775
776restart_2:
777 fn = fib6_lookup(&table->tb6_root, &fl->fl6_dst, &fl->fl6_src);
778
779restart:
780 rt = rt6_select(fn, fl->oif, strict | reachable);
781 BACKTRACK(&fl->fl6_src);
782 if (rt == &ip6_null_entry ||
783 rt->rt6i_flags & RTF_CACHE)
784 goto out;
785
786 dst_hold(&rt->u.dst);
787 read_unlock_bh(&table->tb6_lock);
788
789 if (!rt->rt6i_nexthop && !(rt->rt6i_flags & RTF_NONEXTHOP))
790 nrt = rt6_alloc_cow(rt, &fl->fl6_dst, &fl->fl6_src);
791 else {
792#if CLONE_OFFLINK_ROUTE
793 nrt = rt6_alloc_clone(rt, &fl->fl6_dst);
794#else
795 goto out2;
796#endif
797 }
798
799 dst_release(&rt->u.dst);
800 rt = nrt ? : &ip6_null_entry;
801
802 dst_hold(&rt->u.dst);
803 if (nrt) {
804 err = ip6_ins_rt(nrt);
805 if (!err)
806 goto out2;
807 }
808
809 if (--attempts <= 0)
810 goto out2;
811
812 /*
813 * Race condition! In the gap, when table->tb6_lock was
814 * released someone could insert this route. Relookup.
815 */
816 dst_release(&rt->u.dst);
817 goto relookup;
818
819out:
820 if (reachable) {
821 reachable = 0;
822 goto restart_2;
823 }
824 dst_hold(&rt->u.dst);
825 read_unlock_bh(&table->tb6_lock);
826out2:
827 rt->u.dst.lastuse = jiffies;
828 rt->u.dst.__use++;
829 return rt;
830} 771}
831 772
832struct dst_entry * ip6_route_output(struct sock *sk, struct flowi *fl) 773struct dst_entry * ip6_route_output(struct sock *sk, struct flowi *fl)
diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c
index 3fb44277207b..68bb2548e469 100644
--- a/net/ipv6/sysctl_net_ipv6.c
+++ b/net/ipv6/sysctl_net_ipv6.c
@@ -12,6 +12,7 @@
12#include <net/ndisc.h> 12#include <net/ndisc.h>
13#include <net/ipv6.h> 13#include <net/ipv6.h>
14#include <net/addrconf.h> 14#include <net/addrconf.h>
15#include <net/inet_frag.h>
15 16
16#ifdef CONFIG_SYSCTL 17#ifdef CONFIG_SYSCTL
17 18
@@ -41,7 +42,7 @@ static ctl_table ipv6_table[] = {
41 { 42 {
42 .ctl_name = NET_IPV6_IP6FRAG_HIGH_THRESH, 43 .ctl_name = NET_IPV6_IP6FRAG_HIGH_THRESH,
43 .procname = "ip6frag_high_thresh", 44 .procname = "ip6frag_high_thresh",
44 .data = &sysctl_ip6frag_high_thresh, 45 .data = &ip6_frags_ctl.high_thresh,
45 .maxlen = sizeof(int), 46 .maxlen = sizeof(int),
46 .mode = 0644, 47 .mode = 0644,
47 .proc_handler = &proc_dointvec 48 .proc_handler = &proc_dointvec
@@ -49,7 +50,7 @@ static ctl_table ipv6_table[] = {
49 { 50 {
50 .ctl_name = NET_IPV6_IP6FRAG_LOW_THRESH, 51 .ctl_name = NET_IPV6_IP6FRAG_LOW_THRESH,
51 .procname = "ip6frag_low_thresh", 52 .procname = "ip6frag_low_thresh",
52 .data = &sysctl_ip6frag_low_thresh, 53 .data = &ip6_frags_ctl.low_thresh,
53 .maxlen = sizeof(int), 54 .maxlen = sizeof(int),
54 .mode = 0644, 55 .mode = 0644,
55 .proc_handler = &proc_dointvec 56 .proc_handler = &proc_dointvec
@@ -57,7 +58,7 @@ static ctl_table ipv6_table[] = {
57 { 58 {
58 .ctl_name = NET_IPV6_IP6FRAG_TIME, 59 .ctl_name = NET_IPV6_IP6FRAG_TIME,
59 .procname = "ip6frag_time", 60 .procname = "ip6frag_time",
60 .data = &sysctl_ip6frag_time, 61 .data = &ip6_frags_ctl.timeout,
61 .maxlen = sizeof(int), 62 .maxlen = sizeof(int),
62 .mode = 0644, 63 .mode = 0644,
63 .proc_handler = &proc_dointvec_jiffies, 64 .proc_handler = &proc_dointvec_jiffies,
@@ -66,7 +67,7 @@ static ctl_table ipv6_table[] = {
66 { 67 {
67 .ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL, 68 .ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL,
68 .procname = "ip6frag_secret_interval", 69 .procname = "ip6frag_secret_interval",
69 .data = &sysctl_ip6frag_secret_interval, 70 .data = &ip6_frags_ctl.secret_interval,
70 .maxlen = sizeof(int), 71 .maxlen = sizeof(int),
71 .mode = 0644, 72 .mode = 0644,
72 .proc_handler = &proc_dointvec_jiffies, 73 .proc_handler = &proc_dointvec_jiffies,
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index a07b59c528f3..737b755342bd 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1668,9 +1668,8 @@ ipv6_pktoptions:
1668 return 0; 1668 return 0;
1669} 1669}
1670 1670
1671static int tcp_v6_rcv(struct sk_buff **pskb) 1671static int tcp_v6_rcv(struct sk_buff *skb)
1672{ 1672{
1673 struct sk_buff *skb = *pskb;
1674 struct tcphdr *th; 1673 struct tcphdr *th;
1675 struct sock *sk; 1674 struct sock *sk;
1676 int ret; 1675 int ret;
diff --git a/net/ipv6/tunnel6.c b/net/ipv6/tunnel6.c
index 23e2809878ae..6323921b40be 100644
--- a/net/ipv6/tunnel6.c
+++ b/net/ipv6/tunnel6.c
@@ -87,9 +87,8 @@ int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler, unsigned short family)
87 87
88EXPORT_SYMBOL(xfrm6_tunnel_deregister); 88EXPORT_SYMBOL(xfrm6_tunnel_deregister);
89 89
90static int tunnel6_rcv(struct sk_buff **pskb) 90static int tunnel6_rcv(struct sk_buff *skb)
91{ 91{
92 struct sk_buff *skb = *pskb;
93 struct xfrm6_tunnel *handler; 92 struct xfrm6_tunnel *handler;
94 93
95 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 94 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
@@ -106,9 +105,8 @@ drop:
106 return 0; 105 return 0;
107} 106}
108 107
109static int tunnel46_rcv(struct sk_buff **pskb) 108static int tunnel46_rcv(struct sk_buff *skb)
110{ 109{
111 struct sk_buff *skb = *pskb;
112 struct xfrm6_tunnel *handler; 110 struct xfrm6_tunnel *handler;
113 111
114 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 112 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 82ff26dd4470..caebad6ee510 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -405,10 +405,9 @@ static inline int udp6_csum_init(struct sk_buff *skb, struct udphdr *uh,
405 return 0; 405 return 0;
406} 406}
407 407
408int __udp6_lib_rcv(struct sk_buff **pskb, struct hlist_head udptable[], 408int __udp6_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
409 int proto) 409 int proto)
410{ 410{
411 struct sk_buff *skb = *pskb;
412 struct sock *sk; 411 struct sock *sk;
413 struct udphdr *uh; 412 struct udphdr *uh;
414 struct net_device *dev = skb->dev; 413 struct net_device *dev = skb->dev;
@@ -494,9 +493,9 @@ discard:
494 return 0; 493 return 0;
495} 494}
496 495
497static __inline__ int udpv6_rcv(struct sk_buff **pskb) 496static __inline__ int udpv6_rcv(struct sk_buff *skb)
498{ 497{
499 return __udp6_lib_rcv(pskb, udp_hash, IPPROTO_UDP); 498 return __udp6_lib_rcv(skb, udp_hash, IPPROTO_UDP);
500} 499}
501 500
502/* 501/*
diff --git a/net/ipv6/udp_impl.h b/net/ipv6/udp_impl.h
index 6e252f318f7c..2d3fda601232 100644
--- a/net/ipv6/udp_impl.h
+++ b/net/ipv6/udp_impl.h
@@ -6,7 +6,7 @@
6#include <net/addrconf.h> 6#include <net/addrconf.h>
7#include <net/inet_common.h> 7#include <net/inet_common.h>
8 8
9extern int __udp6_lib_rcv(struct sk_buff **, struct hlist_head [], int ); 9extern int __udp6_lib_rcv(struct sk_buff *, struct hlist_head [], int );
10extern void __udp6_lib_err(struct sk_buff *, struct inet6_skb_parm *, 10extern void __udp6_lib_err(struct sk_buff *, struct inet6_skb_parm *,
11 int , int , int , __be32 , struct hlist_head []); 11 int , int , int , __be32 , struct hlist_head []);
12 12
diff --git a/net/ipv6/udplite.c b/net/ipv6/udplite.c
index f54016a55004..766566f7de47 100644
--- a/net/ipv6/udplite.c
+++ b/net/ipv6/udplite.c
@@ -17,9 +17,9 @@
17 17
18DEFINE_SNMP_STAT(struct udp_mib, udplite_stats_in6) __read_mostly; 18DEFINE_SNMP_STAT(struct udp_mib, udplite_stats_in6) __read_mostly;
19 19
20static int udplitev6_rcv(struct sk_buff **pskb) 20static int udplitev6_rcv(struct sk_buff *skb)
21{ 21{
22 return __udp6_lib_rcv(pskb, udplite_hash, IPPROTO_UDPLITE); 22 return __udp6_lib_rcv(skb, udplite_hash, IPPROTO_UDPLITE);
23} 23}
24 24
25static void udplitev6_err(struct sk_buff *skb, 25static void udplitev6_err(struct sk_buff *skb,
diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c
index c858537cec4b..02f69e544f6f 100644
--- a/net/ipv6/xfrm6_input.c
+++ b/net/ipv6/xfrm6_input.c
@@ -133,9 +133,9 @@ drop:
133 133
134EXPORT_SYMBOL(xfrm6_rcv_spi); 134EXPORT_SYMBOL(xfrm6_rcv_spi);
135 135
136int xfrm6_rcv(struct sk_buff **pskb) 136int xfrm6_rcv(struct sk_buff *skb)
137{ 137{
138 return xfrm6_rcv_spi(*pskb, 0); 138 return xfrm6_rcv_spi(skb, 0);
139} 139}
140 140
141EXPORT_SYMBOL(xfrm6_rcv); 141EXPORT_SYMBOL(xfrm6_rcv);
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
index 4618c18e611d..a5a32c17249d 100644
--- a/net/ipv6/xfrm6_output.c
+++ b/net/ipv6/xfrm6_output.c
@@ -80,7 +80,7 @@ static int xfrm6_output_finish2(struct sk_buff *skb)
80 while (likely((err = xfrm6_output_one(skb)) == 0)) { 80 while (likely((err = xfrm6_output_one(skb)) == 0)) {
81 nf_reset(skb); 81 nf_reset(skb);
82 82
83 err = nf_hook(PF_INET6, NF_IP6_LOCAL_OUT, &skb, NULL, 83 err = nf_hook(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL,
84 skb->dst->dev, dst_output); 84 skb->dst->dev, dst_output);
85 if (unlikely(err != 1)) 85 if (unlikely(err != 1))
86 break; 86 break;
@@ -88,7 +88,7 @@ static int xfrm6_output_finish2(struct sk_buff *skb)
88 if (!skb->dst->xfrm) 88 if (!skb->dst->xfrm)
89 return dst_output(skb); 89 return dst_output(skb);
90 90
91 err = nf_hook(PF_INET6, NF_IP6_POST_ROUTING, &skb, NULL, 91 err = nf_hook(PF_INET6, NF_IP6_POST_ROUTING, skb, NULL,
92 skb->dst->dev, xfrm6_output_finish2); 92 skb->dst->dev, xfrm6_output_finish2);
93 if (unlikely(err != 1)) 93 if (unlikely(err != 1))
94 break; 94 break;
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index a523fa4136ed..bed9ba01e8ec 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -117,7 +117,7 @@ void nf_unregister_hooks(struct nf_hook_ops *reg, unsigned int n)
117EXPORT_SYMBOL(nf_unregister_hooks); 117EXPORT_SYMBOL(nf_unregister_hooks);
118 118
119unsigned int nf_iterate(struct list_head *head, 119unsigned int nf_iterate(struct list_head *head,
120 struct sk_buff **skb, 120 struct sk_buff *skb,
121 int hook, 121 int hook,
122 const struct net_device *indev, 122 const struct net_device *indev,
123 const struct net_device *outdev, 123 const struct net_device *outdev,
@@ -160,7 +160,7 @@ unsigned int nf_iterate(struct list_head *head,
160 160
161/* Returns 1 if okfn() needs to be executed by the caller, 161/* Returns 1 if okfn() needs to be executed by the caller,
162 * -EPERM for NF_DROP, 0 otherwise. */ 162 * -EPERM for NF_DROP, 0 otherwise. */
163int nf_hook_slow(int pf, unsigned int hook, struct sk_buff **pskb, 163int nf_hook_slow(int pf, unsigned int hook, struct sk_buff *skb,
164 struct net_device *indev, 164 struct net_device *indev,
165 struct net_device *outdev, 165 struct net_device *outdev,
166 int (*okfn)(struct sk_buff *), 166 int (*okfn)(struct sk_buff *),
@@ -175,17 +175,17 @@ int nf_hook_slow(int pf, unsigned int hook, struct sk_buff **pskb,
175 175
176 elem = &nf_hooks[pf][hook]; 176 elem = &nf_hooks[pf][hook];
177next_hook: 177next_hook:
178 verdict = nf_iterate(&nf_hooks[pf][hook], pskb, hook, indev, 178 verdict = nf_iterate(&nf_hooks[pf][hook], skb, hook, indev,
179 outdev, &elem, okfn, hook_thresh); 179 outdev, &elem, okfn, hook_thresh);
180 if (verdict == NF_ACCEPT || verdict == NF_STOP) { 180 if (verdict == NF_ACCEPT || verdict == NF_STOP) {
181 ret = 1; 181 ret = 1;
182 goto unlock; 182 goto unlock;
183 } else if (verdict == NF_DROP) { 183 } else if (verdict == NF_DROP) {
184 kfree_skb(*pskb); 184 kfree_skb(skb);
185 ret = -EPERM; 185 ret = -EPERM;
186 } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) { 186 } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) {
187 NFDEBUG("nf_hook: Verdict = QUEUE.\n"); 187 NFDEBUG("nf_hook: Verdict = QUEUE.\n");
188 if (!nf_queue(*pskb, elem, pf, hook, indev, outdev, okfn, 188 if (!nf_queue(skb, elem, pf, hook, indev, outdev, okfn,
189 verdict >> NF_VERDICT_BITS)) 189 verdict >> NF_VERDICT_BITS))
190 goto next_hook; 190 goto next_hook;
191 } 191 }
@@ -196,34 +196,24 @@ unlock:
196EXPORT_SYMBOL(nf_hook_slow); 196EXPORT_SYMBOL(nf_hook_slow);
197 197
198 198
199int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len) 199int skb_make_writable(struct sk_buff *skb, unsigned int writable_len)
200{ 200{
201 struct sk_buff *nskb; 201 if (writable_len > skb->len)
202
203 if (writable_len > (*pskb)->len)
204 return 0; 202 return 0;
205 203
206 /* Not exclusive use of packet? Must copy. */ 204 /* Not exclusive use of packet? Must copy. */
207 if (skb_cloned(*pskb) && !skb_clone_writable(*pskb, writable_len)) 205 if (!skb_cloned(skb)) {
208 goto copy_skb; 206 if (writable_len <= skb_headlen(skb))
209 if (skb_shared(*pskb)) 207 return 1;
210 goto copy_skb; 208 } else if (skb_clone_writable(skb, writable_len))
211 209 return 1;
212 return pskb_may_pull(*pskb, writable_len); 210
213 211 if (writable_len <= skb_headlen(skb))
214copy_skb: 212 writable_len = 0;
215 nskb = skb_copy(*pskb, GFP_ATOMIC); 213 else
216 if (!nskb) 214 writable_len -= skb_headlen(skb);
217 return 0; 215
218 BUG_ON(skb_is_nonlinear(nskb)); 216 return !!__pskb_pull_tail(skb, writable_len);
219
220 /* Rest of kernel will get very unhappy if we pass it a
221 suddenly-orphaned skbuff */
222 if ((*pskb)->sk)
223 skb_set_owner_w(nskb, (*pskb)->sk);
224 kfree_skb(*pskb);
225 *pskb = nskb;
226 return 1;
227} 217}
228EXPORT_SYMBOL(skb_make_writable); 218EXPORT_SYMBOL(skb_make_writable);
229 219
diff --git a/net/netfilter/nf_conntrack_amanda.c b/net/netfilter/nf_conntrack_amanda.c
index e42ab230ad88..7b8239c0cd5e 100644
--- a/net/netfilter/nf_conntrack_amanda.c
+++ b/net/netfilter/nf_conntrack_amanda.c
@@ -36,7 +36,7 @@ MODULE_PARM_DESC(master_timeout, "timeout for the master connection");
36module_param(ts_algo, charp, 0400); 36module_param(ts_algo, charp, 0400);
37MODULE_PARM_DESC(ts_algo, "textsearch algorithm to use (default kmp)"); 37MODULE_PARM_DESC(ts_algo, "textsearch algorithm to use (default kmp)");
38 38
39unsigned int (*nf_nat_amanda_hook)(struct sk_buff **pskb, 39unsigned int (*nf_nat_amanda_hook)(struct sk_buff *skb,
40 enum ip_conntrack_info ctinfo, 40 enum ip_conntrack_info ctinfo,
41 unsigned int matchoff, 41 unsigned int matchoff,
42 unsigned int matchlen, 42 unsigned int matchlen,
@@ -79,7 +79,7 @@ static struct {
79 }, 79 },
80}; 80};
81 81
82static int amanda_help(struct sk_buff **pskb, 82static int amanda_help(struct sk_buff *skb,
83 unsigned int protoff, 83 unsigned int protoff,
84 struct nf_conn *ct, 84 struct nf_conn *ct,
85 enum ip_conntrack_info ctinfo) 85 enum ip_conntrack_info ctinfo)
@@ -101,25 +101,25 @@ static int amanda_help(struct sk_buff **pskb,
101 101
102 /* increase the UDP timeout of the master connection as replies from 102 /* increase the UDP timeout of the master connection as replies from
103 * Amanda clients to the server can be quite delayed */ 103 * Amanda clients to the server can be quite delayed */
104 nf_ct_refresh(ct, *pskb, master_timeout * HZ); 104 nf_ct_refresh(ct, skb, master_timeout * HZ);
105 105
106 /* No data? */ 106 /* No data? */
107 dataoff = protoff + sizeof(struct udphdr); 107 dataoff = protoff + sizeof(struct udphdr);
108 if (dataoff >= (*pskb)->len) { 108 if (dataoff >= skb->len) {
109 if (net_ratelimit()) 109 if (net_ratelimit())
110 printk("amanda_help: skblen = %u\n", (*pskb)->len); 110 printk("amanda_help: skblen = %u\n", skb->len);
111 return NF_ACCEPT; 111 return NF_ACCEPT;
112 } 112 }
113 113
114 memset(&ts, 0, sizeof(ts)); 114 memset(&ts, 0, sizeof(ts));
115 start = skb_find_text(*pskb, dataoff, (*pskb)->len, 115 start = skb_find_text(skb, dataoff, skb->len,
116 search[SEARCH_CONNECT].ts, &ts); 116 search[SEARCH_CONNECT].ts, &ts);
117 if (start == UINT_MAX) 117 if (start == UINT_MAX)
118 goto out; 118 goto out;
119 start += dataoff + search[SEARCH_CONNECT].len; 119 start += dataoff + search[SEARCH_CONNECT].len;
120 120
121 memset(&ts, 0, sizeof(ts)); 121 memset(&ts, 0, sizeof(ts));
122 stop = skb_find_text(*pskb, start, (*pskb)->len, 122 stop = skb_find_text(skb, start, skb->len,
123 search[SEARCH_NEWLINE].ts, &ts); 123 search[SEARCH_NEWLINE].ts, &ts);
124 if (stop == UINT_MAX) 124 if (stop == UINT_MAX)
125 goto out; 125 goto out;
@@ -127,13 +127,13 @@ static int amanda_help(struct sk_buff **pskb,
127 127
128 for (i = SEARCH_DATA; i <= SEARCH_INDEX; i++) { 128 for (i = SEARCH_DATA; i <= SEARCH_INDEX; i++) {
129 memset(&ts, 0, sizeof(ts)); 129 memset(&ts, 0, sizeof(ts));
130 off = skb_find_text(*pskb, start, stop, search[i].ts, &ts); 130 off = skb_find_text(skb, start, stop, search[i].ts, &ts);
131 if (off == UINT_MAX) 131 if (off == UINT_MAX)
132 continue; 132 continue;
133 off += start + search[i].len; 133 off += start + search[i].len;
134 134
135 len = min_t(unsigned int, sizeof(pbuf) - 1, stop - off); 135 len = min_t(unsigned int, sizeof(pbuf) - 1, stop - off);
136 if (skb_copy_bits(*pskb, off, pbuf, len)) 136 if (skb_copy_bits(skb, off, pbuf, len))
137 break; 137 break;
138 pbuf[len] = '\0'; 138 pbuf[len] = '\0';
139 139
@@ -153,7 +153,7 @@ static int amanda_help(struct sk_buff **pskb,
153 153
154 nf_nat_amanda = rcu_dereference(nf_nat_amanda_hook); 154 nf_nat_amanda = rcu_dereference(nf_nat_amanda_hook);
155 if (nf_nat_amanda && ct->status & IPS_NAT_MASK) 155 if (nf_nat_amanda && ct->status & IPS_NAT_MASK)
156 ret = nf_nat_amanda(pskb, ctinfo, off - dataoff, 156 ret = nf_nat_amanda(skb, ctinfo, off - dataoff,
157 len, exp); 157 len, exp);
158 else if (nf_ct_expect_related(exp) != 0) 158 else if (nf_ct_expect_related(exp) != 0)
159 ret = NF_DROP; 159 ret = NF_DROP;
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 83c30b45d170..4d6171bc0829 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -307,7 +307,7 @@ EXPORT_SYMBOL_GPL(nf_conntrack_hash_insert);
307 307
308/* Confirm a connection given skb; places it in hash table */ 308/* Confirm a connection given skb; places it in hash table */
309int 309int
310__nf_conntrack_confirm(struct sk_buff **pskb) 310__nf_conntrack_confirm(struct sk_buff *skb)
311{ 311{
312 unsigned int hash, repl_hash; 312 unsigned int hash, repl_hash;
313 struct nf_conntrack_tuple_hash *h; 313 struct nf_conntrack_tuple_hash *h;
@@ -316,7 +316,7 @@ __nf_conntrack_confirm(struct sk_buff **pskb)
316 struct hlist_node *n; 316 struct hlist_node *n;
317 enum ip_conntrack_info ctinfo; 317 enum ip_conntrack_info ctinfo;
318 318
319 ct = nf_ct_get(*pskb, &ctinfo); 319 ct = nf_ct_get(skb, &ctinfo);
320 320
321 /* ipt_REJECT uses nf_conntrack_attach to attach related 321 /* ipt_REJECT uses nf_conntrack_attach to attach related
322 ICMP/TCP RST packets in other direction. Actual packet 322 ICMP/TCP RST packets in other direction. Actual packet
@@ -367,14 +367,14 @@ __nf_conntrack_confirm(struct sk_buff **pskb)
367 write_unlock_bh(&nf_conntrack_lock); 367 write_unlock_bh(&nf_conntrack_lock);
368 help = nfct_help(ct); 368 help = nfct_help(ct);
369 if (help && help->helper) 369 if (help && help->helper)
370 nf_conntrack_event_cache(IPCT_HELPER, *pskb); 370 nf_conntrack_event_cache(IPCT_HELPER, skb);
371#ifdef CONFIG_NF_NAT_NEEDED 371#ifdef CONFIG_NF_NAT_NEEDED
372 if (test_bit(IPS_SRC_NAT_DONE_BIT, &ct->status) || 372 if (test_bit(IPS_SRC_NAT_DONE_BIT, &ct->status) ||
373 test_bit(IPS_DST_NAT_DONE_BIT, &ct->status)) 373 test_bit(IPS_DST_NAT_DONE_BIT, &ct->status))
374 nf_conntrack_event_cache(IPCT_NATINFO, *pskb); 374 nf_conntrack_event_cache(IPCT_NATINFO, skb);
375#endif 375#endif
376 nf_conntrack_event_cache(master_ct(ct) ? 376 nf_conntrack_event_cache(master_ct(ct) ?
