diff options
Diffstat (limited to 'net')
127 files changed, 1759 insertions, 2080 deletions
diff --git a/net/bridge/br.c b/net/bridge/br.c index 848b8fa8bedd..93867bb6cc97 100644 --- a/net/bridge/br.c +++ b/net/bridge/br.c | |||
@@ -23,7 +23,7 @@ | |||
23 | 23 | ||
24 | #include "br_private.h" | 24 | #include "br_private.h" |
25 | 25 | ||
26 | int (*br_should_route_hook) (struct sk_buff **pskb) = NULL; | 26 | int (*br_should_route_hook)(struct sk_buff *skb); |
27 | 27 | ||
28 | static struct llc_sap *br_stp_sap; | 28 | static struct llc_sap *br_stp_sap; |
29 | 29 | ||
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index 3a8a015c92e0..3cedd4eeeed6 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c | |||
@@ -126,6 +126,10 @@ struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb) | |||
126 | if (!is_valid_ether_addr(eth_hdr(skb)->h_source)) | 126 | if (!is_valid_ether_addr(eth_hdr(skb)->h_source)) |
127 | goto drop; | 127 | goto drop; |
128 | 128 | ||
129 | skb = skb_share_check(skb, GFP_ATOMIC); | ||
130 | if (!skb) | ||
131 | return NULL; | ||
132 | |||
129 | if (unlikely(is_link_local(dest))) { | 133 | if (unlikely(is_link_local(dest))) { |
130 | /* Pause frames shouldn't be passed up by driver anyway */ | 134 | /* Pause frames shouldn't be passed up by driver anyway */ |
131 | if (skb->protocol == htons(ETH_P_PAUSE)) | 135 | if (skb->protocol == htons(ETH_P_PAUSE)) |
@@ -145,7 +149,7 @@ struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb) | |||
145 | case BR_STATE_FORWARDING: | 149 | case BR_STATE_FORWARDING: |
146 | 150 | ||
147 | if (br_should_route_hook) { | 151 | if (br_should_route_hook) { |
148 | if (br_should_route_hook(&skb)) | 152 | if (br_should_route_hook(skb)) |
149 | return skb; | 153 | return skb; |
150 | dest = eth_hdr(skb)->h_dest; | 154 | dest = eth_hdr(skb)->h_dest; |
151 | } | 155 | } |
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 8245f051ccbb..da22f900e89d 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c | |||
@@ -503,18 +503,14 @@ inhdr_error: | |||
503 | * receiving device) to make netfilter happy, the REDIRECT | 503 | * receiving device) to make netfilter happy, the REDIRECT |
504 | * target in particular. Save the original destination IP | 504 | * target in particular. Save the original destination IP |
505 | * address to be able to detect DNAT afterwards. */ | 505 | * address to be able to detect DNAT afterwards. */ |
506 | static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb, | 506 | static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb, |
507 | const struct net_device *in, | 507 | const struct net_device *in, |
508 | const struct net_device *out, | 508 | const struct net_device *out, |
509 | int (*okfn)(struct sk_buff *)) | 509 | int (*okfn)(struct sk_buff *)) |
510 | { | 510 | { |
511 | struct iphdr *iph; | 511 | struct iphdr *iph; |
512 | struct sk_buff *skb = *pskb; | ||
513 | __u32 len = nf_bridge_encap_header_len(skb); | 512 | __u32 len = nf_bridge_encap_header_len(skb); |
514 | 513 | ||
515 | if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) | ||
516 | return NF_STOLEN; | ||
517 | |||
518 | if (unlikely(!pskb_may_pull(skb, len))) | 514 | if (unlikely(!pskb_may_pull(skb, len))) |
519 | goto out; | 515 | goto out; |
520 | 516 | ||
@@ -584,13 +580,11 @@ out: | |||
584 | * took place when the packet entered the bridge), but we | 580 | * took place when the packet entered the bridge), but we |
585 | * register an IPv4 PRE_ROUTING 'sabotage' hook that will | 581 | * register an IPv4 PRE_ROUTING 'sabotage' hook that will |
586 | * prevent this from happening. */ | 582 | * prevent this from happening. */ |
587 | static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff **pskb, | 583 | static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff *skb, |
588 | const struct net_device *in, | 584 | const struct net_device *in, |
589 | const struct net_device *out, | 585 | const struct net_device *out, |
590 | int (*okfn)(struct sk_buff *)) | 586 | int (*okfn)(struct sk_buff *)) |
591 | { | 587 | { |
592 | struct sk_buff *skb = *pskb; | ||
593 | |||
594 | if (skb->dst == (struct dst_entry *)&__fake_rtable) { | 588 | if (skb->dst == (struct dst_entry *)&__fake_rtable) { |
595 | dst_release(skb->dst); | 589 | dst_release(skb->dst); |
596 | skb->dst = NULL; | 590 | skb->dst = NULL; |
@@ -625,12 +619,11 @@ static int br_nf_forward_finish(struct sk_buff *skb) | |||
625 | * but we are still able to filter on the 'real' indev/outdev | 619 | * but we are still able to filter on the 'real' indev/outdev |
626 | * because of the physdev module. For ARP, indev and outdev are the | 620 | * because of the physdev module. For ARP, indev and outdev are the |
627 | * bridge ports. */ | 621 | * bridge ports. */ |
628 | static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb, | 622 | static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff *skb, |
629 | const struct net_device *in, | 623 | const struct net_device *in, |
630 | const struct net_device *out, | 624 | const struct net_device *out, |
631 | int (*okfn)(struct sk_buff *)) | 625 | int (*okfn)(struct sk_buff *)) |
632 | { | 626 | { |
633 | struct sk_buff *skb = *pskb; | ||
634 | struct nf_bridge_info *nf_bridge; | 627 | struct nf_bridge_info *nf_bridge; |
635 | struct net_device *parent; | 628 | struct net_device *parent; |
636 | int pf; | 629 | int pf; |
@@ -648,7 +641,7 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb, | |||
648 | else | 641 | else |
649 | pf = PF_INET6; | 642 | pf = PF_INET6; |
650 | 643 | ||
651 | nf_bridge_pull_encap_header(*pskb); | 644 | nf_bridge_pull_encap_header(skb); |
652 | 645 | ||
653 | nf_bridge = skb->nf_bridge; | 646 | nf_bridge = skb->nf_bridge; |
654 | if (skb->pkt_type == PACKET_OTHERHOST) { | 647 | if (skb->pkt_type == PACKET_OTHERHOST) { |
@@ -666,12 +659,11 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb, | |||
666 | return NF_STOLEN; | 659 | return NF_STOLEN; |
667 | } | 660 | } |
668 | 661 | ||
669 | static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb, | 662 | static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff *skb, |
670 | const struct net_device *in, | 663 | const struct net_device *in, |
671 | const struct net_device *out, | 664 | const struct net_device *out, |
672 | int (*okfn)(struct sk_buff *)) | 665 | int (*okfn)(struct sk_buff *)) |
673 | { | 666 | { |
674 | struct sk_buff *skb = *pskb; | ||
675 | struct net_device **d = (struct net_device **)(skb->cb); | 667 | struct net_device **d = (struct net_device **)(skb->cb); |
676 | 668 | ||
677 | #ifdef CONFIG_SYSCTL | 669 | #ifdef CONFIG_SYSCTL |
@@ -682,12 +674,12 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb, | |||
682 | if (skb->protocol != htons(ETH_P_ARP)) { | 674 | if (skb->protocol != htons(ETH_P_ARP)) { |
683 | if (!IS_VLAN_ARP(skb)) | 675 | if (!IS_VLAN_ARP(skb)) |
684 | return NF_ACCEPT; | 676 | return NF_ACCEPT; |
685 | nf_bridge_pull_encap_header(*pskb); | 677 | nf_bridge_pull_encap_header(skb); |
686 | } | 678 | } |
687 | 679 | ||
688 | if (arp_hdr(skb)->ar_pln != 4) { | 680 | if (arp_hdr(skb)->ar_pln != 4) { |
689 | if (IS_VLAN_ARP(skb)) | 681 | if (IS_VLAN_ARP(skb)) |
690 | nf_bridge_push_encap_header(*pskb); | 682 | nf_bridge_push_encap_header(skb); |
691 | return NF_ACCEPT; | 683 | return NF_ACCEPT; |
692 | } | 684 | } |
693 | *d = (struct net_device *)in; | 685 | *d = (struct net_device *)in; |
@@ -709,13 +701,12 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb, | |||
709 | * NF_BR_PRI_FIRST, so no relevant PF_BRIDGE/INPUT functions have been nor | 701 | * NF_BR_PRI_FIRST, so no relevant PF_BRIDGE/INPUT functions have been nor |
710 | * will be executed. | 702 | * will be executed. |
711 | */ | 703 | */ |
712 | static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff **pskb, | 704 | static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff *skb, |
713 | const struct net_device *in, | 705 | const struct net_device *in, |
714 | const struct net_device *out, | 706 | const struct net_device *out, |
715 | int (*okfn)(struct sk_buff *)) | 707 | int (*okfn)(struct sk_buff *)) |
716 | { | 708 | { |
717 | struct net_device *realindev; | 709 | struct net_device *realindev; |
718 | struct sk_buff *skb = *pskb; | ||
719 | struct nf_bridge_info *nf_bridge; | 710 | struct nf_bridge_info *nf_bridge; |
720 | 711 | ||
721 | if (!skb->nf_bridge) | 712 | if (!skb->nf_bridge) |
@@ -752,13 +743,12 @@ static int br_nf_dev_queue_xmit(struct sk_buff *skb) | |||
752 | } | 743 | } |
753 | 744 | ||
754 | /* PF_BRIDGE/POST_ROUTING ********************************************/ | 745 | /* PF_BRIDGE/POST_ROUTING ********************************************/ |
755 | static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb, | 746 | static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb, |
756 | const struct net_device *in, | 747 | const struct net_device *in, |
757 | const struct net_device *out, | 748 | const struct net_device *out, |
758 | int (*okfn)(struct sk_buff *)) | 749 | int (*okfn)(struct sk_buff *)) |
759 | { | 750 | { |
760 | struct sk_buff *skb = *pskb; | 751 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; |
761 | struct nf_bridge_info *nf_bridge = (*pskb)->nf_bridge; | ||
762 | struct net_device *realoutdev = bridge_parent(skb->dev); | 752 | struct net_device *realoutdev = bridge_parent(skb->dev); |
763 | int pf; | 753 | int pf; |
764 | 754 | ||
@@ -828,13 +818,13 @@ print_error: | |||
828 | /* IP/SABOTAGE *****************************************************/ | 818 | /* IP/SABOTAGE *****************************************************/ |
829 | /* Don't hand locally destined packets to PF_INET(6)/PRE_ROUTING | 819 | /* Don't hand locally destined packets to PF_INET(6)/PRE_ROUTING |
830 | * for the second time. */ | 820 | * for the second time. */ |
831 | static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff **pskb, | 821 | static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff *skb, |
832 | const struct net_device *in, | 822 | const struct net_device *in, |
833 | const struct net_device *out, | 823 | const struct net_device *out, |
834 | int (*okfn)(struct sk_buff *)) | 824 | int (*okfn)(struct sk_buff *)) |
835 | { | 825 | { |
836 | if ((*pskb)->nf_bridge && | 826 | if (skb->nf_bridge && |
837 | !((*pskb)->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)) { | 827 | !(skb->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)) { |
838 | return NF_STOP; | 828 | return NF_STOP; |
839 | } | 829 | } |
840 | 830 | ||
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c index ffe468a632e7..48a80e423287 100644 --- a/net/bridge/netfilter/ebt_arpreply.c +++ b/net/bridge/netfilter/ebt_arpreply.c | |||
@@ -15,7 +15,7 @@ | |||
15 | #include <net/arp.h> | 15 | #include <net/arp.h> |
16 | #include <linux/module.h> | 16 | #include <linux/module.h> |
17 | 17 | ||
18 | static int ebt_target_reply(struct sk_buff **pskb, unsigned int hooknr, | 18 | static int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr, |
19 | const struct net_device *in, const struct net_device *out, | 19 | const struct net_device *in, const struct net_device *out, |
20 | const void *data, unsigned int datalen) | 20 | const void *data, unsigned int datalen) |
21 | { | 21 | { |
@@ -23,7 +23,6 @@ static int ebt_target_reply(struct sk_buff **pskb, unsigned int hooknr, | |||
23 | __be32 _sip, *siptr, _dip, *diptr; | 23 | __be32 _sip, *siptr, _dip, *diptr; |
24 | struct arphdr _ah, *ap; | 24 | struct arphdr _ah, *ap; |
25 | unsigned char _sha[ETH_ALEN], *shp; | 25 | unsigned char _sha[ETH_ALEN], *shp; |
26 | struct sk_buff *skb = *pskb; | ||
27 | 26 | ||
28 | ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah); | 27 | ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah); |
29 | if (ap == NULL) | 28 | if (ap == NULL) |
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c index 4582659dff0e..74262e9a566a 100644 --- a/net/bridge/netfilter/ebt_dnat.c +++ b/net/bridge/netfilter/ebt_dnat.c | |||
@@ -8,29 +8,22 @@ | |||
8 | * | 8 | * |
9 | */ | 9 | */ |
10 | 10 | ||
11 | #include <linux/netfilter.h> | ||
11 | #include <linux/netfilter_bridge/ebtables.h> | 12 | #include <linux/netfilter_bridge/ebtables.h> |
12 | #include <linux/netfilter_bridge/ebt_nat.h> | 13 | #include <linux/netfilter_bridge/ebt_nat.h> |
13 | #include <linux/module.h> | 14 | #include <linux/module.h> |
14 | #include <net/sock.h> | 15 | #include <net/sock.h> |
15 | 16 | ||
16 | static int ebt_target_dnat(struct sk_buff **pskb, unsigned int hooknr, | 17 | static int ebt_target_dnat(struct sk_buff *skb, unsigned int hooknr, |
17 | const struct net_device *in, const struct net_device *out, | 18 | const struct net_device *in, const struct net_device *out, |
18 | const void *data, unsigned int datalen) | 19 | const void *data, unsigned int datalen) |
19 | { | 20 | { |
20 | struct ebt_nat_info *info = (struct ebt_nat_info *)data; | 21 | struct ebt_nat_info *info = (struct ebt_nat_info *)data; |
21 | 22 | ||
22 | if (skb_shared(*pskb) || skb_cloned(*pskb)) { | 23 | if (skb_make_writable(skb, 0)) |
23 | struct sk_buff *nskb; | 24 | return NF_DROP; |
24 | 25 | ||
25 | nskb = skb_copy(*pskb, GFP_ATOMIC); | 26 | memcpy(eth_hdr(skb)->h_dest, info->mac, ETH_ALEN); |
26 | if (!nskb) | ||
27 | return NF_DROP; | ||
28 | if ((*pskb)->sk) | ||
29 | skb_set_owner_w(nskb, (*pskb)->sk); | ||
30 | kfree_skb(*pskb); | ||
31 | *pskb = nskb; | ||
32 | } | ||
33 | memcpy(eth_hdr(*pskb)->h_dest, info->mac, ETH_ALEN); | ||
34 | return info->target; | 27 | return info->target; |
35 | } | 28 | } |
36 | 29 | ||
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c index 62d23c7b25e6..6cba54309c09 100644 --- a/net/bridge/netfilter/ebt_mark.c +++ b/net/bridge/netfilter/ebt_mark.c | |||
@@ -17,7 +17,7 @@ | |||
17 | #include <linux/netfilter_bridge/ebt_mark_t.h> | 17 | #include <linux/netfilter_bridge/ebt_mark_t.h> |
18 | #include <linux/module.h> | 18 | #include <linux/module.h> |
19 | 19 | ||
20 | static int ebt_target_mark(struct sk_buff **pskb, unsigned int hooknr, | 20 | static int ebt_target_mark(struct sk_buff *skb, unsigned int hooknr, |
21 | const struct net_device *in, const struct net_device *out, | 21 | const struct net_device *in, const struct net_device *out, |
22 | const void *data, unsigned int datalen) | 22 | const void *data, unsigned int datalen) |
23 | { | 23 | { |
@@ -25,13 +25,13 @@ static int ebt_target_mark(struct sk_buff **pskb, unsigned int hooknr, | |||
25 | int action = info->target & -16; | 25 | int action = info->target & -16; |
26 | 26 | ||
27 | if (action == MARK_SET_VALUE) | 27 | if (action == MARK_SET_VALUE) |
28 | (*pskb)->mark = info->mark; | 28 | skb->mark = info->mark; |
29 | else if (action == MARK_OR_VALUE) | 29 | else if (action == MARK_OR_VALUE) |
30 | (*pskb)->mark |= info->mark; | 30 | skb->mark |= info->mark; |
31 | else if (action == MARK_AND_VALUE) | 31 | else if (action == MARK_AND_VALUE) |
32 | (*pskb)->mark &= info->mark; | 32 | skb->mark &= info->mark; |
33 | else | 33 | else |
34 | (*pskb)->mark ^= info->mark; | 34 | skb->mark ^= info->mark; |
35 | 35 | ||
36 | return info->target | ~EBT_VERDICT_BITS; | 36 | return info->target | ~EBT_VERDICT_BITS; |
37 | } | 37 | } |
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c index 9f378eab72d0..422cb834cff9 100644 --- a/net/bridge/netfilter/ebt_redirect.c +++ b/net/bridge/netfilter/ebt_redirect.c | |||
@@ -8,35 +8,28 @@ | |||
8 | * | 8 | * |
9 | */ | 9 | */ |
10 | 10 | ||
11 | #include <linux/netfilter.h> | ||
11 | #include <linux/netfilter_bridge/ebtables.h> | 12 | #include <linux/netfilter_bridge/ebtables.h> |
12 | #include <linux/netfilter_bridge/ebt_redirect.h> | 13 | #include <linux/netfilter_bridge/ebt_redirect.h> |
13 | #include <linux/module.h> | 14 | #include <linux/module.h> |
14 | #include <net/sock.h> | 15 | #include <net/sock.h> |
15 | #include "../br_private.h" | 16 | #include "../br_private.h" |
16 | 17 | ||
17 | static int ebt_target_redirect(struct sk_buff **pskb, unsigned int hooknr, | 18 | static int ebt_target_redirect(struct sk_buff *skb, unsigned int hooknr, |
18 | const struct net_device *in, const struct net_device *out, | 19 | const struct net_device *in, const struct net_device *out, |
19 | const void *data, unsigned int datalen) | 20 | const void *data, unsigned int datalen) |
20 | { | 21 | { |
21 | struct ebt_redirect_info *info = (struct ebt_redirect_info *)data; | 22 | struct ebt_redirect_info *info = (struct ebt_redirect_info *)data; |
22 | 23 | ||
23 | if (skb_shared(*pskb) || skb_cloned(*pskb)) { | 24 | if (skb_make_writable(skb, 0)) |
24 | struct sk_buff *nskb; | 25 | return NF_DROP; |
25 | 26 | ||
26 | nskb = skb_copy(*pskb, GFP_ATOMIC); | ||
27 | if (!nskb) | ||
28 | return NF_DROP; | ||
29 | if ((*pskb)->sk) | ||
30 | skb_set_owner_w(nskb, (*pskb)->sk); | ||
31 | kfree_skb(*pskb); | ||
32 | *pskb = nskb; | ||
33 | } | ||
34 | if (hooknr != NF_BR_BROUTING) | 27 | if (hooknr != NF_BR_BROUTING) |
35 | memcpy(eth_hdr(*pskb)->h_dest, | 28 | memcpy(eth_hdr(skb)->h_dest, |
36 | in->br_port->br->dev->dev_addr, ETH_ALEN); | 29 | in->br_port->br->dev->dev_addr, ETH_ALEN); |
37 | else | 30 | else |
38 | memcpy(eth_hdr(*pskb)->h_dest, in->dev_addr, ETH_ALEN); | 31 | memcpy(eth_hdr(skb)->h_dest, in->dev_addr, ETH_ALEN); |
39 | (*pskb)->pkt_type = PACKET_HOST; | 32 | skb->pkt_type = PACKET_HOST; |
40 | return info->target; | 33 | return info->target; |
41 | } | 34 | } |
42 | 35 | ||
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c index a50722182bfe..425ac920904d 100644 --- a/net/bridge/netfilter/ebt_snat.c +++ b/net/bridge/netfilter/ebt_snat.c | |||
@@ -8,6 +8,7 @@ | |||
8 | * | 8 | * |
9 | */ | 9 | */ |
10 | 10 | ||
11 | #include <linux/netfilter.h> | ||
11 | #include <linux/netfilter_bridge/ebtables.h> | 12 | #include <linux/netfilter_bridge/ebtables.h> |
12 | #include <linux/netfilter_bridge/ebt_nat.h> | 13 | #include <linux/netfilter_bridge/ebt_nat.h> |
13 | #include <linux/module.h> | 14 | #include <linux/module.h> |
@@ -15,34 +16,26 @@ | |||
15 | #include <linux/if_arp.h> | 16 | #include <linux/if_arp.h> |
16 | #include <net/arp.h> | 17 | #include <net/arp.h> |
17 | 18 | ||
18 | static int ebt_target_snat(struct sk_buff **pskb, unsigned int hooknr, | 19 | static int ebt_target_snat(struct sk_buff *skb, unsigned int hooknr, |
19 | const struct net_device *in, const struct net_device *out, | 20 | const struct net_device *in, const struct net_device *out, |
20 | const void *data, unsigned int datalen) | 21 | const void *data, unsigned int datalen) |
21 | { | 22 | { |
22 | struct ebt_nat_info *info = (struct ebt_nat_info *) data; | 23 | struct ebt_nat_info *info = (struct ebt_nat_info *) data; |
23 | 24 | ||
24 | if (skb_shared(*pskb) || skb_cloned(*pskb)) { | 25 | if (skb_make_writable(skb, 0)) |
25 | struct sk_buff *nskb; | 26 | return NF_DROP; |
26 | 27 | ||
27 | nskb = skb_copy(*pskb, GFP_ATOMIC); | 28 | memcpy(eth_hdr(skb)->h_source, info->mac, ETH_ALEN); |
28 | if (!nskb) | ||
29 | return NF_DROP; | ||
30 | if ((*pskb)->sk) | ||
31 | skb_set_owner_w(nskb, (*pskb)->sk); | ||
32 | kfree_skb(*pskb); | ||
33 | *pskb = nskb; | ||
34 | } | ||
35 | memcpy(eth_hdr(*pskb)->h_source, info->mac, ETH_ALEN); | ||
36 | if (!(info->target & NAT_ARP_BIT) && | 29 | if (!(info->target & NAT_ARP_BIT) && |
37 | eth_hdr(*pskb)->h_proto == htons(ETH_P_ARP)) { | 30 | eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) { |
38 | struct arphdr _ah, *ap; | 31 | struct arphdr _ah, *ap; |
39 | 32 | ||
40 | ap = skb_header_pointer(*pskb, 0, sizeof(_ah), &_ah); | 33 | ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah); |
41 | if (ap == NULL) | 34 | if (ap == NULL) |
42 | return EBT_DROP; | 35 | return EBT_DROP; |
43 | if (ap->ar_hln != ETH_ALEN) | 36 | if (ap->ar_hln != ETH_ALEN) |
44 | goto out; | 37 | goto out; |
45 | if (skb_store_bits(*pskb, sizeof(_ah), info->mac,ETH_ALEN)) | 38 | if (skb_store_bits(skb, sizeof(_ah), info->mac,ETH_ALEN)) |
46 | return EBT_DROP; | 39 | return EBT_DROP; |
47 | } | 40 | } |
48 | out: | 41 | out: |
diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c index d37ce0478938..e44519ebf1d2 100644 --- a/net/bridge/netfilter/ebtable_broute.c +++ b/net/bridge/netfilter/ebtable_broute.c | |||
@@ -51,11 +51,11 @@ static struct ebt_table broute_table = | |||
51 | .me = THIS_MODULE, | 51 | .me = THIS_MODULE, |
52 | }; | 52 | }; |
53 | 53 | ||
54 | static int ebt_broute(struct sk_buff **pskb) | 54 | static int ebt_broute(struct sk_buff *skb) |
55 | { | 55 | { |
56 | int ret; | 56 | int ret; |
57 | 57 | ||
58 | ret = ebt_do_table(NF_BR_BROUTING, pskb, (*pskb)->dev, NULL, | 58 | ret = ebt_do_table(NF_BR_BROUTING, skb, skb->dev, NULL, |
59 | &broute_table); | 59 | &broute_table); |
60 | if (ret == NF_DROP) | 60 | if (ret == NF_DROP) |
61 | return 1; /* route it */ | 61 | return 1; /* route it */ |
diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c index 81d84145c417..210493f99bc4 100644 --- a/net/bridge/netfilter/ebtable_filter.c +++ b/net/bridge/netfilter/ebtable_filter.c | |||
@@ -61,10 +61,10 @@ static struct ebt_table frame_filter = | |||
61 | }; | 61 | }; |
62 | 62 | ||
63 | static unsigned int | 63 | static unsigned int |
64 | ebt_hook (unsigned int hook, struct sk_buff **pskb, const struct net_device *in, | 64 | ebt_hook(unsigned int hook, struct sk_buff *skb, const struct net_device *in, |
65 | const struct net_device *out, int (*okfn)(struct sk_buff *)) | 65 | const struct net_device *out, int (*okfn)(struct sk_buff *)) |
66 | { | 66 | { |
67 | return ebt_do_table(hook, pskb, in, out, &frame_filter); | 67 | return ebt_do_table(hook, skb, in, out, &frame_filter); |
68 | } | 68 | } |
69 | 69 | ||
70 | static struct nf_hook_ops ebt_ops_filter[] = { | 70 | static struct nf_hook_ops ebt_ops_filter[] = { |
diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c index 9c50488b62eb..3e58c2e5ee21 100644 --- a/net/bridge/netfilter/ebtable_nat.c +++ b/net/bridge/netfilter/ebtable_nat.c | |||
@@ -61,17 +61,17 @@ static struct ebt_table frame_nat = | |||
61 | }; | 61 | }; |
62 | 62 | ||
63 | static unsigned int | 63 | static unsigned int |
64 | ebt_nat_dst(unsigned int hook, struct sk_buff **pskb, const struct net_device *in | 64 | ebt_nat_dst(unsigned int hook, struct sk_buff *skb, const struct net_device *in |
65 | , const struct net_device *out, int (*okfn)(struct sk_buff *)) | 65 | , const struct net_device *out, int (*okfn)(struct sk_buff *)) |
66 | { | 66 | { |
67 | return ebt_do_table(hook, pskb, in, out, &frame_nat); | 67 | return ebt_do_table(hook, skb, in, out, &frame_nat); |
68 | } | 68 | } |
69 | 69 | ||
70 | static unsigned int | 70 | static unsigned int |
71 | ebt_nat_src(unsigned int hook, struct sk_buff **pskb, const struct net_device *in | 71 | ebt_nat_src(unsigned int hook, struct sk_buff *skb, const struct net_device *in |
72 | , const struct net_device *out, int (*okfn)(struct sk_buff *)) | 72 | , const struct net_device *out, int (*okfn)(struct sk_buff *)) |
73 | { | 73 | { |
74 | return ebt_do_table(hook, pskb, in, out, &frame_nat); | 74 | return ebt_do_table(hook, skb, in, out, &frame_nat); |
75 | } | 75 | } |
76 | 76 | ||
77 | static struct nf_hook_ops ebt_ops_nat[] = { | 77 | static struct nf_hook_ops ebt_ops_nat[] = { |
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 6018d0e51938..d5a09eaef915 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
@@ -142,7 +142,7 @@ static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h, | |||
142 | } | 142 | } |
143 | 143 | ||
144 | /* Do some firewalling */ | 144 | /* Do some firewalling */ |
145 | unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, | 145 | unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, |
146 | const struct net_device *in, const struct net_device *out, | 146 | const struct net_device *in, const struct net_device *out, |
147 | struct ebt_table *table) | 147 | struct ebt_table *table) |
148 | { | 148 | { |
@@ -172,19 +172,19 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, | |||
172 | base = private->entries; | 172 | base = private->entries; |
173 | i = 0; | 173 | i = 0; |
174 | while (i < nentries) { | 174 | while (i < nentries) { |
175 | if (ebt_basic_match(point, eth_hdr(*pskb), in, out)) | 175 | if (ebt_basic_match(point, eth_hdr(skb), in, out)) |
176 | goto letscontinue; | 176 | goto letscontinue; |
177 | 177 | ||
178 | if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0) | 178 | if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, in, out) != 0) |
179 | goto letscontinue; | 179 | goto letscontinue; |
180 | 180 | ||
181 | /* increase counter */ | 181 | /* increase counter */ |
182 | (*(counter_base + i)).pcnt++; | 182 | (*(counter_base + i)).pcnt++; |
183 | (*(counter_base + i)).bcnt+=(**pskb).len; | 183 | (*(counter_base + i)).bcnt += skb->len; |
184 | 184 | ||
185 | /* these should only watch: not modify, nor tell us | 185 | /* these should only watch: not modify, nor tell us |
186 | what to do with the packet */ | 186 | what to do with the packet */ |
187 | EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in, | 187 | EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, hook, in, |
188 | out); | 188 | out); |
189 | 189 | ||
190 | t = (struct ebt_entry_target *) | 190 | t = (struct ebt_entry_target *) |
@@ -193,7 +193,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, | |||
193 | if (!t->u.target->target) | 193 | if (!t->u.target->target) |
194 | verdict = ((struct ebt_standard_target *)t)->verdict; | 194 | verdict = ((struct ebt_standard_target *)t)->verdict; |
195 | else | 195 | else |
196 | verdict = t->u.target->target(pskb, hook, | 196 | verdict = t->u.target->target(skb, hook, |
197 | in, out, t->data, t->target_size); | 197 | in, out, t->data, t->target_size); |
198 | if (verdict == EBT_ACCEPT) { | 198 | if (verdict == EBT_ACCEPT) { |
199 | read_unlock_bh(&table->lock); | 199 | read_unlock_bh(&table->lock); |
diff --git a/net/core/dev.c b/net/core/dev.c index 99b7bda37d10..38b03da5c1ca 100644 --- a/net/core/dev.c +++ b/net/core/dev.c | |||
@@ -1362,22 +1362,21 @@ int skb_checksum_help(struct sk_buff *skb) | |||
1362 | goto out_set_summed; | 1362 | goto out_set_summed; |
1363 | } | 1363 | } |
1364 | 1364 | ||
1365 | if (skb_cloned(skb)) { | 1365 | offset = skb->csum_start - skb_headroom(skb); |
1366 | BUG_ON(offset >= skb_headlen(skb)); | ||
1367 | csum = skb_checksum(skb, offset, skb->len - offset, 0); | ||
1368 | |||
1369 | offset += skb->csum_offset; | ||
1370 | BUG_ON(offset + sizeof(__sum16) > skb_headlen(skb)); | ||
1371 | |||
1372 | if (skb_cloned(skb) && | ||
1373 | !skb_clone_writable(skb, offset + sizeof(__sum16))) { | ||
1366 | ret = pskb_expand_head(skb, 0, 0, GFP_ATOMIC); | 1374 | ret = pskb_expand_head(skb, 0, 0, GFP_ATOMIC); |
1367 | if (ret) | 1375 | if (ret) |
1368 | goto out; | 1376 | goto out; |
1369 | } | 1377 | } |
1370 | 1378 | ||
1371 | offset = skb->csum_start - skb_headroom(skb); | 1379 | *(__sum16 *)(skb->data + offset) = csum_fold(csum); |
1372 | BUG_ON(offset > (int)skb->len); | ||
1373 | csum = skb_checksum(skb, offset, skb->len-offset, 0); | ||
1374 | |||
1375 | offset = skb_headlen(skb) - offset; | ||
1376 | BUG_ON(offset <= 0); | ||
1377 | BUG_ON(skb->csum_offset + 2 > offset); | ||
1378 | |||
1379 | *(__sum16 *)(skb->head + skb->csum_start + skb->csum_offset) = | ||
1380 | csum_fold(csum); | ||
1381 | out_set_summed: | 1380 | out_set_summed: |
1382 | skb->ip_summed = CHECKSUM_NONE; | 1381 | skb->ip_summed = CHECKSUM_NONE; |
1383 | out: | 1382 | out: |
@@ -1949,27 +1948,51 @@ static int ing_filter(struct sk_buff *skb) | |||
1949 | struct Qdisc *q; | 1948 | struct Qdisc *q; |
1950 | struct net_device *dev = skb->dev; | 1949 | struct net_device *dev = skb->dev; |
1951 | int result = TC_ACT_OK; | 1950 | int result = TC_ACT_OK; |
1951 | u32 ttl = G_TC_RTTL(skb->tc_verd); | ||
1952 | 1952 | ||
1953 | if (dev->qdisc_ingress) { | 1953 | if (MAX_RED_LOOP < ttl++) { |
1954 | __u32 ttl = (__u32) G_TC_RTTL(skb->tc_verd); | 1954 | printk(KERN_WARNING |
1955 | if (MAX_RED_LOOP < ttl++) { | 1955 | "Redir loop detected Dropping packet (%d->%d)\n", |
1956 | printk(KERN_WARNING "Redir loop detected Dropping packet (%d->%d)\n", | 1956 | skb->iif, dev->ifindex); |
1957 | skb->iif, skb->dev->ifindex); | 1957 | return TC_ACT_SHOT; |
1958 | return TC_ACT_SHOT; | 1958 | } |
1959 | } | 1959 | |
1960 | skb->tc_verd = SET_TC_RTTL(skb->tc_verd, ttl); | ||
1961 | skb->tc_verd = SET_TC_AT(skb->tc_verd, AT_INGRESS); | ||
1960 | 1962 | ||
1961 | skb->tc_verd = SET_TC_RTTL(skb->tc_verd,ttl); | 1963 | spin_lock(&dev->ingress_lock); |
1964 | if ((q = dev->qdisc_ingress) != NULL) | ||
1965 | result = q->enqueue(skb, q); | ||
1966 | spin_unlock(&dev->ingress_lock); | ||
1962 | 1967 | ||
1963 | skb->tc_verd = SET_TC_AT(skb->tc_verd,AT_INGRESS); | 1968 | return result; |
1969 | } | ||
1970 | |||
1971 | static inline struct sk_buff *handle_ing(struct sk_buff *skb, | ||
1972 | struct packet_type **pt_prev, | ||
1973 | int *ret, struct net_device *orig_dev) | ||
1974 | { | ||
1975 | if (!skb->dev->qdisc_ingress) | ||
1976 | goto out; | ||
1964 | 1977 | ||
1965 | spin_lock(&dev->ingress_lock); | 1978 | if (*pt_prev) { |
1966 | if ((q = dev->qdisc_ingress) != NULL) | 1979 | *ret = deliver_skb(skb, *pt_prev, orig_dev); |
1967 | result = q->enqueue(skb, q); | 1980 | *pt_prev = NULL; |
1968 | spin_unlock(&dev->ingress_lock); | 1981 | } else { |
1982 | /* Huh? Why does turning on AF_PACKET affect this? */ | ||
1983 | skb->tc_verd = SET_TC_OK2MUNGE(skb->tc_verd); | ||
1984 | } | ||
1969 | 1985 | ||
1986 | switch (ing_filter(skb)) { | ||
1987 | case TC_ACT_SHOT: | ||
1988 | case TC_ACT_STOLEN: | ||
1989 | kfree_skb(skb); | ||
1990 | return NULL; | ||
1970 | } | 1991 | } |
1971 | 1992 | ||
1972 | return result; | 1993 | out: |
1994 | skb->tc_verd = 0; | ||
1995 | return skb; | ||
1973 | } | 1996 | } |
1974 | #endif | 1997 | #endif |
1975 | 1998 | ||
@@ -2021,21 +2044,9 @@ int netif_receive_skb(struct sk_buff *skb) | |||
2021 | } | 2044 | } |
2022 | 2045 | ||
2023 | #ifdef CONFIG_NET_CLS_ACT | 2046 | #ifdef CONFIG_NET_CLS_ACT |
2024 | if (pt_prev) { | 2047 | skb = handle_ing(skb, &pt_prev, &ret, orig_dev); |
2025 | ret = deliver_skb(skb, pt_prev, orig_dev); | 2048 | if (!skb) |
2026 | pt_prev = NULL; /* noone else should process this after*/ | ||
2027 | } else { | ||
2028 | skb->tc_verd = SET_TC_OK2MUNGE(skb->tc_verd); | ||
2029 | } | ||
2030 | |||
2031 | ret = ing_filter(skb); | ||
2032 | |||
2033 | if (ret == TC_ACT_SHOT || (ret == TC_ACT_STOLEN)) { | ||
2034 | kfree_skb(skb); | ||
2035 | goto out; | 2049 | goto out; |
2036 | } | ||
2037 | |||
2038 | skb->tc_verd = 0; | ||
2039 | ncls: | 2050 | ncls: |
2040 | #endif | 2051 | #endif |
2041 | 2052 | ||
diff --git a/net/core/neighbour.c b/net/core/neighbour.c index c52df858d0be..cd3af59b38a1 100644 --- a/net/core/neighbour.c +++ b/net/core/neighbour.c | |||
@@ -481,6 +481,8 @@ struct pneigh_entry * pneigh_lookup(struct neigh_table *tbl, const void *pkey, | |||
481 | if (!creat) | 481 | if (!creat) |
482 | goto out; | 482 | goto out; |
483 | 483 | ||
484 | ASSERT_RTNL(); | ||
485 | |||
484 | n = kmalloc(sizeof(*n) + key_len, GFP_KERNEL); | 486 | n = kmalloc(sizeof(*n) + key_len, GFP_KERNEL); |
485 | if (!n) | 487 | if (!n) |
486 | goto out; | 488 | goto out; |
diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 944189d96323..70d9b5da96ae 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c | |||
@@ -362,6 +362,97 @@ void kfree_skb(struct sk_buff *skb) | |||
362 | __kfree_skb(skb); | 362 | __kfree_skb(skb); |
363 | } | 363 | } |
364 | 364 | ||
365 | static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old) | ||
366 | { | ||
367 | new->tstamp = old->tstamp; | ||
368 | new->dev = old->dev; | ||
369 | new->transport_header = old->transport_header; | ||
370 | new->network_header = old->network_header; | ||
371 | new->mac_header = old->mac_header; | ||
372 | new->dst = dst_clone(old->dst); | ||
373 | #ifdef CONFIG_INET | ||
374 | new->sp = secpath_get(old->sp); | ||
375 | #endif | ||
376 | memcpy(new->cb, old->cb, sizeof(old->cb)); | ||
377 | new->csum_start = old->csum_start; | ||
378 | new->csum_offset = old->csum_offset; | ||
379 | new->local_df = old->local_df; | ||
380 | new->pkt_type = old->pkt_type; | ||
381 | new->ip_summed = old->ip_summed; | ||
382 | skb_copy_queue_mapping(new, old); | ||
383 | new->priority = old->priority; | ||
384 | #if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE) | ||
385 | new->ipvs_property = old->ipvs_property; | ||
386 | #endif | ||
387 | new->protocol = old->protocol; | ||
388 | new->mark = old->mark; | ||
389 | __nf_copy(new, old); | ||
390 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ | ||
391 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) | ||
392 | new->nf_trace = old->nf_trace; | ||
393 | #endif | ||
394 | #ifdef CONFIG_NET_SCHED | ||
395 | new->tc_index = old->tc_index; | ||
396 | #ifdef CONFIG_NET_CLS_ACT | ||
397 | new->tc_verd = old->tc_verd; | ||
398 | #endif | ||
399 | #endif | ||
400 | skb_copy_secmark(new, old); | ||
401 | } | ||
402 | |||
403 | static struct sk_buff *__skb_clone(struct sk_buff *n, struct sk_buff *skb) | ||
404 | { | ||
405 | #define C(x) n->x = skb->x | ||
406 | |||
407 | n->next = n->prev = NULL; | ||
408 | n->sk = NULL; | ||
409 | __copy_skb_header(n, skb); | ||
410 | |||
411 | C(len); | ||
412 | C(data_len); | ||
413 | C(mac_len); | ||
414 | n->cloned = 1; | ||
415 | n->hdr_len = skb->nohdr ? skb_headroom(skb) : skb->hdr_len; | ||
416 | n->nohdr = 0; | ||
417 | n->destructor = NULL; | ||
418 | #ifdef CONFIG_NET_CLS_ACT | ||
419 | /* FIXME What is this and why don't we do it in copy_skb_header? */ | ||
420 | n->tc_verd = SET_TC_VERD(n->tc_verd,0); | ||
421 | n->tc_verd = CLR_TC_OK2MUNGE(n->tc_verd); | ||
422 | n->tc_verd = CLR_TC_MUNGED(n->tc_verd); | ||
423 | C(iif); | ||
424 | #endif | ||
425 | C(truesize); | ||
426 | atomic_set(&n->users, 1); | ||
427 | C(head); | ||
428 | C(data); | ||
429 | C(tail); | ||
430 | C(end); | ||
431 | |||
432 | atomic_inc(&(skb_shinfo(skb)->dataref)); | ||
433 | skb->cloned = 1; | ||
434 | |||
435 | return n; | ||
436 | #undef C | ||
437 | } | ||
438 | |||
439 | /** | ||
440 | * skb_morph - morph one skb into another | ||
441 | * @dst: the skb to receive the contents | ||
442 | * @src: the skb to supply the contents | ||
443 | * | ||
444 | * This is identical to skb_clone except that the target skb is | ||
445 | * supplied by the user. | ||
446 | * | ||
447 | * The target skb is returned upon exit. | ||
448 | */ | ||
449 | struct sk_buff *skb_morph(struct sk_buff *dst, struct sk_buff *src) | ||
450 | { | ||
451 | skb_release_data(dst); | ||
452 | return __skb_clone(dst, src); | ||
453 | } | ||
454 | EXPORT_SYMBOL_GPL(skb_morph); | ||
455 | |||
365 | /** | 456 | /** |
366 | * skb_clone - duplicate an sk_buff | 457 | * skb_clone - duplicate an sk_buff |
367 | * @skb: buffer to clone | 458 | * @skb: buffer to clone |
@@ -393,66 +484,7 @@ struct sk_buff *skb_clone(struct sk_buff *skb, gfp_t gfp_mask) | |||
393 | n->fclone = SKB_FCLONE_UNAVAILABLE; | 484 | n->fclone = SKB_FCLONE_UNAVAILABLE; |
394 | } | 485 | } |
395 | 486 | ||
396 | #define C(x) n->x = skb->x | 487 | return __skb_clone(n, skb); |
397 | |||
398 | n->next = n->prev = NULL; | ||
399 | n->sk = NULL; | ||
400 | C(tstamp); | ||
401 | C(dev); | ||
402 | C(transport_header); | ||
403 | C(network_header); | ||
404 | C(mac_header); | ||
405 | C(dst); | ||
406 | dst_clone(skb->dst); | ||
407 | C(sp); | ||
408 | #ifdef CONFIG_INET | ||
409 | secpath_get(skb->sp); | ||
410 | #endif | ||
411 | memcpy(n->cb, skb->cb, sizeof(skb->cb)); | ||
412 | C(len); | ||
413 | C(data_len); | ||
414 | C(mac_len); | ||
415 | C(csum); | ||
416 | C(local_df); | ||
417 | n->cloned = 1; | ||
418 | n->hdr_len = skb->nohdr ? skb_headroom(skb) : skb->hdr_len; | ||
419 | n->nohdr = 0; | ||
420 | C(pkt_type); | ||
421 | C(ip_summed); | ||
422 | skb_copy_queue_mapping(n, skb); | ||
423 | C(priority); | ||
424 | #if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE) | ||
425 | C(ipvs_property); | ||
426 | #endif | ||
427 | C(protocol); | ||
428 | n->destructor = NULL; | ||
429 | C(mark); | ||
430 | __nf_copy(n, skb); | ||
431 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ | ||
432 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) | ||
433 | C(nf_trace); | ||
434 | #endif | ||
435 | #ifdef CONFIG_NET_SCHED | ||
436 | C(tc_index); | ||
437 | #ifdef CONFIG_NET_CLS_ACT | ||
438 | n->tc_verd = SET_TC_VERD(skb->tc_verd,0); | ||
439 | n->tc_verd = CLR_TC_OK2MUNGE(n->tc_verd); | ||
440 | n->tc_verd = CLR_TC_MUNGED(n->tc_verd); | ||
441 | C(iif); | ||
442 | #endif | ||
443 | #endif | ||
444 | skb_copy_secmark(n, skb); | ||
445 | C(truesize); | ||
446 | atomic_set(&n->users, 1); | ||
447 | C(head); | ||
448 | C(data); | ||
449 | C(tail); | ||
450 | C(end); | ||
451 | |||
452 | atomic_inc(&(skb_shinfo(skb)->dataref)); | ||
453 | skb->cloned = 1; | ||
454 | |||
455 | return n; | ||
456 | } | 488 | } |
457 | 489 | ||
458 | static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old) | 490 | static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old) |
@@ -463,50 +495,15 @@ static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old) | |||
463 | */ | 495 | */ |
464 | unsigned long offset = new->data - old->data; | 496 | unsigned long offset = new->data - old->data; |
465 | #endif | 497 | #endif |
466 | new->sk = NULL; | 498 | |
467 | new->dev = old->dev; | 499 | __copy_skb_header(new, old); |
468 | skb_copy_queue_mapping(new, old); | 500 | |
469 | new->priority = old->priority; | ||
470 | new->protocol = old->protocol; | ||
471 | new->dst = dst_clone(old->dst); | ||
472 | #ifdef CONFIG_INET | ||
473 | new->sp = secpath_get(old->sp); | ||
474 | #endif | ||
475 | new->csum_start = old->csum_start; | ||
476 | new->csum_offset = old->csum_offset; | ||
477 | new->ip_summed = old->ip_summed; | ||
478 | new->transport_header = old->transport_header; | ||
479 | new->network_header = old->network_header; | ||
480 | new->mac_header = old->mac_header; | ||
481 | #ifndef NET_SKBUFF_DATA_USES_OFFSET | 501 | #ifndef NET_SKBUFF_DATA_USES_OFFSET |
482 | /* {transport,network,mac}_header are relative to skb->head */ | 502 | /* {transport,network,mac}_header are relative to skb->head */ |
483 | new->transport_header += offset; | 503 | new->transport_header += offset; |
484 | new->network_header += offset; | 504 | new->network_header += offset; |
485 | new->mac_header += offset; | 505 | new->mac_header += offset; |
486 | #endif | 506 | #endif |
487 | memcpy(new->cb, old->cb, sizeof(old->cb)); | ||
488 | new->local_df = old->local_df; | ||
489 | new->fclone = SKB_FCLONE_UNAVAILABLE; | ||
490 | new->pkt_type = old->pkt_type; | ||
491 | new->tstamp = old->tstamp; | ||
492 | new->destructor = NULL; | ||
493 | new->mark = old->mark; | ||
494 | __nf_copy(new, old); | ||
495 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ | ||
496 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) | ||
497 | new->nf_trace = old->nf_trace; | ||
498 | #endif | ||
499 | #if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE) | ||
500 | new->ipvs_property = old->ipvs_property; | ||
501 | #endif | ||
502 | #ifdef CONFIG_NET_SCHED | ||
503 | #ifdef CONFIG_NET_CLS_ACT | ||
504 | new->tc_verd = old->tc_verd; | ||
505 | #endif | ||
506 | new->tc_index = old->tc_index; | ||
507 | #endif | ||
508 | skb_copy_secmark(new, old); | ||
509 | atomic_set(&new->users, 1); | ||
510 | skb_shinfo(new)->gso_size = skb_shinfo(old)->gso_size; | 507 | skb_shinfo(new)->gso_size = skb_shinfo(old)->gso_size; |
511 | skb_shinfo(new)->gso_segs = skb_shinfo(old)->gso_segs; | 508 | skb_shinfo(new)->gso_segs = skb_shinfo(old)->gso_segs; |
512 | skb_shinfo(new)->gso_type = skb_shinfo(old)->gso_type; | 509 | skb_shinfo(new)->gso_type = skb_shinfo(old)->gso_type; |
@@ -685,7 +682,7 @@ int pskb_expand_head(struct sk_buff *skb, int nhead, int ntail, | |||
685 | skb->transport_header += off; | 682 | skb->transport_header += off; |
686 | skb->network_header += off; | 683 | skb->network_header += off; |
687 | skb->mac_header += off; | 684 | skb->mac_header += off; |
688 | skb->csum_start += off; | 685 | skb->csum_start += nhead; |
689 | skb->cloned = 0; | 686 | skb->cloned = 0; |
690 | skb->hdr_len = 0; | 687 | skb->hdr_len = 0; |
691 | skb->nohdr = 0; | 688 | skb->nohdr = 0; |
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c index 006a3834fbcd..cac53548c2d8 100644 --- a/net/dccp/ipv6.c +++ b/net/dccp/ipv6.c | |||
@@ -767,10 +767,9 @@ discard: | |||
767 | return 0; | 767 | return 0; |
768 | } | 768 | } |
769 | 769 | ||
770 | static int dccp_v6_rcv(struct sk_buff **pskb) | 770 | static int dccp_v6_rcv(struct sk_buff *skb) |
771 | { | 771 | { |
772 | const struct dccp_hdr *dh; | 772 | const struct dccp_hdr *dh; |
773 | struct sk_buff *skb = *pskb; | ||
774 | struct sock *sk; | 773 | struct sock *sk; |
775 | int min_cov; | 774 | int min_cov; |
776 | 775 | ||
diff --git a/net/decnet/netfilter/dn_rtmsg.c b/net/decnet/netfilter/dn_rtmsg.c index f7fba7721e63..43fcd29046d1 100644 --- a/net/decnet/netfilter/dn_rtmsg.c +++ b/net/decnet/netfilter/dn_rtmsg.c | |||
@@ -88,12 +88,12 @@ static void dnrmg_send_peer(struct sk_buff *skb) | |||
88 | 88 | ||
89 | 89 | ||
90 | static unsigned int dnrmg_hook(unsigned int hook, | 90 | static unsigned int dnrmg_hook(unsigned int hook, |
91 | struct sk_buff **pskb, | 91 | struct sk_buff *skb, |
92 | const struct net_device *in, | 92 | const struct net_device *in, |
93 | const struct net_device *out, | 93 | const struct net_device *out, |
94 | int (*okfn)(struct sk_buff *)) | 94 | int (*okfn)(struct sk_buff *)) |
95 | { | 95 | { |
96 | dnrmg_send_peer(*pskb); | 96 | dnrmg_send_peer(skb); |
97 | return NF_ACCEPT; | 97 | return NF_ACCEPT; |
98 | } | 98 | } |
99 | 99 | ||
diff --git a/net/ipv4/Makefile b/net/ipv4/Makefile index a02c36d0a13e..93fe3966805d 100644 --- a/net/ipv4/Makefile +++ b/net/ipv4/Makefile | |||
@@ -10,7 +10,8 @@ obj-y := route.o inetpeer.o protocol.o \ | |||
10 | tcp_minisocks.o tcp_cong.o \ | 10 | tcp_minisocks.o tcp_cong.o \ |
11 | datagram.o raw.o udp.o udplite.o \ | 11 | datagram.o raw.o udp.o udplite.o \ |
12 | arp.o icmp.o devinet.o af_inet.o igmp.o \ | 12 | arp.o icmp.o devinet.o af_inet.o igmp.o \ |
13 | sysctl_net_ipv4.o fib_frontend.o fib_semantics.o | 13 | sysctl_net_ipv4.o fib_frontend.o fib_semantics.o \ |
14 | inet_fragment.o | ||
14 | 15 | ||
15 | obj-$(CONFIG_IP_FIB_HASH) += fib_hash.o | 16 | obj-$(CONFIG_IP_FIB_HASH) += fib_hash.o |
16 | obj-$(CONFIG_IP_FIB_TRIE) += fib_trie.o | 17 | obj-$(CONFIG_IP_FIB_TRIE) += fib_trie.o |
diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c new file mode 100644 index 000000000000..484cf512858f --- /dev/null +++ b/net/ipv4/inet_fragment.c | |||
@@ -0,0 +1,174 @@ | |||
1 | /* | ||
2 | * inet fragments management | ||
3 | * | ||
4 | * This program is free software; you can redistribute it and/or | ||
5 | * modify it under the terms of the GNU General Public License | ||
6 | * as published by the Free Software Foundation; either version | ||
7 | * 2 of the License, or (at your option) any later version. | ||
8 | * | ||
9 | * Authors: Pavel Emelyanov <xemul@openvz.org> | ||
10 | * Started as consolidation of ipv4/ip_fragment.c, | ||
11 | * ipv6/reassembly. and ipv6 nf conntrack reassembly | ||
12 | */ | ||
13 | |||
14 | #include <linux/list.h> | ||
15 | #include <linux/spinlock.h> | ||
16 | #include <linux/module.h> | ||
17 | #include <linux/timer.h> | ||
18 | #include <linux/mm.h> | ||
19 | #include <linux/random.h> | ||
20 | #include <linux/skbuff.h> | ||
21 | #include <linux/rtnetlink.h> | ||
22 | |||
23 | #include <net/inet_frag.h> | ||
24 | |||
25 | static void inet_frag_secret_rebuild(unsigned long dummy) | ||
26 | { | ||
27 | struct inet_frags *f = (struct inet_frags *)dummy; | ||
28 | unsigned long now = jiffies; | ||
29 | int i; | ||
30 | |||
31 | write_lock(&f->lock); | ||
32 | get_random_bytes(&f->rnd, sizeof(u32)); | ||
33 | for (i = 0; i < INETFRAGS_HASHSZ; i++) { | ||
34 | struct inet_frag_queue *q; | ||
35 | struct hlist_node *p, *n; | ||
36 | |||
37 | hlist_for_each_entry_safe(q, p, n, &f->hash[i], list) { | ||
38 | unsigned int hval = f->hashfn(q); | ||
39 | |||
40 | if (hval != i) { | ||
41 | hlist_del(&q->list); | ||
42 | |||
43 | /* Relink to new hash chain. */ | ||
44 | hlist_add_head(&q->list, &f->hash[hval]); | ||
45 | } | ||
46 | } | ||
47 | } | ||
48 | write_unlock(&f->lock); | ||
49 | |||
50 | mod_timer(&f->secret_timer, now + f->ctl->secret_interval); | ||
51 | } | ||
52 | |||
53 | void inet_frags_init(struct inet_frags *f) | ||
54 | { | ||
55 | int i; | ||
56 | |||
57 | for (i = 0; i < INETFRAGS_HASHSZ; i++) | ||
58 | INIT_HLIST_HEAD(&f->hash[i]); | ||
59 | |||
60 | INIT_LIST_HEAD(&f->lru_list); | ||
61 | rwlock_init(&f->lock); | ||
62 | |||
63 | f->rnd = (u32) ((num_physpages ^ (num_physpages>>7)) ^ | ||
64 | (jiffies ^ (jiffies >> 6))); | ||
65 | |||
66 | f->nqueues = 0; | ||
67 | atomic_set(&f->mem, 0); | ||
68 | |||
69 | init_timer(&f->secret_timer); | ||
70 | f->secret_timer.function = inet_frag_secret_rebuild; | ||
71 | f->secret_timer.data = (unsigned long)f; | ||
72 | f->secret_timer.expires = jiffies + f->ctl->secret_interval; | ||
73 | add_timer(&f->secret_timer); | ||
74 | } | ||
75 | EXPORT_SYMBOL(inet_frags_init); | ||
76 | |||
77 | void inet_frags_fini(struct inet_frags *f) | ||
78 | { | ||
79 | del_timer(&f->secret_timer); | ||
80 | } | ||
81 | EXPORT_SYMBOL(inet_frags_fini); | ||
82 | |||
83 | static inline void fq_unlink(struct inet_frag_queue *fq, struct inet_frags *f) | ||
84 | { | ||
85 | write_lock(&f->lock); | ||
86 | hlist_del(&fq->list); | ||
87 | list_del(&fq->lru_list); | ||
88 | f->nqueues--; | ||
89 | write_unlock(&f->lock); | ||
90 | } | ||
91 | |||
92 | void inet_frag_kill(struct inet_frag_queue *fq, struct inet_frags *f) | ||
93 | { | ||
94 | if (del_timer(&fq->timer)) | ||
95 | atomic_dec(&fq->refcnt); | ||
96 | |||
97 | if (!(fq->last_in & COMPLETE)) { | ||
98 | fq_unlink(fq, f); | ||
99 | atomic_dec(&fq->refcnt); | ||
100 | fq->last_in |= COMPLETE; | ||
101 | } | ||
102 | } | ||
103 | |||
104 | EXPORT_SYMBOL(inet_frag_kill); | ||
105 | |||
106 | static inline void frag_kfree_skb(struct inet_frags *f, struct sk_buff *skb, | ||
107 | int *work) | ||
108 | { | ||
109 | if (work) | ||
110 | *work -= skb->truesize; | ||
111 | |||
112 | atomic_sub(skb->truesize, &f->mem); | ||
113 | if (f->skb_free) | ||
114 | f->skb_free(skb); | ||
115 | kfree_skb(skb); | ||
116 | } | ||
117 | |||
118 | void inet_frag_destroy(struct inet_frag_queue *q, struct inet_frags *f, | ||
119 | int *work) | ||
120 | { | ||
121 | struct sk_buff *fp; | ||
122 | |||
123 | BUG_TRAP(q->last_in & COMPLETE); | ||
124 | BUG_TRAP(del_timer(&q->timer) == 0); | ||
125 | |||
126 | /* Release all fragment data. */ | ||
127 | fp = q->fragments; | ||
128 | while (fp) { | ||
129 | struct sk_buff *xp = fp->next; | ||
130 | |||
131 | frag_kfree_skb(f, fp, work); | ||
132 | fp = xp; | ||
133 | } | ||
134 | |||
135 | if (work) | ||
136 | *work -= f->qsize; | ||
137 | atomic_sub(f->qsize, &f->mem); | ||
138 | |||
139 | f->destructor(q); | ||
140 | |||
141 | } | ||
142 | EXPORT_SYMBOL(inet_frag_destroy); | ||
143 | |||
144 | int inet_frag_evictor(struct inet_frags *f) | ||
145 | { | ||
146 | struct inet_frag_queue *q; | ||
147 | int work, evicted = 0; | ||
148 | |||
149 | work = atomic_read(&f->mem) - f->ctl->low_thresh; | ||
150 | while (work > 0) { | ||
151 | read_lock(&f->lock); | ||
152 | if (list_empty(&f->lru_list)) { | ||
153 | read_unlock(&f->lock); | ||
154 | break; | ||
155 | } | ||
156 | |||
157 | q = list_first_entry(&f->lru_list, | ||
158 | struct inet_frag_queue, lru_list); | ||
159 | atomic_inc(&q->refcnt); | ||
160 | read_unlock(&f->lock); | ||
161 | |||
162 | spin_lock(&q->lock); | ||
163 | if (!(q->last_in & COMPLETE)) | ||
164 | inet_frag_kill(q, f); | ||
165 | spin_unlock(&q->lock); | ||
166 | |||
167 | if (atomic_dec_and_test(&q->refcnt)) | ||
168 | inet_frag_destroy(q, f, &work); | ||
169 | evicted++; | ||
170 | } | ||
171 | |||
172 | return evicted; | ||
173 | } | ||
174 | EXPORT_SYMBOL(inet_frag_evictor); | ||
diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c index afbf938836f5..877da3ed52e2 100644 --- a/net/ipv4/ip_forward.c +++ b/net/ipv4/ip_forward.c | |||
@@ -40,7 +40,7 @@ | |||
40 | #include <net/route.h> | 40 | #include <net/route.h> |
41 | #include <net/xfrm.h> | 41 | #include <net/xfrm.h> |
42 | 42 | ||
43 | static inline int ip_forward_finish(struct sk_buff *skb) | 43 | static int ip_forward_finish(struct sk_buff *skb) |
44 | { | 44 | { |
45 | struct ip_options * opt = &(IPCB(skb)->opt); | 45 | struct ip_options * opt = &(IPCB(skb)->opt); |
46 | 46 | ||
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index fabb86db763b..443b3f89192f 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c | |||
@@ -39,6 +39,7 @@ | |||
39 | #include <net/icmp.h> | 39 | #include <net/icmp.h> |
40 | #include <net/checksum.h> | 40 | #include <net/checksum.h> |
41 | #include <net/inetpeer.h> | 41 | #include <net/inetpeer.h> |
42 | #include <net/inet_frag.h> | ||
42 | #include <linux/tcp.h> | 43 | #include <linux/tcp.h> |
43 | #include <linux/udp.h> | 44 | #include <linux/udp.h> |
44 | #include <linux/inet.h> | 45 | #include <linux/inet.h> |
@@ -49,21 +50,8 @@ | |||
49 | * as well. Or notify me, at least. --ANK | 50 | * as well. Or notify me, at least. --ANK |
50 | */ | 51 | */ |
51 | 52 | ||
52 | /* Fragment cache limits. We will commit 256K at one time. Should we | ||
53 | * cross that limit we will prune down to 192K. This should cope with | ||
54 | * even the most extreme cases without allowing an attacker to measurably | ||
55 | * harm machine performance. | ||
56 | */ | ||
57 | int sysctl_ipfrag_high_thresh __read_mostly = 256*1024; | ||
58 | int sysctl_ipfrag_low_thresh __read_mostly = 192*1024; | ||
59 | |||
60 | int sysctl_ipfrag_max_dist __read_mostly = 64; | 53 | int sysctl_ipfrag_max_dist __read_mostly = 64; |
61 | 54 | ||
62 | /* Important NOTE! Fragment queue must be destroyed before MSL expires. | ||
63 | * RFC791 is wrong proposing to prolongate timer each fragment arrival by TTL. | ||
64 | */ | ||
65 | int sysctl_ipfrag_time __read_mostly = IP_FRAG_TIME; | ||
66 | |||
67 | struct ipfrag_skb_cb | 55 | struct ipfrag_skb_cb |
68 | { | 56 | { |
69 | struct inet_skb_parm h; | 57 | struct inet_skb_parm h; |
@@ -74,153 +62,102 @@ struct ipfrag_skb_cb | |||
74 | 62 | ||
75 | /* Describe an entry in the "incomplete datagrams" queue. */ | 63 | /* Describe an entry in the "incomplete datagrams" queue. */ |
76 | struct ipq { | 64 | struct ipq { |
77 | struct hlist_node list; | 65 | struct inet_frag_queue q; |
78 | struct list_head lru_list; /* lru list member */ | 66 | |
79 | u32 user; | 67 | u32 user; |
80 | __be32 saddr; | 68 | __be32 saddr; |
81 | __be32 daddr; | 69 | __be32 daddr; |
82 | __be16 id; | 70 | __be16 id; |
83 | u8 protocol; | 71 | u8 protocol; |
84 | u8 last_in; | ||
85 | #define COMPLETE 4 | ||
86 | #define FIRST_IN 2 | ||
87 | #define LAST_IN 1 | ||
88 | |||
89 | struct sk_buff *fragments; /* linked list of received fragments */ | ||
90 | int len; /* total length of original datagram */ | ||
91 | int meat; | ||
92 | spinlock_t lock; | ||
93 | atomic_t refcnt; | ||
94 | struct timer_list timer; /* when will this queue expire? */ | ||
95 | ktime_t stamp; | ||
96 | int iif; | 72 | int iif; |
97 | unsigned int rid; | 73 | unsigned int rid; |
98 | struct inet_peer *peer; | 74 | struct inet_peer *peer; |
99 | }; | 75 | }; |
100 | 76 | ||
101 | /* Hash table. */ | 77 | struct inet_frags_ctl ip4_frags_ctl __read_mostly = { |
78 | /* | ||
79 | * Fragment cache limits. We will commit 256K at one time. Should we | ||
80 | * cross that limit we will prune down to 192K. This should cope with | ||
81 | * even the most extreme cases without allowing an attacker to | ||
82 | * measurably harm machine performance. | ||
83 | */ | ||
84 | .high_thresh = 256 * 1024, | ||
85 | .low_thresh = 192 * 1024, | ||
102 | 86 | ||
103 | #define IPQ_HASHSZ 64 | 87 | /* |
88 | * Important NOTE! Fragment queue must be destroyed before MSL expires. | ||
89 | * RFC791 is wrong proposing to prolongate timer each fragment arrival | ||
90 | * by TTL. | ||
91 | */ | ||
92 | .timeout = IP_FRAG_TIME, | ||
93 | .secret_interval = 10 * 60 * HZ, | ||
94 | }; | ||
104 | 95 | ||
105 | /* Per-bucket lock is easy to add now. */ | 96 | static struct inet_frags ip4_frags; |
106 | static struct hlist_head ipq_hash[IPQ_HASHSZ]; | ||
107 | static DEFINE_RWLOCK(ipfrag_lock); | ||
108 | static u32 ipfrag_hash_rnd; | ||
109 | static LIST_HEAD(ipq_lru_list); | ||
110 | int ip_frag_nqueues = 0; | ||
111 | 97 | ||
112 | static __inline__ void __ipq_unlink(struct ipq *qp) | 98 | int ip_frag_nqueues(void) |
113 | { | 99 | { |
114 | hlist_del(&qp->list); | 100 | return ip4_frags.nqueues; |
115 | list_del(&qp->lru_list); | ||
116 | ip_frag_nqueues--; | ||
117 | } | 101 | } |
118 | 102 | ||
119 | static __inline__ void ipq_unlink(struct ipq *ipq) | 103 | int ip_frag_mem(void) |
120 | { | 104 | { |
121 | write_lock(&ipfrag_lock); | 105 | return atomic_read(&ip4_frags.mem); |
122 | __ipq_unlink(ipq); | ||
123 | write_unlock(&ipfrag_lock); | ||
124 | } | 106 | } |
125 | 107 | ||
108 | static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev, | ||
109 | struct net_device *dev); | ||
110 | |||
126 | static unsigned int ipqhashfn(__be16 id, __be32 saddr, __be32 daddr, u8 prot) | 111 | static unsigned int ipqhashfn(__be16 id, __be32 saddr, __be32 daddr, u8 prot) |
127 | { | 112 | { |
128 | return jhash_3words((__force u32)id << 16 | prot, | 113 | return jhash_3words((__force u32)id << 16 | prot, |
129 | (__force u32)saddr, (__force u32)daddr, | 114 | (__force u32)saddr, (__force u32)daddr, |
130 | ipfrag_hash_rnd) & (IPQ_HASHSZ - 1); | 115 | ip4_frags.rnd) & (INETFRAGS_HASHSZ - 1); |
131 | } | 116 | } |
132 | 117 | ||
133 | static struct timer_list ipfrag_secret_timer; | 118 | static unsigned int ip4_hashfn(struct inet_frag_queue *q) |
134 | int sysctl_ipfrag_secret_interval __read_mostly = 10 * 60 * HZ; | ||
135 | |||
136 | static void ipfrag_secret_rebuild(unsigned long dummy) | ||
137 | { | 119 | { |
138 | unsigned long now = jiffies; | 120 | struct ipq *ipq; |
139 | int i; | ||
140 | |||
141 | write_lock(&ipfrag_lock); | ||
142 | get_random_bytes(&ipfrag_hash_rnd, sizeof(u32)); | ||
143 | for (i = 0; i < IPQ_HASHSZ; i++) { | ||
144 | struct ipq *q; | ||
145 | struct hlist_node *p, *n; | ||
146 | |||
147 | hlist_for_each_entry_safe(q, p, n, &ipq_hash[i], list) { | ||
148 | unsigned int hval = ipqhashfn(q->id, q->saddr, | ||
149 | q->daddr, q->protocol); | ||
150 | |||
151 | if (hval != i) { | ||
152 | hlist_del(&q->list); | ||
153 | 121 | ||
154 | /* Relink to new hash chain. */ | 122 | ipq = container_of(q, struct ipq, q); |
155 | hlist_add_head(&q->list, &ipq_hash[hval]); | 123 | return ipqhashfn(ipq->id, ipq->saddr, ipq->daddr, ipq->protocol); |
156 | } | ||
157 | } | ||
158 | } | ||
159 | write_unlock(&ipfrag_lock); | ||
160 | |||
161 | mod_timer(&ipfrag_secret_timer, now + sysctl_ipfrag_secret_interval); | ||
162 | } | 124 | } |
163 | 125 | ||
164 | atomic_t ip_frag_mem = ATOMIC_INIT(0); /* Memory used for fragments */ | ||
165 | |||
166 | /* Memory Tracking Functions. */ | 126 | /* Memory Tracking Functions. */ |
167 | static __inline__ void frag_kfree_skb(struct sk_buff *skb, int *work) | 127 | static __inline__ void frag_kfree_skb(struct sk_buff *skb, int *work) |
168 | { | 128 | { |
169 | if (work) | 129 | if (work) |
170 | *work -= skb->truesize; | 130 | *work -= skb->truesize; |
171 | atomic_sub(skb->truesize, &ip_frag_mem); | 131 | atomic_sub(skb->truesize, &ip4_frags.mem); |
172 | kfree_skb(skb); | 132 | kfree_skb(skb); |
173 | } | 133 | } |
174 | 134 | ||
175 | static __inline__ void frag_free_queue(struct ipq *qp, int *work) | 135 | static __inline__ void ip4_frag_free(struct inet_frag_queue *q) |
176 | { | 136 | { |
177 | if (work) | 137 | struct ipq *qp; |
178 | *work -= sizeof(struct ipq); | 138 | |
179 | atomic_sub(sizeof(struct ipq), &ip_frag_mem); | 139 | qp = container_of(q, struct ipq, q); |
140 | if (qp->peer) | ||
141 | inet_putpeer(qp->peer); | ||
180 | kfree(qp); | 142 | kfree(qp); |
181 | } | 143 | } |
182 | 144 | ||
183 | static __inline__ struct ipq *frag_alloc_queue(void) | 145 | static __inline__ struct ipq *frag_alloc_queue(void) |
184 | { | 146 | { |
185 | struct ipq *qp = kmalloc(sizeof(struct ipq), GFP_ATOMIC); | 147 | struct ipq *qp = kzalloc(sizeof(struct ipq), GFP_ATOMIC); |
186 | 148 | ||
187 | if (!qp) | 149 | if (!qp) |
188 | return NULL; | 150 | return NULL; |
189 | atomic_add(sizeof(struct ipq), &ip_frag_mem); | 151 | atomic_add(sizeof(struct ipq), &ip4_frags.mem); |
190 | return qp; | 152 | return qp; |
191 | } | 153 | } |
192 | 154 | ||
193 | 155 | ||
194 | /* Destruction primitives. */ | 156 | /* Destruction primitives. */ |
195 | 157 | ||
196 | /* Complete destruction of ipq. */ | 158 | static __inline__ void ipq_put(struct ipq *ipq) |
197 | static void ip_frag_destroy(struct ipq *qp, int *work) | ||
198 | { | ||
199 | struct sk_buff *fp; | ||
200 | |||
201 | BUG_TRAP(qp->last_in&COMPLETE); | ||
202 | BUG_TRAP(del_timer(&qp->timer) == 0); | ||
203 | |||
204 | if (qp->peer) | ||
205 | inet_putpeer(qp->peer); | ||
206 | |||
207 | /* Release all fragment data. */ | ||
208 | fp = qp->fragments; | ||
209 | while (fp) { | ||
210 | struct sk_buff *xp = fp->next; | ||
211 | |||
212 | frag_kfree_skb(fp, work); | ||
213 | fp = xp; | ||
214 | } | ||
215 | |||
216 | /* Finally, release the queue descriptor itself. */ | ||
217 | frag_free_queue(qp, work); | ||
218 | } | ||
219 | |||
220 | static __inline__ void ipq_put(struct ipq *ipq, int *work) | ||
221 | { | 159 | { |
222 | if (atomic_dec_and_test(&ipq->refcnt)) | 160 | inet_frag_put(&ipq->q, &ip4_frags); |
223 | ip_frag_destroy(ipq, work); | ||
224 | } | 161 | } |
225 | 162 | ||
226 | /* Kill ipq entry. It is not destroyed immediately, | 163 | /* Kill ipq entry. It is not destroyed immediately, |
@@ -228,14 +165,7 @@ static __inline__ void ipq_put(struct ipq *ipq, int *work) | |||
228 | */ | 165 | */ |
229 | static void ipq_kill(struct ipq *ipq) | 166 | static void ipq_kill(struct ipq *ipq) |
230 | { | 167 | { |
231 | if (del_timer(&ipq->timer)) | 168 | inet_frag_kill(&ipq->q, &ip4_frags); |
232 | atomic_dec(&ipq->refcnt); | ||
233 | |||
234 | if (!(ipq->last_in & COMPLETE)) { | ||
235 | ipq_unlink(ipq); | ||
236 | atomic_dec(&ipq->refcnt); | ||
237 | ipq->last_in |= COMPLETE; | ||
238 | } | ||
239 | } | 169 | } |
240 | 170 | ||
241 | /* Memory limiting on fragments. Evictor trashes the oldest | 171 | /* Memory limiting on fragments. Evictor trashes the oldest |
@@ -243,33 +173,11 @@ static void ipq_kill(struct ipq *ipq) | |||
243 | */ | 173 | */ |
244 | static void ip_evictor(void) | 174 | static void ip_evictor(void) |
245 | { | 175 | { |
246 | struct ipq *qp; | 176 | int evicted; |
247 | struct list_head *tmp; | ||
248 | int work; | ||
249 | |||
250 | work = atomic_read(&ip_frag_mem) - sysctl_ipfrag_low_thresh; | ||
251 | if (work <= 0) | ||
252 | return; | ||
253 | |||
254 | while (work > 0) { | ||
255 | read_lock(&ipfrag_lock); | ||
256 | if (list_empty(&ipq_lru_list)) { | ||
257 | read_unlock(&ipfrag_lock); | ||
258 | return; | ||
259 | } | ||
260 | tmp = ipq_lru_list.next; | ||
261 | qp = list_entry(tmp, struct ipq, lru_list); | ||
262 | atomic_inc(&qp->refcnt); | ||
263 | read_unlock(&ipfrag_lock); | ||
264 | 177 | ||
265 | spin_lock(&qp->lock); | 178 | evicted = inet_frag_evictor(&ip4_frags); |
266 | if (!(qp->last_in&COMPLETE)) | 179 | if (evicted) |
267 | ipq_kill(qp); | 180 | IP_ADD_STATS_BH(IPSTATS_MIB_REASMFAILS, evicted); |
268 | spin_unlock(&qp->lock); | ||
269 | |||
270 | ipq_put(qp, &work); | ||
271 | IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); | ||
272 | } | ||
273 | } | 181 | } |
274 | 182 | ||
275 | /* | 183 | /* |
@@ -279,9 +187,9 @@ static void ip_expire(unsigned long arg) | |||
279 | { | 187 | { |
280 | struct ipq *qp = (struct ipq *) arg; | 188 | struct ipq *qp = (struct ipq *) arg; |
281 | 189 | ||
282 | spin_lock(&qp->lock); | 190 | spin_lock(&qp->q.lock); |
283 | 191 | ||
284 | if (qp->last_in & COMPLETE) | 192 | if (qp->q.last_in & COMPLETE) |
285 | goto out; | 193 | goto out; |
286 | 194 | ||
287 | ipq_kill(qp); | 195 | ipq_kill(qp); |
@@ -289,8 +197,8 @@ static void ip_expire(unsigned long arg) | |||
289 | IP_INC_STATS_BH(IPSTATS_MIB_REASMTIMEOUT); | 197 | IP_INC_STATS_BH(IPSTATS_MIB_REASMTIMEOUT); |
290 | IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); | 198 | IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); |
291 | 199 | ||
292 | if ((qp->last_in&FIRST_IN) && qp->fragments != NULL) { | 200 | if ((qp->q.last_in&FIRST_IN) && qp->q.fragments != NULL) { |
293 | struct sk_buff *head = qp->fragments; | 201 | struct sk_buff *head = qp->q.fragments; |
294 | /* Send an ICMP "Fragment Reassembly Timeout" message. */ | 202 | /* Send an ICMP "Fragment Reassembly Timeout" message. */ |
295 | if ((head->dev = dev_get_by_index(&init_net, qp->iif)) != NULL) { | 203 | if ((head->dev = dev_get_by_index(&init_net, qp->iif)) != NULL) { |
296 | icmp_send(head, ICMP_TIME_EXCEEDED, ICMP_EXC_FRAGTIME, 0); | 204 | icmp_send(head, ICMP_TIME_EXCEEDED, ICMP_EXC_FRAGTIME, 0); |
@@ -298,8 +206,8 @@ static void ip_expire(unsigned long arg) | |||
298 | } | 206 | } |
299 | } | 207 | } |
300 | out: | 208 | out: |
301 | spin_unlock(&qp->lock); | 209 | spin_unlock(&qp->q.lock); |
302 | ipq_put(qp, NULL); | 210 | ipq_put(qp); |
303 | } | 211 | } |
304 | 212 | ||
305 | /* Creation primitives. */ | 213 | /* Creation primitives. */ |
@@ -312,7 +220,7 @@ static struct ipq *ip_frag_intern(struct ipq *qp_in) | |||
312 | #endif | 220 | #endif |
313 | unsigned int hash; | 221 | unsigned int hash; |
314 | 222 | ||
315 | write_lock(&ipfrag_lock); | 223 | write_lock(&ip4_frags.lock); |
316 | hash = ipqhashfn(qp_in->id, qp_in->saddr, qp_in->daddr, | 224 | hash = ipqhashfn(qp_in->id, qp_in->saddr, qp_in->daddr, |
317 | qp_in->protocol); | 225 | qp_in->protocol); |
318 | #ifdef CONFIG_SMP | 226 | #ifdef CONFIG_SMP |
@@ -320,31 +228,31 @@ static struct ipq *ip_frag_intern(struct ipq *qp_in) | |||
320 | * such entry could be created on other cpu, while we | 228 | * such entry could be created on other cpu, while we |
321 | * promoted read lock to write lock. | 229 | * promoted read lock to write lock. |
322 | */ | 230 | */ |
323 | hlist_for_each_entry(qp, n, &ipq_hash[hash], list) { | 231 | hlist_for_each_entry(qp, n, &ip4_frags.hash[hash], q.list) { |
324 | if (qp->id == qp_in->id && | 232 | if (qp->id == qp_in->id && |
325 | qp->saddr == qp_in->saddr && | 233 | qp->saddr == qp_in->saddr && |
326 | qp->daddr == qp_in->daddr && | 234 | qp->daddr == qp_in->daddr && |
327 | qp->protocol == qp_in->protocol && | 235 | qp->protocol == qp_in->protocol && |
328 | qp->user == qp_in->user) { | 236 | qp->user == qp_in->user) { |
329 | atomic_inc(&qp->refcnt); | 237 | atomic_inc(&qp->q.refcnt); |
330 | write_unlock(&ipfrag_lock); | 238 | write_unlock(&ip4_frags.lock); |
331 | qp_in->last_in |= COMPLETE; | 239 | qp_in->q.last_in |= COMPLETE; |
332 | ipq_put(qp_in, NULL); | 240 | ipq_put(qp_in); |
333 | return qp; | 241 | return qp; |
334 | } | 242 | } |
335 | } | 243 | } |
336 | #endif | 244 | #endif |
337 | qp = qp_in; | 245 | qp = qp_in; |
338 | 246 | ||
339 | if (!mod_timer(&qp->timer, jiffies + sysctl_ipfrag_time)) | 247 | if (!mod_timer(&qp->q.timer, jiffies + ip4_frags_ctl.timeout)) |
340 | atomic_inc(&qp->refcnt); | 248 | atomic_inc(&qp->q.refcnt); |
341 | 249 | ||
342 | atomic_inc(&qp->refcnt); | 250 | atomic_inc(&qp->q.refcnt); |
343 | hlist_add_head(&qp->list, &ipq_hash[hash]); | 251 | hlist_add_head(&qp->q.list, &ip4_frags.hash[hash]); |
344 | INIT_LIST_HEAD(&qp->lru_list); | 252 | INIT_LIST_HEAD(&qp->q.lru_list); |
345 | list_add_tail(&qp->lru_list, &ipq_lru_list); | 253 | list_add_tail(&qp->q.lru_list, &ip4_frags.lru_list); |
346 | ip_frag_nqueues++; | 254 | ip4_frags.nqueues++; |
347 | write_unlock(&ipfrag_lock); | 255 | write_unlock(&ip4_frags.lock); |
348 | return qp; | 256 | return qp; |
349 | } | 257 | } |
350 | 258 | ||
@@ -357,23 +265,18 @@ static struct ipq *ip_frag_create(struct iphdr *iph, u32 user) | |||
357 | goto out_nomem; | 265 | goto out_nomem; |
358 | 266 | ||
359 | qp->protocol = iph->protocol; | 267 | qp->protocol = iph->protocol; |
360 | qp->last_in = 0; | ||
361 | qp->id = iph->id; | 268 | qp->id = iph->id; |
362 | qp->saddr = iph->saddr; | 269 | qp->saddr = iph->saddr; |
363 | qp->daddr = iph->daddr; | 270 | qp->daddr = iph->daddr; |
364 | qp->user = user; | 271 | qp->user = user; |
365 | qp->len = 0; | ||
366 | qp->meat = 0; | ||
367 | qp->fragments = NULL; | ||
368 | qp->iif = 0; | ||
369 | qp->peer = sysctl_ipfrag_max_dist ? inet_getpeer(iph->saddr, 1) : NULL; | 272 | qp->peer = sysctl_ipfrag_max_dist ? inet_getpeer(iph->saddr, 1) : NULL; |
370 | 273 | ||
371 | /* Initialize a timer for this entry. */ | 274 | /* Initialize a timer for this entry. */ |
372 | init_timer(&qp->timer); | 275 | init_timer(&qp->q.timer); |
373 | qp->timer.data = (unsigned long) qp; /* pointer to queue */ | 276 | qp->q.timer.data = (unsigned long) qp; /* pointer to queue */ |
374 | qp->timer.function = ip_expire; /* expire function */ | 277 | qp->q.timer.function = ip_expire; /* expire function */ |
375 | spin_lock_init(&qp->lock); | 278 | spin_lock_init(&qp->q.lock); |
376 | atomic_set(&qp->refcnt, 1); | 279 | atomic_set(&qp->q.refcnt, 1); |
377 | 280 | ||
378 | return ip_frag_intern(qp); | 281 | return ip_frag_intern(qp); |
379 | 282 | ||
@@ -395,20 +298,20 @@ static inline struct ipq *ip_find(struct iphdr *iph, u32 user) | |||
395 | struct ipq *qp; | 298 | struct ipq *qp; |
396 | struct hlist_node *n; | 299 | struct hlist_node *n; |
397 | 300 | ||
398 | read_lock(&ipfrag_lock); | 301 | read_lock(&ip4_frags.lock); |
399 | hash = ipqhashfn(id, saddr, daddr, protocol); | 302 | hash = ipqhashfn(id, saddr, daddr, protocol); |
400 | hlist_for_each_entry(qp, n, &ipq_hash[hash], list) { | 303 | hlist_for_each_entry(qp, n, &ip4_frags.hash[hash], q.list) { |
401 | if (qp->id == id && | 304 | if (qp->id == id && |
402 | qp->saddr == saddr && | 305 | qp->saddr == saddr && |
403 | qp->daddr == daddr && | 306 | qp->daddr == daddr && |
404 | qp->protocol == protocol && | 307 | qp->protocol == protocol && |
405 | qp->user == user) { | 308 | qp->user == user) { |
406 | atomic_inc(&qp->refcnt); | 309 | atomic_inc(&qp->q.refcnt); |
407 | read_unlock(&ipfrag_lock); | 310 | read_unlock(&ip4_frags.lock); |
408 | return qp; | 311 | return qp; |
409 | } | 312 | } |
410 | } | 313 | } |
411 | read_unlock(&ipfrag_lock); | 314 | read_unlock(&ip4_frags.lock); |
412 | 315 | ||
413 | return ip_frag_create(iph, user); | 316 | return ip_frag_create(iph, user); |
414 | } | 317 | } |
@@ -429,7 +332,7 @@ static inline int ip_frag_too_far(struct ipq *qp) | |||
429 | end = atomic_inc_return(&peer->rid); | 332 | end = atomic_inc_return(&peer->rid); |
430 | qp->rid = end; | 333 | qp->rid = end; |
431 | 334 | ||
432 | rc = qp->fragments && (end - start) > max; | 335 | rc = qp->q.fragments && (end - start) > max; |
433 | 336 | ||
434 | if (rc) { | 337 | if (rc) { |
435 | IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); | 338 | IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); |
@@ -442,39 +345,42 @@ static int ip_frag_reinit(struct ipq *qp) | |||
442 | { | 345 | { |
443 | struct sk_buff *fp; | 346 | struct sk_buff *fp; |
444 | 347 | ||
445 | if (!mod_timer(&qp->timer, jiffies + sysctl_ipfrag_time)) { | 348 | if (!mod_timer(&qp->q.timer, jiffies + ip4_frags_ctl.timeout)) { |
446 | atomic_inc(&qp->refcnt); | 349 | atomic_inc(&qp->q.refcnt); |
447 | return -ETIMEDOUT; | 350 | return -ETIMEDOUT; |
448 | } | 351 | } |
449 | 352 | ||
450 | fp = qp->fragments; | 353 | fp = qp->q.fragments; |
451 | do { | 354 | do { |
452 | struct sk_buff *xp = fp->next; | 355 | struct sk_buff *xp = fp->next; |
453 | frag_kfree_skb(fp, NULL); | 356 | frag_kfree_skb(fp, NULL); |
454 | fp = xp; | 357 | fp = xp; |
455 | } while (fp); | 358 | } while (fp); |
456 | 359 | ||
457 | qp->last_in = 0; | 360 | qp->q.last_in = 0; |
458 | qp->len = 0; | 361 | qp->q.len = 0; |
459 | qp->meat = 0; | 362 | qp->q.meat = 0; |
460 | qp->fragments = NULL; | 363 | qp->q.fragments = NULL; |
461 | qp->iif = 0; | 364 | qp->iif = 0; |
462 | 365 | ||
463 | return 0; | 366 | return 0; |
464 | } | 367 | } |
465 | 368 | ||
466 | /* Add new segment to existing queue. */ | 369 | /* Add new segment to existing queue. */ |
467 | static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb) | 370 | static int ip_frag_queue(struct ipq *qp, struct sk_buff *skb) |
468 | { | 371 | { |
469 | struct sk_buff *prev, *next; | 372 | struct sk_buff *prev, *next; |
373 | struct net_device *dev; | ||
470 | int flags, offset; | 374 | int flags, offset; |
471 | int ihl, end; | 375 | int ihl, end; |
376 | int err = -ENOENT; | ||
472 | 377 | ||
473 | if (qp->last_in & COMPLETE) | 378 | if (qp->q.last_in & COMPLETE) |
474 | goto err; | 379 | goto err; |
475 | 380 | ||
476 | if (!(IPCB(skb)->flags & IPSKB_FRAG_COMPLETE) && | 381 | if (!(IPCB(skb)->flags & IPSKB_FRAG_COMPLETE) && |
477 | unlikely(ip_frag_too_far(qp)) && unlikely(ip_frag_reinit(qp))) { | 382 | unlikely(ip_frag_too_far(qp)) && |
383 | unlikely(err = ip_frag_reinit(qp))) { | ||
478 | ipq_kill(qp); | 384 | ipq_kill(qp); |
479 | goto err; | 385 | goto err; |
480 | } | 386 | } |
@@ -487,36 +393,40 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb) | |||
487 | 393 | ||
488 | /* Determine the position of this fragment. */ | 394 | /* Determine the position of this fragment. */ |
489 | end = offset + skb->len - ihl; | 395 | end = offset + skb->len - ihl; |
396 | err = -EINVAL; | ||
490 | 397 | ||
491 | /* Is this the final fragment? */ | 398 | /* Is this the final fragment? */ |
492 | if ((flags & IP_MF) == 0) { | 399 | if ((flags & IP_MF) == 0) { |
493 | /* If we already have some bits beyond end | 400 | /* If we already have some bits beyond end |
494 | * or have different end, the segment is corrrupted. | 401 | * or have different end, the segment is corrrupted. |
495 | */ | 402 | */ |
496 | if (end < qp->len || | 403 | if (end < qp->q.len || |
497 | ((qp->last_in & LAST_IN) && end != qp->len)) | 404 | ((qp->q.last_in & LAST_IN) && end != qp->q.len)) |
498 | goto err; | 405 | goto err; |
499 | qp->last_in |= LAST_IN; | 406 | qp->q.last_in |= LAST_IN; |
500 | qp->len = end; | 407 | qp->q.len = end; |
501 | } else { | 408 | } else { |
502 | if (end&7) { | 409 | if (end&7) { |
503 | end &= ~7; | 410 | end &= ~7; |
504 | if (skb->ip_summed != CHECKSUM_UNNECESSARY) | 411 | if (skb->ip_summed != CHECKSUM_UNNECESSARY) |
505 | skb->ip_summed = CHECKSUM_NONE; | 412 | skb->ip_summed = CHECKSUM_NONE; |
506 | } | 413 | } |
507 | if (end > qp->len) { | 414 | if (end > qp->q.len) { |
508 | /* Some bits beyond end -> corruption. */ | 415 | /* Some bits beyond end -> corruption. */ |
509 | if (qp->last_in & LAST_IN) | 416 | if (qp->q.last_in & LAST_IN) |
510 | goto err; | 417 | goto err; |
511 | qp->len = end; | 418 | qp->q.len = end; |
512 | } | 419 | } |
513 | } | 420 | } |
514 | if (end == offset) | 421 | if (end == offset) |
515 | goto err; | 422 | goto err; |
516 | 423 | ||
424 | err = -ENOMEM; | ||
517 | if (pskb_pull(skb, ihl) == NULL) | 425 | if (pskb_pull(skb, ihl) == NULL) |
518 | goto err; | 426 | goto err; |
519 | if (pskb_trim_rcsum(skb, end-offset)) | 427 | |
428 | err = pskb_trim_rcsum(skb, end - offset); | ||
429 | if (err) | ||
520 | goto err; | 430 | goto err; |
521 | 431 | ||
522 | /* Find out which fragments are in front and at the back of us | 432 | /* Find out which fragments are in front and at the back of us |
@@ -524,7 +434,7 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb) | |||
524 | * this fragment, right? | 434 | * this fragment, right? |
525 | */ | 435 | */ |
526 | prev = NULL; | 436 | prev = NULL; |
527 | for (next = qp->fragments; next != NULL; next = next->next) { | 437 | for (next = qp->q.fragments; next != NULL; next = next->next) { |
528 | if (FRAG_CB(next)->offset >= offset) | 438 | if (FRAG_CB(next)->offset >= offset) |
529 | break; /* bingo! */ | 439 | break; /* bingo! */ |
530 | prev = next; | 440 | prev = next; |
@@ -539,8 +449,10 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb) | |||
539 | 449 | ||
540 | if (i > 0) { | 450 | if (i > 0) { |
541 | offset += i; | 451 | offset += i; |
452 | err = -EINVAL; | ||
542 | if (end <= offset) | 453 | if (end <= offset) |
543 | goto err; | 454 | goto err; |
455 | err = -ENOMEM; | ||
544 | if (!pskb_pull(skb, i)) | 456 | if (!pskb_pull(skb, i)) |
545 | goto err; | 457 | goto err; |
546 | if (skb->ip_summed != CHECKSUM_UNNECESSARY) | 458 | if (skb->ip_summed != CHECKSUM_UNNECESSARY) |
@@ -548,6 +460,8 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb) | |||
548 | } | 460 | } |
549 | } | 461 | } |
550 | 462 | ||
463 | err = -ENOMEM; | ||
464 | |||
551 | while (next && FRAG_CB(next)->offset < end) { | 465 | while (next && FRAG_CB(next)->offset < end) { |
552 | int i = end - FRAG_CB(next)->offset; /* overlap is 'i' bytes */ | 466 | int i = end - FRAG_CB(next)->offset; /* overlap is 'i' bytes */ |
553 | 467 | ||
@@ -558,7 +472,7 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb) | |||
558 | if (!pskb_pull(next, i)) | 472 | if (!pskb_pull(next, i)) |
559 | goto err; | 473 | goto err; |
560 | FRAG_CB(next)->offset += i; | 474 | FRAG_CB(next)->offset += i; |
561 | qp->meat -= i; | 475 | qp->q.meat -= i; |
562 | if (next->ip_summed != CHECKSUM_UNNECESSARY) | 476 | if (next->ip_summed != CHECKSUM_UNNECESSARY) |
563 | next->ip_summed = CHECKSUM_NONE; | 477 | next->ip_summed = CHECKSUM_NONE; |
564 | break; | 478 | break; |
@@ -573,9 +487,9 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb) | |||
573 | if (prev) | 487 | if (prev) |
574 | prev->next = next; | 488 | prev->next = next; |
575 | else | 489 | else |
576 | qp->fragments = next; | 490 | qp->q.fragments = next; |
577 | 491 | ||
578 | qp->meat -= free_it->len; | 492 | qp->q.meat -= free_it->len; |
579 | frag_kfree_skb(free_it, NULL); | 493 | frag_kfree_skb(free_it, NULL); |
580 | } | 494 | } |
581 | } | 495 | } |
@@ -587,50 +501,77 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb) | |||
587 | if (prev) | 501 | if (prev) |
588 | prev->next = skb; | 502 | prev->next = skb; |
589 | else | 503 | else |
590 | qp->fragments = skb; | 504 | qp->q.fragments = skb; |
591 | 505 | ||
592 | if (skb->dev) | 506 | dev = skb->dev; |
593 | qp->iif = skb->dev->ifindex; | 507 | if (dev) { |
594 | skb->dev = NULL; | 508 | qp->iif = dev->ifindex; |
595 | qp->stamp = skb->tstamp; | 509 | skb->dev = NULL; |
596 | qp->meat += skb->len; | 510 | } |
597 | atomic_add(skb->truesize, &ip_frag_mem); | 511 | qp->q.stamp = skb->tstamp; |
512 | qp->q.meat += skb->len; | ||
513 | atomic_add(skb->truesize, &ip4_frags.mem); | ||
598 | if (offset == 0) | 514 | if (offset == 0) |
599 | qp->last_in |= FIRST_IN; | 515 | qp->q.last_in |= FIRST_IN; |
600 | 516 | ||
601 | write_lock(&ipfrag_lock); | 517 | if (qp->q.last_in == (FIRST_IN | LAST_IN) && qp->q.meat == qp->q.len) |
602 | list_move_tail(&qp->lru_list, &ipq_lru_list); | 518 | return ip_frag_reasm(qp, prev, dev); |
603 | write_unlock(&ipfrag_lock); | ||
604 | 519 | ||
605 | return; | 520 | write_lock(&ip4_frags.lock); |
521 | list_move_tail(&qp->q.lru_list, &ip4_frags.lru_list); | ||
522 | write_unlock(&ip4_frags.lock); | ||
523 | return -EINPROGRESS; | ||
606 | 524 | ||
607 | err: | 525 | err: |
608 | kfree_skb(skb); | 526 | kfree_skb(skb); |
527 | return err; | ||
609 | } | 528 | } |
610 | 529 | ||
611 | 530 | ||
612 | /* Build a new IP datagram from all its fragments. */ | 531 | /* Build a new IP datagram from all its fragments. */ |
613 | 532 | ||
614 | static struct sk_buff *ip_frag_reasm(struct ipq *qp, struct net_device *dev) | 533 | static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev, |
534 | struct net_device *dev) | ||
615 | { | 535 | { |
616 | struct iphdr *iph; | 536 | struct iphdr *iph; |
617 | struct sk_buff *fp, *head = qp->fragments; | 537 | struct sk_buff *fp, *head = qp->q.fragments; |
618 | int len; | 538 | int len; |
619 | int ihlen; | 539 | int ihlen; |
540 | int err; | ||
620 | 541 | ||
621 | ipq_kill(qp); | 542 | ipq_kill(qp); |
622 | 543 | ||
544 | /* Make the one we just received the head. */ | ||
545 | if (prev) { | ||
546 | head = prev->next; | ||
547 | fp = skb_clone(head, GFP_ATOMIC); | ||
548 | |||
549 | if (!fp) | ||
550 | goto out_nomem; | ||
551 | |||
552 | fp->next = head->next; | ||
553 | prev->next = fp; | ||
554 | |||
555 | skb_morph(head, qp->q.fragments); | ||
556 | head->next = qp->q.fragments->next; | ||
557 | |||
558 | kfree_skb(qp->q.fragments); | ||
559 | qp->q.fragments = head; | ||
560 | } | ||
561 | |||
623 | BUG_TRAP(head != NULL); | 562 | BUG_TRAP(head != NULL); |
624 | BUG_TRAP(FRAG_CB(head)->offset == 0); | 563 | BUG_TRAP(FRAG_CB(head)->offset == 0); |
625 | 564 | ||
626 | /* Allocate a new buffer for the datagram. */ | 565 | /* Allocate a new buffer for the datagram. */ |
627 | ihlen = ip_hdrlen(head); | 566 | ihlen = ip_hdrlen(head); |
628 | len = ihlen + qp->len; | 567 | len = ihlen + qp->q.len; |
629 | 568 | ||
569 | err = -E2BIG; | ||
630 | if (len > 65535) | 570 | if (len > 65535) |
631 | goto out_oversize; | 571 | goto out_oversize; |
632 | 572 | ||
633 | /* Head of list must not be cloned. */ | 573 | /* Head of list must not be cloned. */ |
574 | err = -ENOMEM; | ||
634 | if (skb_cloned(head) && pskb_expand_head(head, 0, 0, GFP_ATOMIC)) | 575 | if (skb_cloned(head) && pskb_expand_head(head, 0, 0, GFP_ATOMIC)) |
635 | goto out_nomem; | 576 | goto out_nomem; |
636 | 577 | ||
@@ -654,12 +595,12 @@ static struct sk_buff *ip_frag_reasm(struct ipq *qp, struct net_device *dev) | |||
654 | head->len -= clone->len; | 595 | head->len -= clone->len; |
655 | clone->csum = 0; | 596 | clone->csum = 0; |
656 | clone->ip_summed = head->ip_summed; | 597 | clone->ip_summed = head->ip_summed; |
657 | atomic_add(clone->truesize, &ip_frag_mem); | 598 | atomic_add(clone->truesize, &ip4_frags.mem); |
658 | } | 599 | } |
659 | 600 | ||
660 | skb_shinfo(head)->frag_list = head->next; | 601 | skb_shinfo(head)->frag_list = head->next; |
661 | skb_push(head, head->data - skb_network_header(head)); | 602 | skb_push(head, head->data - skb_network_header(head)); |
662 | atomic_sub(head->truesize, &ip_frag_mem); | 603 | atomic_sub(head->truesize, &ip4_frags.mem); |
663 | 604 | ||
664 | for (fp=head->next; fp; fp = fp->next) { | 605 | for (fp=head->next; fp; fp = fp->next) { |
665 | head->data_len += fp->len; | 606 | head->data_len += fp->len; |
@@ -669,19 +610,19 @@ static struct sk_buff *ip_frag_reasm(struct ipq *qp, struct net_device *dev) | |||
669 | else if (head->ip_summed == CHECKSUM_COMPLETE) | 610 | else if (head->ip_summed == CHECKSUM_COMPLETE) |
670 | head->csum = csum_add(head->csum, fp->csum); | 611 | head->csum = csum_add(head->csum, fp->csum); |
671 | head->truesize += fp->truesize; | 612 | head->truesize += fp->truesize; |
672 | atomic_sub(fp->truesize, &ip_frag_mem); | 613 | atomic_sub(fp->truesize, &ip4_frags.mem); |
673 | } | 614 | } |
674 | 615 | ||
675 | head->next = NULL; | 616 | head->next = NULL; |
676 | head->dev = dev; | 617 | head->dev = dev; |
677 | head->tstamp = qp->stamp; | 618 | head->tstamp = qp->q.stamp; |
678 | 619 | ||
679 | iph = ip_hdr(head); | 620 | iph = ip_hdr(head); |
680 | iph->frag_off = 0; | 621 | iph->frag_off = 0; |
681 | iph->tot_len = htons(len); | 622 | iph->tot_len = htons(len); |
682 | IP_INC_STATS_BH(IPSTATS_MIB_REASMOKS); | 623 | IP_INC_STATS_BH(IPSTATS_MIB_REASMOKS); |
683 | qp->fragments = NULL; | 624 | qp->q.fragments = NULL; |
684 | return head; | 625 | return 0; |
685 | 626 | ||
686 | out_nomem: | 627 | out_nomem: |
687 | LIMIT_NETDEBUG(KERN_ERR "IP: queue_glue: no memory for gluing " | 628 | LIMIT_NETDEBUG(KERN_ERR "IP: queue_glue: no memory for gluing " |
@@ -694,54 +635,46 @@ out_oversize: | |||
694 | NIPQUAD(qp->saddr)); | 635 | NIPQUAD(qp->saddr)); |
695 | out_fail: | 636 | out_fail: |
696 | IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); | 637 | IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); |
697 | return NULL; | 638 | return err; |
698 | } | 639 | } |
699 | 640 | ||
700 | /* Process an incoming IP datagram fragment. */ | 641 | /* Process an incoming IP datagram fragment. */ |
701 | struct sk_buff *ip_defrag(struct sk_buff *skb, u32 user) | 642 | int ip_defrag(struct sk_buff *skb, u32 user) |
702 | { | 643 | { |
703 | struct ipq *qp; | 644 | struct ipq *qp; |
704 | struct net_device *dev; | ||
705 | 645 | ||
706 | IP_INC_STATS_BH(IPSTATS_MIB_REASMREQDS); | 646 | IP_INC_STATS_BH(IPSTATS_MIB_REASMREQDS); |
707 | 647 | ||
708 | /* Start by cleaning up the memory. */ | 648 | /* Start by cleaning up the memory. */ |
709 | if (atomic_read(&ip_frag_mem) > sysctl_ipfrag_high_thresh) | 649 | if (atomic_read(&ip4_frags.mem) > ip4_frags_ctl.high_thresh) |
710 | ip_evictor(); | 650 | ip_evictor(); |
711 | 651 | ||
712 | dev = skb->dev; | ||
713 | |||
714 | /* Lookup (or create) queue header */ | 652 | /* Lookup (or create) queue header */ |
715 | if ((qp = ip_find(ip_hdr(skb), user)) != NULL) { | 653 | if ((qp = ip_find(ip_hdr(skb), user)) != NULL) { |
716 | struct sk_buff *ret = NULL; | 654 | int ret; |
717 | |||
718 | spin_lock(&qp->lock); | ||
719 | 655 | ||
720 | ip_frag_queue(qp, skb); | 656 | spin_lock(&qp->q.lock); |
721 | 657 | ||
722 | if (qp->last_in == (FIRST_IN|LAST_IN) && | 658 | ret = ip_frag_queue(qp, skb); |
723 | qp->meat == qp->len) | ||
724 | ret = ip_frag_reasm(qp, dev); | ||
725 | 659 | ||
726 | spin_unlock(&qp->lock); | 660 | spin_unlock(&qp->q.lock); |
727 | ipq_put(qp, NULL); | 661 | ipq_put(qp); |
728 | return ret; | 662 | return ret; |
729 | } | 663 | } |
730 | 664 | ||
731 | IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); | 665 | IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS); |
732 | kfree_skb(skb); | 666 | kfree_skb(skb); |
733 | return NULL; | 667 | return -ENOMEM; |
734 | } | 668 | } |
735 | 669 | ||
736 | void __init ipfrag_init(void) | 670 | void __init ipfrag_init(void) |
737 | { | 671 | { |
738 | ipfrag_hash_rnd = (u32) ((num_physpages ^ (num_physpages>>7)) ^ | 672 | ip4_frags.ctl = &ip4_frags_ctl; |
739 | (jiffies ^ (jiffies >> 6))); | 673 | ip4_frags.hashfn = ip4_hashfn; |
740 | 674 | ip4_frags.destructor = ip4_frag_free; | |
741 | init_timer(&ipfrag_secret_timer); | 675 | ip4_frags.skb_free = NULL; |
742 | ipfrag_secret_timer.function = ipfrag_secret_rebuild; | 676 | ip4_frags.qsize = sizeof(struct ipq); |
743 | ipfrag_secret_timer.expires = jiffies + sysctl_ipfrag_secret_interval; | 677 | inet_frags_init(&ip4_frags); |
744 | add_timer(&ipfrag_secret_timer); | ||
745 | } | 678 | } |
746 | 679 | ||
747 | EXPORT_SYMBOL(ip_defrag); | 680 | EXPORT_SYMBOL(ip_defrag); |
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index 41d8964591e7..168c871fcd79 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c | |||
@@ -172,8 +172,7 @@ int ip_call_ra_chain(struct sk_buff *skb) | |||
172 | (!sk->sk_bound_dev_if || | 172 | (!sk->sk_bound_dev_if || |
173 | sk->sk_bound_dev_if == skb->dev->ifindex)) { | 173 | sk->sk_bound_dev_if == skb->dev->ifindex)) { |
174 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { | 174 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { |
175 | skb = ip_defrag(skb, IP_DEFRAG_CALL_RA_CHAIN); | 175 | if (ip_defrag(skb, IP_DEFRAG_CALL_RA_CHAIN)) { |
176 | if (skb == NULL) { | ||
177 | read_unlock(&ip_ra_lock); | 176 | read_unlock(&ip_ra_lock); |
178 | return 1; | 177 | return 1; |
179 | } | 178 | } |
@@ -196,7 +195,7 @@ int ip_call_ra_chain(struct sk_buff *skb) | |||
196 | return 0; | 195 | return 0; |
197 | } | 196 | } |
198 | 197 | ||
199 | static inline int ip_local_deliver_finish(struct sk_buff *skb) | 198 | static int ip_local_deliver_finish(struct sk_buff *skb) |
200 | { | 199 | { |
201 | __skb_pull(skb, ip_hdrlen(skb)); | 200 | __skb_pull(skb, ip_hdrlen(skb)); |
202 | 201 | ||
@@ -265,8 +264,7 @@ int ip_local_deliver(struct sk_buff *skb) | |||
265 | */ | 264 | */ |
266 | 265 | ||
267 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { | 266 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { |
268 | skb = ip_defrag(skb, IP_DEFRAG_LOCAL_DELIVER); | 267 | if (ip_defrag(skb, IP_DEFRAG_LOCAL_DELIVER)) |
269 | if (!skb) | ||
270 | return 0; | 268 | return 0; |
271 | } | 269 | } |
272 | 270 | ||
@@ -326,7 +324,7 @@ drop: | |||
326 | return -1; | 324 | return -1; |
327 | } | 325 | } |
328 | 326 | ||
329 | static inline int ip_rcv_finish(struct sk_buff *skb) | 327 | static int ip_rcv_finish(struct sk_buff *skb) |
330 | { | 328 | { |
331 | const struct iphdr *iph = ip_hdr(skb); | 329 | const struct iphdr *iph = ip_hdr(skb); |
332 | struct rtable *rt; | 330 | struct rtable *rt; |
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 699f06781fd8..f508835ba713 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c | |||
@@ -202,7 +202,7 @@ static inline int ip_skb_dst_mtu(struct sk_buff *skb) | |||
202 | skb->dst->dev->mtu : dst_mtu(skb->dst); | 202 | skb->dst->dev->mtu : dst_mtu(skb->dst); |
203 | } | 203 | } |
204 | 204 | ||
205 | static inline int ip_finish_output(struct sk_buff *skb) | 205 | static int ip_finish_output(struct sk_buff *skb) |
206 | { | 206 | { |
207 | #if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM) | 207 | #if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM) |
208 | /* Policy lookup after SNAT yielded a new policy */ | 208 | /* Policy lookup after SNAT yielded a new policy */ |
diff --git a/net/ipv4/ipvs/ip_vs_app.c b/net/ipv4/ipvs/ip_vs_app.c index 341474eefa55..664cb8e97c1c 100644 --- a/net/ipv4/ipvs/ip_vs_app.c +++ b/net/ipv4/ipvs/ip_vs_app.c | |||
@@ -25,6 +25,7 @@ | |||
25 | #include <linux/skbuff.h> | 25 | #include <linux/skbuff.h> |
26 | #include <linux/in.h> | 26 | #include <linux/in.h> |
27 | #include <linux/ip.h> | 27 | #include <linux/ip.h> |
28 | #include <linux/netfilter.h> | ||
28 | #include <net/net_namespace.h> | 29 | #include <net/net_namespace.h> |
29 | #include <net/protocol.h> | 30 | #include <net/protocol.h> |
30 | #include <net/tcp.h> | 31 | #include <net/tcp.h> |
@@ -328,18 +329,18 @@ static inline void vs_seq_update(struct ip_vs_conn *cp, struct ip_vs_seq *vseq, | |||
328 | spin_unlock(&cp->lock); | 329 | spin_unlock(&cp->lock); |
329 | } | 330 | } |
330 | 331 | ||
331 | static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb, | 332 | static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff *skb, |
332 | struct ip_vs_app *app) | 333 | struct ip_vs_app *app) |
333 | { | 334 | { |
334 | int diff; | 335 | int diff; |
335 | const unsigned int tcp_offset = ip_hdrlen(*pskb); | 336 | const unsigned int tcp_offset = ip_hdrlen(skb); |
336 | struct tcphdr *th; | 337 | struct tcphdr *th; |
337 | __u32 seq; | 338 | __u32 seq; |
338 | 339 | ||
339 | if (!ip_vs_make_skb_writable(pskb, tcp_offset + sizeof(*th))) | 340 | if (!skb_make_writable(skb, tcp_offset + sizeof(*th))) |
340 | return 0; | 341 | return 0; |
341 | 342 | ||
342 | th = (struct tcphdr *)(skb_network_header(*pskb) + tcp_offset); | 343 | th = (struct tcphdr *)(skb_network_header(skb) + tcp_offset); |
343 | 344 | ||
344 | /* | 345 | /* |
345 | * Remember seq number in case this pkt gets resized | 346 | * Remember seq number in case this pkt gets resized |
@@ -360,7 +361,7 @@ static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb, | |||
360 | if (app->pkt_out == NULL) | 361 | if (app->pkt_out == NULL) |
361 | return 1; | 362 | return 1; |
362 | 363 | ||
363 | if (!app->pkt_out(app, cp, pskb, &diff)) | 364 | if (!app->pkt_out(app, cp, skb, &diff)) |
364 | return 0; | 365 | return 0; |
365 | 366 | ||
366 | /* | 367 | /* |
@@ -378,7 +379,7 @@ static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb, | |||
378 | * called by ipvs packet handler, assumes previously checked cp!=NULL | 379 | * called by ipvs packet handler, assumes previously checked cp!=NULL |
379 | * returns false if it can't handle packet (oom) | 380 | * returns false if it can't handle packet (oom) |
380 | */ | 381 | */ |
381 | int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb) | 382 | int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff *skb) |
382 | { | 383 | { |
383 | struct ip_vs_app *app; | 384 | struct ip_vs_app *app; |
384 | 385 | ||
@@ -391,7 +392,7 @@ int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb) | |||
391 | 392 | ||
392 | /* TCP is complicated */ | 393 | /* TCP is complicated */ |
393 | if (cp->protocol == IPPROTO_TCP) | 394 | if (cp->protocol == IPPROTO_TCP) |
394 | return app_tcp_pkt_out(cp, pskb, app); | 395 | return app_tcp_pkt_out(cp, skb, app); |
395 | 396 | ||
396 | /* | 397 | /* |
397 | * Call private output hook function | 398 | * Call private output hook function |
@@ -399,22 +400,22 @@ int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb) | |||
399 | if (app->pkt_out == NULL) | 400 | if (app->pkt_out == NULL) |
400 | return 1; | 401 | return 1; |
401 | 402 | ||
402 | return app->pkt_out(app, cp, pskb, NULL); | 403 | return app->pkt_out(app, cp, skb, NULL); |
403 | } | 404 | } |
404 | 405 | ||
405 | 406 | ||
406 | static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb, | 407 | static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff *skb, |
407 | struct ip_vs_app *app) | 408 | struct ip_vs_app *app) |
408 | { | 409 | { |
409 | int diff; | 410 | int diff; |
410 | const unsigned int tcp_offset = ip_hdrlen(*pskb); | 411 | const unsigned int tcp_offset = ip_hdrlen(skb); |
411 | struct tcphdr *th; | 412 | struct tcphdr *th; |
412 | __u32 seq; | 413 | __u32 seq; |
413 | 414 | ||
414 | if (!ip_vs_make_skb_writable(pskb, tcp_offset + sizeof(*th))) | 415 | if (!skb_make_writable(skb, tcp_offset + sizeof(*th))) |
415 | return 0; | 416 | return 0; |
416 | 417 | ||
417 | th = (struct tcphdr *)(skb_network_header(*pskb) + tcp_offset); | 418 | th = (struct tcphdr *)(skb_network_header(skb) + tcp_offset); |
418 | 419 | ||
419 | /* | 420 | /* |
420 | * Remember seq number in case this pkt gets resized | 421 | * Remember seq number in case this pkt gets resized |
@@ -435,7 +436,7 @@ static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb, | |||
435 | if (app->pkt_in == NULL) | 436 | if (app->pkt_in == NULL) |
436 | return 1; | 437 | return 1; |
437 | 438 | ||
438 | if (!app->pkt_in(app, cp, pskb, &diff)) | 439 | if (!app->pkt_in(app, cp, skb, &diff)) |
439 | return 0; | 440 | return 0; |
440 | 441 | ||
441 | /* | 442 | /* |
@@ -453,7 +454,7 @@ static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb, | |||
453 | * called by ipvs packet handler, assumes previously checked cp!=NULL. | 454 | * called by ipvs packet handler, assumes previously checked cp!=NULL. |
454 | * returns false if can't handle packet (oom). | 455 | * returns false if can't handle packet (oom). |
455 | */ | 456 | */ |
456 | int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb) | 457 | int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff *skb) |
457 | { | 458 | { |
458 | struct ip_vs_app *app; | 459 | struct ip_vs_app *app; |
459 | 460 | ||
@@ -466,7 +467,7 @@ int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb) | |||
466 | 467 | ||
467 | /* TCP is complicated */ | 468 | /* TCP is complicated */ |
468 | if (cp->protocol == IPPROTO_TCP) | 469 | if (cp->protocol == IPPROTO_TCP) |
469 | return app_tcp_pkt_in(cp, pskb, app); | 470 | return app_tcp_pkt_in(cp, skb, app); |
470 | 471 | ||
471 | /* | 472 | /* |
472 | * Call private input hook function | 473 | * Call private input hook function |
@@ -474,7 +475,7 @@ int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb) | |||
474 | if (app->pkt_in == NULL) | 475 | if (app->pkt_in == NULL) |
475 | return 1; | 476 | return 1; |
476 | 477 | ||
477 | return app->pkt_in(app, cp, pskb, NULL); | 478 | return app->pkt_in(app, cp, skb, NULL); |
478 | } | 479 | } |
479 | 480 | ||
480 | 481 | ||
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c index fbca2a2ff29f..c6ed7654e839 100644 --- a/net/ipv4/ipvs/ip_vs_core.c +++ b/net/ipv4/ipvs/ip_vs_core.c | |||
@@ -58,7 +58,6 @@ EXPORT_SYMBOL(ip_vs_conn_put); | |||
58 | #ifdef CONFIG_IP_VS_DEBUG | 58 | #ifdef CONFIG_IP_VS_DEBUG |
59 | EXPORT_SYMBOL(ip_vs_get_debug_level); | 59 | EXPORT_SYMBOL(ip_vs_get_debug_level); |
60 | #endif | 60 | #endif |
61 | EXPORT_SYMBOL(ip_vs_make_skb_writable); | ||
62 | 61 | ||
63 | 62 | ||
64 | /* ID used in ICMP lookups */ | 63 | /* ID used in ICMP lookups */ |
@@ -163,42 +162,6 @@ ip_vs_set_state(struct ip_vs_conn *cp, int direction, | |||
163 | } | 162 | } |
164 | 163 | ||
165 | 164 | ||
166 | int ip_vs_make_skb_writable(struct sk_buff **pskb, int writable_len) | ||
167 | { | ||
168 | struct sk_buff *skb = *pskb; | ||
169 | |||
170 | /* skb is already used, better copy skb and its payload */ | ||
171 | if (unlikely(skb_shared(skb) || skb->sk)) | ||
172 | goto copy_skb; | ||
173 | |||
174 | /* skb data is already used, copy it */ | ||
175 | if (unlikely(skb_cloned(skb))) | ||
176 | goto copy_data; | ||
177 | |||
178 | return pskb_may_pull(skb, writable_len); | ||
179 | |||
180 | copy_data: | ||
181 | if (unlikely(writable_len > skb->len)) | ||
182 | return 0; | ||
183 | return !pskb_expand_head(skb, 0, 0, GFP_ATOMIC); | ||
184 | |||
185 | copy_skb: | ||
186 | if (unlikely(writable_len > skb->len)) | ||
187 | return 0; | ||
188 | skb = skb_copy(skb, GFP_ATOMIC); | ||
189 | if (!skb) | ||
190 | return 0; | ||
191 | BUG_ON(skb_is_nonlinear(skb)); | ||
192 | |||
193 | /* Rest of kernel will get very unhappy if we pass it a | ||
194 | suddenly-orphaned skbuff */ | ||
195 | if ((*pskb)->sk) | ||
196 | skb_set_owner_w(skb, (*pskb)->sk); | ||
197 | kfree_skb(*pskb); | ||
198 | *pskb = skb; | ||
199 | return 1; | ||
200 | } | ||
201 | |||
202 | /* | 165 | /* |
203 | * IPVS persistent scheduling function | 166 | * IPVS persistent scheduling function |
204 | * It creates a connection entry according to its template if exists, | 167 | * It creates a connection entry according to its template if exists, |
@@ -525,12 +488,12 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, | |||
525 | * for VS/NAT. | 488 | * for VS/NAT. |
526 | */ | 489 | */ |
527 | static unsigned int ip_vs_post_routing(unsigned int hooknum, | 490 | static unsigned int ip_vs_post_routing(unsigned int hooknum, |
528 | struct sk_buff **pskb, | 491 | struct sk_buff *skb, |
529 | const struct net_device *in, | 492 | const struct net_device *in, |
530 | const struct net_device *out, | 493 | const struct net_device *out, |
531 | int (*okfn)(struct sk_buff *)) | 494 | int (*okfn)(struct sk_buff *)) |
532 | { | 495 | { |
533 | if (!((*pskb)->ipvs_property)) | 496 | if (!skb->ipvs_property) |
534 | return NF_ACCEPT; | 497 | return NF_ACCEPT; |
535 | /* The packet was sent from IPVS, exit this chain */ | 498 | /* The packet was sent from IPVS, exit this chain */ |
536 | return NF_STOP; | 499 | return NF_STOP; |
@@ -541,13 +504,14 @@ __sum16 ip_vs_checksum_complete(struct sk_buff *skb, int offset) | |||
541 | return csum_fold(skb_checksum(skb, offset, skb->len - offset, 0)); | 504 | return csum_fold(skb_checksum(skb, offset, skb->len - offset, 0)); |
542 | } | 505 | } |
543 | 506 | ||
544 | static inline struct sk_buff * | 507 | static inline int ip_vs_gather_frags(struct sk_buff *skb, u_int32_t user) |
545 | ip_vs_gather_frags(struct sk_buff *skb, u_int32_t user) | ||
546 | { | 508 | { |
547 | skb = ip_defrag(skb, user); | 509 | int err = ip_defrag(skb, user); |
548 | if (skb) | 510 | |
511 | if (!err) | ||
549 | ip_send_check(ip_hdr(skb)); | 512 | ip_send_check(ip_hdr(skb)); |
550 | return skb; | 513 | |
514 | return err; | ||
551 | } | 515 | } |
552 | 516 | ||
553 | /* | 517 | /* |
@@ -605,9 +569,8 @@ void ip_vs_nat_icmp(struct sk_buff *skb, struct ip_vs_protocol *pp, | |||
605 | * Currently handles error types - unreachable, quench, ttl exceeded. | 569 | * Currently handles error types - unreachable, quench, ttl exceeded. |
606 | * (Only used in VS/NAT) | 570 | * (Only used in VS/NAT) |
607 | */ | 571 | */ |
608 | static int ip_vs_out_icmp(struct sk_buff **pskb, int *related) | 572 | static int ip_vs_out_icmp(struct sk_buff *skb, int *related) |
609 | { | 573 | { |
610 | struct sk_buff *skb = *pskb; | ||
611 | struct iphdr *iph; | 574 | struct iphdr *iph; |
612 | struct icmphdr _icmph, *ic; | 575 | struct icmphdr _icmph, *ic; |
613 | struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ | 576 | struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ |
@@ -619,10 +582,8 @@ static int ip_vs_out_icmp(struct sk_buff **pskb, int *related) | |||
619 | 582 | ||
620 | /* reassemble IP fragments */ | 583 | /* reassemble IP fragments */ |
621 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { | 584 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { |
622 | skb = ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT); | 585 | if (ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT)) |
623 | if (!skb) | ||
624 | return NF_STOLEN; | 586 | return NF_STOLEN; |
625 | *pskb = skb; | ||
626 | } | 587 | } |
627 | 588 | ||
628 | iph = ip_hdr(skb); | 589 | iph = ip_hdr(skb); |
@@ -690,9 +651,8 @@ static int ip_vs_out_icmp(struct sk_buff **pskb, int *related) | |||
690 | 651 | ||
691 | if (IPPROTO_TCP == cih->protocol || IPPROTO_UDP == cih->protocol) | 652 | if (IPPROTO_TCP == cih->protocol || IPPROTO_UDP == cih->protocol) |
692 | offset += 2 * sizeof(__u16); | 653 | offset += 2 * sizeof(__u16); |
693 | if (!ip_vs_make_skb_writable(pskb, offset)) | 654 | if (!skb_make_writable(skb, offset)) |
694 | goto out; | 655 | goto out; |
695 | skb = *pskb; | ||
696 | 656 | ||
697 | ip_vs_nat_icmp(skb, pp, cp, 1); | 657 | ip_vs_nat_icmp(skb, pp, cp, 1); |
698 | 658 | ||
@@ -724,11 +684,10 @@ static inline int is_tcp_reset(const struct sk_buff *skb) | |||
724 | * rewrite addresses of the packet and send it on its way... | 684 | * rewrite addresses of the packet and send it on its way... |
725 | */ | 685 | */ |
726 | static unsigned int | 686 | static unsigned int |
727 | ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, | 687 | ip_vs_out(unsigned int hooknum, struct sk_buff *skb, |
728 | const struct net_device *in, const struct net_device *out, | 688 | const struct net_device *in, const struct net_device *out, |
729 | int (*okfn)(struct sk_buff *)) | 689 | int (*okfn)(struct sk_buff *)) |
730 | { | 690 | { |
731 | struct sk_buff *skb = *pskb; | ||
732 | struct iphdr *iph; | 691 | struct iphdr *iph; |
733 | struct ip_vs_protocol *pp; | 692 | struct ip_vs_protocol *pp; |
734 | struct ip_vs_conn *cp; | 693 | struct ip_vs_conn *cp; |
@@ -741,11 +700,10 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, | |||
741 | 700 | ||
742 | iph = ip_hdr(skb); | 701 | iph = ip_hdr(skb); |
743 | if (unlikely(iph->protocol == IPPROTO_ICMP)) { | 702 | if (unlikely(iph->protocol == IPPROTO_ICMP)) { |
744 | int related, verdict = ip_vs_out_icmp(pskb, &related); | 703 | int related, verdict = ip_vs_out_icmp(skb, &related); |
745 | 704 | ||
746 | if (related) | 705 | if (related) |
747 | return verdict; | 706 | return verdict; |
748 | skb = *pskb; | ||
749 | iph = ip_hdr(skb); | 707 | iph = ip_hdr(skb); |
750 | } | 708 | } |
751 | 709 | ||
@@ -756,11 +714,9 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, | |||
756 | /* reassemble IP fragments */ | 714 | /* reassemble IP fragments */ |
757 | if (unlikely(iph->frag_off & htons(IP_MF|IP_OFFSET) && | 715 | if (unlikely(iph->frag_off & htons(IP_MF|IP_OFFSET) && |
758 | !pp->dont_defrag)) { | 716 | !pp->dont_defrag)) { |
759 | skb = ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT); | 717 | if (ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT)) |
760 | if (!skb) | ||
761 | return NF_STOLEN; | 718 | return NF_STOLEN; |
762 | iph = ip_hdr(skb); | 719 | iph = ip_hdr(skb); |
763 | *pskb = skb; | ||
764 | } | 720 | } |
765 | 721 | ||
766 | ihl = iph->ihl << 2; | 722 | ihl = iph->ihl << 2; |
@@ -802,13 +758,12 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, | |||
802 | 758 | ||
803 | IP_VS_DBG_PKT(11, pp, skb, 0, "Outgoing packet"); | 759 | IP_VS_DBG_PKT(11, pp, skb, 0, "Outgoing packet"); |
804 | 760 | ||
805 | if (!ip_vs_make_skb_writable(pskb, ihl)) | 761 | if (!skb_make_writable(skb, ihl)) |
806 | goto drop; | 762 | goto drop; |
807 | 763 | ||
808 | /* mangle the packet */ | 764 | /* mangle the packet */ |
809 | if (pp->snat_handler && !pp->snat_handler(pskb, pp, cp)) | 765 | if (pp->snat_handler && !pp->snat_handler(skb, pp, cp)) |
810 | goto drop; | 766 | goto drop; |
811 | skb = *pskb; | ||
812 | ip_hdr(skb)->saddr = cp->vaddr; | 767 | ip_hdr(skb)->saddr = cp->vaddr; |
813 | ip_send_check(ip_hdr(skb)); | 768 | ip_send_check(ip_hdr(skb)); |
814 | 769 | ||
@@ -818,9 +773,8 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, | |||
818 | * if it came from this machine itself. So re-compute | 773 | * if it came from this machine itself. So re-compute |
819 | * the routing information. | 774 | * the routing information. |
820 | */ | 775 | */ |
821 | if (ip_route_me_harder(pskb, RTN_LOCAL) != 0) | 776 | if (ip_route_me_harder(skb, RTN_LOCAL) != 0) |
822 | goto drop; | 777 | goto drop; |
823 | skb = *pskb; | ||
824 | 778 | ||
825 | IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT"); | 779 | IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT"); |
826 | 780 | ||
@@ -835,7 +789,7 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, | |||
835 | 789 | ||
836 | drop: | 790 | drop: |
837 | ip_vs_conn_put(cp); | 791 | ip_vs_conn_put(cp); |
838 | kfree_skb(*pskb); | 792 | kfree_skb(skb); |
839 | return NF_STOLEN; | 793 | return NF_STOLEN; |
840 | } | 794 | } |
841 | 795 | ||
@@ -847,9 +801,8 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, | |||
847 | * Currently handles error types - unreachable, quench, ttl exceeded. | 801 | * Currently handles error types - unreachable, quench, ttl exceeded. |
848 | */ | 802 | */ |
849 | static int | 803 | static int |
850 | ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum) | 804 | ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum) |
851 | { | 805 | { |
852 | struct sk_buff *skb = *pskb; | ||
853 | struct iphdr *iph; | 806 | struct iphdr *iph; |
854 | struct icmphdr _icmph, *ic; | 807 | struct icmphdr _icmph, *ic; |
855 | struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ | 808 | struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ |
@@ -861,12 +814,9 @@ ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum) | |||
861 | 814 | ||
862 | /* reassemble IP fragments */ | 815 | /* reassemble IP fragments */ |
863 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { | 816 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { |
864 | skb = ip_vs_gather_frags(skb, | 817 | if (ip_vs_gather_frags(skb, hooknum == NF_IP_LOCAL_IN ? |
865 | hooknum == NF_IP_LOCAL_IN ? | 818 | IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD)) |
866 | IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD); | ||
867 | if (!skb) | ||
868 | return NF_STOLEN; | 819 | return NF_STOLEN; |
869 | *pskb = skb; | ||
870 | } | 820 | } |
871 | 821 | ||
872 | iph = ip_hdr(skb); | 822 | iph = ip_hdr(skb); |
@@ -945,11 +895,10 @@ ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum) | |||
945 | * and send it on its way... | 895 | * and send it on its way... |
946 | */ | 896 | */ |
947 | static unsigned int | 897 | static unsigned int |
948 | ip_vs_in(unsigned int hooknum, struct sk_buff **pskb, | 898 | ip_vs_in(unsigned int hooknum, struct sk_buff *skb, |
949 | const struct net_device *in, const struct net_device *out, | 899 | const struct net_device *in, const struct net_device *out, |
950 | int (*okfn)(struct sk_buff *)) | 900 | int (*okfn)(struct sk_buff *)) |
951 | { | 901 | { |
952 | struct sk_buff *skb = *pskb; | ||
953 | struct iphdr *iph; | 902 | struct iphdr *iph; |
954 | struct ip_vs_protocol *pp; | 903 | struct ip_vs_protocol *pp; |
955 | struct ip_vs_conn *cp; | 904 | struct ip_vs_conn *cp; |
@@ -971,11 +920,10 @@ ip_vs_in(unsigned int hooknum, struct sk_buff **pskb, | |||
971 | 920 | ||
972 | iph = ip_hdr(skb); | 921 | iph = ip_hdr(skb); |
973 | if (unlikely(iph->protocol == IPPROTO_ICMP)) { | 922 | if (unlikely(iph->protocol == IPPROTO_ICMP)) { |
974 | int related, verdict = ip_vs_in_icmp(pskb, &related, hooknum); | 923 | int related, verdict = ip_vs_in_icmp(skb, &related, hooknum); |
975 | 924 | ||
976 | if (related) | 925 | if (related) |
977 | return verdict; | 926 | return verdict; |
978 | skb = *pskb; | ||
979 | iph = ip_hdr(skb); | 927 | iph = ip_hdr(skb); |
980 | } | 928 | } |
981 | 929 | ||
@@ -1056,16 +1004,16 @@ ip_vs_in(unsigned int hooknum, struct sk_buff **pskb, | |||
1056 | * and send them to ip_vs_in_icmp. | 1004 | * and send them to ip_vs_in_icmp. |
1057 | */ | 1005 | */ |
1058 | static unsigned int | 1006 | static unsigned int |
1059 | ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff **pskb, | 1007 | ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff *skb, |
1060 | const struct net_device *in, const struct net_device *out, | 1008 | const struct net_device *in, const struct net_device *out, |
1061 | int (*okfn)(struct sk_buff *)) | 1009 | int (*okfn)(struct sk_buff *)) |
1062 | { | 1010 | { |
1063 | int r; | 1011 | int r; |
1064 | 1012 | ||
1065 | if (ip_hdr(*pskb)->protocol != IPPROTO_ICMP) | 1013 | if (ip_hdr(skb)->protocol != IPPROTO_ICMP) |
1066 | return NF_ACCEPT; | 1014 | return NF_ACCEPT; |
1067 | 1015 | ||
1068 | return ip_vs_in_icmp(pskb, &r, hooknum); | 1016 | return ip_vs_in_icmp(skb, &r, hooknum); |
1069 | } | 1017 | } |
1070 | 1018 | ||
1071 | 1019 | ||
diff --git a/net/ipv4/ipvs/ip_vs_ftp.c b/net/ipv4/ipvs/ip_vs_ftp.c index 344ddbbdc756..59aa166b7678 100644 --- a/net/ipv4/ipvs/ip_vs_ftp.c +++ b/net/ipv4/ipvs/ip_vs_ftp.c | |||
@@ -30,6 +30,7 @@ | |||
30 | #include <linux/skbuff.h> | 30 | #include <linux/skbuff.h> |
31 | #include <linux/in.h> | 31 | #include <linux/in.h> |
32 | #include <linux/ip.h> | 32 | #include <linux/ip.h> |
33 | #include <linux/netfilter.h> | ||
33 | #include <net/protocol.h> | 34 | #include <net/protocol.h> |
34 | #include <net/tcp.h> | 35 | #include <net/tcp.h> |
35 | #include <asm/unaligned.h> | 36 | #include <asm/unaligned.h> |
@@ -135,7 +136,7 @@ static int ip_vs_ftp_get_addrport(char *data, char *data_limit, | |||
135 | * xxx,xxx,xxx,xxx is the server address, ppp,ppp is the server port number. | 136 | * xxx,xxx,xxx,xxx is the server address, ppp,ppp is the server port number. |
136 | */ | 137 | */ |
137 | static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp, | 138 | static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp, |
138 | struct sk_buff **pskb, int *diff) | 139 | struct sk_buff *skb, int *diff) |
139 | { | 140 | { |
140 | struct iphdr *iph; | 141 | struct iphdr *iph; |
141 | struct tcphdr *th; | 142 | struct tcphdr *th; |
@@ -155,14 +156,14 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp, | |||
155 | return 1; | 156 | return 1; |
156 | 157 | ||
157 | /* Linear packets are much easier to deal with. */ | 158 | /* Linear packets are much easier to deal with. */ |
158 | if (!ip_vs_make_skb_writable(pskb, (*pskb)->len)) | 159 | if (!skb_make_writable(skb, skb->len)) |
159 | return 0; | 160 | return 0; |
160 | 161 | ||
161 | if (cp->app_data == &ip_vs_ftp_pasv) { | 162 | if (cp->app_data == &ip_vs_ftp_pasv) { |
162 | iph = ip_hdr(*pskb); | 163 | iph = ip_hdr(skb); |
163 | th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); | 164 | th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); |
164 | data = (char *)th + (th->doff << 2); | 165 | data = (char *)th + (th->doff << 2); |
165 | data_limit = skb_tail_pointer(*pskb); | 166 | data_limit = skb_tail_pointer(skb); |
166 | 167 | ||
167 | if (ip_vs_ftp_get_addrport(data, data_limit, | 168 | if (ip_vs_ftp_get_addrport(data, data_limit, |
168 | SERVER_STRING, | 169 | SERVER_STRING, |
@@ -213,7 +214,7 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp, | |||
213 | memcpy(start, buf, buf_len); | 214 | memcpy(start, buf, buf_len); |
214 | ret = 1; | 215 | ret = 1; |
215 | } else { | 216 | } else { |
216 | ret = !ip_vs_skb_replace(*pskb, GFP_ATOMIC, start, | 217 | ret = !ip_vs_skb_replace(skb, GFP_ATOMIC, start, |
217 | end-start, buf, buf_len); | 218 | end-start, buf, buf_len); |
218 | } | 219 | } |
219 | 220 | ||
@@ -238,7 +239,7 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp, | |||
238 | * the client. | 239 | * the client. |
239 | */ | 240 | */ |
240 | static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp, | 241 | static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp, |
241 | struct sk_buff **pskb, int *diff) | 242 | struct sk_buff *skb, int *diff) |