377 IPCT_RELATED : IPCT_NEW, *pskb); 377 IPCT_RELATED : IPCT_NEW, skb);
378 return NF_ACCEPT; 378 return NF_ACCEPT;
379 379
380out: 380out:
@@ -632,7 +632,7 @@ resolve_normal_ct(struct sk_buff *skb,
632} 632}
633 633
634unsigned int 634unsigned int
635nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff **pskb) 635nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff *skb)
636{ 636{
637 struct nf_conn *ct; 637 struct nf_conn *ct;
638 enum ip_conntrack_info ctinfo; 638 enum ip_conntrack_info ctinfo;
@@ -644,14 +644,14 @@ nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff **pskb)
644 int ret; 644 int ret;
645 645
646 /* Previously seen (loopback or untracked)? Ignore. */ 646 /* Previously seen (loopback or untracked)? Ignore. */
647 if ((*pskb)->nfct) { 647 if (skb->nfct) {
648 NF_CT_STAT_INC_ATOMIC(ignore); 648 NF_CT_STAT_INC_ATOMIC(ignore);
649 return NF_ACCEPT; 649 return NF_ACCEPT;
650 } 650 }
651 651
652 /* rcu_read_lock()ed by nf_hook_slow */ 652 /* rcu_read_lock()ed by nf_hook_slow */
653 l3proto = __nf_ct_l3proto_find((u_int16_t)pf); 653 l3proto = __nf_ct_l3proto_find((u_int16_t)pf);
654 ret = l3proto->get_l4proto(*pskb, skb_network_offset(*pskb), 654 ret = l3proto->get_l4proto(skb, skb_network_offset(skb),
655 &dataoff, &protonum); 655 &dataoff, &protonum);
656 if (ret <= 0) { 656 if (ret <= 0) {
657 pr_debug("not prepared to track yet or error occured\n"); 657 pr_debug("not prepared to track yet or error occured\n");
@@ -666,13 +666,13 @@ nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff **pskb)
666 * inverse of the return code tells to the netfilter 666 * inverse of the return code tells to the netfilter
667 * core what to do with the packet. */ 667 * core what to do with the packet. */
668 if (l4proto->error != NULL && 668 if (l4proto->error != NULL &&
669 (ret = l4proto->error(*pskb, dataoff, &ctinfo, pf, hooknum)) <= 0) { 669 (ret = l4proto->error(skb, dataoff, &ctinfo, pf, hooknum)) <= 0) {
670 NF_CT_STAT_INC_ATOMIC(error); 670 NF_CT_STAT_INC_ATOMIC(error);
671 NF_CT_STAT_INC_ATOMIC(invalid); 671 NF_CT_STAT_INC_ATOMIC(invalid);
672 return -ret; 672 return -ret;
673 } 673 }
674 674
675 ct = resolve_normal_ct(*pskb, dataoff, pf, protonum, l3proto, l4proto, 675 ct = resolve_normal_ct(skb, dataoff, pf, protonum, l3proto, l4proto,
676 &set_reply, &ctinfo); 676 &set_reply, &ctinfo);
677 if (!ct) { 677 if (!ct) {
678 /* Not valid part of a connection */ 678 /* Not valid part of a connection */
@@ -686,21 +686,21 @@ nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff **pskb)
686 return NF_DROP; 686 return NF_DROP;
687 } 687 }
688 688
689 NF_CT_ASSERT((*pskb)->nfct); 689 NF_CT_ASSERT(skb->nfct);
690 690
691 ret = l4proto->packet(ct, *pskb, dataoff, ctinfo, pf, hooknum); 691 ret = l4proto->packet(ct, skb, dataoff, ctinfo, pf, hooknum);
692 if (ret < 0) { 692 if (ret < 0) {
693 /* Invalid: inverse of the return code tells 693 /* Invalid: inverse of the return code tells
694 * the netfilter core what to do */ 694 * the netfilter core what to do */
695 pr_debug("nf_conntrack_in: Can't track with proto module\n"); 695 pr_debug("nf_conntrack_in: Can't track with proto module\n");
696 nf_conntrack_put((*pskb)->nfct); 696 nf_conntrack_put(skb->nfct);
697 (*pskb)->nfct = NULL; 697 skb->nfct = NULL;
698 NF_CT_STAT_INC_ATOMIC(invalid); 698 NF_CT_STAT_INC_ATOMIC(invalid);
699 return -ret; 699 return -ret;
700 } 700 }
701 701
702 if (set_reply && !test_and_set_bit(IPS_SEEN_REPLY_BIT, &ct->status)) 702 if (set_reply && !test_and_set_bit(IPS_SEEN_REPLY_BIT, &ct->status))
703 nf_conntrack_event_cache(IPCT_STATUS, *pskb); 703 nf_conntrack_event_cache(IPCT_STATUS, skb);
704 704
705 return ret; 705 return ret;
706} 706}
diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c
index c763ee74ea02..6df259067f7e 100644
--- a/net/netfilter/nf_conntrack_ftp.c
+++ b/net/netfilter/nf_conntrack_ftp.c
@@ -43,7 +43,7 @@ module_param_array(ports, ushort, &ports_c, 0400);
43static int loose; 43static int loose;
44module_param(loose, bool, 0600); 44module_param(loose, bool, 0600);
45 45
46unsigned int (*nf_nat_ftp_hook)(struct sk_buff **pskb, 46unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb,
47 enum ip_conntrack_info ctinfo, 47 enum ip_conntrack_info ctinfo,
48 enum nf_ct_ftp_type type, 48 enum nf_ct_ftp_type type,
49 unsigned int matchoff, 49 unsigned int matchoff,
@@ -344,7 +344,7 @@ static void update_nl_seq(u32 nl_seq, struct nf_ct_ftp_master *info, int dir,
344 } 344 }
345} 345}
346 346
347static int help(struct sk_buff **pskb, 347static int help(struct sk_buff *skb,
348 unsigned int protoff, 348 unsigned int protoff,
349 struct nf_conn *ct, 349 struct nf_conn *ct,
350 enum ip_conntrack_info ctinfo) 350 enum ip_conntrack_info ctinfo)
@@ -371,21 +371,21 @@ static int help(struct sk_buff **pskb,
371 return NF_ACCEPT; 371 return NF_ACCEPT;
372 } 372 }
373 373
374 th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); 374 th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
375 if (th == NULL) 375 if (th == NULL)
376 return NF_ACCEPT; 376 return NF_ACCEPT;
377 377
378 dataoff = protoff + th->doff * 4; 378 dataoff = protoff + th->doff * 4;
379 /* No data? */ 379 /* No data? */
380 if (dataoff >= (*pskb)->len) { 380 if (dataoff >= skb->len) {
381 pr_debug("ftp: dataoff(%u) >= skblen(%u)\n", dataoff, 381 pr_debug("ftp: dataoff(%u) >= skblen(%u)\n", dataoff,
382 (*pskb)->len); 382 skb->len);
383 return NF_ACCEPT; 383 return NF_ACCEPT;
384 } 384 }
385 datalen = (*pskb)->len - dataoff; 385 datalen = skb->len - dataoff;
386 386
387 spin_lock_bh(&nf_ftp_lock); 387 spin_lock_bh(&nf_ftp_lock);
388 fb_ptr = skb_header_pointer(*pskb, dataoff, datalen, ftp_buffer); 388 fb_ptr = skb_header_pointer(skb, dataoff, datalen, ftp_buffer);
389 BUG_ON(fb_ptr == NULL); 389 BUG_ON(fb_ptr == NULL);
390 390
391 ends_in_nl = (fb_ptr[datalen - 1] == '\n'); 391 ends_in_nl = (fb_ptr[datalen - 1] == '\n');
@@ -491,7 +491,7 @@ static int help(struct sk_buff **pskb,
491 * (possibly changed) expectation itself. */ 491 * (possibly changed) expectation itself. */
492 nf_nat_ftp = rcu_dereference(nf_nat_ftp_hook); 492 nf_nat_ftp = rcu_dereference(nf_nat_ftp_hook);
493 if (nf_nat_ftp && ct->status & IPS_NAT_MASK) 493 if (nf_nat_ftp && ct->status & IPS_NAT_MASK)
494 ret = nf_nat_ftp(pskb, ctinfo, search[dir][i].ftptype, 494 ret = nf_nat_ftp(skb, ctinfo, search[dir][i].ftptype,
495 matchoff, matchlen, exp); 495 matchoff, matchlen, exp);
496 else { 496 else {
497 /* Can't expect this? Best to drop packet now. */ 497 /* Can't expect this? Best to drop packet now. */
@@ -508,7 +508,7 @@ out_update_nl:
508 /* Now if this ends in \n, update ftp info. Seq may have been 508 /* Now if this ends in \n, update ftp info. Seq may have been
509 * adjusted by NAT code. */ 509 * adjusted by NAT code. */
510 if (ends_in_nl) 510 if (ends_in_nl)
511 update_nl_seq(seq, ct_ftp_info, dir, *pskb); 511 update_nl_seq(seq, ct_ftp_info, dir, skb);
512 out: 512 out:
513 spin_unlock_bh(&nf_ftp_lock); 513 spin_unlock_bh(&nf_ftp_lock);
514 return ret; 514 return ret;
diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c
index a8a9dfbe7a67..f23fd9598e19 100644
--- a/net/netfilter/nf_conntrack_h323_main.c
+++ b/net/netfilter/nf_conntrack_h323_main.c
@@ -47,27 +47,27 @@ MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations "
47 "(determined by routing information)"); 47 "(determined by routing information)");
48 48
49/* Hooks for NAT */ 49/* Hooks for NAT */
50int (*set_h245_addr_hook) (struct sk_buff **pskb, 50int (*set_h245_addr_hook) (struct sk_buff *skb,
51 unsigned char **data, int dataoff, 51 unsigned char **data, int dataoff,
52 H245_TransportAddress *taddr, 52 H245_TransportAddress *taddr,
53 union nf_conntrack_address *addr, __be16 port) 53 union nf_conntrack_address *addr, __be16 port)
54 __read_mostly; 54 __read_mostly;
55int (*set_h225_addr_hook) (struct sk_buff **pskb, 55int (*set_h225_addr_hook) (struct sk_buff *skb,
56 unsigned char **data, int dataoff, 56 unsigned char **data, int dataoff,
57 TransportAddress *taddr, 57 TransportAddress *taddr,
58 union nf_conntrack_address *addr, __be16 port) 58 union nf_conntrack_address *addr, __be16 port)
59 __read_mostly; 59 __read_mostly;
60int (*set_sig_addr_hook) (struct sk_buff **pskb, 60int (*set_sig_addr_hook) (struct sk_buff *skb,
61 struct nf_conn *ct, 61 struct nf_conn *ct,
62 enum ip_conntrack_info ctinfo, 62 enum ip_conntrack_info ctinfo,
63 unsigned char **data, 63 unsigned char **data,
64 TransportAddress *taddr, int count) __read_mostly; 64 TransportAddress *taddr, int count) __read_mostly;
65int (*set_ras_addr_hook) (struct sk_buff **pskb, 65int (*set_ras_addr_hook) (struct sk_buff *skb,
66 struct nf_conn *ct, 66 struct nf_conn *ct,
67 enum ip_conntrack_info ctinfo, 67 enum ip_conntrack_info ctinfo,
68 unsigned char **data, 68 unsigned char **data,
69 TransportAddress *taddr, int count) __read_mostly; 69 TransportAddress *taddr, int count) __read_mostly;
70int (*nat_rtp_rtcp_hook) (struct sk_buff **pskb, 70int (*nat_rtp_rtcp_hook) (struct sk_buff *skb,
71 struct nf_conn *ct, 71 struct nf_conn *ct,
72 enum ip_conntrack_info ctinfo, 72 enum ip_conntrack_info ctinfo,
73 unsigned char **data, int dataoff, 73 unsigned char **data, int dataoff,
@@ -75,25 +75,25 @@ int (*nat_rtp_rtcp_hook) (struct sk_buff **pskb,
75 __be16 port, __be16 rtp_port, 75 __be16 port, __be16 rtp_port,
76 struct nf_conntrack_expect *rtp_exp, 76 struct nf_conntrack_expect *rtp_exp,
77 struct nf_conntrack_expect *rtcp_exp) __read_mostly; 77 struct nf_conntrack_expect *rtcp_exp) __read_mostly;
78int (*nat_t120_hook) (struct sk_buff **pskb, 78int (*nat_t120_hook) (struct sk_buff *skb,
79 struct nf_conn *ct, 79 struct nf_conn *ct,
80 enum ip_conntrack_info ctinfo, 80 enum ip_conntrack_info ctinfo,
81 unsigned char **data, int dataoff, 81 unsigned char **data, int dataoff,
82 H245_TransportAddress *taddr, __be16 port, 82 H245_TransportAddress *taddr, __be16 port,
83 struct nf_conntrack_expect *exp) __read_mostly; 83 struct nf_conntrack_expect *exp) __read_mostly;
84int (*nat_h245_hook) (struct sk_buff **pskb, 84int (*nat_h245_hook) (struct sk_buff *skb,
85 struct nf_conn *ct, 85 struct nf_conn *ct,
86 enum ip_conntrack_info ctinfo, 86 enum ip_conntrack_info ctinfo,
87 unsigned char **data, int dataoff, 87 unsigned char **data, int dataoff,
88 TransportAddress *taddr, __be16 port, 88 TransportAddress *taddr, __be16 port,
89 struct nf_conntrack_expect *exp) __read_mostly; 89 struct nf_conntrack_expect *exp) __read_mostly;
90int (*nat_callforwarding_hook) (struct sk_buff **pskb, 90int (*nat_callforwarding_hook) (struct sk_buff *skb,
91 struct nf_conn *ct, 91 struct nf_conn *ct,
92 enum ip_conntrack_info ctinfo, 92 enum ip_conntrack_info ctinfo,
93 unsigned char **data, int dataoff, 93 unsigned char **data, int dataoff,
94 TransportAddress *taddr, __be16 port, 94 TransportAddress *taddr, __be16 port,
95 struct nf_conntrack_expect *exp) __read_mostly; 95 struct nf_conntrack_expect *exp) __read_mostly;
96int (*nat_q931_hook) (struct sk_buff **pskb, 96int (*nat_q931_hook) (struct sk_buff *skb,
97 struct nf_conn *ct, 97 struct nf_conn *ct,
98 enum ip_conntrack_info ctinfo, 98 enum ip_conntrack_info ctinfo,
99 unsigned char **data, TransportAddress *taddr, int idx, 99 unsigned char **data, TransportAddress *taddr, int idx,
@@ -108,7 +108,7 @@ static struct nf_conntrack_helper nf_conntrack_helper_q931[];
108static struct nf_conntrack_helper nf_conntrack_helper_ras[]; 108static struct nf_conntrack_helper nf_conntrack_helper_ras[];
109 109
110/****************************************************************************/ 110/****************************************************************************/
111static int get_tpkt_data(struct sk_buff **pskb, unsigned int protoff, 111static int get_tpkt_data(struct sk_buff *skb, unsigned int protoff,
112 struct nf_conn *ct, enum ip_conntrack_info ctinfo, 112 struct nf_conn *ct, enum ip_conntrack_info ctinfo,
113 unsigned char **data, int *datalen, int *dataoff) 113 unsigned char **data, int *datalen, int *dataoff)
114{ 114{
@@ -122,7 +122,7 @@ static int get_tpkt_data(struct sk_buff **pskb, unsigned int protoff,
122 int tpktoff; 122 int tpktoff;
123 123
124 /* Get TCP header */ 124 /* Get TCP header */
125 th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); 125 th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
126 if (th == NULL) 126 if (th == NULL)
127 return 0; 127 return 0;
128 128
@@ -130,13 +130,13 @@ static int get_tpkt_data(struct sk_buff **pskb, unsigned int protoff,
130 tcpdataoff = protoff + th->doff * 4; 130 tcpdataoff = protoff + th->doff * 4;
131 131
132 /* Get TCP data length */ 132 /* Get TCP data length */
133 tcpdatalen = (*pskb)->len - tcpdataoff; 133 tcpdatalen = skb->len - tcpdataoff;
134 if (tcpdatalen <= 0) /* No TCP data */ 134 if (tcpdatalen <= 0) /* No TCP data */
135 goto clear_out; 135 goto clear_out;
136 136
137 if (*data == NULL) { /* first TPKT */ 137 if (*data == NULL) { /* first TPKT */
138 /* Get first TPKT pointer */ 138 /* Get first TPKT pointer */
139 tpkt = skb_header_pointer(*pskb, tcpdataoff, tcpdatalen, 139 tpkt = skb_header_pointer(skb, tcpdataoff, tcpdatalen,
140 h323_buffer); 140 h323_buffer);
141 BUG_ON(tpkt == NULL); 141 BUG_ON(tpkt == NULL);
142 142
@@ -248,7 +248,7 @@ static int get_h245_addr(struct nf_conn *ct, unsigned char *data,
248} 248}
249 249
250/****************************************************************************/ 250/****************************************************************************/
251static int expect_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, 251static int expect_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
252 enum ip_conntrack_info ctinfo, 252 enum ip_conntrack_info ctinfo,
253 unsigned char **data, int dataoff, 253 unsigned char **data, int dataoff,
254 H245_TransportAddress *taddr) 254 H245_TransportAddress *taddr)
@@ -297,7 +297,7 @@ static int expect_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct,
297 (nat_rtp_rtcp = rcu_dereference(nat_rtp_rtcp_hook)) && 297 (nat_rtp_rtcp = rcu_dereference(nat_rtp_rtcp_hook)) &&
298 ct->status & IPS_NAT_MASK) { 298 ct->status & IPS_NAT_MASK) {
299 /* NAT needed */ 299 /* NAT needed */
300 ret = nat_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, 300 ret = nat_rtp_rtcp(skb, ct, ctinfo, data, dataoff,
301 taddr, port, rtp_port, rtp_exp, rtcp_exp); 301 taddr, port, rtp_port, rtp_exp, rtcp_exp);
302 } else { /* Conntrack only */ 302 } else { /* Conntrack only */
303 if (nf_ct_expect_related(rtp_exp) == 0) { 303 if (nf_ct_expect_related(rtp_exp) == 0) {
@@ -321,7 +321,7 @@ static int expect_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct,
321} 321}
322 322
323/****************************************************************************/ 323/****************************************************************************/
324static int expect_t120(struct sk_buff **pskb, 324static int expect_t120(struct sk_buff *skb,
325 struct nf_conn *ct, 325 struct nf_conn *ct,
326 enum ip_conntrack_info ctinfo, 326 enum ip_conntrack_info ctinfo,
327 unsigned char **data, int dataoff, 327 unsigned char **data, int dataoff,
@@ -355,7 +355,7 @@ static int expect_t120(struct sk_buff **pskb,
355 (nat_t120 = rcu_dereference(nat_t120_hook)) && 355 (nat_t120 = rcu_dereference(nat_t120_hook)) &&
356 ct->status & IPS_NAT_MASK) { 356 ct->status & IPS_NAT_MASK) {
357 /* NAT needed */ 357 /* NAT needed */
358 ret = nat_t120(pskb, ct, ctinfo, data, dataoff, taddr, 358 ret = nat_t120(skb, ct, ctinfo, data, dataoff, taddr,
359 port, exp); 359 port, exp);
360 } else { /* Conntrack only */ 360 } else { /* Conntrack only */
361 if (nf_ct_expect_related(exp) == 0) { 361 if (nf_ct_expect_related(exp) == 0) {
@@ -371,7 +371,7 @@ static int expect_t120(struct sk_buff **pskb,
371} 371}
372 372
373/****************************************************************************/ 373/****************************************************************************/
374static int process_h245_channel(struct sk_buff **pskb, 374static int process_h245_channel(struct sk_buff *skb,
375 struct nf_conn *ct, 375 struct nf_conn *ct,
376 enum ip_conntrack_info ctinfo, 376 enum ip_conntrack_info ctinfo,
377 unsigned char **data, int dataoff, 377 unsigned char **data, int dataoff,
@@ -381,7 +381,7 @@ static int process_h245_channel(struct sk_buff **pskb,
381 381
382 if (channel->options & eH2250LogicalChannelParameters_mediaChannel) { 382 if (channel->options & eH2250LogicalChannelParameters_mediaChannel) {
383 /* RTP */ 383 /* RTP */
384 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, 384 ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff,
385 &channel->mediaChannel); 385 &channel->mediaChannel);
386 if (ret < 0) 386 if (ret < 0)