242 | { | 243 | { |
243 | struct iphdr *iph; | 244 | struct iphdr *iph; |
244 | struct tcphdr *th; | 245 | struct tcphdr *th; |
@@ -256,20 +257,20 @@ static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp, | |||
256 | return 1; | 257 | return 1; |
257 | 258 | ||
258 | /* Linear packets are much easier to deal with. */ | 259 | /* Linear packets are much easier to deal with. */ |
259 | if (!ip_vs_make_skb_writable(pskb, (*pskb)->len)) | 260 | if (!skb_make_writable(skb, skb->len)) |
260 | return 0; | 261 | return 0; |
261 | 262 | ||
262 | /* | 263 | /* |
263 | * Detecting whether it is passive | 264 | * Detecting whether it is passive |
264 | */ | 265 | */ |
265 | iph = ip_hdr(*pskb); | 266 | iph = ip_hdr(skb); |
266 | th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); | 267 | th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); |
267 | 268 | ||
268 | /* Since there may be OPTIONS in the TCP packet and the HLEN is | 269 | /* Since there may be OPTIONS in the TCP packet and the HLEN is |
269 | the length of the header in 32-bit multiples, it is accurate | 270 | the length of the header in 32-bit multiples, it is accurate |
270 | to calculate data address by th+HLEN*4 */ | 271 | to calculate data address by th+HLEN*4 */ |
271 | data = data_start = (char *)th + (th->doff << 2); | 272 | data = data_start = (char *)th + (th->doff << 2); |
272 | data_limit = skb_tail_pointer(*pskb); | 273 | data_limit = skb_tail_pointer(skb); |
273 | 274 | ||
274 | while (data <= data_limit - 6) { | 275 | while (data <= data_limit - 6) { |
275 | if (strnicmp(data, "PASV\r\n", 6) == 0) { | 276 | if (strnicmp(data, "PASV\r\n", 6) == 0) { |
diff --git a/net/ipv4/ipvs/ip_vs_proto_tcp.c b/net/ipv4/ipvs/ip_vs_proto_tcp.c index e65577a77006..12dc0d640b6d 100644 --- a/net/ipv4/ipvs/ip_vs_proto_tcp.c +++ b/net/ipv4/ipvs/ip_vs_proto_tcp.c | |||
@@ -20,6 +20,7 @@ | |||
20 | #include <linux/tcp.h> /* for tcphdr */ | 20 | #include <linux/tcp.h> /* for tcphdr */ |
21 | #include <net/ip.h> | 21 | #include <net/ip.h> |
22 | #include <net/tcp.h> /* for csum_tcpudp_magic */ | 22 | #include <net/tcp.h> /* for csum_tcpudp_magic */ |
23 | #include <linux/netfilter.h> | ||
23 | #include <linux/netfilter_ipv4.h> | 24 | #include <linux/netfilter_ipv4.h> |
24 | 25 | ||
25 | #include <net/ip_vs.h> | 26 | #include <net/ip_vs.h> |
@@ -122,27 +123,27 @@ tcp_fast_csum_update(struct tcphdr *tcph, __be32 oldip, __be32 newip, | |||
122 | 123 | ||
123 | 124 | ||
124 | static int | 125 | static int |
125 | tcp_snat_handler(struct sk_buff **pskb, | 126 | tcp_snat_handler(struct sk_buff *skb, |
126 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) | 127 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) |
127 | { | 128 | { |
128 | struct tcphdr *tcph; | 129 | struct tcphdr *tcph; |
129 | const unsigned int tcphoff = ip_hdrlen(*pskb); | 130 | const unsigned int tcphoff = ip_hdrlen(skb); |
130 | 131 | ||
131 | /* csum_check requires unshared skb */ | 132 | /* csum_check requires unshared skb */ |
132 | if (!ip_vs_make_skb_writable(pskb, tcphoff+sizeof(*tcph))) | 133 | if (!skb_make_writable(skb, tcphoff+sizeof(*tcph))) |
133 | return 0; | 134 | return 0; |
134 | 135 | ||
135 | if (unlikely(cp->app != NULL)) { | 136 | if (unlikely(cp->app != NULL)) { |
136 | /* Some checks before mangling */ | 137 | /* Some checks before mangling */ |
137 | if (pp->csum_check && !pp->csum_check(*pskb, pp)) | 138 | if (pp->csum_check && !pp->csum_check(skb, pp)) |
138 | return 0; | 139 | return 0; |
139 | 140 | ||
140 | /* Call application helper if needed */ | 141 | /* Call application helper if needed */ |
141 | if (!ip_vs_app_pkt_out(cp, pskb)) | 142 | if (!ip_vs_app_pkt_out(cp, skb)) |
142 | return 0; | 143 | return 0; |
143 | } | 144 | } |
144 | 145 | ||
145 | tcph = (void *)ip_hdr(*pskb) + tcphoff; | 146 | tcph = (void *)ip_hdr(skb) + tcphoff; |
146 | tcph->source = cp->vport; | 147 | tcph->source = cp->vport; |
147 | 148 | ||
148 | /* Adjust TCP checksums */ | 149 | /* Adjust TCP checksums */ |
@@ -150,17 +151,15 @@ tcp_snat_handler(struct sk_buff **pskb, | |||
150 | /* Only port and addr are changed, do fast csum update */ | 151 | /* Only port and addr are changed, do fast csum update */ |
151 | tcp_fast_csum_update(tcph, cp->daddr, cp->vaddr, | 152 | tcp_fast_csum_update(tcph, cp->daddr, cp->vaddr, |
152 | cp->dport, cp->vport); | 153 | cp->dport, cp->vport); |
153 | if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) | 154 | if (skb->ip_summed == CHECKSUM_COMPLETE) |
154 | (*pskb)->ip_summed = CHECKSUM_NONE; | 155 | skb->ip_summed = CHECKSUM_NONE; |
155 | } else { | 156 | } else { |
156 | /* full checksum calculation */ | 157 | /* full checksum calculation */ |
157 | tcph->check = 0; | 158 | tcph->check = 0; |
158 | (*pskb)->csum = skb_checksum(*pskb, tcphoff, | 159 | skb->csum = skb_checksum(skb, tcphoff, skb->len - tcphoff, 0); |
159 | (*pskb)->len - tcphoff, 0); | ||
160 | tcph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr, | 160 | tcph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr, |
161 | (*pskb)->len - tcphoff, | 161 | skb->len - tcphoff, |
162 | cp->protocol, | 162 | cp->protocol, skb->csum); |
163 | (*pskb)->csum); | ||
164 | IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n", | 163 | IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n", |
165 | pp->name, tcph->check, | 164 | pp->name, tcph->check, |
166 | (char*)&(tcph->check) - (char*)tcph); | 165 | (char*)&(tcph->check) - (char*)tcph); |
@@ -170,30 +169,30 @@ tcp_snat_handler(struct sk_buff **pskb, | |||
170 | 169 | ||
171 | 170 | ||
172 | static int | 171 | static int |
173 | tcp_dnat_handler(struct sk_buff **pskb, | 172 | tcp_dnat_handler(struct sk_buff *skb, |
174 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) | 173 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) |
175 | { | 174 | { |
176 | struct tcphdr *tcph; | 175 | struct tcphdr *tcph; |
177 | const unsigned int tcphoff = ip_hdrlen(*pskb); | 176 | const unsigned int tcphoff = ip_hdrlen(skb); |
178 | 177 | ||
179 | /* csum_check requires unshared skb */ | 178 | /* csum_check requires unshared skb */ |
180 | if (!ip_vs_make_skb_writable(pskb, tcphoff+sizeof(*tcph))) | 179 | if (!skb_make_writable(skb, tcphoff+sizeof(*tcph))) |
181 | return 0; | 180 | return 0; |
182 | 181 | ||
183 | if (unlikely(cp->app != NULL)) { | 182 | if (unlikely(cp->app != NULL)) { |
184 | /* Some checks before mangling */ | 183 | /* Some checks before mangling */ |
185 | if (pp->csum_check && !pp->csum_check(*pskb, pp)) | 184 | if (pp->csum_check && !pp->csum_check(skb, pp)) |
186 | return 0; | 185 | return 0; |
187 | 186 | ||
188 | /* | 187 | /* |
189 | * Attempt ip_vs_app call. | 188 | * Attempt ip_vs_app call. |
190 | * It will fix ip_vs_conn and iph ack_seq stuff | 189 | * It will fix ip_vs_conn and iph ack_seq stuff |
191 | */ | 190 | */ |
192 | if (!ip_vs_app_pkt_in(cp, pskb)) | 191 | if (!ip_vs_app_pkt_in(cp, skb)) |
193 | return 0; | 192 | return 0; |
194 | } | 193 | } |
195 | 194 | ||
196 | tcph = (void *)ip_hdr(*pskb) + tcphoff; | 195 | tcph = (void *)ip_hdr(skb) + tcphoff; |
197 | tcph->dest = cp->dport; | 196 | tcph->dest = cp->dport; |
198 | 197 | ||
199 | /* | 198 | /* |
@@ -203,18 +202,16 @@ tcp_dnat_handler(struct sk_buff **pskb, | |||
203 | /* Only port and addr are changed, do fast csum update */ | 202 | /* Only port and addr are changed, do fast csum update */ |
204 | tcp_fast_csum_update(tcph, cp->vaddr, cp->daddr, | 203 | tcp_fast_csum_update(tcph, cp->vaddr, cp->daddr, |
205 | cp->vport, cp->dport); | 204 | cp->vport, cp->dport); |
206 | if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) | 205 | if (skb->ip_summed == CHECKSUM_COMPLETE) |
207 | (*pskb)->ip_summed = CHECKSUM_NONE; | 206 | skb->ip_summed = CHECKSUM_NONE; |
208 | } else { | 207 | } else { |
209 | /* full checksum calculation */ | 208 | /* full checksum calculation */ |
210 | tcph->check = 0; | 209 | tcph->check = 0; |
211 | (*pskb)->csum = skb_checksum(*pskb, tcphoff, | 210 | skb->csum = skb_checksum(skb, tcphoff, skb->len - tcphoff, 0); |
212 | (*pskb)->len - tcphoff, 0); | ||
213 | tcph->check = csum_tcpudp_magic(cp->caddr, cp->daddr, | 211 | tcph->check = csum_tcpudp_magic(cp->caddr, cp->daddr, |
214 | (*pskb)->len - tcphoff, | 212 | skb->len - tcphoff, |
215 | cp->protocol, | 213 | cp->protocol, skb->csum); |
216 | (*pskb)->csum); | 214 | skb->ip_summed = CHECKSUM_UNNECESSARY; |
217 | (*pskb)->ip_summed = CHECKSUM_UNNECESSARY; | ||
218 | } | 215 | } |
219 | return 1; | 216 | return 1; |
220 | } | 217 | } |
diff --git a/net/ipv4/ipvs/ip_vs_proto_udp.c b/net/ipv4/ipvs/ip_vs_proto_udp.c index 8ee5fe6a101d..1fa7b330b9ac 100644 --- a/net/ipv4/ipvs/ip_vs_proto_udp.c +++ b/net/ipv4/ipvs/ip_vs_proto_udp.c | |||
@@ -18,6 +18,7 @@ | |||
18 | #include <linux/in.h> | 18 | #include <linux/in.h> |
19 | #include <linux/ip.h> | 19 | #include <linux/ip.h> |
20 | #include <linux/kernel.h> | 20 | #include <linux/kernel.h> |
21 | #include <linux/netfilter.h> | ||
21 | #include <linux/netfilter_ipv4.h> | 22 | #include <linux/netfilter_ipv4.h> |
22 | #include <linux/udp.h> | 23 | #include <linux/udp.h> |
23 | 24 | ||
@@ -129,29 +130,29 @@ udp_fast_csum_update(struct udphdr *uhdr, __be32 oldip, __be32 newip, | |||
129 | } | 130 | } |
130 | 131 | ||
131 | static int | 132 | static int |
132 | udp_snat_handler(struct sk_buff **pskb, | 133 | udp_snat_handler(struct sk_buff *skb, |
133 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) | 134 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) |
134 | { | 135 | { |
135 | struct udphdr *udph; | 136 | struct udphdr *udph; |
136 | const unsigned int udphoff = ip_hdrlen(*pskb); | 137 | const unsigned int udphoff = ip_hdrlen(skb); |
137 | 138 | ||
138 | /* csum_check requires unshared skb */ | 139 | /* csum_check requires unshared skb */ |
139 | if (!ip_vs_make_skb_writable(pskb, udphoff+sizeof(*udph))) | 140 | if (!skb_make_writable(skb, udphoff+sizeof(*udph))) |
140 | return 0; | 141 | return 0; |
141 | 142 | ||
142 | if (unlikely(cp->app != NULL)) { | 143 | if (unlikely(cp->app != NULL)) { |
143 | /* Some checks before mangling */ | 144 | /* Some checks before mangling */ |
144 | if (pp->csum_check && !pp->csum_check(*pskb, pp)) | 145 | if (pp->csum_check && !pp->csum_check(skb, pp)) |
145 | return 0; | 146 | return 0; |
146 | 147 | ||
147 | /* | 148 | /* |
148 | * Call application helper if needed | 149 | * Call application helper if needed |
149 | */ | 150 | */ |
150 | if (!ip_vs_app_pkt_out(cp, pskb)) | 151 | if (!ip_vs_app_pkt_out(cp, skb)) |
151 | return 0; | 152 | return 0; |
152 | } | 153 | } |
153 | 154 | ||
154 | udph = (void *)ip_hdr(*pskb) + udphoff; | 155 | udph = (void *)ip_hdr(skb) + udphoff; |
155 | udph->source = cp->vport; | 156 | udph->source = cp->vport; |
156 | 157 | ||
157 | /* | 158 | /* |
@@ -161,17 +162,15 @@ udp_snat_handler(struct sk_buff **pskb, | |||
161 | /* Only port and addr are changed, do fast csum update */ | 162 | /* Only port and addr are changed, do fast csum update */ |
162 | udp_fast_csum_update(udph, cp->daddr, cp->vaddr, | 163 | udp_fast_csum_update(udph, cp->daddr, cp->vaddr, |
163 | cp->dport, cp->vport); | 164 | cp->dport, cp->vport); |
164 | if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) | 165 | if (skb->ip_summed == CHECKSUM_COMPLETE) |
165 | (*pskb)->ip_summed = CHECKSUM_NONE; | 166 | skb->ip_summed = CHECKSUM_NONE; |
166 | } else { | 167 | } else { |
167 | /* full checksum calculation */ | 168 | /* full checksum calculation */ |
168 | udph->check = 0; | 169 | udph->check = 0; |
169 | (*pskb)->csum = skb_checksum(*pskb, udphoff, | 170 | skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0); |
170 | (*pskb)->len - udphoff, 0); | ||
171 | udph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr, | 171 | udph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr, |
172 | (*pskb)->len - udphoff, | 172 | skb->len - udphoff, |
173 | cp->protocol, | 173 | cp->protocol, skb->csum); |
174 | (*pskb)->csum); | ||
175 | if (udph->check == 0) | 174 | if (udph->check == 0) |
176 | udph->check = CSUM_MANGLED_0; | 175 | udph->check = CSUM_MANGLED_0; |
177 | IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n", | 176 | IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n", |
@@ -183,30 +182,30 @@ udp_snat_handler(struct sk_buff **pskb, | |||
183 | 182 | ||
184 | 183 | ||
185 | static int | 184 | static int |
186 | udp_dnat_handler(struct sk_buff **pskb, | 185 | udp_dnat_handler(struct sk_buff *skb, |
187 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) | 186 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp) |
188 | { | 187 | { |
189 | struct udphdr *udph; | 188 | struct udphdr *udph; |
190 | unsigned int udphoff = ip_hdrlen(*pskb); | 189 | unsigned int udphoff = ip_hdrlen(skb); |
191 | 190 | ||
192 | /* csum_check requires unshared skb */ | 191 | /* csum_check requires unshared skb */ |
193 | if (!ip_vs_make_skb_writable(pskb, udphoff+sizeof(*udph))) | 192 | if (!skb_make_writable(skb, udphoff+sizeof(*udph))) |
194 | return 0; | 193 | return 0; |
195 | 194 | ||
196 | if (unlikely(cp->app != NULL)) { | 195 | if (unlikely(cp->app != NULL)) { |
197 | /* Some checks before mangling */ | 196 | /* Some checks before mangling */ |
198 | if (pp->csum_check && !pp->csum_check(*pskb, pp)) | 197 | if (pp->csum_check && !pp->csum_check(skb, pp)) |
199 | return 0; | 198 | return 0; |
200 | 199 | ||
201 | /* | 200 | /* |
202 | * Attempt ip_vs_app call. | 201 | * Attempt ip_vs_app call. |
203 | * It will fix ip_vs_conn | 202 | * It will fix ip_vs_conn |
204 | */ | 203 | */ |
205 | if (!ip_vs_app_pkt_in(cp, pskb)) | 204 | if (!ip_vs_app_pkt_in(cp, skb)) |
206 | return 0; | 205 | return 0; |
207 | } | 206 | } |
208 | 207 | ||
209 | udph = (void *)ip_hdr(*pskb) + udphoff; | 208 | udph = (void *)ip_hdr(skb) + udphoff; |
210 | udph->dest = cp->dport; | 209 | udph->dest = cp->dport; |
211 | 210 | ||
212 | /* | 211 | /* |
@@ -216,20 +215,18 @@ udp_dnat_handler(struct sk_buff **pskb, | |||
216 | /* Only port and addr are changed, do fast csum update */ | 215 | /* Only port and addr are changed, do fast csum update */ |
217 | udp_fast_csum_update(udph, cp->vaddr, cp->daddr, | 216 | udp_fast_csum_update(udph, cp->vaddr, cp->daddr, |
218 | cp->vport, cp->dport); | 217 | cp->vport, cp->dport); |
219 | if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) | 218 | if (skb->ip_summed == CHECKSUM_COMPLETE) |
220 | (*pskb)->ip_summed = CHECKSUM_NONE; | 219 | skb->ip_summed = CHECKSUM_NONE; |
221 | } else { | 220 | } else { |
222 | /* full checksum calculation */ | 221 | /* full checksum calculation */ |
223 | udph->check = 0; | 222 | udph->check = 0; |
224 | (*pskb)->csum = skb_checksum(*pskb, udphoff, | 223 | skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0); |
225 | (*pskb)->len - udphoff, 0); | ||
226 | udph->check = csum_tcpudp_magic(cp->caddr, cp->daddr, | 224 | udph->check = csum_tcpudp_magic(cp->caddr, cp->daddr, |
227 | (*pskb)->len - udphoff, | 225 | skb->len - udphoff, |
228 | cp->protocol, | 226 | cp->protocol, skb->csum); |
229 | (*pskb)->csum); | ||
230 | if (udph->check == 0) | 227 | if (udph->check == 0) |
231 | udph->check = CSUM_MANGLED_0; | 228 | udph->check = CSUM_MANGLED_0; |
232 | (*pskb)->ip_summed = CHECKSUM_UNNECESSARY; | 229 | skb->ip_summed = CHECKSUM_UNNECESSARY; |
233 | } | 230 | } |
234 | return 1; | 231 | return 1; |
235 | } | 232 | } |
diff --git a/net/ipv4/ipvs/ip_vs_xmit.c b/net/ipv4/ipvs/ip_vs_xmit.c index 666e080a74a3..d0a92dec1050 100644 --- a/net/ipv4/ipvs/ip_vs_xmit.c +++ b/net/ipv4/ipvs/ip_vs_xmit.c | |||
@@ -253,7 +253,7 @@ ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
253 | } | 253 | } |
254 | 254 | ||
255 | /* copy-on-write the packet before mangling it */ | 255 | /* copy-on-write the packet before mangling it */ |
256 | if (!ip_vs_make_skb_writable(&skb, sizeof(struct iphdr))) | 256 | if (!skb_make_writable(skb, sizeof(struct iphdr))) |
257 | goto tx_error_put; | 257 | goto tx_error_put; |
258 | 258 | ||
259 | if (skb_cow(skb, rt->u.dst.dev->hard_header_len)) | 259 | if (skb_cow(skb, rt->u.dst.dev->hard_header_len)) |
@@ -264,7 +264,7 @@ ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
264 | skb->dst = &rt->u.dst; | 264 | skb->dst = &rt->u.dst; |
265 | 265 | ||
266 | /* mangle the packet */ | 266 | /* mangle the packet */ |
267 | if (pp->dnat_handler && !pp->dnat_handler(&skb, pp, cp)) | 267 | if (pp->dnat_handler && !pp->dnat_handler(skb, pp, cp)) |
268 | goto tx_error; | 268 | goto tx_error; |
269 | ip_hdr(skb)->daddr = cp->daddr; | 269 | ip_hdr(skb)->daddr = cp->daddr; |
270 | ip_send_check(ip_hdr(skb)); | 270 | ip_send_check(ip_hdr(skb)); |
@@ -529,7 +529,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
529 | } | 529 | } |
530 | 530 | ||
531 | /* copy-on-write the packet before mangling it */ | 531 | /* copy-on-write the packet before mangling it */ |
532 | if (!ip_vs_make_skb_writable(&skb, offset)) | 532 | if (!skb_make_writable(skb, offset)) |
533 | goto tx_error_put; | 533 | goto tx_error_put; |
534 | 534 | ||
535 | if (skb_cow(skb, rt->u.dst.dev->hard_header_len)) | 535 | if (skb_cow(skb, rt->u.dst.dev->hard_header_len)) |
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c index b44192924f95..5539debf4973 100644 --- a/net/ipv4/netfilter.c +++ b/net/ipv4/netfilter.c | |||
@@ -3,14 +3,15 @@ | |||
3 | #include <linux/netfilter.h> | 3 | #include <linux/netfilter.h> |
4 | #include <linux/netfilter_ipv4.h> | 4 | #include <linux/netfilter_ipv4.h> |
5 | #include <linux/ip.h> | 5 | #include <linux/ip.h> |
6 | #include <linux/skbuff.h> | ||
6 | #include <net/route.h> | 7 | #include <net/route.h> |
7 | #include <net/xfrm.h> | 8 | #include <net/xfrm.h> |
8 | #include <net/ip.h> | 9 | #include <net/ip.h> |
9 | 10 | ||
10 | /* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */ | 11 | /* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */ |
11 | int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type) | 12 | int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type) |
12 | { | 13 | { |
13 | const struct iphdr *iph = ip_hdr(*pskb); | 14 | const struct iphdr *iph = ip_hdr(skb); |
14 | struct rtable *rt; | 15 | struct rtable *rt; |
15 | struct flowi fl = {}; | 16 | struct flowi fl = {}; |
16 | struct dst_entry *odst; | 17 | struct dst_entry *odst; |
@@ -29,14 +30,14 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type) | |||
29 | if (type == RTN_LOCAL) | 30 | if (type == RTN_LOCAL) |
30 | fl.nl_u.ip4_u.saddr = iph->saddr; | 31 | fl.nl_u.ip4_u.saddr = iph->saddr; |
31 | fl.nl_u.ip4_u.tos = RT_TOS(iph->tos); | 32 | fl.nl_u.ip4_u.tos = RT_TOS(iph->tos); |
32 | fl.oif = (*pskb)->sk ? (*pskb)->sk->sk_bound_dev_if : 0; | 33 | fl.oif = skb->sk ? skb->sk->sk_bound_dev_if : 0; |
33 | fl.mark = (*pskb)->mark; | 34 | fl.mark = skb->mark; |
34 | if (ip_route_output_key(&rt, &fl) != 0) | 35 | if (ip_route_output_key(&rt, &fl) != 0) |
35 | return -1; | 36 | return -1; |
36 | 37 | ||
37 | /* Drop old route. */ | 38 | /* Drop old route. */ |
38 | dst_release((*pskb)->dst); | 39 | dst_release(skb->dst); |
39 | (*pskb)->dst = &rt->u.dst; | 40 | skb->dst = &rt->u.dst; |
40 | } else { | 41 | } else { |
41 | /* non-local src, find valid iif to satisfy | 42 | /* non-local src, find valid iif to satisfy |
42 | * rp-filter when calling ip_route_input. */ | 43 | * rp-filter when calling ip_route_input. */ |
@@ -44,8 +45,8 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type) | |||
44 | if (ip_route_output_key(&rt, &fl) != 0) | 45 | if (ip_route_output_key(&rt, &fl) != 0) |
45 | return -1; | 46 | return -1; |
46 | 47 | ||
47 | odst = (*pskb)->dst; | 48 | odst = skb->dst; |
48 | if (ip_route_input(*pskb, iph->daddr, iph->saddr, | 49 | if (ip_route_input(skb, iph->daddr, iph->saddr, |
49 | RT_TOS(iph->tos), rt->u.dst.dev) != 0) { | 50 | RT_TOS(iph->tos), rt->u.dst.dev) != 0) { |
50 | dst_release(&rt->u.dst); | 51 | dst_release(&rt->u.dst); |
51 | return -1; | 52 | return -1; |
@@ -54,70 +55,54 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type) | |||
54 | dst_release(odst); | 55 | dst_release(odst); |
55 | } | 56 | } |
56 | 57 | ||
57 | if ((*pskb)->dst->error) | 58 | if (skb->dst->error) |
58 | return -1; | 59 | return -1; |
59 | 60 | ||
60 | #ifdef CONFIG_XFRM | 61 | #ifdef CONFIG_XFRM |
61 | if (!(IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED) && | 62 | if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) && |
62 | xfrm_decode_session(*pskb, &fl, AF_INET) == 0) | 63 | xfrm_decode_session(skb, &fl, AF_INET) == 0) |
63 | if (xfrm_lookup(&(*pskb)->dst, &fl, (*pskb)->sk, 0)) | 64 | if (xfrm_lookup(&skb->dst, &fl, skb->sk, 0)) |
64 | return -1; | 65 | return -1; |
65 | #endif | 66 | #endif |
66 | 67 | ||
67 | /* Change in oif may mean change in hh_len. */ | 68 | /* Change in oif may mean change in hh_len. */ |
68 | hh_len = (*pskb)->dst->dev->hard_header_len; | 69 | hh_len = skb->dst->dev->hard_header_len; |
69 | if (skb_headroom(*pskb) < hh_len) { | 70 | if (skb_headroom(skb) < hh_len && |
70 | struct sk_buff *nskb; | 71 | pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC)) |
71 | 72 | return -1; | |
72 | nskb = skb_realloc_headroom(*pskb, hh_len); | ||
73 | if (!nskb) | ||
74 | return -1; | ||
75 | if ((*pskb)->sk) | ||
76 | skb_set_owner_w(nskb, (*pskb)->sk); | ||
77 | kfree_skb(*pskb); | ||
78 | *pskb = nskb; | ||
79 | } | ||
80 | 73 | ||
81 | return 0; | 74 | return 0; |
82 | } | 75 | } |
83 | EXPORT_SYMBOL(ip_route_me_harder); | 76 | EXPORT_SYMBOL(ip_route_me_harder); |
84 | 77 | ||
85 | #ifdef CONFIG_XFRM | 78 | #ifdef CONFIG_XFRM |
86 | int ip_xfrm_me_harder(struct sk_buff **pskb) | 79 | int ip_xfrm_me_harder(struct sk_buff *skb) |
87 | { | 80 | { |
88 | struct flowi fl; | 81 | struct flowi fl; |
89 | unsigned int hh_len; | 82 | unsigned int hh_len; |
90 | struct dst_entry *dst; | 83 | struct dst_entry *dst; |
91 | 84 | ||
92 | if (IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED) | 85 | if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) |
93 | return 0; | 86 | return 0; |
94 | if (xfrm_decode_session(*pskb, &fl, AF_INET) < 0) | 87 | if (xfrm_decode_session(skb, &fl, AF_INET) < 0) |
95 | return -1; | 88 | return -1; |
96 | 89 | ||
97 | dst = (*pskb)->dst; | 90 | dst = skb->dst; |
98 | if (dst->xfrm) | 91 | if (dst->xfrm) |
99 | dst = ((struct xfrm_dst *)dst)->route; | 92 | dst = ((struct xfrm_dst *)dst)->route; |
100 | dst_hold(dst); | 93 | dst_hold(dst); |
101 | 94 | ||
102 | if (xfrm_lookup(&dst, &fl, (*pskb)->sk, 0) < 0) | 95 | if (xfrm_lookup(&dst, &fl, skb->sk, 0) < 0) |
103 | return -1; | 96 | return -1; |
104 | 97 | ||
105 | dst_release((*pskb)->dst); | 98 | dst_release(skb->dst); |
106 | (*pskb)->dst = dst; | 99 | skb->dst = dst; |
107 | 100 | ||
108 | /* Change in oif may mean change in hh_len. */ | 101 | /* Change in oif may mean change in hh_len. */ |
109 | hh_len = (*pskb)->dst->dev->hard_header_len; | 102 | hh_len = skb->dst->dev->hard_header_len; |
110 | if (skb_headroom(*pskb) < hh_len) { | 103 | if (skb_headroom(skb) < hh_len && |
111 | struct sk_buff *nskb; | 104 | pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC)) |
112 | 105 | return -1; | |
113 | nskb = skb_realloc_headroom(*pskb, hh_len); | ||
114 | if (!nskb) | ||
115 | return -1; | ||
116 | if ((*pskb)->sk) | ||
117 | skb_set_owner_w(nskb, (*pskb)->sk); | ||
118 | kfree_skb(*pskb); | ||
119 | *pskb = nskb; | ||
120 | } | ||
121 | return 0; | 106 | return 0; |
122 | } | 107 | } |
123 | EXPORT_SYMBOL(ip_xfrm_me_harder); | 108 | EXPORT_SYMBOL(ip_xfrm_me_harder); |
@@ -150,17 +135,17 @@ static void nf_ip_saveroute(const struct sk_buff *skb, struct nf_info *info) | |||
150 | } | 135 | } |
151 | } | 136 | } |
152 | 137 | ||
153 | static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info) | 138 | static int nf_ip_reroute(struct sk_buff *skb, const struct nf_info *info) |
154 | { | 139 | { |
155 | const struct ip_rt_info *rt_info = nf_info_reroute(info); | 140 | const struct ip_rt_info *rt_info = nf_info_reroute(info); |
156 | 141 | ||
157 | if (info->hook == NF_IP_LOCAL_OUT) { | 142 | if (info->hook == NF_IP_LOCAL_OUT) { |
158 | const struct iphdr *iph = ip_hdr(*pskb); | 143 | const struct iphdr *iph = ip_hdr(skb); |
159 | 144 | ||
160 | if (!(iph->tos == rt_info->tos | 145 | if (!(iph->tos == rt_info->tos |
161 | && iph->daddr == rt_info->daddr | 146 | && iph->daddr == rt_info->daddr |
162 | && iph->saddr == rt_info->saddr)) | 147 | && iph->saddr == rt_info->saddr)) |
163 | return ip_route_me_harder(pskb, RTN_UNSPEC); | 148 | return ip_route_me_harder(skb, RTN_UNSPEC); |
164 | } | 149 | } |
165 | return 0; | 150 | return 0; |
166 | } | 151 | } |
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 29114a9ccd1d..2909c92ecd99 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
@@ -197,7 +197,7 @@ static inline int arp_checkentry(const struct arpt_arp *arp) | |||
197 | return 1; | 197 | return 1; |
198 | } | 198 | } |
199 | 199 | ||
200 | static unsigned int arpt_error(struct sk_buff **pskb, | 200 | static unsigned int arpt_error(struct sk_buff *skb, |
201 | const struct net_device *in, | 201 | const struct net_device *in, |
202 | const struct net_device *out, | 202 | const struct net_device *out, |
203 | unsigned int hooknum, | 203 | unsigned int hooknum, |
@@ -215,7 +215,7 @@ static inline struct arpt_entry *get_entry(void *base, unsigned int offset) | |||
215 | return (struct arpt_entry *)(base + offset); | 215 | return (struct arpt_entry *)(base + offset); |
216 | } | 216 | } |
217 | 217 | ||
218 | unsigned int arpt_do_table(struct sk_buff **pskb, | 218 | unsigned int arpt_do_table(struct sk_buff *skb, |
219 | unsigned int hook, | 219 | unsigned int hook, |
220 | const struct net_device *in, | 220 | const struct net_device *in, |
221 | const struct net_device *out, | 221 | const struct net_device *out, |
@@ -231,9 +231,9 @@ unsigned int arpt_do_table(struct sk_buff **pskb, | |||
231 | struct xt_table_info *private; | 231 | struct xt_table_info *private; |
232 | 232 | ||
233 | /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ | 233 | /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ |
234 | if (!pskb_may_pull((*pskb), (sizeof(struct arphdr) + | 234 | if (!pskb_may_pull(skb, (sizeof(struct arphdr) + |
235 | (2 * (*pskb)->dev->addr_len) + | 235 | (2 * skb->dev->addr_len) + |
236 | (2 * sizeof(u32))))) | 236 | (2 * sizeof(u32))))) |
237 | return NF_DROP; | 237 | return NF_DROP; |
238 | 238 | ||
239 | indev = in ? in->name : nulldevname; | 239 | indev = in ? in->name : nulldevname; |
@@ -245,14 +245,14 @@ unsigned int arpt_do_table(struct sk_buff **pskb, | |||
245 | e = get_entry(table_base, private->hook_entry[hook]); | 245 | e = get_entry(table_base, private->hook_entry[hook]); |
246 | back = get_entry(table_base, private->underflow[hook]); | 246 | back = get_entry(table_base, private->underflow[hook]); |
247 | 247 | ||
248 | arp = arp_hdr(*pskb); | 248 | arp = arp_hdr(skb); |
249 | do { | 249 | do { |
250 | if (arp_packet_match(arp, (*pskb)->dev, indev, outdev, &e->arp)) { | 250 | if (arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) { |
251 | struct arpt_entry_target *t; | 251 | struct arpt_entry_target *t; |
252 | int hdr_len; | 252 | int hdr_len; |
253 | 253 | ||
254 | hdr_len = sizeof(*arp) + (2 * sizeof(struct in_addr)) + | 254 | hdr_len = sizeof(*arp) + (2 * sizeof(struct in_addr)) + |
255 | (2 * (*pskb)->dev->addr_len); | 255 | (2 * skb->dev->addr_len); |
256 | ADD_COUNTER(e->counters, hdr_len, 1); | 256 | ADD_COUNTER(e->counters, hdr_len, 1); |
257 | 257 | ||
258 | t = arpt_get_target(e); | 258 | t = arpt_get_target(e); |
@@ -290,14 +290,14 @@ unsigned int arpt_do_table(struct sk_buff **pskb, | |||
290 | /* Targets which reenter must return | 290 | /* Targets which reenter must return |
291 | * abs. verdicts | 291 | * abs. verdicts |
292 | */ | 292 | */ |
293 | verdict = t->u.kernel.target->target(pskb, | 293 | verdict = t->u.kernel.target->target(skb, |
294 | in, out, | 294 | in, out, |
295 | hook, | 295 | hook, |
296 | t->u.kernel.target, | 296 | t->u.kernel.target, |
297 | t->data); | 297 | t->data); |
298 | 298 | ||
299 | /* Target might have changed stuff. */ | 299 | /* Target might have changed stuff. */ |
300 | arp = arp_hdr(*pskb); | 300 | arp = arp_hdr(skb); |
301 | 301 | ||
302 | if (verdict == ARPT_CONTINUE) | 302 | if (verdict == ARPT_CONTINUE) |
303 | e = (void *)e + e->next_offset; | 303 | e = (void *)e + e->next_offset; |
diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c index c4bdab47597f..45fa4e20094a 100644 --- a/net/ipv4/netfilter/arpt_mangle.c +++ b/net/ipv4/netfilter/arpt_mangle.c | |||
@@ -1,5 +1,6 @@ | |||
1 | /* module that allows mangling of the arp payload */ | 1 | /* module that allows mangling of the arp payload */ |
2 | #include <linux/module.h> | 2 | #include <linux/module.h> |
3 | #include <linux/netfilter.h> | ||
3 | #include <linux/netfilter_arp/arpt_mangle.h> | 4 | #include <linux/netfilter_arp/arpt_mangle.h> |
4 | #include <net/sock.h> | 5 | #include <net/sock.h> |
5 | 6 | ||
@@ -8,7 +9,7 @@ MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>"); | |||
8 | MODULE_DESCRIPTION("arptables arp payload mangle target"); | 9 | MODULE_DESCRIPTION("arptables arp payload mangle target"); |
9 | 10 | ||
10 | static unsigned int | 11 | static unsigned int |
11 | target(struct sk_buff **pskb, | 12 | target(struct sk_buff *skb, |
12 | const struct net_device *in, const struct net_device *out, | 13 | const struct net_device *in, const struct net_device *out, |
13 | unsigned int hooknum, const struct xt_target *target, | 14 | unsigned int hooknum, const struct xt_target *target, |
14 | const void *targinfo) | 15 | const void *targinfo) |
@@ -18,47 +19,38 @@ target(struct sk_buff **pskb, | |||
18 | unsigned char *arpptr; | 19 | unsigned char *arpptr; |
19 | int pln, hln; | 20 | int pln, hln; |
20 | 21 | ||
21 | if (skb_shared(*pskb) || skb_cloned(*pskb)) { | 22 | if (skb_make_writable(skb, skb->len)) |
22 | struct sk_buff *nskb; | 23 | return NF_DROP; |
23 | 24 | ||
24 | nskb = skb_copy(*pskb, GFP_ATOMIC); | 25 | arp = arp_hdr(skb); |
25 | if (!nskb) | 26 | arpptr = skb_network_header(skb) + sizeof(*arp); |
26 | return NF_DROP; | ||
27 | if ((*pskb)->sk) | ||
28 | skb_set_owner_w(nskb, (*pskb)->sk); | ||
29 | kfree_skb(*pskb); | ||
30 | *pskb = nskb; | ||
31 | } | ||
32 | |||
33 | arp = arp_hdr(*pskb); | ||
34 | arpptr = skb_network_header(*pskb) + sizeof(*arp); | ||
35 | pln = arp->ar_pln; | 27 | pln = arp->ar_pln; |
36 | hln = arp->ar_hln; | 28 | hln = arp->ar_hln; |
37 | /* We assume that pln and hln were checked in the match */ | 29 | /* We assume that pln and hln were checked in the match */ |
38 | if (mangle->flags & ARPT_MANGLE_SDEV) { | 30 | if (mangle->flags & ARPT_MANGLE_SDEV) { |
39 | if (ARPT_DEV_ADDR_LEN_MAX < hln || | 31 | if (ARPT_DEV_ADDR_LEN_MAX < hln || |
40 | (arpptr + hln > skb_tail_pointer(*pskb))) | 32 | (arpptr + hln > skb_tail_pointer(skb))) |
41 | return NF_DROP; | 33 | return NF_DROP; |
42 | memcpy(arpptr, mangle->src_devaddr, hln); | 34 | memcpy(arpptr, mangle->src_devaddr, hln); |
43 | } | 35 | } |
44 | arpptr += hln; | 36 | arpptr += hln; |
45 | if (mangle->flags & ARPT_MANGLE_SIP) { | 37 | if (mangle->flags & ARPT_MANGLE_SIP) { |
46 | if (ARPT_MANGLE_ADDR_LEN_MAX < pln || | 38 | if (ARPT_MANGLE_ADDR_LEN_MAX < pln || |
47 | (arpptr + pln > skb_tail_pointer(*pskb))) | 39 | (arpptr + pln > skb_tail_pointer(skb))) |
48 | return NF_DROP; | 40 | return NF_DROP; |
49 | memcpy(arpptr, &mangle->u_s.src_ip, pln); | 41 | memcpy(arpptr, &mangle->u_s.src_ip, pln); |
50 | } | 42 | } |
51 | arpptr += pln; | 43 | arpptr += pln; |
52 | if (mangle->flags & ARPT_MANGLE_TDEV) { | 44 | if (mangle->flags & ARPT_MANGLE_TDEV) { |
53 | if (ARPT_DEV_ADDR_LEN_MAX < hln || | 45 | if (ARPT_DEV_ADDR_LEN_MAX < hln || |
54 | (arpptr + hln > skb_tail_pointer(*pskb))) | 46 | (arpptr + hln > skb_tail_pointer(skb))) |
55 | return NF_DROP; | 47 | return NF_DROP; |
56 | memcpy(arpptr, mangle->tgt_devaddr, hln); | 48 | memcpy(arpptr, mangle->tgt_devaddr, hln); |
57 | } | 49 | } |
58 | arpptr += hln; | 50 | arpptr += hln; |
59 | if (mangle->flags & ARPT_MANGLE_TIP) { | 51 | if (mangle->flags & ARPT_MANGLE_TIP) { |
60 | if (ARPT_MANGLE_ADDR_LEN_MAX < pln || | 52 | if (ARPT_MANGLE_ADDR_LEN_MAX < pln || |
61 | (arpptr + pln > skb_tail_pointer(*pskb))) | 53 | (arpptr + pln > skb_tail_pointer(skb))) |
62 | return NF_DROP; | 54 | return NF_DROP; |
63 | memcpy(arpptr, &mangle->u_t.tgt_ip, pln); | 55 | memcpy(arpptr, &mangle->u_t.tgt_ip, pln); |
64 | } | 56 | } |
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c index 75c023062533..302d3da5f696 100644 --- a/net/ipv4/netfilter/arptable_filter.c +++ b/net/ipv4/netfilter/arptable_filter.c | |||
@@ -56,12 +56,12 @@ static struct arpt_table packet_filter = { | |||
56 | 56 | ||
57 | /* The work comes in here from netfilter.c */ | 57 | /* The work comes in here from netfilter.c */ |
58 | static unsigned int arpt_hook(unsigned int hook, | 58 | static unsigned int arpt_hook(unsigned int hook, |
59 | struct sk_buff **pskb, | 59 | struct sk_buff *skb, |
60 | const struct net_device *in, | 60 | const struct net_device *in, |
61 | const struct net_device *out, | 61 | const struct net_device *out, |
62 | int (*okfn)(struct sk_buff *)) | 62 | int (*okfn)(struct sk_buff *)) |
63 | { | 63 | { |
64 | return arpt_do_table(pskb, hook, in, out, &packet_filter); | 64 | return arpt_do_table(skb, hook, in, out, &packet_filter); |
65 | } | 65 | } |
66 | 66 | ||
67 | static struct nf_hook_ops arpt_ops[] = { | 67 | static struct nf_hook_ops arpt_ops[] = { |
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c index 23cbfc7c80fd..10a2ce09fd8e 100644 --- a/net/ipv4/netfilter/ip_queue.c +++ b/net/ipv4/netfilter/ip_queue.c | |||
@@ -335,6 +335,7 @@ static int | |||
335 | ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) | 335 | ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) |
336 | { | 336 | { |
337 | int diff; | 337 | int diff; |
338 | int err; | ||
338 | struct iphdr *user_iph = (struct iphdr *)v->payload; | 339 | struct iphdr *user_iph = (struct iphdr *)v->payload; |
339 | 340 | ||
340 | if (v->data_len < sizeof(*user_iph)) | 341 | if (v->data_len < sizeof(*user_iph)) |
@@ -347,25 +348,18 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) | |||
347 | if (v->data_len > 0xFFFF) | 348 | if (v->data_len > 0xFFFF) |
348 | return -EINVAL; | 349 | return -EINVAL; |
349 | if (diff > skb_tailroom(e->skb)) { | 350 | if (diff > skb_tailroom(e->skb)) { |
350 | struct sk_buff *newskb; | 351 | err = pskb_expand_head(e->skb, 0, |
351 | 352 | diff - skb_tailroom(e->skb), | |
352 | newskb = skb_copy_expand(e->skb, | 353 | GFP_ATOMIC); |
353 | skb_headroom(e->skb), | 354 | if (err) { |
354 | diff, | 355 | printk(KERN_WARNING "ip_queue: error " |
355 | GFP_ATOMIC); | 356 | "in mangle, dropping packet: %d\n", -err); |
356 | if (newskb == NULL) { | 357 | return err; |
357 | printk(KERN_WARNING "ip_queue: OOM " | ||
358 | "in mangle, dropping packet\n"); | ||
359 | return -ENOMEM; | ||
360 | } | 358 | } |
361 | if (e->skb->sk) | ||
362 | skb_set_owner_w(newskb, e->skb->sk); | ||
363 | kfree_skb(e->skb); | ||
364 | e->skb = newskb; | ||
365 | } | 359 | } |
366 | skb_put(e->skb, diff); | 360 | skb_put(e->skb, diff); |
367 | } | 361 | } |
368 | if (!skb_make_writable(&e->skb, v->data_len)) | 362 | if (!skb_make_writable(e->skb, v->data_len)) |
369 | return -ENOMEM; | 363 | return -ENOMEM; |
370 | skb_copy_to_linear_data(e->skb, v->payload, v->data_len); | 364 | skb_copy_to_linear_data(e->skb, v->payload, v->data_len); |
371 | e->skb->ip_summed = CHECKSUM_NONE; | 365 | e->skb->ip_summed = CHECKSUM_NONE; |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 6486894f450c..4b10b98640ac 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -169,7 +169,7 @@ ip_checkentry(const struct ipt_ip *ip) | |||
169 | } | 169 | } |
170 | 170 | ||
171 | static unsigned int | 171 | static unsigned int |
172 | ipt_error(struct sk_buff **pskb, | 172 | ipt_error(struct sk_buff *skb, |
173 | const struct net_device *in, | 173 | const struct net_device *in, |
174 | const struct net_device *out, | 174 | const struct net_device *out, |
175 | unsigned int hooknum, | 175 | unsigned int hooknum, |
@@ -312,7 +312,7 @@ static void trace_packet(struct sk_buff *skb, | |||
312 | 312 | ||
313 | /* Returns one of the generic firewall policies, like NF_ACCEPT. */ | 313 | /* Returns one of the generic firewall policies, like NF_ACCEPT. */ |
314 | unsigned int | 314 | unsigned int |
315 | ipt_do_table(struct sk_buff **pskb, | 315 | ipt_do_table(struct sk_buff *skb, |
316 | unsigned int hook, | 316 | unsigned int hook, |
317 | const struct net_device *in, | 317 | const struct net_device *in, |
318 | const struct net_device *out, | 318 | const struct net_device *out, |
@@ -331,8 +331,8 @@ ipt_do_table(struct sk_buff **pskb, | |||
331 | struct xt_table_info *private; | 331 | struct xt_table_info *private; |
332 | 332 | ||
333 | /* Initialization */ | 333 | /* Initialization */ |
334 | ip = ip_hdr(*pskb); | 334 | ip = ip_hdr(skb); |
335 | datalen = (*pskb)->len - ip->ihl * 4; | 335 | datalen = skb->len - ip->ihl * 4; |
336 | indev = in ? in->name : nulldevname; | 336 | indev = in ? in->name : nulldevname; |
337 | outdev = out ? out->name : nulldevname; | 337 | outdev = out ? out->name : nulldevname; |
338 | /* We handle fragments by dealing with the first fragment as | 338 | /* We handle fragments by dealing with the first fragment as |
@@ -359,7 +359,7 @@ ipt_do_table(struct sk_buff **pskb, | |||
359 | struct ipt_entry_target *t; | 359 | struct ipt_entry_target *t; |
360 | 360 | ||
361 | if (IPT_MATCH_ITERATE(e, do_match, | 361 | if (IPT_MATCH_ITERATE(e, do_match, |
362 | *pskb, in, out, | 362 | skb, in, out, |
363 | offset, &hotdrop) != 0) | 363 | offset, &hotdrop) != 0) |
364 | goto no_match; | 364 | goto no_match; |
365 | 365 | ||
@@ -371,8 +371,8 @@ ipt_do_table(struct sk_buff **pskb, | |||
371 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ | 371 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ |
372 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) | 372 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) |
373 | /* The packet is traced: log it */ | 373 | /* The packet is traced: log it */ |
374 | if (unlikely((*pskb)->nf_trace)) | 374 | if (unlikely(skb->nf_trace)) |
375 | trace_packet(*pskb, hook, in, out, | 375 | trace_packet(skb, hook, in, out, |
376 | table->name, private, e); | 376 | table->name, private, e); |
377 | #endif | 377 | #endif |
378 | /* Standard target? */ | 378 | /* Standard target? */ |
@@ -410,7 +410,7 @@ ipt_do_table(struct sk_buff **pskb, | |||
410 | ((struct ipt_entry *)table_base)->comefrom | 410 | ((struct ipt_entry *)table_base)->comefrom |
411 | = 0xeeeeeeec; | 411 | = 0xeeeeeeec; |
412 | #endif | 412 | #endif |
413 | verdict = t->u.kernel.target->target(pskb, | 413 | verdict = t->u.kernel.target->target(skb, |
414 | in, out, | 414 | in, out, |
415 | hook, | 415 | hook, |
416 | t->u.kernel.target, | 416 | t->u.kernel.target, |
@@ -428,8 +428,8 @@ ipt_do_table(struct sk_buff **pskb, | |||
428 | = 0x57acc001; | 428 | = 0x57acc001; |
429 | #endif | 429 | #endif |
430 | /* Target might have changed stuff. */ | 430 | /* Target might have changed stuff. */ |
431 | ip = ip_hdr(*pskb); | 431 | ip = ip_hdr(skb); |
432 | datalen = (*pskb)->len - ip->ihl * 4; | 432 | datalen = skb->len - ip->ihl * 4; |
433 | 433 | ||
434 | if (verdict == IPT_CONTINUE) | 434 | if (verdict == IPT_CONTINUE) |
435 | e = (void *)e + e->next_offset; | 435 | e = (void *)e + e->next_offset; |
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c index 27f14e1ebd8b..2f544dac72df 100644 --- a/net/ipv4/netfilter/ipt_CLUSTERIP.c +++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c | |||
@@ -289,7 +289,7 @@ clusterip_responsible(const struct clusterip_config *config, u_int32_t hash) | |||
289 | ***********************************************************************/ | 289 | ***********************************************************************/ |
290 | 290 | ||
291 | static unsigned int | 291 | static unsigned int |
292 | target(struct sk_buff **pskb, | 292 | target(struct sk_buff *skb, |
293 | const struct net_device *in, | 293 | const struct net_device *in, |
294 | const struct net_device *out, | 294 | const struct net_device *out, |
295 | unsigned int hooknum, | 295 | unsigned int hooknum, |
@@ -305,7 +305,7 @@ target(struct sk_buff **pskb, | |||
305 | * is only decremented by destroy() - and ip_tables guarantees | 305 | * is only decremented by destroy() - and ip_tables guarantees |
306 | * that the ->target() function isn't called after ->destroy() */ | 306 | * that the ->target() function isn't called after ->destroy() */ |
307 | 307 | ||
308 | ct = nf_ct_get(*pskb, &ctinfo); | 308 | ct = nf_ct_get(skb, &ctinfo); |
309 | if (ct == NULL) { | 309 | if (ct == NULL) { |
310 | printk(KERN_ERR "CLUSTERIP: no conntrack!\n"); | 310 | printk(KERN_ERR "CLUSTERIP: no conntrack!\n"); |
311 | /* FIXME: need to drop invalid ones, since replies | 311 | /* FIXME: need to drop invalid ones, since replies |
@@ -316,7 +316,7 @@ target(struct sk_buff **pskb, | |||
316 | 316 | ||
317 | /* special case: ICMP error handling. conntrack distinguishes between | 317 | /* special case: ICMP error handling. conntrack distinguishes between |
318 | * error messages (RELATED) and information requests (see below) */ | 318 | * error messages (RELATED) and information requests (see below) */ |
319 | if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP | 319 | if (ip_hdr(skb)->protocol == IPPROTO_ICMP |
320 | && (ctinfo == IP_CT_RELATED | 320 | && (ctinfo == IP_CT_RELATED |
321 | || ctinfo == IP_CT_RELATED+IP_CT_IS_REPLY)) | 321 | || ctinfo == IP_CT_RELATED+IP_CT_IS_REPLY)) |
322 | return XT_CONTINUE; | 322 | return XT_CONTINUE; |
@@ -325,7 +325,7 @@ target(struct sk_buff **pskb, | |||
325 | * TIMESTAMP, INFO_REQUEST or ADDRESS type icmp packets from here | 325 | * TIMESTAMP, INFO_REQUEST or ADDRESS type icmp packets from here |
326 | * on, which all have an ID field [relevant for hashing]. */ | 326 | * on, which all have an ID field [relevant for hashing]. */ |
327 | 327 | ||
328 | hash = clusterip_hashfn(*pskb, cipinfo->config); | 328 | hash = clusterip_hashfn(skb, cipinfo->config); |
329 | 329 | ||
330 | switch (ctinfo) { | 330 | switch (ctinfo) { |
331 | case IP_CT_NEW: | 331 | case IP_CT_NEW: |
@@ -355,7 +355,7 @@ target(struct sk_buff **pskb, | |||
355 | 355 | ||
356 | /* despite being received via linklayer multicast, this is | 356 | /* despite being received via linklayer multicast, this is |
357 | * actually a unicast IP packet. TCP doesn't like PACKET_MULTICAST */ | 357 | * actually a unicast IP packet. TCP doesn't like PACKET_MULTICAST */ |
358 | (*pskb)->pkt_type = PACKET_HOST; | 358 | skb->pkt_type = PACKET_HOST; |
359 | 359 | ||
360 | return XT_CONTINUE; | 360 | return XT_CONTINUE; |
361 | } | 361 | } |
@@ -505,12 +505,12 @@ static void arp_print(struct arp_payload *payload) | |||
505 | 505 | ||
506 | static unsigned int | 506 | static unsigned int |
507 | arp_mangle(unsigned int hook, | 507 | arp_mangle(unsigned int hook, |
508 | struct sk_buff **pskb, | 508 | struct sk_buff *skb, |
509 | const struct net_device *in, | 509 | const struct net_device *in, |
510 | const struct net_device *out, | 510 | const struct net_device *out, |
511 | int (*okfn)(struct sk_buff *)) | 511 | int (*okfn)(struct sk_buff *)) |
512 | { | 512 | { |
513 | struct arphdr *arp = arp_hdr(*pskb); | 513 | struct arphdr *arp = arp_hdr(skb); |
514 | struct arp_payload *payload; | 514 | struct arp_payload *payload; |
515 | struct clusterip_config *c; | 515 | struct clusterip_config *c; |
516 | 516 | ||
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c index f1253bd3837f..add110060a22 100644 --- a/net/ipv4/netfilter/ipt_ECN.c +++ b/net/ipv4/netfilter/ipt_ECN.c | |||
@@ -26,15 +26,15 @@ MODULE_DESCRIPTION("iptables ECN modification module"); | |||
26 | /* set ECT codepoint from IP header. | 26 | /* set ECT codepoint from IP header. |
27 | * return false if there was an error. */ | 27 | * return false if there was an error. */ |
28 | static inline bool | 28 | static inline bool |
29 | set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) | 29 | set_ect_ip(struct sk_buff *skb, const struct ipt_ECN_info *einfo) |
30 | { | 30 | { |
31 | struct iphdr *iph = ip_hdr(*pskb); | 31 | struct iphdr *iph = ip_hdr(skb); |
32 | 32 | ||
33 | if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) { | 33 | if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) { |
34 | __u8 oldtos; | 34 | __u8 oldtos; |
35 | if (!skb_make_writable(pskb, sizeof(struct iphdr))) | 35 | if (!skb_make_writable(skb, sizeof(struct iphdr))) |
36 | return false; | 36 | return false; |
37 | iph = ip_hdr(*pskb); | 37 | iph = ip_hdr(skb); |
38 | oldtos = iph->tos; | 38 | oldtos = iph->tos; |
39 | iph->tos &= ~IPT_ECN_IP_MASK; | 39 | iph->tos &= ~IPT_ECN_IP_MASK; |
40 | iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK); | 40 | iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK); |
@@ -45,14 +45,13 @@ set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) | |||
45 | 45 | ||
46 | /* Return false if there was an error. */ | 46 | /* Return false if there was an error. */ |
47 | static inline bool | 47 | static inline bool |
48 | set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) | 48 | set_ect_tcp(struct sk_buff *skb, const struct ipt_ECN_info *einfo) |
49 | { | 49 | { |
50 | struct tcphdr _tcph, *tcph; | 50 | struct tcphdr _tcph, *tcph; |
51 | __be16 oldval; | 51 | __be16 oldval; |
52 | 52 | ||
53 | /* Not enought header? */ | 53 | /* Not enought header? */ |
54 | tcph = skb_header_pointer(*pskb, ip_hdrlen(*pskb), | 54 | tcph = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph); |
55 | sizeof(_tcph), &_tcph); | ||
56 | if (!tcph) | 55 | if (!tcph) |
57 | return false; | 56 | return false; |
58 | 57 | ||
@@ -62,9 +61,9 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) | |||
62 | tcph->cwr == einfo->proto.tcp.cwr)) | 61 | tcph->cwr == einfo->proto.tcp.cwr)) |
63 | return true; | 62 | return true; |
64 | 63 | ||
65 | if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph))) | 64 | if (!skb_make_writable(skb, ip_hdrlen(skb) + sizeof(*tcph))) |
66 | return false; | 65 | return false; |
67 | tcph = (void *)ip_hdr(*pskb) + ip_hdrlen(*pskb); | 66 | tcph = (void *)ip_hdr(skb) + ip_hdrlen(skb); |
68 | 67 | ||
69 | oldval = ((__be16 *)tcph)[6]; | 68 | oldval = ((__be16 *)tcph)[6]; |
70 | if (einfo->operation & IPT_ECN_OP_SET_ECE) | 69 | if (einfo->operation & IPT_ECN_OP_SET_ECE) |
@@ -72,13 +71,13 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) | |||
72 | if (einfo->operation & IPT_ECN_OP_SET_CWR) | 71 | if (einfo->operation & IPT_ECN_OP_SET_CWR) |
73 | tcph->cwr = einfo->proto.tcp.cwr; | 72 | tcph->cwr = einfo->proto.tcp.cwr; |
74 | 73 | ||
75 | nf_proto_csum_replace2(&tcph->check, *pskb, | 74 | nf_proto_csum_replace2(&tcph->check, skb, |
76 | oldval, ((__be16 *)tcph)[6], 0); | 75 | oldval, ((__be16 *)tcph)[6], 0); |
77 | return true; | 76 | return true; |
78 | } | 77 | } |
79 | 78 | ||
80 | static unsigned int | 79 | static unsigned int |
81 | target(struct sk_buff **pskb, | 80 | target(struct sk_buff *skb, |
82 | const struct net_device *in, | 81 | const struct net_device *in, |
83 | const struct net_device *out, | 82 | const struct net_device *out, |
84 | unsigned int hooknum, | 83 | unsigned int hooknum, |
@@ -88,12 +87,12 @@ target(struct sk_buff **pskb, | |||
88 | const struct ipt_ECN_info *einfo = targinfo; | 87 | const struct ipt_ECN_info *einfo = targinfo; |
89 | 88 | ||
90 | if (einfo->operation & IPT_ECN_OP_SET_IP) | 89 | if (einfo->operation & IPT_ECN_OP_SET_IP) |
91 | if (!set_ect_ip(pskb, einfo)) | 90 | if (!set_ect_ip(skb, einfo)) |
92 | return NF_DROP; | 91 | return NF_DROP; |
93 | 92 | ||
94 | if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR) | 93 | if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR) |
95 | && ip_hdr(*pskb)->protocol == IPPROTO_TCP) | 94 | && ip_hdr(skb)->protocol == IPPROTO_TCP) |
96 | if (!set_ect_tcp(pskb, einfo)) | 95 | if (!set_ect_tcp(skb, einfo)) |
97 | return NF_DROP; | 96 | return NF_DROP; |
98 | 97 | ||
99 | return XT_CONTINUE; | 98 | return XT_CONTINUE; |
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c index 127a5e89bf14..4b5e8216a4e7 100644 --- a/net/ipv4/netfilter/ipt_LOG.c +++ b/net/ipv4/netfilter/ipt_LOG.c | |||
@@ -418,7 +418,7 @@ ipt_log_packet(unsigned int pf, | |||
418 | } | 418 | } |
419 | 419 | ||
420 | static unsigned int | 420 | static unsigned int |
421 | ipt_log_target(struct sk_buff **pskb, | 421 | ipt_log_target(struct sk_buff *skb, |
422 | const struct net_device *in, | 422 | const struct net_device *in, |
423 | const struct net_device *out, | 423 | const struct net_device *out, |
424 | unsigned int hooknum, | 424 | unsigned int hooknum, |
@@ -432,7 +432,7 @@ ipt_log_target(struct sk_buff **pskb, | |||
432 | li.u.log.level = loginfo->level; | 432 | li.u.log.level = loginfo->level; |
433 | li.u.log.logflags = loginfo->logflags; | 433 | li.u.log.logflags = loginfo->logflags; |
434 | 434 | ||
435 | ipt_log_packet(PF_INET, hooknum, *pskb, in, out, &li, | 435 | ipt_log_packet(PF_INET, hooknum, skb, in, out, &li, |
436 | loginfo->prefix); | 436 | loginfo->prefix); |
437 | return XT_CONTINUE; | 437 | return XT_CONTINUE; |
438 | } | 438 | } |
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c index 3e0b562b2db7..44b516e7cb79 100644 --- a/net/ipv4/netfilter/ipt_MASQUERADE.c +++ b/net/ipv4/netfilter/ipt_MASQUERADE.c | |||
@@ -52,7 +52,7 @@ masquerade_check(const char *tablename, | |||
52 | } | 52 | } |
53 | 53 | ||
54 | static unsigned int | 54 | static unsigned int |
55 | masquerade_target(struct sk_buff **pskb, | 55 | masquerade_target(struct sk_buff *skb, |
56 | const struct net_device *in, | 56 | const struct net_device *in, |
57 | const struct net_device *out, | 57 | const struct net_device *out, |
58 | unsigned int hooknum, | 58 | unsigned int hooknum, |
@@ -69,7 +69,7 @@ masquerade_target(struct sk_buff **pskb, | |||
69 | 69 | ||
70 | NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); | 70 | NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); |
71 | 71 | ||
72 | ct = nf_ct_get(*pskb, &ctinfo); | 72 | ct = nf_ct_get(skb, &ctinfo); |
73 | nat = nfct_nat(ct); | 73 | nat = nfct_nat(ct); |
74 | 74 | ||
75 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED | 75 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED |
@@ -82,7 +82,7 @@ masquerade_target(struct sk_buff **pskb, | |||
82 | return NF_ACCEPT; | 82 | return NF_ACCEPT; |
83 | 83 | ||
84 | mr = targinfo; | 84 | mr = targinfo; |
85 | rt = (struct rtable *)(*pskb)->dst; | 85 | rt = (struct rtable *)skb->dst; |
86 | newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE); | 86 | newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE); |
87 | if (!newsrc) { | 87 | if (!newsrc) { |
88 | printk("MASQUERADE: %s ate my IP address\n", out->name); | 88 | printk("MASQUERADE: %s ate my IP address\n", out->name); |
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c index 41a011d5a065..f8699291e33d 100644 --- a/net/ipv4/netfilter/ipt_NETMAP.c +++ b/net/ipv4/netfilter/ipt_NETMAP.c | |||
@@ -43,7 +43,7 @@ check(const char *tablename, | |||
43 | } | 43 | } |
44 | 44 | ||
45 | static unsigned int | 45 | static unsigned int |
46 | target(struct sk_buff **pskb, | 46 | target(struct sk_buff *skb, |
47 | const struct net_device *in, | 47 | const struct net_device *in, |
48 | const struct net_device *out, | 48 | const struct net_device *out, |
49 | unsigned int hooknum, | 49 | unsigned int hooknum, |
@@ -59,14 +59,14 @@ target(struct sk_buff **pskb, | |||
59 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING | 59 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING |
60 | || hooknum == NF_IP_POST_ROUTING | 60 | || hooknum == NF_IP_POST_ROUTING |
61 | || hooknum == NF_IP_LOCAL_OUT); | 61 | || hooknum == NF_IP_LOCAL_OUT); |
62 | ct = nf_ct_get(*pskb, &ctinfo); | 62 | ct = nf_ct_get(skb, &ctinfo); |
63 | 63 | ||
64 | netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip); | 64 | netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip); |
65 | 65 | ||
66 | if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT) | 66 | if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT) |
67 | new_ip = ip_hdr(*pskb)->daddr & ~netmask; | 67 | new_ip = ip_hdr(skb)->daddr & ~netmask; |
68 | else | 68 | else |
69 | new_ip = ip_hdr(*pskb)->saddr & ~netmask; | 69 | new_ip = ip_hdr(skb)->saddr & ~netmask; |
70 | new_ip |= mr->range[0].min_ip & netmask; | 70 | new_ip |= mr->range[0].min_ip & netmask; |
71 | 71 | ||
72 | newrange = ((struct nf_nat_range) | 72 | newrange = ((struct nf_nat_range) |
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c index 6ac7a2373316..f7cf7d61a2d4 100644 --- a/net/ipv4/netfilter/ipt_REDIRECT.c +++ b/net/ipv4/netfilter/ipt_REDIRECT.c | |||
@@ -47,7 +47,7 @@ redirect_check(const char *tablename, | |||
47 | } | 47 | } |
48 | 48 | ||
49 | static unsigned int | 49 | static unsigned int |
50 | redirect_target(struct sk_buff **pskb, | 50 | redirect_target(struct sk_buff *skb, |
51 | const struct net_device *in, | 51 | const struct net_device *in, |
52 | const struct net_device *out, | 52 | const struct net_device *out, |
53 | unsigned int hooknum, | 53 | unsigned int hooknum, |
@@ -63,7 +63,7 @@ redirect_target(struct sk_buff **pskb, | |||
63 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING | 63 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING |
64 | || hooknum == NF_IP_LOCAL_OUT); | 64 | || hooknum == NF_IP_LOCAL_OUT); |
65 | 65 | ||
66 | ct = nf_ct_get(*pskb, &ctinfo); | 66 | ct = nf_ct_get(skb, &ctinfo); |
67 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); | 67 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); |
68 | 68 | ||
69 | /* Local packets: make them go to loopback */ | 69 | /* Local packets: make them go to loopback */ |
@@ -76,7 +76,7 @@ redirect_target(struct sk_buff **pskb, | |||
76 | newdst = 0; | 76 | newdst = 0; |
77 | 77 | ||
78 | rcu_read_lock(); | 78 | rcu_read_lock(); |
79 | indev = __in_dev_get_rcu((*pskb)->dev); | 79 | indev = __in_dev_get_rcu(skb->dev); |
80 | if (indev && (ifa = indev->ifa_list)) | 80 | if (indev && (ifa = indev->ifa_list)) |