387 return -1; 387 return -1;
@@ -390,7 +390,7 @@ static int process_h245_channel(struct sk_buff **pskb,
390 if (channel-> 390 if (channel->
391 options & eH2250LogicalChannelParameters_mediaControlChannel) { 391 options & eH2250LogicalChannelParameters_mediaControlChannel) {
392 /* RTCP */ 392 /* RTCP */
393 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, 393 ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff,
394 &channel->mediaControlChannel); 394 &channel->mediaControlChannel);
395 if (ret < 0) 395 if (ret < 0)
396 return -1; 396 return -1;
@@ -400,7 +400,7 @@ static int process_h245_channel(struct sk_buff **pskb,
400} 400}
401 401
402/****************************************************************************/ 402/****************************************************************************/
403static int process_olc(struct sk_buff **pskb, struct nf_conn *ct, 403static int process_olc(struct sk_buff *skb, struct nf_conn *ct,
404 enum ip_conntrack_info ctinfo, 404 enum ip_conntrack_info ctinfo,
405 unsigned char **data, int dataoff, 405 unsigned char **data, int dataoff,
406 OpenLogicalChannel *olc) 406 OpenLogicalChannel *olc)
@@ -412,7 +412,7 @@ static int process_olc(struct sk_buff **pskb, struct nf_conn *ct,
412 if (olc->forwardLogicalChannelParameters.multiplexParameters.choice == 412 if (olc->forwardLogicalChannelParameters.multiplexParameters.choice ==
413 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters) 413 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)
414 { 414 {
415 ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff, 415 ret = process_h245_channel(skb, ct, ctinfo, data, dataoff,
416 &olc-> 416 &olc->
417 forwardLogicalChannelParameters. 417 forwardLogicalChannelParameters.
418 multiplexParameters. 418 multiplexParameters.
@@ -430,7 +430,7 @@ static int process_olc(struct sk_buff **pskb, struct nf_conn *ct,
430 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) 430 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
431 { 431 {
432 ret = 432 ret =
433 process_h245_channel(pskb, ct, ctinfo, data, dataoff, 433 process_h245_channel(skb, ct, ctinfo, data, dataoff,
434 &olc-> 434 &olc->
435 reverseLogicalChannelParameters. 435 reverseLogicalChannelParameters.
436 multiplexParameters. 436 multiplexParameters.
@@ -448,7 +448,7 @@ static int process_olc(struct sk_buff **pskb, struct nf_conn *ct,
448 t120.choice == eDataProtocolCapability_separateLANStack && 448 t120.choice == eDataProtocolCapability_separateLANStack &&
449 olc->separateStack.networkAddress.choice == 449 olc->separateStack.networkAddress.choice ==
450 eNetworkAccessParameters_networkAddress_localAreaAddress) { 450 eNetworkAccessParameters_networkAddress_localAreaAddress) {
451 ret = expect_t120(pskb, ct, ctinfo, data, dataoff, 451 ret = expect_t120(skb, ct, ctinfo, data, dataoff,
452 &olc->separateStack.networkAddress. 452 &olc->separateStack.networkAddress.
453 localAreaAddress); 453 localAreaAddress);
454 if (ret < 0) 454 if (ret < 0)
@@ -459,7 +459,7 @@ static int process_olc(struct sk_buff **pskb, struct nf_conn *ct,
459} 459}
460 460
461/****************************************************************************/ 461/****************************************************************************/
462static int process_olca(struct sk_buff **pskb, struct nf_conn *ct, 462static int process_olca(struct sk_buff *skb, struct nf_conn *ct,
463 enum ip_conntrack_info ctinfo, 463 enum ip_conntrack_info ctinfo,
464 unsigned char **data, int dataoff, 464 unsigned char **data, int dataoff,
465 OpenLogicalChannelAck *olca) 465 OpenLogicalChannelAck *olca)
@@ -477,7 +477,7 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct,
477 choice == 477 choice ==
478 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) 478 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
479 { 479 {
480 ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff, 480 ret = process_h245_channel(skb, ct, ctinfo, data, dataoff,
481 &olca-> 481 &olca->
482 reverseLogicalChannelParameters. 482 reverseLogicalChannelParameters.
483 multiplexParameters. 483 multiplexParameters.
@@ -496,7 +496,7 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct,
496 if (ack->options & 496 if (ack->options &
497 eH2250LogicalChannelAckParameters_mediaChannel) { 497 eH2250LogicalChannelAckParameters_mediaChannel) {
498 /* RTP */ 498 /* RTP */
499 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, 499 ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff,
500 &ack->mediaChannel); 500 &ack->mediaChannel);
501 if (ret < 0) 501 if (ret < 0)
502 return -1; 502 return -1;
@@ -505,7 +505,7 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct,
505 if (ack->options & 505 if (ack->options &
506 eH2250LogicalChannelAckParameters_mediaControlChannel) { 506 eH2250LogicalChannelAckParameters_mediaControlChannel) {
507 /* RTCP */ 507 /* RTCP */
508 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, 508 ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff,
509 &ack->mediaControlChannel); 509 &ack->mediaControlChannel);
510 if (ret < 0) 510 if (ret < 0)
511 return -1; 511 return -1;
@@ -515,7 +515,7 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct,
515 if ((olca->options & eOpenLogicalChannelAck_separateStack) && 515 if ((olca->options & eOpenLogicalChannelAck_separateStack) &&
516 olca->separateStack.networkAddress.choice == 516 olca->separateStack.networkAddress.choice ==
517 eNetworkAccessParameters_networkAddress_localAreaAddress) { 517 eNetworkAccessParameters_networkAddress_localAreaAddress) {
518 ret = expect_t120(pskb, ct, ctinfo, data, dataoff, 518 ret = expect_t120(skb, ct, ctinfo, data, dataoff,
519 &olca->separateStack.networkAddress. 519 &olca->separateStack.networkAddress.
520 localAreaAddress); 520 localAreaAddress);
521 if (ret < 0) 521 if (ret < 0)
@@ -526,7 +526,7 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct,
526} 526}
527 527
528/****************************************************************************/ 528/****************************************************************************/
529static int process_h245(struct sk_buff **pskb, struct nf_conn *ct, 529static int process_h245(struct sk_buff *skb, struct nf_conn *ct,
530 enum ip_conntrack_info ctinfo, 530 enum ip_conntrack_info ctinfo,
531 unsigned char **data, int dataoff, 531 unsigned char **data, int dataoff,
532 MultimediaSystemControlMessage *mscm) 532 MultimediaSystemControlMessage *mscm)
@@ -535,7 +535,7 @@ static int process_h245(struct sk_buff **pskb, struct nf_conn *ct,
535 case eMultimediaSystemControlMessage_request: 535 case eMultimediaSystemControlMessage_request:
536 if (mscm->request.choice == 536 if (mscm->request.choice ==
537 eRequestMessage_openLogicalChannel) { 537 eRequestMessage_openLogicalChannel) {
538 return process_olc(pskb, ct, ctinfo, data, dataoff, 538 return process_olc(skb, ct, ctinfo, data, dataoff,
539 &mscm->request.openLogicalChannel); 539 &mscm->request.openLogicalChannel);
540 } 540 }
541 pr_debug("nf_ct_h323: H.245 Request %d\n", 541 pr_debug("nf_ct_h323: H.245 Request %d\n",
@@ -544,7 +544,7 @@ static int process_h245(struct sk_buff **pskb, struct nf_conn *ct,
544 case eMultimediaSystemControlMessage_response: 544 case eMultimediaSystemControlMessage_response:
545 if (mscm->response.choice == 545 if (mscm->response.choice ==
546 eResponseMessage_openLogicalChannelAck) { 546 eResponseMessage_openLogicalChannelAck) {
547 return process_olca(pskb, ct, ctinfo, data, dataoff, 547 return process_olca(skb, ct, ctinfo, data, dataoff,
548 &mscm->response. 548 &mscm->response.
549 openLogicalChannelAck); 549 openLogicalChannelAck);
550 } 550 }
@@ -560,7 +560,7 @@ static int process_h245(struct sk_buff **pskb, struct nf_conn *ct,
560} 560}
561 561
562/****************************************************************************/ 562/****************************************************************************/
563static int h245_help(struct sk_buff **pskb, unsigned int protoff, 563static int h245_help(struct sk_buff *skb, unsigned int protoff,
564 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 564 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
565{ 565{
566 static MultimediaSystemControlMessage mscm; 566 static MultimediaSystemControlMessage mscm;
@@ -574,12 +574,12 @@ static int h245_help(struct sk_buff **pskb, unsigned int protoff,
574 ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) { 574 ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
575 return NF_ACCEPT; 575 return NF_ACCEPT;
576 } 576 }
577 pr_debug("nf_ct_h245: skblen = %u\n", (*pskb)->len); 577 pr_debug("nf_ct_h245: skblen = %u\n", skb->len);
578 578
579 spin_lock_bh(&nf_h323_lock); 579 spin_lock_bh(&nf_h323_lock);
580 580
581 /* Process each TPKT */ 581 /* Process each TPKT */
582 while (get_tpkt_data(pskb, protoff, ct, ctinfo, 582 while (get_tpkt_data(skb, protoff, ct, ctinfo,
583 &data, &datalen, &dataoff)) { 583 &data, &datalen, &dataoff)) {
584 pr_debug("nf_ct_h245: TPKT len=%d ", datalen); 584 pr_debug("nf_ct_h245: TPKT len=%d ", datalen);
585 NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); 585 NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple);
@@ -596,7 +596,7 @@ static int h245_help(struct sk_buff **pskb, unsigned int protoff,
596 } 596 }
597 597
598 /* Process H.245 signal */ 598 /* Process H.245 signal */
599 if (process_h245(pskb, ct, ctinfo, &data, dataoff, &mscm) < 0) 599 if (process_h245(skb, ct, ctinfo, &data, dataoff, &mscm) < 0)
600 goto drop; 600 goto drop;
601 } 601 }
602 602
@@ -654,7 +654,7 @@ int get_h225_addr(struct nf_conn *ct, unsigned char *data,
654} 654}
655 655
656/****************************************************************************/ 656/****************************************************************************/
657static int expect_h245(struct sk_buff **pskb, struct nf_conn *ct, 657static int expect_h245(struct sk_buff *skb, struct nf_conn *ct,
658 enum ip_conntrack_info ctinfo, 658 enum ip_conntrack_info ctinfo,
659 unsigned char **data, int dataoff, 659 unsigned char **data, int dataoff,
660 TransportAddress *taddr) 660 TransportAddress *taddr)
@@ -687,7 +687,7 @@ static int expect_h245(struct sk_buff **pskb, struct nf_conn *ct,
687 (nat_h245 = rcu_dereference(nat_h245_hook)) && 687 (nat_h245 = rcu_dereference(nat_h245_hook)) &&
688 ct->status & IPS_NAT_MASK) { 688 ct->status & IPS_NAT_MASK) {
689 /* NAT needed */ 689 /* NAT needed */
690 ret = nat_h245(pskb, ct, ctinfo, data, dataoff, taddr, 690 ret = nat_h245(skb, ct, ctinfo, data, dataoff, taddr,
691 port, exp); 691 port, exp);
692 } else { /* Conntrack only */ 692 } else { /* Conntrack only */
693 if (nf_ct_expect_related(exp) == 0) { 693 if (nf_ct_expect_related(exp) == 0) {
@@ -758,7 +758,7 @@ static int callforward_do_filter(union nf_conntrack_address *src,
758} 758}
759 759
760/****************************************************************************/ 760/****************************************************************************/
761static int expect_callforwarding(struct sk_buff **pskb, 761static int expect_callforwarding(struct sk_buff *skb,
762 struct nf_conn *ct, 762 struct nf_conn *ct,
763 enum ip_conntrack_info ctinfo, 763 enum ip_conntrack_info ctinfo,
764 unsigned char **data, int dataoff, 764 unsigned char **data, int dataoff,
@@ -798,7 +798,7 @@ static int expect_callforwarding(struct sk_buff **pskb,
798 (nat_callforwarding = rcu_dereference(nat_callforwarding_hook)) && 798 (nat_callforwarding = rcu_dereference(nat_callforwarding_hook)) &&
799 ct->status & IPS_NAT_MASK) { 799 ct->status & IPS_NAT_MASK) {
800 /* Need NAT */ 800 /* Need NAT */
801 ret = nat_callforwarding(pskb, ct, ctinfo, data, dataoff, 801 ret = nat_callforwarding(skb, ct, ctinfo, data, dataoff,
802 taddr, port, exp); 802 taddr, port, exp);
803 } else { /* Conntrack only */ 803 } else { /* Conntrack only */
804 if (nf_ct_expect_related(exp) == 0) { 804 if (nf_ct_expect_related(exp) == 0) {
@@ -814,7 +814,7 @@ static int expect_callforwarding(struct sk_buff **pskb,
814} 814}
815 815
816/****************************************************************************/ 816/****************************************************************************/
817static int process_setup(struct sk_buff **pskb, struct nf_conn *ct, 817static int process_setup(struct sk_buff *skb, struct nf_conn *ct,
818 enum ip_conntrack_info ctinfo, 818 enum ip_conntrack_info ctinfo,
819 unsigned char **data, int dataoff, 819 unsigned char **data, int dataoff,
820 Setup_UUIE *setup) 820 Setup_UUIE *setup)
@@ -829,7 +829,7 @@ static int process_setup(struct sk_buff **pskb, struct nf_conn *ct,
829 pr_debug("nf_ct_q931: Setup\n"); 829 pr_debug("nf_ct_q931: Setup\n");
830 830
831 if (setup->options & eSetup_UUIE_h245Address) { 831 if (setup->options & eSetup_UUIE_h245Address) {
832 ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 832 ret = expect_h245(skb, ct, ctinfo, data, dataoff,
833 &setup->h245Address); 833 &setup->h245Address);
834 if (ret < 0) 834 if (ret < 0)
835 return -1; 835 return -1;
@@ -846,7 +846,7 @@ static int process_setup(struct sk_buff **pskb, struct nf_conn *ct,
846 NIP6(*(struct in6_addr *)&addr), ntohs(port), 846 NIP6(*(struct in6_addr *)&addr), ntohs(port),
847 NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.src.u3), 847 NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.src.u3),
848 ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port)); 848 ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port));
849 ret = set_h225_addr(pskb, data, dataoff, 849 ret = set_h225_addr(skb, data, dataoff,
850 &setup->destCallSignalAddress, 850 &setup->destCallSignalAddress,
851 &ct->tuplehash[!dir].tuple.src.u3, 851 &ct->tuplehash[!dir].tuple.src.u3,
852 ct->tuplehash[!dir].tuple.src.u.tcp.port); 852 ct->tuplehash[!dir].tuple.src.u.tcp.port);
@@ -864,7 +864,7 @@ static int process_setup(struct sk_buff **pskb, struct nf_conn *ct,
864 NIP6(*(struct in6_addr *)&addr), ntohs(port), 864 NIP6(*(struct in6_addr *)&addr), ntohs(port),
865 NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.dst.u3), 865 NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.dst.u3),
866 ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port)); 866 ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port));
867 ret = set_h225_addr(pskb, data, dataoff, 867 ret = set_h225_addr(skb, data, dataoff,
868 &setup->sourceCallSignalAddress, 868 &setup->sourceCallSignalAddress,
869 &ct->tuplehash[!dir].tuple.dst.u3, 869 &ct->tuplehash[!dir].tuple.dst.u3,
870 ct->tuplehash[!dir].tuple.dst.u.tcp.port); 870 ct->tuplehash[!dir].tuple.dst.u.tcp.port);
@@ -874,7 +874,7 @@ static int process_setup(struct sk_buff **pskb, struct nf_conn *ct,
874 874
875 if (setup->options & eSetup_UUIE_fastStart) { 875 if (setup->options & eSetup_UUIE_fastStart) {
876 for (i = 0; i < setup->fastStart.count; i++) { 876 for (i = 0; i < setup->fastStart.count; i++) {
877 ret = process_olc(pskb, ct, ctinfo, data, dataoff, 877 ret = process_olc(skb, ct, ctinfo, data, dataoff,
878 &setup->fastStart.item[i]); 878 &setup->fastStart.item[i]);
879 if (ret < 0) 879 if (ret < 0)
880 return -1; 880 return -1;
@@ -885,7 +885,7 @@ static int process_setup(struct sk_buff **pskb, struct nf_conn *ct,
885} 885}
886 886
887/****************************************************************************/ 887/****************************************************************************/
888static int process_callproceeding(struct sk_buff **pskb, 888static int process_callproceeding(struct sk_buff *skb,
889 struct nf_conn *ct, 889 struct nf_conn *ct,
890 enum ip_conntrack_info ctinfo, 890 enum ip_conntrack_info ctinfo,
891 unsigned char **data, int dataoff, 891 unsigned char **data, int dataoff,
@@ -897,7 +897,7 @@ static int process_callproceeding(struct sk_buff **pskb,
897 pr_debug("nf_ct_q931: CallProceeding\n"); 897 pr_debug("nf_ct_q931: CallProceeding\n");
898 898
899 if (callproc->options & eCallProceeding_UUIE_h245Address) { 899 if (callproc->options & eCallProceeding_UUIE_h245Address) {
900 ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 900 ret = expect_h245(skb, ct, ctinfo, data, dataoff,
901 &callproc->h245Address); 901 &callproc->h245Address);
902 if (ret < 0) 902 if (ret < 0)
903 return -1; 903 return -1;
@@ -905,7 +905,7 @@ static int process_callproceeding(struct sk_buff **pskb,
905 905
906 if (callproc->options & eCallProceeding_UUIE_fastStart) { 906 if (callproc->options & eCallProceeding_UUIE_fastStart) {
907 for (i = 0; i < callproc->fastStart.count; i++) { 907 for (i = 0; i < callproc->fastStart.count; i++) {
908 ret = process_olc(pskb, ct, ctinfo, data, dataoff, 908 ret = process_olc(skb, ct, ctinfo, data, dataoff,
909 &callproc->fastStart.item[i]); 909 &callproc->fastStart.item[i]);
910 if (ret < 0) 910 if (ret < 0)
911 return -1; 911 return -1;
@@ -916,7 +916,7 @@ static int process_callproceeding(struct sk_buff **pskb,
916} 916}
917 917
918/****************************************************************************/ 918/****************************************************************************/
919static int process_connect(struct sk_buff **pskb, struct nf_conn *ct, 919static int process_connect(struct sk_buff *skb, struct nf_conn *ct,
920 enum ip_conntrack_info ctinfo, 920 enum ip_conntrack_info ctinfo,
921 unsigned char **data, int dataoff, 921 unsigned char **data, int dataoff,
922 Connect_UUIE *connect) 922 Connect_UUIE *connect)
@@ -927,7 +927,7 @@ static int process_connect(struct sk_buff **pskb, struct nf_conn *ct,
927 pr_debug("nf_ct_q931: Connect\n"); 927 pr_debug("nf_ct_q931: Connect\n");
928 928
929 if (connect->options & eConnect_UUIE_h245Address) { 929 if (connect->options & eConnect_UUIE_h245Address) {
930 ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 930 ret = expect_h245(skb, ct, ctinfo, data, dataoff,
931 &connect->h245Address); 931 &connect->h245Address);
932 if (ret < 0) 932 if (ret < 0)
933 return -1; 933 return -1;
@@ -935,7 +935,7 @@ static int process_connect(struct sk_buff **pskb, struct nf_conn *ct,
935 935
936 if (connect->options & eConnect_UUIE_fastStart) { 936 if (connect->options & eConnect_UUIE_fastStart) {
937 for (i = 0; i < connect->fastStart.count; i++) { 937 for (i = 0; i < connect->fastStart.count; i++) {
938 ret = process_olc(pskb, ct, ctinfo, data, dataoff, 938 ret = process_olc(skb, ct, ctinfo, data, dataoff,
939 &connect->fastStart.item[i]); 939 &connect->fastStart.item[i]);
940 if (ret < 0) 940 if (ret < 0)
941 return -1; 941 return -1;
@@ -946,7 +946,7 @@ static int process_connect(struct sk_buff **pskb, struct nf_conn *ct,
946} 946}
947 947
948/****************************************************************************/ 948/****************************************************************************/
949static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct, 949static int process_alerting(struct sk_buff *skb, struct nf_conn *ct,
950 enum ip_conntrack_info ctinfo, 950 enum ip_conntrack_info ctinfo,
951 unsigned char **data, int dataoff, 951 unsigned char **data, int dataoff,
952 Alerting_UUIE *alert) 952 Alerting_UUIE *alert)
@@ -957,7 +957,7 @@ static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct,
957 pr_debug("nf_ct_q931: Alerting\n"); 957 pr_debug("nf_ct_q931: Alerting\n");
958 958
959 if (alert->options & eAlerting_UUIE_h245Address) { 959 if (alert->options & eAlerting_UUIE_h245Address) {
960 ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 960 ret = expect_h245(skb, ct, ctinfo, data, dataoff,
961 &alert->h245Address); 961 &alert->h245Address);
962 if (ret < 0) 962 if (ret < 0)
963 return -1; 963 return -1;
@@ -965,7 +965,7 @@ static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct,
965 965
966 if (alert->options & eAlerting_UUIE_fastStart) { 966 if (alert->options & eAlerting_UUIE_fastStart) {
967 for (i = 0; i < alert->fastStart.count; i++) { 967 for (i = 0; i < alert->fastStart.count; i++) {
968 ret = process_olc(pskb, ct, ctinfo, data, dataoff, 968 ret = process_olc(skb, ct, ctinfo, data, dataoff,
969 &alert->fastStart.item[i]); 969 &alert->fastStart.item[i]);
970 if (ret < 0) 970 if (ret < 0)
971 return -1; 971 return -1;
@@ -976,7 +976,7 @@ static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct,
976} 976}
977 977
978/****************************************************************************/ 978/****************************************************************************/
979static int process_facility(struct sk_buff **pskb, struct nf_conn *ct, 979static int process_facility(struct sk_buff *skb, struct nf_conn *ct,
980 enum ip_conntrack_info ctinfo, 980 enum ip_conntrack_info ctinfo,
981 unsigned char **data, int dataoff, 981 unsigned char **data, int dataoff,
982 Facility_UUIE *facility) 982 Facility_UUIE *facility)
@@ -988,7 +988,7 @@ static int process_facility(struct sk_buff **pskb, struct nf_conn *ct,
988 988
989 if (facility->reason.choice == eFacilityReason_callForwarded) { 989 if (facility->reason.choice == eFacilityReason_callForwarded) {
990 if (facility->options & eFacility_UUIE_alternativeAddress) 990 if (facility->options & eFacility_UUIE_alternativeAddress)
991 return expect_callforwarding(pskb, ct, ctinfo, data, 991 return expect_callforwarding(skb, ct, ctinfo, data,
992 dataoff, 992 dataoff,
993 &facility-> 993 &facility->
994 alternativeAddress); 994 alternativeAddress);
@@ -996,7 +996,7 @@ static int process_facility(struct sk_buff **pskb, struct nf_conn *ct,
996 } 996 }
997 997
998 if (facility->options & eFacility_UUIE_h245Address) { 998 if (facility->options & eFacility_UUIE_h245Address) {
999 ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 999 ret = expect_h245(skb, ct, ctinfo, data, dataoff,
1000 &facility->h245Address); 1000 &facility->h245Address);
1001 if (ret < 0) 1001 if (ret < 0)
1002 return -1; 1002 return -1;
@@ -1004,7 +1004,7 @@ static int process_facility(struct sk_buff **pskb, struct nf_conn *ct,
1004 1004
1005 if (facility->options & eFacility_UUIE_fastStart) { 1005 if (facility->options & eFacility_UUIE_fastStart) {
1006 for (i = 0; i < facility->fastStart.count; i++) { 1006 for (i = 0; i < facility->fastStart.count; i++) {
1007 ret = process_olc(pskb, ct, ctinfo, data, dataoff, 1007 ret = process_olc(skb, ct, ctinfo, data, dataoff,
1008 &facility->fastStart.item[i]); 1008 &facility->fastStart.item[i]);
1009 if (ret < 0) 1009 if (ret < 0)
1010 return -1; 1010 return -1;
@@ -1015,7 +1015,7 @@ static int process_facility(struct sk_buff **pskb, struct nf_conn *ct,
1015} 1015}
1016 1016
1017/****************************************************************************/ 1017/****************************************************************************/
1018static int process_progress(struct sk_buff **pskb, struct nf_conn *ct, 1018static int process_progress(struct sk_buff *skb, struct nf_conn *ct,
1019 enum ip_conntrack_info ctinfo, 1019 enum ip_conntrack_info ctinfo,
1020 unsigned char **data, int dataoff, 1020 unsigned char **data, int dataoff,
1021 Progress_UUIE *progress) 1021 Progress_UUIE *progress)
@@ -1026,7 +1026,7 @@ static int process_progress(struct sk_buff **pskb, struct nf_conn *ct,
1026 pr_debug("nf_ct_q931: Progress\n"); 1026 pr_debug("nf_ct_q931: Progress\n");
1027 1027
1028 if (progress->options & eProgress_UUIE_h245Address) { 1028 if (progress->options & eProgress_UUIE_h245Address) {
1029 ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 1029 ret = expect_h245(skb, ct, ctinfo, data, dataoff,
1030 &progress->h245Address); 1030 &progress->h245Address);
1031 if (ret < 0) 1031 if (ret < 0)
1032 return -1; 1032 return -1;
@@ -1034,7 +1034,7 @@ static int process_progress(struct sk_buff **pskb, struct nf_conn *ct,
1034 1034
1035 if (progress->options & eProgress_UUIE_fastStart) { 1035 if (progress->options & eProgress_UUIE_fastStart) {
1036 for (i = 0; i < progress->fastStart.count; i++) { 1036 for (i = 0; i < progress->fastStart.count; i++) {
1037 ret = process_olc(pskb, ct, ctinfo, data, dataoff, 1037 ret = process_olc(skb, ct, ctinfo, data, dataoff,
1038 &progress->fastStart.item[i]); 1038 &progress->fastStart.item[i]);
1039 if (ret < 0) 1039 if (ret < 0)
1040 return -1; 1040 return -1;
@@ -1045,7 +1045,7 @@ static int process_progress(struct sk_buff **pskb, struct nf_conn *ct,
1045} 1045}
1046 1046
1047/****************************************************************************/ 1047/****************************************************************************/
1048static int process_q931(struct sk_buff **pskb, struct nf_conn *ct, 1048static int process_q931(struct sk_buff *skb, struct nf_conn *ct,
1049 enum ip_conntrack_info ctinfo, 1049 enum ip_conntrack_info ctinfo,
1050 unsigned char **data, int dataoff, Q931 *q931) 1050 unsigned char **data, int dataoff, Q931 *q931)
1051{ 1051{
@@ -1055,28 +1055,28 @@ static int process_q931(struct sk_buff **pskb, struct nf_conn *ct,
1055 1055
1056 switch (pdu->h323_message_body.choice) { 1056 switch (pdu->h323_message_body.choice) {
1057 case eH323_UU_PDU_h323_message_body_setup: 1057 case eH323_UU_PDU_h323_message_body_setup:
1058 ret = process_setup(pskb, ct, ctinfo, data, dataoff, 1058 ret = process_setup(skb, ct, ctinfo, data, dataoff,
1059 &pdu->h323_message_body.setup); 1059 &pdu->h323_message_body.setup);
1060 break; 1060 break;
1061 case eH323_UU_PDU_h323_message_body_callProceeding: 1061 case eH323_UU_PDU_h323_message_body_callProceeding:
1062 ret = process_callproceeding(pskb, ct, ctinfo, data, dataoff, 1062 ret = process_callproceeding(skb, ct, ctinfo, data, dataoff,
1063 &pdu->h323_message_body. 1063 &pdu->h323_message_body.
1064 callProceeding); 1064 callProceeding);
1065 break; 1065 break;
1066 case eH323_UU_PDU_h323_message_body_connect: 1066 case eH323_UU_PDU_h323_message_body_connect:
1067 ret = process_connect(pskb, ct, ctinfo, data, dataoff, 1067 ret = process_connect(skb, ct, ctinfo, data, dataoff,
1068 &pdu->h323_message_body.connect); 1068 &pdu->h323_message_body.connect);
1069 break; 1069 break;
1070 case eH323_UU_PDU_h323_message_body_alerting: 1070 case eH323_UU_PDU_h323_message_body_alerting:
1071 ret = process_alerting(pskb, ct, ctinfo, data, dataoff, 1071 ret = process_alerting(skb, ct, ctinfo, data, dataoff,
1072 &pdu->h323_message_body.alerting); 1072 &pdu->h323_message_body.alerting);
1073 break; 1073 break;
1074 case eH323_UU_PDU_h323_message_body_facility: 1074 case eH323_UU_PDU_h323_message_body_facility:
1075 ret = process_facility(pskb, ct, ctinfo, data, dataoff, 1075 ret = process_facility(skb, ct, ctinfo, data, dataoff,
1076 &pdu->h323_message_body.facility); 1076 &pdu->h323_message_body.facility);
1077 break; 1077 break;
1078 case eH323_UU_PDU_h323_message_body_progress: 1078 case eH323_UU_PDU_h323_message_body_progress:
1079 ret = process_progress(pskb, ct, ctinfo, data, dataoff, 1079 ret = process_progress(skb, ct, ctinfo, data, dataoff,
1080 &pdu->h323_message_body.progress); 1080 &pdu->h323_message_body.progress);
1081 break; 1081 break;
1082 default: 1082 default:
@@ -1090,7 +1090,7 @@ static int process_q931(struct sk_buff **pskb, struct nf_conn *ct,
1090 1090
1091 if (pdu->options & eH323_UU_PDU_h245Control) { 1091 if (pdu->options & eH323_UU_PDU_h245Control) {
1092 for (i = 0; i < pdu->h245Control.count; i++) { 1092 for (i = 0; i < pdu->h245Control.count; i++) {
1093 ret = process_h245(pskb, ct, ctinfo, data, dataoff, 1093 ret = process_h245(skb, ct, ctinfo, data, dataoff,
1094 &pdu->h245Control.item[i]); 1094 &pdu->h245Control.item[i]);
1095 if (ret < 0) 1095 if (ret < 0)
1096 return -1; 1096 return -1;
@@ -1101,7 +1101,7 @@ static int process_q931(struct sk_buff **pskb, struct nf_conn *ct,
1101} 1101}
1102 1102
1103/****************************************************************************/ 1103/****************************************************************************/
1104static int q931_help(struct sk_buff **pskb, unsigned int protoff, 1104static int q931_help(struct sk_buff *skb, unsigned int protoff,
1105 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 1105 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1106{ 1106{
1107 static Q931 q931; 1107 static Q931 q931;
@@ -1115,12 +1115,12 @@ static int q931_help(struct sk_buff **pskb, unsigned int protoff,
1115 ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) { 1115 ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
1116 return NF_ACCEPT; 1116 return NF_ACCEPT;
1117 } 1117 }
1118 pr_debug("nf_ct_q931: skblen = %u\n", (*pskb)->len); 1118 pr_debug("nf_ct_q931: skblen = %u\n", skb->len);
1119 1119
1120 spin_lock_bh(&nf_h323_lock); 1120 spin_lock_bh(&nf_h323_lock);
1121 1121
1122 /* Process each TPKT */ 1122 /* Process each TPKT */
1123 while (get_tpkt_data(pskb, protoff, ct, ctinfo, 1123 while (get_tpkt_data(skb, protoff, ct, ctinfo,
1124 &data, &datalen, &dataoff)) { 1124 &data, &datalen, &dataoff)) {
1125 pr_debug("nf_ct_q931: TPKT len=%d ", datalen); 1125 pr_debug("nf_ct_q931: TPKT len=%d ", datalen);
1126 NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); 1126 NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple);
@@ -1136,7 +1136,7 @@ static int q931_help(struct sk_buff **pskb, unsigned int protoff,
1136 } 1136 }
1137 1137
1138 /* Process Q.931 signal */ 1138 /* Process Q.931 signal */
1139 if (process_q931(pskb, ct, ctinfo, &data, dataoff, &q931) < 0) 1139 if (process_q931(skb, ct, ctinfo, &data, dataoff, &q931) < 0)
1140 goto drop; 1140 goto drop;
1141 } 1141 }
1142 1142
@@ -1177,20 +1177,20 @@ static struct nf_conntrack_helper nf_conntrack_helper_q931[] __read_mostly = {
1177}; 1177};
1178 1178
1179/****************************************************************************/ 1179/****************************************************************************/
1180static unsigned char *get_udp_data(struct sk_buff **pskb, unsigned int protoff, 1180static unsigned char *get_udp_data(struct sk_buff *skb, unsigned int protoff,
1181 int *datalen) 1181 int *datalen)
1182{ 1182{
1183 struct udphdr _uh, *uh; 1183 struct udphdr _uh, *uh;
1184 int dataoff; 1184 int dataoff;
1185 1185
1186 uh = skb_header_pointer(*pskb, protoff, sizeof(_uh), &_uh); 1186 uh = skb_header_pointer(skb, protoff, sizeof(_uh), &_uh);
1187 if (uh == NULL) 1187 if (uh == NULL)
1188 return NULL; 1188 return NULL;
1189 dataoff = protoff + sizeof(_uh); 1189 dataoff = protoff + sizeof(_uh);
1190 if (dataoff >= (*pskb)->len) 1190 if (dataoff >= skb->len)
1191 return NULL; 1191 return NULL;
1192 *datalen = (*pskb)->len - dataoff; 1192 *datalen = skb->len - dataoff;
1193 return skb_header_pointer(*pskb, dataoff, *datalen, h323_buffer); 1193 return skb_header_pointer(skb, dataoff, *datalen, h323_buffer);
1194} 1194}
1195 1195
1196/****************************************************************************/ 1196/****************************************************************************/
@@ -1227,7 +1227,7 @@ static int set_expect_timeout(struct nf_conntrack_expect *exp,
1227} 1227}
1228 1228
1229/****************************************************************************/ 1229/****************************************************************************/
1230static int expect_q931(struct sk_buff **pskb, struct nf_conn *ct, 1230static int expect_q931(struct sk_buff *skb, struct nf_conn *ct,
1231 enum ip_conntrack_info ctinfo, 1231 enum ip_conntrack_info ctinfo,
1232 unsigned char **data, 1232 unsigned char **data,
1233 TransportAddress *taddr, int count) 1233 TransportAddress *taddr, int count)
@@ -1265,7 +1265,7 @@ static int expect_q931(struct sk_buff **pskb, struct nf_conn *ct,
1265 1265
1266 nat_q931 = rcu_dereference(nat_q931_hook); 1266 nat_q931 = rcu_dereference(nat_q931_hook);
1267 if (nat_q931 && ct->status & IPS_NAT_MASK) { /* Need NAT */ 1267 if (nat_q931 && ct->status & IPS_NAT_MASK) { /* Need NAT */
1268 ret = nat_q931(pskb, ct, ctinfo, data, taddr, i, port, exp); 1268 ret = nat_q931(skb, ct, ctinfo, data, taddr, i, port, exp);
1269 } else { /* Conntrack only */ 1269 } else { /* Conntrack only */
1270 if (nf_ct_expect_related(exp) == 0) { 1270 if (nf_ct_expect_related(exp) == 0) {
1271 pr_debug("nf_ct_ras: expect Q.931 "); 1271 pr_debug("nf_ct_ras: expect Q.931 ");
@@ -1283,7 +1283,7 @@ static int expect_q931(struct sk_buff **pskb, struct nf_conn *ct,
1283} 1283}
1284 1284
1285/****************************************************************************/ 1285/****************************************************************************/
1286static int process_grq(struct sk_buff **pskb, struct nf_conn *ct, 1286static int process_grq(struct sk_buff *skb, struct nf_conn *ct,
1287 enum ip_conntrack_info ctinfo, 1287 enum ip_conntrack_info ctinfo,
1288 unsigned char **data, GatekeeperRequest *grq) 1288 unsigned char **data, GatekeeperRequest *grq)
1289{ 1289{
@@ -1293,13 +1293,13 @@ static int process_grq(struct sk_buff **pskb, struct nf_conn *ct,
1293 1293
1294 set_ras_addr = rcu_dereference(set_ras_addr_hook); 1294 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1295 if (set_ras_addr && ct->status & IPS_NAT_MASK) /* NATed */ 1295 if (set_ras_addr && ct->status & IPS_NAT_MASK) /* NATed */
1296 return set_ras_addr(pskb, ct, ctinfo, data, 1296 return set_ras_addr(skb, ct, ctinfo, data,
1297 &grq->rasAddress, 1); 1297 &grq->rasAddress, 1);
1298 return 0; 1298 return 0;
1299} 1299}
1300 1300
1301/****************************************************************************/ 1301/****************************************************************************/
1302static int process_gcf(struct sk_buff **pskb, struct nf_conn *ct, 1302static int process_gcf(struct sk_buff *skb, struct nf_conn *ct,