81 | newdst = ifa->ifa_local; | 81 | newdst = ifa->ifa_local; |
82 | rcu_read_unlock(); | 82 | rcu_read_unlock(); |
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c index cb038c8fbc9d..dcf4d21d5116 100644 --- a/net/ipv4/netfilter/ipt_REJECT.c +++ b/net/ipv4/netfilter/ipt_REJECT.c | |||
@@ -131,7 +131,7 @@ static void send_reset(struct sk_buff *oldskb, int hook) | |||
131 | ) | 131 | ) |
132 | addr_type = RTN_LOCAL; | 132 | addr_type = RTN_LOCAL; |
133 | 133 | ||
134 | if (ip_route_me_harder(&nskb, addr_type)) | 134 | if (ip_route_me_harder(nskb, addr_type)) |
135 | goto free_nskb; | 135 | goto free_nskb; |
136 | 136 | ||
137 | nskb->ip_summed = CHECKSUM_NONE; | 137 | nskb->ip_summed = CHECKSUM_NONE; |
@@ -162,7 +162,7 @@ static inline void send_unreach(struct sk_buff *skb_in, int code) | |||
162 | icmp_send(skb_in, ICMP_DEST_UNREACH, code, 0); | 162 | icmp_send(skb_in, ICMP_DEST_UNREACH, code, 0); |
163 | } | 163 | } |
164 | 164 | ||
165 | static unsigned int reject(struct sk_buff **pskb, | 165 | static unsigned int reject(struct sk_buff *skb, |
166 | const struct net_device *in, | 166 | const struct net_device *in, |
167 | const struct net_device *out, | 167 | const struct net_device *out, |
168 | unsigned int hooknum, | 168 | unsigned int hooknum, |
@@ -173,7 +173,7 @@ static unsigned int reject(struct sk_buff **pskb, | |||
173 | 173 | ||
174 | /* Our naive response construction doesn't deal with IP | 174 | /* Our naive response construction doesn't deal with IP |
175 | options, and probably shouldn't try. */ | 175 | options, and probably shouldn't try. */ |
176 | if (ip_hdrlen(*pskb) != sizeof(struct iphdr)) | 176 | if (ip_hdrlen(skb) != sizeof(struct iphdr)) |
177 | return NF_DROP; | 177 | return NF_DROP; |
178 | 178 | ||
179 | /* WARNING: This code causes reentry within iptables. | 179 | /* WARNING: This code causes reentry within iptables. |
@@ -181,28 +181,28 @@ static unsigned int reject(struct sk_buff **pskb, | |||
181 | must return an absolute verdict. --RR */ | 181 | must return an absolute verdict. --RR */ |
182 | switch (reject->with) { | 182 | switch (reject->with) { |
183 | case IPT_ICMP_NET_UNREACHABLE: | 183 | case IPT_ICMP_NET_UNREACHABLE: |
184 | send_unreach(*pskb, ICMP_NET_UNREACH); | 184 | send_unreach(skb, ICMP_NET_UNREACH); |
185 | break; | 185 | break; |
186 | case IPT_ICMP_HOST_UNREACHABLE: | 186 | case IPT_ICMP_HOST_UNREACHABLE: |
187 | send_unreach(*pskb, ICMP_HOST_UNREACH); | 187 | send_unreach(skb, ICMP_HOST_UNREACH); |
188 | break; | 188 | break; |
189 | case IPT_ICMP_PROT_UNREACHABLE: | 189 | case IPT_ICMP_PROT_UNREACHABLE: |
190 | send_unreach(*pskb, ICMP_PROT_UNREACH); | 190 | send_unreach(skb, ICMP_PROT_UNREACH); |
191 | break; | 191 | break; |
192 | case IPT_ICMP_PORT_UNREACHABLE: | 192 | case IPT_ICMP_PORT_UNREACHABLE: |
193 | send_unreach(*pskb, ICMP_PORT_UNREACH); | 193 | send_unreach(skb, ICMP_PORT_UNREACH); |
194 | break; | 194 | break; |
195 | case IPT_ICMP_NET_PROHIBITED: | 195 | case IPT_ICMP_NET_PROHIBITED: |
196 | send_unreach(*pskb, ICMP_NET_ANO); | 196 | send_unreach(skb, ICMP_NET_ANO); |
197 | break; | 197 | break; |
198 | case IPT_ICMP_HOST_PROHIBITED: | 198 | case IPT_ICMP_HOST_PROHIBITED: |
199 | send_unreach(*pskb, ICMP_HOST_ANO); | 199 | send_unreach(skb, ICMP_HOST_ANO); |
200 | break; | 200 | break; |
201 | case IPT_ICMP_ADMIN_PROHIBITED: | 201 | case IPT_ICMP_ADMIN_PROHIBITED: |
202 | send_unreach(*pskb, ICMP_PKT_FILTERED); | 202 | send_unreach(skb, ICMP_PKT_FILTERED); |
203 | break; | 203 | break; |
204 | case IPT_TCP_RESET: | 204 | case IPT_TCP_RESET: |
205 | send_reset(*pskb, hooknum); | 205 | send_reset(skb, hooknum); |
206 | case IPT_ICMP_ECHOREPLY: | 206 | case IPT_ICMP_ECHOREPLY: |
207 | /* Doesn't happen. */ | 207 | /* Doesn't happen. */ |
208 | break; | 208 | break; |
diff --git a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c index 97641f1a97f6..8988571436b8 100644 --- a/net/ipv4/netfilter/ipt_SAME.c +++ b/net/ipv4/netfilter/ipt_SAME.c | |||
@@ -104,7 +104,7 @@ same_destroy(const struct xt_target *target, void *targinfo) | |||
104 | } | 104 | } |
105 | 105 | ||
106 | static unsigned int | 106 | static unsigned int |
107 | same_target(struct sk_buff **pskb, | 107 | same_target(struct sk_buff *skb, |
108 | const struct net_device *in, | 108 | const struct net_device *in, |
109 | const struct net_device *out, | 109 | const struct net_device *out, |
110 | unsigned int hooknum, | 110 | unsigned int hooknum, |
@@ -121,7 +121,7 @@ same_target(struct sk_buff **pskb, | |||
121 | 121 | ||
122 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || | 122 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || |
123 | hooknum == NF_IP_POST_ROUTING); | 123 | hooknum == NF_IP_POST_ROUTING); |
124 | ct = nf_ct_get(*pskb, &ctinfo); | 124 | ct = nf_ct_get(skb, &ctinfo); |
125 | 125 | ||
126 | t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; | 126 | t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; |
127 | 127 | ||
diff --git a/net/ipv4/netfilter/ipt_TOS.c b/net/ipv4/netfilter/ipt_TOS.c index 25f5d0b39065..d4573baa7f27 100644 --- a/net/ipv4/netfilter/ipt_TOS.c +++ b/net/ipv4/netfilter/ipt_TOS.c | |||
@@ -21,7 +21,7 @@ MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); | |||
21 | MODULE_DESCRIPTION("iptables TOS mangling module"); | 21 | MODULE_DESCRIPTION("iptables TOS mangling module"); |
22 | 22 | ||
23 | static unsigned int | 23 | static unsigned int |
24 | target(struct sk_buff **pskb, | 24 | target(struct sk_buff *skb, |
25 | const struct net_device *in, | 25 | const struct net_device *in, |
26 | const struct net_device *out, | 26 | const struct net_device *out, |
27 | unsigned int hooknum, | 27 | unsigned int hooknum, |
@@ -29,13 +29,13 @@ target(struct sk_buff **pskb, | |||
29 | const void *targinfo) | 29 | const void *targinfo) |
30 | { | 30 | { |
31 | const struct ipt_tos_target_info *tosinfo = targinfo; | 31 | const struct ipt_tos_target_info *tosinfo = targinfo; |
32 | struct iphdr *iph = ip_hdr(*pskb); | 32 | struct iphdr *iph = ip_hdr(skb); |
33 | 33 | ||
34 | if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) { | 34 | if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) { |
35 | __u8 oldtos; | 35 | __u8 oldtos; |
36 | if (!skb_make_writable(pskb, sizeof(struct iphdr))) | 36 | if (!skb_make_writable(skb, sizeof(struct iphdr))) |
37 | return NF_DROP; | 37 | return NF_DROP; |
38 | iph = ip_hdr(*pskb); | 38 | iph = ip_hdr(skb); |
39 | oldtos = iph->tos; | 39 | oldtos = iph->tos; |
40 | iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos; | 40 | iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos; |
41 | nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos)); | 41 | nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos)); |
diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c index 2b54e7b0cfe8..c620a0527666 100644 --- a/net/ipv4/netfilter/ipt_TTL.c +++ b/net/ipv4/netfilter/ipt_TTL.c | |||
@@ -20,7 +20,7 @@ MODULE_DESCRIPTION("IP tables TTL modification module"); | |||
20 | MODULE_LICENSE("GPL"); | 20 | MODULE_LICENSE("GPL"); |
21 | 21 | ||
22 | static unsigned int | 22 | static unsigned int |
23 | ipt_ttl_target(struct sk_buff **pskb, | 23 | ipt_ttl_target(struct sk_buff *skb, |
24 | const struct net_device *in, const struct net_device *out, | 24 | const struct net_device *in, const struct net_device *out, |
25 | unsigned int hooknum, const struct xt_target *target, | 25 | unsigned int hooknum, const struct xt_target *target, |
26 | const void *targinfo) | 26 | const void *targinfo) |
@@ -29,10 +29,10 @@ ipt_ttl_target(struct sk_buff **pskb, | |||
29 | const struct ipt_TTL_info *info = targinfo; | 29 | const struct ipt_TTL_info *info = targinfo; |
30 | int new_ttl; | 30 | int new_ttl; |
31 | 31 | ||
32 | if (!skb_make_writable(pskb, (*pskb)->len)) | 32 | if (!skb_make_writable(skb, skb->len)) |
33 | return NF_DROP; | 33 | return NF_DROP; |
34 | 34 | ||
35 | iph = ip_hdr(*pskb); | 35 | iph = ip_hdr(skb); |
36 | 36 | ||
37 | switch (info->mode) { | 37 | switch (info->mode) { |
38 | case IPT_TTL_SET: | 38 | case IPT_TTL_SET: |
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index c636d6d63574..212b830765a4 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c | |||
@@ -279,7 +279,7 @@ alloc_failure: | |||
279 | spin_unlock_bh(&ulog_lock); | 279 | spin_unlock_bh(&ulog_lock); |
280 | } | 280 | } |
281 | 281 | ||
282 | static unsigned int ipt_ulog_target(struct sk_buff **pskb, | 282 | static unsigned int ipt_ulog_target(struct sk_buff *skb, |
283 | const struct net_device *in, | 283 | const struct net_device *in, |
284 | const struct net_device *out, | 284 | const struct net_device *out, |
285 | unsigned int hooknum, | 285 | unsigned int hooknum, |
@@ -288,7 +288,7 @@ static unsigned int ipt_ulog_target(struct sk_buff **pskb, | |||
288 | { | 288 | { |
289 | struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; | 289 | struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; |
290 | 290 | ||
291 | ipt_ulog_packet(hooknum, *pskb, in, out, loginfo, NULL); | 291 | ipt_ulog_packet(hooknum, skb, in, out, loginfo, NULL); |
292 | 292 | ||
293 | return XT_CONTINUE; | 293 | return XT_CONTINUE; |
294 | } | 294 | } |
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c index 4f51c1d7d2d6..ba3262c60437 100644 --- a/net/ipv4/netfilter/iptable_filter.c +++ b/net/ipv4/netfilter/iptable_filter.c | |||
@@ -62,31 +62,31 @@ static struct xt_table packet_filter = { | |||
62 | /* The work comes in here from netfilter.c. */ | 62 | /* The work comes in here from netfilter.c. */ |
63 | static unsigned int | 63 | static unsigned int |
64 | ipt_hook(unsigned int hook, | 64 | ipt_hook(unsigned int hook, |
65 | struct sk_buff **pskb, | 65 | struct sk_buff *skb, |
66 | const struct net_device *in, | 66 | const struct net_device *in, |
67 | const struct net_device *out, | 67 | const struct net_device *out, |
68 | int (*okfn)(struct sk_buff *)) | 68 | int (*okfn)(struct sk_buff *)) |
69 | { | 69 | { |
70 | return ipt_do_table(pskb, hook, in, out, &packet_filter); | 70 | return ipt_do_table(skb, hook, in, out, &packet_filter); |
71 | } | 71 | } |
72 | 72 | ||
73 | static unsigned int | 73 | static unsigned int |
74 | ipt_local_out_hook(unsigned int hook, | 74 | ipt_local_out_hook(unsigned int hook, |
75 | struct sk_buff **pskb, | 75 | struct sk_buff *skb, |
76 | const struct net_device *in, | 76 | const struct net_device *in, |
77 | const struct net_device *out, | 77 | const struct net_device *out, |
78 | int (*okfn)(struct sk_buff *)) | 78 | int (*okfn)(struct sk_buff *)) |
79 | { | 79 | { |
80 | /* root is playing with raw sockets. */ | 80 | /* root is playing with raw sockets. */ |
81 | if ((*pskb)->len < sizeof(struct iphdr) | 81 | if (skb->len < sizeof(struct iphdr) || |
82 | || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { | 82 | ip_hdrlen(skb) < sizeof(struct iphdr)) { |
83 | if (net_ratelimit()) | 83 | if (net_ratelimit()) |
84 | printk("iptable_filter: ignoring short SOCK_RAW " | 84 | printk("iptable_filter: ignoring short SOCK_RAW " |
85 | "packet.\n"); | 85 | "packet.\n"); |
86 | return NF_ACCEPT; | 86 | return NF_ACCEPT; |
87 | } | 87 | } |
88 | 88 | ||
89 | return ipt_do_table(pskb, hook, in, out, &packet_filter); | 89 | return ipt_do_table(skb, hook, in, out, &packet_filter); |
90 | } | 90 | } |
91 | 91 | ||
92 | static struct nf_hook_ops ipt_ops[] = { | 92 | static struct nf_hook_ops ipt_ops[] = { |
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c index 902446f7cbca..b4360a69d5ca 100644 --- a/net/ipv4/netfilter/iptable_mangle.c +++ b/net/ipv4/netfilter/iptable_mangle.c | |||
@@ -75,17 +75,17 @@ static struct xt_table packet_mangler = { | |||
75 | /* The work comes in here from netfilter.c. */ | 75 | /* The work comes in here from netfilter.c. */ |
76 | static unsigned int | 76 | static unsigned int |
77 | ipt_route_hook(unsigned int hook, | 77 | ipt_route_hook(unsigned int hook, |
78 | struct sk_buff **pskb, | 78 | struct sk_buff *skb, |
79 | const struct net_device *in, | 79 | const struct net_device *in, |
80 | const struct net_device *out, | 80 | const struct net_device *out, |
81 | int (*okfn)(struct sk_buff *)) | 81 | int (*okfn)(struct sk_buff *)) |
82 | { | 82 | { |
83 | return ipt_do_table(pskb, hook, in, out, &packet_mangler); | 83 | return ipt_do_table(skb, hook, in, out, &packet_mangler); |
84 | } | 84 | } |
85 | 85 | ||
86 | static unsigned int | 86 | static unsigned int |
87 | ipt_local_hook(unsigned int hook, | 87 | ipt_local_hook(unsigned int hook, |
88 | struct sk_buff **pskb, | 88 | struct sk_buff *skb, |
89 | const struct net_device *in, | 89 | const struct net_device *in, |
90 | const struct net_device *out, | 90 | const struct net_device *out, |
91 | int (*okfn)(struct sk_buff *)) | 91 | int (*okfn)(struct sk_buff *)) |
@@ -97,8 +97,8 @@ ipt_local_hook(unsigned int hook, | |||
97 | u_int32_t mark; | 97 | u_int32_t mark; |
98 | 98 | ||
99 | /* root is playing with raw sockets. */ | 99 | /* root is playing with raw sockets. */ |
100 | if ((*pskb)->len < sizeof(struct iphdr) | 100 | if (skb->len < sizeof(struct iphdr) |
101 | || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { | 101 | || ip_hdrlen(skb) < sizeof(struct iphdr)) { |
102 | if (net_ratelimit()) | 102 | if (net_ratelimit()) |
103 | printk("iptable_mangle: ignoring short SOCK_RAW " | 103 | printk("iptable_mangle: ignoring short SOCK_RAW " |
104 | "packet.\n"); | 104 | "packet.\n"); |
@@ -106,22 +106,22 @@ ipt_local_hook(unsigned int hook, | |||
106 | } | 106 | } |
107 | 107 | ||
108 | /* Save things which could affect route */ | 108 | /* Save things which could affect route */ |
109 | mark = (*pskb)->mark; | 109 | mark = skb->mark; |
110 | iph = ip_hdr(*pskb); | 110 | iph = ip_hdr(skb); |
111 | saddr = iph->saddr; | 111 | saddr = iph->saddr; |
112 | daddr = iph->daddr; | 112 | daddr = iph->daddr; |
113 | tos = iph->tos; | 113 | tos = iph->tos; |
114 | 114 | ||
115 | ret = ipt_do_table(pskb, hook, in, out, &packet_mangler); | 115 | ret = ipt_do_table(skb, hook, in, out, &packet_mangler); |
116 | /* Reroute for ANY change. */ | 116 | /* Reroute for ANY change. */ |
117 | if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) { | 117 | if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) { |
118 | iph = ip_hdr(*pskb); | 118 | iph = ip_hdr(skb); |
119 | 119 | ||
120 | if (iph->saddr != saddr || | 120 | if (iph->saddr != saddr || |
121 | iph->daddr != daddr || | 121 | iph->daddr != daddr || |
122 | (*pskb)->mark != mark || | 122 | skb->mark != mark || |
123 | iph->tos != tos) | 123 | iph->tos != tos) |
124 | if (ip_route_me_harder(pskb, RTN_UNSPEC)) | 124 | if (ip_route_me_harder(skb, RTN_UNSPEC)) |
125 | ret = NF_DROP; | 125 | ret = NF_DROP; |
126 | } | 126 | } |
127 | 127 | ||
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c index d6e503395684..5de6e57ac55c 100644 --- a/net/ipv4/netfilter/iptable_raw.c +++ b/net/ipv4/netfilter/iptable_raw.c | |||
@@ -47,30 +47,30 @@ static struct xt_table packet_raw = { | |||
47 | /* The work comes in here from netfilter.c. */ | 47 | /* The work comes in here from netfilter.c. */ |
48 | static unsigned int | 48 | static unsigned int |
49 | ipt_hook(unsigned int hook, | 49 | ipt_hook(unsigned int hook, |
50 | struct sk_buff **pskb, | 50 | struct sk_buff *skb, |
51 | const struct net_device *in, | 51 | const struct net_device *in, |
52 | const struct net_device *out, | 52 | const struct net_device *out, |
53 | int (*okfn)(struct sk_buff *)) | 53 | int (*okfn)(struct sk_buff *)) |
54 | { | 54 | { |
55 | return ipt_do_table(pskb, hook, in, out, &packet_raw); | 55 | return ipt_do_table(skb, hook, in, out, &packet_raw); |
56 | } | 56 | } |
57 | 57 | ||
58 | static unsigned int | 58 | static unsigned int |
59 | ipt_local_hook(unsigned int hook, | 59 | ipt_local_hook(unsigned int hook, |
60 | struct sk_buff **pskb, | 60 | struct sk_buff *skb, |
61 | const struct net_device *in, | 61 | const struct net_device *in, |
62 | const struct net_device *out, | 62 | const struct net_device *out, |
63 | int (*okfn)(struct sk_buff *)) | 63 | int (*okfn)(struct sk_buff *)) |
64 | { | 64 | { |
65 | /* root is playing with raw sockets. */ | 65 | /* root is playing with raw sockets. */ |
66 | if ((*pskb)->len < sizeof(struct iphdr) || | 66 | if (skb->len < sizeof(struct iphdr) || |
67 | ip_hdrlen(*pskb) < sizeof(struct iphdr)) { | 67 | ip_hdrlen(skb) < sizeof(struct iphdr)) { |
68 | if (net_ratelimit()) | 68 | if (net_ratelimit()) |
69 | printk("iptable_raw: ignoring short SOCK_RAW" | 69 | printk("iptable_raw: ignoring short SOCK_RAW" |
70 | "packet.\n"); | 70 | "packet.\n"); |
71 | return NF_ACCEPT; | 71 | return NF_ACCEPT; |
72 | } | 72 | } |
73 | return ipt_do_table(pskb, hook, in, out, &packet_raw); | 73 | return ipt_do_table(skb, hook, in, out, &packet_raw); |
74 | } | 74 | } |
75 | 75 | ||
76 | /* 'raw' is the very first table. */ | 76 | /* 'raw' is the very first table. */ |
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 2fcb9249a8da..831e9b29806d 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
@@ -63,19 +63,20 @@ static int ipv4_print_conntrack(struct seq_file *s, | |||
63 | } | 63 | } |
64 | 64 | ||
65 | /* Returns new sk_buff, or NULL */ | 65 | /* Returns new sk_buff, or NULL */ |
66 | static struct sk_buff * | 66 | static int nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user) |
67 | nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user) | ||
68 | { | 67 | { |
68 | int err; | ||
69 | |||
69 | skb_orphan(skb); | 70 | skb_orphan(skb); |
70 | 71 | ||
71 | local_bh_disable(); | 72 | local_bh_disable(); |
72 | skb = ip_defrag(skb, user); | 73 | err = ip_defrag(skb, user); |
73 | local_bh_enable(); | 74 | local_bh_enable(); |
74 | 75 | ||
75 | if (skb) | 76 | if (!err) |
76 | ip_send_check(ip_hdr(skb)); | 77 | ip_send_check(ip_hdr(skb)); |
77 | 78 | ||
78 | return skb; | 79 | return err; |
79 | } | 80 | } |
80 | 81 | ||
81 | static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff, | 82 | static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff, |
@@ -99,17 +100,17 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff, | |||
99 | } | 100 | } |
100 | 101 | ||
101 | static unsigned int ipv4_confirm(unsigned int hooknum, | 102 | static unsigned int ipv4_confirm(unsigned int hooknum, |
102 | struct sk_buff **pskb, | 103 | struct sk_buff *skb, |
103 | const struct net_device *in, | 104 | const struct net_device *in, |
104 | const struct net_device *out, | 105 | const struct net_device *out, |
105 | int (*okfn)(struct sk_buff *)) | 106 | int (*okfn)(struct sk_buff *)) |
106 | { | 107 | { |
107 | /* We've seen it coming out the other side: confirm it */ | 108 | /* We've seen it coming out the other side: confirm it */ |
108 | return nf_conntrack_confirm(pskb); | 109 | return nf_conntrack_confirm(skb); |
109 | } | 110 | } |
110 | 111 | ||
111 | static unsigned int ipv4_conntrack_help(unsigned int hooknum, | 112 | static unsigned int ipv4_conntrack_help(unsigned int hooknum, |
112 | struct sk_buff **pskb, | 113 | struct sk_buff *skb, |
113 | const struct net_device *in, | 114 | const struct net_device *in, |
114 | const struct net_device *out, | 115 | const struct net_device *out, |
115 | int (*okfn)(struct sk_buff *)) | 116 | int (*okfn)(struct sk_buff *)) |
@@ -120,7 +121,7 @@ static unsigned int ipv4_conntrack_help(unsigned int hooknum, | |||
120 | struct nf_conntrack_helper *helper; | 121 | struct nf_conntrack_helper *helper; |
121 | 122 | ||
122 | /* This is where we call the helper: as the packet goes out. */ | 123 | /* This is where we call the helper: as the packet goes out. */ |
123 | ct = nf_ct_get(*pskb, &ctinfo); | 124 | ct = nf_ct_get(skb, &ctinfo); |
124 | if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY) | 125 | if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY) |
125 | return NF_ACCEPT; | 126 | return NF_ACCEPT; |
126 | 127 | ||
@@ -131,56 +132,55 @@ static unsigned int ipv4_conntrack_help(unsigned int hooknum, | |||
131 | helper = rcu_dereference(help->helper); | 132 | helper = rcu_dereference(help->helper); |
132 | if (!helper) | 133 | if (!helper) |
133 | return NF_ACCEPT; | 134 | return NF_ACCEPT; |
134 | return helper->help(pskb, skb_network_offset(*pskb) + ip_hdrlen(*pskb), | 135 | return helper->help(skb, skb_network_offset(skb) + ip_hdrlen(skb), |
135 | ct, ctinfo); | 136 | ct, ctinfo); |
136 | } | 137 | } |
137 | 138 | ||
138 | static unsigned int ipv4_conntrack_defrag(unsigned int hooknum, | 139 | static unsigned int ipv4_conntrack_defrag(unsigned int hooknum, |
139 | struct sk_buff **pskb, | 140 | struct sk_buff *skb, |
140 | const struct net_device *in, | 141 | const struct net_device *in, |
141 | const struct net_device *out, | 142 | const struct net_device *out, |
142 | int (*okfn)(struct sk_buff *)) | 143 | int (*okfn)(struct sk_buff *)) |
143 | { | 144 | { |
144 | /* Previously seen (loopback)? Ignore. Do this before | 145 | /* Previously seen (loopback)? Ignore. Do this before |
145 | fragment check. */ | 146 | fragment check. */ |
146 | if ((*pskb)->nfct) | 147 | if (skb->nfct) |
147 | return NF_ACCEPT; | 148 | return NF_ACCEPT; |
148 | 149 | ||
149 | /* Gather fragments. */ | 150 | /* Gather fragments. */ |
150 | if (ip_hdr(*pskb)->frag_off & htons(IP_MF | IP_OFFSET)) { | 151 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { |
151 | *pskb = nf_ct_ipv4_gather_frags(*pskb, | 152 | if (nf_ct_ipv4_gather_frags(skb, |
152 | hooknum == NF_IP_PRE_ROUTING ? | 153 | hooknum == NF_IP_PRE_ROUTING ? |
153 | IP_DEFRAG_CONNTRACK_IN : | 154 | IP_DEFRAG_CONNTRACK_IN : |
154 | IP_DEFRAG_CONNTRACK_OUT); | 155 | IP_DEFRAG_CONNTRACK_OUT)) |
155 | if (!*pskb) | ||
156 | return NF_STOLEN; | 156 | return NF_STOLEN; |
157 | } | 157 | } |
158 | return NF_ACCEPT; | 158 | return NF_ACCEPT; |
159 | } | 159 | } |
160 | 160 | ||
161 | static unsigned int ipv4_conntrack_in(unsigned int hooknum, | 161 | static unsigned int ipv4_conntrack_in(unsigned int hooknum, |
162 | struct sk_buff **pskb, | 162 | struct sk_buff *skb, |
163 | const struct net_device *in, | 163 | const struct net_device *in, |
164 | const struct net_device *out, | 164 | const struct net_device *out, |
165 | int (*okfn)(struct sk_buff *)) | 165 | int (*okfn)(struct sk_buff *)) |
166 | { | 166 | { |
167 | return nf_conntrack_in(PF_INET, hooknum, pskb); | 167 | return nf_conntrack_in(PF_INET, hooknum, skb); |
168 | } | 168 | } |
169 | 169 | ||
170 | static unsigned int ipv4_conntrack_local(unsigned int hooknum, | 170 | static unsigned int ipv4_conntrack_local(unsigned int hooknum, |
171 | struct sk_buff **pskb, | 171 | struct sk_buff *skb, |
172 | const struct net_device *in, | 172 | const struct net_device *in, |
173 | const struct net_device *out, | 173 | const struct net_device *out, |
174 | int (*okfn)(struct sk_buff *)) | 174 | int (*okfn)(struct sk_buff *)) |
175 | { | 175 | { |
176 | /* root is playing with raw sockets. */ | 176 | /* root is playing with raw sockets. */ |
177 | if ((*pskb)->len < sizeof(struct iphdr) | 177 | if (skb->len < sizeof(struct iphdr) || |
178 | || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { | 178 | ip_hdrlen(skb) < sizeof(struct iphdr)) { |
179 | if (net_ratelimit()) | 179 | if (net_ratelimit()) |
180 | printk("ipt_hook: happy cracking.\n"); | 180 | printk("ipt_hook: happy cracking.\n"); |
181 | return NF_ACCEPT; | 181 | return NF_ACCEPT; |
182 | } | 182 | } |
183 | return nf_conntrack_in(PF_INET, hooknum, pskb); | 183 | return nf_conntrack_in(PF_INET, hooknum, skb); |
184 | } | 184 | } |
185 | 185 | ||
186 | /* Connection tracking may drop packets, but never alters them, so | 186 | /* Connection tracking may drop packets, but never alters them, so |
diff --git a/net/ipv4/netfilter/nf_nat_amanda.c b/net/ipv4/netfilter/nf_nat_amanda.c index bd93a1d71052..35a5aa69cd92 100644 --- a/net/ipv4/netfilter/nf_nat_amanda.c +++ b/net/ipv4/netfilter/nf_nat_amanda.c | |||
@@ -24,7 +24,7 @@ MODULE_DESCRIPTION("Amanda NAT helper"); | |||
24 | MODULE_LICENSE("GPL"); | 24 | MODULE_LICENSE("GPL"); |
25 | MODULE_ALIAS("ip_nat_amanda"); | 25 | MODULE_ALIAS("ip_nat_amanda"); |
26 | 26 | ||
27 | static unsigned int help(struct sk_buff **pskb, | 27 | static unsigned int help(struct sk_buff *skb, |
28 | enum ip_conntrack_info ctinfo, | 28 | enum ip_conntrack_info ctinfo, |
29 | unsigned int matchoff, | 29 | unsigned int matchoff, |
30 | unsigned int matchlen, | 30 | unsigned int matchlen, |
@@ -53,7 +53,7 @@ static unsigned int help(struct sk_buff **pskb, | |||
53 | return NF_DROP; | 53 | return NF_DROP; |
54 | 54 | ||
55 | sprintf(buffer, "%u", port); | 55 | sprintf(buffer, "%u", port); |
56 | ret = nf_nat_mangle_udp_packet(pskb, exp->master, ctinfo, | 56 | ret = nf_nat_mangle_udp_packet(skb, exp->master, ctinfo, |
57 | matchoff, matchlen, | 57 | matchoff, matchlen, |
58 | buffer, strlen(buffer)); | 58 | buffer, strlen(buffer)); |
59 | if (ret != NF_ACCEPT) | 59 | if (ret != NF_ACCEPT) |
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index 7221aa20e6ff..56e93f692e82 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c | |||
@@ -349,7 +349,7 @@ EXPORT_SYMBOL(nf_nat_setup_info); | |||
349 | /* Returns true if succeeded. */ | 349 | /* Returns true if succeeded. */ |
350 | static int | 350 | static int |
351 | manip_pkt(u_int16_t proto, | 351 | manip_pkt(u_int16_t proto, |
352 | struct sk_buff **pskb, | 352 | struct sk_buff *skb, |
353 | unsigned int iphdroff, | 353 | unsigned int iphdroff, |
354 | const struct nf_conntrack_tuple *target, | 354 | const struct nf_conntrack_tuple *target, |
355 | enum nf_nat_manip_type maniptype) | 355 | enum nf_nat_manip_type maniptype) |
@@ -357,19 +357,19 @@ manip_pkt(u_int16_t proto, | |||
357 | struct iphdr *iph; | 357 | struct iphdr *iph; |
358 | struct nf_nat_protocol *p; | 358 | struct nf_nat_protocol *p; |
359 | 359 | ||
360 | if (!skb_make_writable(pskb, iphdroff + sizeof(*iph))) | 360 | if (!skb_make_writable(skb, iphdroff + sizeof(*iph))) |
361 | return 0; | 361 | return 0; |
362 | 362 | ||
363 | iph = (void *)(*pskb)->data + iphdroff; | 363 | iph = (void *)skb->data + iphdroff; |
364 | 364 | ||
365 | /* Manipulate protcol part. */ | 365 | /* Manipulate protcol part. */ |
366 | 366 | ||
367 | /* rcu_read_lock()ed by nf_hook_slow */ | 367 | /* rcu_read_lock()ed by nf_hook_slow */ |
368 | p = __nf_nat_proto_find(proto); | 368 | p = __nf_nat_proto_find(proto); |
369 | if (!p->manip_pkt(pskb, iphdroff, target, maniptype)) | 369 | if (!p->manip_pkt(skb, iphdroff, target, maniptype)) |
370 | return 0; | 370 | return 0; |
371 | 371 | ||
372 | iph = (void *)(*pskb)->data + iphdroff; | 372 | iph = (void *)skb->data + iphdroff; |
373 | 373 | ||
374 | if (maniptype == IP_NAT_MANIP_SRC) { | 374 | if (maniptype == IP_NAT_MANIP_SRC) { |
375 | nf_csum_replace4(&iph->check, iph->saddr, target->src.u3.ip); | 375 | nf_csum_replace4(&iph->check, iph->saddr, target->src.u3.ip); |
@@ -385,7 +385,7 @@ manip_pkt(u_int16_t proto, | |||
385 | unsigned int nf_nat_packet(struct nf_conn *ct, | 385 | unsigned int nf_nat_packet(struct nf_conn *ct, |
386 | enum ip_conntrack_info ctinfo, | 386 | enum ip_conntrack_info ctinfo, |
387 | unsigned int hooknum, | 387 | unsigned int hooknum, |
388 | struct sk_buff **pskb) | 388 | struct sk_buff *skb) |
389 | { | 389 | { |
390 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); | 390 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); |
391 | unsigned long statusbit; | 391 | unsigned long statusbit; |
@@ -407,7 +407,7 @@ unsigned int nf_nat_packet(struct nf_conn *ct, | |||
407 | /* We are aiming to look like inverse of other direction. */ | 407 | /* We are aiming to look like inverse of other direction. */ |
408 | nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple); | 408 | nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple); |
409 | 409 | ||
410 | if (!manip_pkt(target.dst.protonum, pskb, 0, &target, mtype)) | 410 | if (!manip_pkt(target.dst.protonum, skb, 0, &target, mtype)) |
411 | return NF_DROP; | 411 | return NF_DROP; |
412 | } | 412 | } |
413 | return NF_ACCEPT; | 413 | return NF_ACCEPT; |
@@ -418,7 +418,7 @@ EXPORT_SYMBOL_GPL(nf_nat_packet); | |||
418 | int nf_nat_icmp_reply_translation(struct nf_conn *ct, | 418 | int nf_nat_icmp_reply_translation(struct nf_conn *ct, |
419 | enum ip_conntrack_info ctinfo, | 419 | enum ip_conntrack_info ctinfo, |
420 | unsigned int hooknum, | 420 | unsigned int hooknum, |
421 | struct sk_buff **pskb) | 421 | struct sk_buff *skb) |
422 | { | 422 | { |
423 | struct { | 423 | struct { |
424 | struct icmphdr icmp; | 424 | struct icmphdr icmp; |
@@ -426,24 +426,24 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct, | |||
426 | } *inside; | 426 | } *inside; |
427 | struct nf_conntrack_l4proto *l4proto; | 427 | struct nf_conntrack_l4proto *l4proto; |
428 | struct nf_conntrack_tuple inner, target; | 428 | struct nf_conntrack_tuple inner, target; |
429 | int hdrlen = ip_hdrlen(*pskb); | 429 | int hdrlen = ip_hdrlen(skb); |
430 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); | 430 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); |
431 | unsigned long statusbit; | 431 | unsigned long statusbit; |
432 | enum nf_nat_manip_type manip = HOOK2MANIP(hooknum); | 432 | enum nf_nat_manip_type manip = HOOK2MANIP(hooknum); |
433 | 433 | ||
434 | if (!skb_make_writable(pskb, hdrlen + sizeof(*inside))) | 434 | if (!skb_make_writable(skb, hdrlen + sizeof(*inside))) |
435 | return 0; | 435 | return 0; |
436 | 436 | ||
437 | inside = (void *)(*pskb)->data + ip_hdrlen(*pskb); | 437 | inside = (void *)skb->data + ip_hdrlen(skb); |
438 | 438 | ||
439 | /* We're actually going to mangle it beyond trivial checksum | 439 | /* We're actually going to mangle it beyond trivial checksum |
440 | adjustment, so make sure the current checksum is correct. */ | 440 | adjustment, so make sure the current checksum is correct. */ |
441 | if (nf_ip_checksum(*pskb, hooknum, hdrlen, 0)) | 441 | if (nf_ip_checksum(skb, hooknum, hdrlen, 0)) |
442 | return 0; | 442 | return 0; |
443 | 443 | ||
444 | /* Must be RELATED */ | 444 | /* Must be RELATED */ |
445 | NF_CT_ASSERT((*pskb)->nfctinfo == IP_CT_RELATED || | 445 | NF_CT_ASSERT(skb->nfctinfo == IP_CT_RELATED || |
446 | (*pskb)->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY); | 446 | skb->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY); |
447 | 447 | ||
448 | /* Redirects on non-null nats must be dropped, else they'll | 448 | /* Redirects on non-null nats must be dropped, else they'll |
449 | start talking to each other without our translation, and be | 449 | start talking to each other without our translation, and be |
@@ -458,15 +458,15 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct, | |||
458 | } | 458 | } |
459 | 459 | ||
460 | pr_debug("icmp_reply_translation: translating error %p manip %u " | 460 | pr_debug("icmp_reply_translation: translating error %p manip %u " |
461 | "dir %s\n", *pskb, manip, | 461 | "dir %s\n", skb, manip, |
462 | dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY"); | 462 | dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY"); |
463 | 463 | ||
464 | /* rcu_read_lock()ed by nf_hook_slow */ | 464 | /* rcu_read_lock()ed by nf_hook_slow */ |
465 | l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol); | 465 | l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol); |
466 | 466 | ||
467 | if (!nf_ct_get_tuple(*pskb, | 467 | if (!nf_ct_get_tuple(skb, |
468 | ip_hdrlen(*pskb) + sizeof(struct icmphdr), | 468 | ip_hdrlen(skb) + sizeof(struct icmphdr), |
469 | (ip_hdrlen(*pskb) + | 469 | (ip_hdrlen(skb) + |
470 | sizeof(struct icmphdr) + inside->ip.ihl * 4), | 470 | sizeof(struct icmphdr) + inside->ip.ihl * 4), |
471 | (u_int16_t)AF_INET, | 471 | (u_int16_t)AF_INET, |
472 | inside->ip.protocol, | 472 | inside->ip.protocol, |
@@ -478,19 +478,19 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct, | |||
478 | pass all hooks (locally-generated ICMP). Consider incoming | 478 | pass all hooks (locally-generated ICMP). Consider incoming |
479 | packet: PREROUTING (DST manip), routing produces ICMP, goes | 479 | packet: PREROUTING (DST manip), routing produces ICMP, goes |
480 | through POSTROUTING (which must correct the DST manip). */ | 480 | through POSTROUTING (which must correct the DST manip). */ |
481 | if (!manip_pkt(inside->ip.protocol, pskb, | 481 | if (!manip_pkt(inside->ip.protocol, skb, |
482 | ip_hdrlen(*pskb) + sizeof(inside->icmp), | 482 | ip_hdrlen(skb) + sizeof(inside->icmp), |
483 | &ct->tuplehash[!dir].tuple, | 483 | &ct->tuplehash[!dir].tuple, |
484 | !manip)) | 484 | !manip)) |
485 | return 0; | 485 | return 0; |
486 | 486 | ||
487 | if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { | 487 | if (skb->ip_summed != CHECKSUM_PARTIAL) { |
488 | /* Reloading "inside" here since manip_pkt inner. */ | 488 | /* Reloading "inside" here since manip_pkt inner. */ |
489 | inside = (void *)(*pskb)->data + ip_hdrlen(*pskb); | 489 | inside = (void *)skb->data + ip_hdrlen(skb); |
490 | inside->icmp.checksum = 0; | 490 | inside->icmp.checksum = 0; |
491 | inside->icmp.checksum = | 491 | inside->icmp.checksum = |
492 | csum_fold(skb_checksum(*pskb, hdrlen, | 492 | csum_fold(skb_checksum(skb, hdrlen, |
493 | (*pskb)->len - hdrlen, 0)); | 493 | skb->len - hdrlen, 0)); |
494 | } | 494 | } |
495 | 495 | ||
496 | /* Change outer to look the reply to an incoming packet | 496 | /* Change outer to look the reply to an incoming packet |
@@ -506,7 +506,7 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct, | |||
506 | 506 | ||
507 | if (ct->status & statusbit) { | 507 | if (ct->status & statusbit) { |
508 | nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple); | 508 | nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple); |
509 | if (!manip_pkt(0, pskb, 0, &target, manip)) | 509 | if (!manip_pkt(0, skb, 0, &target, manip)) |
510 | return 0; | 510 | return 0; |
511 | } | 511 | } |
512 | 512 | ||
diff --git a/net/ipv4/netfilter/nf_nat_ftp.c b/net/ipv4/netfilter/nf_nat_ftp.c index 3663bd879c39..e1a16d3ea4cb 100644 --- a/net/ipv4/netfilter/nf_nat_ftp.c +++ b/net/ipv4/netfilter/nf_nat_ftp.c | |||
@@ -28,7 +28,7 @@ MODULE_ALIAS("ip_nat_ftp"); | |||
28 | /* FIXME: Time out? --RR */ | 28 | /* FIXME: Time out? --RR */ |
29 | 29 | ||
30 | static int | 30 | static int |
31 | mangle_rfc959_packet(struct sk_buff **pskb, | 31 | mangle_rfc959_packet(struct sk_buff *skb, |
32 | __be32 newip, | 32 | __be32 newip, |
33 | u_int16_t port, | 33 | u_int16_t port, |
34 | unsigned int matchoff, | 34 | unsigned int matchoff, |
@@ -43,13 +43,13 @@ mangle_rfc959_packet(struct sk_buff **pskb, | |||
43 | 43 | ||
44 | pr_debug("calling nf_nat_mangle_tcp_packet\n"); | 44 | pr_debug("calling nf_nat_mangle_tcp_packet\n"); |
45 | 45 | ||
46 | return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, | 46 | return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff, |
47 | matchlen, buffer, strlen(buffer)); | 47 | matchlen, buffer, strlen(buffer)); |
48 | } | 48 | } |
49 | 49 | ||
50 | /* |1|132.235.1.2|6275| */ | 50 | /* |1|132.235.1.2|6275| */ |
51 | static int | 51 | static int |
52 | mangle_eprt_packet(struct sk_buff **pskb, | 52 | mangle_eprt_packet(struct sk_buff *skb, |
53 | __be32 newip, | 53 | __be32 newip, |
54 | u_int16_t port, | 54 | u_int16_t port, |
55 | unsigned int matchoff, | 55 | unsigned int matchoff, |
@@ -63,13 +63,13 @@ mangle_eprt_packet(struct sk_buff **pskb, | |||
63 | 63 | ||
64 | pr_debug("calling nf_nat_mangle_tcp_packet\n"); | 64 | pr_debug("calling nf_nat_mangle_tcp_packet\n"); |
65 | 65 | ||
66 | return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, | 66 | return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff, |
67 | matchlen, buffer, strlen(buffer)); | 67 | matchlen, buffer, strlen(buffer)); |
68 | } | 68 | } |
69 | 69 | ||
70 | /* |1|132.235.1.2|6275| */ | 70 | /* |1|132.235.1.2|6275| */ |
71 | static int | 71 | static int |
72 | mangle_epsv_packet(struct sk_buff **pskb, | 72 | mangle_epsv_packet(struct sk_buff *skb, |
73 | __be32 newip, | 73 | __be32 newip, |
74 | u_int16_t port, | 74 | u_int16_t port, |
75 | unsigned int matchoff, | 75 | unsigned int matchoff, |
@@ -83,11 +83,11 @@ mangle_epsv_packet(struct sk_buff **pskb, | |||
83 | 83 | ||
84 | pr_debug("calling nf_nat_mangle_tcp_packet\n"); | 84 | pr_debug("calling nf_nat_mangle_tcp_packet\n"); |
85 | 85 | ||
86 | return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, | 86 | return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff, |
87 | matchlen, buffer, strlen(buffer)); | 87 | matchlen, buffer, strlen(buffer)); |
88 | } | 88 | } |
89 | 89 | ||
90 | static int (*mangle[])(struct sk_buff **, __be32, u_int16_t, | 90 | static int (*mangle[])(struct sk_buff *, __be32, u_int16_t, |
91 | unsigned int, unsigned int, struct nf_conn *, | 91 | unsigned int, unsigned int, struct nf_conn *, |
92 | enum ip_conntrack_info) | 92 | enum ip_conntrack_info) |
93 | = { | 93 | = { |
@@ -99,7 +99,7 @@ static int (*mangle[])(struct sk_buff **, __be32, u_int16_t, | |||
99 | 99 | ||
100 | /* So, this packet has hit the connection tracking matching code. | 100 | /* So, this packet has hit the connection tracking matching code. |
101 | Mangle it, and change the expectation to match the new version. */ | 101 | Mangle it, and change the expectation to match the new version. */ |
102 | static unsigned int nf_nat_ftp(struct sk_buff **pskb, | 102 | static unsigned int nf_nat_ftp(struct sk_buff *skb, |
103 | enum ip_conntrack_info ctinfo, | 103 | enum ip_conntrack_info ctinfo, |
104 | enum nf_ct_ftp_type type, | 104 | enum nf_ct_ftp_type type, |
105 | unsigned int matchoff, | 105 | unsigned int matchoff, |
@@ -132,7 +132,7 @@ static unsigned int nf_nat_ftp(struct sk_buff **pskb, | |||
132 | if (port == 0) | 132 | if (port == 0) |
133 | return NF_DROP; | 133 | return NF_DROP; |
134 | 134 | ||
135 | if (!mangle[type](pskb, newip, port, matchoff, matchlen, ct, ctinfo)) { | 135 | if (!mangle[type](skb, newip, port, matchoff, matchlen, ct, ctinfo)) { |
136 | nf_ct_unexpect_related(exp); | 136 | nf_ct_unexpect_related(exp); |
137 | return NF_DROP; | 137 | return NF_DROP; |
138 | } | 138 | } |
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c index c1b059a73708..a868c8c41328 100644 --- a/net/ipv4/netfilter/nf_nat_h323.c +++ b/net/ipv4/netfilter/nf_nat_h323.c | |||
@@ -22,12 +22,12 @@ | |||
22 | #include <linux/netfilter/nf_conntrack_h323.h> | 22 | #include <linux/netfilter/nf_conntrack_h323.h> |
23 | 23 | ||
24 | /****************************************************************************/ | 24 | /****************************************************************************/ |
25 | static int set_addr(struct sk_buff **pskb, | 25 | static int set_addr(struct sk_buff *skb, |
26 | unsigned char **data, int dataoff, | 26 | unsigned char **data, int dataoff, |
27 | unsigned int addroff, __be32 ip, __be16 port) | 27 | unsigned int addroff, __be32 ip, __be16 port) |
28 | { | 28 | { |
29 | enum ip_conntrack_info ctinfo; | 29 | enum ip_conntrack_info ctinfo; |
30 | struct nf_conn *ct = nf_ct_get(*pskb, &ctinfo); | 30 | struct nf_conn *ct = nf_ct_get(skb, &ctinfo); |
31 | struct { | 31 | struct { |
32 | __be32 ip; | 32 | __be32 ip; |
33 | __be16 port; | 33 | __be16 port; |
@@ -38,8 +38,8 @@ static int set_addr(struct sk_buff **pskb, | |||
38 | buf.port = port; | 38 | buf.port = port; |
39 | addroff += dataoff; | 39 | addroff += dataoff; |
40 | 40 | ||
41 | if (ip_hdr(*pskb)->protocol == IPPROTO_TCP) { | 41 | if (ip_hdr(skb)->protocol == IPPROTO_TCP) { |
42 | if (!nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, | 42 | if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, |
43 | addroff, sizeof(buf), | 43 | addroff, sizeof(buf), |
44 | (char *) &buf, sizeof(buf))) { | 44 | (char *) &buf, sizeof(buf))) { |
45 | if (net_ratelimit()) | 45 | if (net_ratelimit()) |
@@ -49,14 +49,13 @@ static int set_addr(struct sk_buff **pskb, | |||
49 | } | 49 | } |
50 | 50 | ||
51 | /* Relocate data pointer */ | 51 | /* Relocate data pointer */ |
52 | th = skb_header_pointer(*pskb, ip_hdrlen(*pskb), | 52 | th = skb_header_pointer(skb, ip_hdrlen(skb), |
53 | sizeof(_tcph), &_tcph); | 53 | sizeof(_tcph), &_tcph); |
54 | if (th == NULL) | 54 | if (th == NULL) |
55 | return -1; | 55 | return -1; |
56 | *data = (*pskb)->data + ip_hdrlen(*pskb) + | 56 | *data = skb->data + ip_hdrlen(skb) + th->doff * 4 + dataoff; |
57 | th->doff * 4 + dataoff; | ||
58 | } else { | 57 | } else { |
59 | if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, | 58 | if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo, |
60 | addroff, sizeof(buf), | 59 | addroff, sizeof(buf), |
61 | (char *) &buf, sizeof(buf))) { | 60 | (char *) &buf, sizeof(buf))) { |
62 | if (net_ratelimit()) | 61 | if (net_ratelimit()) |
@@ -67,36 +66,35 @@ static int set_addr(struct sk_buff **pskb, | |||
67 | /* nf_nat_mangle_udp_packet uses skb_make_writable() to copy | 66 | /* nf_nat_mangle_udp_packet uses skb_make_writable() to copy |
68 | * or pull everything in a linear buffer, so we can safely | 67 | * or pull everything in a linear buffer, so we can safely |
69 | * use the skb pointers now */ | 68 | * use the skb pointers now */ |
70 | *data = ((*pskb)->data + ip_hdrlen(*pskb) + | 69 | *data = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr); |
71 | sizeof(struct udphdr)); | ||
72 | } | 70 | } |
73 | 71 | ||
74 | return 0; | 72 | return 0; |
75 | } | 73 | } |
76 | 74 | ||
77 | /****************************************************************************/ | 75 | /****************************************************************************/ |
78 | static int set_h225_addr(struct sk_buff **pskb, | 76 | static int set_h225_addr(struct sk_buff *skb, |
79 | unsigned char **data, int dataoff, | 77 | unsigned char **data, int dataoff, |
80 | TransportAddress *taddr, | 78 | TransportAddress *taddr, |
81 | union nf_conntrack_address *addr, __be16 port) | 79 | union nf_conntrack_address *addr, __be16 port) |
82 | { | 80 | { |
83 | return set_addr(pskb, data, dataoff, taddr->ipAddress.ip, | 81 | return set_addr(skb, data, dataoff, taddr->ipAddress.ip, |
84 | addr->ip, port); | 82 | addr->ip, port); |
85 | } | 83 | } |
86 | 84 | ||
87 | /****************************************************************************/ | 85 | /****************************************************************************/ |
88 | static int set_h245_addr(struct sk_buff **pskb, | 86 | static int set_h245_addr(struct sk_buff *skb, |
89 | unsigned char **data, int dataoff, | 87 | unsigned char **data, int dataoff, |
90 | H245_TransportAddress *taddr, | 88 | H245_TransportAddress *taddr, |
91 | union nf_conntrack_address *addr, __be16 port) | 89 | union nf_conntrack_address *addr, __be16 port) |
92 | { | 90 | { |
93 | return set_addr(pskb, data, dataoff, | 91 | return set_addr(skb, data, dataoff, |
94 | taddr->unicastAddress.iPAddress.network, | 92 | taddr->unicastAddress.iPAddress.network, |
95 | addr->ip, port); | 93 | addr->ip, port); |
96 | } | 94 | } |
97 | 95 | ||
98 | /****************************************************************************/ | 96 | /****************************************************************************/ |
99 | static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct, | 97 | static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct, |
100 | enum ip_conntrack_info ctinfo, | 98 | enum ip_conntrack_info ctinfo, |
101 | unsigned char **data, | 99 | unsigned char **data, |
102 | TransportAddress *taddr, int count) | 100 | TransportAddress *taddr, int count) |
@@ -125,7 +123,7 @@ static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct, | |||
125 | NIPQUAD(addr.ip), port, | 123 | NIPQUAD(addr.ip), port, |
126 | NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip), | 124 | NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip), |
127 | info->sig_port[!dir]); | 125 | info->sig_port[!dir]); |
128 | return set_h225_addr(pskb, data, 0, &taddr[i], | 126 | return set_h225_addr(skb, data, 0, &taddr[i], |
129 | &ct->tuplehash[!dir]. | 127 | &ct->tuplehash[!dir]. |
130 | tuple.dst.u3, | 128 | tuple.dst.u3, |
131 | info->sig_port[!dir]); | 129 | info->sig_port[!dir]); |
@@ -137,7 +135,7 @@ static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct, | |||
137 | NIPQUAD(addr.ip), port, | 135 | NIPQUAD(addr.ip), port, |
138 | NIPQUAD(ct->tuplehash[!dir].tuple.src.u3.ip), | 136 | NIPQUAD(ct->tuplehash[!dir].tuple.src.u3.ip), |
139 | info->sig_port[!dir]); | 137 | info->sig_port[!dir]); |
140 | return set_h225_addr(pskb, data, 0, &taddr[i], | 138 | return set_h225_addr(skb, data, 0, &taddr[i], |
141 | &ct->tuplehash[!dir]. | 139 | &ct->tuplehash[!dir]. |
142 | tuple.src.u3, | 140 | tuple.src.u3, |
143 | info->sig_port[!dir]); | 141 | info->sig_port[!dir]); |
@@ -149,7 +147,7 @@ static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct, | |||
149 | } | 147 | } |
150 | 148 | ||
151 | /****************************************************************************/ | 149 | /****************************************************************************/ |
152 | static int set_ras_addr(struct sk_buff **pskb, struct nf_conn *ct, | 150 | static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct, |
153 | enum ip_conntrack_info ctinfo, | 151 | enum ip_conntrack_info ctinfo, |
154 | unsigned char **data, | 152 | unsigned char **data, |
155 | TransportAddress *taddr, int count) | 153 | TransportAddress *taddr, int count) |
@@ -168,7 +166,7 @@ static int set_ras_addr(struct sk_buff **pskb, struct nf_conn *ct, | |||
168 | NIPQUAD(addr.ip), ntohs(port), | 166 | NIPQUAD(addr.ip), ntohs(port), |
169 | NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip), | 167 | NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip), |
170 | ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port)); | 168 | ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port)); |
171 | return set_h225_addr(pskb, data, 0, &taddr[i], | 169 | return set_h225_addr(skb, data, 0, &taddr[i], |
172 | &ct->tuplehash[!dir].tuple.dst.u3, | 170 | &ct->tuplehash[!dir].tuple.dst.u3, |
173 | ct->tuplehash[!dir].tuple. | 171 | ct->tuplehash[!dir].tuple. |
174 | dst.u.udp.port); | 172 | dst.u.udp.port); |
@@ -179,7 +177,7 @@ static int set_ras_addr(struct sk_buff **pskb, struct nf_conn *ct, | |||
179 | } | 177 | } |
180 | 178 | ||
181 | /****************************************************************************/ | 179 | /****************************************************************************/ |
182 | static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, | 180 | static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct, |
183 | enum ip_conntrack_info ctinfo, | 181 | enum ip_conntrack_info ctinfo, |
184 | unsigned char **data, int dataoff, | 182 | unsigned char **data, int dataoff, |
185 | H245_TransportAddress *taddr, | 183 | H245_TransportAddress *taddr, |
@@ -244,7 +242,7 @@ static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, | |||
244 | } | 242 | } |
245 | 243 | ||
246 | /* Modify signal */ | 244 | /* Modify signal */ |
247 | if (set_h245_addr(pskb, data, dataoff, taddr, | 245 | if (set_h245_addr(skb, data, dataoff, taddr, |
248 | &ct->tuplehash[!dir].tuple.dst.u3, | 246 | &ct->tuplehash[!dir].tuple.dst.u3, |
249 | htons((port & htons(1)) ? nated_port + 1 : | 247 | htons((port & htons(1)) ? nated_port + 1 : |
250 | nated_port)) == 0) { | 248 | nated_port)) == 0) { |
@@ -273,7 +271,7 @@ static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, | |||
273 | } | 271 | } |
274 | 272 | ||
275 | /****************************************************************************/ | 273 | /****************************************************************************/ |
276 | static int nat_t120(struct sk_buff **pskb, struct nf_conn *ct, | 274 | static int nat_t120(struct sk_buff *skb, struct nf_conn *ct, |
277 | enum ip_conntrack_info ctinfo, | 275 | enum ip_conntrack_info ctinfo, |
278 | unsigned char **data, int dataoff, | 276 | unsigned char **data, int dataoff, |
279 | H245_TransportAddress *taddr, __be16 port, | 277 | H245_TransportAddress *taddr, __be16 port, |
@@ -301,7 +299,7 @@ static int nat_t120(struct sk_buff **pskb, struct nf_conn *ct, | |||
301 | } | 299 | } |
302 | 300 | ||
303 | /* Modify signal */ | 301 | /* Modify signal */ |
304 | if (set_h245_addr(pskb, data, dataoff, taddr, | 302 | if (set_h245_addr(skb, data, dataoff, taddr, |
305 | &ct->tuplehash[!dir].tuple.dst.u3, | 303 | &ct->tuplehash[!dir].tuple.dst.u3, |
306 | htons(nated_port)) < 0) { | 304 | htons(nated_port)) < 0) { |
307 | nf_ct_unexpect_related(exp); | 305 | nf_ct_unexpect_related(exp); |
@@ -318,7 +316,7 @@ static int nat_t120(struct sk_buff **pskb, struct nf_conn *ct, | |||
318 | } | 316 | } |
319 | 317 | ||
320 | /****************************************************************************/ | 318 | /****************************************************************************/ |
321 | static int nat_h245(struct sk_buff **pskb, struct nf_conn *ct, | 319 | static int nat_h245(struct sk_buff *skb, struct nf_conn *ct, |
322 | enum ip_conntrack_info ctinfo, | 320 | enum ip_conntrack_info ctinfo, |
323 | unsigned char **data, int dataoff, | 321 | unsigned char **data, int dataoff, |
324 | TransportAddress *taddr, __be16 port, | 322 | TransportAddress *taddr, __be16 port, |
@@ -351,7 +349,7 @@ static int nat_h245(struct sk_buff **pskb, struct nf_conn *ct, | |||
351 | } | 349 | } |
352 | 350 | ||
353 | /* Modify signal */ | 351 | /* Modify signal */ |
354 | if (set_h225_addr(pskb, data, dataoff, taddr, | 352 | if (set_h225_addr(skb, data, dataoff, taddr, |
355 | &ct->tuplehash[!dir].tuple.dst.u3, | 353 | &ct->tuplehash[!dir].tuple.dst.u3, |
356 | htons(nated_port)) == 0) { | 354 | htons(nated_port)) == 0) { |
357 | /* Save ports */ | 355 | /* Save ports */ |
@@ -406,7 +404,7 @@ static void ip_nat_q931_expect(struct nf_conn *new, | |||
406 | } | 404 | } |
407 | 405 | ||
408 | /****************************************************************************/ | 406 | /****************************************************************************/ |
409 | static int nat_q931(struct sk_buff **pskb, struct nf_conn *ct, | 407 | static int nat_q931(struct sk_buff *skb, struct nf_conn *ct, |
410 | enum ip_conntrack_info ctinfo, | 408 | enum ip_conntrack_info ctinfo, |
411 | unsigned char **data, TransportAddress *taddr, int idx, | 409 | unsigned char **data, TransportAddress *taddr, int idx, |
412 | __be16 port, struct nf_conntrack_expect *exp) | 410 | __be16 port, struct nf_conntrack_expect *exp) |
@@ -439,7 +437,7 @@ static int nat_q931(struct sk_buff **pskb, struct nf_conn *ct, | |||
439 | } | 437 | } |
440 | 438 | ||
441 | /* Modify signal */ | 439 | /* Modify signal */ |
442 | if (set_h225_addr(pskb, data, 0, &taddr[idx], | 440 | if (set_h225_addr(skb, data, 0, &taddr[idx], |
443 | &ct->tuplehash[!dir].tuple.dst.u3, | 441 | &ct->tuplehash[!dir].tuple.dst.u3, |
444 | htons(nated_port)) == 0) { | 442 | htons(nated_port)) == 0) { |
445 | /* Save ports */ | 443 | /* Save ports */ |
@@ -450,7 +448,7 @@ static int nat_q931(struct sk_buff **pskb, struct nf_conn *ct, | |||
450 | if (idx > 0 && | 448 | if (idx > 0 && |
451 | get_h225_addr(ct, *data, &taddr[0], &addr, &port) && | 449 | get_h225_addr(ct, *data, &taddr[0], &addr, &port) && |
452 | (ntohl(addr.ip) & 0xff000000) == 0x7f000000) { | 450 | (ntohl(addr.ip) & 0xff000000) == 0x7f000000) { |
453 | set_h225_addr(pskb, data, 0, &taddr[0], | 451 | set_h225_addr(skb, data, 0, &taddr[0], |
454 | &ct->tuplehash[!dir].tuple.dst.u3, | 452 | &ct->tuplehash[!dir].tuple.dst.u3, |
455 | info->sig_port[!dir]); | 453 | info->sig_port[!dir]); |
456 | } | 454 | } |
@@ -495,7 +493,7 @@ static void ip_nat_callforwarding_expect(struct nf_conn *new, | |||
495 | } | 493 | } |
496 | 494 | ||
497 | /****************************************************************************/ | 495 | /****************************************************************************/ |
498 | static int nat_callforwarding(struct sk_buff **pskb, struct nf_conn *ct, | 496 | static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct, |
499 | enum ip_conntrack_info ctinfo, | 497 | enum ip_conntrack_info ctinfo, |
500 | unsigned char **data, int dataoff, | 498 | unsigned char **data, int dataoff, |
501 | TransportAddress *taddr, __be16 port, | 499 | TransportAddress *taddr, __be16 port, |
@@ -525,7 +523,7 @@ static int nat_callforwarding(struct sk_buff **pskb, struct nf_conn *ct, | |||
525 | } | 523 | } |
526 | 524 | ||
527 | /* Modify signal */ | 525 | /* Modify signal */ |
528 | if (!set_h225_addr(pskb, data, dataoff, taddr, | 526 | if (!set_h225_addr(skb, data, dataoff, taddr, |
529 | &ct->tuplehash[!dir].tuple.dst.u3, | 527 | &ct->tuplehash[!dir].tuple.dst.u3, |
530 | htons(nated_port)) == 0) { | 528 | htons(nated_port)) == 0) { |
531 | nf_ct_unexpect_related(exp); | 529 | nf_ct_unexpect_related(exp); |
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c index 93d8a0a8f035..8718da00ef2a 100644 --- a/net/ipv4/netfilter/nf_nat_helper.c +++ b/net/ipv4/netfilter/nf_nat_helper.c | |||
@@ -111,22 +111,14 @@ static void mangle_contents(struct sk_buff *skb, | |||
111 | } | 111 | } |
112 | 112 | ||
113 | /* Unusual, but possible case. */ | 113 | /* Unusual, but possible case. */ |
114 | static int enlarge_skb(struct sk_buff **pskb, unsigned int extra) | 114 | static int enlarge_skb(struct sk_buff *skb, unsigned int extra) |
115 | { | 115 | { |
116 | struct sk_buff *nskb; | 116 | if (skb->len + extra > 65535) |
117 | |||
118 | if ((*pskb)->len + extra > 65535) | ||
119 | return 0; | 117 | return 0; |
120 | 118 | ||
121 | nskb = skb_copy_expand(*pskb, skb_headroom(*pskb), extra, GFP_ATOMIC); | 119 | if (pskb_expand_head(skb, 0, extra - skb_tailroom(skb), GFP_ATOMIC)) |
122 | if (!nskb) | ||
123 | return 0; | 120 | return 0; |
124 | 121 | ||
125 | /* Transfer socket to new skb. */ | ||
126 | if ((*pskb)->sk) | ||
127 | skb_set_owner_w(nskb, (*pskb)->sk); | ||
128 | kfree_skb(*pskb); | ||
129 | *pskb = nskb; | ||
130 | return 1; | 122 | return 1; |
131 | } | 123 | } |
132 | 124 | ||
@@ -139,7 +131,7 @@ static int enlarge_skb(struct sk_buff **pskb, unsigned int extra) | |||
139 | * | 131 | * |
140 | * */ | 132 | * */ |
141 | int | 133 | int |
142 | nf_nat_mangle_tcp_packet(struct sk_buff **pskb, | 134 | nf_nat_mangle_tcp_packet(struct sk_buff *skb, |
143 | struct nf_conn *ct, | 135 | struct nf_conn *ct, |