1303 enum ip_conntrack_info ctinfo, 1303 enum ip_conntrack_info ctinfo,
1304 unsigned char **data, GatekeeperConfirm *gcf) 1304 unsigned char **data, GatekeeperConfirm *gcf)
1305{ 1305{
@@ -1343,7 +1343,7 @@ static int process_gcf(struct sk_buff **pskb, struct nf_conn *ct,
1343} 1343}
1344 1344
1345/****************************************************************************/ 1345/****************************************************************************/
1346static int process_rrq(struct sk_buff **pskb, struct nf_conn *ct, 1346static int process_rrq(struct sk_buff *skb, struct nf_conn *ct,
1347 enum ip_conntrack_info ctinfo, 1347 enum ip_conntrack_info ctinfo,
1348 unsigned char **data, RegistrationRequest *rrq) 1348 unsigned char **data, RegistrationRequest *rrq)
1349{ 1349{
@@ -1353,7 +1353,7 @@ static int process_rrq(struct sk_buff **pskb, struct nf_conn *ct,
1353 1353
1354 pr_debug("nf_ct_ras: RRQ\n"); 1354 pr_debug("nf_ct_ras: RRQ\n");
1355 1355
1356 ret = expect_q931(pskb, ct, ctinfo, data, 1356 ret = expect_q931(skb, ct, ctinfo, data,
1357 rrq->callSignalAddress.item, 1357 rrq->callSignalAddress.item,
1358 rrq->callSignalAddress.count); 1358 rrq->callSignalAddress.count);
1359 if (ret < 0) 1359 if (ret < 0)
@@ -1361,7 +1361,7 @@ static int process_rrq(struct sk_buff **pskb, struct nf_conn *ct,
1361 1361
1362 set_ras_addr = rcu_dereference(set_ras_addr_hook); 1362 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1363 if (set_ras_addr && ct->status & IPS_NAT_MASK) { 1363 if (set_ras_addr && ct->status & IPS_NAT_MASK) {
1364 ret = set_ras_addr(pskb, ct, ctinfo, data, 1364 ret = set_ras_addr(skb, ct, ctinfo, data,
1365 rrq->rasAddress.item, 1365 rrq->rasAddress.item,
1366 rrq->rasAddress.count); 1366 rrq->rasAddress.count);
1367 if (ret < 0) 1367 if (ret < 0)
@@ -1378,7 +1378,7 @@ static int process_rrq(struct sk_buff **pskb, struct nf_conn *ct,
1378} 1378}
1379 1379
1380/****************************************************************************/ 1380/****************************************************************************/
1381static int process_rcf(struct sk_buff **pskb, struct nf_conn *ct, 1381static int process_rcf(struct sk_buff *skb, struct nf_conn *ct,
1382 enum ip_conntrack_info ctinfo, 1382 enum ip_conntrack_info ctinfo,
1383 unsigned char **data, RegistrationConfirm *rcf) 1383 unsigned char **data, RegistrationConfirm *rcf)
1384{ 1384{
@@ -1392,7 +1392,7 @@ static int process_rcf(struct sk_buff **pskb, struct nf_conn *ct,
1392 1392
1393 set_sig_addr = rcu_dereference(set_sig_addr_hook); 1393 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1394 if (set_sig_addr && ct->status & IPS_NAT_MASK) { 1394 if (set_sig_addr && ct->status & IPS_NAT_MASK) {
1395 ret = set_sig_addr(pskb, ct, ctinfo, data, 1395 ret = set_sig_addr(skb, ct, ctinfo, data,
1396 rcf->callSignalAddress.item, 1396 rcf->callSignalAddress.item,
1397 rcf->callSignalAddress.count); 1397 rcf->callSignalAddress.count);
1398 if (ret < 0) 1398 if (ret < 0)
@@ -1407,7 +1407,7 @@ static int process_rcf(struct sk_buff **pskb, struct nf_conn *ct,
1407 if (info->timeout > 0) { 1407 if (info->timeout > 0) {
1408 pr_debug("nf_ct_ras: set RAS connection timeout to " 1408 pr_debug("nf_ct_ras: set RAS connection timeout to "
1409 "%u seconds\n", info->timeout); 1409 "%u seconds\n", info->timeout);
1410 nf_ct_refresh(ct, *pskb, info->timeout * HZ); 1410 nf_ct_refresh(ct, skb, info->timeout * HZ);
1411 1411
1412 /* Set expect timeout */ 1412 /* Set expect timeout */
1413 read_lock_bh(&nf_conntrack_lock); 1413 read_lock_bh(&nf_conntrack_lock);
@@ -1427,7 +1427,7 @@ static int process_rcf(struct sk_buff **pskb, struct nf_conn *ct,
1427} 1427}
1428 1428
1429/****************************************************************************/ 1429/****************************************************************************/
1430static int process_urq(struct sk_buff **pskb, struct nf_conn *ct, 1430static int process_urq(struct sk_buff *skb, struct nf_conn *ct,
1431 enum ip_conntrack_info ctinfo, 1431 enum ip_conntrack_info ctinfo,
1432 unsigned char **data, UnregistrationRequest *urq) 1432 unsigned char **data, UnregistrationRequest *urq)
1433{ 1433{
@@ -1440,7 +1440,7 @@ static int process_urq(struct sk_buff **pskb, struct nf_conn *ct,
1440 1440
1441 set_sig_addr = rcu_dereference(set_sig_addr_hook); 1441 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1442 if (set_sig_addr && ct->status & IPS_NAT_MASK) { 1442 if (set_sig_addr && ct->status & IPS_NAT_MASK) {
1443 ret = set_sig_addr(pskb, ct, ctinfo, data, 1443 ret = set_sig_addr(skb, ct, ctinfo, data,
1444 urq->callSignalAddress.item, 1444 urq->callSignalAddress.item,
1445 urq->callSignalAddress.count); 1445 urq->callSignalAddress.count);
1446 if (ret < 0) 1446 if (ret < 0)
@@ -1453,13 +1453,13 @@ static int process_urq(struct sk_buff **pskb, struct nf_conn *ct,
1453 info->sig_port[!dir] = 0; 1453 info->sig_port[!dir] = 0;
1454 1454
1455 /* Give it 30 seconds for UCF or URJ */ 1455 /* Give it 30 seconds for UCF or URJ */
1456 nf_ct_refresh(ct, *pskb, 30 * HZ); 1456 nf_ct_refresh(ct, skb, 30 * HZ);
1457 1457
1458 return 0; 1458 return 0;
1459} 1459}
1460 1460
1461/****************************************************************************/ 1461/****************************************************************************/
1462static int process_arq(struct sk_buff **pskb, struct nf_conn *ct, 1462static int process_arq(struct sk_buff *skb, struct nf_conn *ct,
1463 enum ip_conntrack_info ctinfo, 1463 enum ip_conntrack_info ctinfo,
1464 unsigned char **data, AdmissionRequest *arq) 1464 unsigned char **data, AdmissionRequest *arq)
1465{ 1465{
@@ -1479,7 +1479,7 @@ static int process_arq(struct sk_buff **pskb, struct nf_conn *ct,
1479 port == info->sig_port[dir] && 1479 port == info->sig_port[dir] &&
1480 set_h225_addr && ct->status & IPS_NAT_MASK) { 1480 set_h225_addr && ct->status & IPS_NAT_MASK) {
1481 /* Answering ARQ */ 1481 /* Answering ARQ */
1482 return set_h225_addr(pskb, data, 0, 1482 return set_h225_addr(skb, data, 0,
1483 &arq->destCallSignalAddress, 1483 &arq->destCallSignalAddress,
1484 &ct->tuplehash[!dir].tuple.dst.u3, 1484 &ct->tuplehash[!dir].tuple.dst.u3,
1485 info->sig_port[!dir]); 1485 info->sig_port[!dir]);
@@ -1491,7 +1491,7 @@ static int process_arq(struct sk_buff **pskb, struct nf_conn *ct,
1491 !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) && 1491 !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) &&
1492 set_h225_addr && ct->status & IPS_NAT_MASK) { 1492 set_h225_addr && ct->status & IPS_NAT_MASK) {
1493 /* Calling ARQ */ 1493 /* Calling ARQ */
1494 return set_h225_addr(pskb, data, 0, 1494 return set_h225_addr(skb, data, 0,
1495 &arq->srcCallSignalAddress, 1495 &arq->srcCallSignalAddress,
1496 &ct->tuplehash[!dir].tuple.dst.u3, 1496 &ct->tuplehash[!dir].tuple.dst.u3,
1497 port); 1497 port);
@@ -1501,7 +1501,7 @@ static int process_arq(struct sk_buff **pskb, struct nf_conn *ct,
1501} 1501}
1502 1502
1503/****************************************************************************/ 1503/****************************************************************************/
1504static int process_acf(struct sk_buff **pskb, struct nf_conn *ct, 1504static int process_acf(struct sk_buff *skb, struct nf_conn *ct,
1505 enum ip_conntrack_info ctinfo, 1505 enum ip_conntrack_info ctinfo,
1506 unsigned char **data, AdmissionConfirm *acf) 1506 unsigned char **data, AdmissionConfirm *acf)
1507{ 1507{
@@ -1522,7 +1522,7 @@ static int process_acf(struct sk_buff **pskb, struct nf_conn *ct,
1522 /* Answering ACF */ 1522 /* Answering ACF */
1523 set_sig_addr = rcu_dereference(set_sig_addr_hook); 1523 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1524 if (set_sig_addr && ct->status & IPS_NAT_MASK) 1524 if (set_sig_addr && ct->status & IPS_NAT_MASK)
1525 return set_sig_addr(pskb, ct, ctinfo, data, 1525 return set_sig_addr(skb, ct, ctinfo, data,
1526 &acf->destCallSignalAddress, 1); 1526 &acf->destCallSignalAddress, 1);
1527 return 0; 1527 return 0;
1528 } 1528 }
@@ -1548,7 +1548,7 @@ static int process_acf(struct sk_buff **pskb, struct nf_conn *ct,
1548} 1548}
1549 1549
1550/****************************************************************************/ 1550/****************************************************************************/
1551static int process_lrq(struct sk_buff **pskb, struct nf_conn *ct, 1551static int process_lrq(struct sk_buff *skb, struct nf_conn *ct,
1552 enum ip_conntrack_info ctinfo, 1552 enum ip_conntrack_info ctinfo,
1553 unsigned char **data, LocationRequest *lrq) 1553 unsigned char **data, LocationRequest *lrq)
1554{ 1554{
@@ -1558,13 +1558,13 @@ static int process_lrq(struct sk_buff **pskb, struct nf_conn *ct,
1558 1558
1559 set_ras_addr = rcu_dereference(set_ras_addr_hook); 1559 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1560 if (set_ras_addr && ct->status & IPS_NAT_MASK) 1560 if (set_ras_addr && ct->status & IPS_NAT_MASK)
1561 return set_ras_addr(pskb, ct, ctinfo, data, 1561 return set_ras_addr(skb, ct, ctinfo, data,
1562 &lrq->replyAddress, 1); 1562 &lrq->replyAddress, 1);
1563 return 0; 1563 return 0;
1564} 1564}
1565 1565
1566/****************************************************************************/ 1566/****************************************************************************/
1567static int process_lcf(struct sk_buff **pskb, struct nf_conn *ct, 1567static int process_lcf(struct sk_buff *skb, struct nf_conn *ct,
1568 enum ip_conntrack_info ctinfo, 1568 enum ip_conntrack_info ctinfo,
1569 unsigned char **data, LocationConfirm *lcf) 1569 unsigned char **data, LocationConfirm *lcf)
1570{ 1570{
@@ -1603,7 +1603,7 @@ static int process_lcf(struct sk_buff **pskb, struct nf_conn *ct,
1603} 1603}
1604 1604
1605/****************************************************************************/ 1605/****************************************************************************/
1606static int process_irr(struct sk_buff **pskb, struct nf_conn *ct, 1606static int process_irr(struct sk_buff *skb, struct nf_conn *ct,
1607 enum ip_conntrack_info ctinfo, 1607 enum ip_conntrack_info ctinfo,
1608 unsigned char **data, InfoRequestResponse *irr) 1608 unsigned char **data, InfoRequestResponse *irr)
1609{ 1609{
@@ -1615,7 +1615,7 @@ static int process_irr(struct sk_buff **pskb, struct nf_conn *ct,
1615 1615
1616 set_ras_addr = rcu_dereference(set_ras_addr_hook); 1616 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1617 if (set_ras_addr && ct->status & IPS_NAT_MASK) { 1617 if (set_ras_addr && ct->status & IPS_NAT_MASK) {
1618 ret = set_ras_addr(pskb, ct, ctinfo, data, 1618 ret = set_ras_addr(skb, ct, ctinfo, data,
1619 &irr->rasAddress, 1); 1619 &irr->rasAddress, 1);
1620 if (ret < 0) 1620 if (ret < 0)
1621 return -1; 1621 return -1;
@@ -1623,7 +1623,7 @@ static int process_irr(struct sk_buff **pskb, struct nf_conn *ct,
1623 1623
1624 set_sig_addr = rcu_dereference(set_sig_addr_hook); 1624 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1625 if (set_sig_addr && ct->status & IPS_NAT_MASK) { 1625 if (set_sig_addr && ct->status & IPS_NAT_MASK) {
1626 ret = set_sig_addr(pskb, ct, ctinfo, data, 1626 ret = set_sig_addr(skb, ct, ctinfo, data,
1627 irr->callSignalAddress.item, 1627 irr->callSignalAddress.item,
1628 irr->callSignalAddress.count); 1628 irr->callSignalAddress.count);
1629 if (ret < 0) 1629 if (ret < 0)
@@ -1634,40 +1634,40 @@ static int process_irr(struct sk_buff **pskb, struct nf_conn *ct,
1634} 1634}
1635 1635
1636/****************************************************************************/ 1636/****************************************************************************/
1637static int process_ras(struct sk_buff **pskb, struct nf_conn *ct, 1637static int process_ras(struct sk_buff *skb, struct nf_conn *ct,
1638 enum ip_conntrack_info ctinfo, 1638 enum ip_conntrack_info ctinfo,
1639 unsigned char **data, RasMessage *ras) 1639 unsigned char **data, RasMessage *ras)
1640{ 1640{
1641 switch (ras->choice) { 1641 switch (ras->choice) {
1642 case eRasMessage_gatekeeperRequest: 1642 case eRasMessage_gatekeeperRequest:
1643 return process_grq(pskb, ct, ctinfo, data, 1643 return process_grq(skb, ct, ctinfo, data,
1644 &ras->gatekeeperRequest); 1644 &ras->gatekeeperRequest);
1645 case eRasMessage_gatekeeperConfirm: 1645 case eRasMessage_gatekeeperConfirm:
1646 return process_gcf(pskb, ct, ctinfo, data, 1646 return process_gcf(skb, ct, ctinfo, data,
1647 &ras->gatekeeperConfirm); 1647 &ras->gatekeeperConfirm);
1648 case eRasMessage_registrationRequest: 1648 case eRasMessage_registrationRequest:
1649 return process_rrq(pskb, ct, ctinfo, data, 1649 return process_rrq(skb, ct, ctinfo, data,
1650 &ras->registrationRequest); 1650 &ras->registrationRequest);
1651 case eRasMessage_registrationConfirm: 1651 case eRasMessage_registrationConfirm:
1652 return process_rcf(pskb, ct, ctinfo, data, 1652 return process_rcf(skb, ct, ctinfo, data,
1653 &ras->registrationConfirm); 1653 &ras->registrationConfirm);
1654 case eRasMessage_unregistrationRequest: 1654 case eRasMessage_unregistrationRequest:
1655 return process_urq(pskb, ct, ctinfo, data, 1655 return process_urq(skb, ct, ctinfo, data,
1656 &ras->unregistrationRequest); 1656 &ras->unregistrationRequest);
1657 case eRasMessage_admissionRequest: 1657 case eRasMessage_admissionRequest:
1658 return process_arq(pskb, ct, ctinfo, data, 1658 return process_arq(skb, ct, ctinfo, data,
1659 &ras->admissionRequest); 1659 &ras->admissionRequest);
1660 case eRasMessage_admissionConfirm: 1660 case eRasMessage_admissionConfirm:
1661 return process_acf(pskb, ct, ctinfo, data, 1661 return process_acf(skb, ct, ctinfo, data,
1662 &ras->admissionConfirm); 1662 &ras->admissionConfirm);
1663 case eRasMessage_locationRequest: 1663 case eRasMessage_locationRequest:
1664 return process_lrq(pskb, ct, ctinfo, data, 1664 return process_lrq(skb, ct, ctinfo, data,
1665 &ras->locationRequest); 1665 &ras->locationRequest);
1666 case eRasMessage_locationConfirm: 1666 case eRasMessage_locationConfirm:
1667 return process_lcf(pskb, ct, ctinfo, data, 1667 return process_lcf(skb, ct, ctinfo, data,
1668 &ras->locationConfirm); 1668 &ras->locationConfirm);
1669 case eRasMessage_infoRequestResponse: 1669 case eRasMessage_infoRequestResponse:
1670 return process_irr(pskb, ct, ctinfo, data, 1670 return process_irr(skb, ct, ctinfo, data,
1671 &ras->infoRequestResponse); 1671 &ras->infoRequestResponse);
1672 default: 1672 default:
1673 pr_debug("nf_ct_ras: RAS message %d\n", ras->choice); 1673 pr_debug("nf_ct_ras: RAS message %d\n", ras->choice);
@@ -1678,7 +1678,7 @@ static int process_ras(struct sk_buff **pskb, struct nf_conn *ct,
1678} 1678}
1679 1679
1680/****************************************************************************/ 1680/****************************************************************************/
1681static int ras_help(struct sk_buff **pskb, unsigned int protoff, 1681static int ras_help(struct sk_buff *skb, unsigned int protoff,
1682 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 1682 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1683{ 1683{
1684 static RasMessage ras; 1684 static RasMessage ras;
@@ -1686,12 +1686,12 @@ static int ras_help(struct sk_buff **pskb, unsigned int protoff,
1686 int datalen = 0; 1686 int datalen = 0;
1687 int ret; 1687 int ret;
1688 1688
1689 pr_debug("nf_ct_ras: skblen = %u\n", (*pskb)->len); 1689 pr_debug("nf_ct_ras: skblen = %u\n", skb->len);
1690 1690
1691 spin_lock_bh(&nf_h323_lock); 1691 spin_lock_bh(&nf_h323_lock);
1692 1692
1693 /* Get UDP data */ 1693 /* Get UDP data */
1694 data = get_udp_data(pskb, protoff, &datalen); 1694 data = get_udp_data(skb, protoff, &datalen);
1695 if (data == NULL) 1695 if (data == NULL)
1696 goto accept; 1696 goto accept;
1697 pr_debug("nf_ct_ras: RAS message len=%d ", datalen); 1697 pr_debug("nf_ct_ras: RAS message len=%d ", datalen);
@@ -1707,7 +1707,7 @@ static int ras_help(struct sk_buff **pskb, unsigned int protoff,
1707 } 1707 }
1708 1708
1709 /* Process RAS message */ 1709 /* Process RAS message */
1710 if (process_ras(pskb, ct, ctinfo, &data, &ras) < 0) 1710 if (process_ras(skb, ct, ctinfo, &data, &ras) < 0)
1711 goto drop; 1711 goto drop;
1712 1712
1713 accept: 1713 accept:
diff --git a/net/netfilter/nf_conntrack_irc.c b/net/netfilter/nf_conntrack_irc.c
index 1562ca97a349..dfaed4ba83cd 100644
--- a/net/netfilter/nf_conntrack_irc.c
+++ b/net/netfilter/nf_conntrack_irc.c
@@ -30,7 +30,7 @@ static unsigned int dcc_timeout __read_mostly = 300;
30static char *irc_buffer; 30static char *irc_buffer;
31static DEFINE_SPINLOCK(irc_buffer_lock); 31static DEFINE_SPINLOCK(irc_buffer_lock);
32 32
33unsigned int (*nf_nat_irc_hook)(struct sk_buff **pskb, 33unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb,
34 enum ip_conntrack_info ctinfo, 34 enum ip_conntrack_info ctinfo,
35 unsigned int matchoff, 35 unsigned int matchoff,
36 unsigned int matchlen, 36 unsigned int matchlen,
@@ -89,7 +89,7 @@ static int parse_dcc(char *data, char *data_end, u_int32_t *ip,
89 return 0; 89 return 0;
90} 90}
91 91
92static int help(struct sk_buff **pskb, unsigned int protoff, 92static int help(struct sk_buff *skb, unsigned int protoff,
93 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 93 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
94{ 94{
95 unsigned int dataoff; 95 unsigned int dataoff;
@@ -116,22 +116,22 @@ static int help(struct sk_buff **pskb, unsigned int protoff,
116 return NF_ACCEPT; 116 return NF_ACCEPT;
117 117
118 /* Not a full tcp header? */ 118 /* Not a full tcp header? */
119 th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); 119 th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
120 if (th == NULL) 120 if (th == NULL)
121 return NF_ACCEPT; 121 return NF_ACCEPT;
122 122
123 /* No data? */ 123 /* No data? */
124 dataoff = protoff + th->doff*4; 124 dataoff = protoff + th->doff*4;
125 if (dataoff >= (*pskb)->len) 125 if (dataoff >= skb->len)
126 return NF_ACCEPT; 126 return NF_ACCEPT;
127 127
128 spin_lock_bh(&irc_buffer_lock); 128 spin_lock_bh(&irc_buffer_lock);
129 ib_ptr = skb_header_pointer(*pskb, dataoff, (*pskb)->len - dataoff, 129 ib_ptr = skb_header_pointer(skb, dataoff, skb->len - dataoff,
130 irc_buffer); 130 irc_buffer);
131 BUG_ON(ib_ptr == NULL); 131 BUG_ON(ib_ptr == NULL);
132 132
133 data = ib_ptr; 133 data = ib_ptr;
134 data_limit = ib_ptr + (*pskb)->len - dataoff; 134 data_limit = ib_ptr + skb->len - dataoff;
135 135
136 /* strlen("\1DCC SENT t AAAAAAAA P\1\n")=24 136 /* strlen("\1DCC SENT t AAAAAAAA P\1\n")=24
137 * 5+MINMATCHLEN+strlen("t AAAAAAAA P\1\n")=14 */ 137 * 5+MINMATCHLEN+strlen("t AAAAAAAA P\1\n")=14 */
@@ -143,7 +143,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff,
143 data += 5; 143 data += 5;
144 /* we have at least (19+MINMATCHLEN)-5 bytes valid data left */ 144 /* we have at least (19+MINMATCHLEN)-5 bytes valid data left */
145 145
146 iph = ip_hdr(*pskb); 146 iph = ip_hdr(skb);
147 pr_debug("DCC found in master %u.%u.%u.%u:%u %u.%u.%u.%u:%u\n", 147 pr_debug("DCC found in master %u.%u.%u.%u:%u %u.%u.%u.%u:%u\n",
148 NIPQUAD(iph->saddr), ntohs(th->source), 148 NIPQUAD(iph->saddr), ntohs(th->source),
149 NIPQUAD(iph->daddr), ntohs(th->dest)); 149 NIPQUAD(iph->daddr), ntohs(th->dest));
@@ -193,7 +193,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff,
193 193
194 nf_nat_irc = rcu_dereference(nf_nat_irc_hook); 194 nf_nat_irc = rcu_dereference(nf_nat_irc_hook);
195 if (nf_nat_irc && ct->status & IPS_NAT_MASK) 195 if (nf_nat_irc && ct->status & IPS_NAT_MASK)
196 ret = nf_nat_irc(pskb, ctinfo, 196 ret = nf_nat_irc(skb, ctinfo,
197 addr_beg_p - ib_ptr, 197 addr_beg_p - ib_ptr,
198 addr_end_p - addr_beg_p, 198 addr_end_p - addr_beg_p,
199 exp); 199 exp);
diff --git a/net/netfilter/nf_conntrack_netbios_ns.c b/net/netfilter/nf_conntrack_netbios_ns.c
index 1d59fabeb5f7..9810d81e2a06 100644
--- a/net/netfilter/nf_conntrack_netbios_ns.c
+++ b/net/netfilter/nf_conntrack_netbios_ns.c
@@ -42,17 +42,17 @@ static unsigned int timeout __read_mostly = 3;
42module_param(timeout, uint, 0400); 42module_param(timeout, uint, 0400);
43MODULE_PARM_DESC(timeout, "timeout for master connection/replies in seconds"); 43MODULE_PARM_DESC(timeout, "timeout for master connection/replies in seconds");
44 44
45static int help(struct sk_buff **pskb, unsigned int protoff, 45static int help(struct sk_buff *skb, unsigned int protoff,
46 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 46 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
47{ 47{
48 struct nf_conntrack_expect *exp; 48 struct nf_conntrack_expect *exp;
49 struct iphdr *iph = ip_hdr(*pskb); 49 struct iphdr *iph = ip_hdr(skb);
50 struct rtable *rt = (struct rtable *)(*pskb)->dst; 50 struct rtable *rt = (struct rtable *)skb->dst;
51 struct in_device *in_dev; 51 struct in_device *in_dev;
52 __be32 mask = 0; 52 __be32 mask = 0;
53 53
54 /* we're only interested in locally generated packets */ 54 /* we're only interested in locally generated packets */
55 if ((*pskb)->sk == NULL) 55 if (skb->sk == NULL)
56 goto out; 56 goto out;
57 if (rt == NULL || !(rt->rt_flags & RTCF_BROADCAST)) 57 if (rt == NULL || !(rt->rt_flags & RTCF_BROADCAST))
58 goto out; 58 goto out;
@@ -91,7 +91,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff,
91 nf_ct_expect_related(exp); 91 nf_ct_expect_related(exp);
92 nf_ct_expect_put(exp); 92 nf_ct_expect_put(exp);
93 93
94 nf_ct_refresh(ct, *pskb, timeout * HZ); 94 nf_ct_refresh(ct, skb, timeout * HZ);
95out: 95out:
96 return NF_ACCEPT; 96 return NF_ACCEPT;
97} 97}
diff --git a/net/netfilter/nf_conntrack_pptp.c b/net/netfilter/nf_conntrack_pptp.c
index b0804199ab59..099b6df3e2b5 100644
--- a/net/netfilter/nf_conntrack_pptp.c
+++ b/net/netfilter/nf_conntrack_pptp.c
@@ -41,14 +41,14 @@ MODULE_ALIAS("ip_conntrack_pptp");
41static DEFINE_SPINLOCK(nf_pptp_lock); 41static DEFINE_SPINLOCK(nf_pptp_lock);
42 42
43int 43int
44(*nf_nat_pptp_hook_outbound)(struct sk_buff **pskb, 44(*nf_nat_pptp_hook_outbound)(struct sk_buff *skb,
45 struct nf_conn *ct, enum ip_conntrack_info ctinfo, 45 struct nf_conn *ct, enum ip_conntrack_info ctinfo,
46 struct PptpControlHeader *ctlh, 46 struct PptpControlHeader *ctlh,
47 union pptp_ctrl_union *pptpReq) __read_mostly; 47 union pptp_ctrl_union *pptpReq) __read_mostly;
48EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_outbound); 48EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_outbound);
49 49
50int 50int
51(*nf_nat_pptp_hook_inbound)(struct sk_buff **pskb, 51(*nf_nat_pptp_hook_inbound)(struct sk_buff *skb,
52 struct nf_conn *ct, enum ip_conntrack_info ctinfo, 52 struct nf_conn *ct, enum ip_conntrack_info ctinfo,
53 struct PptpControlHeader *ctlh, 53 struct PptpControlHeader *ctlh,
54 union pptp_ctrl_union *pptpReq) __read_mostly; 54 union pptp_ctrl_union *pptpReq) __read_mostly;
@@ -254,7 +254,7 @@ out_unexpect_orig:
254} 254}
255 255
256static inline int 256static inline int
257pptp_inbound_pkt(struct sk_buff **pskb, 257pptp_inbound_pkt(struct sk_buff *skb,
258 struct PptpControlHeader *ctlh, 258 struct PptpControlHeader *ctlh,
259 union pptp_ctrl_union *pptpReq, 259 union pptp_ctrl_union *pptpReq,
260 unsigned int reqlen, 260 unsigned int reqlen,
@@ -367,7 +367,7 @@ pptp_inbound_pkt(struct sk_buff **pskb,
367 367
368 nf_nat_pptp_inbound = rcu_dereference(nf_nat_pptp_hook_inbound); 368 nf_nat_pptp_inbound = rcu_dereference(nf_nat_pptp_hook_inbound);
369 if (nf_nat_pptp_inbound && ct->status & IPS_NAT_MASK) 369 if (nf_nat_pptp_inbound && ct->status & IPS_NAT_MASK)
370 return nf_nat_pptp_inbound(pskb, ct, ctinfo, ctlh, pptpReq); 370 return nf_nat_pptp_inbound(skb, ct, ctinfo, ctlh, pptpReq);
371 return NF_ACCEPT; 371 return NF_ACCEPT;
372 372
373invalid: 373invalid:
@@ -380,7 +380,7 @@ invalid:
380} 380}
381 381
382static inline int 382static inline int
383pptp_outbound_pkt(struct sk_buff **pskb, 383pptp_outbound_pkt(struct sk_buff *skb,
384 struct PptpControlHeader *ctlh, 384 struct PptpControlHeader *ctlh,
385 union pptp_ctrl_union *pptpReq, 385 union pptp_ctrl_union *pptpReq,
386 unsigned int reqlen, 386 unsigned int reqlen,
@@ -462,7 +462,7 @@ pptp_outbound_pkt(struct sk_buff **pskb,
462 462
463 nf_nat_pptp_outbound = rcu_dereference(nf_nat_pptp_hook_outbound); 463 nf_nat_pptp_outbound = rcu_dereference(nf_nat_pptp_hook_outbound);
464 if (nf_nat_pptp_outbound && ct->status & IPS_NAT_MASK) 464 if (nf_nat_pptp_outbound && ct->status & IPS_NAT_MASK)
465 return nf_nat_pptp_outbound(pskb, ct, ctinfo, ctlh, pptpReq); 465 return nf_nat_pptp_outbound(skb, ct, ctinfo, ctlh, pptpReq);
466 return NF_ACCEPT; 466 return NF_ACCEPT;
467 467
468invalid: 468invalid:
@@ -492,7 +492,7 @@ static const unsigned int pptp_msg_size[] = {
492 492
493/* track caller id inside control connection, call expect_related */ 493/* track caller id inside control connection, call expect_related */
494static int 494static int
495conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff, 495conntrack_pptp_help(struct sk_buff *skb, unsigned int protoff,
496 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 496 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
497 497
498{ 498{
@@ -502,7 +502,7 @@ conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff,
502 struct pptp_pkt_hdr _pptph, *pptph; 502 struct pptp_pkt_hdr _pptph, *pptph;
503 struct PptpControlHeader _ctlh, *ctlh; 503 struct PptpControlHeader _ctlh, *ctlh;
504 union pptp_ctrl_union _pptpReq, *pptpReq; 504 union pptp_ctrl_union _pptpReq, *pptpReq;
505 unsigned int tcplen = (*pskb)->len - protoff; 505 unsigned int tcplen = skb->len - protoff;
506 unsigned int datalen, reqlen, nexthdr_off; 506 unsigned int datalen, reqlen, nexthdr_off;
507 int oldsstate, oldcstate; 507 int oldsstate, oldcstate;
508 int ret; 508 int ret;
@@ -514,12 +514,12 @@ conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff,
514 return NF_ACCEPT; 514 return NF_ACCEPT;
515 515
516 nexthdr_off = protoff; 516 nexthdr_off = protoff;
517 tcph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_tcph), &_tcph); 517 tcph = skb_header_pointer(skb, nexthdr_off, sizeof(_tcph), &_tcph);
518 BUG_ON(!tcph); 518 BUG_ON(!tcph);
519 nexthdr_off += tcph->doff * 4; 519 nexthdr_off += tcph->doff * 4;
520 datalen = tcplen - tcph->doff * 4; 520 datalen = tcplen - tcph->doff * 4;
521 521
522 pptph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_pptph), &_pptph); 522 pptph = skb_header_pointer(skb, nexthdr_off, sizeof(_pptph), &_pptph);
523 if (!pptph) { 523 if (!pptph) {
524 pr_debug("no full PPTP header, can't track\n"); 524 pr_debug("no full PPTP header, can't track\n");
525 return NF_ACCEPT; 525 return NF_ACCEPT;
@@ -534,7 +534,7 @@ conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff,
534 return NF_ACCEPT; 534 return NF_ACCEPT;
535 } 535 }
536 536
537 ctlh = skb_header_pointer(*pskb, nexthdr_off, sizeof(_ctlh), &_ctlh); 537 ctlh = skb_header_pointer(skb, nexthdr_off, sizeof(_ctlh), &_ctlh);
538 if (!ctlh) 538 if (!ctlh)
539 return NF_ACCEPT; 539 return NF_ACCEPT;
540 nexthdr_off += sizeof(_ctlh); 540 nexthdr_off += sizeof(_ctlh);
@@ -547,7 +547,7 @@ conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff,
547 if (reqlen > sizeof(*pptpReq)) 547 if (reqlen > sizeof(*pptpReq))
548 reqlen = sizeof(*pptpReq); 548 reqlen = sizeof(*pptpReq);
549 549
550 pptpReq = skb_header_pointer(*pskb, nexthdr_off, reqlen, &_pptpReq); 550 pptpReq = skb_header_pointer(skb, nexthdr_off, reqlen, &_pptpReq);
551 if (!pptpReq) 551 if (!pptpReq)
552 return NF_ACCEPT; 552 return NF_ACCEPT;
553 553
@@ -560,11 +560,11 @@ conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff,
560 * established from PNS->PAC. However, RFC makes no guarantee */ 560 * established from PNS->PAC. However, RFC makes no guarantee */
561 if (dir == IP_CT_DIR_ORIGINAL) 561 if (dir == IP_CT_DIR_ORIGINAL)
562 /* client -> server (PNS -> PAC) */ 562 /* client -> server (PNS -> PAC) */
563 ret = pptp_outbound_pkt(pskb, ctlh, pptpReq, reqlen, ct, 563 ret = pptp_outbound_pkt(skb, ctlh, pptpReq, reqlen, ct,
564 ctinfo); 564 ctinfo);
565 else 565 else
566 /* server -> client (PAC -> PNS) */ 566 /* server -> client (PAC -> PNS) */
567 ret = pptp_inbound_pkt(pskb, ctlh, pptpReq, reqlen, ct, 567 ret = pptp_inbound_pkt(skb, ctlh, pptpReq, reqlen, ct,
568 ctinfo); 568 ctinfo);
569 pr_debug("sstate: %d->%d, cstate: %d->%d\n", 569 pr_debug("sstate: %d->%d, cstate: %d->%d\n",
570 oldsstate, info->sstate, oldcstate, info->cstate); 570 oldsstate, info->sstate, oldcstate, info->cstate);
diff --git a/net/netfilter/nf_conntrack_sane.c b/net/netfilter/nf_conntrack_sane.c
index 355d371bac93..b5a16c6e21c2 100644
--- a/net/netfilter/nf_conntrack_sane.c
+++ b/net/netfilter/nf_conntrack_sane.c
@@ -56,7 +56,7 @@ struct sane_reply_net_start {
56 /* other fields aren't interesting for conntrack */ 56 /* other fields aren't interesting for conntrack */
57}; 57};
58 58
59static int help(struct sk_buff **pskb, 59static int help(struct sk_buff *skb,
60 unsigned int protoff, 60 unsigned int protoff,
61 struct nf_conn *ct, 61 struct nf_conn *ct,
62 enum ip_conntrack_info ctinfo) 62 enum ip_conntrack_info ctinfo)
@@ -80,19 +80,19 @@ static int help(struct sk_buff **pskb,
80 return NF_ACCEPT; 80 return NF_ACCEPT;
81 81
82 /* Not a full tcp header? */ 82 /* Not a full tcp header? */
83 th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); 83 th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
84 if (th == NULL) 84 if (th == NULL)
85 return NF_ACCEPT; 85 return NF_ACCEPT;
86 86
87 /* No data? */ 87 /* No data? */
88 dataoff = protoff + th->doff * 4; 88 dataoff = protoff + th->doff * 4;
89 if (dataoff >= (*pskb)->len) 89 if (dataoff >= skb->len)
90 return NF_ACCEPT; 90 return NF_ACCEPT;
91 91
92 datalen = (*pskb)->len - dataoff; 92 datalen = skb->len - dataoff;
93 93
94 spin_lock_bh(&nf_sane_lock); 94 spin_lock_bh(&nf_sane_lock);
95 sb_ptr = skb_header_pointer(*pskb, dataoff, datalen, sane_buffer); 95 sb_ptr = skb_header_pointer(skb, dataoff, datalen, sane_buffer);
96 BUG_ON(sb_ptr == NULL); 96 BUG_ON(sb_ptr == NULL);
97 97
98 if (dir == IP_CT_DIR_ORIGINAL) { 98 if (dir == IP_CT_DIR_ORIGINAL) {
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index d449fa47491c..8f8b5a48df38 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -36,13 +36,13 @@ static unsigned int sip_timeout __read_mostly = SIP_TIMEOUT;
36module_param(sip_timeout, uint, 0600); 36module_param(sip_timeout, uint, 0600);
37MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session"); 37MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session");
38 38
39unsigned int (*nf_nat_sip_hook)(struct sk_buff **pskb, 39unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb,
40 enum ip_conntrack_info ctinfo, 40 enum ip_conntrack_info ctinfo,
41 struct nf_conn *ct, 41 struct nf_conn *ct,
42 const char **dptr) __read_mostly; 42 const char **dptr) __read_mostly;
43EXPORT_SYMBOL_GPL(nf_nat_sip_hook); 43EXPORT_SYMBOL_GPL(nf_nat_sip_hook);
44 44
45unsigned int (*nf_nat_sdp_hook)(struct sk_buff **pskb, 45unsigned int (*nf_nat_sdp_hook)(struct sk_buff *skb,
46 enum ip_conntrack_info ctinfo, 46 enum ip_conntrack_info ctinfo,
47 struct nf_conntrack_expect *exp, 47 struct nf_conntrack_expect *exp,
48 const char *dptr) __read_mostly; 48 const char *dptr) __read_mostly;
@@ -363,7 +363,7 @@ int ct_sip_get_info(struct nf_conn *ct,
363} 363}
364EXPORT_SYMBOL_GPL(ct_sip_get_info); 364EXPORT_SYMBOL_GPL(ct_sip_get_info);
365 365
366static int set_expected_rtp(struct sk_buff **pskb, 366static int set_expected_rtp(struct sk_buff *skb,
367 struct nf_conn *ct, 367 struct nf_conn *ct,
368 enum ip_conntrack_info ctinfo, 368 enum ip_conntrack_info ctinfo,
369 union nf_conntrack_address *addr, 369 union nf_conntrack_address *addr,
@@ -385,7 +385,7 @@ static int set_expected_rtp(struct sk_buff **pskb,
385 385
386 nf_nat_sdp = rcu_dereference(nf_nat_sdp_hook); 386 nf_nat_sdp = rcu_dereference(nf_nat_sdp_hook);
387 if (nf_nat_sdp && ct->status & IPS_NAT_MASK) 387 if (nf_nat_sdp && ct->status & IPS_NAT_MASK)
388 ret = nf_nat_sdp(pskb, ctinfo, exp, dptr); 388 ret = nf_nat_sdp(skb, ctinfo, exp, dptr);
389 else { 389 else {
390 if (nf_ct_expect_related(exp) != 0) 390 if (nf_ct_expect_related(exp) != 0)
391 ret = NF_DROP; 391 ret = NF_DROP;
@@ -397,7 +397,7 @@ static int set_expected_rtp(struct sk_buff **pskb,
397 return ret; 397 return ret;
398} 398}
399 399
400static int sip_help(struct sk_buff **pskb, 400static int sip_help(struct sk_buff *skb,
401 unsigned int protoff, 401 unsigned int protoff,
402 struct nf_conn *ct, 402 struct nf_conn *ct,
403 enum ip_conntrack_info ctinfo) 403 enum ip_conntrack_info ctinfo)
@@ -414,13 +414,13 @@ static int sip_help(struct sk_buff **pskb,
414 414
415 /* No Data ? */ 415 /* No Data ? */
416 dataoff = protoff + sizeof(struct udphdr); 416 dataoff = protoff + sizeof(struct udphdr);
417 if (dataoff >= (*pskb)->len) 417 if (dataoff >= skb->len)
418 return NF_ACCEPT; 418 return NF_ACCEPT;
419 419
420 nf_ct_refresh(ct, *pskb, sip_timeout * HZ); 420 nf_ct_refresh(ct, skb, sip_timeout * HZ);
421 421
422 if (!skb_is_nonlinear(*pskb)) 422 if (!skb_is_nonlinear(skb))
423 dptr = (*pskb)->data + dataoff; 423 dptr = skb->data + dataoff;
424 else { 424 else {
425 pr_debug("Copy of skbuff not supported yet.\n"); 425 pr_debug("Copy of skbuff not supported yet.\n");
426 goto out; 426 goto out;
@@ -428,13 +428,13 @@ static int sip_help(struct sk_buff **pskb,
428 428
429 nf_nat_sip = rcu_dereference(nf_nat_sip_hook); 429 nf_nat_sip = rcu_dereference(nf_nat_sip_hook);