144 | enum ip_conntrack_info ctinfo, | 136 | enum ip_conntrack_info ctinfo, |
145 | unsigned int match_offset, | 137 | unsigned int match_offset, |
@@ -147,37 +139,37 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb, | |||
147 | const char *rep_buffer, | 139 | const char *rep_buffer, |
148 | unsigned int rep_len) | 140 | unsigned int rep_len) |
149 | { | 141 | { |
150 | struct rtable *rt = (struct rtable *)(*pskb)->dst; | 142 | struct rtable *rt = (struct rtable *)skb->dst; |
151 | struct iphdr *iph; | 143 | struct iphdr *iph; |
152 | struct tcphdr *tcph; | 144 | struct tcphdr *tcph; |
153 | int oldlen, datalen; | 145 | int oldlen, datalen; |
154 | 146 | ||
155 | if (!skb_make_writable(pskb, (*pskb)->len)) | 147 | if (!skb_make_writable(skb, skb->len)) |
156 | return 0; | 148 | return 0; |
157 | 149 | ||
158 | if (rep_len > match_len && | 150 | if (rep_len > match_len && |
159 | rep_len - match_len > skb_tailroom(*pskb) && | 151 | rep_len - match_len > skb_tailroom(skb) && |
160 | !enlarge_skb(pskb, rep_len - match_len)) | 152 | !enlarge_skb(skb, rep_len - match_len)) |
161 | return 0; | 153 | return 0; |
162 | 154 | ||
163 | SKB_LINEAR_ASSERT(*pskb); | 155 | SKB_LINEAR_ASSERT(skb); |
164 | 156 | ||
165 | iph = ip_hdr(*pskb); | 157 | iph = ip_hdr(skb); |
166 | tcph = (void *)iph + iph->ihl*4; | 158 | tcph = (void *)iph + iph->ihl*4; |
167 | 159 | ||
168 | oldlen = (*pskb)->len - iph->ihl*4; | 160 | oldlen = skb->len - iph->ihl*4; |
169 | mangle_contents(*pskb, iph->ihl*4 + tcph->doff*4, | 161 | mangle_contents(skb, iph->ihl*4 + tcph->doff*4, |
170 | match_offset, match_len, rep_buffer, rep_len); | 162 | match_offset, match_len, rep_buffer, rep_len); |
171 | 163 | ||
172 | datalen = (*pskb)->len - iph->ihl*4; | 164 | datalen = skb->len - iph->ihl*4; |
173 | if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { | 165 | if (skb->ip_summed != CHECKSUM_PARTIAL) { |
174 | if (!(rt->rt_flags & RTCF_LOCAL) && | 166 | if (!(rt->rt_flags & RTCF_LOCAL) && |
175 | (*pskb)->dev->features & NETIF_F_V4_CSUM) { | 167 | skb->dev->features & NETIF_F_V4_CSUM) { |
176 | (*pskb)->ip_summed = CHECKSUM_PARTIAL; | 168 | skb->ip_summed = CHECKSUM_PARTIAL; |
177 | (*pskb)->csum_start = skb_headroom(*pskb) + | 169 | skb->csum_start = skb_headroom(skb) + |
178 | skb_network_offset(*pskb) + | 170 | skb_network_offset(skb) + |
179 | iph->ihl * 4; | 171 | iph->ihl * 4; |
180 | (*pskb)->csum_offset = offsetof(struct tcphdr, check); | 172 | skb->csum_offset = offsetof(struct tcphdr, check); |
181 | tcph->check = ~tcp_v4_check(datalen, | 173 | tcph->check = ~tcp_v4_check(datalen, |
182 | iph->saddr, iph->daddr, 0); | 174 | iph->saddr, iph->daddr, 0); |
183 | } else { | 175 | } else { |
@@ -188,7 +180,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb, | |||
188 | datalen, 0)); | 180 | datalen, 0)); |
189 | } | 181 | } |
190 | } else | 182 | } else |
191 | nf_proto_csum_replace2(&tcph->check, *pskb, | 183 | nf_proto_csum_replace2(&tcph->check, skb, |
192 | htons(oldlen), htons(datalen), 1); | 184 | htons(oldlen), htons(datalen), 1); |
193 | 185 | ||
194 | if (rep_len != match_len) { | 186 | if (rep_len != match_len) { |
@@ -197,7 +189,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb, | |||
197 | (int)rep_len - (int)match_len, | 189 | (int)rep_len - (int)match_len, |
198 | ct, ctinfo); | 190 | ct, ctinfo); |
199 | /* Tell TCP window tracking about seq change */ | 191 | /* Tell TCP window tracking about seq change */ |
200 | nf_conntrack_tcp_update(*pskb, ip_hdrlen(*pskb), | 192 | nf_conntrack_tcp_update(skb, ip_hdrlen(skb), |
201 | ct, CTINFO2DIR(ctinfo)); | 193 | ct, CTINFO2DIR(ctinfo)); |
202 | } | 194 | } |
203 | return 1; | 195 | return 1; |
@@ -215,7 +207,7 @@ EXPORT_SYMBOL(nf_nat_mangle_tcp_packet); | |||
215 | * should be fairly easy to do. | 207 | * should be fairly easy to do. |
216 | */ | 208 | */ |
217 | int | 209 | int |
218 | nf_nat_mangle_udp_packet(struct sk_buff **pskb, | 210 | nf_nat_mangle_udp_packet(struct sk_buff *skb, |
219 | struct nf_conn *ct, | 211 | struct nf_conn *ct, |
220 | enum ip_conntrack_info ctinfo, | 212 | enum ip_conntrack_info ctinfo, |
221 | unsigned int match_offset, | 213 | unsigned int match_offset, |
@@ -223,48 +215,48 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb, | |||
223 | const char *rep_buffer, | 215 | const char *rep_buffer, |
224 | unsigned int rep_len) | 216 | unsigned int rep_len) |
225 | { | 217 | { |
226 | struct rtable *rt = (struct rtable *)(*pskb)->dst; | 218 | struct rtable *rt = (struct rtable *)skb->dst; |
227 | struct iphdr *iph; | 219 | struct iphdr *iph; |
228 | struct udphdr *udph; | 220 | struct udphdr *udph; |
229 | int datalen, oldlen; | 221 | int datalen, oldlen; |
230 | 222 | ||
231 | /* UDP helpers might accidentally mangle the wrong packet */ | 223 | /* UDP helpers might accidentally mangle the wrong packet */ |
232 | iph = ip_hdr(*pskb); | 224 | iph = ip_hdr(skb); |
233 | if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) + | 225 | if (skb->len < iph->ihl*4 + sizeof(*udph) + |
234 | match_offset + match_len) | 226 | match_offset + match_len) |
235 | return 0; | 227 | return 0; |
236 | 228 | ||
237 | if (!skb_make_writable(pskb, (*pskb)->len)) | 229 | if (!skb_make_writable(skb, skb->len)) |
238 | return 0; | 230 | return 0; |
239 | 231 | ||
240 | if (rep_len > match_len && | 232 | if (rep_len > match_len && |
241 | rep_len - match_len > skb_tailroom(*pskb) && | 233 | rep_len - match_len > skb_tailroom(skb) && |
242 | !enlarge_skb(pskb, rep_len - match_len)) | 234 | !enlarge_skb(skb, rep_len - match_len)) |
243 | return 0; | 235 | return 0; |
244 | 236 | ||
245 | iph = ip_hdr(*pskb); | 237 | iph = ip_hdr(skb); |
246 | udph = (void *)iph + iph->ihl*4; | 238 | udph = (void *)iph + iph->ihl*4; |
247 | 239 | ||
248 | oldlen = (*pskb)->len - iph->ihl*4; | 240 | oldlen = skb->len - iph->ihl*4; |
249 | mangle_contents(*pskb, iph->ihl*4 + sizeof(*udph), | 241 | mangle_contents(skb, iph->ihl*4 + sizeof(*udph), |
250 | match_offset, match_len, rep_buffer, rep_len); | 242 | match_offset, match_len, rep_buffer, rep_len); |
251 | 243 | ||
252 | /* update the length of the UDP packet */ | 244 | /* update the length of the UDP packet */ |
253 | datalen = (*pskb)->len - iph->ihl*4; | 245 | datalen = skb->len - iph->ihl*4; |
254 | udph->len = htons(datalen); | 246 | udph->len = htons(datalen); |
255 | 247 | ||
256 | /* fix udp checksum if udp checksum was previously calculated */ | 248 | /* fix udp checksum if udp checksum was previously calculated */ |
257 | if (!udph->check && (*pskb)->ip_summed != CHECKSUM_PARTIAL) | 249 | if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL) |
258 | return 1; | 250 | return 1; |
259 | 251 | ||
260 | if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { | 252 | if (skb->ip_summed != CHECKSUM_PARTIAL) { |
261 | if (!(rt->rt_flags & RTCF_LOCAL) && | 253 | if (!(rt->rt_flags & RTCF_LOCAL) && |
262 | (*pskb)->dev->features & NETIF_F_V4_CSUM) { | 254 | skb->dev->features & NETIF_F_V4_CSUM) { |
263 | (*pskb)->ip_summed = CHECKSUM_PARTIAL; | 255 | skb->ip_summed = CHECKSUM_PARTIAL; |
264 | (*pskb)->csum_start = skb_headroom(*pskb) + | 256 | skb->csum_start = skb_headroom(skb) + |
265 | skb_network_offset(*pskb) + | 257 | skb_network_offset(skb) + |
266 | iph->ihl * 4; | 258 | iph->ihl * 4; |
267 | (*pskb)->csum_offset = offsetof(struct udphdr, check); | 259 | skb->csum_offset = offsetof(struct udphdr, check); |
268 | udph->check = ~csum_tcpudp_magic(iph->saddr, iph->daddr, | 260 | udph->check = ~csum_tcpudp_magic(iph->saddr, iph->daddr, |
269 | datalen, IPPROTO_UDP, | 261 | datalen, IPPROTO_UDP, |
270 | 0); | 262 | 0); |
@@ -278,7 +270,7 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb, | |||
278 | udph->check = CSUM_MANGLED_0; | 270 | udph->check = CSUM_MANGLED_0; |
279 | } | 271 | } |
280 | } else | 272 | } else |
281 | nf_proto_csum_replace2(&udph->check, *pskb, | 273 | nf_proto_csum_replace2(&udph->check, skb, |
282 | htons(oldlen), htons(datalen), 1); | 274 | htons(oldlen), htons(datalen), 1); |
283 | 275 | ||
284 | return 1; | 276 | return 1; |
@@ -330,7 +322,7 @@ sack_adjust(struct sk_buff *skb, | |||
330 | 322 | ||
331 | /* TCP SACK sequence number adjustment */ | 323 | /* TCP SACK sequence number adjustment */ |
332 | static inline unsigned int | 324 | static inline unsigned int |
333 | nf_nat_sack_adjust(struct sk_buff **pskb, | 325 | nf_nat_sack_adjust(struct sk_buff *skb, |
334 | struct tcphdr *tcph, | 326 | struct tcphdr *tcph, |
335 | struct nf_conn *ct, | 327 | struct nf_conn *ct, |
336 | enum ip_conntrack_info ctinfo) | 328 | enum ip_conntrack_info ctinfo) |
@@ -338,17 +330,17 @@ nf_nat_sack_adjust(struct sk_buff **pskb, | |||
338 | unsigned int dir, optoff, optend; | 330 | unsigned int dir, optoff, optend; |
339 | struct nf_conn_nat *nat = nfct_nat(ct); | 331 | struct nf_conn_nat *nat = nfct_nat(ct); |
340 | 332 | ||
341 | optoff = ip_hdrlen(*pskb) + sizeof(struct tcphdr); | 333 | optoff = ip_hdrlen(skb) + sizeof(struct tcphdr); |
342 | optend = ip_hdrlen(*pskb) + tcph->doff * 4; | 334 | optend = ip_hdrlen(skb) + tcph->doff * 4; |
343 | 335 | ||
344 | if (!skb_make_writable(pskb, optend)) | 336 | if (!skb_make_writable(skb, optend)) |
345 | return 0; | 337 | return 0; |
346 | 338 | ||
347 | dir = CTINFO2DIR(ctinfo); | 339 | dir = CTINFO2DIR(ctinfo); |
348 | 340 | ||
349 | while (optoff < optend) { | 341 | while (optoff < optend) { |
350 | /* Usually: option, length. */ | 342 | /* Usually: option, length. */ |
351 | unsigned char *op = (*pskb)->data + optoff; | 343 | unsigned char *op = skb->data + optoff; |
352 | 344 | ||
353 | switch (op[0]) { | 345 | switch (op[0]) { |
354 | case TCPOPT_EOL: | 346 | case TCPOPT_EOL: |
@@ -365,7 +357,7 @@ nf_nat_sack_adjust(struct sk_buff **pskb, | |||
365 | if (op[0] == TCPOPT_SACK && | 357 | if (op[0] == TCPOPT_SACK && |
366 | op[1] >= 2+TCPOLEN_SACK_PERBLOCK && | 358 | op[1] >= 2+TCPOLEN_SACK_PERBLOCK && |
367 | ((op[1] - 2) % TCPOLEN_SACK_PERBLOCK) == 0) | 359 | ((op[1] - 2) % TCPOLEN_SACK_PERBLOCK) == 0) |
368 | sack_adjust(*pskb, tcph, optoff+2, | 360 | sack_adjust(skb, tcph, optoff+2, |
369 | optoff+op[1], &nat->seq[!dir]); | 361 | optoff+op[1], &nat->seq[!dir]); |
370 | optoff += op[1]; | 362 | optoff += op[1]; |
371 | } | 363 | } |
@@ -375,7 +367,7 @@ nf_nat_sack_adjust(struct sk_buff **pskb, | |||
375 | 367 | ||
376 | /* TCP sequence number adjustment. Returns 1 on success, 0 on failure */ | 368 | /* TCP sequence number adjustment. Returns 1 on success, 0 on failure */ |
377 | int | 369 | int |
378 | nf_nat_seq_adjust(struct sk_buff **pskb, | 370 | nf_nat_seq_adjust(struct sk_buff *skb, |
379 | struct nf_conn *ct, | 371 | struct nf_conn *ct, |
380 | enum ip_conntrack_info ctinfo) | 372 | enum ip_conntrack_info ctinfo) |
381 | { | 373 | { |
@@ -390,10 +382,10 @@ nf_nat_seq_adjust(struct sk_buff **pskb, | |||
390 | this_way = &nat->seq[dir]; | 382 | this_way = &nat->seq[dir]; |
391 | other_way = &nat->seq[!dir]; | 383 | other_way = &nat->seq[!dir]; |
392 | 384 | ||
393 | if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph))) | 385 | if (!skb_make_writable(skb, ip_hdrlen(skb) + sizeof(*tcph))) |
394 | return 0; | 386 | return 0; |
395 | 387 | ||
396 | tcph = (void *)(*pskb)->data + ip_hdrlen(*pskb); | 388 | tcph = (void *)skb->data + ip_hdrlen(skb); |
397 | if (after(ntohl(tcph->seq), this_way->correction_pos)) | 389 | if (after(ntohl(tcph->seq), this_way->correction_pos)) |
398 | newseq = htonl(ntohl(tcph->seq) + this_way->offset_after); | 390 | newseq = htonl(ntohl(tcph->seq) + this_way->offset_after); |
399 | else | 391 | else |
@@ -405,8 +397,8 @@ nf_nat_seq_adjust(struct sk_buff **pskb, | |||
405 | else | 397 | else |
406 | newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before); | 398 | newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before); |
407 | 399 | ||
408 | nf_proto_csum_replace4(&tcph->check, *pskb, tcph->seq, newseq, 0); | 400 | nf_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, 0); |
409 | nf_proto_csum_replace4(&tcph->check, *pskb, tcph->ack_seq, newack, 0); | 401 | nf_proto_csum_replace4(&tcph->check, skb, tcph->ack_seq, newack, 0); |
410 | 402 | ||
411 | pr_debug("Adjusting sequence number from %u->%u, ack from %u->%u\n", | 403 | pr_debug("Adjusting sequence number from %u->%u, ack from %u->%u\n", |
412 | ntohl(tcph->seq), ntohl(newseq), ntohl(tcph->ack_seq), | 404 | ntohl(tcph->seq), ntohl(newseq), ntohl(tcph->ack_seq), |
@@ -415,10 +407,10 @@ nf_nat_seq_adjust(struct sk_buff **pskb, | |||
415 | tcph->seq = newseq; | 407 | tcph->seq = newseq; |
416 | tcph->ack_seq = newack; | 408 | tcph->ack_seq = newack; |
417 | 409 | ||
418 | if (!nf_nat_sack_adjust(pskb, tcph, ct, ctinfo)) | 410 | if (!nf_nat_sack_adjust(skb, tcph, ct, ctinfo)) |
419 | return 0; | 411 | return 0; |
420 | 412 | ||
421 | nf_conntrack_tcp_update(*pskb, ip_hdrlen(*pskb), ct, dir); | 413 | nf_conntrack_tcp_update(skb, ip_hdrlen(skb), ct, dir); |
422 | 414 | ||
423 | return 1; | 415 | return 1; |
424 | } | 416 | } |
diff --git a/net/ipv4/netfilter/nf_nat_irc.c b/net/ipv4/netfilter/nf_nat_irc.c index bcf274bba602..766e2c16c6b9 100644 --- a/net/ipv4/netfilter/nf_nat_irc.c +++ b/net/ipv4/netfilter/nf_nat_irc.c | |||
@@ -27,7 +27,7 @@ MODULE_DESCRIPTION("IRC (DCC) NAT helper"); | |||
27 | MODULE_LICENSE("GPL"); | 27 | MODULE_LICENSE("GPL"); |
28 | MODULE_ALIAS("ip_nat_irc"); | 28 | MODULE_ALIAS("ip_nat_irc"); |
29 | 29 | ||
30 | static unsigned int help(struct sk_buff **pskb, | 30 | static unsigned int help(struct sk_buff *skb, |
31 | enum ip_conntrack_info ctinfo, | 31 | enum ip_conntrack_info ctinfo, |
32 | unsigned int matchoff, | 32 | unsigned int matchoff, |
33 | unsigned int matchlen, | 33 | unsigned int matchlen, |
@@ -58,7 +58,7 @@ static unsigned int help(struct sk_buff **pskb, | |||
58 | pr_debug("nf_nat_irc: inserting '%s' == %u.%u.%u.%u, port %u\n", | 58 | pr_debug("nf_nat_irc: inserting '%s' == %u.%u.%u.%u, port %u\n", |
59 | buffer, NIPQUAD(ip), port); | 59 | buffer, NIPQUAD(ip), port); |
60 | 60 | ||
61 | ret = nf_nat_mangle_tcp_packet(pskb, exp->master, ctinfo, | 61 | ret = nf_nat_mangle_tcp_packet(skb, exp->master, ctinfo, |
62 | matchoff, matchlen, buffer, | 62 | matchoff, matchlen, buffer, |
63 | strlen(buffer)); | 63 | strlen(buffer)); |
64 | if (ret != NF_ACCEPT) | 64 | if (ret != NF_ACCEPT) |
diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c index 984ec8308b2e..e1385a099079 100644 --- a/net/ipv4/netfilter/nf_nat_pptp.c +++ b/net/ipv4/netfilter/nf_nat_pptp.c | |||
@@ -110,7 +110,7 @@ static void pptp_nat_expected(struct nf_conn *ct, | |||
110 | 110 | ||
111 | /* outbound packets == from PNS to PAC */ | 111 | /* outbound packets == from PNS to PAC */ |
112 | static int | 112 | static int |
113 | pptp_outbound_pkt(struct sk_buff **pskb, | 113 | pptp_outbound_pkt(struct sk_buff *skb, |
114 | struct nf_conn *ct, | 114 | struct nf_conn *ct, |
115 | enum ip_conntrack_info ctinfo, | 115 | enum ip_conntrack_info ctinfo, |
116 | struct PptpControlHeader *ctlh, | 116 | struct PptpControlHeader *ctlh, |
@@ -175,7 +175,7 @@ pptp_outbound_pkt(struct sk_buff **pskb, | |||
175 | ntohs(REQ_CID(pptpReq, cid_off)), ntohs(new_callid)); | 175 | ntohs(REQ_CID(pptpReq, cid_off)), ntohs(new_callid)); |
176 | 176 | ||
177 | /* mangle packet */ | 177 | /* mangle packet */ |
178 | if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, | 178 | if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo, |
179 | cid_off + sizeof(struct pptp_pkt_hdr) + | 179 | cid_off + sizeof(struct pptp_pkt_hdr) + |
180 | sizeof(struct PptpControlHeader), | 180 | sizeof(struct PptpControlHeader), |
181 | sizeof(new_callid), (char *)&new_callid, | 181 | sizeof(new_callid), (char *)&new_callid, |
@@ -213,7 +213,7 @@ pptp_exp_gre(struct nf_conntrack_expect *expect_orig, | |||
213 | 213 | ||
214 | /* inbound packets == from PAC to PNS */ | 214 | /* inbound packets == from PAC to PNS */ |
215 | static int | 215 | static int |
216 | pptp_inbound_pkt(struct sk_buff **pskb, | 216 | pptp_inbound_pkt(struct sk_buff *skb, |
217 | struct nf_conn *ct, | 217 | struct nf_conn *ct, |
218 | enum ip_conntrack_info ctinfo, | 218 | enum ip_conntrack_info ctinfo, |
219 | struct PptpControlHeader *ctlh, | 219 | struct PptpControlHeader *ctlh, |
@@ -268,7 +268,7 @@ pptp_inbound_pkt(struct sk_buff **pskb, | |||
268 | pr_debug("altering peer call id from 0x%04x to 0x%04x\n", | 268 | pr_debug("altering peer call id from 0x%04x to 0x%04x\n", |
269 | ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid)); | 269 | ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid)); |
270 | 270 | ||
271 | if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, | 271 | if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo, |
272 | pcid_off + sizeof(struct pptp_pkt_hdr) + | 272 | pcid_off + sizeof(struct pptp_pkt_hdr) + |
273 | sizeof(struct PptpControlHeader), | 273 | sizeof(struct PptpControlHeader), |
274 | sizeof(new_pcid), (char *)&new_pcid, | 274 | sizeof(new_pcid), (char *)&new_pcid, |
diff --git a/net/ipv4/netfilter/nf_nat_proto_gre.c b/net/ipv4/netfilter/nf_nat_proto_gre.c index d562290b1820..b820f9960356 100644 --- a/net/ipv4/netfilter/nf_nat_proto_gre.c +++ b/net/ipv4/netfilter/nf_nat_proto_gre.c | |||
@@ -98,21 +98,21 @@ gre_unique_tuple(struct nf_conntrack_tuple *tuple, | |||
98 | 98 | ||
99 | /* manipulate a GRE packet according to maniptype */ | 99 | /* manipulate a GRE packet according to maniptype */ |
100 | static int | 100 | static int |
101 | gre_manip_pkt(struct sk_buff **pskb, unsigned int iphdroff, | 101 | gre_manip_pkt(struct sk_buff *skb, unsigned int iphdroff, |
102 | const struct nf_conntrack_tuple *tuple, | 102 | const struct nf_conntrack_tuple *tuple, |
103 | enum nf_nat_manip_type maniptype) | 103 | enum nf_nat_manip_type maniptype) |
104 | { | 104 | { |
105 | struct gre_hdr *greh; | 105 | struct gre_hdr *greh; |
106 | struct gre_hdr_pptp *pgreh; | 106 | struct gre_hdr_pptp *pgreh; |
107 | struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); | 107 | struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff); |
108 | unsigned int hdroff = iphdroff + iph->ihl * 4; | 108 | unsigned int hdroff = iphdroff + iph->ihl * 4; |
109 | 109 | ||
110 | /* pgreh includes two optional 32bit fields which are not required | 110 | /* pgreh includes two optional 32bit fields which are not required |
111 | * to be there. That's where the magic '8' comes from */ | 111 | * to be there. That's where the magic '8' comes from */ |
112 | if (!skb_make_writable(pskb, hdroff + sizeof(*pgreh) - 8)) | 112 | if (!skb_make_writable(skb, hdroff + sizeof(*pgreh) - 8)) |
113 | return 0; | 113 | return 0; |
114 | 114 | ||
115 | greh = (void *)(*pskb)->data + hdroff; | 115 | greh = (void *)skb->data + hdroff; |
116 | pgreh = (struct gre_hdr_pptp *)greh; | 116 | pgreh = (struct gre_hdr_pptp *)greh; |
117 | 117 | ||
118 | /* we only have destination manip of a packet, since 'source key' | 118 | /* we only have destination manip of a packet, since 'source key' |
diff --git a/net/ipv4/netfilter/nf_nat_proto_icmp.c b/net/ipv4/netfilter/nf_nat_proto_icmp.c index 898d73771155..b9fc724388fc 100644 --- a/net/ipv4/netfilter/nf_nat_proto_icmp.c +++ b/net/ipv4/netfilter/nf_nat_proto_icmp.c | |||
@@ -52,20 +52,20 @@ icmp_unique_tuple(struct nf_conntrack_tuple *tuple, | |||
52 | } | 52 | } |
53 | 53 | ||
54 | static int | 54 | static int |
55 | icmp_manip_pkt(struct sk_buff **pskb, | 55 | icmp_manip_pkt(struct sk_buff *skb, |
56 | unsigned int iphdroff, | 56 | unsigned int iphdroff, |
57 | const struct nf_conntrack_tuple *tuple, | 57 | const struct nf_conntrack_tuple *tuple, |
58 | enum nf_nat_manip_type maniptype) | 58 | enum nf_nat_manip_type maniptype) |
59 | { | 59 | { |
60 | struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); | 60 | struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff); |
61 | struct icmphdr *hdr; | 61 | struct icmphdr *hdr; |
62 | unsigned int hdroff = iphdroff + iph->ihl*4; | 62 | unsigned int hdroff = iphdroff + iph->ihl*4; |
63 | 63 | ||
64 | if (!skb_make_writable(pskb, hdroff + sizeof(*hdr))) | 64 | if (!skb_make_writable(skb, hdroff + sizeof(*hdr))) |
65 | return 0; | 65 | return 0; |
66 | 66 | ||
67 | hdr = (struct icmphdr *)((*pskb)->data + hdroff); | 67 | hdr = (struct icmphdr *)(skb->data + hdroff); |
68 | nf_proto_csum_replace2(&hdr->checksum, *pskb, | 68 | nf_proto_csum_replace2(&hdr->checksum, skb, |
69 | hdr->un.echo.id, tuple->src.u.icmp.id, 0); | 69 | hdr->un.echo.id, tuple->src.u.icmp.id, 0); |
70 | hdr->un.echo.id = tuple->src.u.icmp.id; | 70 | hdr->un.echo.id = tuple->src.u.icmp.id; |
71 | return 1; | 71 | return 1; |
diff --git a/net/ipv4/netfilter/nf_nat_proto_tcp.c b/net/ipv4/netfilter/nf_nat_proto_tcp.c index 5bbbb2acdc70..6bab2e184455 100644 --- a/net/ipv4/netfilter/nf_nat_proto_tcp.c +++ b/net/ipv4/netfilter/nf_nat_proto_tcp.c | |||
@@ -88,12 +88,12 @@ tcp_unique_tuple(struct nf_conntrack_tuple *tuple, | |||
88 | } | 88 | } |
89 | 89 | ||
90 | static int | 90 | static int |
91 | tcp_manip_pkt(struct sk_buff **pskb, | 91 | tcp_manip_pkt(struct sk_buff *skb, |
92 | unsigned int iphdroff, | 92 | unsigned int iphdroff, |
93 | const struct nf_conntrack_tuple *tuple, | 93 | const struct nf_conntrack_tuple *tuple, |
94 | enum nf_nat_manip_type maniptype) | 94 | enum nf_nat_manip_type maniptype) |
95 | { | 95 | { |
96 | struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); | 96 | struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff); |
97 | struct tcphdr *hdr; | 97 | struct tcphdr *hdr; |
98 | unsigned int hdroff = iphdroff + iph->ihl*4; | 98 | unsigned int hdroff = iphdroff + iph->ihl*4; |
99 | __be32 oldip, newip; | 99 | __be32 oldip, newip; |
@@ -103,14 +103,14 @@ tcp_manip_pkt(struct sk_buff **pskb, | |||
103 | /* this could be a inner header returned in icmp packet; in such | 103 | /* this could be a inner header returned in icmp packet; in such |
104 | cases we cannot update the checksum field since it is outside of | 104 | cases we cannot update the checksum field since it is outside of |
105 | the 8 bytes of transport layer headers we are guaranteed */ | 105 | the 8 bytes of transport layer headers we are guaranteed */ |
106 | if ((*pskb)->len >= hdroff + sizeof(struct tcphdr)) | 106 | if (skb->len >= hdroff + sizeof(struct tcphdr)) |
107 | hdrsize = sizeof(struct tcphdr); | 107 | hdrsize = sizeof(struct tcphdr); |
108 | 108 | ||
109 | if (!skb_make_writable(pskb, hdroff + hdrsize)) | 109 | if (!skb_make_writable(skb, hdroff + hdrsize)) |
110 | return 0; | 110 | return 0; |
111 | 111 | ||
112 | iph = (struct iphdr *)((*pskb)->data + iphdroff); | 112 | iph = (struct iphdr *)(skb->data + iphdroff); |
113 | hdr = (struct tcphdr *)((*pskb)->data + hdroff); | 113 | hdr = (struct tcphdr *)(skb->data + hdroff); |
114 | 114 | ||
115 | if (maniptype == IP_NAT_MANIP_SRC) { | 115 | if (maniptype == IP_NAT_MANIP_SRC) { |
116 | /* Get rid of src ip and src pt */ | 116 | /* Get rid of src ip and src pt */ |
@@ -132,8 +132,8 @@ tcp_manip_pkt(struct sk_buff **pskb, | |||
132 | if (hdrsize < sizeof(*hdr)) | 132 | if (hdrsize < sizeof(*hdr)) |
133 | return 1; | 133 | return 1; |
134 | 134 | ||
135 | nf_proto_csum_replace4(&hdr->check, *pskb, oldip, newip, 1); | 135 | nf_proto_csum_replace4(&hdr->check, skb, oldip, newip, 1); |
136 | nf_proto_csum_replace2(&hdr->check, *pskb, oldport, newport, 0); | 136 | nf_proto_csum_replace2(&hdr->check, skb, oldport, newport, 0); |
137 | return 1; | 137 | return 1; |
138 | } | 138 | } |
139 | 139 | ||
diff --git a/net/ipv4/netfilter/nf_nat_proto_udp.c b/net/ipv4/netfilter/nf_nat_proto_udp.c index a0af4fd95584..cbf1a61e2908 100644 --- a/net/ipv4/netfilter/nf_nat_proto_udp.c +++ b/net/ipv4/netfilter/nf_nat_proto_udp.c | |||
@@ -86,22 +86,22 @@ udp_unique_tuple(struct nf_conntrack_tuple *tuple, | |||
86 | } | 86 | } |
87 | 87 | ||
88 | static int | 88 | static int |
89 | udp_manip_pkt(struct sk_buff **pskb, | 89 | udp_manip_pkt(struct sk_buff *skb, |
90 | unsigned int iphdroff, | 90 | unsigned int iphdroff, |
91 | const struct nf_conntrack_tuple *tuple, | 91 | const struct nf_conntrack_tuple *tuple, |
92 | enum nf_nat_manip_type maniptype) | 92 | enum nf_nat_manip_type maniptype) |
93 | { | 93 | { |
94 | struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); | 94 | struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff); |
95 | struct udphdr *hdr; | 95 | struct udphdr *hdr; |
96 | unsigned int hdroff = iphdroff + iph->ihl*4; | 96 | unsigned int hdroff = iphdroff + iph->ihl*4; |
97 | __be32 oldip, newip; | 97 | __be32 oldip, newip; |
98 | __be16 *portptr, newport; | 98 | __be16 *portptr, newport; |
99 | 99 | ||
100 | if (!skb_make_writable(pskb, hdroff + sizeof(*hdr))) | 100 | if (!skb_make_writable(skb, hdroff + sizeof(*hdr))) |
101 | return 0; | 101 | return 0; |
102 | 102 | ||
103 | iph = (struct iphdr *)((*pskb)->data + iphdroff); | 103 | iph = (struct iphdr *)(skb->data + iphdroff); |
104 | hdr = (struct udphdr *)((*pskb)->data + hdroff); | 104 | hdr = (struct udphdr *)(skb->data + hdroff); |
105 | 105 | ||
106 | if (maniptype == IP_NAT_MANIP_SRC) { | 106 | if (maniptype == IP_NAT_MANIP_SRC) { |
107 | /* Get rid of src ip and src pt */ | 107 | /* Get rid of src ip and src pt */ |
@@ -116,9 +116,9 @@ udp_manip_pkt(struct sk_buff **pskb, | |||
116 | newport = tuple->dst.u.udp.port; | 116 | newport = tuple->dst.u.udp.port; |
117 | portptr = &hdr->dest; | 117 | portptr = &hdr->dest; |
118 | } | 118 | } |
119 | if (hdr->check || (*pskb)->ip_summed == CHECKSUM_PARTIAL) { | 119 | if (hdr->check || skb->ip_summed == CHECKSUM_PARTIAL) { |
120 | nf_proto_csum_replace4(&hdr->check, *pskb, oldip, newip, 1); | 120 | nf_proto_csum_replace4(&hdr->check, skb, oldip, newip, 1); |
121 | nf_proto_csum_replace2(&hdr->check, *pskb, *portptr, newport, | 121 | nf_proto_csum_replace2(&hdr->check, skb, *portptr, newport, |
122 | 0); | 122 | 0); |
123 | if (!hdr->check) | 123 | if (!hdr->check) |
124 | hdr->check = CSUM_MANGLED_0; | 124 | hdr->check = CSUM_MANGLED_0; |
diff --git a/net/ipv4/netfilter/nf_nat_proto_unknown.c b/net/ipv4/netfilter/nf_nat_proto_unknown.c index f50d0203f9c0..cfd2742e9706 100644 --- a/net/ipv4/netfilter/nf_nat_proto_unknown.c +++ b/net/ipv4/netfilter/nf_nat_proto_unknown.c | |||
@@ -37,7 +37,7 @@ static int unknown_unique_tuple(struct nf_conntrack_tuple *tuple, | |||
37 | } | 37 | } |
38 | 38 | ||
39 | static int | 39 | static int |
40 | unknown_manip_pkt(struct sk_buff **pskb, | 40 | unknown_manip_pkt(struct sk_buff *skb, |
41 | unsigned int iphdroff, | 41 | unsigned int iphdroff, |
42 | const struct nf_conntrack_tuple *tuple, | 42 | const struct nf_conntrack_tuple *tuple, |
43 | enum nf_nat_manip_type maniptype) | 43 | enum nf_nat_manip_type maniptype) |
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c index 76ec59ae524d..46b25ab5f78b 100644 --- a/net/ipv4/netfilter/nf_nat_rule.c +++ b/net/ipv4/netfilter/nf_nat_rule.c | |||
@@ -65,7 +65,7 @@ static struct xt_table nat_table = { | |||
65 | }; | 65 | }; |
66 | 66 | ||
67 | /* Source NAT */ | 67 | /* Source NAT */ |
68 | static unsigned int ipt_snat_target(struct sk_buff **pskb, | 68 | static unsigned int ipt_snat_target(struct sk_buff *skb, |
69 | const struct net_device *in, | 69 | const struct net_device *in, |
70 | const struct net_device *out, | 70 | const struct net_device *out, |
71 | unsigned int hooknum, | 71 | unsigned int hooknum, |
@@ -78,7 +78,7 @@ static unsigned int ipt_snat_target(struct sk_buff **pskb, | |||
78 | 78 | ||
79 | NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); | 79 | NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); |
80 | 80 | ||
81 | ct = nf_ct_get(*pskb, &ctinfo); | 81 | ct = nf_ct_get(skb, &ctinfo); |
82 | 82 | ||
83 | /* Connection must be valid and new. */ | 83 | /* Connection must be valid and new. */ |
84 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED || | 84 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED || |
@@ -107,7 +107,7 @@ static void warn_if_extra_mangle(__be32 dstip, __be32 srcip) | |||
107 | ip_rt_put(rt); | 107 | ip_rt_put(rt); |
108 | } | 108 | } |
109 | 109 | ||
110 | static unsigned int ipt_dnat_target(struct sk_buff **pskb, | 110 | static unsigned int ipt_dnat_target(struct sk_buff *skb, |
111 | const struct net_device *in, | 111 | const struct net_device *in, |
112 | const struct net_device *out, | 112 | const struct net_device *out, |
113 | unsigned int hooknum, | 113 | unsigned int hooknum, |
@@ -121,14 +121,14 @@ static unsigned int ipt_dnat_target(struct sk_buff **pskb, | |||
121 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || | 121 | NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || |
122 | hooknum == NF_IP_LOCAL_OUT); | 122 | hooknum == NF_IP_LOCAL_OUT); |
123 | 123 | ||
124 | ct = nf_ct_get(*pskb, &ctinfo); | 124 | ct = nf_ct_get(skb, &ctinfo); |
125 | 125 | ||
126 | /* Connection must be valid and new. */ | 126 | /* Connection must be valid and new. */ |
127 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); | 127 | NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); |
128 | 128 | ||
129 | if (hooknum == NF_IP_LOCAL_OUT && | 129 | if (hooknum == NF_IP_LOCAL_OUT && |
130 | mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) | 130 | mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) |
131 | warn_if_extra_mangle(ip_hdr(*pskb)->daddr, | 131 | warn_if_extra_mangle(ip_hdr(skb)->daddr, |
132 | mr->range[0].min_ip); | 132 | mr->range[0].min_ip); |
133 | 133 | ||
134 | return nf_nat_setup_info(ct, &mr->range[0], hooknum); | 134 | return nf_nat_setup_info(ct, &mr->range[0], hooknum); |
@@ -204,7 +204,7 @@ alloc_null_binding_confirmed(struct nf_conn *ct, unsigned int hooknum) | |||
204 | return nf_nat_setup_info(ct, &range, hooknum); | 204 | return nf_nat_setup_info(ct, &range, hooknum); |
205 | } | 205 | } |
206 | 206 | ||
207 | int nf_nat_rule_find(struct sk_buff **pskb, | 207 | int nf_nat_rule_find(struct sk_buff *skb, |
208 | unsigned int hooknum, | 208 | unsigned int hooknum, |
209 | const struct net_device *in, | 209 | const struct net_device *in, |
210 | const struct net_device *out, | 210 | const struct net_device *out, |
@@ -212,7 +212,7 @@ int nf_nat_rule_find(struct sk_buff **pskb, | |||
212 | { | 212 | { |
213 | int ret; | 213 | int ret; |
214 | 214 | ||
215 | ret = ipt_do_table(pskb, hooknum, in, out, &nat_table); | 215 | ret = ipt_do_table(skb, hooknum, in, out, &nat_table); |
216 | 216 | ||
217 | if (ret == NF_ACCEPT) { | 217 | if (ret == NF_ACCEPT) { |
218 | if (!nf_nat_initialized(ct, HOOK2MANIP(hooknum))) | 218 | if (!nf_nat_initialized(ct, HOOK2MANIP(hooknum))) |
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c index e14d41976c27..ce9edbcc01e3 100644 --- a/net/ipv4/netfilter/nf_nat_sip.c +++ b/net/ipv4/netfilter/nf_nat_sip.c | |||
@@ -60,7 +60,7 @@ static void addr_map_init(struct nf_conn *ct, struct addr_map *map) | |||
60 | } | 60 | } |
61 | } | 61 | } |
62 | 62 | ||
63 | static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo, | 63 | static int map_sip_addr(struct sk_buff *skb, enum ip_conntrack_info ctinfo, |
64 | struct nf_conn *ct, const char **dptr, size_t dlen, | 64 | struct nf_conn *ct, const char **dptr, size_t dlen, |
65 | enum sip_header_pos pos, struct addr_map *map) | 65 | enum sip_header_pos pos, struct addr_map *map) |
66 | { | 66 | { |
@@ -84,15 +84,15 @@ static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo, | |||
84 | } else | 84 | } else |
85 | return 1; | 85 | return 1; |
86 | 86 | ||
87 | if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, | 87 | if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo, |
88 | matchoff, matchlen, addr, addrlen)) | 88 | matchoff, matchlen, addr, addrlen)) |
89 | return 0; | 89 | return 0; |
90 | *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr); | 90 | *dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr); |
91 | return 1; | 91 | return 1; |
92 | 92 | ||
93 | } | 93 | } |
94 | 94 | ||
95 | static unsigned int ip_nat_sip(struct sk_buff **pskb, | 95 | static unsigned int ip_nat_sip(struct sk_buff *skb, |
96 | enum ip_conntrack_info ctinfo, | 96 | enum ip_conntrack_info ctinfo, |
97 | struct nf_conn *ct, | 97 | struct nf_conn *ct, |
98 | const char **dptr) | 98 | const char **dptr) |
@@ -101,8 +101,8 @@ static unsigned int ip_nat_sip(struct sk_buff **pskb, | |||
101 | struct addr_map map; | 101 | struct addr_map map; |
102 | int dataoff, datalen; | 102 | int dataoff, datalen; |
103 | 103 | ||
104 | dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); | 104 | dataoff = ip_hdrlen(skb) + sizeof(struct udphdr); |
105 | datalen = (*pskb)->len - dataoff; | 105 | datalen = skb->len - dataoff; |
106 | if (datalen < sizeof("SIP/2.0") - 1) | 106 | if (datalen < sizeof("SIP/2.0") - 1) |
107 | return NF_ACCEPT; | 107 | return NF_ACCEPT; |
108 | 108 | ||
@@ -121,19 +121,19 @@ static unsigned int ip_nat_sip(struct sk_buff **pskb, | |||
121 | else | 121 | else |
122 | pos = POS_REQ_URI; | 122 | pos = POS_REQ_URI; |
123 | 123 | ||
124 | if (!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, pos, &map)) | 124 | if (!map_sip_addr(skb, ctinfo, ct, dptr, datalen, pos, &map)) |
125 | return NF_DROP; | 125 | return NF_DROP; |
126 | } | 126 | } |
127 | 127 | ||
128 | if (!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_FROM, &map) || | 128 | if (!map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_FROM, &map) || |
129 | !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_TO, &map) || | 129 | !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_TO, &map) || |
130 | !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_VIA, &map) || | 130 | !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_VIA, &map) || |
131 | !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_CONTACT, &map)) | 131 | !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_CONTACT, &map)) |
132 | return NF_DROP; | 132 | return NF_DROP; |
133 | return NF_ACCEPT; | 133 | return NF_ACCEPT; |
134 | } | 134 | } |
135 | 135 | ||
136 | static unsigned int mangle_sip_packet(struct sk_buff **pskb, | 136 | static unsigned int mangle_sip_packet(struct sk_buff *skb, |
137 | enum ip_conntrack_info ctinfo, | 137 | enum ip_conntrack_info ctinfo, |
138 | struct nf_conn *ct, | 138 | struct nf_conn *ct, |
139 | const char **dptr, size_t dlen, | 139 | const char **dptr, size_t dlen, |
@@ -145,16 +145,16 @@ static unsigned int mangle_sip_packet(struct sk_buff **pskb, | |||
145 | if (ct_sip_get_info(ct, *dptr, dlen, &matchoff, &matchlen, pos) <= 0) | 145 | if (ct_sip_get_info(ct, *dptr, dlen, &matchoff, &matchlen, pos) <= 0) |
146 | return 0; | 146 | return 0; |
147 | 147 | ||
148 | if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, | 148 | if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo, |
149 | matchoff, matchlen, buffer, bufflen)) | 149 | matchoff, matchlen, buffer, bufflen)) |
150 | return 0; | 150 | return 0; |
151 | 151 | ||
152 | /* We need to reload this. Thanks Patrick. */ | 152 | /* We need to reload this. Thanks Patrick. */ |
153 | *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr); | 153 | *dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr); |
154 | return 1; | 154 | return 1; |
155 | } | 155 | } |
156 | 156 | ||
157 | static int mangle_content_len(struct sk_buff **pskb, | 157 | static int mangle_content_len(struct sk_buff *skb, |
158 | enum ip_conntrack_info ctinfo, | 158 | enum ip_conntrack_info ctinfo, |
159 | struct nf_conn *ct, | 159 | struct nf_conn *ct, |
160 | const char *dptr) | 160 | const char *dptr) |
@@ -163,22 +163,22 @@ static int mangle_content_len(struct sk_buff **pskb, | |||
163 | char buffer[sizeof("65536")]; | 163 | char buffer[sizeof("65536")]; |
164 | int bufflen; | 164 | int bufflen; |
165 | 165 | ||
166 | dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); | 166 | dataoff = ip_hdrlen(skb) + sizeof(struct udphdr); |
167 | 167 | ||
168 | /* Get actual SDP lenght */ | 168 | /* Get actual SDP lenght */ |
169 | if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff, | 169 | if (ct_sip_get_info(ct, dptr, skb->len - dataoff, &matchoff, |
170 | &matchlen, POS_SDP_HEADER) > 0) { | 170 | &matchlen, POS_SDP_HEADER) > 0) { |
171 | 171 | ||
172 | /* since ct_sip_get_info() give us a pointer passing 'v=' | 172 | /* since ct_sip_get_info() give us a pointer passing 'v=' |
173 | we need to add 2 bytes in this count. */ | 173 | we need to add 2 bytes in this count. */ |
174 | int c_len = (*pskb)->len - dataoff - matchoff + 2; | 174 | int c_len = skb->len - dataoff - matchoff + 2; |
175 | 175 | ||
176 | /* Now, update SDP length */ | 176 | /* Now, update SDP length */ |
177 | if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff, | 177 | if (ct_sip_get_info(ct, dptr, skb->len - dataoff, &matchoff, |
178 | &matchlen, POS_CONTENT) > 0) { | 178 | &matchlen, POS_CONTENT) > 0) { |
179 | 179 | ||
180 | bufflen = sprintf(buffer, "%u", c_len); | 180 | bufflen = sprintf(buffer, "%u", c_len); |
181 | return nf_nat_mangle_udp_packet(pskb, ct, ctinfo, | 181 | return nf_nat_mangle_udp_packet(skb, ct, ctinfo, |
182 | matchoff, matchlen, | 182 | matchoff, matchlen, |
183 | buffer, bufflen); | 183 | buffer, bufflen); |
184 | } | 184 | } |
@@ -186,7 +186,7 @@ static int mangle_content_len(struct sk_buff **pskb, | |||
186 | return 0; | 186 | return 0; |
187 | } | 187 | } |
188 | 188 | ||
189 | static unsigned int mangle_sdp(struct sk_buff **pskb, | 189 | static unsigned int mangle_sdp(struct sk_buff *skb, |
190 | enum ip_conntrack_info ctinfo, | 190 | enum ip_conntrack_info ctinfo, |
191 | struct nf_conn *ct, | 191 | struct nf_conn *ct, |
192 | __be32 newip, u_int16_t port, | 192 | __be32 newip, u_int16_t port, |
@@ -195,25 +195,25 @@ static unsigned int mangle_sdp(struct sk_buff **pskb, | |||
195 | char buffer[sizeof("nnn.nnn.nnn.nnn")]; | 195 | char buffer[sizeof("nnn.nnn.nnn.nnn")]; |
196 | unsigned int dataoff, bufflen; | 196 | unsigned int dataoff, bufflen; |
197 | 197 | ||
198 | dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); | 198 | dataoff = ip_hdrlen(skb) + sizeof(struct udphdr); |
199 | 199 | ||
200 | /* Mangle owner and contact info. */ | 200 | /* Mangle owner and contact info. */ |
201 | bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip)); | 201 | bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip)); |
202 | if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, | 202 | if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff, |
203 | buffer, bufflen, POS_OWNER_IP4)) | 203 | buffer, bufflen, POS_OWNER_IP4)) |
204 | return 0; | 204 | return 0; |
205 | 205 | ||
206 | if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, | 206 | if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff, |
207 | buffer, bufflen, POS_CONNECTION_IP4)) | 207 | buffer, bufflen, POS_CONNECTION_IP4)) |
208 | return 0; | 208 | return 0; |
209 | 209 | ||
210 | /* Mangle media port. */ | 210 | /* Mangle media port. */ |
211 | bufflen = sprintf(buffer, "%u", port); | 211 | bufflen = sprintf(buffer, "%u", port); |
212 | if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, | 212 | if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff, |
213 | buffer, bufflen, POS_MEDIA)) | 213 | buffer, bufflen, POS_MEDIA)) |
214 | return 0; | 214 | return 0; |
215 | 215 | ||
216 | return mangle_content_len(pskb, ctinfo, ct, dptr); | 216 | return mangle_content_len(skb, ctinfo, ct, dptr); |
217 | } | 217 | } |
218 | 218 | ||
219 | static void ip_nat_sdp_expect(struct nf_conn *ct, | 219 | static void ip_nat_sdp_expect(struct nf_conn *ct, |
@@ -241,7 +241,7 @@ static void ip_nat_sdp_expect(struct nf_conn *ct, | |||
241 | 241 | ||
242 | /* So, this packet has hit the connection tracking matching code. | 242 | /* So, this packet has hit the connection tracking matching code. |
243 | Mangle it, and change the expectation to match the new version. */ | 243 | Mangle it, and change the expectation to match the new version. */ |
244 | static unsigned int ip_nat_sdp(struct sk_buff **pskb, | 244 | static unsigned int ip_nat_sdp(struct sk_buff *skb, |
245 | enum ip_conntrack_info ctinfo, | 245 | enum ip_conntrack_info ctinfo, |
246 | struct nf_conntrack_expect *exp, | 246 | struct nf_conntrack_expect *exp, |
247 | const char *dptr) | 247 | const char *dptr) |
@@ -277,7 +277,7 @@ static unsigned int ip_nat_sdp(struct sk_buff **pskb, | |||
277 | if (port == 0) | 277 | if (port == 0) |
278 | return NF_DROP; | 278 | return NF_DROP; |
279 | 279 | ||
280 | if (!mangle_sdp(pskb, ctinfo, ct, newip, port, dptr)) { | 280 | if (!mangle_sdp(skb, ctinfo, ct, newip, port, dptr)) { |
281 | nf_ct_unexpect_related(exp); | 281 | nf_ct_unexpect_related(exp); |
282 | return NF_DROP; | 282 | return NF_DROP; |
283 | } | 283 | } |
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c index 6bfcd3a90f08..03709d6b4b06 100644 --- a/net/ipv4/netfilter/nf_nat_snmp_basic.c +++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c | |||
@@ -1188,9 +1188,9 @@ static int snmp_parse_mangle(unsigned char *msg, | |||
1188 | */ | 1188 | */ |
1189 | static int snmp_translate(struct nf_conn *ct, | 1189 | static int snmp_translate(struct nf_conn *ct, |
1190 | enum ip_conntrack_info ctinfo, | 1190 | enum ip_conntrack_info ctinfo, |
1191 | struct sk_buff **pskb) | 1191 | struct sk_buff *skb) |
1192 | { | 1192 | { |
1193 | struct iphdr *iph = ip_hdr(*pskb); | 1193 | struct iphdr *iph = ip_hdr(skb); |
1194 | struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl); | 1194 | struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl); |
1195 | u_int16_t udplen = ntohs(udph->len); | 1195 | u_int16_t udplen = ntohs(udph->len); |
1196 | u_int16_t paylen = udplen - sizeof(struct udphdr); | 1196 | u_int16_t paylen = udplen - sizeof(struct udphdr); |
@@ -1225,13 +1225,13 @@ static int snmp_translate(struct nf_conn *ct, | |||
1225 | 1225 | ||
1226 | /* We don't actually set up expectations, just adjust internal IP | 1226 | /* We don't actually set up expectations, just adjust internal IP |
1227 | * addresses if this is being NATted */ | 1227 | * addresses if this is being NATted */ |
1228 | static int help(struct sk_buff **pskb, unsigned int protoff, | 1228 | static int help(struct sk_buff *skb, unsigned int protoff, |
1229 | struct nf_conn *ct, | 1229 | struct nf_conn *ct, |
1230 | enum ip_conntrack_info ctinfo) | 1230 | enum ip_conntrack_info ctinfo) |
1231 | { | 1231 | { |
1232 | int dir = CTINFO2DIR(ctinfo); | 1232 | int dir = CTINFO2DIR(ctinfo); |
1233 | unsigned int ret; | 1233 | unsigned int ret; |
1234 | struct iphdr *iph = ip_hdr(*pskb); | 1234 | struct iphdr *iph = ip_hdr(skb); |
1235 | struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl); | 1235 | struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl); |
1236 | 1236 | ||
1237 | /* SNMP replies and originating SNMP traps get mangled */ | 1237 | /* SNMP replies and originating SNMP traps get mangled */ |
@@ -1250,7 +1250,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff, | |||
1250 | * enough room for a UDP header. Just verify the UDP length field so we | 1250 | * enough room for a UDP header. Just verify the UDP length field so we |
1251 | * can mess around with the payload. | 1251 | * can mess around with the payload. |
1252 | */ | 1252 | */ |
1253 | if (ntohs(udph->len) != (*pskb)->len - (iph->ihl << 2)) { | 1253 | if (ntohs(udph->len) != skb->len - (iph->ihl << 2)) { |
1254 | if (net_ratelimit()) | 1254 | if (net_ratelimit()) |
1255 | printk(KERN_WARNING "SNMP: dropping malformed packet " | 1255 | printk(KERN_WARNING "SNMP: dropping malformed packet " |
1256 | "src=%u.%u.%u.%u dst=%u.%u.%u.%u\n", | 1256 | "src=%u.%u.%u.%u dst=%u.%u.%u.%u\n", |
@@ -1258,11 +1258,11 @@ static int help(struct sk_buff **pskb, unsigned int protoff, | |||
1258 | return NF_DROP; | 1258 | return NF_DROP; |
1259 | } | 1259 | } |
1260 | 1260 | ||
1261 | if (!skb_make_writable(pskb, (*pskb)->len)) | 1261 | if (!skb_make_writable(skb, skb->len)) |
1262 | return NF_DROP; | 1262 | return NF_DROP; |
1263 | 1263 | ||
1264 | spin_lock_bh(&snmp_lock); | 1264 | spin_lock_bh(&snmp_lock); |
1265 | ret = snmp_translate(ct, ctinfo, pskb); | 1265 | ret = snmp_translate(ct, ctinfo, skb); |
1266 | spin_unlock_bh(&snmp_lock); | 1266 | spin_unlock_bh(&snmp_lock); |
1267 | return ret; | 1267 | return ret; |
1268 | } | 1268 | } |
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c index 46cc99def165..7db76ea9af91 100644 --- a/net/ipv4/netfilter/nf_nat_standalone.c +++ b/net/ipv4/netfilter/nf_nat_standalone.c | |||
@@ -67,7 +67,7 @@ static void nat_decode_session(struct sk_buff *skb, struct flowi *fl) | |||
67 | 67 | ||
68 | static unsigned int | 68 | static unsigned int |
69 | nf_nat_fn(unsigned int hooknum, | 69 | nf_nat_fn(unsigned int hooknum, |
70 | struct sk_buff **pskb, | 70 | struct sk_buff *skb, |
71 | const struct net_device *in, | 71 | const struct net_device *in, |
72 | const struct net_device *out, | 72 | const struct net_device *out, |
73 | int (*okfn)(struct sk_buff *)) | 73 | int (*okfn)(struct sk_buff *)) |
@@ -80,9 +80,9 @@ nf_nat_fn(unsigned int hooknum, | |||
80 | 80 | ||
81 | /* We never see fragments: conntrack defrags on pre-routing | 81 | /* We never see fragments: conntrack defrags on pre-routing |
82 | and local-out, and nf_nat_out protects post-routing. */ | 82 | and local-out, and nf_nat_out protects post-routing. */ |
83 | NF_CT_ASSERT(!(ip_hdr(*pskb)->frag_off & htons(IP_MF | IP_OFFSET))); | 83 | NF_CT_ASSERT(!(ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET))); |
84 | 84 | ||
85 | ct = nf_ct_get(*pskb, &ctinfo); | 85 | ct = nf_ct_get(skb, &ctinfo); |
86 | /* Can't track? It's not due to stress, or conntrack would | 86 | /* Can't track? It's not due to stress, or conntrack would |
87 | have dropped it. Hence it's the user's responsibilty to | 87 | have dropped it. Hence it's the user's responsibilty to |
88 | packet filter it out, or implement conntrack/NAT for that | 88 | packet filter it out, or implement conntrack/NAT for that |
@@ -91,10 +91,10 @@ nf_nat_fn(unsigned int hooknum, | |||
91 | /* Exception: ICMP redirect to new connection (not in | 91 | /* Exception: ICMP redirect to new connection (not in |
92 | hash table yet). We must not let this through, in | 92 | hash table yet). We must not let this through, in |
93 | case we're doing NAT to the same network. */ | 93 | case we're doing NAT to the same network. */ |
94 | if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP) { | 94 | if (ip_hdr(skb)->protocol == IPPROTO_ICMP) { |
95 | struct icmphdr _hdr, *hp; | 95 | struct icmphdr _hdr, *hp; |
96 | 96 | ||
97 | hp = skb_header_pointer(*pskb, ip_hdrlen(*pskb), | 97 | hp = skb_header_pointer(skb, ip_hdrlen(skb), |
98 | sizeof(_hdr), &_hdr); | 98 | sizeof(_hdr), &_hdr); |
99 | if (hp != NULL && | 99 | if (hp != NULL && |
100 | hp->type == ICMP_REDIRECT) | 100 | hp->type == ICMP_REDIRECT) |
@@ -119,9 +119,9 @@ nf_nat_fn(unsigned int hooknum, | |||
119 | switch (ctinfo) { | 119 | switch (ctinfo) { |
120 | case IP_CT_RELATED: | 120 | case IP_CT_RELATED: |
121 | case IP_CT_RELATED+IP_CT_IS_REPLY: | 121 | case IP_CT_RELATED+IP_CT_IS_REPLY: |
122 | if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP) { | 122 | if (ip_hdr(skb)->protocol == IPPROTO_ICMP) { |
123 | if (!nf_nat_icmp_reply_translation(ct, ctinfo, | 123 | if (!nf_nat_icmp_reply_translation(ct, ctinfo, |
124 | hooknum, pskb)) | 124 | hooknum, skb)) |
125 | return NF_DROP; | 125 | return NF_DROP; |
126 | else | 126 | else |
127 | return NF_ACCEPT; | 127 | return NF_ACCEPT; |
@@ -141,7 +141,7 @@ nf_nat_fn(unsigned int hooknum, | |||
141 | /* LOCAL_IN hook doesn't have a chain! */ | 141 | /* LOCAL_IN hook doesn't have a chain! */ |
142 | ret = alloc_null_binding(ct, hooknum); | 142 | ret = alloc_null_binding(ct, hooknum); |
143 | else | 143 | else |
144 | ret = nf_nat_rule_find(pskb, hooknum, in, out, | 144 | ret = nf_nat_rule_find(skb, hooknum, in, out, |
145 | ct); | 145 | ct); |
146 | 146 | ||
147 | if (ret != NF_ACCEPT) { | 147 | if (ret != NF_ACCEPT) { |
@@ -159,31 +159,31 @@ nf_nat_fn(unsigned int hooknum, | |||
159 | ctinfo == (IP_CT_ESTABLISHED+IP_CT_IS_REPLY)); | 159 | ctinfo == (IP_CT_ESTABLISHED+IP_CT_IS_REPLY)); |
160 | } | 160 | } |
161 | 161 | ||
162 | return nf_nat_packet(ct, ctinfo, hooknum, pskb); | 162 | return nf_nat_packet(ct, ctinfo, hooknum, skb); |
163 | } | 163 | } |
164 | 164 | ||
165 | static unsigned int | 165 | static unsigned int |
166 | nf_nat_in(unsigned int hooknum, | 166 | nf_nat_in(unsigned int hooknum, |
167 | struct sk_buff **pskb, | 167 | struct sk_buff *skb, |
168 | const struct net_device *in, | 168 | const struct net_device *in, |
169 | const struct net_device *out, | 169 | const struct net_device *out, |
170 | int (*okfn)(struct sk_buff *)) | 170 | int (*okfn)(struct sk_buff *)) |
171 | { | 171 | { |
172 | unsigned int ret; | 172 | unsigned int ret; |
173 | __be32 daddr = ip_hdr(*pskb)->daddr; | 173 | __be32 daddr = ip_hdr(skb)->daddr; |
174 | 174 | ||
175 | ret = nf_nat_fn(hooknum, pskb, in, out, okfn); | 175 | ret = nf_nat_fn(hooknum, skb, in, out, okfn); |
176 | if (ret != NF_DROP && ret != NF_STOLEN && | 176 | if (ret != NF_DROP && ret != NF_STOLEN && |
177 | daddr != ip_hdr(*pskb)->daddr) { | 177 | daddr != ip_hdr(skb)->daddr) { |
178 | dst_release((*pskb)->dst); | 178 | dst_release(skb->dst); |
179 | (*pskb)->dst = NULL; | 179 | skb->dst = NULL; |
180 | } | 180 | } |
181 | return ret; | 181 | return ret; |
182 | } | 182 | } |
183 | 183 | ||
184 | static unsigned int | 184 | static unsigned int |
185 | nf_nat_out(unsigned int hooknum, | 185 | nf_nat_out(unsigned int hooknum, |
186 | struct sk_buff **pskb, | 186 | struct sk_buff *skb, |
187 | const struct net_device *in, | 187 | const struct net_device *in, |
188 | const struct net_device *out, | 188 | const struct net_device *out, |
189 | int (*okfn)(struct sk_buff *)) | 189 | int (*okfn)(struct sk_buff *)) |
@@ -195,14 +195,14 @@ nf_nat_out(unsigned int hooknum, | |||
195 | unsigned int ret; | 195 | unsigned int ret; |
196 | 196 | ||
197 | /* root is playing with raw sockets. */ | 197 | /* root is playing with raw sockets. */ |
198 | if ((*pskb)->len < sizeof(struct iphdr) || | 198 | if (skb->len < sizeof(struct iphdr) || |
199 | ip_hdrlen(*pskb) < sizeof(struct iphdr)) | 199 | ip_hdrlen(skb) < sizeof(struct iphdr)) |
200 | return NF_ACCEPT; | 200 | return NF_ACCEPT; |
201 | 201 | ||
202 | ret = nf_nat_fn(hooknum, pskb, in, out, okfn); | 202 | ret = nf_nat_fn(hooknum, skb, in, out, okfn); |
203 | #ifdef CONFIG_XFRM | 203 | #ifdef CONFIG_XFRM |
204 | if (ret != NF_DROP && ret != NF_STOLEN && | 204 | if (ret != NF_DROP && ret != NF_STOLEN && |
205 | (ct = nf_ct_get(*pskb, &ctinfo)) != NULL) { | 205 | (ct = nf_ct_get(skb, &ctinfo)) != NULL) { |
206 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); | 206 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); |
207 | 207 | ||
208 | if (ct->tuplehash[dir].tuple.src.u3.ip != | 208 | if (ct->tuplehash[dir].tuple.src.u3.ip != |
@@ -210,7 +210,7 @@ nf_nat_out(unsigned int hooknum, | |||
210 | || ct->tuplehash[dir].tuple.src.u.all != | 210 | || ct->tuplehash[dir].tuple.src.u.all != |
211 | ct->tuplehash[!dir].tuple.dst.u.all | 211 | ct->tuplehash[!dir].tuple.dst.u.all |
212 | ) | 212 | ) |
213 | return ip_xfrm_me_harder(pskb) == 0 ? ret : NF_DROP; | 213 | return ip_xfrm_me_harder(skb) == 0 ? ret : NF_DROP; |
214 | } | 214 | } |
215 | #endif | 215 | #endif |
216 | return ret; | 216 | return ret; |
@@ -218,7 +218,7 @@ nf_nat_out(unsigned int hooknum, | |||
218 | 218 | ||
219 | static unsigned int | 219 | static unsigned int |
220 | nf_nat_local_fn(unsigned int hooknum, | 220 | nf_nat_local_fn(unsigned int hooknum, |
221 | struct sk_buff **pskb, | 221 | struct sk_buff *skb, |
222 | const struct net_device *in, | 222 | const struct net_device *in, |
223 | const struct net_device *out, | 223 | const struct net_device *out, |
224 | int (*okfn)(struct sk_buff *)) | 224 | int (*okfn)(struct sk_buff *)) |
@@ -228,24 +228,24 @@ nf_nat_local_fn(unsigned int hooknum, | |||
228 | unsigned int ret; | 228 | unsigned int ret; |
229 | 229 | ||
230 | /* root is playing with raw sockets. */ | 230 | /* root is playing with raw sockets. */ |
231 | if ((*pskb)->len < sizeof(struct iphdr) || | 231 | if (skb->len < sizeof(struct iphdr) || |
232 | ip_hdrlen(*pskb) < sizeof(struct iphdr)) | 232 | ip_hdrlen(skb) < sizeof(struct iphdr)) |
233 | return NF_ACCEPT; | 233 | return NF_ACCEPT; |
234 | 234 | ||
235 | ret = nf_nat_fn(hooknum, pskb, in, out, okfn); | 235 | ret = nf_nat_fn(hooknum, skb, in, out, okfn); |
236 | if (ret != NF_DROP && ret != NF_STOLEN && | 236 | if (ret != NF_DROP && ret != NF_STOLEN && |
237 | (ct = nf_ct_get(*pskb, &ctinfo)) != NULL) { | 237 | (ct = nf_ct_get(skb, &ctinfo)) != NULL) { |
238 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); | 238 | enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); |
239 | 239 | ||
240 | if (ct->tuplehash[dir].tuple.dst.u3.ip != | 240 | if (ct->tuplehash[dir].tuple.dst.u3.ip != |
241 | ct->tuplehash[!dir].tuple.src.u3.ip) { | 241 | ct->tuplehash[!dir].tuple.src.u3.ip) { |
242 | if (ip_route_me_harder(pskb, RTN_UNSPEC)) | 242 | if (ip_route_me_harder(skb, RTN_UNSPEC)) |
243 | ret = NF_DROP; | 243 | ret = NF_DROP; |
244 | } | 244 | } |
245 | #ifdef CONFIG_XFRM | 245 | #ifdef CONFIG_XFRM |
246 | else if (ct->tuplehash[dir].tuple.dst.u.all != | 246 | else if (ct->tuplehash[dir].tuple.dst.u.all != |
247 | ct->tuplehash[!dir].tuple.src.u.all) | 247 | ct->tuplehash[!dir].tuple.src.u.all) |
248 | if (ip_xfrm_me_harder(pskb)) | 248 | if (ip_xfrm_me_harder(skb)) |
249 | ret = NF_DROP; | 249 | ret = NF_DROP; |
250 | #endif | 250 | #endif |
251 | } | 251 | } |
@@ -254,7 +254,7 @@ nf_nat_local_fn(unsigned int hooknum, | |||
254 | 254 | ||
255 | static unsigned int | 255 | static unsigned int |
256 | nf_nat_adjust(unsigned int hooknum, | 256 | nf_nat_adjust(unsigned int hooknum, |
257 | struct sk_buff **pskb, | 257 | struct sk_buff *skb, |
258 | const struct net_device *in, | 258 | const struct net_device *in, |
259 | const struct net_device *out, | 259 | const struct net_device *out, |
260 | int (*okfn)(struct sk_buff *)) | 260 | int (*okfn)(struct sk_buff *)) |
@@ -262,10 +262,10 @@ nf_nat_adjust(unsigned int hooknum, | |||
262 | struct nf_conn *ct; | 262 | struct nf_conn *ct; |
263 | enum ip_conntrack_info ctinfo; | 263 | enum ip_conntrack_info ctinfo; |
264 | 264 | ||