430 if (nf_nat_sip && ct->status & IPS_NAT_MASK) { 430 if (nf_nat_sip && ct->status & IPS_NAT_MASK) {
431 if (!nf_nat_sip(pskb, ctinfo, ct, &dptr)) { 431 if (!nf_nat_sip(skb, ctinfo, ct, &dptr)) {
432 ret = NF_DROP; 432 ret = NF_DROP;
433 goto out; 433 goto out;
434 } 434 }
435 } 435 }
436 436
437 datalen = (*pskb)->len - dataoff; 437 datalen = skb->len - dataoff;
438 if (datalen < sizeof("SIP/2.0 200") - 1) 438 if (datalen < sizeof("SIP/2.0 200") - 1)
439 goto out; 439 goto out;
440 440
@@ -464,7 +464,7 @@ static int sip_help(struct sk_buff **pskb,
464 ret = NF_DROP; 464 ret = NF_DROP;
465 goto out; 465 goto out;
466 } 466 }
467 ret = set_expected_rtp(pskb, ct, ctinfo, &addr, 467 ret = set_expected_rtp(skb, ct, ctinfo, &addr,
468 htons(port), dptr); 468 htons(port), dptr);
469 } 469 }
470 } 470 }
diff --git a/net/netfilter/nf_conntrack_tftp.c b/net/netfilter/nf_conntrack_tftp.c
index cc19506cf2f8..e894aa1ff3ad 100644
--- a/net/netfilter/nf_conntrack_tftp.c
+++ b/net/netfilter/nf_conntrack_tftp.c
@@ -29,12 +29,12 @@ static int ports_c;
29module_param_array(ports, ushort, &ports_c, 0400); 29module_param_array(ports, ushort, &ports_c, 0400);
30MODULE_PARM_DESC(ports, "Port numbers of TFTP servers"); 30MODULE_PARM_DESC(ports, "Port numbers of TFTP servers");
31 31
32unsigned int (*nf_nat_tftp_hook)(struct sk_buff **pskb, 32unsigned int (*nf_nat_tftp_hook)(struct sk_buff *skb,
33 enum ip_conntrack_info ctinfo, 33 enum ip_conntrack_info ctinfo,
34 struct nf_conntrack_expect *exp) __read_mostly; 34 struct nf_conntrack_expect *exp) __read_mostly;
35EXPORT_SYMBOL_GPL(nf_nat_tftp_hook); 35EXPORT_SYMBOL_GPL(nf_nat_tftp_hook);
36 36
37static int tftp_help(struct sk_buff **pskb, 37static int tftp_help(struct sk_buff *skb,
38 unsigned int protoff, 38 unsigned int protoff,
39 struct nf_conn *ct, 39 struct nf_conn *ct,
40 enum ip_conntrack_info ctinfo) 40 enum ip_conntrack_info ctinfo)
@@ -46,7 +46,7 @@ static int tftp_help(struct sk_buff **pskb,
46 int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num; 46 int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
47 typeof(nf_nat_tftp_hook) nf_nat_tftp; 47 typeof(nf_nat_tftp_hook) nf_nat_tftp;
48 48
49 tfh = skb_header_pointer(*pskb, protoff + sizeof(struct udphdr), 49 tfh = skb_header_pointer(skb, protoff + sizeof(struct udphdr),
50 sizeof(_tftph), &_tftph); 50 sizeof(_tftph), &_tftph);
51 if (tfh == NULL) 51 if (tfh == NULL)
52 return NF_ACCEPT; 52 return NF_ACCEPT;
@@ -70,7 +70,7 @@ static int tftp_help(struct sk_buff **pskb,
70 70
71 nf_nat_tftp = rcu_dereference(nf_nat_tftp_hook); 71 nf_nat_tftp = rcu_dereference(nf_nat_tftp_hook);
72 if (nf_nat_tftp && ct->status & IPS_NAT_MASK) 72 if (nf_nat_tftp && ct->status & IPS_NAT_MASK)
73 ret = nf_nat_tftp(pskb, ctinfo, exp); 73 ret = nf_nat_tftp(skb, ctinfo, exp);
74 else if (nf_ct_expect_related(exp) != 0) 74 else if (nf_ct_expect_related(exp) != 0)
75 ret = NF_DROP; 75 ret = NF_DROP;
76 nf_ct_expect_put(exp); 76 nf_ct_expect_put(exp);
diff --git a/net/netfilter/nf_internals.h b/net/netfilter/nf_internals.h
index 0df7fff196a7..196269c1e586 100644
--- a/net/netfilter/nf_internals.h
+++ b/net/netfilter/nf_internals.h
@@ -14,7 +14,7 @@
14 14
15/* core.c */ 15/* core.c */
16extern unsigned int nf_iterate(struct list_head *head, 16extern unsigned int nf_iterate(struct list_head *head,
17 struct sk_buff **skb, 17 struct sk_buff *skb,
18 int hook, 18 int hook,
19 const struct net_device *indev, 19 const struct net_device *indev,
20 const struct net_device *outdev, 20 const struct net_device *outdev,
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index a481a349f7bf..0cef1433d660 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -256,14 +256,14 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info,
256 256
257 if (verdict == NF_ACCEPT) { 257 if (verdict == NF_ACCEPT) {
258 afinfo = nf_get_afinfo(info->pf); 258 afinfo = nf_get_afinfo(info->pf);
259 if (!afinfo || afinfo->reroute(&skb, info) < 0) 259 if (!afinfo || afinfo->reroute(skb, info) < 0)
260 verdict = NF_DROP; 260 verdict = NF_DROP;
261 } 261 }
262 262
263 if (verdict == NF_ACCEPT) { 263 if (verdict == NF_ACCEPT) {
264 next_hook: 264 next_hook:
265 verdict = nf_iterate(&nf_hooks[info->pf][info->hook], 265 verdict = nf_iterate(&nf_hooks[info->pf][info->hook],
266 &skb, info->hook, 266 skb, info->hook,
267 info->indev, info->outdev, &elem, 267 info->indev, info->outdev, &elem,
268 info->okfn, INT_MIN); 268 info->okfn, INT_MIN);
269 } 269 }
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 49f0480afe09..3ceeffcf6f9d 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -617,6 +617,7 @@ static int
617nfqnl_mangle(void *data, int data_len, struct nfqnl_queue_entry *e) 617nfqnl_mangle(void *data, int data_len, struct nfqnl_queue_entry *e)
618{ 618{
619 int diff; 619 int diff;
620 int err;
620 621
621 diff = data_len - e->skb->len; 622 diff = data_len - e->skb->len;
622 if (diff < 0) { 623 if (diff < 0) {
@@ -626,25 +627,18 @@ nfqnl_mangle(void *data, int data_len, struct nfqnl_queue_entry *e)
626 if (data_len > 0xFFFF) 627 if (data_len > 0xFFFF)
627 return -EINVAL; 628 return -EINVAL;
628 if (diff > skb_tailroom(e->skb)) { 629 if (diff > skb_tailroom(e->skb)) {
629 struct sk_buff *newskb; 630 err = pskb_expand_head(e->skb, 0,
630 631 diff - skb_tailroom(e->skb),
631 newskb = skb_copy_expand(e->skb, 632 GFP_ATOMIC);
632 skb_headroom(e->skb), 633 if (err) {
633 diff,
634 GFP_ATOMIC);
635 if (newskb == NULL) {
636 printk(KERN_WARNING "nf_queue: OOM " 634 printk(KERN_WARNING "nf_queue: OOM "
637 "in mangle, dropping packet\n"); 635 "in mangle, dropping packet\n");
638 return -ENOMEM; 636 return err;
639 } 637 }
640 if (e->skb->sk)
641 skb_set_owner_w(newskb, e->skb->sk);
642 kfree_skb(e->skb);
643 e->skb = newskb;
644 } 638 }
645 skb_put(e->skb, diff); 639 skb_put(e->skb, diff);
646 } 640 }
647 if (!skb_make_writable(&e->skb, data_len)) 641 if (!skb_make_writable(e->skb, data_len))
648 return -ENOMEM; 642 return -ENOMEM;
649 skb_copy_to_linear_data(e->skb, data, data_len); 643 skb_copy_to_linear_data(e->skb, data, data_len);
650 e->skb->ip_summed = CHECKSUM_NONE; 644 e->skb->ip_summed = CHECKSUM_NONE;
diff --git a/net/netfilter/xt_CLASSIFY.c b/net/netfilter/xt_CLASSIFY.c
index 07a1b9665005..77eeae658d42 100644
--- a/net/netfilter/xt_CLASSIFY.c
+++ b/net/netfilter/xt_CLASSIFY.c
@@ -27,7 +27,7 @@ MODULE_ALIAS("ipt_CLASSIFY");
27MODULE_ALIAS("ip6t_CLASSIFY"); 27MODULE_ALIAS("ip6t_CLASSIFY");
28 28
29static unsigned int 29static unsigned int
30target(struct sk_buff **pskb, 30target(struct sk_buff *skb,
31 const struct net_device *in, 31 const struct net_device *in,
32 const struct net_device *out, 32 const struct net_device *out,
33 unsigned int hooknum, 33 unsigned int hooknum,
@@ -36,7 +36,7 @@ target(struct sk_buff **pskb,
36{ 36{
37 const struct xt_classify_target_info *clinfo = targinfo; 37 const struct xt_classify_target_info *clinfo = targinfo;
38 38
39 (*pskb)->priority = clinfo->priority; 39 skb->priority = clinfo->priority;
40 return XT_CONTINUE; 40 return XT_CONTINUE;
41} 41}
42 42
diff --git a/net/netfilter/xt_CONNMARK.c b/net/netfilter/xt_CONNMARK.c
index 7043c2757e09..8cc324b159e9 100644
--- a/net/netfilter/xt_CONNMARK.c
+++ b/net/netfilter/xt_CONNMARK.c
@@ -34,7 +34,7 @@ MODULE_ALIAS("ip6t_CONNMARK");
34#include <net/netfilter/nf_conntrack_ecache.h> 34#include <net/netfilter/nf_conntrack_ecache.h>
35 35
36static unsigned int 36static unsigned int
37target(struct sk_buff **pskb, 37target(struct sk_buff *skb,
38 const struct net_device *in, 38 const struct net_device *in,
39 const struct net_device *out, 39 const struct net_device *out,
40 unsigned int hooknum, 40 unsigned int hooknum,
@@ -48,28 +48,28 @@ target(struct sk_buff **pskb,
48 u_int32_t mark; 48 u_int32_t mark;
49 u_int32_t newmark; 49 u_int32_t newmark;
50 50
51 ct = nf_ct_get(*pskb, &ctinfo); 51 ct = nf_ct_get(skb, &ctinfo);
52 if (ct) { 52 if (ct) {
53 switch(markinfo->mode) { 53 switch(markinfo->mode) {
54 case XT_CONNMARK_SET: 54 case XT_CONNMARK_SET:
55 newmark = (ct->mark & ~markinfo->mask) | markinfo->mark; 55 newmark = (ct->mark & ~markinfo->mask) | markinfo->mark;
56 if (newmark != ct->mark) { 56 if (newmark != ct->mark) {
57 ct->mark = newmark; 57 ct->mark = newmark;
58 nf_conntrack_event_cache(IPCT_MARK, *pskb); 58 nf_conntrack_event_cache(IPCT_MARK, skb);
59 } 59 }
60 break; 60 break;
61 case XT_CONNMARK_SAVE: 61 case XT_CONNMARK_SAVE:
62 newmark = (ct->mark & ~markinfo->mask) | 62 newmark = (ct->mark & ~markinfo->mask) |
63 ((*pskb)->mark & markinfo->mask); 63 (skb->mark & markinfo->mask);
64 if (ct->mark != newmark) { 64 if (ct->mark != newmark) {
65 ct->mark = newmark; 65 ct->mark = newmark;
66 nf_conntrack_event_cache(IPCT_MARK, *pskb); 66 nf_conntrack_event_cache(IPCT_MARK, skb);
67 } 67 }
68 break; 68 break;
69 case XT_CONNMARK_RESTORE: 69 case XT_CONNMARK_RESTORE:
70 mark = (*pskb)->mark; 70 mark = skb->mark;
71 diff = (ct->mark ^ mark) & markinfo->mask; 71 diff = (ct->mark ^ mark) & markinfo->mask;
72 (*pskb)->mark = mark ^ diff; 72 skb->mark = mark ^ diff;
73 break; 73 break;
74 } 74 }
75 } 75 }
diff --git a/net/netfilter/xt_CONNSECMARK.c b/net/netfilter/xt_CONNSECMARK.c
index 63d73138c1b9..021b5c8d20e2 100644
--- a/net/netfilter/xt_CONNSECMARK.c
+++ b/net/netfilter/xt_CONNSECMARK.c
@@ -61,12 +61,11 @@ static void secmark_restore(struct sk_buff *skb)
61 } 61 }
62} 62}
63 63
64static unsigned int target(struct sk_buff **pskb, const struct net_device *in, 64static unsigned int target(struct sk_buff *skb, const struct net_device *in,
65 const struct net_device *out, unsigned int hooknum, 65 const struct net_device *out, unsigned int hooknum,
66 const struct xt_target *target, 66 const struct xt_target *target,
67 const void *targinfo) 67 const void *targinfo)
68{ 68{
69 struct sk_buff *skb = *pskb;
70 const struct xt_connsecmark_target_info *info = targinfo; 69 const struct xt_connsecmark_target_info *info = targinfo;
71 70
72 switch (info->mode) { 71 switch (info->mode) {
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c
index 798ab731009d..6322a933ab71 100644
--- a/net/netfilter/xt_DSCP.c
+++ b/net/netfilter/xt_DSCP.c
@@ -25,7 +25,7 @@ MODULE_LICENSE("GPL");
25MODULE_ALIAS("ipt_DSCP"); 25MODULE_ALIAS("ipt_DSCP");
26MODULE_ALIAS("ip6t_DSCP"); 26MODULE_ALIAS("ip6t_DSCP");
27 27
28static unsigned int target(struct sk_buff **pskb, 28static unsigned int target(struct sk_buff *skb,
29 const struct net_device *in, 29 const struct net_device *in,
30 const struct net_device *out, 30 const struct net_device *out,
31 unsigned int hooknum, 31 unsigned int hooknum,
@@ -33,20 +33,20 @@ static unsigned int target(struct sk_buff **pskb,
33 const void *targinfo) 33 const void *targinfo)
34{ 34{
35 const struct xt_DSCP_info *dinfo = targinfo; 35 const struct xt_DSCP_info *dinfo = targinfo;
36 u_int8_t dscp = ipv4_get_dsfield(ip_hdr(*pskb)) >> XT_DSCP_SHIFT; 36 u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT;
37 37
38 if (dscp != dinfo->dscp) { 38 if (dscp != dinfo->dscp) {
39 if (!skb_make_writable(pskb, sizeof(struct iphdr))) 39 if (!skb_make_writable(skb, sizeof(struct iphdr)))
40 return NF_DROP; 40 return NF_DROP;
41 41
42 ipv4_change_dsfield(ip_hdr(*pskb), (__u8)(~XT_DSCP_MASK), 42 ipv4_change_dsfield(ip_hdr(skb), (__u8)(~XT_DSCP_MASK),
43 dinfo->dscp << XT_DSCP_SHIFT); 43 dinfo->dscp << XT_DSCP_SHIFT);
44 44
45 } 45 }
46 return XT_CONTINUE; 46 return XT_CONTINUE;
47} 47}
48 48
49static unsigned int target6(struct sk_buff **pskb, 49static unsigned int target6(struct sk_buff *skb,
50 const struct net_device *in, 50 const struct net_device *in,
51 const struct net_device *out, 51 const struct net_device *out,
52 unsigned int hooknum, 52 unsigned int hooknum,
@@ -54,13 +54,13 @@ static unsigned int target6(struct sk_buff **pskb,
54 const void *targinfo) 54 const void *targinfo)
55{ 55{
56 const struct xt_DSCP_info *dinfo = targinfo; 56 const struct xt_DSCP_info *dinfo = targinfo;
57 u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(*pskb)) >> XT_DSCP_SHIFT; 57 u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT;
58 58
59 if (dscp != dinfo->dscp) { 59 if (dscp != dinfo->dscp) {
60 if (!skb_make_writable(pskb, sizeof(struct ipv6hdr))) 60 if (!skb_make_writable(skb, sizeof(struct ipv6hdr)))
61 return NF_DROP; 61 return NF_DROP;
62 62
63 ipv6_change_dsfield(ipv6_hdr(*pskb), (__u8)(~XT_DSCP_MASK), 63 ipv6_change_dsfield(ipv6_hdr(skb), (__u8)(~XT_DSCP_MASK),
64 dinfo->dscp << XT_DSCP_SHIFT); 64 dinfo->dscp << XT_DSCP_SHIFT);
65 } 65 }
66 return XT_CONTINUE; 66 return XT_CONTINUE;
diff --git a/net/netfilter/xt_MARK.c b/net/netfilter/xt_MARK.c
index f30fe0baf7de..bc6503d77d75 100644
--- a/net/netfilter/xt_MARK.c
+++ b/net/netfilter/xt_MARK.c
@@ -22,7 +22,7 @@ MODULE_ALIAS("ipt_MARK");
22MODULE_ALIAS("ip6t_MARK"); 22MODULE_ALIAS("ip6t_MARK");
23 23
24static unsigned int 24static unsigned int
25target_v0(struct sk_buff **pskb, 25target_v0(struct sk_buff *skb,
26 const struct net_device *in, 26 const struct net_device *in,
27 const struct net_device *out, 27 const struct net_device *out,
28 unsigned int hooknum, 28 unsigned int hooknum,
@@ -31,12 +31,12 @@ target_v0(struct sk_buff **pskb,
31{ 31{
32 const struct xt_mark_target_info *markinfo = targinfo; 32 const struct xt_mark_target_info *markinfo = targinfo;
33 33
34 (*pskb)->mark = markinfo->mark; 34 skb->mark = markinfo->mark;
35 return XT_CONTINUE; 35 return XT_CONTINUE;
36} 36}
37 37
38static unsigned int 38static unsigned int
39target_v1(struct sk_buff **pskb, 39target_v1(struct sk_buff *skb,
40 const struct net_device *in, 40 const struct net_device *in,
41 const struct net_device *out, 41 const struct net_device *out,
42 unsigned int hooknum, 42 unsigned int hooknum,
@@ -52,15 +52,15 @@ target_v1(struct sk_buff **pskb,
52 break; 52 break;
53 53
54 case XT_MARK_AND: 54 case XT_MARK_AND:
55 mark = (*pskb)->mark & markinfo->mark; 55 mark = skb->mark & markinfo->mark;
56 break; 56 break;
57 57
58 case XT_MARK_OR: 58 case XT_MARK_OR:
59 mark = (*pskb)->mark | markinfo->mark; 59 mark = skb->mark | markinfo->mark;
60 break; 60 break;
61 } 61 }
62 62
63 (*pskb)->mark = mark; 63 skb->mark = mark;
64 return XT_CONTINUE; 64 return XT_CONTINUE;
65} 65}
66 66
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
index d3594c7ccb26..9fb449ffbf8b 100644
--- a/net/netfilter/xt_NFLOG.c
+++ b/net/netfilter/xt_NFLOG.c
@@ -20,7 +20,7 @@ MODULE_ALIAS("ipt_NFLOG");
20MODULE_ALIAS("ip6t_NFLOG"); 20MODULE_ALIAS("ip6t_NFLOG");
21 21
22static unsigned int 22static unsigned int
23nflog_target(struct sk_buff **pskb, 23nflog_target(struct sk_buff *skb,
24 const struct net_device *in, const struct net_device *out, 24 const struct net_device *in, const struct net_device *out,
25 unsigned int hooknum, const struct xt_target *target, 25 unsigned int hooknum, const struct xt_target *target,
26 const void *targinfo) 26 const void *targinfo)
@@ -33,7 +33,7 @@ nflog_target(struct sk_buff **pskb,
33 li.u.ulog.group = info->group; 33 li.u.ulog.group = info->group;
34 li.u.ulog.qthreshold = info->threshold; 34 li.u.ulog.qthreshold = info->threshold;
35 35
36 nf_log_packet(target->family, hooknum, *pskb, in, out, &li, 36 nf_log_packet(target->family, hooknum, skb, in, out, &li,
37 "%s", info->prefix); 37 "%s", info->prefix);
38 return XT_CONTINUE; 38 return XT_CONTINUE;
39} 39}
diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c
index 13f59f3e8c38..c3984e9f766a 100644
--- a/net/netfilter/xt_NFQUEUE.c
+++ b/net/netfilter/xt_NFQUEUE.c
@@ -24,7 +24,7 @@ MODULE_ALIAS("ip6t_NFQUEUE");
24MODULE_ALIAS("arpt_NFQUEUE"); 24MODULE_ALIAS("arpt_NFQUEUE");
25 25
26static unsigned int 26static unsigned int
27target(struct sk_buff **pskb, 27target(struct sk_buff *skb,
28 const struct net_device *in, 28 const struct net_device *in,
29 const struct net_device *out, 29 const struct net_device *out,
30 unsigned int hooknum, 30 unsigned int hooknum,
diff --git a/net/netfilter/xt_NOTRACK.c b/net/netfilter/xt_NOTRACK.c
index fec1aefb1c32..4976ce186615 100644
--- a/net/netfilter/xt_NOTRACK.c
+++ b/net/netfilter/xt_NOTRACK.c
@@ -12,7 +12,7 @@ MODULE_ALIAS("ipt_NOTRACK");
12MODULE_ALIAS("ip6t_NOTRACK"); 12MODULE_ALIAS("ip6t_NOTRACK");
13 13
14static unsigned int 14static unsigned int
15target(struct sk_buff **pskb, 15target(struct sk_buff *skb,
16 const struct net_device *in, 16 const struct net_device *in,
17 const struct net_device *out, 17 const struct net_device *out,
18 unsigned int hooknum, 18 unsigned int hooknum,
@@ -20,16 +20,16 @@ target(struct sk_buff **pskb,
20 const void *targinfo) 20 const void *targinfo)
21{ 21{
22 /* Previously seen (loopback)? Ignore. */ 22 /* Previously seen (loopback)? Ignore. */
23 if ((*pskb)->nfct != NULL) 23 if (skb->nfct != NULL)
24 return XT_CONTINUE; 24 return XT_CONTINUE;
25 25
26 /* Attach fake conntrack entry. 26 /* Attach fake conntrack entry.