265 | ct = nf_ct_get(*pskb, &ctinfo); | 265 | ct = nf_ct_get(skb, &ctinfo); |
266 | if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) { | 266 | if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) { |
267 | pr_debug("nf_nat_standalone: adjusting sequence number\n"); | 267 | pr_debug("nf_nat_standalone: adjusting sequence number\n"); |
268 | if (!nf_nat_seq_adjust(pskb, ct, ctinfo)) | 268 | if (!nf_nat_seq_adjust(skb, ct, ctinfo)) |
269 | return NF_DROP; | 269 | return NF_DROP; |
270 | } | 270 | } |
271 | return NF_ACCEPT; | 271 | return NF_ACCEPT; |
diff --git a/net/ipv4/netfilter/nf_nat_tftp.c b/net/ipv4/netfilter/nf_nat_tftp.c index 04dfeaefec02..0ecec701cb44 100644 --- a/net/ipv4/netfilter/nf_nat_tftp.c +++ b/net/ipv4/netfilter/nf_nat_tftp.c | |||
@@ -20,7 +20,7 @@ MODULE_DESCRIPTION("TFTP NAT helper"); | |||
20 | MODULE_LICENSE("GPL"); | 20 | MODULE_LICENSE("GPL"); |
21 | MODULE_ALIAS("ip_nat_tftp"); | 21 | MODULE_ALIAS("ip_nat_tftp"); |
22 | 22 | ||
23 | static unsigned int help(struct sk_buff **pskb, | 23 | static unsigned int help(struct sk_buff *skb, |
24 | enum ip_conntrack_info ctinfo, | 24 | enum ip_conntrack_info ctinfo, |
25 | struct nf_conntrack_expect *exp) | 25 | struct nf_conntrack_expect *exp) |
26 | { | 26 | { |
diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c index e5b05b039101..fd16cb8f8abe 100644 --- a/net/ipv4/proc.c +++ b/net/ipv4/proc.c | |||
@@ -70,8 +70,8 @@ static int sockstat_seq_show(struct seq_file *seq, void *v) | |||
70 | seq_printf(seq, "UDP: inuse %d\n", fold_prot_inuse(&udp_prot)); | 70 | seq_printf(seq, "UDP: inuse %d\n", fold_prot_inuse(&udp_prot)); |
71 | seq_printf(seq, "UDPLITE: inuse %d\n", fold_prot_inuse(&udplite_prot)); | 71 | seq_printf(seq, "UDPLITE: inuse %d\n", fold_prot_inuse(&udplite_prot)); |
72 | seq_printf(seq, "RAW: inuse %d\n", fold_prot_inuse(&raw_prot)); | 72 | seq_printf(seq, "RAW: inuse %d\n", fold_prot_inuse(&raw_prot)); |
73 | seq_printf(seq, "FRAG: inuse %d memory %d\n", ip_frag_nqueues, | 73 | seq_printf(seq, "FRAG: inuse %d memory %d\n", |
74 | atomic_read(&ip_frag_mem)); | 74 | ip_frag_nqueues(), ip_frag_mem()); |
75 | return 0; | 75 | return 0; |
76 | } | 76 | } |
77 | 77 | ||
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index eb286abcf5dc..c98ef16effd2 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c | |||
@@ -19,6 +19,7 @@ | |||
19 | #include <net/route.h> | 19 | #include <net/route.h> |
20 | #include <net/tcp.h> | 20 | #include <net/tcp.h> |
21 | #include <net/cipso_ipv4.h> | 21 | #include <net/cipso_ipv4.h> |
22 | #include <net/inet_frag.h> | ||
22 | 23 | ||
23 | /* From af_inet.c */ | 24 | /* From af_inet.c */ |
24 | extern int sysctl_ip_nonlocal_bind; | 25 | extern int sysctl_ip_nonlocal_bind; |
@@ -357,7 +358,7 @@ ctl_table ipv4_table[] = { | |||
357 | { | 358 | { |
358 | .ctl_name = NET_IPV4_IPFRAG_HIGH_THRESH, | 359 | .ctl_name = NET_IPV4_IPFRAG_HIGH_THRESH, |
359 | .procname = "ipfrag_high_thresh", | 360 | .procname = "ipfrag_high_thresh", |
360 | .data = &sysctl_ipfrag_high_thresh, | 361 | .data = &ip4_frags_ctl.high_thresh, |
361 | .maxlen = sizeof(int), | 362 | .maxlen = sizeof(int), |
362 | .mode = 0644, | 363 | .mode = 0644, |
363 | .proc_handler = &proc_dointvec | 364 | .proc_handler = &proc_dointvec |
@@ -365,7 +366,7 @@ ctl_table ipv4_table[] = { | |||
365 | { | 366 | { |
366 | .ctl_name = NET_IPV4_IPFRAG_LOW_THRESH, | 367 | .ctl_name = NET_IPV4_IPFRAG_LOW_THRESH, |
367 | .procname = "ipfrag_low_thresh", | 368 | .procname = "ipfrag_low_thresh", |
368 | .data = &sysctl_ipfrag_low_thresh, | 369 | .data = &ip4_frags_ctl.low_thresh, |
369 | .maxlen = sizeof(int), | 370 | .maxlen = sizeof(int), |
370 | .mode = 0644, | 371 | .mode = 0644, |
371 | .proc_handler = &proc_dointvec | 372 | .proc_handler = &proc_dointvec |
@@ -381,7 +382,7 @@ ctl_table ipv4_table[] = { | |||
381 | { | 382 | { |
382 | .ctl_name = NET_IPV4_IPFRAG_TIME, | 383 | .ctl_name = NET_IPV4_IPFRAG_TIME, |
383 | .procname = "ipfrag_time", | 384 | .procname = "ipfrag_time", |
384 | .data = &sysctl_ipfrag_time, | 385 | .data = &ip4_frags_ctl.timeout, |
385 | .maxlen = sizeof(int), | 386 | .maxlen = sizeof(int), |
386 | .mode = 0644, | 387 | .mode = 0644, |
387 | .proc_handler = &proc_dointvec_jiffies, | 388 | .proc_handler = &proc_dointvec_jiffies, |
@@ -732,7 +733,7 @@ ctl_table ipv4_table[] = { | |||
732 | { | 733 | { |
733 | .ctl_name = NET_IPV4_IPFRAG_SECRET_INTERVAL, | 734 | .ctl_name = NET_IPV4_IPFRAG_SECRET_INTERVAL, |
734 | .procname = "ipfrag_secret_interval", | 735 | .procname = "ipfrag_secret_interval", |
735 | .data = &sysctl_ipfrag_secret_interval, | 736 | .data = &ip4_frags_ctl.secret_interval, |
736 | .maxlen = sizeof(int), | 737 | .maxlen = sizeof(int), |
737 | .mode = 0644, | 738 | .mode = 0644, |
738 | .proc_handler = &proc_dointvec_jiffies, | 739 | .proc_handler = &proc_dointvec_jiffies, |
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 0a42e9340346..0f00966b1784 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c | |||
@@ -1995,8 +1995,7 @@ static void tcp_verify_retransmit_hint(struct tcp_sock *tp, | |||
1995 | } | 1995 | } |
1996 | 1996 | ||
1997 | /* Mark head of queue up as lost. */ | 1997 | /* Mark head of queue up as lost. */ |
1998 | static void tcp_mark_head_lost(struct sock *sk, | 1998 | static void tcp_mark_head_lost(struct sock *sk, int packets) |
1999 | int packets, u32 high_seq) | ||
2000 | { | 1999 | { |
2001 | struct tcp_sock *tp = tcp_sk(sk); | 2000 | struct tcp_sock *tp = tcp_sk(sk); |
2002 | struct sk_buff *skb; | 2001 | struct sk_buff *skb; |
@@ -2019,7 +2018,7 @@ static void tcp_mark_head_lost(struct sock *sk, | |||
2019 | tp->lost_skb_hint = skb; | 2018 | tp->lost_skb_hint = skb; |
2020 | tp->lost_cnt_hint = cnt; | 2019 | tp->lost_cnt_hint = cnt; |
2021 | cnt += tcp_skb_pcount(skb); | 2020 | cnt += tcp_skb_pcount(skb); |
2022 | if (cnt > packets || after(TCP_SKB_CB(skb)->end_seq, high_seq)) | 2021 | if (cnt > packets || after(TCP_SKB_CB(skb)->end_seq, tp->high_seq)) |
2023 | break; | 2022 | break; |
2024 | if (!(TCP_SKB_CB(skb)->sacked & (TCPCB_SACKED_ACKED|TCPCB_LOST))) { | 2023 | if (!(TCP_SKB_CB(skb)->sacked & (TCPCB_SACKED_ACKED|TCPCB_LOST))) { |
2025 | TCP_SKB_CB(skb)->sacked |= TCPCB_LOST; | 2024 | TCP_SKB_CB(skb)->sacked |= TCPCB_LOST; |
@@ -2040,9 +2039,9 @@ static void tcp_update_scoreboard(struct sock *sk) | |||
2040 | int lost = tp->fackets_out - tp->reordering; | 2039 | int lost = tp->fackets_out - tp->reordering; |
2041 | if (lost <= 0) | 2040 | if (lost <= 0) |
2042 | lost = 1; | 2041 | lost = 1; |
2043 | tcp_mark_head_lost(sk, lost, tp->high_seq); | 2042 | tcp_mark_head_lost(sk, lost); |
2044 | } else { | 2043 | } else { |
2045 | tcp_mark_head_lost(sk, 1, tp->high_seq); | 2044 | tcp_mark_head_lost(sk, 1); |
2046 | } | 2045 | } |
2047 | 2046 | ||
2048 | /* New heuristics: it is possible only after we switched | 2047 | /* New heuristics: it is possible only after we switched |
@@ -2381,7 +2380,7 @@ tcp_fastretrans_alert(struct sock *sk, int pkts_acked, int flag) | |||
2381 | before(tp->snd_una, tp->high_seq) && | 2380 | before(tp->snd_una, tp->high_seq) && |
2382 | icsk->icsk_ca_state != TCP_CA_Open && | 2381 | icsk->icsk_ca_state != TCP_CA_Open && |
2383 | tp->fackets_out > tp->reordering) { | 2382 | tp->fackets_out > tp->reordering) { |
2384 | tcp_mark_head_lost(sk, tp->fackets_out-tp->reordering, tp->high_seq); | 2383 | tcp_mark_head_lost(sk, tp->fackets_out - tp->reordering); |
2385 | NET_INC_STATS_BH(LINUX_MIB_TCPLOSS); | 2384 | NET_INC_STATS_BH(LINUX_MIB_TCPLOSS); |
2386 | } | 2385 | } |
2387 | 2386 | ||
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c index 434ef302ba83..a4edd666318b 100644 --- a/net/ipv4/xfrm4_output.c +++ b/net/ipv4/xfrm4_output.c | |||
@@ -78,7 +78,7 @@ static int xfrm4_output_finish2(struct sk_buff *skb) | |||
78 | while (likely((err = xfrm4_output_one(skb)) == 0)) { | 78 | while (likely((err = xfrm4_output_one(skb)) == 0)) { |
79 | nf_reset(skb); | 79 | nf_reset(skb); |
80 | 80 | ||
81 | err = nf_hook(PF_INET, NF_IP_LOCAL_OUT, &skb, NULL, | 81 | err = nf_hook(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, |
82 | skb->dst->dev, dst_output); | 82 | skb->dst->dev, dst_output); |
83 | if (unlikely(err != 1)) | 83 | if (unlikely(err != 1)) |
84 | break; | 84 | break; |
@@ -86,7 +86,7 @@ static int xfrm4_output_finish2(struct sk_buff *skb) | |||
86 | if (!skb->dst->xfrm) | 86 | if (!skb->dst->xfrm) |
87 | return dst_output(skb); | 87 | return dst_output(skb); |
88 | 88 | ||
89 | err = nf_hook(PF_INET, NF_IP_POST_ROUTING, &skb, NULL, | 89 | err = nf_hook(PF_INET, NF_IP_POST_ROUTING, skb, NULL, |
90 | skb->dst->dev, xfrm4_output_finish2); | 90 | skb->dst->dev, xfrm4_output_finish2); |
91 | if (unlikely(err != 1)) | 91 | if (unlikely(err != 1)) |
92 | break; | 92 | break; |
diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c index c82d4d49f71f..1e89efd38a0c 100644 --- a/net/ipv6/exthdrs.c +++ b/net/ipv6/exthdrs.c | |||
@@ -102,7 +102,7 @@ EXPORT_SYMBOL_GPL(ipv6_find_tlv); | |||
102 | 102 | ||
103 | struct tlvtype_proc { | 103 | struct tlvtype_proc { |
104 | int type; | 104 | int type; |
105 | int (*func)(struct sk_buff **skbp, int offset); | 105 | int (*func)(struct sk_buff *skb, int offset); |
106 | }; | 106 | }; |
107 | 107 | ||
108 | /********************* | 108 | /********************* |
@@ -111,10 +111,8 @@ struct tlvtype_proc { | |||
111 | 111 | ||
112 | /* An unknown option is detected, decide what to do */ | 112 | /* An unknown option is detected, decide what to do */ |
113 | 113 | ||
114 | static int ip6_tlvopt_unknown(struct sk_buff **skbp, int optoff) | 114 | static int ip6_tlvopt_unknown(struct sk_buff *skb, int optoff) |
115 | { | 115 | { |
116 | struct sk_buff *skb = *skbp; | ||
117 | |||
118 | switch ((skb_network_header(skb)[optoff] & 0xC0) >> 6) { | 116 | switch ((skb_network_header(skb)[optoff] & 0xC0) >> 6) { |
119 | case 0: /* ignore */ | 117 | case 0: /* ignore */ |
120 | return 1; | 118 | return 1; |
@@ -139,9 +137,8 @@ static int ip6_tlvopt_unknown(struct sk_buff **skbp, int optoff) | |||
139 | 137 | ||
140 | /* Parse tlv encoded option header (hop-by-hop or destination) */ | 138 | /* Parse tlv encoded option header (hop-by-hop or destination) */ |
141 | 139 | ||
142 | static int ip6_parse_tlv(struct tlvtype_proc *procs, struct sk_buff **skbp) | 140 | static int ip6_parse_tlv(struct tlvtype_proc *procs, struct sk_buff *skb) |
143 | { | 141 | { |
144 | struct sk_buff *skb = *skbp; | ||
145 | struct tlvtype_proc *curr; | 142 | struct tlvtype_proc *curr; |
146 | const unsigned char *nh = skb_network_header(skb); | 143 | const unsigned char *nh = skb_network_header(skb); |
147 | int off = skb_network_header_len(skb); | 144 | int off = skb_network_header_len(skb); |
@@ -172,13 +169,13 @@ static int ip6_parse_tlv(struct tlvtype_proc *procs, struct sk_buff **skbp) | |||
172 | /* type specific length/alignment | 169 | /* type specific length/alignment |
173 | checks will be performed in the | 170 | checks will be performed in the |
174 | func(). */ | 171 | func(). */ |
175 | if (curr->func(skbp, off) == 0) | 172 | if (curr->func(skb, off) == 0) |
176 | return 0; | 173 | return 0; |
177 | break; | 174 | break; |
178 | } | 175 | } |
179 | } | 176 | } |
180 | if (curr->type < 0) { | 177 | if (curr->type < 0) { |
181 | if (ip6_tlvopt_unknown(skbp, off) == 0) | 178 | if (ip6_tlvopt_unknown(skb, off) == 0) |
182 | return 0; | 179 | return 0; |
183 | } | 180 | } |
184 | break; | 181 | break; |
@@ -198,9 +195,8 @@ bad: | |||
198 | *****************************/ | 195 | *****************************/ |
199 | 196 | ||
200 | #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) | 197 | #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) |
201 | static int ipv6_dest_hao(struct sk_buff **skbp, int optoff) | 198 | static int ipv6_dest_hao(struct sk_buff *skb, int optoff) |
202 | { | 199 | { |
203 | struct sk_buff *skb = *skbp; | ||
204 | struct ipv6_destopt_hao *hao; | 200 | struct ipv6_destopt_hao *hao; |
205 | struct inet6_skb_parm *opt = IP6CB(skb); | 201 | struct inet6_skb_parm *opt = IP6CB(skb); |
206 | struct ipv6hdr *ipv6h = ipv6_hdr(skb); | 202 | struct ipv6hdr *ipv6h = ipv6_hdr(skb); |
@@ -234,22 +230,13 @@ static int ipv6_dest_hao(struct sk_buff **skbp, int optoff) | |||
234 | goto discard; | 230 | goto discard; |
235 | 231 | ||
236 | if (skb_cloned(skb)) { | 232 | if (skb_cloned(skb)) { |
237 | struct sk_buff *skb2 = skb_copy(skb, GFP_ATOMIC); | 233 | if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) |
238 | struct inet6_skb_parm *opt2; | ||
239 | |||
240 | if (skb2 == NULL) | ||
241 | goto discard; | 234 | goto discard; |
242 | 235 | ||
243 | opt2 = IP6CB(skb2); | ||
244 | memcpy(opt2, opt, sizeof(*opt2)); | ||
245 | |||
246 | kfree_skb(skb); | ||
247 | |||
248 | /* update all variable using below by copied skbuff */ | 236 | /* update all variable using below by copied skbuff */ |
249 | *skbp = skb = skb2; | 237 | hao = (struct ipv6_destopt_hao *)(skb_network_header(skb) + |
250 | hao = (struct ipv6_destopt_hao *)(skb_network_header(skb2) + | ||
251 | optoff); | 238 | optoff); |
252 | ipv6h = ipv6_hdr(skb2); | 239 | ipv6h = ipv6_hdr(skb); |
253 | } | 240 | } |
254 | 241 | ||
255 | if (skb->ip_summed == CHECKSUM_COMPLETE) | 242 | if (skb->ip_summed == CHECKSUM_COMPLETE) |
@@ -280,9 +267,8 @@ static struct tlvtype_proc tlvprocdestopt_lst[] = { | |||
280 | {-1, NULL} | 267 | {-1, NULL} |
281 | }; | 268 | }; |
282 | 269 | ||
283 | static int ipv6_destopt_rcv(struct sk_buff **skbp) | 270 | static int ipv6_destopt_rcv(struct sk_buff *skb) |
284 | { | 271 | { |
285 | struct sk_buff *skb = *skbp; | ||
286 | struct inet6_skb_parm *opt = IP6CB(skb); | 272 | struct inet6_skb_parm *opt = IP6CB(skb); |
287 | #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) | 273 | #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) |
288 | __u16 dstbuf; | 274 | __u16 dstbuf; |
@@ -304,9 +290,8 @@ static int ipv6_destopt_rcv(struct sk_buff **skbp) | |||
304 | #endif | 290 | #endif |
305 | 291 | ||
306 | dst = dst_clone(skb->dst); | 292 | dst = dst_clone(skb->dst); |
307 | if (ip6_parse_tlv(tlvprocdestopt_lst, skbp)) { | 293 | if (ip6_parse_tlv(tlvprocdestopt_lst, skb)) { |
308 | dst_release(dst); | 294 | dst_release(dst); |
309 | skb = *skbp; | ||
310 | skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3; | 295 | skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3; |
311 | opt = IP6CB(skb); | 296 | opt = IP6CB(skb); |
312 | #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) | 297 | #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) |
@@ -337,10 +322,8 @@ void __init ipv6_destopt_init(void) | |||
337 | NONE header. No data in packet. | 322 | NONE header. No data in packet. |
338 | ********************************/ | 323 | ********************************/ |
339 | 324 | ||
340 | static int ipv6_nodata_rcv(struct sk_buff **skbp) | 325 | static int ipv6_nodata_rcv(struct sk_buff *skb) |
341 | { | 326 | { |
342 | struct sk_buff *skb = *skbp; | ||
343 | |||
344 | kfree_skb(skb); | 327 | kfree_skb(skb); |
345 | return 0; | 328 | return 0; |
346 | } | 329 | } |
@@ -360,9 +343,8 @@ void __init ipv6_nodata_init(void) | |||
360 | Routing header. | 343 | Routing header. |
361 | ********************************/ | 344 | ********************************/ |
362 | 345 | ||
363 | static int ipv6_rthdr_rcv(struct sk_buff **skbp) | 346 | static int ipv6_rthdr_rcv(struct sk_buff *skb) |
364 | { | 347 | { |
365 | struct sk_buff *skb = *skbp; | ||
366 | struct inet6_skb_parm *opt = IP6CB(skb); | 348 | struct inet6_skb_parm *opt = IP6CB(skb); |
367 | struct in6_addr *addr = NULL; | 349 | struct in6_addr *addr = NULL; |
368 | struct in6_addr daddr; | 350 | struct in6_addr daddr; |
@@ -464,18 +446,14 @@ looped_back: | |||
464 | Do not damage packets queued somewhere. | 446 | Do not damage packets queued somewhere. |
465 | */ | 447 | */ |
466 | if (skb_cloned(skb)) { | 448 | if (skb_cloned(skb)) { |
467 | struct sk_buff *skb2 = skb_copy(skb, GFP_ATOMIC); | ||
468 | /* the copy is a forwarded packet */ | 449 | /* the copy is a forwarded packet */ |
469 | if (skb2 == NULL) { | 450 | if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) { |
470 | IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), | 451 | IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), |
471 | IPSTATS_MIB_OUTDISCARDS); | 452 | IPSTATS_MIB_OUTDISCARDS); |
472 | kfree_skb(skb); | 453 | kfree_skb(skb); |
473 | return -1; | 454 | return -1; |
474 | } | 455 | } |
475 | kfree_skb(skb); | 456 | hdr = (struct ipv6_rt_hdr *)skb_transport_header(skb); |
476 | *skbp = skb = skb2; | ||
477 | opt = IP6CB(skb2); | ||
478 | hdr = (struct ipv6_rt_hdr *)skb_transport_header(skb2); | ||
479 | } | 457 | } |
480 | 458 | ||
481 | if (skb->ip_summed == CHECKSUM_COMPLETE) | 459 | if (skb->ip_summed == CHECKSUM_COMPLETE) |
@@ -578,9 +556,8 @@ static inline struct inet6_dev *ipv6_skb_idev(struct sk_buff *skb) | |||
578 | 556 | ||
579 | /* Router Alert as of RFC 2711 */ | 557 | /* Router Alert as of RFC 2711 */ |
580 | 558 | ||
581 | static int ipv6_hop_ra(struct sk_buff **skbp, int optoff) | 559 | static int ipv6_hop_ra(struct sk_buff *skb, int optoff) |
582 | { | 560 | { |
583 | struct sk_buff *skb = *skbp; | ||
584 | const unsigned char *nh = skb_network_header(skb); | 561 | const unsigned char *nh = skb_network_header(skb); |
585 | 562 | ||
586 | if (nh[optoff + 1] == 2) { | 563 | if (nh[optoff + 1] == 2) { |
@@ -595,9 +572,8 @@ static int ipv6_hop_ra(struct sk_buff **skbp, int optoff) | |||
595 | 572 | ||
596 | /* Jumbo payload */ | 573 | /* Jumbo payload */ |
597 | 574 | ||
598 | static int ipv6_hop_jumbo(struct sk_buff **skbp, int optoff) | 575 | static int ipv6_hop_jumbo(struct sk_buff *skb, int optoff) |
599 | { | 576 | { |
600 | struct sk_buff *skb = *skbp; | ||
601 | const unsigned char *nh = skb_network_header(skb); | 577 | const unsigned char *nh = skb_network_header(skb); |
602 | u32 pkt_len; | 578 | u32 pkt_len; |
603 | 579 | ||
@@ -648,9 +624,8 @@ static struct tlvtype_proc tlvprochopopt_lst[] = { | |||
648 | { -1, } | 624 | { -1, } |
649 | }; | 625 | }; |
650 | 626 | ||
651 | int ipv6_parse_hopopts(struct sk_buff **skbp) | 627 | int ipv6_parse_hopopts(struct sk_buff *skb) |
652 | { | 628 | { |
653 | struct sk_buff *skb = *skbp; | ||
654 | struct inet6_skb_parm *opt = IP6CB(skb); | 629 | struct inet6_skb_parm *opt = IP6CB(skb); |
655 | 630 | ||
656 | /* | 631 | /* |
@@ -667,8 +642,7 @@ int ipv6_parse_hopopts(struct sk_buff **skbp) | |||
667 | } | 642 | } |
668 | 643 | ||
669 | opt->hop = sizeof(struct ipv6hdr); | 644 | opt->hop = sizeof(struct ipv6hdr); |
670 | if (ip6_parse_tlv(tlvprochopopt_lst, skbp)) { | 645 | if (ip6_parse_tlv(tlvprochopopt_lst, skb)) { |
671 | skb = *skbp; | ||
672 | skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3; | 646 | skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3; |
673 | opt = IP6CB(skb); | 647 | opt = IP6CB(skb); |
674 | opt->nhoff = sizeof(struct ipv6hdr); | 648 | opt->nhoff = sizeof(struct ipv6hdr); |
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index 47b8ce232e84..9bb031fa1c2f 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c | |||
@@ -82,7 +82,7 @@ EXPORT_SYMBOL(icmpv6msg_statistics); | |||
82 | static DEFINE_PER_CPU(struct socket *, __icmpv6_socket) = NULL; | 82 | static DEFINE_PER_CPU(struct socket *, __icmpv6_socket) = NULL; |
83 | #define icmpv6_socket __get_cpu_var(__icmpv6_socket) | 83 | #define icmpv6_socket __get_cpu_var(__icmpv6_socket) |
84 | 84 | ||
85 | static int icmpv6_rcv(struct sk_buff **pskb); | 85 | static int icmpv6_rcv(struct sk_buff *skb); |
86 | 86 | ||
87 | static struct inet6_protocol icmpv6_protocol = { | 87 | static struct inet6_protocol icmpv6_protocol = { |
88 | .handler = icmpv6_rcv, | 88 | .handler = icmpv6_rcv, |
@@ -614,9 +614,8 @@ static void icmpv6_notify(struct sk_buff *skb, int type, int code, __be32 info) | |||
614 | * Handle icmp messages | 614 | * Handle icmp messages |
615 | */ | 615 | */ |
616 | 616 | ||
617 | static int icmpv6_rcv(struct sk_buff **pskb) | 617 | static int icmpv6_rcv(struct sk_buff *skb) |
618 | { | 618 | { |
619 | struct sk_buff *skb = *pskb; | ||
620 | struct net_device *dev = skb->dev; | 619 | struct net_device *dev = skb->dev; |
621 | struct inet6_dev *idev = __in6_dev_get(dev); | 620 | struct inet6_dev *idev = __in6_dev_get(dev); |
622 | struct in6_addr *saddr, *daddr; | 621 | struct in6_addr *saddr, *daddr; |
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c index 25b931709749..78de42ada844 100644 --- a/net/ipv6/inet6_connection_sock.c +++ b/net/ipv6/inet6_connection_sock.c | |||
@@ -146,7 +146,7 @@ void __inet6_csk_dst_store(struct sock *sk, struct dst_entry *dst, | |||
146 | __ip6_dst_store(sk, dst, daddr, saddr); | 146 | __ip6_dst_store(sk, dst, daddr, saddr); |
147 | 147 | ||
148 | #ifdef CONFIG_XFRM | 148 | #ifdef CONFIG_XFRM |
149 | if (dst) { | 149 | { |
150 | struct rt6_info *rt = (struct rt6_info *)dst; | 150 | struct rt6_info *rt = (struct rt6_info *)dst; |
151 | rt->rt6i_flow_cache_genid = atomic_read(&flow_cache_genid); | 151 | rt->rt6i_flow_cache_genid = atomic_read(&flow_cache_genid); |
152 | } | 152 | } |
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c index 9149fc239759..fac6f7f9dd73 100644 --- a/net/ipv6/ip6_input.c +++ b/net/ipv6/ip6_input.c | |||
@@ -125,7 +125,7 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt | |||
125 | } | 125 | } |
126 | 126 | ||
127 | if (hdr->nexthdr == NEXTHDR_HOP) { | 127 | if (hdr->nexthdr == NEXTHDR_HOP) { |
128 | if (ipv6_parse_hopopts(&skb) < 0) { | 128 | if (ipv6_parse_hopopts(skb) < 0) { |
129 | IP6_INC_STATS_BH(idev, IPSTATS_MIB_INHDRERRORS); | 129 | IP6_INC_STATS_BH(idev, IPSTATS_MIB_INHDRERRORS); |
130 | rcu_read_unlock(); | 130 | rcu_read_unlock(); |
131 | return 0; | 131 | return 0; |
@@ -149,7 +149,7 @@ out: | |||
149 | */ | 149 | */ |
150 | 150 | ||
151 | 151 | ||
152 | static inline int ip6_input_finish(struct sk_buff *skb) | 152 | static int ip6_input_finish(struct sk_buff *skb) |
153 | { | 153 | { |
154 | struct inet6_protocol *ipprot; | 154 | struct inet6_protocol *ipprot; |
155 | struct sock *raw_sk; | 155 | struct sock *raw_sk; |
@@ -199,7 +199,7 @@ resubmit: | |||
199 | !xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) | 199 | !xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) |
200 | goto discard; | 200 | goto discard; |
201 | 201 | ||
202 | ret = ipprot->handler(&skb); | 202 | ret = ipprot->handler(skb); |
203 | if (ret > 0) | 203 | if (ret > 0) |
204 | goto resubmit; | 204 | goto resubmit; |
205 | else if (ret == 0) | 205 | else if (ret == 0) |
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 011082ed921a..13565dfb1b45 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c | |||
@@ -70,7 +70,7 @@ static __inline__ void ipv6_select_ident(struct sk_buff *skb, struct frag_hdr *f | |||
70 | spin_unlock_bh(&ip6_id_lock); | 70 | spin_unlock_bh(&ip6_id_lock); |
71 | } | 71 | } |
72 | 72 | ||
73 | static inline int ip6_output_finish(struct sk_buff *skb) | 73 | static int ip6_output_finish(struct sk_buff *skb) |
74 | { | 74 | { |
75 | struct dst_entry *dst = skb->dst; | 75 | struct dst_entry *dst = skb->dst; |
76 | 76 | ||
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c index 38b149613915..b1326c2bf8aa 100644 --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c | |||
@@ -68,15 +68,15 @@ static void nf_ip6_saveroute(const struct sk_buff *skb, struct nf_info *info) | |||
68 | } | 68 | } |
69 | } | 69 | } |
70 | 70 | ||
71 | static int nf_ip6_reroute(struct sk_buff **pskb, const struct nf_info *info) | 71 | static int nf_ip6_reroute(struct sk_buff *skb, const struct nf_info *info) |
72 | { | 72 | { |
73 | struct ip6_rt_info *rt_info = nf_info_reroute(info); | 73 | struct ip6_rt_info *rt_info = nf_info_reroute(info); |
74 | 74 | ||
75 | if (info->hook == NF_IP6_LOCAL_OUT) { | 75 | if (info->hook == NF_IP6_LOCAL_OUT) { |
76 | struct ipv6hdr *iph = ipv6_hdr(*pskb); | 76 | struct ipv6hdr *iph = ipv6_hdr(skb); |
77 | if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) || | 77 | if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) || |
78 | !ipv6_addr_equal(&iph->saddr, &rt_info->saddr)) | 78 | !ipv6_addr_equal(&iph->saddr, &rt_info->saddr)) |
79 | return ip6_route_me_harder(*pskb); | 79 | return ip6_route_me_harder(skb); |
80 | } | 80 | } |
81 | return 0; | 81 | return 0; |
82 | } | 82 | } |
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c index 0473145ac534..6413a30d9f68 100644 --- a/net/ipv6/netfilter/ip6_queue.c +++ b/net/ipv6/netfilter/ip6_queue.c | |||
@@ -332,6 +332,7 @@ static int | |||
332 | ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) | 332 | ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) |
333 | { | 333 | { |
334 | int diff; | 334 | int diff; |
335 | int err; | ||
335 | struct ipv6hdr *user_iph = (struct ipv6hdr *)v->payload; | 336 | struct ipv6hdr *user_iph = (struct ipv6hdr *)v->payload; |
336 | 337 | ||
337 | if (v->data_len < sizeof(*user_iph)) | 338 | if (v->data_len < sizeof(*user_iph)) |
@@ -344,25 +345,18 @@ ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e) | |||
344 | if (v->data_len > 0xFFFF) | 345 | if (v->data_len > 0xFFFF) |
345 | return -EINVAL; | 346 | return -EINVAL; |
346 | if (diff > skb_tailroom(e->skb)) { | 347 | if (diff > skb_tailroom(e->skb)) { |
347 | struct sk_buff *newskb; | 348 | err = pskb_expand_head(e->skb, 0, |
348 | 349 | diff - skb_tailroom(e->skb), | |
349 | newskb = skb_copy_expand(e->skb, | 350 | GFP_ATOMIC); |
350 | skb_headroom(e->skb), | 351 | if (err) { |
351 | diff, | ||
352 | GFP_ATOMIC); | ||
353 | if (newskb == NULL) { | ||
354 | printk(KERN_WARNING "ip6_queue: OOM " | 352 | printk(KERN_WARNING "ip6_queue: OOM " |
355 | "in mangle, dropping packet\n"); | 353 | "in mangle, dropping packet\n"); |
356 | return -ENOMEM; | 354 | return err; |
357 | } | 355 | } |
358 | if (e->skb->sk) | ||
359 | skb_set_owner_w(newskb, e->skb->sk); | ||
360 | kfree_skb(e->skb); | ||
361 | e->skb = newskb; | ||
362 | } | 356 | } |
363 | skb_put(e->skb, diff); | 357 | skb_put(e->skb, diff); |
364 | } | 358 | } |
365 | if (!skb_make_writable(&e->skb, v->data_len)) | 359 | if (!skb_make_writable(e->skb, v->data_len)) |
366 | return -ENOMEM; | 360 | return -ENOMEM; |
367 | skb_copy_to_linear_data(e->skb, v->payload, v->data_len); | 361 | skb_copy_to_linear_data(e->skb, v->payload, v->data_len); |
368 | e->skb->ip_summed = CHECKSUM_NONE; | 362 | e->skb->ip_summed = CHECKSUM_NONE; |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index cd9df02bb85c..acaba1537931 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -205,7 +205,7 @@ ip6_checkentry(const struct ip6t_ip6 *ipv6) | |||
205 | } | 205 | } |
206 | 206 | ||
207 | static unsigned int | 207 | static unsigned int |
208 | ip6t_error(struct sk_buff **pskb, | 208 | ip6t_error(struct sk_buff *skb, |
209 | const struct net_device *in, | 209 | const struct net_device *in, |
210 | const struct net_device *out, | 210 | const struct net_device *out, |
211 | unsigned int hooknum, | 211 | unsigned int hooknum, |
@@ -350,7 +350,7 @@ static void trace_packet(struct sk_buff *skb, | |||
350 | 350 | ||
351 | /* Returns one of the generic firewall policies, like NF_ACCEPT. */ | 351 | /* Returns one of the generic firewall policies, like NF_ACCEPT. */ |
352 | unsigned int | 352 | unsigned int |
353 | ip6t_do_table(struct sk_buff **pskb, | 353 | ip6t_do_table(struct sk_buff *skb, |
354 | unsigned int hook, | 354 | unsigned int hook, |
355 | const struct net_device *in, | 355 | const struct net_device *in, |
356 | const struct net_device *out, | 356 | const struct net_device *out, |
@@ -389,17 +389,17 @@ ip6t_do_table(struct sk_buff **pskb, | |||
389 | do { | 389 | do { |
390 | IP_NF_ASSERT(e); | 390 | IP_NF_ASSERT(e); |
391 | IP_NF_ASSERT(back); | 391 | IP_NF_ASSERT(back); |
392 | if (ip6_packet_match(*pskb, indev, outdev, &e->ipv6, | 392 | if (ip6_packet_match(skb, indev, outdev, &e->ipv6, |
393 | &protoff, &offset, &hotdrop)) { | 393 | &protoff, &offset, &hotdrop)) { |
394 | struct ip6t_entry_target *t; | 394 | struct ip6t_entry_target *t; |
395 | 395 | ||
396 | if (IP6T_MATCH_ITERATE(e, do_match, | 396 | if (IP6T_MATCH_ITERATE(e, do_match, |
397 | *pskb, in, out, | 397 | skb, in, out, |
398 | offset, protoff, &hotdrop) != 0) | 398 | offset, protoff, &hotdrop) != 0) |
399 | goto no_match; | 399 | goto no_match; |
400 | 400 | ||
401 | ADD_COUNTER(e->counters, | 401 | ADD_COUNTER(e->counters, |
402 | ntohs(ipv6_hdr(*pskb)->payload_len) | 402 | ntohs(ipv6_hdr(skb)->payload_len) |
403 | + IPV6_HDR_LEN, | 403 | + IPV6_HDR_LEN, |
404 | 1); | 404 | 1); |
405 | 405 | ||
@@ -409,8 +409,8 @@ ip6t_do_table(struct sk_buff **pskb, | |||
409 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ | 409 | #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ |
410 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) | 410 | defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) |
411 | /* The packet is traced: log it */ | 411 | /* The packet is traced: log it */ |
412 | if (unlikely((*pskb)->nf_trace)) | 412 | if (unlikely(skb->nf_trace)) |
413 | trace_packet(*pskb, hook, in, out, | 413 | trace_packet(skb, hook, in, out, |
414 | table->name, private, e); | 414 | table->name, private, e); |
415 | #endif | 415 | #endif |
416 | /* Standard target? */ | 416 | /* Standard target? */ |
@@ -448,7 +448,7 @@ ip6t_do_table(struct sk_buff **pskb, | |||
448 | ((struct ip6t_entry *)table_base)->comefrom | 448 | ((struct ip6t_entry *)table_base)->comefrom |
449 | = 0xeeeeeeec; | 449 | = 0xeeeeeeec; |
450 | #endif | 450 | #endif |
451 | verdict = t->u.kernel.target->target(pskb, | 451 | verdict = t->u.kernel.target->target(skb, |
452 | in, out, | 452 | in, out, |
453 | hook, | 453 | hook, |
454 | t->u.kernel.target, | 454 | t->u.kernel.target, |
diff --git a/net/ipv6/netfilter/ip6t_HL.c b/net/ipv6/netfilter/ip6t_HL.c index ad4d94310b87..9afc836fd454 100644 --- a/net/ipv6/netfilter/ip6t_HL.c +++ b/net/ipv6/netfilter/ip6t_HL.c | |||
@@ -18,7 +18,7 @@ MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>"); | |||
18 | MODULE_DESCRIPTION("IP6 tables Hop Limit modification module"); | 18 | MODULE_DESCRIPTION("IP6 tables Hop Limit modification module"); |
19 | MODULE_LICENSE("GPL"); | 19 | MODULE_LICENSE("GPL"); |
20 | 20 | ||
21 | static unsigned int ip6t_hl_target(struct sk_buff **pskb, | 21 | static unsigned int ip6t_hl_target(struct sk_buff *skb, |
22 | const struct net_device *in, | 22 | const struct net_device *in, |
23 | const struct net_device *out, | 23 | const struct net_device *out, |
24 | unsigned int hooknum, | 24 | unsigned int hooknum, |
@@ -29,10 +29,10 @@ static unsigned int ip6t_hl_target(struct sk_buff **pskb, | |||
29 | const struct ip6t_HL_info *info = targinfo; | 29 | const struct ip6t_HL_info *info = targinfo; |
30 | int new_hl; | 30 | int new_hl; |
31 | 31 | ||
32 | if (!skb_make_writable(pskb, (*pskb)->len)) | 32 | if (!skb_make_writable(skb, skb->len)) |
33 | return NF_DROP; | 33 | return NF_DROP; |
34 | 34 | ||
35 | ip6h = ipv6_hdr(*pskb); | 35 | ip6h = ipv6_hdr(skb); |
36 | 36 | ||
37 | switch (info->mode) { | 37 | switch (info->mode) { |
38 | case IP6T_HL_SET: | 38 | case IP6T_HL_SET: |
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c index 6ab99001dccc..7a48c342df46 100644 --- a/net/ipv6/netfilter/ip6t_LOG.c +++ b/net/ipv6/netfilter/ip6t_LOG.c | |||
@@ -431,7 +431,7 @@ ip6t_log_packet(unsigned int pf, | |||
431 | } | 431 | } |
432 | 432 | ||
433 | static unsigned int | 433 | static unsigned int |
434 | ip6t_log_target(struct sk_buff **pskb, | 434 | ip6t_log_target(struct sk_buff *skb, |
435 | const struct net_device *in, | 435 | const struct net_device *in, |
436 | const struct net_device *out, | 436 | const struct net_device *out, |
437 | unsigned int hooknum, | 437 | unsigned int hooknum, |
@@ -445,8 +445,7 @@ ip6t_log_target(struct sk_buff **pskb, | |||
445 | li.u.log.level = loginfo->level; | 445 | li.u.log.level = loginfo->level; |
446 | li.u.log.logflags = loginfo->logflags; | 446 | li.u.log.logflags = loginfo->logflags; |
447 | 447 | ||
448 | ip6t_log_packet(PF_INET6, hooknum, *pskb, in, out, &li, | 448 | ip6t_log_packet(PF_INET6, hooknum, skb, in, out, &li, loginfo->prefix); |
449 | loginfo->prefix); | ||
450 | return XT_CONTINUE; | 449 | return XT_CONTINUE; |
451 | } | 450 | } |
452 | 451 | ||
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c index 3fd08d5567a6..1a7d2917545d 100644 --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c | |||
@@ -172,7 +172,7 @@ send_unreach(struct sk_buff *skb_in, unsigned char code, unsigned int hooknum) | |||
172 | icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0, NULL); | 172 | icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0, NULL); |
173 | } | 173 | } |
174 | 174 | ||
175 | static unsigned int reject6_target(struct sk_buff **pskb, | 175 | static unsigned int reject6_target(struct sk_buff *skb, |
176 | const struct net_device *in, | 176 | const struct net_device *in, |
177 | const struct net_device *out, | 177 | const struct net_device *out, |
178 | unsigned int hooknum, | 178 | unsigned int hooknum, |
@@ -187,25 +187,25 @@ static unsigned int reject6_target(struct sk_buff **pskb, | |||
187 | must return an absolute verdict. --RR */ | 187 | must return an absolute verdict. --RR */ |
188 | switch (reject->with) { | 188 | switch (reject->with) { |
189 | case IP6T_ICMP6_NO_ROUTE: | 189 | case IP6T_ICMP6_NO_ROUTE: |
190 | send_unreach(*pskb, ICMPV6_NOROUTE, hooknum); | 190 | send_unreach(skb, ICMPV6_NOROUTE, hooknum); |
191 | break; | 191 | break; |
192 | case IP6T_ICMP6_ADM_PROHIBITED: | 192 | case IP6T_ICMP6_ADM_PROHIBITED: |
193 | send_unreach(*pskb, ICMPV6_ADM_PROHIBITED, hooknum); | 193 | send_unreach(skb, ICMPV6_ADM_PROHIBITED, hooknum); |
194 | break; | 194 | break; |
195 | case IP6T_ICMP6_NOT_NEIGHBOUR: | 195 | case IP6T_ICMP6_NOT_NEIGHBOUR: |
196 | send_unreach(*pskb, ICMPV6_NOT_NEIGHBOUR, hooknum); | 196 | send_unreach(skb, ICMPV6_NOT_NEIGHBOUR, hooknum); |
197 | break; | 197 | break; |
198 | case IP6T_ICMP6_ADDR_UNREACH: | 198 | case IP6T_ICMP6_ADDR_UNREACH: |
199 | send_unreach(*pskb, ICMPV6_ADDR_UNREACH, hooknum); | 199 | send_unreach(skb, ICMPV6_ADDR_UNREACH, hooknum); |
200 | break; | 200 | break; |
201 | case IP6T_ICMP6_PORT_UNREACH: | 201 | case IP6T_ICMP6_PORT_UNREACH: |
202 | send_unreach(*pskb, ICMPV6_PORT_UNREACH, hooknum); | 202 | send_unreach(skb, ICMPV6_PORT_UNREACH, hooknum); |
203 | break; | 203 | break; |
204 | case IP6T_ICMP6_ECHOREPLY: | 204 | case IP6T_ICMP6_ECHOREPLY: |
205 | /* Do nothing */ | 205 | /* Do nothing */ |
206 | break; | 206 | break; |
207 | case IP6T_TCP_RESET: | 207 | case IP6T_TCP_RESET: |
208 | send_reset(*pskb); | 208 | send_reset(skb); |
209 | break; | 209 | break; |
210 | default: | 210 | default: |
211 | if (net_ratelimit()) | 211 | if (net_ratelimit()) |
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c index 7e32e2aaf7f7..1d26b202bf30 100644 --- a/net/ipv6/netfilter/ip6table_filter.c +++ b/net/ipv6/netfilter/ip6table_filter.c | |||
@@ -60,32 +60,32 @@ static struct xt_table packet_filter = { | |||
60 | /* The work comes in here from netfilter.c. */ | 60 | /* The work comes in here from netfilter.c. */ |
61 | static unsigned int | 61 | static unsigned int |
62 | ip6t_hook(unsigned int hook, | 62 | ip6t_hook(unsigned int hook, |
63 | struct sk_buff **pskb, | 63 | struct sk_buff *skb, |
64 | const struct net_device *in, | 64 | const struct net_device *in, |
65 | const struct net_device *out, | 65 | const struct net_device *out, |
66 | int (*okfn)(struct sk_buff *)) | 66 | int (*okfn)(struct sk_buff *)) |
67 | { | 67 | { |
68 | return ip6t_do_table(pskb, hook, in, out, &packet_filter); | 68 | return ip6t_do_table(skb, hook, in, out, &packet_filter); |
69 | } | 69 | } |
70 | 70 | ||
71 | static unsigned int | 71 | static unsigned int |
72 | ip6t_local_out_hook(unsigned int hook, | 72 | ip6t_local_out_hook(unsigned int hook, |
73 | struct sk_buff **pskb, | 73 | struct sk_buff *skb, |
74 | const struct net_device *in, | 74 | const struct net_device *in, |
75 | const struct net_device *out, | 75 | const struct net_device *out, |
76 | int (*okfn)(struct sk_buff *)) | 76 | int (*okfn)(struct sk_buff *)) |
77 | { | 77 | { |
78 | #if 0 | 78 | #if 0 |
79 | /* root is playing with raw sockets. */ | 79 | /* root is playing with raw sockets. */ |
80 | if ((*pskb)->len < sizeof(struct iphdr) | 80 | if (skb->len < sizeof(struct iphdr) |
81 | || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { | 81 | || ip_hdrlen(skb) < sizeof(struct iphdr)) { |
82 | if (net_ratelimit()) | 82 | if (net_ratelimit()) |
83 | printk("ip6t_hook: happy cracking.\n"); | 83 | printk("ip6t_hook: happy cracking.\n"); |
84 | return NF_ACCEPT; | 84 | return NF_ACCEPT; |
85 | } | 85 | } |
86 | #endif | 86 | #endif |
87 | 87 | ||
88 | return ip6t_do_table(pskb, hook, in, out, &packet_filter); | 88 | return ip6t_do_table(skb, hook, in, out, &packet_filter); |
89 | } | 89 | } |
90 | 90 | ||
91 | static struct nf_hook_ops ip6t_ops[] = { | 91 | static struct nf_hook_ops ip6t_ops[] = { |
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c index f0a9efa67fb5..a0b6381f1e8c 100644 --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c | |||
@@ -68,17 +68,17 @@ static struct xt_table packet_mangler = { | |||
68 | /* The work comes in here from netfilter.c. */ | 68 | /* The work comes in here from netfilter.c. */ |
69 | static unsigned int | 69 | static unsigned int |
70 | ip6t_route_hook(unsigned int hook, | 70 | ip6t_route_hook(unsigned int hook, |
71 | struct sk_buff **pskb, | 71 | struct sk_buff *skb, |
72 | const struct net_device *in, | 72 | const struct net_device *in, |
73 | const struct net_device *out, | 73 | const struct net_device *out, |
74 | int (*okfn)(struct sk_buff *)) | 74 | int (*okfn)(struct sk_buff *)) |
75 | { | 75 | { |
76 | return ip6t_do_table(pskb, hook, in, out, &packet_mangler); | 76 | return ip6t_do_table(skb, hook, in, out, &packet_mangler); |
77 | } | 77 | } |
78 | 78 | ||
79 | static unsigned int | 79 | static unsigned int |
80 | ip6t_local_hook(unsigned int hook, | 80 | ip6t_local_hook(unsigned int hook, |
81 | struct sk_buff **pskb, | 81 | struct sk_buff *skb, |
82 | const struct net_device *in, | 82 | const struct net_device *in, |
83 | const struct net_device *out, | 83 | const struct net_device *out, |
84 | int (*okfn)(struct sk_buff *)) | 84 | int (*okfn)(struct sk_buff *)) |
@@ -91,8 +91,8 @@ ip6t_local_hook(unsigned int hook, | |||
91 | 91 | ||
92 | #if 0 | 92 | #if 0 |
93 | /* root is playing with raw sockets. */ | 93 | /* root is playing with raw sockets. */ |
94 | if ((*pskb)->len < sizeof(struct iphdr) | 94 | if (skb->len < sizeof(struct iphdr) |
95 | || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { | 95 | || ip_hdrlen(skb) < sizeof(struct iphdr)) { |
96 | if (net_ratelimit()) | 96 | if (net_ratelimit()) |
97 | printk("ip6t_hook: happy cracking.\n"); | 97 | printk("ip6t_hook: happy cracking.\n"); |
98 | return NF_ACCEPT; | 98 | return NF_ACCEPT; |
@@ -100,22 +100,22 @@ ip6t_local_hook(unsigned int hook, | |||
100 | #endif | 100 | #endif |
101 | 101 | ||
102 | /* save source/dest address, mark, hoplimit, flowlabel, priority, */ | 102 | /* save source/dest address, mark, hoplimit, flowlabel, priority, */ |
103 | memcpy(&saddr, &ipv6_hdr(*pskb)->saddr, sizeof(saddr)); | 103 | memcpy(&saddr, &ipv6_hdr(skb)->saddr, sizeof(saddr)); |
104 | memcpy(&daddr, &ipv6_hdr(*pskb)->daddr, sizeof(daddr)); | 104 | memcpy(&daddr, &ipv6_hdr(skb)->daddr, sizeof(daddr)); |
105 | mark = (*pskb)->mark; | 105 | mark = skb->mark; |
106 | hop_limit = ipv6_hdr(*pskb)->hop_limit; | 106 | hop_limit = ipv6_hdr(skb)->hop_limit; |
107 | 107 | ||
108 | /* flowlabel and prio (includes version, which shouldn't change either */ | 108 | /* flowlabel and prio (includes version, which shouldn't change either */ |
109 | flowlabel = *((u_int32_t *)ipv6_hdr(*pskb)); | 109 | flowlabel = *((u_int32_t *)ipv6_hdr(skb)); |
110 | 110 | ||
111 | ret = ip6t_do_table(pskb, hook, in, out, &packet_mangler); | 111 | ret = ip6t_do_table(skb, hook, in, out, &packet_mangler); |
112 | 112 | ||
113 | if (ret != NF_DROP && ret != NF_STOLEN | 113 | if (ret != NF_DROP && ret != NF_STOLEN |
114 | && (memcmp(&ipv6_hdr(*pskb)->saddr, &saddr, sizeof(saddr)) | 114 | && (memcmp(&ipv6_hdr(skb)->saddr, &saddr, sizeof(saddr)) |
115 | || memcmp(&ipv6_hdr(*pskb)->daddr, &daddr, sizeof(daddr)) | 115 | || memcmp(&ipv6_hdr(skb)->daddr, &daddr, sizeof(daddr)) |
116 | || (*pskb)->mark != mark | 116 | || skb->mark != mark |
117 | || ipv6_hdr(*pskb)->hop_limit != hop_limit)) | 117 | || ipv6_hdr(skb)->hop_limit != hop_limit)) |
118 | return ip6_route_me_harder(*pskb) == 0 ? ret : NF_DROP; | 118 | return ip6_route_me_harder(skb) == 0 ? ret : NF_DROP; |
119 | 119 | ||
120 | return ret; | 120 | return ret; |
121 | } | 121 | } |
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c index ec290e4ebdd8..8f7109f991e6 100644 --- a/net/ipv6/netfilter/ip6table_raw.c +++ b/net/ipv6/netfilter/ip6table_raw.c | |||
@@ -46,12 +46,12 @@ static struct xt_table packet_raw = { | |||
46 | /* The work comes in here from netfilter.c. */ | 46 | /* The work comes in here from netfilter.c. */ |
47 | static unsigned int | 47 | static unsigned int |
48 | ip6t_hook(unsigned int hook, | 48 | ip6t_hook(unsigned int hook, |
49 | struct sk_buff **pskb, | 49 | struct sk_buff *skb, |
50 | const struct net_device *in, | 50 | const struct net_device *in, |
51 | const struct net_device *out, | 51 | const struct net_device *out, |
52 | int (*okfn)(struct sk_buff *)) | 52 | int (*okfn)(struct sk_buff *)) |
53 | { | 53 | { |
54 | return ip6t_do_table(pskb, hook, in, out, &packet_raw); | 54 | return ip6t_do_table(skb, hook, in, out, &packet_raw); |
55 | } | 55 | } |
56 | 56 | ||
57 | static struct nf_hook_ops ip6t_ops[] = { | 57 | static struct nf_hook_ops ip6t_ops[] = { |
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c index 37a3db926953..0e40948f4fc6 100644 --- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c +++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | |||
@@ -18,6 +18,7 @@ | |||
18 | #include <linux/icmp.h> | 18 | #include <linux/icmp.h> |
19 | #include <linux/sysctl.h> | 19 | #include <linux/sysctl.h> |
20 | #include <net/ipv6.h> | 20 | #include <net/ipv6.h> |
21 | #include <net/inet_frag.h> | ||
21 | 22 | ||
22 | #include <linux/netfilter_ipv6.h> | 23 | #include <linux/netfilter_ipv6.h> |
23 | #include <net/netfilter/nf_conntrack.h> | 24 | #include <net/netfilter/nf_conntrack.h> |
@@ -145,7 +146,7 @@ static int ipv6_get_l4proto(const struct sk_buff *skb, unsigned int nhoff, | |||
145 | } | 146 | } |
146 | 147 | ||
147 | static unsigned int ipv6_confirm(unsigned int hooknum, | 148 | static unsigned int ipv6_confirm(unsigned int hooknum, |
148 | struct sk_buff **pskb, | 149 | struct sk_buff *skb, |
149 | const struct net_device *in, | 150 | const struct net_device *in, |
150 | const struct net_device *out, | 151 | const struct net_device *out, |
151 | int (*okfn)(struct sk_buff *)) | 152 | int (*okfn)(struct sk_buff *)) |
@@ -155,12 +156,12 @@ static unsigned int ipv6_confirm(unsigned int hooknum, | |||
155 | struct nf_conntrack_helper *helper; | 156 | struct nf_conntrack_helper *helper; |
156 | enum ip_conntrack_info ctinfo; | 157 | enum ip_conntrack_info ctinfo; |
157 | unsigned int ret, protoff; | 158 | unsigned int ret, protoff; |
158 | unsigned int extoff = (u8 *)(ipv6_hdr(*pskb) + 1) - (*pskb)->data; | 159 | unsigned int extoff = (u8 *)(ipv6_hdr(skb) + 1) - skb->data; |
159 | unsigned char pnum = ipv6_hdr(*pskb)->nexthdr; | 160 | unsigned char pnum = ipv6_hdr(skb)->nexthdr; |
160 | 161 | ||
161 | 162 | ||
162 | /* This is where we call the helper: as the packet goes out. */ | 163 | /* This is where we call the helper: as the packet goes out. */ |
163 | ct = nf_ct_get(*pskb, &ctinfo); | 164 | ct = nf_ct_get(skb, &ctinfo); |
164 | if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY) | 165 | if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY) |
165 | goto out; | 166 | goto out; |
166 | 167 | ||
@@ -172,23 +173,23 @@ static unsigned int ipv6_confirm(unsigned int hooknum, | |||
172 | if (!helper) | 173 | if (!helper) |
173 | goto out; | 174 | goto out; |
174 | 175 | ||
175 | protoff = nf_ct_ipv6_skip_exthdr(*pskb, extoff, &pnum, | 176 | protoff = nf_ct_ipv6_skip_exthdr(skb, extoff, &pnum, |
176 | (*pskb)->len - extoff); | 177 | skb->len - extoff); |
177 | if (protoff > (*pskb)->len || pnum == NEXTHDR_FRAGMENT) { | 178 | if (protoff > skb->len || pnum == NEXTHDR_FRAGMENT) { |
178 | pr_debug("proto header not found\n"); | 179 | pr_debug("proto header not found\n"); |
179 | return NF_ACCEPT; | 180 | return NF_ACCEPT; |
180 | } | 181 | } |
181 | 182 | ||
182 | ret = helper->help(pskb, protoff, ct, ctinfo); | 183 | ret = helper->help(skb, protoff, ct, ctinfo); |
183 | if (ret != NF_ACCEPT) | 184 | if (ret != NF_ACCEPT) |
184 | return ret; | 185 | return ret; |
185 | out: | 186 | out: |
186 | /* We've seen it coming out the other side: confirm it */ | 187 | /* We've seen it coming out the other side: confirm it */ |
187 | return nf_conntrack_confirm(pskb); | 188 | return nf_conntrack_confirm(skb); |
188 | } | 189 | } |
189 | 190 | ||
190 | static unsigned int ipv6_defrag(unsigned int hooknum, | 191 | static unsigned int ipv6_defrag(unsigned int hooknum, |
191 | struct sk_buff **pskb, | 192 | struct sk_buff *skb, |
192 | const struct net_device *in, | 193 | const struct net_device *in, |
193 | const struct net_device *out, | 194 | const struct net_device *out, |
194 | int (*okfn)(struct sk_buff *)) | 195 | int (*okfn)(struct sk_buff *)) |
@@ -196,17 +197,17 @@ static unsigned int ipv6_defrag(unsigned int hooknum, | |||
196 | struct sk_buff *reasm; | 197 | struct sk_buff *reasm; |
197 | 198 | ||
198 | /* Previously seen (loopback)? */ | 199 | /* Previously seen (loopback)? */ |
199 | if ((*pskb)->nfct) | 200 | if (skb->nfct) |
200 | return NF_ACCEPT; | 201 | return NF_ACCEPT; |
201 | 202 | ||
202 | reasm = nf_ct_frag6_gather(*pskb); | 203 | reasm = nf_ct_frag6_gather(skb); |
203 | 204 | ||
204 | /* queued */ | 205 | /* queued */ |
205 | if (reasm == NULL) | 206 | if (reasm == NULL) |
206 | return NF_STOLEN; | 207 | return NF_STOLEN; |
207 | 208 | ||
208 | /* error occured or not fragmented */ | 209 | /* error occured or not fragmented */ |
209 | if (reasm == *pskb) | 210 | if (reasm == skb) |
210 | return NF_ACCEPT; | 211 | return NF_ACCEPT; |
211 | 212 | ||
212 | nf_ct_frag6_output(hooknum, reasm, (struct net_device *)in, | 213 | nf_ct_frag6_output(hooknum, reasm, (struct net_device *)in, |
@@ -216,12 +217,12 @@ static unsigned int ipv6_defrag(unsigned int hooknum, | |||
216 | } | 217 | } |
217 | 218 | ||
218 | static unsigned int ipv6_conntrack_in(unsigned int hooknum, | 219 | static unsigned int ipv6_conntrack_in(unsigned int hooknum, |
219 | struct sk_buff **pskb, | 220 | struct sk_buff *skb, |
220 | const struct net_device *in, | 221 | const struct net_device *in, |
221 | const struct net_device *out, | 222 | const struct net_device *out, |
222 | int (*okfn)(struct sk_buff *)) | 223 | int (*okfn)(struct sk_buff *)) |
223 | { | 224 | { |
224 | struct sk_buff *reasm = (*pskb)->nfct_reasm; | 225 | struct sk_buff *reasm = skb->nfct_reasm; |
225 | 226 | ||
226 | /* This packet is fragmented and has reassembled packet. */ | 227 | /* This packet is fragmented and has reassembled packet. */ |
227 | if (reasm) { | 228 | if (reasm) { |
@@ -229,32 +230,32 @@ static unsigned int ipv6_conntrack_in(unsigned int hooknum, | |||
229 | if (!reasm->nfct) { | 230 | if (!reasm->nfct) { |
230 | unsigned int ret; | 231 | unsigned int ret; |
231 | 232 | ||
232 | ret = nf_conntrack_in(PF_INET6, hooknum, &reasm); | 233 | ret = nf_conntrack_in(PF_INET6, hooknum, reasm); |
233 | if (ret != NF_ACCEPT) | 234 | if (ret != NF_ACCEPT) |
234 | return ret; | 235 | return ret; |
235 | } | 236 | } |
236 | nf_conntrack_get(reasm->nfct); | 237 | nf_conntrack_get(reasm->nfct); |
237 | (*pskb)->nfct = reasm->nfct; | 238 | skb->nfct = reasm->nfct; |
238 | (*pskb)->nfctinfo = reasm->nfctinfo; | 239 | skb->nfctinfo = reasm->nfctinfo; |
239 | return NF_ACCEPT; | 240 | return NF_ACCEPT; |
240 | } | 241 | } |
241 | 242 | ||
242 | return nf_conntrack_in(PF_INET6, hooknum, pskb); | 243 | return nf_conntrack_in(PF_INET6, hooknum, skb); |
243 | } | 244 | } |
244 | 245 | ||
245 | static unsigned int ipv6_conntrack_local(unsigned int hooknum, | 246 | static unsigned int ipv6_conntrack_local(unsigned int hooknum, |
246 | struct sk_buff **pskb, | 247 | struct sk_buff *skb, |
247 | const struct net_device *in, | 248 | const struct net_device *in, |
248 | const struct net_device *out, | 249 | const struct net_device *out, |
249 | int (*okfn)(struct sk_buff *)) | 250 | int (*okfn)(struct sk_buff *)) |
250 | { | 251 | { |
251 | /* root is playing with raw sockets. */ | 252 | /* root is playing with raw sockets. */ |
252 | if ((*pskb)->len < sizeof(struct ipv6hdr)) { | 253 | if (skb->len < sizeof(struct ipv6hdr)) { |
253 | if (net_ratelimit()) | 254 | if (net_ratelimit()) |
254 | printk("ipv6_conntrack_local: packet too short\n"); | 255 | printk("ipv6_conntrack_local: packet too short\n"); |
255 | return NF_ACCEPT; | 256 | return NF_ACCEPT; |
256 | } | 257 | } |
257 | return ipv6_conntrack_in(hooknum, pskb, in, out, okfn); | 258 | return ipv6_conntrack_in(hooknum, skb, in, out, okfn); |
258 | } | 259 | } |
259 | 260 | ||
260 | static struct nf_hook_ops ipv6_conntrack_ops[] = { | 261 | static struct nf_hook_ops ipv6_conntrack_ops[] = { |
@@ -307,7 +308,7 @@ static ctl_table nf_ct_ipv6_sysctl_table[] = { | |||
307 | { | 308 | { |
308 | .ctl_name = NET_NF_CONNTRACK_FRAG6_TIMEOUT, | 309 | .ctl_name = NET_NF_CONNTRACK_FRAG6_TIMEOUT, |
309 | .procname = "nf_conntrack_frag6_timeout", | 310 | .procname = "nf_conntrack_frag6_timeout", |
310 | .data = &nf_ct_frag6_timeout, | 311 | .data = &nf_frags_ctl.timeout, |
311 | .maxlen = sizeof(unsigned int), | 312 | .maxlen = sizeof(unsigned int), |
312 | .mode = 0644, | 313 | .mode = 0644, |
313 | .proc_handler = &proc_dointvec_jiffies, | 314 | .proc_handler = &proc_dointvec_jiffies, |
@@ -315,7 +316,7 @@ static ctl_table nf_ct_ipv6_sysctl_table[] = { | |||
315 | { | 316 | { |
316 | .ctl_name = NET_NF_CONNTRACK_FRAG6_LOW_THRESH, | 317 | .ctl_name = NET_NF_CONNTRACK_FRAG6_LOW_THRESH, |
317 | .procname = "nf_conntrack_frag6_low_thresh", | 318 | .procname = "nf_conntrack_frag6_low_thresh", |
318 | .data = &nf_ct_frag6_low_thresh, | 319 | .data = &nf_frags_ctl.low_thresh, |
319 | .maxlen = sizeof(unsigned int), | 320 | .maxlen = sizeof(unsigned int), |
320 | .mode = 0644, | 321 | .mode = 0644, |
321 | .proc_handler = &proc_dointvec, | 322 | .proc_handler = &proc_dointvec, |
@@ -323,7 +324,7 @@ static ctl_table nf_ct_ipv6_sysctl_table[] = { | |||
323 | { | 324 | { |
324 | .ctl_name = NET_NF_CONNTRACK_FRAG6_HIGH_THRESH, | 325 | .ctl_name = NET_NF_CONNTRACK_FRAG6_HIGH_THRESH, |
325 | .procname = "nf_conntrack_frag6_high_thresh", | 326 | .procname = "nf_conntrack_frag6_high_thresh", |
326 | .data = &nf_ct_frag6_high_thresh, | 327 | .data = &nf_frags_ctl.high_thresh, |
327 | .maxlen = sizeof(unsigned int), | 328 | .maxlen = sizeof(unsigned int), |
328 | .mode = 0644, | 329 | .mode = 0644, |
329 | .proc_handler = &proc_dointvec, | 330 | .proc_handler = &proc_dointvec, |
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index 25442a8c1ba8..726fafd41961 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c | |||
@@ -31,6 +31,7 @@ | |||
31 | 31 | ||
32 | #include <net/sock.h> | 32 | #include <net/sock.h> |
33 | #include <net/snmp.h> | 33 | #include <net/snmp.h> |
34 | #include <net/inet_frag.h> | ||
34 | 35 | ||
35 | #include <net/ipv6.h> | 36 | #include <net/ipv6.h> |
36 | #include <net/protocol.h> | 37 | #include <net/protocol.h> |
@@ -48,10 +49,6 @@ | |||
48 | #define NF_CT_FRAG6_LOW_THRESH 196608 /* == 192*1024 */ | 49 | #define NF_CT_FRAG6_LOW_THRESH 196608 /* == 192*1024 */ |
49 | #define NF_CT_FRAG6_TIMEOUT IPV6_FRAG_TIMEOUT | 50 | #define NF_CT_FRAG6_TIMEOUT IPV6_FRAG_TIMEOUT |
50 | 51 | ||
51 | unsigned int nf_ct_frag6_high_thresh __read_mostly = 256*1024; | ||
52 | unsigned int nf_ct_frag6_low_thresh __read_mostly = 192*1024; | ||
53 | unsigned long nf_ct_frag6_timeout __read_mostly = IPV6_FRAG_TIMEOUT; | ||
54 | |||
55 | struct nf_ct_frag6_skb_cb | 52 | struct nf_ct_frag6_skb_cb |
56 | { | 53 | { |
57 | struct inet6_skb_parm h; | 54 | struct inet6_skb_parm h; |
@@ -63,51 +60,24 @@ struct nf_ct_frag6_skb_cb | |||
63 | 60 | ||
64 | struct nf_ct_frag6_queue | 61 | struct nf_ct_frag6_queue |
65 | { | 62 | { |
66 | struct hlist_node list; | 63 | struct inet_frag_queue q; |
67 | struct list_head lru_list; /* lru list member */ | ||
68 | 64 | ||
69 | __be32 id; /* fragment id */ | 65 | __be32 id; /* fragment id */ |
70 | struct in6_addr saddr; | 66 | struct in6_addr saddr; |
71 | struct in6_addr daddr; | 67 | struct in6_addr daddr; |
72 | 68 | ||
73 | spinlock_t lock; | ||
74 | atomic_t refcnt; | ||
75 | struct timer_list timer; /* expire timer */ | ||
76 | struct sk_buff *fragments; | ||
77 | int len; | ||
78 | int meat; | ||
79 | ktime_t stamp; | ||
80 | unsigned int csum; | 69 | unsigned int csum; |
81 | __u8 last_in; /* has first/last segment arrived? */ | ||
82 | #define COMPLETE 4 | ||
83 | #define FIRST_IN 2 | ||
84 | #define LAST_IN 1 | ||
85 | __u16 nhoffset; | 70 | __u16 nhoffset; |
86 | }; | 71 | }; |
87 | 72 | ||
88 | /* Hash table. */ | 73 | struct inet_frags_ctl nf_frags_ctl __read_mostly = { |
89 | 74 | .high_thresh = 256 * 1024, | |
90 | #define FRAG6Q_HASHSZ 64 | 75 | .low_thresh = 192 * 1024, |
91 | 76 | .timeout = IPV6_FRAG_TIMEOUT, | |
92 | static struct hlist_head nf_ct_frag6_hash[FRAG6Q_HASHSZ]; | 77 | .secret_interval = 10 * 60 * HZ, |
93 | static DEFINE_RWLOCK(nf_ct_frag6_lock); | 78 | }; |
94 | static u32 nf_ct_frag6_hash_rnd; | ||
95 | static LIST_HEAD(nf_ct_frag6_lru_list); | ||
96 | int nf_ct_frag6_nqueues = 0; | ||
97 | |||
98 | static __inline__ void __fq_unlink(struct nf_ct_frag6_queue *fq) | ||
99 | { | ||
100 | hlist_del(&fq->list); | ||
101 | list_del(&fq->lru_list); | ||
102 | nf_ct_frag6_nqueues--; | ||
103 | } | ||
104 | 79 | ||
105 | static __inline__ void fq_unlink(struct nf_ct_frag6_queue *fq) | 80 | static struct inet_frags nf_frags; |
106 | { | ||
107 | write_lock(&nf_ct_frag6_lock); | ||