27 If there is a real ct entry correspondig to this packet, 27 If there is a real ct entry correspondig to this packet,
28 it'll hang aroun till timing out. We don't deal with it 28 it'll hang aroun till timing out. We don't deal with it
29 for performance reasons. JK */ 29 for performance reasons. JK */
30 (*pskb)->nfct = &nf_conntrack_untracked.ct_general; 30 skb->nfct = &nf_conntrack_untracked.ct_general;
31 (*pskb)->nfctinfo = IP_CT_NEW; 31 skb->nfctinfo = IP_CT_NEW;
32 nf_conntrack_get((*pskb)->nfct); 32 nf_conntrack_get(skb->nfct);
33 33
34 return XT_CONTINUE; 34 return XT_CONTINUE;
35} 35}
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c
index c83779a941a1..235806eb6ecd 100644
--- a/net/netfilter/xt_SECMARK.c
+++ b/net/netfilter/xt_SECMARK.c
@@ -28,7 +28,7 @@ MODULE_ALIAS("ip6t_SECMARK");
28 28
29static u8 mode; 29static u8 mode;
30 30
31static unsigned int target(struct sk_buff **pskb, const struct net_device *in, 31static unsigned int target(struct sk_buff *skb, const struct net_device *in,
32 const struct net_device *out, unsigned int hooknum, 32 const struct net_device *out, unsigned int hooknum,
33 const struct xt_target *target, 33 const struct xt_target *target,
34 const void *targinfo) 34 const void *targinfo)
@@ -47,7 +47,7 @@ static unsigned int target(struct sk_buff **pskb, const struct net_device *in,
47 BUG(); 47 BUG();
48 } 48 }
49 49
50 (*pskb)->secmark = secmark; 50 skb->secmark = secmark;
51 return XT_CONTINUE; 51 return XT_CONTINUE;
52} 52}
53 53
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
index d40f7e4b1289..07435a602b11 100644
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -39,7 +39,7 @@ optlen(const u_int8_t *opt, unsigned int offset)
39} 39}
40 40
41static int 41static int
42tcpmss_mangle_packet(struct sk_buff **pskb, 42tcpmss_mangle_packet(struct sk_buff *skb,
43 const struct xt_tcpmss_info *info, 43 const struct xt_tcpmss_info *info,
44 unsigned int tcphoff, 44 unsigned int tcphoff,
45 unsigned int minlen) 45 unsigned int minlen)
@@ -50,11 +50,11 @@ tcpmss_mangle_packet(struct sk_buff **pskb,
50 u16 newmss; 50 u16 newmss;
51 u8 *opt; 51 u8 *opt;
52 52
53 if (!skb_make_writable(pskb, (*pskb)->len)) 53 if (!skb_make_writable(skb, skb->len))
54 return -1; 54 return -1;
55 55
56 tcplen = (*pskb)->len - tcphoff; 56 tcplen = skb->len - tcphoff;
57 tcph = (struct tcphdr *)(skb_network_header(*pskb) + tcphoff); 57 tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff);
58 58
59 /* Since it passed flags test in tcp match, we know it is is 59 /* Since it passed flags test in tcp match, we know it is is
60 not a fragment, and has data >= tcp header length. SYN 60 not a fragment, and has data >= tcp header length. SYN
@@ -64,19 +64,19 @@ tcpmss_mangle_packet(struct sk_buff **pskb,
64 if (tcplen != tcph->doff*4) { 64 if (tcplen != tcph->doff*4) {
65 if (net_ratelimit()) 65 if (net_ratelimit())
66 printk(KERN_ERR "xt_TCPMSS: bad length (%u bytes)\n", 66 printk(KERN_ERR "xt_TCPMSS: bad length (%u bytes)\n",
67 (*pskb)->len); 67 skb->len);
68 return -1; 68 return -1;
69 } 69 }
70 70
71 if (info->mss == XT_TCPMSS_CLAMP_PMTU) { 71 if (info->mss == XT_TCPMSS_CLAMP_PMTU) {
72 if (dst_mtu((*pskb)->dst) <= minlen) { 72 if (dst_mtu(skb->dst) <= minlen) {
73 if (net_ratelimit()) 73 if (net_ratelimit())
74 printk(KERN_ERR "xt_TCPMSS: " 74 printk(KERN_ERR "xt_TCPMSS: "
75 "unknown or invalid path-MTU (%u)\n", 75 "unknown or invalid path-MTU (%u)\n",
76 dst_mtu((*pskb)->dst)); 76 dst_mtu(skb->dst));
77 return -1; 77 return -1;
78 } 78 }
79 newmss = dst_mtu((*pskb)->dst) - minlen; 79 newmss = dst_mtu(skb->dst) - minlen;
80 } else 80 } else
81 newmss = info->mss; 81 newmss = info->mss;
82 82
@@ -95,7 +95,7 @@ tcpmss_mangle_packet(struct sk_buff **pskb,
95 opt[i+2] = (newmss & 0xff00) >> 8; 95 opt[i+2] = (newmss & 0xff00) >> 8;
96 opt[i+3] = newmss & 0x00ff; 96 opt[i+3] = newmss & 0x00ff;
97 97
98 nf_proto_csum_replace2(&tcph->check, *pskb, 98 nf_proto_csum_replace2(&tcph->check, skb,
99 htons(oldmss), htons(newmss), 0); 99 htons(oldmss), htons(newmss), 0);
100 return 0; 100 return 0;
101 } 101 }
@@ -104,57 +104,53 @@ tcpmss_mangle_packet(struct sk_buff **pskb,
104 /* 104 /*
105 * MSS Option not found ?! add it.. 105 * MSS Option not found ?! add it..
106 */ 106 */
107 if (skb_tailroom((*pskb)) < TCPOLEN_MSS) { 107 if (skb_tailroom(skb) < TCPOLEN_MSS) {
108 struct sk_buff *newskb; 108 if (pskb_expand_head(skb, 0,
109 109 TCPOLEN_MSS - skb_tailroom(skb),
110 newskb = skb_copy_expand(*pskb, skb_headroom(*pskb), 110 GFP_ATOMIC))
111 TCPOLEN_MSS, GFP_ATOMIC);
112 if (!newskb)
113 return -1; 111 return -1;
114 kfree_skb(*pskb); 112 tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff);
115 *pskb = newskb;
116 tcph = (struct tcphdr *)(skb_network_header(*pskb) + tcphoff);
117 } 113 }
118 114
119 skb_put((*pskb), TCPOLEN_MSS); 115 skb_put(skb, TCPOLEN_MSS);
120 116
121 opt = (u_int8_t *)tcph + sizeof(struct tcphdr); 117 opt = (u_int8_t *)tcph + sizeof(struct tcphdr);
122 memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr)); 118 memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr));
123 119
124 nf_proto_csum_replace2(&tcph->check, *pskb, 120 nf_proto_csum_replace2(&tcph->check, skb,
125 htons(tcplen), htons(tcplen + TCPOLEN_MSS), 1); 121 htons(tcplen), htons(tcplen + TCPOLEN_MSS), 1);
126 opt[0] = TCPOPT_MSS; 122 opt[0] = TCPOPT_MSS;
127 opt[1] = TCPOLEN_MSS; 123 opt[1] = TCPOLEN_MSS;
128 opt[2] = (newmss & 0xff00) >> 8; 124 opt[2] = (newmss & 0xff00) >> 8;
129 opt[3] = newmss & 0x00ff; 125 opt[3] = newmss & 0x00ff;
130 126
131 nf_proto_csum_replace4(&tcph->check, *pskb, 0, *((__be32 *)opt), 0); 127 nf_proto_csum_replace4(&tcph->check, skb, 0, *((__be32 *)opt), 0);
132 128
133 oldval = ((__be16 *)tcph)[6]; 129 oldval = ((__be16 *)tcph)[6];
134 tcph->doff += TCPOLEN_MSS/4; 130 tcph->doff += TCPOLEN_MSS/4;
135 nf_proto_csum_replace2(&tcph->check, *pskb, 131 nf_proto_csum_replace2(&tcph->check, skb,
136 oldval, ((__be16 *)tcph)[6], 0); 132 oldval, ((__be16 *)tcph)[6], 0);
137 return TCPOLEN_MSS; 133 return TCPOLEN_MSS;
138} 134}
139 135
140static unsigned int 136static unsigned int
141xt_tcpmss_target4(struct sk_buff **pskb, 137xt_tcpmss_target4(struct sk_buff *skb,
142 const struct net_device *in, 138 const struct net_device *in,
143 const struct net_device *out, 139 const struct net_device *out,
144 unsigned int hooknum, 140 unsigned int hooknum,
145 const struct xt_target *target, 141 const struct xt_target *target,
146 const void *targinfo) 142 const void *targinfo)
147{ 143{
148 struct iphdr *iph = ip_hdr(*pskb); 144 struct iphdr *iph = ip_hdr(skb);
149 __be16 newlen; 145 __be16 newlen;
150 int ret; 146 int ret;
151 147
152 ret = tcpmss_mangle_packet(pskb, targinfo, iph->ihl * 4, 148 ret = tcpmss_mangle_packet(skb, targinfo, iph->ihl * 4,
153 sizeof(*iph) + sizeof(struct tcphdr)); 149 sizeof(*iph) + sizeof(struct tcphdr));
154 if (ret < 0) 150 if (ret < 0)
155 return NF_DROP; 151 return NF_DROP;
156 if (ret > 0) { 152 if (ret > 0) {
157 iph = ip_hdr(*pskb); 153 iph = ip_hdr(skb);
158 newlen = htons(ntohs(iph->tot_len) + ret); 154 newlen = htons(ntohs(iph->tot_len) + ret);
159 nf_csum_replace2(&iph->check, iph->tot_len, newlen); 155 nf_csum_replace2(&iph->check, iph->tot_len, newlen);
160 iph->tot_len = newlen; 156 iph->tot_len = newlen;
@@ -164,30 +160,30 @@ xt_tcpmss_target4(struct sk_buff **pskb,
164 160
165#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) 161#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
166static unsigned int 162static unsigned int
167xt_tcpmss_target6(struct sk_buff **pskb, 163xt_tcpmss_target6(struct sk_buff *skb,
168 const struct net_device *in, 164 const struct net_device *in,
169 const struct net_device *out, 165 const struct net_device *out,
170 unsigned int hooknum, 166 unsigned int hooknum,
171 const struct xt_target *target, 167 const struct xt_target *target,
172 const void *targinfo) 168 const void *targinfo)
173{ 169{
174 struct ipv6hdr *ipv6h = ipv6_hdr(*pskb); 170 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
175 u8 nexthdr; 171 u8 nexthdr;
176 int tcphoff; 172 int tcphoff;
177 int ret; 173 int ret;
178 174
179 nexthdr = ipv6h->nexthdr; 175 nexthdr = ipv6h->nexthdr;
180 tcphoff = ipv6_skip_exthdr(*pskb, sizeof(*ipv6h), &nexthdr); 176 tcphoff = ipv6_skip_exthdr(skb, sizeof(*ipv6h), &nexthdr);
181 if (tcphoff < 0) { 177 if (tcphoff < 0) {
182 WARN_ON(1); 178 WARN_ON(1);
183 return NF_DROP; 179 return NF_DROP;
184 } 180 }
185 ret = tcpmss_mangle_packet(pskb, targinfo, tcphoff, 181 ret = tcpmss_mangle_packet(skb, targinfo, tcphoff,
186 sizeof(*ipv6h) + sizeof(struct tcphdr)); 182 sizeof(*ipv6h) + sizeof(struct tcphdr));
187 if (ret < 0) 183 if (ret < 0)
188 return NF_DROP; 184 return NF_DROP;
189 if (ret > 0) { 185 if (ret > 0) {
190 ipv6h = ipv6_hdr(*pskb); 186 ipv6h = ipv6_hdr(skb);
191 ipv6h->payload_len = htons(ntohs(ipv6h->payload_len) + ret); 187 ipv6h->payload_len = htons(ntohs(ipv6h->payload_len) + ret);
192 } 188 }
193 return XT_CONTINUE; 189 return XT_CONTINUE;
diff --git a/net/netfilter/xt_TRACE.c b/net/netfilter/xt_TRACE.c
index 4df2dedcc0b5..26c5d08ab2c2 100644
--- a/net/netfilter/xt_TRACE.c
+++ b/net/netfilter/xt_TRACE.c
@@ -10,14 +10,14 @@ MODULE_ALIAS("ipt_TRACE");
10MODULE_ALIAS("ip6t_TRACE"); 10MODULE_ALIAS("ip6t_TRACE");
11 11
12static unsigned int 12static unsigned int
13target(struct sk_buff **pskb, 13target(struct sk_buff *skb,
14 const struct net_device *in, 14 const struct net_device *in,
15 const struct net_device *out, 15 const struct net_device *out,
16 unsigned int hooknum, 16 unsigned int hooknum,
17 const struct xt_target *target, 17 const struct xt_target *target,
18 const void *targinfo) 18 const void *targinfo)
19{ 19{
20 (*pskb)->nf_trace = 1; 20 skb->nf_trace = 1;
21 return XT_CONTINUE; 21 return XT_CONTINUE;
22} 22}
23 23
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index c776bcd9f825..98e313e5e594 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1378,6 +1378,8 @@ netlink_kernel_create(struct net *net, int unit, unsigned int groups,
1378 nl_table[unit].cb_mutex = cb_mutex; 1378 nl_table[unit].cb_mutex = cb_mutex;
1379 nl_table[unit].module = module; 1379 nl_table[unit].module = module;
1380 nl_table[unit].registered = 1; 1380 nl_table[unit].registered = 1;
1381 } else {
1382 kfree(listeners);
1381 } 1383 }
1382 netlink_table_ungrab(); 1384 netlink_table_ungrab();
1383 1385
diff --git a/net/sched/act_ipt.c b/net/sched/act_ipt.c
index 6b407ece953c..fa006e06ce33 100644
--- a/net/sched/act_ipt.c
+++ b/net/sched/act_ipt.c
@@ -202,11 +202,7 @@ static int tcf_ipt(struct sk_buff *skb, struct tc_action *a,
202 /* yes, we have to worry about both in and out dev 202 /* yes, we have to worry about both in and out dev
203 worry later - danger - this API seems to have changed 203 worry later - danger - this API seems to have changed
204 from earlier kernels */ 204 from earlier kernels */
205 205 ret = ipt->tcfi_t->u.kernel.target->target(skb, skb->dev, NULL,
206 /* iptables targets take a double skb pointer in case the skb
207 * needs to be replaced. We don't own the skb, so this must not
208 * happen. The pskb_expand_head above should make sure of this */
209 ret = ipt->tcfi_t->u.kernel.target->target(&skb, skb->dev, NULL,
210 ipt->tcfi_hook, 206 ipt->tcfi_hook,
211 ipt->tcfi_t->u.kernel.target, 207 ipt->tcfi_t->u.kernel.target,
212 ipt->tcfi_t->data); 208 ipt->tcfi_t->data);
diff --git a/net/sched/sch_ingress.c b/net/sched/sch_ingress.c
index 2d32fd27496e..3f8335e6ea2e 100644
--- a/net/sched/sch_ingress.c
+++ b/net/sched/sch_ingress.c
@@ -205,20 +205,19 @@ static unsigned int ingress_drop(struct Qdisc *sch)
205#ifndef CONFIG_NET_CLS_ACT 205#ifndef CONFIG_NET_CLS_ACT
206#ifdef CONFIG_NETFILTER 206#ifdef CONFIG_NETFILTER
207static unsigned int 207static unsigned int
208ing_hook(unsigned int hook, struct sk_buff **pskb, 208ing_hook(unsigned int hook, struct sk_buff *skb,
209 const struct net_device *indev, 209 const struct net_device *indev,
210 const struct net_device *outdev, 210 const struct net_device *outdev,
211 int (*okfn)(struct sk_buff *)) 211 int (*okfn)(struct sk_buff *))
212{ 212{
213 213
214 struct Qdisc *q; 214 struct Qdisc *q;
215 struct sk_buff *skb = *pskb;
216 struct net_device *dev = skb->dev; 215 struct net_device *dev = skb->dev;
217 int fwres=NF_ACCEPT; 216 int fwres=NF_ACCEPT;
218 217
219 DPRINTK("ing_hook: skb %s dev=%s len=%u\n", 218 DPRINTK("ing_hook: skb %s dev=%s len=%u\n",
220 skb->sk ? "(owned)" : "(unowned)", 219 skb->sk ? "(owned)" : "(unowned)",
221 skb->dev ? (*pskb)->dev->name : "(no dev)", 220 skb->dev ? skb->dev->name : "(no dev)",
222 skb->len); 221 skb->len);
223 222
224 if (dev->qdisc_ingress) { 223 if (dev->qdisc_ingress) {
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index 9de3ddaa2768..eb4deaf58914 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -954,9 +954,9 @@ static struct inet_protosw sctpv6_stream_protosw = {
954 .flags = SCTP_PROTOSW_FLAG, 954 .flags = SCTP_PROTOSW_FLAG,
955}; 955};
956 956
957static int sctp6_rcv(struct sk_buff **pskb) 957static int sctp6_rcv(struct sk_buff *skb)
958{ 958{
959 return sctp_rcv(*pskb) ? -1 : 0; 959 return sctp_rcv(skb) ? -1 : 0;
960} 960}
961 961
962static struct inet6_protocol sctpv6_protocol = { 962static struct inet6_protocol sctpv6_protocol = {