108 | __fq_unlink(fq); | ||
109 | write_unlock(&nf_ct_frag6_lock); | ||
110 | } | ||
111 | 81 | ||
112 | static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr, | 82 | static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr, |
113 | struct in6_addr *daddr) | 83 | struct in6_addr *daddr) |
@@ -120,7 +90,7 @@ static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr, | |||
120 | 90 | ||
121 | a += JHASH_GOLDEN_RATIO; | 91 | a += JHASH_GOLDEN_RATIO; |
122 | b += JHASH_GOLDEN_RATIO; | 92 | b += JHASH_GOLDEN_RATIO; |
123 | c += nf_ct_frag6_hash_rnd; | 93 | c += nf_frags.rnd; |
124 | __jhash_mix(a, b, c); | 94 | __jhash_mix(a, b, c); |
125 | 95 | ||
126 | a += (__force u32)saddr->s6_addr32[3]; | 96 | a += (__force u32)saddr->s6_addr32[3]; |
@@ -133,100 +103,54 @@ static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr, | |||
133 | c += (__force u32)id; | 103 | c += (__force u32)id; |
134 | __jhash_mix(a, b, c); | 104 | __jhash_mix(a, b, c); |
135 | 105 | ||
136 | return c & (FRAG6Q_HASHSZ - 1); | 106 | return c & (INETFRAGS_HASHSZ - 1); |
137 | } | 107 | } |
138 | 108 | ||
139 | static struct timer_list nf_ct_frag6_secret_timer; | 109 | static unsigned int nf_hashfn(struct inet_frag_queue *q) |
140 | int nf_ct_frag6_secret_interval = 10 * 60 * HZ; | ||
141 | |||
142 | static void nf_ct_frag6_secret_rebuild(unsigned long dummy) | ||
143 | { | 110 | { |
144 | unsigned long now = jiffies; | 111 | struct nf_ct_frag6_queue *nq; |
145 | int i; | ||
146 | |||
147 | write_lock(&nf_ct_frag6_lock); | ||
148 | get_random_bytes(&nf_ct_frag6_hash_rnd, sizeof(u32)); | ||
149 | for (i = 0; i < FRAG6Q_HASHSZ; i++) { | ||
150 | struct nf_ct_frag6_queue *q; | ||
151 | struct hlist_node *p, *n; | ||
152 | |||
153 | hlist_for_each_entry_safe(q, p, n, &nf_ct_frag6_hash[i], list) { | ||
154 | unsigned int hval = ip6qhashfn(q->id, | ||
155 | &q->saddr, | ||
156 | &q->daddr); | ||
157 | if (hval != i) { | ||
158 | hlist_del(&q->list); | ||
159 | /* Relink to new hash chain. */ | ||
160 | hlist_add_head(&q->list, | ||
161 | &nf_ct_frag6_hash[hval]); | ||
162 | } | ||
163 | } | ||
164 | } | ||
165 | write_unlock(&nf_ct_frag6_lock); | ||
166 | 112 | ||
167 | mod_timer(&nf_ct_frag6_secret_timer, now + nf_ct_frag6_secret_interval); | 113 | nq = container_of(q, struct nf_ct_frag6_queue, q); |
114 | return ip6qhashfn(nq->id, &nq->saddr, &nq->daddr); | ||
168 | } | 115 | } |
169 | 116 | ||
170 | atomic_t nf_ct_frag6_mem = ATOMIC_INIT(0); | 117 | static void nf_skb_free(struct sk_buff *skb) |
118 | { | ||
119 | if (NFCT_FRAG6_CB(skb)->orig) | ||
120 | kfree_skb(NFCT_FRAG6_CB(skb)->orig); | ||
121 | } | ||
171 | 122 | ||
172 | /* Memory Tracking Functions. */ | 123 | /* Memory Tracking Functions. */ |
173 | static inline void frag_kfree_skb(struct sk_buff *skb, unsigned int *work) | 124 | static inline void frag_kfree_skb(struct sk_buff *skb, unsigned int *work) |
174 | { | 125 | { |
175 | if (work) | 126 | if (work) |
176 | *work -= skb->truesize; | 127 | *work -= skb->truesize; |
177 | atomic_sub(skb->truesize, &nf_ct_frag6_mem); | 128 | atomic_sub(skb->truesize, &nf_frags.mem); |
178 | if (NFCT_FRAG6_CB(skb)->orig) | 129 | nf_skb_free(skb); |
179 | kfree_skb(NFCT_FRAG6_CB(skb)->orig); | ||
180 | |||
181 | kfree_skb(skb); | 130 | kfree_skb(skb); |
182 | } | 131 | } |
183 | 132 | ||
184 | static inline void frag_free_queue(struct nf_ct_frag6_queue *fq, | 133 | static void nf_frag_free(struct inet_frag_queue *q) |
185 | unsigned int *work) | ||
186 | { | 134 | { |
187 | if (work) | 135 | kfree(container_of(q, struct nf_ct_frag6_queue, q)); |
188 | *work -= sizeof(struct nf_ct_frag6_queue); | ||
189 | atomic_sub(sizeof(struct nf_ct_frag6_queue), &nf_ct_frag6_mem); | ||
190 | kfree(fq); | ||
191 | } | 136 | } |
192 | 137 | ||
193 | static inline struct nf_ct_frag6_queue *frag_alloc_queue(void) | 138 | static inline struct nf_ct_frag6_queue *frag_alloc_queue(void) |
194 | { | 139 | { |
195 | struct nf_ct_frag6_queue *fq = kmalloc(sizeof(struct nf_ct_frag6_queue), GFP_ATOMIC); | 140 | struct nf_ct_frag6_queue *fq; |
196 | 141 | ||
197 | if (!fq) | 142 | fq = kzalloc(sizeof(struct nf_ct_frag6_queue), GFP_ATOMIC); |
143 | if (fq == NULL) | ||
198 | return NULL; | 144 | return NULL; |
199 | atomic_add(sizeof(struct nf_ct_frag6_queue), &nf_ct_frag6_mem); | 145 | atomic_add(sizeof(struct nf_ct_frag6_queue), &nf_frags.mem); |
200 | return fq; | 146 | return fq; |
201 | } | 147 | } |
202 | 148 | ||
203 | /* Destruction primitives. */ | 149 | /* Destruction primitives. */ |
204 | 150 | ||
205 | /* Complete destruction of fq. */ | 151 | static __inline__ void fq_put(struct nf_ct_frag6_queue *fq) |
206 | static void nf_ct_frag6_destroy(struct nf_ct_frag6_queue *fq, | ||
207 | unsigned int *work) | ||
208 | { | 152 | { |
209 | struct sk_buff *fp; | 153 | inet_frag_put(&fq->q, &nf_frags); |
210 | |||
211 | BUG_TRAP(fq->last_in&COMPLETE); | ||
212 | BUG_TRAP(del_timer(&fq->timer) == 0); | ||
213 | |||
214 | /* Release all fragment data. */ | ||
215 | fp = fq->fragments; | ||
216 | while (fp) { | ||
217 | struct sk_buff *xp = fp->next; | ||
218 | |||
219 | frag_kfree_skb(fp, work); | ||
220 | fp = xp; | ||
221 | } | ||
222 | |||
223 | frag_free_queue(fq, work); | ||
224 | } | ||
225 | |||
226 | static __inline__ void fq_put(struct nf_ct_frag6_queue *fq, unsigned int *work) | ||
227 | { | ||
228 | if (atomic_dec_and_test(&fq->refcnt)) | ||
229 | nf_ct_frag6_destroy(fq, work); | ||
230 | } | 154 | } |
231 | 155 | ||
232 | /* Kill fq entry. It is not destroyed immediately, | 156 | /* Kill fq entry. It is not destroyed immediately, |
@@ -234,62 +158,28 @@ static __inline__ void fq_put(struct nf_ct_frag6_queue *fq, unsigned int *work) | |||
234 | */ | 158 | */ |
235 | static __inline__ void fq_kill(struct nf_ct_frag6_queue *fq) | 159 | static __inline__ void fq_kill(struct nf_ct_frag6_queue *fq) |
236 | { | 160 | { |
237 | if (del_timer(&fq->timer)) | 161 | inet_frag_kill(&fq->q, &nf_frags); |
238 | atomic_dec(&fq->refcnt); | ||
239 | |||
240 | if (!(fq->last_in & COMPLETE)) { | ||
241 | fq_unlink(fq); | ||
242 | atomic_dec(&fq->refcnt); | ||
243 | fq->last_in |= COMPLETE; | ||
244 | } | ||
245 | } | 162 | } |
246 | 163 | ||
247 | static void nf_ct_frag6_evictor(void) | 164 | static void nf_ct_frag6_evictor(void) |
248 | { | 165 | { |
249 | struct nf_ct_frag6_queue *fq; | 166 | inet_frag_evictor(&nf_frags); |
250 | struct list_head *tmp; | ||
251 | unsigned int work; | ||
252 | |||
253 | work = atomic_read(&nf_ct_frag6_mem); | ||
254 | if (work <= nf_ct_frag6_low_thresh) | ||
255 | return; | ||
256 | |||
257 | work -= nf_ct_frag6_low_thresh; | ||
258 | while (work > 0) { | ||
259 | read_lock(&nf_ct_frag6_lock); | ||
260 | if (list_empty(&nf_ct_frag6_lru_list)) { | ||
261 | read_unlock(&nf_ct_frag6_lock); | ||
262 | return; | ||
263 | } | ||
264 | tmp = nf_ct_frag6_lru_list.next; | ||
265 | BUG_ON(tmp == NULL); | ||
266 | fq = list_entry(tmp, struct nf_ct_frag6_queue, lru_list); | ||
267 | atomic_inc(&fq->refcnt); | ||
268 | read_unlock(&nf_ct_frag6_lock); | ||
269 | |||
270 | spin_lock(&fq->lock); | ||
271 | if (!(fq->last_in&COMPLETE)) | ||
272 | fq_kill(fq); | ||
273 | spin_unlock(&fq->lock); | ||
274 | |||
275 | fq_put(fq, &work); | ||
276 | } | ||
277 | } | 167 | } |
278 | 168 | ||
279 | static void nf_ct_frag6_expire(unsigned long data) | 169 | static void nf_ct_frag6_expire(unsigned long data) |
280 | { | 170 | { |
281 | struct nf_ct_frag6_queue *fq = (struct nf_ct_frag6_queue *) data; | 171 | struct nf_ct_frag6_queue *fq = (struct nf_ct_frag6_queue *) data; |
282 | 172 | ||
283 | spin_lock(&fq->lock); | 173 | spin_lock(&fq->q.lock); |
284 | 174 | ||
285 | if (fq->last_in & COMPLETE) | 175 | if (fq->q.last_in & COMPLETE) |
286 | goto out; | 176 | goto out; |
287 | 177 | ||
288 | fq_kill(fq); | 178 | fq_kill(fq); |
289 | 179 | ||
290 | out: | 180 | out: |
291 | spin_unlock(&fq->lock); | 181 | spin_unlock(&fq->q.lock); |
292 | fq_put(fq, NULL); | 182 | fq_put(fq); |
293 | } | 183 | } |
294 | 184 | ||
295 | /* Creation primitives. */ | 185 | /* Creation primitives. */ |
@@ -302,31 +192,31 @@ static struct nf_ct_frag6_queue *nf_ct_frag6_intern(unsigned int hash, | |||
302 | struct hlist_node *n; | 192 | struct hlist_node *n; |
303 | #endif | 193 | #endif |
304 | 194 | ||
305 | write_lock(&nf_ct_frag6_lock); | 195 | write_lock(&nf_frags.lock); |
306 | #ifdef CONFIG_SMP | 196 | #ifdef CONFIG_SMP |
307 | hlist_for_each_entry(fq, n, &nf_ct_frag6_hash[hash], list) { | 197 | hlist_for_each_entry(fq, n, &nf_frags.hash[hash], q.list) { |
308 | if (fq->id == fq_in->id && | 198 | if (fq->id == fq_in->id && |
309 | ipv6_addr_equal(&fq_in->saddr, &fq->saddr) && | 199 | ipv6_addr_equal(&fq_in->saddr, &fq->saddr) && |
310 | ipv6_addr_equal(&fq_in->daddr, &fq->daddr)) { | 200 | ipv6_addr_equal(&fq_in->daddr, &fq->daddr)) { |
311 | atomic_inc(&fq->refcnt); | 201 | atomic_inc(&fq->q.refcnt); |
312 | write_unlock(&nf_ct_frag6_lock); | 202 | write_unlock(&nf_frags.lock); |
313 | fq_in->last_in |= COMPLETE; | 203 | fq_in->q.last_in |= COMPLETE; |
314 | fq_put(fq_in, NULL); | 204 | fq_put(fq_in); |
315 | return fq; | 205 | return fq; |
316 | } | 206 | } |
317 | } | 207 | } |
318 | #endif | 208 | #endif |
319 | fq = fq_in; | 209 | fq = fq_in; |
320 | 210 | ||
321 | if (!mod_timer(&fq->timer, jiffies + nf_ct_frag6_timeout)) | 211 | if (!mod_timer(&fq->q.timer, jiffies + nf_frags_ctl.timeout)) |
322 | atomic_inc(&fq->refcnt); | 212 | atomic_inc(&fq->q.refcnt); |
323 | 213 | ||
324 | atomic_inc(&fq->refcnt); | 214 | atomic_inc(&fq->q.refcnt); |
325 | hlist_add_head(&fq->list, &nf_ct_frag6_hash[hash]); | 215 | hlist_add_head(&fq->q.list, &nf_frags.hash[hash]); |
326 | INIT_LIST_HEAD(&fq->lru_list); | 216 | INIT_LIST_HEAD(&fq->q.lru_list); |
327 | list_add_tail(&fq->lru_list, &nf_ct_frag6_lru_list); | 217 | list_add_tail(&fq->q.lru_list, &nf_frags.lru_list); |
328 | nf_ct_frag6_nqueues++; | 218 | nf_frags.nqueues++; |
329 | write_unlock(&nf_ct_frag6_lock); | 219 | write_unlock(&nf_frags.lock); |
330 | return fq; | 220 | return fq; |
331 | } | 221 | } |
332 | 222 | ||
@@ -341,15 +231,13 @@ nf_ct_frag6_create(unsigned int hash, __be32 id, struct in6_addr *src, str | |||
341 | goto oom; | 231 | goto oom; |
342 | } | 232 | } |
343 | 233 | ||
344 | memset(fq, 0, sizeof(struct nf_ct_frag6_queue)); | ||
345 | |||
346 | fq->id = id; | 234 | fq->id = id; |
347 | ipv6_addr_copy(&fq->saddr, src); | 235 | ipv6_addr_copy(&fq->saddr, src); |
348 | ipv6_addr_copy(&fq->daddr, dst); | 236 | ipv6_addr_copy(&fq->daddr, dst); |
349 | 237 | ||
350 | setup_timer(&fq->timer, nf_ct_frag6_expire, (unsigned long)fq); | 238 | setup_timer(&fq->q.timer, nf_ct_frag6_expire, (unsigned long)fq); |
351 | spin_lock_init(&fq->lock); | 239 | spin_lock_init(&fq->q.lock); |
352 | atomic_set(&fq->refcnt, 1); | 240 | atomic_set(&fq->q.refcnt, 1); |
353 | 241 | ||
354 | return nf_ct_frag6_intern(hash, fq); | 242 | return nf_ct_frag6_intern(hash, fq); |
355 | 243 | ||
@@ -364,17 +252,17 @@ fq_find(__be32 id, struct in6_addr *src, struct in6_addr *dst) | |||
364 | struct hlist_node *n; | 252 | struct hlist_node *n; |
365 | unsigned int hash = ip6qhashfn(id, src, dst); | 253 | unsigned int hash = ip6qhashfn(id, src, dst); |
366 | 254 | ||
367 | read_lock(&nf_ct_frag6_lock); | 255 | read_lock(&nf_frags.lock); |
368 | hlist_for_each_entry(fq, n, &nf_ct_frag6_hash[hash], list) { | 256 | hlist_for_each_entry(fq, n, &nf_frags.hash[hash], q.list) { |
369 | if (fq->id == id && | 257 | if (fq->id == id && |
370 | ipv6_addr_equal(src, &fq->saddr) && | 258 | ipv6_addr_equal(src, &fq->saddr) && |
371 | ipv6_addr_equal(dst, &fq->daddr)) { | 259 | ipv6_addr_equal(dst, &fq->daddr)) { |
372 | atomic_inc(&fq->refcnt); | 260 | atomic_inc(&fq->q.refcnt); |
373 | read_unlock(&nf_ct_frag6_lock); | 261 | read_unlock(&nf_frags.lock); |
374 | return fq; | 262 | return fq; |
375 | } | 263 | } |
376 | } | 264 | } |
377 | read_unlock(&nf_ct_frag6_lock); | 265 | read_unlock(&nf_frags.lock); |
378 | 266 | ||
379 | return nf_ct_frag6_create(hash, id, src, dst); | 267 | return nf_ct_frag6_create(hash, id, src, dst); |
380 | } | 268 | } |
@@ -386,7 +274,7 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb, | |||
386 | struct sk_buff *prev, *next; | 274 | struct sk_buff *prev, *next; |
387 | int offset, end; | 275 | int offset, end; |
388 | 276 | ||
389 | if (fq->last_in & COMPLETE) { | 277 | if (fq->q.last_in & COMPLETE) { |
390 | pr_debug("Allready completed\n"); | 278 | pr_debug("Allready completed\n"); |
391 | goto err; | 279 | goto err; |
392 | } | 280 | } |
@@ -412,13 +300,13 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb, | |||
412 | /* If we already have some bits beyond end | 300 | /* If we already have some bits beyond end |
413 | * or have different end, the segment is corrupted. | 301 | * or have different end, the segment is corrupted. |
414 | */ | 302 | */ |
415 | if (end < fq->len || | 303 | if (end < fq->q.len || |
416 | ((fq->last_in & LAST_IN) && end != fq->len)) { | 304 | ((fq->q.last_in & LAST_IN) && end != fq->q.len)) { |
417 | pr_debug("already received last fragment\n"); | 305 | pr_debug("already received last fragment\n"); |
418 | goto err; | 306 | goto err; |
419 | } | 307 | } |
420 | fq->last_in |= LAST_IN; | 308 | fq->q.last_in |= LAST_IN; |
421 | fq->len = end; | 309 | fq->q.len = end; |
422 | } else { | 310 | } else { |
423 | /* Check if the fragment is rounded to 8 bytes. | 311 | /* Check if the fragment is rounded to 8 bytes. |
424 | * Required by the RFC. | 312 | * Required by the RFC. |
@@ -430,13 +318,13 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb, | |||
430 | pr_debug("end of fragment not rounded to 8 bytes.\n"); | 318 | pr_debug("end of fragment not rounded to 8 bytes.\n"); |
431 | return -1; | 319 | return -1; |
432 | } | 320 | } |
433 | if (end > fq->len) { | 321 | if (end > fq->q.len) { |
434 | /* Some bits beyond end -> corruption. */ | 322 | /* Some bits beyond end -> corruption. */ |
435 | if (fq->last_in & LAST_IN) { | 323 | if (fq->q.last_in & LAST_IN) { |
436 | pr_debug("last packet already reached.\n"); | 324 | pr_debug("last packet already reached.\n"); |
437 | goto err; | 325 | goto err; |
438 | } | 326 | } |
439 | fq->len = end; | 327 | fq->q.len = end; |
440 | } | 328 | } |
441 | } | 329 | } |
442 | 330 | ||
@@ -458,7 +346,7 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb, | |||
458 | * this fragment, right? | 346 | * this fragment, right? |
459 | */ | 347 | */ |
460 | prev = NULL; | 348 | prev = NULL; |
461 | for (next = fq->fragments; next != NULL; next = next->next) { | 349 | for (next = fq->q.fragments; next != NULL; next = next->next) { |
462 | if (NFCT_FRAG6_CB(next)->offset >= offset) | 350 | if (NFCT_FRAG6_CB(next)->offset >= offset) |
463 | break; /* bingo! */ | 351 | break; /* bingo! */ |
464 | prev = next; | 352 | prev = next; |
@@ -503,7 +391,7 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb, | |||
503 | 391 | ||
504 | /* next fragment */ | 392 | /* next fragment */ |
505 | NFCT_FRAG6_CB(next)->offset += i; | 393 | NFCT_FRAG6_CB(next)->offset += i; |
506 | fq->meat -= i; | 394 | fq->q.meat -= i; |
507 | if (next->ip_summed != CHECKSUM_UNNECESSARY) | 395 | if (next->ip_summed != CHECKSUM_UNNECESSARY) |
508 | next->ip_summed = CHECKSUM_NONE; | 396 | next->ip_summed = CHECKSUM_NONE; |
509 | break; | 397 | break; |
@@ -518,9 +406,9 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb, | |||
518 | if (prev) | 406 | if (prev) |
519 | prev->next = next; | 407 | prev->next = next; |
520 | else | 408 | else |
521 | fq->fragments = next; | 409 | fq->q.fragments = next; |
522 | 410 | ||
523 | fq->meat -= free_it->len; | 411 | fq->q.meat -= free_it->len; |
524 | frag_kfree_skb(free_it, NULL); | 412 | frag_kfree_skb(free_it, NULL); |
525 | } | 413 | } |
526 | } | 414 | } |
@@ -532,23 +420,23 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb, | |||
532 | if (prev) | 420 | if (prev) |
533 | prev->next = skb; | 421 | prev->next = skb; |
534 | else | 422 | else |
535 | fq->fragments = skb; | 423 | fq->q.fragments = skb; |
536 | 424 | ||
537 | skb->dev = NULL; | 425 | skb->dev = NULL; |
538 | fq->stamp = skb->tstamp; | 426 | fq->q.stamp = skb->tstamp; |
539 | fq->meat += skb->len; | 427 | fq->q.meat += skb->len; |
540 | atomic_add(skb->truesize, &nf_ct_frag6_mem); | 428 | atomic_add(skb->truesize, &nf_frags.mem); |
541 | 429 | ||
542 | /* The first fragment. | 430 | /* The first fragment. |
543 | * nhoffset is obtained from the first fragment, of course. | 431 | * nhoffset is obtained from the first fragment, of course. |
544 | */ | 432 | */ |
545 | if (offset == 0) { | 433 | if (offset == 0) { |
546 | fq->nhoffset = nhoff; | 434 | fq->nhoffset = nhoff; |
547 | fq->last_in |= FIRST_IN; | 435 | fq->q.last_in |= FIRST_IN; |
548 | } | 436 | } |
549 | write_lock(&nf_ct_frag6_lock); | 437 | write_lock(&nf_frags.lock); |
550 | list_move_tail(&fq->lru_list, &nf_ct_frag6_lru_list); | 438 | list_move_tail(&fq->q.lru_list, &nf_frags.lru_list); |
551 | write_unlock(&nf_ct_frag6_lock); | 439 | write_unlock(&nf_frags.lock); |
552 | return 0; | 440 | return 0; |
553 | 441 | ||
554 | err: | 442 | err: |
@@ -567,7 +455,7 @@ err: | |||
567 | static struct sk_buff * | 455 | static struct sk_buff * |
568 | nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev) | 456 | nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev) |
569 | { | 457 | { |
570 | struct sk_buff *fp, *op, *head = fq->fragments; | 458 | struct sk_buff *fp, *op, *head = fq->q.fragments; |
571 | int payload_len; | 459 | int payload_len; |
572 | 460 | ||
573 | fq_kill(fq); | 461 | fq_kill(fq); |
@@ -577,7 +465,7 @@ nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev) | |||
577 | 465 | ||
578 | /* Unfragmented part is taken from the first segment. */ | 466 | /* Unfragmented part is taken from the first segment. */ |
579 | payload_len = ((head->data - skb_network_header(head)) - | 467 | payload_len = ((head->data - skb_network_header(head)) - |
580 | sizeof(struct ipv6hdr) + fq->len - | 468 | sizeof(struct ipv6hdr) + fq->q.len - |
581 | sizeof(struct frag_hdr)); | 469 | sizeof(struct frag_hdr)); |
582 | if (payload_len > IPV6_MAXPLEN) { | 470 | if (payload_len > IPV6_MAXPLEN) { |
583 | pr_debug("payload len is too large.\n"); | 471 | pr_debug("payload len is too large.\n"); |
@@ -614,7 +502,7 @@ nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev) | |||
614 | clone->ip_summed = head->ip_summed; | 502 | clone->ip_summed = head->ip_summed; |
615 | 503 | ||
616 | NFCT_FRAG6_CB(clone)->orig = NULL; | 504 | NFCT_FRAG6_CB(clone)->orig = NULL; |
617 | atomic_add(clone->truesize, &nf_ct_frag6_mem); | 505 | atomic_add(clone->truesize, &nf_frags.mem); |
618 | } | 506 | } |
619 | 507 | ||
620 | /* We have to remove fragment header from datagram and to relocate | 508 | /* We have to remove fragment header from datagram and to relocate |
@@ -628,7 +516,7 @@ nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev) | |||
628 | skb_shinfo(head)->frag_list = head->next; | 516 | skb_shinfo(head)->frag_list = head->next; |
629 | skb_reset_transport_header(head); | 517 | skb_reset_transport_header(head); |
630 | skb_push(head, head->data - skb_network_header(head)); | 518 | skb_push(head, head->data - skb_network_header(head)); |
631 | atomic_sub(head->truesize, &nf_ct_frag6_mem); | 519 | atomic_sub(head->truesize, &nf_frags.mem); |
632 | 520 | ||
633 | for (fp=head->next; fp; fp = fp->next) { | 521 | for (fp=head->next; fp; fp = fp->next) { |
634 | head->data_len += fp->len; | 522 | head->data_len += fp->len; |
@@ -638,12 +526,12 @@ nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev) | |||
638 | else if (head->ip_summed == CHECKSUM_COMPLETE) | 526 | else if (head->ip_summed == CHECKSUM_COMPLETE) |
639 | head->csum = csum_add(head->csum, fp->csum); | 527 | head->csum = csum_add(head->csum, fp->csum); |
640 | head->truesize += fp->truesize; | 528 | head->truesize += fp->truesize; |
641 | atomic_sub(fp->truesize, &nf_ct_frag6_mem); | 529 | atomic_sub(fp->truesize, &nf_frags.mem); |
642 | } | 530 | } |
643 | 531 | ||
644 | head->next = NULL; | 532 | head->next = NULL; |
645 | head->dev = dev; | 533 | head->dev = dev; |
646 | head->tstamp = fq->stamp; | 534 | head->tstamp = fq->q.stamp; |
647 | ipv6_hdr(head)->payload_len = htons(payload_len); | 535 | ipv6_hdr(head)->payload_len = htons(payload_len); |
648 | 536 | ||
649 | /* Yes, and fold redundant checksum back. 8) */ | 537 | /* Yes, and fold redundant checksum back. 8) */ |
@@ -652,7 +540,7 @@ nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev) | |||
652 | skb_network_header_len(head), | 540 | skb_network_header_len(head), |
653 | head->csum); | 541 | head->csum); |
654 | 542 | ||
655 | fq->fragments = NULL; | 543 | fq->q.fragments = NULL; |
656 | 544 | ||
657 | /* all original skbs are linked into the NFCT_FRAG6_CB(head).orig */ | 545 | /* all original skbs are linked into the NFCT_FRAG6_CB(head).orig */ |
658 | fp = skb_shinfo(head)->frag_list; | 546 | fp = skb_shinfo(head)->frag_list; |
@@ -788,7 +676,7 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb) | |||
788 | goto ret_orig; | 676 | goto ret_orig; |
789 | } | 677 | } |
790 | 678 | ||
791 | if (atomic_read(&nf_ct_frag6_mem) > nf_ct_frag6_high_thresh) | 679 | if (atomic_read(&nf_frags.mem) > nf_frags_ctl.high_thresh) |
792 | nf_ct_frag6_evictor(); | 680 | nf_ct_frag6_evictor(); |
793 | 681 | ||
794 | fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr); | 682 | fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr); |
@@ -797,23 +685,23 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb) | |||
797 | goto ret_orig; | 685 | goto ret_orig; |
798 | } | 686 | } |
799 | 687 | ||
800 | spin_lock(&fq->lock); | 688 | spin_lock(&fq->q.lock); |
801 | 689 | ||
802 | if (nf_ct_frag6_queue(fq, clone, fhdr, nhoff) < 0) { | 690 | if (nf_ct_frag6_queue(fq, clone, fhdr, nhoff) < 0) { |
803 | spin_unlock(&fq->lock); | 691 | spin_unlock(&fq->q.lock); |
804 | pr_debug("Can't insert skb to queue\n"); | 692 | pr_debug("Can't insert skb to queue\n"); |
805 | fq_put(fq, NULL); | 693 | fq_put(fq); |
806 | goto ret_orig; | 694 | goto ret_orig; |
807 | } | 695 | } |
808 | 696 | ||
809 | if (fq->last_in == (FIRST_IN|LAST_IN) && fq->meat == fq->len) { | 697 | if (fq->q.last_in == (FIRST_IN|LAST_IN) && fq->q.meat == fq->q.len) { |
810 | ret_skb = nf_ct_frag6_reasm(fq, dev); | 698 | ret_skb = nf_ct_frag6_reasm(fq, dev); |
811 | if (ret_skb == NULL) | 699 | if (ret_skb == NULL) |
812 | pr_debug("Can't reassemble fragmented packets\n"); | 700 | pr_debug("Can't reassemble fragmented packets\n"); |
813 | } | 701 | } |
814 | spin_unlock(&fq->lock); | 702 | spin_unlock(&fq->q.lock); |
815 | 703 | ||
816 | fq_put(fq, NULL); | 704 | fq_put(fq); |
817 | return ret_skb; | 705 | return ret_skb; |
818 | 706 | ||
819 | ret_orig: | 707 | ret_orig: |
@@ -859,20 +747,20 @@ int nf_ct_frag6_kfree_frags(struct sk_buff *skb) | |||
859 | 747 | ||
860 | int nf_ct_frag6_init(void) | 748 | int nf_ct_frag6_init(void) |
861 | { | 749 | { |
862 | nf_ct_frag6_hash_rnd = (u32) ((num_physpages ^ (num_physpages>>7)) ^ | 750 | nf_frags.ctl = &nf_frags_ctl; |
863 | (jiffies ^ (jiffies >> 6))); | 751 | nf_frags.hashfn = nf_hashfn; |
864 | 752 | nf_frags.destructor = nf_frag_free; | |
865 | setup_timer(&nf_ct_frag6_secret_timer, nf_ct_frag6_secret_rebuild, 0); | 753 | nf_frags.skb_free = nf_skb_free; |
866 | nf_ct_frag6_secret_timer.expires = jiffies | 754 | nf_frags.qsize = sizeof(struct nf_ct_frag6_queue); |
867 | + nf_ct_frag6_secret_interval; | 755 | inet_frags_init(&nf_frags); |
868 | add_timer(&nf_ct_frag6_secret_timer); | ||
869 | 756 | ||
870 | return 0; | 757 | return 0; |
871 | } | 758 | } |
872 | 759 | ||
873 | void nf_ct_frag6_cleanup(void) | 760 | void nf_ct_frag6_cleanup(void) |
874 | { | 761 | { |
875 | del_timer(&nf_ct_frag6_secret_timer); | 762 | inet_frags_fini(&nf_frags); |
876 | nf_ct_frag6_low_thresh = 0; | 763 | |
764 | nf_frags_ctl.low_thresh = 0; | ||
877 | nf_ct_frag6_evictor(); | 765 | nf_ct_frag6_evictor(); |
878 | } | 766 | } |
diff --git a/net/ipv6/proc.c b/net/ipv6/proc.c index db945018579e..be526ad92543 100644 --- a/net/ipv6/proc.c +++ b/net/ipv6/proc.c | |||
@@ -54,7 +54,7 @@ static int sockstat6_seq_show(struct seq_file *seq, void *v) | |||
54 | seq_printf(seq, "RAW6: inuse %d\n", | 54 | seq_printf(seq, "RAW6: inuse %d\n", |
55 | fold_prot_inuse(&rawv6_prot)); | 55 | fold_prot_inuse(&rawv6_prot)); |
56 | seq_printf(seq, "FRAG6: inuse %d memory %d\n", | 56 | seq_printf(seq, "FRAG6: inuse %d memory %d\n", |
57 | ip6_frag_nqueues, atomic_read(&ip6_frag_mem)); | 57 | ip6_frag_nqueues(), ip6_frag_mem()); |
58 | return 0; | 58 | return 0; |
59 | } | 59 | } |
60 | 60 | ||
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c index 31601c993541..6ad19cfc2025 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c | |||
@@ -42,6 +42,7 @@ | |||
42 | #include <linux/icmpv6.h> | 42 | #include <linux/icmpv6.h> |
43 | #include <linux/random.h> | 43 | #include <linux/random.h> |
44 | #include <linux/jhash.h> | 44 | #include <linux/jhash.h> |
45 | #include <linux/skbuff.h> | ||
45 | 46 | ||
46 | #include <net/sock.h> | 47 | #include <net/sock.h> |
47 | #include <net/snmp.h> | 48 | #include <net/snmp.h> |
@@ -53,11 +54,7 @@ | |||
53 | #include <net/rawv6.h> | 54 | #include <net/rawv6.h> |
54 | #include <net/ndisc.h> | 55 | #include <net/ndisc.h> |
55 | #include <net/addrconf.h> | 56 | #include <net/addrconf.h> |
56 | 57 | #include <net/inet_frag.h> | |
57 | int sysctl_ip6frag_high_thresh __read_mostly = 256*1024; | ||
58 | int sysctl_ip6frag_low_thresh __read_mostly = 192*1024; | ||
59 | |||
60 | int sysctl_ip6frag_time __read_mostly = IPV6_FRAG_TIMEOUT; | ||
61 | 58 | ||
62 | struct ip6frag_skb_cb | 59 | struct ip6frag_skb_cb |
63 | { | 60 | { |
@@ -74,53 +71,39 @@ struct ip6frag_skb_cb | |||
74 | 71 | ||
75 | struct frag_queue | 72 | struct frag_queue |
76 | { | 73 | { |
77 | struct hlist_node list; | 74 | struct inet_frag_queue q; |
78 | struct list_head lru_list; /* lru list member */ | ||
79 | 75 | ||
80 | __be32 id; /* fragment id */ | 76 | __be32 id; /* fragment id */ |
81 | struct in6_addr saddr; | 77 | struct in6_addr saddr; |
82 | struct in6_addr daddr; | 78 | struct in6_addr daddr; |
83 | 79 | ||
84 | spinlock_t lock; | ||
85 | atomic_t refcnt; | ||
86 | struct timer_list timer; /* expire timer */ | ||
87 | struct sk_buff *fragments; | ||
88 | int len; | ||
89 | int meat; | ||
90 | int iif; | 80 | int iif; |
91 | ktime_t stamp; | ||
92 | unsigned int csum; | 81 | unsigned int csum; |
93 | __u8 last_in; /* has first/last segment arrived? */ | ||
94 | #define COMPLETE 4 | ||
95 | #define FIRST_IN 2 | ||
96 | #define LAST_IN 1 | ||
97 | __u16 nhoffset; | 82 | __u16 nhoffset; |
98 | }; | 83 | }; |
99 | 84 | ||
100 | /* Hash table. */ | 85 | struct inet_frags_ctl ip6_frags_ctl __read_mostly = { |
101 | 86 | .high_thresh = 256 * 1024, | |
102 | #define IP6Q_HASHSZ 64 | 87 | .low_thresh = 192 * 1024, |
88 | .timeout = IPV6_FRAG_TIMEOUT, | ||
89 | .secret_interval = 10 * 60 * HZ, | ||
90 | }; | ||
103 | 91 | ||
104 | static struct hlist_head ip6_frag_hash[IP6Q_HASHSZ]; | 92 | static struct inet_frags ip6_frags; |
105 | static DEFINE_RWLOCK(ip6_frag_lock); | ||
106 | static u32 ip6_frag_hash_rnd; | ||
107 | static LIST_HEAD(ip6_frag_lru_list); | ||
108 | int ip6_frag_nqueues = 0; | ||
109 | 93 | ||
110 | static __inline__ void __fq_unlink(struct frag_queue *fq) | 94 | int ip6_frag_nqueues(void) |
111 | { | 95 | { |
112 | hlist_del(&fq->list); | 96 | return ip6_frags.nqueues; |
113 | list_del(&fq->lru_list); | ||
114 | ip6_frag_nqueues--; | ||
115 | } | 97 | } |
116 | 98 | ||
117 | static __inline__ void fq_unlink(struct frag_queue *fq) | 99 | int ip6_frag_mem(void) |
118 | { | 100 | { |
119 | write_lock(&ip6_frag_lock); | 101 | return atomic_read(&ip6_frags.mem); |
120 | __fq_unlink(fq); | ||
121 | write_unlock(&ip6_frag_lock); | ||
122 | } | 102 | } |
123 | 103 | ||
104 | static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *prev, | ||
105 | struct net_device *dev); | ||
106 | |||
124 | /* | 107 | /* |
125 | * callers should be careful not to use the hash value outside the ipfrag_lock | 108 | * callers should be careful not to use the hash value outside the ipfrag_lock |
126 | * as doing so could race with ipfrag_hash_rnd being recalculated. | 109 | * as doing so could race with ipfrag_hash_rnd being recalculated. |
@@ -136,7 +119,7 @@ static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr, | |||
136 | 119 | ||
137 | a += JHASH_GOLDEN_RATIO; | 120 | a += JHASH_GOLDEN_RATIO; |
138 | b += JHASH_GOLDEN_RATIO; | 121 | b += JHASH_GOLDEN_RATIO; |
139 | c += ip6_frag_hash_rnd; | 122 | c += ip6_frags.rnd; |
140 | __jhash_mix(a, b, c); | 123 | __jhash_mix(a, b, c); |
141 | 124 | ||
142 | a += (__force u32)saddr->s6_addr32[3]; | 125 | a += (__force u32)saddr->s6_addr32[3]; |
@@ -149,60 +132,29 @@ static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr, | |||
149 | c += (__force u32)id; | 132 | c += (__force u32)id; |
150 | __jhash_mix(a, b, c); | 133 | __jhash_mix(a, b, c); |
151 | 134 | ||
152 | return c & (IP6Q_HASHSZ - 1); | 135 | return c & (INETFRAGS_HASHSZ - 1); |
153 | } | 136 | } |
154 | 137 | ||
155 | static struct timer_list ip6_frag_secret_timer; | 138 | static unsigned int ip6_hashfn(struct inet_frag_queue *q) |
156 | int sysctl_ip6frag_secret_interval __read_mostly = 10 * 60 * HZ; | ||
157 | |||
158 | static void ip6_frag_secret_rebuild(unsigned long dummy) | ||
159 | { | 139 | { |
160 | unsigned long now = jiffies; | 140 | struct frag_queue *fq; |
161 | int i; | ||
162 | |||
163 | write_lock(&ip6_frag_lock); | ||
164 | get_random_bytes(&ip6_frag_hash_rnd, sizeof(u32)); | ||
165 | for (i = 0; i < IP6Q_HASHSZ; i++) { | ||
166 | struct frag_queue *q; | ||
167 | struct hlist_node *p, *n; | ||
168 | |||
169 | hlist_for_each_entry_safe(q, p, n, &ip6_frag_hash[i], list) { | ||
170 | unsigned int hval = ip6qhashfn(q->id, | ||
171 | &q->saddr, | ||
172 | &q->daddr); | ||
173 | |||
174 | if (hval != i) { | ||
175 | hlist_del(&q->list); | ||
176 | |||
177 | /* Relink to new hash chain. */ | ||
178 | hlist_add_head(&q->list, | ||
179 | &ip6_frag_hash[hval]); | ||
180 | |||
181 | } | ||
182 | } | ||
183 | } | ||
184 | write_unlock(&ip6_frag_lock); | ||
185 | 141 | ||
186 | mod_timer(&ip6_frag_secret_timer, now + sysctl_ip6frag_secret_interval); | 142 | fq = container_of(q, struct frag_queue, q); |
143 | return ip6qhashfn(fq->id, &fq->saddr, &fq->daddr); | ||
187 | } | 144 | } |
188 | 145 | ||
189 | atomic_t ip6_frag_mem = ATOMIC_INIT(0); | ||
190 | |||
191 | /* Memory Tracking Functions. */ | 146 | /* Memory Tracking Functions. */ |
192 | static inline void frag_kfree_skb(struct sk_buff *skb, int *work) | 147 | static inline void frag_kfree_skb(struct sk_buff *skb, int *work) |
193 | { | 148 | { |
194 | if (work) | 149 | if (work) |
195 | *work -= skb->truesize; | 150 | *work -= skb->truesize; |
196 | atomic_sub(skb->truesize, &ip6_frag_mem); | 151 | atomic_sub(skb->truesize, &ip6_frags.mem); |
197 | kfree_skb(skb); | 152 | kfree_skb(skb); |
198 | } | 153 | } |
199 | 154 | ||
200 | static inline void frag_free_queue(struct frag_queue *fq, int *work) | 155 | static void ip6_frag_free(struct inet_frag_queue *fq) |
201 | { | 156 | { |
202 | if (work) | 157 | kfree(container_of(fq, struct frag_queue, q)); |
203 | *work -= sizeof(struct frag_queue); | ||
204 | atomic_sub(sizeof(struct frag_queue), &ip6_frag_mem); | ||
205 | kfree(fq); | ||
206 | } | 158 | } |
207 | 159 | ||
208 | static inline struct frag_queue *frag_alloc_queue(void) | 160 | static inline struct frag_queue *frag_alloc_queue(void) |
@@ -211,36 +163,15 @@ static inline struct frag_queue *frag_alloc_queue(void) | |||
211 | 163 | ||
212 | if(!fq) | 164 | if(!fq) |
213 | return NULL; | 165 | return NULL; |
214 | atomic_add(sizeof(struct frag_queue), &ip6_frag_mem); | 166 | atomic_add(sizeof(struct frag_queue), &ip6_frags.mem); |
215 | return fq; | 167 | return fq; |
216 | } | 168 | } |
217 | 169 | ||
218 | /* Destruction primitives. */ | 170 | /* Destruction primitives. */ |
219 | 171 | ||
220 | /* Complete destruction of fq. */ | 172 | static __inline__ void fq_put(struct frag_queue *fq) |
221 | static void ip6_frag_destroy(struct frag_queue *fq, int *work) | ||
222 | { | ||
223 | struct sk_buff *fp; | ||
224 | |||
225 | BUG_TRAP(fq->last_in&COMPLETE); | ||
226 | BUG_TRAP(del_timer(&fq->timer) == 0); | ||
227 | |||
228 | /* Release all fragment data. */ | ||
229 | fp = fq->fragments; | ||
230 | while (fp) { | ||
231 | struct sk_buff *xp = fp->next; | ||
232 | |||
233 | frag_kfree_skb(fp, work); | ||
234 | fp = xp; | ||
235 | } | ||
236 | |||
237 | frag_free_queue(fq, work); | ||
238 | } | ||
239 | |||
240 | static __inline__ void fq_put(struct frag_queue *fq, int *work) | ||
241 | { | 173 | { |
242 | if (atomic_dec_and_test(&fq->refcnt)) | 174 | inet_frag_put(&fq->q, &ip6_frags); |
243 | ip6_frag_destroy(fq, work); | ||
244 | } | 175 | } |
245 | 176 | ||
246 | /* Kill fq entry. It is not destroyed immediately, | 177 | /* Kill fq entry. It is not destroyed immediately, |
@@ -248,45 +179,16 @@ static __inline__ void fq_put(struct frag_queue *fq, int *work) | |||
248 | */ | 179 | */ |
249 | static __inline__ void fq_kill(struct frag_queue *fq) | 180 | static __inline__ void fq_kill(struct frag_queue *fq) |
250 | { | 181 | { |
251 | if (del_timer(&fq->timer)) | 182 | inet_frag_kill(&fq->q, &ip6_frags); |
252 | atomic_dec(&fq->refcnt); | ||
253 | |||
254 | if (!(fq->last_in & COMPLETE)) { | ||
255 | fq_unlink(fq); | ||
256 | atomic_dec(&fq->refcnt); | ||
257 | fq->last_in |= COMPLETE; | ||
258 | } | ||
259 | } | 183 | } |
260 | 184 | ||
261 | static void ip6_evictor(struct inet6_dev *idev) | 185 | static void ip6_evictor(struct inet6_dev *idev) |
262 | { | 186 | { |
263 | struct frag_queue *fq; | 187 | int evicted; |
264 | struct list_head *tmp; | 188 | |
265 | int work; | 189 | evicted = inet_frag_evictor(&ip6_frags); |
266 | 190 | if (evicted) | |
267 | work = atomic_read(&ip6_frag_mem) - sysctl_ip6frag_low_thresh; | 191 | IP6_ADD_STATS_BH(idev, IPSTATS_MIB_REASMFAILS, evicted); |
268 | if (work <= 0) | ||
269 | return; | ||
270 | |||
271 | while(work > 0) { | ||
272 | read_lock(&ip6_frag_lock); | ||
273 | if (list_empty(&ip6_frag_lru_list)) { | ||
274 | read_unlock(&ip6_frag_lock); | ||
275 | return; | ||
276 | } | ||
277 | tmp = ip6_frag_lru_list.next; | ||
278 | fq = list_entry(tmp, struct frag_queue, lru_list); | ||
279 | atomic_inc(&fq->refcnt); | ||
280 | read_unlock(&ip6_frag_lock); | ||
281 | |||
282 | spin_lock(&fq->lock); | ||
283 | if (!(fq->last_in&COMPLETE)) | ||
284 | fq_kill(fq); | ||
285 | spin_unlock(&fq->lock); | ||
286 | |||
287 | fq_put(fq, &work); | ||
288 | IP6_INC_STATS_BH(idev, IPSTATS_MIB_REASMFAILS); | ||
289 | } | ||
290 | } | 192 | } |
291 | 193 | ||
292 | static void ip6_frag_expire(unsigned long data) | 194 | static void ip6_frag_expire(unsigned long data) |
@@ -294,9 +196,9 @@ static void ip6_frag_expire(unsigned long data) | |||
294 | struct frag_queue *fq = (struct frag_queue *) data; | 196 | struct frag_queue *fq = (struct frag_queue *) data; |
295 | struct net_device *dev = NULL; | 197 | struct net_device *dev = NULL; |
296 | 198 | ||
297 | spin_lock(&fq->lock); | 199 | spin_lock(&fq->q.lock); |
298 | 200 | ||
299 | if (fq->last_in & COMPLETE) | 201 | if (fq->q.last_in & COMPLETE) |
300 | goto out; | 202 | goto out; |
301 | 203 | ||
302 | fq_kill(fq); | 204 | fq_kill(fq); |
@@ -311,7 +213,7 @@ static void ip6_frag_expire(unsigned long data) | |||
311 | rcu_read_unlock(); | 213 | rcu_read_unlock(); |
312 | 214 | ||
313 | /* Don't send error if the first segment did not arrive. */ | 215 | /* Don't send error if the first segment did not arrive. */ |
314 | if (!(fq->last_in&FIRST_IN) || !fq->fragments) | 216 | if (!(fq->q.last_in&FIRST_IN) || !fq->q.fragments) |
315 | goto out; | 217 | goto out; |
316 | 218 | ||
317 | /* | 219 | /* |
@@ -319,13 +221,13 @@ static void ip6_frag_expire(unsigned long data) | |||
319 | segment was received. And do not use fq->dev | 221 | segment was received. And do not use fq->dev |
320 | pointer directly, device might already disappeared. | 222 | pointer directly, device might already disappeared. |
321 | */ | 223 | */ |
322 | fq->fragments->dev = dev; | 224 | fq->q.fragments->dev = dev; |
323 | icmpv6_send(fq->fragments, ICMPV6_TIME_EXCEED, ICMPV6_EXC_FRAGTIME, 0, dev); | 225 | icmpv6_send(fq->q.fragments, ICMPV6_TIME_EXCEED, ICMPV6_EXC_FRAGTIME, 0, dev); |
324 | out: | 226 | out: |
325 | if (dev) | 227 | if (dev) |
326 | dev_put(dev); | 228 | dev_put(dev); |
327 | spin_unlock(&fq->lock); | 229 | spin_unlock(&fq->q.lock); |
328 | fq_put(fq, NULL); | 230 | fq_put(fq); |
329 | } | 231 | } |
330 | 232 | ||
331 | /* Creation primitives. */ | 233 | /* Creation primitives. */ |
@@ -339,32 +241,32 @@ static struct frag_queue *ip6_frag_intern(struct frag_queue *fq_in) | |||
339 | struct hlist_node *n; | 241 | struct hlist_node *n; |
340 | #endif | 242 | #endif |
341 | 243 | ||
342 | write_lock(&ip6_frag_lock); | 244 | write_lock(&ip6_frags.lock); |
343 | hash = ip6qhashfn(fq_in->id, &fq_in->saddr, &fq_in->daddr); | 245 | hash = ip6qhashfn(fq_in->id, &fq_in->saddr, &fq_in->daddr); |
344 | #ifdef CONFIG_SMP | 246 | #ifdef CONFIG_SMP |
345 | hlist_for_each_entry(fq, n, &ip6_frag_hash[hash], list) { | 247 | hlist_for_each_entry(fq, n, &ip6_frags.hash[hash], q.list) { |
346 | if (fq->id == fq_in->id && | 248 | if (fq->id == fq_in->id && |
347 | ipv6_addr_equal(&fq_in->saddr, &fq->saddr) && | 249 | ipv6_addr_equal(&fq_in->saddr, &fq->saddr) && |
348 | ipv6_addr_equal(&fq_in->daddr, &fq->daddr)) { | 250 | ipv6_addr_equal(&fq_in->daddr, &fq->daddr)) { |
349 | atomic_inc(&fq->refcnt); | 251 | atomic_inc(&fq->q.refcnt); |
350 | write_unlock(&ip6_frag_lock); | 252 | write_unlock(&ip6_frags.lock); |
351 | fq_in->last_in |= COMPLETE; | 253 | fq_in->q.last_in |= COMPLETE; |
352 | fq_put(fq_in, NULL); | 254 | fq_put(fq_in); |
353 | return fq; | 255 | return fq; |
354 | } | 256 | } |
355 | } | 257 | } |
356 | #endif | 258 | #endif |
357 | fq = fq_in; | 259 | fq = fq_in; |
358 | 260 | ||
359 | if (!mod_timer(&fq->timer, jiffies + sysctl_ip6frag_time)) | 261 | if (!mod_timer(&fq->q.timer, jiffies + ip6_frags_ctl.timeout)) |
360 | atomic_inc(&fq->refcnt); | 262 | atomic_inc(&fq->q.refcnt); |
361 | 263 | ||
362 | atomic_inc(&fq->refcnt); | 264 | atomic_inc(&fq->q.refcnt); |
363 | hlist_add_head(&fq->list, &ip6_frag_hash[hash]); | 265 | hlist_add_head(&fq->q.list, &ip6_frags.hash[hash]); |
364 | INIT_LIST_HEAD(&fq->lru_list); | 266 | INIT_LIST_HEAD(&fq->q.lru_list); |
365 | list_add_tail(&fq->lru_list, &ip6_frag_lru_list); | 267 | list_add_tail(&fq->q.lru_list, &ip6_frags.lru_list); |
366 | ip6_frag_nqueues++; | 268 | ip6_frags.nqueues++; |
367 | write_unlock(&ip6_frag_lock); | 269 | write_unlock(&ip6_frags.lock); |
368 | return fq; | 270 | return fq; |
369 | } | 271 | } |
370 | 272 | ||
@@ -382,11 +284,11 @@ ip6_frag_create(__be32 id, struct in6_addr *src, struct in6_addr *dst, | |||
382 | ipv6_addr_copy(&fq->saddr, src); | 284 | ipv6_addr_copy(&fq->saddr, src); |
383 | ipv6_addr_copy(&fq->daddr, dst); | 285 | ipv6_addr_copy(&fq->daddr, dst); |
384 | 286 | ||
385 | init_timer(&fq->timer); | 287 | init_timer(&fq->q.timer); |
386 | fq->timer.function = ip6_frag_expire; | 288 | fq->q.timer.function = ip6_frag_expire; |
387 | fq->timer.data = (long) fq; | 289 | fq->q.timer.data = (long) fq; |
388 | spin_lock_init(&fq->lock); | 290 | spin_lock_init(&fq->q.lock); |
389 | atomic_set(&fq->refcnt, 1); | 291 | atomic_set(&fq->q.refcnt, 1); |
390 | 292 | ||
391 | return ip6_frag_intern(fq); | 293 | return ip6_frag_intern(fq); |
392 | 294 | ||
@@ -403,30 +305,31 @@ fq_find(__be32 id, struct in6_addr *src, struct in6_addr *dst, | |||
403 | struct hlist_node *n; | 305 | struct hlist_node *n; |
404 | unsigned int hash; | 306 | unsigned int hash; |
405 | 307 | ||
406 | read_lock(&ip6_frag_lock); | 308 | read_lock(&ip6_frags.lock); |
407 | hash = ip6qhashfn(id, src, dst); | 309 | hash = ip6qhashfn(id, src, dst); |
408 | hlist_for_each_entry(fq, n, &ip6_frag_hash[hash], list) { | 310 | hlist_for_each_entry(fq, n, &ip6_frags.hash[hash], q.list) { |
409 | if (fq->id == id && | 311 | if (fq->id == id && |
410 | ipv6_addr_equal(src, &fq->saddr) && | 312 | ipv6_addr_equal(src, &fq->saddr) && |
411 | ipv6_addr_equal(dst, &fq->daddr)) { | 313 | ipv6_addr_equal(dst, &fq->daddr)) { |
412 | atomic_inc(&fq->refcnt); | 314 | atomic_inc(&fq->q.refcnt); |
413 | read_unlock(&ip6_frag_lock); | 315 | read_unlock(&ip6_frags.lock); |
414 | return fq; | 316 | return fq; |
415 | } | 317 | } |
416 | } | 318 | } |
417 | read_unlock(&ip6_frag_lock); | 319 | read_unlock(&ip6_frags.lock); |
418 | 320 | ||
419 | return ip6_frag_create(id, src, dst, idev); | 321 | return ip6_frag_create(id, src, dst, idev); |
420 | } | 322 | } |
421 | 323 | ||
422 | 324 | ||
423 | static void ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb, | 325 | static int ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb, |
424 | struct frag_hdr *fhdr, int nhoff) | 326 | struct frag_hdr *fhdr, int nhoff) |
425 | { | 327 | { |
426 | struct sk_buff *prev, *next; | 328 | struct sk_buff *prev, *next; |
329 | struct net_device *dev; | ||
427 | int offset, end; | 330 | int offset, end; |
428 | 331 | ||
429 | if (fq->last_in & COMPLETE) | 332 | if (fq->q.last_in & COMPLETE) |
430 | goto err; | 333 | goto err; |
431 | 334 | ||
432 | offset = ntohs(fhdr->frag_off) & ~0x7; | 335 | offset = ntohs(fhdr->frag_off) & ~0x7; |
@@ -439,7 +342,7 @@ static void ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb, | |||
439 | icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, | 342 | icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, |
440 | ((u8 *)&fhdr->frag_off - | 343 | ((u8 *)&fhdr->frag_off - |
441 | skb_network_header(skb))); | 344 | skb_network_header(skb))); |
442 | return; | 345 | return -1; |
443 | } | 346 | } |
444 | 347 | ||
445 | if (skb->ip_summed == CHECKSUM_COMPLETE) { | 348 | if (skb->ip_summed == CHECKSUM_COMPLETE) { |
@@ -454,11 +357,11 @@ static void ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb, | |||
454 | /* If we already have some bits beyond end | 357 | /* If we already have some bits beyond end |
455 | * or have different end, the segment is corrupted. | 358 | * or have different end, the segment is corrupted. |
456 | */ | 359 | */ |
457 | if (end < fq->len || | 360 | if (end < fq->q.len || |
458 | ((fq->last_in & LAST_IN) && end != fq->len)) | 361 | ((fq->q.last_in & LAST_IN) && end != fq->q.len)) |
459 | goto err; | 362 | goto err; |
460 | fq->last_in |= LAST_IN; | 363 | fq->q.last_in |= LAST_IN; |
461 | fq->len = end; | 364 | fq->q.len = end; |
462 | } else { | 365 | } else { |
463 | /* Check if the fragment is rounded to 8 bytes. | 366 | /* Check if the fragment is rounded to 8 bytes. |
464 | * Required by the RFC. | 367 | * Required by the RFC. |
@@ -471,13 +374,13 @@ static void ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb, | |||
471 | IPSTATS_MIB_INHDRERRORS); | 374 | IPSTATS_MIB_INHDRERRORS); |
472 | icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, | 375 | icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, |
473 | offsetof(struct ipv6hdr, payload_len)); | 376 | offsetof(struct ipv6hdr, payload_len)); |
474 | return; | 377 | return -1; |
475 | } | 378 | } |
476 | if (end > fq->len) { | 379 | if (end > fq->q.len) { |
477 | /* Some bits beyond end -> corruption. */ | 380 | /* Some bits beyond end -> corruption. */ |
478 | if (fq->last_in & LAST_IN) | 381 | if (fq->q.last_in & LAST_IN) |
479 | goto err; | 382 | goto err; |
480 | fq->len = end; | 383 | fq->q.len = end; |
481 | } | 384 | } |
482 | } | 385 | } |
483 | 386 | ||
@@ -496,7 +399,7 @@ static void ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb, | |||
496 | * this fragment, right? | 399 | * this fragment, right? |
497 | */ | 400 | */ |
498 | prev = NULL; | 401 | prev = NULL; |
499 | for(next = fq->fragments; next != NULL; next = next->next) { | 402 | for(next = fq->q.fragments; next != NULL; next = next->next) { |
500 | if (FRAG6_CB(next)->offset >= offset) | 403 | if (FRAG6_CB(next)->offset >= offset) |
501 | break; /* bingo! */ | 404 | break; /* bingo! */ |
502 | prev = next; | 405 | prev = next; |
@@ -533,7 +436,7 @@ static void ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb, | |||
533 | if (!pskb_pull(next, i)) | 436 | if (!pskb_pull(next, i)) |
534 | goto err; | 437 | goto err; |
535 | FRAG6_CB(next)->offset += i; /* next fragment */ | 438 | FRAG6_CB(next)->offset += i; /* next fragment */ |
536 | fq->meat -= i; | 439 | fq->q.meat -= i; |
537 | if (next->ip_summed != CHECKSUM_UNNECESSARY) | 440 | if (next->ip_summed != CHECKSUM_UNNECESSARY) |
538 | next->ip_summed = CHECKSUM_NONE; | 441 | next->ip_summed = CHECKSUM_NONE; |
539 | break; | 442 | break; |
@@ -548,9 +451,9 @@ static void ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb, | |||
548 | if (prev) | 451 | if (prev) |
549 | prev->next = next; | 452 | prev->next = next; |
550 | else | 453 | else |
551 | fq->fragments = next; | 454 | fq->q.fragments = next; |
552 | 455 | ||
553 | fq->meat -= free_it->len; | 456 | fq->q.meat -= free_it->len; |
554 | frag_kfree_skb(free_it, NULL); | 457 | frag_kfree_skb(free_it, NULL); |
555 | } | 458 | } |
556 | } | 459 | } |
@@ -562,30 +465,37 @@ static void ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb, | |||
562 | if (prev) | 465 | if (prev) |
563 | prev->next = skb; | 466 | prev->next = skb; |
564 | else | 467 | else |
565 | fq->fragments = skb; | 468 | fq->q.fragments = skb; |
566 | 469 | ||
567 | if (skb->dev) | 470 | dev = skb->dev; |
568 | fq->iif = skb->dev->ifindex; | 471 | if (dev) { |
569 | skb->dev = NULL; | 472 | fq->iif = dev->ifindex; |
570 | fq->stamp = skb->tstamp; | 473 | skb->dev = NULL; |
571 | fq->meat += skb->len; | 474 | } |
572 | atomic_add(skb->truesize, &ip6_frag_mem); | 475 | fq->q.stamp = skb->tstamp; |
476 | fq->q.meat += skb->len; | ||
477 | atomic_add(skb->truesize, &ip6_frags.mem); | ||
573 | 478 | ||
574 | /* The first fragment. | 479 | /* The first fragment. |
575 | * nhoffset is obtained from the first fragment, of course. | 480 | * nhoffset is obtained from the first fragment, of course. |
576 | */ | 481 | */ |
577 | if (offset == 0) { | 482 | if (offset == 0) { |
578 | fq->nhoffset = nhoff; | 483 | fq->nhoffset = nhoff; |
579 | fq->last_in |= FIRST_IN; | 484 | fq->q.last_in |= FIRST_IN; |
580 | } | 485 | } |
581 | write_lock(&ip6_frag_lock); | 486 | |
582 | list_move_tail(&fq->lru_list, &ip6_frag_lru_list); | 487 | if (fq->q.last_in == (FIRST_IN | LAST_IN) && fq->q.meat == fq->q.len) |
583 | write_unlock(&ip6_frag_lock); | 488 | return ip6_frag_reasm(fq, prev, dev); |
584 | return; | 489 | |
490 | write_lock(&ip6_frags.lock); | ||
491 | list_move_tail(&fq->q.lru_list, &ip6_frags.lru_list); | ||
492 | write_unlock(&ip6_frags.lock); | ||
493 | return -1; | ||
585 | 494 | ||
586 | err: | 495 | err: |
587 | IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_REASMFAILS); | 496 | IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_REASMFAILS); |
588 | kfree_skb(skb); | 497 | kfree_skb(skb); |
498 | return -1; | ||
589 | } | 499 | } |
590 | 500 | ||
591 | /* | 501 | /* |
@@ -597,21 +507,39 @@ err: | |||
597 | * queue is eligible for reassembly i.e. it is not COMPLETE, | 507 | * queue is eligible for reassembly i.e. it is not COMPLETE, |
598 | * the last and the first frames arrived and all the bits are here. | 508 | * the last and the first frames arrived and all the bits are here. |
599 | */ | 509 | */ |
600 | static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff **skb_in, | 510 | static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *prev, |
601 | struct net_device *dev) | 511 | struct net_device *dev) |
602 | { | 512 | { |
603 | struct sk_buff *fp, *head = fq->fragments; | 513 | struct sk_buff *fp, *head = fq->q.fragments; |
604 | int payload_len; | 514 | int payload_len; |
605 | unsigned int nhoff; | 515 | unsigned int nhoff; |
606 | 516 | ||
607 | fq_kill(fq); | 517 | fq_kill(fq); |
608 | 518 | ||
519 | /* Make the one we just received the head. */ | ||
520 | if (prev) { | ||
521 | head = prev->next; | ||
522 | fp = skb_clone(head, GFP_ATOMIC); | ||
523 | |||
524 | if (!fp) | ||
525 | goto out_oom; | ||
526 | |||
527 | fp->next = head->next; | ||
528 | prev->next = fp; | ||
529 | |||
530 | skb_morph(head, fq->q.fragments); | ||
531 | head->next = fq->q.fragments->next; | ||
532 | |||
533 | kfree_skb(fq->q.fragments); | ||
534 | fq->q.fragments = head; | ||
535 | } | ||
536 | |||
609 | BUG_TRAP(head != NULL); | 537 | BUG_TRAP(head != NULL); |
610 | BUG_TRAP(FRAG6_CB(head)->offset == 0); | 538 | BUG_TRAP(FRAG6_CB(head)->offset == 0); |
611 | 539 | ||
612 | /* Unfragmented part is taken from the first segment. */ | 540 | /* Unfragmented part is taken from the first segment. */ |
613 | payload_len = ((head->data - skb_network_header(head)) - | 541 | payload_len = ((head->data - skb_network_header(head)) - |
614 | sizeof(struct ipv6hdr) + fq->len - | 542 | sizeof(struct ipv6hdr) + fq->q.len - |
615 | sizeof(struct frag_hdr)); | 543 | sizeof(struct frag_hdr)); |
616 | if (payload_len > IPV6_MAXPLEN) | 544 | if (payload_len > IPV6_MAXPLEN) |
617 | goto out_oversize; | 545 | goto out_oversize; |
@@ -640,7 +568,7 @@ static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff **skb_in, | |||
640 | head->len -= clone->len; | 568 | head->len -= clone->len; |
641 | clone->csum = 0; | 569 | clone->csum = 0; |
642 | clone->ip_summed = head->ip_summed; | 570 | clone->ip_summed = head->ip_summed; |
643 | atomic_add(clone->truesize, &ip6_frag_mem); | 571 | atomic_add(clone->truesize, &ip6_frags.mem); |
644 | } | 572 | } |
645 | 573 | ||
646 | /* We have to remove fragment header from datagram and to relocate | 574 | /* We have to remove fragment header from datagram and to relocate |
@@ -655,7 +583,7 @@ static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff **skb_in, | |||
655 | skb_shinfo(head)->frag_list = head->next; | 583 | skb_shinfo(head)->frag_list = head->next; |
656 | skb_reset_transport_header(head); | 584 | skb_reset_transport_header(head); |
657 | skb_push(head, head->data - skb_network_header(head)); | 585 | skb_push(head, head->data - skb_network_header(head)); |
658 | atomic_sub(head->truesize, &ip6_frag_mem); | 586 | atomic_sub(head->truesize, &ip6_frags.mem); |
659 | 587 | ||
660 | for (fp=head->next; fp; fp = fp->next) { | 588 | for (fp=head->next; fp; fp = fp->next) { |
661 | head->data_len += fp->len; | 589 | head->data_len += fp->len; |
@@ -665,17 +593,15 @@ static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff **skb_in, | |||
665 | else if (head->ip_summed == CHECKSUM_COMPLETE) | 593 | else if (head->ip_summed == CHECKSUM_COMPLETE) |
666 | head->csum = csum_add(head->csum, fp->csum); | 594 | head->csum = csum_add(head->csum, fp->csum); |
667 | head->truesize += fp->truesize; | 595 | head->truesize += fp->truesize; |
668 | atomic_sub(fp->truesize, &ip6_frag_mem); | 596 | atomic_sub(fp->truesize, &ip6_frags.mem); |
669 | } | 597 | } |
670 | 598 | ||
671 | head->next = NULL; | 599 | head->next = NULL; |
672 | head->dev = dev; | 600 | head->dev = dev; |
673 | head->tstamp = fq->stamp; | 601 | head->tstamp = fq->q.stamp; |
674 | ipv6_hdr(head)->payload_len = htons(payload_len); | 602 | ipv6_hdr(head)->payload_len = htons(payload_len); |
675 | IP6CB(head)->nhoff = nhoff; | 603 | IP6CB(head)->nhoff = nhoff; |
676 | 604 | ||
677 | *skb_in = head; | ||
678 | |||
679 | /* Yes, and fold redundant checksum back. 8) */ | 605 | /* Yes, and fold redundant checksum back. 8) */ |
680 | if (head->ip_summed == CHECKSUM_COMPLETE) | 606 | if (head->ip_summed == CHECKSUM_COMPLETE) |
681 | head->csum = csum_partial(skb_network_header(head), | 607 | head->csum = csum_partial(skb_network_header(head), |
@@ -685,7 +611,7 @@ static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff **skb_in, | |||
685 | rcu_read_lock(); | 611 | rcu_read_lock(); |
686 | IP6_INC_STATS_BH(__in6_dev_get(dev), IPSTATS_MIB_REASMOKS); | 612 | IP6_INC_STATS_BH(__in6_dev_get(dev), IPSTATS_MIB_REASMOKS); |
687 | rcu_read_unlock(); | 613 | rcu_read_unlock(); |
688 | fq->fragments = NULL; | 614 | fq->q.fragments = NULL; |
689 | return 1; | 615 | return 1; |
690 | 616 | ||
691 | out_oversize: | 617 | out_oversize: |
@@ -702,10 +628,8 @@ out_fail: | |||
702 | return -1; | 628 | return -1; |
703 | } | 629 | } |
704 | 630 | ||
705 | static int ipv6_frag_rcv(struct sk_buff **skbp) | 631 | static int ipv6_frag_rcv(struct sk_buff *skb) |
706 | { | 632 | { |
707 | struct sk_buff *skb = *skbp; | ||
708 | struct net_device *dev = skb->dev; | ||
709 | struct frag_hdr *fhdr; | 633 | struct frag_hdr *fhdr; |
710 | struct frag_queue *fq; | 634 | struct frag_queue *fq; |
711 | struct ipv6hdr *hdr = ipv6_hdr(skb); | 635 | struct ipv6hdr *hdr = ipv6_hdr(skb); |
@@ -739,23 +663,19 @@ static int ipv6_frag_rcv(struct sk_buff **skbp) | |||
739 | return 1; | 663 | return 1; |
740 | } | 664 | } |
741 | 665 | ||
742 | if (atomic_read(&ip6_frag_mem) > sysctl_ip6frag_high_thresh) | 666 | if (atomic_read(&ip6_frags.mem) > ip6_frags_ctl.high_thresh) |
743 | ip6_evictor(ip6_dst_idev(skb->dst)); | 667 | ip6_evictor(ip6_dst_idev(skb->dst)); |
744 | 668 | ||
745 | if ((fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr, | 669 | if ((fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr, |
746 | ip6_dst_idev(skb->dst))) != NULL) { | 670 | ip6_dst_idev(skb->dst))) != NULL) { |
747 | int ret = -1; | 671 | int ret; |
748 | 672 | ||
749 | spin_lock(&fq->lock); | 673 | spin_lock(&fq->q.lock); |
750 | 674 | ||
751 | ip6_frag_queue(fq, skb, fhdr, IP6CB(skb)->nhoff); | 675 | ret = ip6_frag_queue(fq, skb, fhdr, IP6CB(skb)->nhoff); |
752 | 676 | ||
753 | if (fq->last_in == (FIRST_IN|LAST_IN) && | 677 | spin_unlock(&fq->q.lock); |
754 | fq->meat == fq->len) | 678 | fq_put(fq); |
755 | ret = ip6_frag_reasm(fq, skbp, dev); | ||
756 | |||
757 | spin_unlock(&fq->lock); | ||
758 | fq_put(fq, NULL); | ||
759 | return ret; | 679 | return ret; |
760 | } | 680 | } |
761 | 681 | ||
@@ -775,11 +695,10 @@ void __init ipv6_frag_init(void) | |||
775 | if (inet6_add_protocol(&frag_protocol, IPPROTO_FRAGMENT) < 0) | 695 | if (inet6_add_protocol(&frag_protocol, IPPROTO_FRAGMENT) < 0) |
776 | printk(KERN_ERR "ipv6_frag_init: Could not register protocol\n"); | 696 | printk(KERN_ERR "ipv6_frag_init: Could not register protocol\n"); |
777 | 697 | ||
778 | ip6_frag_hash_rnd = (u32) ((num_physpages ^ (num_physpages>>7)) ^ | 698 | ip6_frags.ctl = &ip6_frags_ctl; |
779 | (jiffies ^ (jiffies >> 6))); | 699 | ip6_frags.hashfn = ip6_hashfn; |
780 | 700 | ip6_frags.destructor = ip6_frag_free; | |
781 | init_timer(&ip6_frag_secret_timer); | 701 | ip6_frags.skb_free = NULL; |
782 | ip6_frag_secret_timer.function = ip6_frag_secret_rebuild; | 702 | ip6_frags.qsize = sizeof(struct frag_queue); |
783 | ip6_frag_secret_timer.expires = jiffies + sysctl_ip6frag_secret_interval; | 703 | inet_frags_init(&ip6_frags); |
784 | add_timer(&ip6_frag_secret_timer); | ||
785 | } | 704 | } |
diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 6ff19f9eb9ee..cce9941c11c6 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c | |||
@@ -663,7 +663,7 @@ static struct rt6_info *rt6_alloc_clone(struct rt6_info *ort, struct in6_addr *d | |||
663 | return rt; | 663 | return rt; |
664 | } | 664 | } |
665 | 665 | ||
666 | static struct rt6_info *ip6_pol_route_input(struct fib6_table *table, | 666 | static struct rt6_info *ip6_pol_route(struct fib6_table *table, int oif, |
667 | struct flowi *fl, int flags) | 667 | struct flowi *fl, int flags) |
668 | { | 668 | { |
669 | struct fib6_node *fn; | 669 | struct fib6_node *fn; |
@@ -682,7 +682,7 @@ restart_2: | |||
682 | fn = fib6_lookup(&table->tb6_root, &fl->fl6_dst, &fl->fl6_src); | 682 | fn = fib6_lookup(&table->tb6_root, &fl->fl6_dst, &fl->fl6_src); |
683 | 683 | ||
684 | restart: | 684 | restart: |
685 | rt = rt6_select(fn, fl->iif, strict | reachable); | 685 | rt = rt6_select(fn, oif, strict | reachable); |
686 | BACKTRACK(&fl->fl6_src); | 686 | BACKTRACK(&fl->fl6_src); |
687 | if (rt == &ip6_null_entry || | 687 | if (rt == &ip6_null_entry || |
688 | rt->rt6i_flags & RTF_CACHE) | 688 | rt->rt6i_flags & RTF_CACHE) |
@@ -735,6 +735,12 @@ out2: | |||
735 | return rt; | 735 | return rt; |
736 | } | 736 | } |
737 | 737 | ||
738 | static struct rt6_info *ip6_pol_route_input(struct fib6_table *table, | ||
739 | struct flowi *fl, int flags) | ||
740 | { | ||
741 | return ip6_pol_route(table, fl->iif, fl, flags); | ||
742 | } | ||
743 | |||
738 | void ip6_route_input(struct sk_buff *skb) | 744 | void ip6_route_input(struct sk_buff *skb) |
739 | { | 745 | { |
740 | struct ipv6hdr *iph = ipv6_hdr(skb); | 746 | struct ipv6hdr *iph = ipv6_hdr(skb); |
@@ -761,72 +767,7 @@ void ip6_route_input(struct sk_buff *skb) | |||
761 | static struct rt6_info *ip6_pol_route_output(struct fib6_table *table, | 767 | static struct rt6_info *ip6_pol_route_output(struct fib6_table *table, |
762 | struct flowi *fl, int flags) | 768 | struct flowi *fl, int flags) |
763 | { | 769 | { |
764 | struct fib6_node *fn; | 770 | return ip6_pol_route(table, fl->oif, fl, flags); |
765 | struct rt6_info *rt, *nrt; | ||
766 | int strict = 0; | ||
767 | int attempts = 3; | ||
768 | int err; | ||
769 | int reachable = ipv6_devconf.forwarding ? 0 : RT6_LOOKUP_F_REACHABLE; | ||
770 | |||
771 | strict |= flags & RT6_LOOKUP_F_IFACE; | ||
772 | |||
773 | relookup: | ||
774 | read_lock_bh(&table->tb6_lock); | ||
775 | |||
776 | restart_2: | ||
777 | fn = fib6_lookup(&table->tb6_root, &fl->fl6_dst, &fl->fl6_src); | ||
778 | |||
779 | restart: | ||
780 | rt = rt6_select(fn, fl->oif, strict | reachable); | ||
781 | BACKTRACK(&fl->fl6_src); | ||
782 | if (rt == &ip6_null_entry || | ||
783 | rt->rt6i_flags & RTF_CACHE) | ||
784 | goto out; | ||
785 | |||
786 | dst_hold(&rt->u.dst); | ||
787 | read_unlock_bh(&table->tb6_lock); | ||
788 | |||
789 | if (!rt->rt6i_nexthop && !(rt->rt6i_flags & RTF_NONEXTHOP)) | ||
790 | nrt = rt6_alloc_cow(rt, &fl->fl6_dst, &fl->fl6_src); | ||
791 | else { | ||
792 | #if CLONE_OFFLINK_ROUTE | ||
793 | nrt = rt6_alloc_clone(rt, &fl->fl6_dst); | ||
794 | #else | ||
795 | goto out2; | ||
796 | #endif | ||
797 | } | ||
798 | |||
799 | dst_release(&rt->u.dst); | ||
800 | rt = nrt ? : &ip6_null_entry; | ||
801 | |||
802 | dst_hold(&rt->u.dst); | ||
803 | if (nrt) { | ||
804 | err = ip6_ins_rt(nrt); | ||
805 | if (!err) | ||
806 | goto out2; | ||
807 | } | ||
808 | |||
809 | if (--attempts <= 0) | ||
810 | goto out2; | ||
811 | |||
812 | /* | ||
813 | * Race condition! In the gap, when table->tb6_lock was | ||
814 | * released someone could insert this route. Relookup. | ||
815 | */ | ||
816 | dst_release(&rt->u.dst); | ||
817 | goto relookup; | ||
818 | |||
819 | out: | ||
820 | if (reachable) { | ||
821 | reachable = 0; | ||
822 | goto restart_2; | ||
823 | } | ||
824 | dst_hold(&rt->u.dst); | ||
825 | read_unlock_bh(&table->tb6_lock); | ||
826 | out2: | ||
827 | rt->u.dst.lastuse = jiffies; | ||
828 | rt->u.dst.__use++; | ||
829 | return rt; | ||
830 | } | 771 | } |
831 | 772 | ||
832 | struct dst_entry * ip6_route_output(struct sock *sk, struct flowi *fl) | 773 | struct dst_entry * ip6_route_output(struct sock *sk, struct flowi *fl) |
diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c index 3fb44277207b..68bb2548e469 100644 --- a/net/ipv6/sysctl_net_ipv6.c +++ b/net/ipv6/sysctl_net_ipv6.c | |||
@@ -12,6 +12,7 @@ | |||
12 | #include <net/ndisc.h> | 12 | #include <net/ndisc.h> |
13 | #include <net/ipv6.h> | 13 | #include <net/ipv6.h> |
14 | #include <net/addrconf.h> | 14 | #include <net/addrconf.h> |
15 | #include <net/inet_frag.h> | ||
15 | 16 | ||
16 | #ifdef CONFIG_SYSCTL | 17 | #ifdef CONFIG_SYSCTL |
17 | 18 | ||
@@ -41,7 +42,7 @@ static ctl_table ipv6_table[] = { | |||
41 | { | 42 | { |
42 | .ctl_name = NET_IPV6_IP6FRAG_HIGH_THRESH, | 43 | .ctl_name = NET_IPV6_IP6FRAG_HIGH_THRESH, |
43 | .procname = "ip6frag_high_thresh", | 44 | .procname = "ip6frag_high_thresh", |
44 | .data = &sysctl_ip6frag_high_thresh, | 45 | .data = &ip6_frags_ctl.high_thresh, |
45 | .maxlen = sizeof(int), | 46 | .maxlen = sizeof(int), |
46 | .mode = 0644, | 47 | .mode = 0644, |
47 | .proc_handler = &proc_dointvec | 48 | .proc_handler = &proc_dointvec |
@@ -49,7 +50,7 @@ static ctl_table ipv6_table[] = { | |||
49 | { | 50 | { |
50 | .ctl_name = NET_IPV6_IP6FRAG_LOW_THRESH, | 51 | .ctl_name = NET_IPV6_IP6FRAG_LOW_THRESH, |
51 | .procname = "ip6frag_low_thresh", | 52 | .procname = "ip6frag_low_thresh", |
52 | .data = &sysctl_ip6frag_low_thresh, | 53 | .data = &ip6_frags_ctl.low_thresh, |
53 | .maxlen = sizeof(int), | 54 | .maxlen = sizeof(int), |
54 | .mode = 0644, | 55 | .mode = 0644, |
55 | .proc_handler = &proc_dointvec | 56 | .proc_handler = &proc_dointvec |
@@ -57,7 +58,7 @@ static ctl_table ipv6_table[] = { | |||
57 | { | 58 | { |
58 | .ctl_name = NET_IPV6_IP6FRAG_TIME, | 59 | .ctl_name = NET_IPV6_IP6FRAG_TIME, |
59 | .procname = "ip6frag_time", | 60 | .procname = "ip6frag_time", |
60 | .data = &sysctl_ip6frag_time, | 61 | .data = &ip6_frags_ctl.timeout, |
61 | .maxlen = sizeof(int), | 62 | .maxlen = sizeof(int), |
62 | .mode = 0644, | 63 | .mode = 0644, |
63 | .proc_handler = &proc_dointvec_jiffies, | 64 | .proc_handler = &proc_dointvec_jiffies, |
@@ -66,7 +67,7 @@ static ctl_table ipv6_table[] = { | |||
66 | { | 67 | { |
67 | .ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL, | 68 | .ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL, |
68 | .procname = "ip6frag_secret_interval", | 69 | .procname = "ip6frag_secret_interval", |
69 | .data = &sysctl_ip6frag_secret_interval, | 70 | .data = &ip6_frags_ctl.secret_interval, |
70 | .maxlen = sizeof(int), | 71 | .maxlen = sizeof(int), |
71 | .mode = 0644, | 72 | .mode = 0644, |
72 | .proc_handler = &proc_dointvec_jiffies, | 73 | .proc_handler = &proc_dointvec_jiffies, |
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index a07b59c528f3..737b755342bd 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c | |||
@@ -1668,9 +1668,8 @@ ipv6_pktoptions: | |||
1668 | return 0; | 1668 | return 0; |
1669 | } | 1669 | } |
1670 | 1670 | ||
1671 | static int tcp_v6_rcv(struct sk_buff **pskb) | 1671 | static int tcp_v6_rcv(struct sk_buff *skb) |
1672 | { | 1672 | { |
1673 | struct sk_buff *skb = *pskb; | ||
1674 | struct tcphdr *th; | 1673 | struct tcphdr *th; |
1675 | struct sock *sk; | 1674 | struct sock *sk; |
1676 | int ret; | 1675 | int ret; |
diff --git a/net/ipv6/tunnel6.c b/net/ipv6/tunnel6.c index 23e2809878ae..6323921b40be 100644 --- a/net/ipv6/tunnel6.c +++ b/net/ipv6/tunnel6.c | |||
@@ -87,9 +87,8 @@ int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler, unsigned short family) | |||
87 | 87 | ||
88 | EXPORT_SYMBOL(xfrm6_tunnel_deregister); | 88 | EXPORT_SYMBOL(xfrm6_tunnel_deregister); |
89 | 89 | ||
90 | static int tunnel6_rcv(struct sk_buff **pskb) | 90 | static int tunnel6_rcv(struct sk_buff *skb) |
91 | { | 91 | { |
92 | struct sk_buff *skb = *pskb; | ||
93 | struct xfrm6_tunnel *handler; | 92 | struct xfrm6_tunnel *handler; |
94 | 93 | ||
95 | if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) | 94 | if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) |
@@ -106,9 +105,8 @@ drop: | |||
106 | return 0; | 105 | return 0; |
107 | } | 106 | } |
108 | 107 | ||
109 | static int tunnel46_rcv(struct sk_buff **pskb) | 108 | static int tunnel46_rcv(struct sk_buff *skb) |
110 | { | 109 | { |
111 | struct sk_buff *skb = *pskb; | ||
112 | struct xfrm6_tunnel *handler; | 110 | struct xfrm6_tunnel *handler; |
113 | 111 | ||
114 | if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) | 112 | if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) |
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index 82ff26dd4470..caebad6ee510 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c | |||
@@ -405,10 +405,9 @@ static inline int udp6_csum_init(struct sk_buff *skb, struct udphdr *uh, | |||
405 | return 0; | 405 | return 0; |
406 | } | 406 | } |
407 | 407 | ||
408 | int __udp6_lib_rcv(struct sk_buff **pskb, struct hlist_head udptable[], | 408 | int __udp6_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[], |
409 | int proto) | 409 | int proto) |
410 | { | 410 | { |
411 | struct sk_buff *skb = *pskb; | ||
412 | struct sock *sk; | 411 | struct sock *sk; |
413 | struct udphdr *uh; | 412 | struct udphdr *uh; |
414 | struct net_device *dev = skb->dev; | 413 | struct net_device *dev = skb->dev; |
@@ -494,9 +493,9 @@ discard: | |||
494 | return 0; | 493 | return 0; |
495 | } | 494 | } |
496 | 495 | ||
497 | static __inline__ int udpv6_rcv(struct sk_buff **pskb) | 496 | static __inline__ int udpv6_rcv(struct sk_buff *skb) |
498 | { | 497 | { |
499 | return __udp6_lib_rcv(pskb, udp_hash, IPPROTO_UDP); | 498 | return __udp6_lib_rcv(skb, udp_hash, IPPROTO_UDP); |
500 | } | 499 | } |
501 | 500 | ||
502 | /* | 501 | /* |
diff --git a/net/ipv6/udp_impl.h b/net/ipv6/udp_impl.h index 6e252f318f7c..2d3fda601232 100644 --- a/net/ipv6/udp_impl.h +++ b/net/ipv6/udp_impl.h | |||
@@ -6,7 +6,7 @@ | |||
6 | #include <net/addrconf.h> | 6 | #include <net/addrconf.h> |
7 | #include <net/inet_common.h> | 7 | #include <net/inet_common.h> |
8 | 8 | ||
9 | extern int __udp6_lib_rcv(struct sk_buff **, struct hlist_head [], int ); | 9 | extern int __udp6_lib_rcv(struct sk_buff *, struct hlist_head [], int ); |
10 | extern void __udp6_lib_err(struct sk_buff *, struct inet6_skb_parm *, | 10 | extern void __udp6_lib_err(struct sk_buff *, struct inet6_skb_parm *, |
11 | int , int , int , __be32 , struct hlist_head []); | 11 | int , int , int , __be32 , struct hlist_head []); |
12 | 12 | ||
diff --git a/net/ipv6/udplite.c b/net/ipv6/udplite.c index f54016a55004..766566f7de47 100644 --- a/net/ipv6/udplite.c +++ b/net/ipv6/udplite.c | |||
@@ -17,9 +17,9 @@ | |||
17 | 17 | ||
18 | DEFINE_SNMP_STAT(struct udp_mib, udplite_stats_in6) __read_mostly; | 18 | DEFINE_SNMP_STAT(struct udp_mib, udplite_stats_in6) __read_mostly; |
19 | 19 | ||
20 | static int udplitev6_rcv(struct sk_buff **pskb) | 20 | static int udplitev6_rcv(struct sk_buff *skb) |
21 | { | 21 | { |
22 | return __udp6_lib_rcv(pskb, udplite_hash, IPPROTO_UDPLITE); | 22 | return __udp6_lib_rcv(skb, udplite_hash, IPPROTO_UDPLITE); |
23 | } | 23 | } |
24 | 24 | ||
25 | static void udplitev6_err(struct sk_buff *skb, | 25 | static void udplitev6_err(struct sk_buff *skb, |
diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c index c858537cec4b..02f69e544f6f 100644 --- a/net/ipv6/xfrm6_input.c +++ b/net/ipv6/xfrm6_input.c | |||
@@ -133,9 +133,9 @@ drop: | |||
133 | 133 | ||
134 | EXPORT_SYMBOL(xfrm6_rcv_spi); | 134 | EXPORT_SYMBOL(xfrm6_rcv_spi); |
135 | 135 | ||
136 | int xfrm6_rcv(struct sk_buff **pskb) | 136 | int xfrm6_rcv(struct sk_buff *skb) |
137 | { | 137 | { |
138 | return xfrm6_rcv_spi(*pskb, 0); | 138 | return xfrm6_rcv_spi(skb, 0); |
139 | } | 139 | } |
140 | 140 | ||
141 | EXPORT_SYMBOL(xfrm6_rcv); | 141 | EXPORT_SYMBOL(xfrm6_rcv); |
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c index 4618c18e611d..a5a32c17249d 100644 --- a/net/ipv6/xfrm6_output.c +++ b/net/ipv6/xfrm6_output.c | |||
@@ -80,7 +80,7 @@ static int xfrm6_output_finish2(struct sk_buff *skb) | |||
80 | while (likely((err = xfrm6_output_one(skb)) == 0)) { | 80 | while (likely((err = xfrm6_output_one(skb)) == 0)) { |
81 | nf_reset(skb); | 81 | nf_reset(skb); |
82 | 82 | ||
83 | err = nf_hook(PF_INET6, NF_IP6_LOCAL_OUT, &skb, NULL, | 83 | err = nf_hook(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, |
84 | skb->dst->dev, dst_output); | 84 | skb->dst->dev, dst_output); |
85 | if (unlikely(err != 1)) | 85 | if (unlikely(err != 1)) |
86 | break; | 86 | break; |
@@ -88,7 +88,7 @@ static int xfrm6_output_finish2(struct sk_buff *skb) | |||
88 | if (!skb->dst->xfrm) | 88 | if (!skb->dst->xfrm) |
89 | return dst_output(skb); | 89 | return dst_output(skb); |
90 | 90 | ||
91 | err = nf_hook(PF_INET6, NF_IP6_POST_ROUTING, &skb, NULL, | 91 | err = nf_hook(PF_INET6, NF_IP6_POST_ROUTING, skb, NULL, |
92 | skb->dst->dev, xfrm6_output_finish2); | 92 | skb->dst->dev, xfrm6_output_finish2); |
93 | if (unlikely(err != 1)) | 93 | if (unlikely(err != 1)) |
94 | break; | 94 | break; |
diff --git a/net/netfilter/core.c b/net/netfilter/core.c index a523fa4136ed..bed9ba01e8ec 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c | |||
@@ -117,7 +117,7 @@ void nf_unregister_hooks(struct nf_hook_ops *reg, unsigned int n) | |||
117 | EXPORT_SYMBOL(nf_unregister_hooks); | 117 | EXPORT_SYMBOL(nf_unregister_hooks); |
118 | 118 | ||
119 | unsigned int nf_iterate(struct list_head *head, | 119 | unsigned int nf_iterate(struct list_head *head, |
120 | struct sk_buff **skb, | 120 | struct sk_buff *skb, |
121 | int hook, | 121 | int hook, |
122 | const struct net_device *indev, | 122 | const struct net_device *indev, |
123 | const struct net_device *outdev, | 123 | const struct net_device *outdev, |
@@ -160,7 +160,7 @@ unsigned int nf_iterate(struct list_head *head, | |||
160 | 160 | ||
161 | /* Returns 1 if okfn() needs to be executed by the caller, | 161 | /* Returns 1 if okfn() needs to be executed by the caller, |
162 | * -EPERM for NF_DROP, 0 otherwise. */ | 162 | * -EPERM for NF_DROP, 0 otherwise. */ |
163 | int nf_hook_slow(int pf, unsigned int hook, struct sk_buff **pskb, | 163 | int nf_hook_slow(int pf, unsigned int hook, struct sk_buff *skb, |
164 | struct net_device *indev, | 164 | struct net_device *indev, |
165 | struct net_device *outdev, | 165 | struct net_device *outdev, |
166 | int (*okfn)(struct sk_buff *), | 166 | int (*okfn)(struct sk_buff *), |
@@ -175,17 +175,17 @@ int nf_hook_slow(int pf, unsigned int hook, struct sk_buff **pskb, | |||
175 | 175 | ||
176 | elem = &nf_hooks[pf][hook]; | 176 | elem = &nf_hooks[pf][hook]; |
177 | next_hook: | 177 | next_hook: |
178 | verdict = nf_iterate(&nf_hooks[pf][hook], pskb, hook, indev, | 178 | verdict = nf_iterate(&nf_hooks[pf][hook], skb, hook, indev, |
179 | outdev, &elem, okfn, hook_thresh); | 179 | outdev, &elem, okfn, hook_thresh); |
180 | if (verdict == NF_ACCEPT || verdict == NF_STOP) { | 180 | if (verdict == NF_ACCEPT || verdict == NF_STOP) { |
181 | ret = 1; | 181 | ret = 1; |
182 | goto unlock; | 182 | goto unlock; |
183 | } else if (verdict == NF_DROP) { | 183 | } else if (verdict == NF_DROP) { |
184 | kfree_skb(*pskb); | 184 | kfree_skb(skb); |
185 | ret = -EPERM; | 185 | ret = -EPERM; |
186 | } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) { | 186 | } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) { |
187 | NFDEBUG("nf_hook: Verdict = QUEUE.\n"); | 187 | NFDEBUG("nf_hook: Verdict = QUEUE.\n"); |
188 | if (!nf_queue(*pskb, elem, pf, hook, indev, outdev, okfn, | 188 | if (!nf_queue(skb, elem, pf, hook, indev, outdev, okfn, |
189 | verdict >> NF_VERDICT_BITS)) | 189 | verdict >> NF_VERDICT_BITS)) |
190 | goto next_hook; | 190 | goto next_hook; |
191 | } | 191 | } |
@@ -196,34 +196,24 @@ unlock: | |||
196 | EXPORT_SYMBOL(nf_hook_slow); | 196 | EXPORT_SYMBOL(nf_hook_slow); |
197 | 197 | ||
198 | 198 | ||
199 | int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len) | 199 | int skb_make_writable(struct sk_buff *skb, unsigned int writable_len) |
200 | { | 200 | { |
201 | struct sk_buff *nskb; | 201 | if (writable_len > skb->len) |
202 | |||
203 | if (writable_len > (*pskb)->len) | ||
204 | return 0; | 202 | return 0; |
205 | 203 | ||
206 | /* Not exclusive use of packet? Must copy. */ | 204 | /* Not exclusive use of packet? Must copy. */ |
207 | if (skb_cloned(*pskb) && !skb_clone_writable(*pskb, writable_len)) | 205 | if (!skb_cloned(skb)) { |
208 | goto copy_skb; | 206 | if (writable_len <= skb_headlen(skb)) |
209 | if (skb_shared(*pskb)) | 207 | return 1; |
210 | goto copy_skb; | 208 | } else if (skb_clone_writable(skb, writable_len)) |
211 | 209 | return 1; | |
212 | return pskb_may_pull(*pskb, writable_len); | 210 | |
213 | 211 | if (writable_len <= skb_headlen(skb)) | |
214 | copy_skb: | 212 | writable_len = 0; |
215 | nskb = skb_copy(*pskb, GFP_ATOMIC); | 213 | else |
216 | if (!nskb) | 214 | writable_len -= skb_headlen(skb); |
217 | return 0; | 215 | |
218 | BUG_ON(skb_is_nonlinear(nskb)); | 216 | return !!__pskb_pull_tail(skb, writable_len); |
219 | |||
220 | /* Rest of kernel will get very unhappy if we pass it a | ||
221 | suddenly-orphaned skbuff */ | ||
222 | if ((*pskb)->sk) | ||
223 | skb_set_owner_w(nskb, (*pskb)->sk); | ||
224 | kfree_skb(*pskb); | ||
225 | *pskb = nskb; | ||
226 | return 1; | ||
227 | } | 217 | } |
228 | EXPORT_SYMBOL(skb_make_writable); | 218 | EXPORT_SYMBOL(skb_make_writable); |
229 | 219 | ||
diff --git a/net/netfilter/nf_conntrack_amanda.c b/net/netfilter/nf_conntrack_amanda.c index e42ab230ad88..7b8239c0cd5e 100644 --- a/net/netfilter/nf_conntrack_amanda.c +++ b/net/netfilter/nf_conntrack_amanda.c | |||
@@ -36,7 +36,7 @@ MODULE_PARM_DESC(master_timeout, "timeout for the master connection"); | |||
36 | module_param(ts_algo, charp, 0400); | 36 | module_param(ts_algo, charp, 0400); |
37 | MODULE_PARM_DESC(ts_algo, "textsearch algorithm to use (default kmp)"); | 37 | MODULE_PARM_DESC(ts_algo, "textsearch algorithm to use (default kmp)"); |
38 | 38 | ||
39 | unsigned int (*nf_nat_amanda_hook)(struct sk_buff **pskb, | 39 | unsigned int (*nf_nat_amanda_hook)(struct sk_buff *skb, |
40 | enum ip_conntrack_info ctinfo, | 40 | enum ip_conntrack_info ctinfo, |
41 | unsigned int matchoff, | 41 | unsigned int matchoff, |
42 | unsigned int matchlen, | 42 | unsigned int matchlen, |
@@ -79,7 +79,7 @@ static struct { | |||
79 | }, | 79 | }, |
80 | }; | 80 | }; |
81 | 81 | ||
82 | static int amanda_help(struct sk_buff **pskb, | 82 | static int amanda_help(struct sk_buff *skb, |
83 | unsigned int protoff, | 83 | unsigned int protoff, |
84 | struct nf_conn *ct, | 84 | struct nf_conn *ct, |
85 | enum ip_conntrack_info ctinfo) | 85 | enum ip_conntrack_info ctinfo) |
@@ -101,25 +101,25 @@ static int amanda_help(struct sk_buff **pskb, | |||
101 | 101 | ||
102 | /* increase the UDP timeout of the master connection as replies from | 102 | /* increase the UDP timeout of the master connection as replies from |
103 | * Amanda clients to the server can be quite delayed */ | 103 | * Amanda clients to the server can be quite delayed */ |
104 | nf_ct_refresh(ct, *pskb, master_timeout * HZ); | 104 | nf_ct_refresh(ct, skb, master_timeout * HZ); |
105 | 105 | ||
106 | /* No data? */ | 106 | /* No data? */ |
107 | dataoff = protoff + sizeof(struct udphdr); | 107 | dataoff = protoff + sizeof(struct udphdr); |
108 | if (dataoff >= (*pskb)->len) { | 108 | if (dataoff >= skb->len) { |
109 | if (net_ratelimit()) | 109 | if (net_ratelimit()) |
110 | printk("amanda_help: skblen = %u\n", (*pskb)->len); | 110 | printk("amanda_help: skblen = %u\n", skb->len); |
111 | return NF_ACCEPT; | 111 | return NF_ACCEPT; |
112 | } | 112 | } |
113 | 113 | ||
114 | memset(&ts, 0, sizeof(ts)); | 114 | memset(&ts, 0, sizeof(ts)); |
115 | start = skb_find_text(*pskb, dataoff, (*pskb)->len, | 115 | start = skb_find_text(skb, dataoff, skb->len, |
116 | search[SEARCH_CONNECT].ts, &ts); | 116 | search[SEARCH_CONNECT].ts, &ts); |
117 | if (start == UINT_MAX) | 117 | if (start == UINT_MAX) |
118 | goto out; | 118 | goto out; |
119 | start += dataoff + search[SEARCH_CONNECT].len; | 119 | start += dataoff + search[SEARCH_CONNECT].len; |
120 | 120 | ||
121 | memset(&ts, 0, sizeof(ts)); | 121 | memset(&ts, 0, sizeof(ts)); |
122 | stop = skb_find_text(*pskb, start, (*pskb)->len, | 122 | stop = skb_find_text(skb, start, skb->len, |
123 | search[SEARCH_NEWLINE].ts, &ts); | 123 | search[SEARCH_NEWLINE].ts, &ts); |
124 | if (stop == UINT_MAX) | 124 | if (stop == UINT_MAX) |
125 | goto out; | 125 | goto out; |
@@ -127,13 +127,13 @@ static int amanda_help(struct sk_buff **pskb, | |||
127 | 127 | ||
128 | for (i = SEARCH_DATA; i <= SEARCH_INDEX; i++) { | 128 | for (i = SEARCH_DATA; i <= SEARCH_INDEX; i++) { |
129 | memset(&ts, 0, sizeof(ts)); | 129 | memset(&ts, 0, sizeof(ts)); |
130 | off = skb_find_text(*pskb, start, stop, search[i].ts, &ts); | 130 | off = skb_find_text(skb, start, stop, search[i].ts, &ts); |
131 | if (off == UINT_MAX) | 131 | if (off == UINT_MAX) |
132 | continue; | 132 | continue; |
133 | off += start + search[i].len; | 133 | off += start + search[i].len; |
134 | 134 | ||
135 | len = min_t(unsigned int, sizeof(pbuf) - 1, stop - off); | 135 | len = min_t(unsigned int, sizeof(pbuf) - 1, stop - off); |
136 | if (skb_copy_bits(*pskb, off, pbuf, len)) | 136 | if (skb_copy_bits(skb, off, pbuf, len)) |
137 | break; | 137 | break; |
138 | pbuf[len] = '\0'; | 138 | pbuf[len] = '\0'; |
139 | 139 | ||
@@ -153,7 +153,7 @@ static int amanda_help(struct sk_buff **pskb, | |||
153 | 153 | ||
154 | nf_nat_amanda = rcu_dereference(nf_nat_amanda_hook); | 154 | nf_nat_amanda = rcu_dereference(nf_nat_amanda_hook); |
155 | if (nf_nat_amanda && ct->status & IPS_NAT_MASK) | 155 | if (nf_nat_amanda && ct->status & IPS_NAT_MASK) |
156 | ret = nf_nat_amanda(pskb, ctinfo, off - dataoff, | 156 | ret = nf_nat_amanda(skb, ctinfo, off - dataoff, |
157 | len, exp); | 157 | len, exp); |
158 | else if (nf_ct_expect_related(exp) != 0) | 158 | else if (nf_ct_expect_related(exp) != 0) |
159 | ret = NF_DROP; | 159 | ret = NF_DROP; |
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 83c30b45d170..4d6171bc0829 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
@@ -307,7 +307,7 @@ EXPORT_SYMBOL_GPL(nf_conntrack_hash_insert); | |||
307 | 307 | ||
308 | /* Confirm a connection given skb; places it in hash table */ | 308 | /* Confirm a connection given skb; places it in hash table */ |
309 | int | 309 | int |
310 | __nf_conntrack_confirm(struct sk_buff **pskb) | 310 | __nf_conntrack_confirm(struct sk_buff *skb) |
311 | { | 311 | { |
312 | unsigned int hash, repl_hash; | 312 | unsigned int hash, repl_hash; |
313 | struct nf_conntrack_tuple_hash *h; | 313 | struct nf_conntrack_tuple_hash *h; |
@@ -316,7 +316,7 @@ __nf_conntrack_confirm(struct sk_buff **pskb) | |||
316 | struct hlist_node *n; | 316 | struct hlist_node *n; |
317 | enum ip_conntrack_info ctinfo; | 317 | enum ip_conntrack_info ctinfo; |
318 | 318 | ||
319 | ct = nf_ct_get(*pskb, &ctinfo); | 319 | ct = nf_ct_get(skb, &ctinfo); |
320 | 320 | ||
321 | /* ipt_REJECT uses nf_conntrack_attach to attach related | 321 | /* ipt_REJECT uses nf_conntrack_attach to attach related |
322 | ICMP/TCP RST packets in other direction. Actual packet | 322 | ICMP/TCP RST packets in other direction. Actual packet |
@@ -367,14 +367,14 @@ __nf_conntrack_confirm(struct sk_buff **pskb) | |||
367 | write_unlock_bh(&nf_conntrack_lock); | 367 | write_unlock_bh(&nf_conntrack_lock); |
368 | help = nfct_help(ct); | 368 | help = nfct_help(ct); |
369 | if (help && help->helper) | 369 | if (help && help->helper) |
370 | nf_conntrack_event_cache(IPCT_HELPER, *pskb); | 370 | nf_conntrack_event_cache(IPCT_HELPER, skb); |
371 | #ifdef CONFIG_NF_NAT_NEEDED | 371 | #ifdef CONFIG_NF_NAT_NEEDED |
372 | if (test_bit(IPS_SRC_NAT_DONE_BIT, &ct->status) || | 372 | if (test_bit(IPS_SRC_NAT_DONE_BIT, &ct->status) || |
373 | test_bit(IPS_DST_NAT_DONE_BIT, &ct->status)) | 373 | test_bit(IPS_DST_NAT_DONE_BIT, &ct->status)) |
374 | nf_conntrack_event_cache(IPCT_NATINFO, *pskb); | 374 | nf_conntrack_event_cache(IPCT_NATINFO, skb); |
375 | #endif | 375 | #endif |
376 | nf_conntrack_event_cache(master_ct(ct) ? | 376 | nf_conntrack_event_cache(master_ct(ct) ? |
377 | IPCT_RELATED : IPCT_NEW, *pskb); | 377 | IPCT_RELATED : IPCT_NEW, skb); |
378 | return NF_ACCEPT; | 378 | return NF_ACCEPT; |
379 | 379 | ||
380 | out: | 380 | out: |
@@ -632,7 +632,7 @@ resolve_normal_ct(struct sk_buff *skb, | |||
632 | } | 632 | } |
633 | 633 | ||
634 | unsigned int | 634 | unsigned int |
635 | nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff **pskb) | 635 | nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff *skb) |
636 | { | 636 | { |
637 | struct nf_conn *ct; | 637 | struct nf_conn *ct; |
638 | enum ip_conntrack_info ctinfo; | 638 | enum ip_conntrack_info ctinfo; |
@@ -644,14 +644,14 @@ nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff **pskb) | |||
644 | int ret; | 644 | int ret; |
645 | 645 | ||
646 | /* Previously seen (loopback or untracked)? Ignore. */ | 646 | /* Previously seen (loopback or untracked)? Ignore. */ |
647 | if ((*pskb)->nfct) { | 647 | if (skb->nfct) { |
648 | NF_CT_STAT_INC_ATOMIC(ignore); | 648 | NF_CT_STAT_INC_ATOMIC(ignore); |
649 | return NF_ACCEPT; | 649 | return NF_ACCEPT; |
650 | } | 650 | } |
651 | 651 | ||
652 | /* rcu_read_lock()ed by nf_hook_slow */ | 652 | /* rcu_read_lock()ed by nf_hook_slow */ |
653 | l3proto = __nf_ct_l3proto_find((u_int16_t)pf); | 653 | l3proto = __nf_ct_l3proto_find((u_int16_t)pf); |
654 | ret = l3proto->get_l4proto(*pskb, skb_network_offset(*pskb), | 654 | ret = l3proto->get_l4proto(skb, skb_network_offset(skb), |
655 | &dataoff, &protonum); | 655 | &dataoff, &protonum); |
656 | if (ret <= 0) { | 656 | if (ret <= 0) { |
657 | pr_debug("not prepared to track yet or error occured\n"); | 657 | pr_debug("not prepared to track yet or error occured\n"); |
@@ -666,13 +666,13 @@ nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff **pskb) | |||
666 | * inverse of the return code tells to the netfilter | 666 | * inverse of the return code tells to the netfilter |
667 | * core what to do with the packet. */ | 667 | * core what to do with the packet. */ |
668 | if (l4proto->error != NULL && | 668 | if (l4proto->error != NULL && |
669 | (ret = l4proto->error(*pskb, dataoff, &ctinfo, pf, hooknum)) <= 0) { | 669 | (ret = l4proto->error(skb, dataoff, &ctinfo, pf, hooknum)) <= 0) { |
670 | NF_CT_STAT_INC_ATOMIC(error); | 670 | NF_CT_STAT_INC_ATOMIC(error); |
671 | NF_CT_STAT_INC_ATOMIC(invalid); | 671 | NF_CT_STAT_INC_ATOMIC(invalid); |
672 | return -ret; | 672 | return -ret; |
673 | } | 673 | } |
674 | 674 | ||
675 | ct = resolve_normal_ct(*pskb, dataoff, pf, protonum, l3proto, l4proto, | 675 | ct = resolve_normal_ct(skb, dataoff, pf, protonum, l3proto, l4proto, |
676 | &set_reply, &ctinfo); | 676 | &set_reply, &ctinfo); |
677 | if (!ct) { | 677 | if (!ct) { |
678 | /* Not valid part of a connection */ | 678 | /* Not valid part of a connection */ |
@@ -686,21 +686,21 @@ nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff **pskb) | |||
686 | return NF_DROP; | 686 | return NF_DROP; |
687 | } | 687 | } |
688 | 688 | ||
689 | NF_CT_ASSERT((*pskb)->nfct); | 689 | NF_CT_ASSERT(skb->nfct); |
690 | 690 | ||
691 | ret = l4proto->packet(ct, *pskb, dataoff, ctinfo, pf, hooknum); | 691 | ret = l4proto->packet(ct, skb, dataoff, ctinfo, pf, hooknum); |
692 | if (ret < 0) { | 692 | if (ret < 0) { |
693 | /* Invalid: inverse of the return code tells | 693 | /* Invalid: inverse of the return code tells |
694 | * the netfilter core what to do */ | 694 | * the netfilter core what to do */ |
695 | pr_debug("nf_conntrack_in: Can't track with proto module\n"); | 695 | pr_debug("nf_conntrack_in: Can't track with proto module\n"); |
696 | nf_conntrack_put((*pskb)->nfct); | 696 | nf_conntrack_put(skb->nfct); |
697 | (*pskb)->nfct = NULL; | 697 | skb->nfct = NULL; |
698 | NF_CT_STAT_INC_ATOMIC(invalid); | 698 | NF_CT_STAT_INC_ATOMIC(invalid); |
699 | return -ret; | 699 | return -ret; |
700 | } | 700 | } |
701 | 701 | ||
702 | if (set_reply && !test_and_set_bit(IPS_SEEN_REPLY_BIT, &ct->status)) | 702 | if (set_reply && !test_and_set_bit(IPS_SEEN_REPLY_BIT, &ct->status)) |
703 | nf_conntrack_event_cache(IPCT_STATUS, *pskb); | 703 | nf_conntrack_event_cache(IPCT_STATUS, skb); |
704 | 704 | ||
705 | return ret; | 705 | return ret; |
706 | } | 706 | } |
diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c index c763ee74ea02..6df259067f7e 100644 --- a/net/netfilter/nf_conntrack_ftp.c +++ b/net/netfilter/nf_conntrack_ftp.c | |||
@@ -43,7 +43,7 @@ module_param_array(ports, ushort, &ports_c, 0400); | |||
43 | static int loose; | 43 | static int loose; |
44 | module_param(loose, bool, 0600); | 44 | module_param(loose, bool, 0600); |
45 | 45 | ||
46 | unsigned int (*nf_nat_ftp_hook)(struct sk_buff **pskb, | 46 | unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb, |
47 | enum ip_conntrack_info ctinfo, | 47 | enum ip_conntrack_info ctinfo, |
48 | enum nf_ct_ftp_type type, | 48 | enum nf_ct_ftp_type type, |
49 | unsigned int matchoff, | 49 | unsigned int matchoff, |
@@ -344,7 +344,7 @@ static void update_nl_seq(u32 nl_seq, struct nf_ct_ftp_master *info, int dir, | |||
344 | } | 344 | } |
345 | } | 345 | } |
346 | 346 | ||
347 | static int help(struct sk_buff **pskb, | 347 | static int help(struct sk_buff *skb, |
348 | unsigned int protoff, | 348 | unsigned int protoff, |
349 | struct nf_conn *ct, | 349 | struct nf_conn *ct, |
350 | enum ip_conntrack_info ctinfo) | 350 | enum ip_conntrack_info ctinfo) |
@@ -371,21 +371,21 @@ static int help(struct sk_buff **pskb, | |||
371 | return NF_ACCEPT; | 371 | return NF_ACCEPT; |
372 | } | 372 | } |
373 | 373 | ||
374 | th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); | 374 | th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); |
375 | if (th == NULL) | 375 | if (th == NULL) |
376 | return NF_ACCEPT; | 376 | return NF_ACCEPT; |
377 | 377 | ||
378 | dataoff = protoff + th->doff * 4; | 378 | dataoff = protoff + th->doff * 4; |
379 | /* No data? */ | 379 | /* No data? */ |
380 | if (dataoff >= (*pskb)->len) { | 380 | if (dataoff >= skb->len) { |
381 | pr_debug("ftp: dataoff(%u) >= skblen(%u)\n", dataoff, | 381 | pr_debug("ftp: dataoff(%u) >= skblen(%u)\n", dataoff, |
382 | (*pskb)->len); | 382 | skb->len); |
383 | return NF_ACCEPT; | 383 | return NF_ACCEPT; |
384 | } | 384 | } |
385 | datalen = (*pskb)->len - dataoff; | 385 | datalen = skb->len - dataoff; |
386 | 386 | ||
387 | spin_lock_bh(&nf_ftp_lock); | 387 | spin_lock_bh(&nf_ftp_lock); |
388 | fb_ptr = skb_header_pointer(*pskb, dataoff, datalen, ftp_buffer); | 388 | fb_ptr = skb_header_pointer(skb, dataoff, datalen, ftp_buffer); |
389 | BUG_ON(fb_ptr == NULL); | 389 | BUG_ON(fb_ptr == NULL); |
390 | 390 | ||
391 | ends_in_nl = (fb_ptr[datalen - 1] == '\n'); | 391 | ends_in_nl = (fb_ptr[datalen - 1] == '\n'); |
@@ -491,7 +491,7 @@ static int help(struct sk_buff **pskb, | |||
491 | * (possibly changed) expectation itself. */ | 491 | * (possibly changed) expectation itself. */ |
492 | nf_nat_ftp = rcu_dereference(nf_nat_ftp_hook); | 492 | nf_nat_ftp = rcu_dereference(nf_nat_ftp_hook); |
493 | if (nf_nat_ftp && ct->status & IPS_NAT_MASK) | 493 | if (nf_nat_ftp && ct->status & IPS_NAT_MASK) |
494 | ret = nf_nat_ftp(pskb, ctinfo, search[dir][i].ftptype, | 494 | ret = nf_nat_ftp(skb, ctinfo, search[dir][i].ftptype, |
495 | matchoff, matchlen, exp); | 495 | matchoff, matchlen, exp); |
496 | else { | 496 | else { |
497 | /* Can't expect this? Best to drop packet now. */ | 497 | /* Can't expect this? Best to drop packet now. */ |
@@ -508,7 +508,7 @@ out_update_nl: | |||
508 | /* Now if this ends in \n, update ftp info. Seq may have been | 508 | /* Now if this ends in \n, update ftp info. Seq may have been |
509 | * adjusted by NAT code. */ | 509 | * adjusted by NAT code. */ |
510 | if (ends_in_nl) | 510 | if (ends_in_nl) |
511 | update_nl_seq(seq, ct_ftp_info, dir, *pskb); | 511 | update_nl_seq(seq, ct_ftp_info, dir, skb); |
512 | out: | 512 | out: |
513 | spin_unlock_bh(&nf_ftp_lock); | 513 | spin_unlock_bh(&nf_ftp_lock); |
514 | return ret; | 514 | return ret; |
diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c index a8a9dfbe7a67..f23fd9598e19 100644 --- a/net/netfilter/nf_conntrack_h323_main.c +++ b/net/netfilter/nf_conntrack_h323_main.c | |||
@@ -47,27 +47,27 @@ MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations " | |||
47 | "(determined by routing information)"); | 47 | "(determined by routing information)"); |
48 | 48 | ||
49 | /* Hooks for NAT */ | 49 | /* Hooks for NAT */ |
50 | int (*set_h245_addr_hook) (struct sk_buff **pskb, | 50 | int (*set_h245_addr_hook) (struct sk_buff *skb, |
51 | unsigned char **data, int dataoff, | 51 | unsigned char **data, int dataoff, |
52 | H245_TransportAddress *taddr, | 52 | H245_TransportAddress *taddr, |
53 | union nf_conntrack_address *addr, __be16 port) | 53 | union nf_conntrack_address *addr, __be16 port) |
54 | __read_mostly; | 54 | __read_mostly; |
55 | int (*set_h225_addr_hook) (struct sk_buff **pskb, | 55 | int (*set_h225_addr_hook) (struct sk_buff *skb, |
56 | unsigned char **data, int dataoff, | 56 | unsigned char **data, int dataoff, |
57 | TransportAddress *taddr, | 57 | TransportAddress *taddr, |
58 | union nf_conntrack_address *addr, __be16 port) | 58 | union nf_conntrack_address *addr, __be16 port) |
59 | __read_mostly; | 59 | __read_mostly; |
60 | int (*set_sig_addr_hook) (struct sk_buff **pskb, | 60 | int (*set_sig_addr_hook) (struct sk_buff *skb, |
61 | struct nf_conn *ct, | 61 | struct nf_conn *ct, |
62 | enum ip_conntrack_info ctinfo, | 62 | enum ip_conntrack_info ctinfo, |
63 | unsigned char **data, | 63 | unsigned char **data, |
64 | TransportAddress *taddr, int count) __read_mostly; | 64 | TransportAddress *taddr, int count) __read_mostly; |
65 | int (*set_ras_addr_hook) (struct sk_buff **pskb, | 65 | int (*set_ras_addr_hook) (struct sk_buff *skb, |
66 | struct nf_conn *ct, | 66 | struct nf_conn *ct, |
67 | enum ip_conntrack_info ctinfo, | 67 | enum ip_conntrack_info ctinfo, |
68 | unsigned char **data, | 68 | unsigned char **data, |
69 | TransportAddress *taddr, int count) __read_mostly; | 69 | TransportAddress *taddr, int count) __read_mostly; |
70 | int (*nat_rtp_rtcp_hook) (struct sk_buff **pskb, | 70 | int (*nat_rtp_rtcp_hook) (struct sk_buff *skb, |
71 | struct nf_conn *ct, | 71 | struct nf_conn *ct, |
72 | enum ip_conntrack_info ctinfo, | 72 | enum ip_conntrack_info ctinfo, |
73 | unsigned char **data, int dataoff, | 73 | unsigned char **data, int dataoff, |
@@ -75,25 +75,25 @@ int (*nat_rtp_rtcp_hook) (struct sk_buff **pskb, | |||
75 | __be16 port, __be16 rtp_port, | 75 | __be16 port, __be16 rtp_port, |
76 | struct nf_conntrack_expect *rtp_exp, | 76 | struct nf_conntrack_expect *rtp_exp, |
77 | struct nf_conntrack_expect *rtcp_exp) __read_mostly; | 77 | struct nf_conntrack_expect *rtcp_exp) __read_mostly; |
78 | int (*nat_t120_hook) (struct sk_buff **pskb, | 78 | int (*nat_t120_hook) (struct sk_buff *skb, |
79 | struct nf_conn *ct, | 79 | struct nf_conn *ct, |
80 | enum ip_conntrack_info ctinfo, | 80 | enum ip_conntrack_info ctinfo, |
81 | unsigned char **data, int dataoff, | 81 | unsigned char **data, int dataoff, |
82 | H245_TransportAddress *taddr, __be16 port, | 82 | H245_TransportAddress *taddr, __be16 port, |
83 | struct nf_conntrack_expect *exp) __read_mostly; | 83 | struct nf_conntrack_expect *exp) __read_mostly; |
84 | int (*nat_h245_hook) (struct sk_buff **pskb, | 84 | int (*nat_h245_hook) (struct sk_buff *skb, |
85 | struct nf_conn *ct, | 85 | struct nf_conn *ct, |
86 | enum ip_conntrack_info ctinfo, | 86 | enum ip_conntrack_info ctinfo, |
87 | unsigned char **data, int dataoff, | 87 | unsigned char **data, int dataoff, |
88 | TransportAddress *taddr, __be16 port, | 88 | TransportAddress *taddr, __be16 port, |
89 | struct nf_conntrack_expect *exp) __read_mostly; | 89 | struct nf_conntrack_expect *exp) __read_mostly; |
90 | int (*nat_callforwarding_hook) (struct sk_buff **pskb, | 90 | int (*nat_callforwarding_hook) (struct sk_buff *skb, |
91 | struct nf_conn *ct, | 91 | struct nf_conn *ct, |
92 | enum ip_conntrack_info ctinfo, | 92 | enum ip_conntrack_info ctinfo, |
93 | unsigned char **data, int dataoff, | 93 | unsigned char **data, int dataoff, |
94 | TransportAddress *taddr, __be16 port, | 94 | TransportAddress *taddr, __be16 port, |
95 | struct nf_conntrack_expect *exp) __read_mostly; | 95 | struct nf_conntrack_expect *exp) __read_mostly; |
96 | int (*nat_q931_hook) (struct sk_buff **pskb, | 96 | int (*nat_q931_hook) (struct sk_buff *skb, |
97 | struct nf_conn *ct, | 97 | struct nf_conn *ct, |
98 | enum ip_conntrack_info ctinfo, | 98 | enum ip_conntrack_info ctinfo, |
99 | unsigned char **data, TransportAddress *taddr, int idx, | 99 | unsigned char **data, TransportAddress *taddr, int idx, |
@@ -108,7 +108,7 @@ static struct nf_conntrack_helper nf_conntrack_helper_q931[]; | |||
108 | static struct nf_conntrack_helper nf_conntrack_helper_ras[]; | 108 | static struct nf_conntrack_helper nf_conntrack_helper_ras[]; |
109 | 109 | ||
110 | /****************************************************************************/ | 110 | /****************************************************************************/ |
111 | static int get_tpkt_data(struct sk_buff **pskb, unsigned int protoff, | 111 | static int get_tpkt_data(struct sk_buff *skb, unsigned int protoff, |
112 | struct nf_conn *ct, enum ip_conntrack_info ctinfo, | 112 | struct nf_conn *ct, enum ip_conntrack_info ctinfo, |
113 | unsigned char **data, int *datalen, int *dataoff) | 113 | unsigned char **data, int *datalen, int *dataoff) |
114 | { | 114 | { |
@@ -122,7 +122,7 @@ static int get_tpkt_data(struct sk_buff **pskb, unsigned int protoff, | |||
122 | int tpktoff; | 122 | int tpktoff; |
123 | 123 | ||
124 | /* Get TCP header */ | 124 | /* Get TCP header */ |
125 | th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); | 125 | th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); |
126 | if (th == NULL) | 126 | if (th == NULL) |
127 | return 0; | 127 | return 0; |
128 | 128 | ||
@@ -130,13 +130,13 @@ static int get_tpkt_data(struct sk_buff **pskb, unsigned int protoff, | |||
130 | tcpdataoff = protoff + th->doff * 4; | 130 | tcpdataoff = protoff + th->doff * 4; |
131 | 131 | ||
132 | /* Get TCP data length */ | 132 | /* Get TCP data length */ |
133 | tcpdatalen = (*pskb)->len - tcpdataoff; | 133 | tcpdatalen = skb->len - tcpdataoff; |
134 | if (tcpdatalen <= 0) /* No TCP data */ | 134 | if (tcpdatalen <= 0) /* No TCP data */ |
135 | goto clear_out; | 135 | goto clear_out; |
136 | 136 | ||
137 | if (*data == NULL) { /* first TPKT */ | 137 | if (*data == NULL) { /* first TPKT */ |
138 | /* Get first TPKT pointer */ | 138 | /* Get first TPKT pointer */ |
139 | tpkt = skb_header_pointer(*pskb, tcpdataoff, tcpdatalen, | 139 | tpkt = skb_header_pointer(skb, tcpdataoff, tcpdatalen, |
140 | h323_buffer); | 140 | h323_buffer); |
141 | BUG_ON(tpkt == NULL); | 141 | BUG_ON(tpkt == NULL); |
142 | 142 | ||
@@ -248,7 +248,7 @@ static int get_h245_addr(struct nf_conn *ct, unsigned char *data, | |||
248 | } | 248 | } |
249 | 249 | ||
250 | /****************************************************************************/ | 250 | /****************************************************************************/ |
251 | static int expect_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, | 251 | static int expect_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct, |
252 | enum ip_conntrack_info ctinfo, | 252 | enum ip_conntrack_info ctinfo, |
253 | unsigned char **data, int dataoff, | 253 | unsigned char **data, int dataoff, |
254 | H245_TransportAddress *taddr) | 254 | H245_TransportAddress *taddr) |
@@ -297,7 +297,7 @@ static int expect_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, | |||
297 | (nat_rtp_rtcp = rcu_dereference(nat_rtp_rtcp_hook)) && | 297 | (nat_rtp_rtcp = rcu_dereference(nat_rtp_rtcp_hook)) && |
298 | ct->status & IPS_NAT_MASK) { | 298 | ct->status & IPS_NAT_MASK) { |
299 | /* NAT needed */ | 299 | /* NAT needed */ |
300 | ret = nat_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, | 300 | ret = nat_rtp_rtcp(skb, ct, ctinfo, data, dataoff, |
301 | taddr, port, rtp_port, rtp_exp, rtcp_exp); | 301 | taddr, port, rtp_port, rtp_exp, rtcp_exp); |
302 | } else { /* Conntrack only */ | 302 | } else { /* Conntrack only */ |
303 | if (nf_ct_expect_related(rtp_exp) == 0) { | 303 | if (nf_ct_expect_related(rtp_exp) == 0) { |
@@ -321,7 +321,7 @@ static int expect_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, | |||
321 | } | 321 | } |
322 | 322 | ||
323 | /****************************************************************************/ | 323 | /****************************************************************************/ |
324 | static int expect_t120(struct sk_buff **pskb, | 324 | static int expect_t120(struct sk_buff *skb, |
325 | struct nf_conn *ct, | 325 | struct nf_conn *ct, |
326 | enum ip_conntrack_info ctinfo, | 326 | enum ip_conntrack_info ctinfo, |
327 | unsigned char **data, int dataoff, | 327 | unsigned char **data, int dataoff, |
@@ -355,7 +355,7 @@ static int expect_t120(struct sk_buff **pskb, | |||
355 | (nat_t120 = rcu_dereference(nat_t120_hook)) && | 355 | (nat_t120 = rcu_dereference(nat_t120_hook)) && |
356 | ct->status & IPS_NAT_MASK) { | 356 | ct->status & IPS_NAT_MASK) { |
357 | /* NAT needed */ | 357 | /* NAT needed */ |
358 | ret = nat_t120(pskb, ct, ctinfo, data, dataoff, taddr, | 358 | ret = nat_t120(skb, ct, ctinfo, data, dataoff, taddr, |
359 | port, exp); | 359 | port, exp); |
360 | } else { /* Conntrack only */ | 360 | } else { /* Conntrack only */ |
361 | if (nf_ct_expect_related(exp) == 0) { | 361 | if (nf_ct_expect_related(exp) == 0) { |
@@ -371,7 +371,7 @@ static int expect_t120(struct sk_buff **pskb, | |||
371 | } | 371 | } |
372 | 372 | ||
373 | /****************************************************************************/ | 373 | /****************************************************************************/ |
374 | static int process_h245_channel(struct sk_buff **pskb, | 374 | static int process_h245_channel(struct sk_buff *skb, |
375 | struct nf_conn *ct, | 375 | struct nf_conn *ct, |
376 | enum ip_conntrack_info ctinfo, | 376 | enum ip_conntrack_info ctinfo, |
377 | unsigned char **data, int dataoff, | 377 | unsigned char **data, int dataoff, |
@@ -381,7 +381,7 @@ static int process_h245_channel(struct sk_buff **pskb, | |||
381 | 381 | ||
382 | if (channel->options & eH2250LogicalChannelParameters_mediaChannel) { | 382 | if (channel->options & eH2250LogicalChannelParameters_mediaChannel) { |
383 | /* RTP */ | 383 | /* RTP */ |
384 | ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, | 384 | ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff, |
385 | &channel->mediaChannel); | 385 | &channel->mediaChannel); |
386 | if (ret < 0) | 386 | if (ret < 0) |
387 | return -1; | 387 | return -1; |
@@ -390,7 +390,7 @@ static int process_h245_channel(struct sk_buff **pskb, | |||
390 | if (channel-> | 390 | if (channel-> |
391 | options & eH2250LogicalChannelParameters_mediaControlChannel) { | 391 | options & eH2250LogicalChannelParameters_mediaControlChannel) { |
392 | /* RTCP */ | 392 | /* RTCP */ |
393 | ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, | 393 | ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff, |
394 | &channel->mediaControlChannel); | 394 | &channel->mediaControlChannel); |
395 | if (ret < 0) | 395 | if (ret < 0) |
396 | return -1; | 396 | return -1; |
@@ -400,7 +400,7 @@ static int process_h245_channel(struct sk_buff **pskb, | |||
400 | } | 400 | } |
401 | 401 | ||
402 | /****************************************************************************/ | 402 | /****************************************************************************/ |
403 | static int process_olc(struct sk_buff **pskb, struct nf_conn *ct, | 403 | static int process_olc(struct sk_buff *skb, struct nf_conn *ct, |
404 | enum ip_conntrack_info ctinfo, | 404 | enum ip_conntrack_info ctinfo, |
405 | unsigned char **data, int dataoff, | 405 | unsigned char **data, int dataoff, |
406 | OpenLogicalChannel *olc) | 406 | OpenLogicalChannel *olc) |
@@ -412,7 +412,7 @@ static int process_olc(struct sk_buff **pskb, struct nf_conn *ct, | |||
412 | if (olc->forwardLogicalChannelParameters.multiplexParameters.choice == | 412 | if (olc->forwardLogicalChannelParameters.multiplexParameters.choice == |
413 | eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters) | 413 | eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters) |
414 | { | 414 | { |
415 | ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff, | 415 | ret = process_h245_channel(skb, ct, ctinfo, data, dataoff, |
416 | &olc-> | 416 | &olc-> |
417 | forwardLogicalChannelParameters. | 417 | forwardLogicalChannelParameters. |
418 | multiplexParameters. | 418 | multiplexParameters. |
@@ -430,7 +430,7 @@ static int process_olc(struct sk_buff **pskb, struct nf_conn *ct, | |||
430 | eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) | 430 | eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) |
431 | { | 431 | { |
432 | ret = | 432 | ret = |
433 | process_h245_channel(pskb, ct, ctinfo, data, dataoff, | 433 | process_h245_channel(skb, ct, ctinfo, data, dataoff, |
434 | &olc-> | 434 | &olc-> |
435 | reverseLogicalChannelParameters. | 435 | reverseLogicalChannelParameters. |
436 | multiplexParameters. | 436 | multiplexParameters. |
@@ -448,7 +448,7 @@ static int process_olc(struct sk_buff **pskb, struct nf_conn *ct, | |||
448 | t120.choice == eDataProtocolCapability_separateLANStack && | 448 | t120.choice == eDataProtocolCapability_separateLANStack && |
449 | olc->separateStack.networkAddress.choice == | 449 | olc->separateStack.networkAddress.choice == |
450 | eNetworkAccessParameters_networkAddress_localAreaAddress) { | 450 | eNetworkAccessParameters_networkAddress_localAreaAddress) { |
451 | ret = expect_t120(pskb, ct, ctinfo, data, dataoff, | 451 | ret = expect_t120(skb, ct, ctinfo, data, dataoff, |
452 | &olc->separateStack.networkAddress. | 452 | &olc->separateStack.networkAddress. |
453 | localAreaAddress); | 453 | localAreaAddress); |
454 | if (ret < 0) | 454 | if (ret < 0) |
@@ -459,7 +459,7 @@ static int process_olc(struct sk_buff **pskb, struct nf_conn *ct, | |||
459 | } | 459 | } |
460 | 460 | ||
461 | /****************************************************************************/ | 461 | /****************************************************************************/ |
462 | static int process_olca(struct sk_buff **pskb, struct nf_conn *ct, | 462 | static int process_olca(struct sk_buff *skb, struct nf_conn *ct, |
463 | enum ip_conntrack_info ctinfo, | 463 | enum ip_conntrack_info ctinfo, |
464 | unsigned char **data, int dataoff, | 464 | unsigned char **data, int dataoff, |
465 | OpenLogicalChannelAck *olca) | 465 | OpenLogicalChannelAck *olca) |
@@ -477,7 +477,7 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct, | |||
477 | choice == | 477 | choice == |
478 | eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) | 478 | eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) |
479 | { | 479 | { |
480 | ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff, | 480 | ret = process_h245_channel(skb, ct, ctinfo, data, dataoff, |
481 | &olca-> | 481 | &olca-> |
482 | reverseLogicalChannelParameters. | 482 | reverseLogicalChannelParameters. |
483 | multiplexParameters. | 483 | multiplexParameters. |
@@ -496,7 +496,7 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct, | |||
496 | if (ack->options & | 496 | if (ack->options & |
497 | eH2250LogicalChannelAckParameters_mediaChannel) { | 497 | eH2250LogicalChannelAckParameters_mediaChannel) { |
498 | /* RTP */ | 498 | /* RTP */ |
499 | ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, | 499 | ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff, |
500 | &ack->mediaChannel); | 500 | &ack->mediaChannel); |
501 | if (ret < 0) | 501 | if (ret < 0) |
502 | return -1; | 502 | return -1; |
@@ -505,7 +505,7 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct, | |||
505 | if (ack->options & | 505 | if (ack->options & |
506 | eH2250LogicalChannelAckParameters_mediaControlChannel) { | 506 | eH2250LogicalChannelAckParameters_mediaControlChannel) { |
507 | /* RTCP */ | 507 | /* RTCP */ |
508 | ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, | 508 | ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff, |
509 | &ack->mediaControlChannel); | 509 | &ack->mediaControlChannel); |
510 | if (ret < 0) | 510 | if (ret < 0) |
511 | return -1; | 511 | return -1; |
@@ -515,7 +515,7 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct, | |||
515 | if ((olca->options & eOpenLogicalChannelAck_separateStack) && | 515 | if ((olca->options & eOpenLogicalChannelAck_separateStack) && |
516 | olca->separateStack.networkAddress.choice == | 516 | olca->separateStack.networkAddress.choice == |
517 | eNetworkAccessParameters_networkAddress_localAreaAddress) { | 517 | eNetworkAccessParameters_networkAddress_localAreaAddress) { |
518 | ret = expect_t120(pskb, ct, ctinfo, data, dataoff, | 518 | ret = expect_t120(skb, ct, ctinfo, data, dataoff, |
519 | &olca->separateStack.networkAddress. | 519 | &olca->separateStack.networkAddress. |
520 | localAreaAddress); | 520 | localAreaAddress); |
521 | if (ret < 0) | 521 | if (ret < 0) |
@@ -526,7 +526,7 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct, | |||
526 | } | 526 | } |
527 | 527 | ||
528 | /****************************************************************************/ | 528 | /****************************************************************************/ |
529 | static int process_h245(struct sk_buff **pskb, struct nf_conn *ct, | 529 | static int process_h245(struct sk_buff *skb, struct nf_conn *ct, |
530 | enum ip_conntrack_info ctinfo, | 530 | enum ip_conntrack_info ctinfo, |
531 | unsigned char **data, int dataoff, | 531 | unsigned char **data, int dataoff, |
532 | MultimediaSystemControlMessage *mscm) | 532 | MultimediaSystemControlMessage *mscm) |
@@ -535,7 +535,7 @@ static int process_h245(struct sk_buff **pskb, struct nf_conn *ct, | |||
535 | case eMultimediaSystemControlMessage_request: | 535 | case eMultimediaSystemControlMessage_request: |
536 | if (mscm->request.choice == | 536 | if (mscm->request.choice == |
537 | eRequestMessage_openLogicalChannel) { | 537 | eRequestMessage_openLogicalChannel) { |
538 | return process_olc(pskb, ct, ctinfo, data, dataoff, | 538 | return process_olc(skb, ct, ctinfo, data, dataoff, |
539 | &mscm->request.openLogicalChannel); | 539 | &mscm->request.openLogicalChannel); |
540 | } | 540 | } |
541 | pr_debug("nf_ct_h323: H.245 Request %d\n", | 541 | pr_debug("nf_ct_h323: H.245 Request %d\n", |
@@ -544,7 +544,7 @@ static int process_h245(struct sk_buff **pskb, struct nf_conn *ct, | |||
544 | case eMultimediaSystemControlMessage_response: | 544 | case eMultimediaSystemControlMessage_response: |
545 | if (mscm->response.choice == | 545 | if (mscm->response.choice == |
546 | eResponseMessage_openLogicalChannelAck) { | 546 | eResponseMessage_openLogicalChannelAck) { |
547 | return process_olca(pskb, ct, ctinfo, data, dataoff, | 547 | return process_olca(skb, ct, ctinfo, data, dataoff, |
548 | &mscm->response. | 548 | &mscm->response. |
549 | openLogicalChannelAck); | 549 | openLogicalChannelAck); |
550 | } | 550 | } |
@@ -560,7 +560,7 @@ static int process_h245(struct sk_buff **pskb, struct nf_conn *ct, | |||
560 | } | 560 | } |
561 | 561 | ||
562 | /****************************************************************************/ | 562 | /****************************************************************************/ |
563 | static int h245_help(struct sk_buff **pskb, unsigned int protoff, | 563 | static int h245_help(struct sk_buff *skb, unsigned int protoff, |
564 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) | 564 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) |
565 | { | 565 | { |
566 | static MultimediaSystemControlMessage mscm; | 566 | static MultimediaSystemControlMessage mscm; |
@@ -574,12 +574,12 @@ static int h245_help(struct sk_buff **pskb, unsigned int protoff, | |||
574 | ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) { | 574 | ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) { |
575 | return NF_ACCEPT; | 575 | return NF_ACCEPT; |
576 | } | 576 | } |
577 | pr_debug("nf_ct_h245: skblen = %u\n", (*pskb)->len); | 577 | pr_debug("nf_ct_h245: skblen = %u\n", skb->len); |
578 | 578 | ||
579 | spin_lock_bh(&nf_h323_lock); | 579 | spin_lock_bh(&nf_h323_lock); |
580 | 580 | ||
581 | /* Process each TPKT */ | 581 | /* Process each TPKT */ |
582 | while (get_tpkt_data(pskb, protoff, ct, ctinfo, | 582 | while (get_tpkt_data(skb, protoff, ct, ctinfo, |
583 | &data, &datalen, &dataoff)) { | 583 | &data, &datalen, &dataoff)) { |
584 | pr_debug("nf_ct_h245: TPKT len=%d ", datalen); | 584 | pr_debug("nf_ct_h245: TPKT len=%d ", datalen); |
585 | NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); | 585 | NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); |
@@ -596,7 +596,7 @@ static int h245_help(struct sk_buff **pskb, unsigned int protoff, | |||
596 | } | 596 | } |
597 | 597 | ||
598 | /* Process H.245 signal */ | 598 | /* Process H.245 signal */ |
599 | if (process_h245(pskb, ct, ctinfo, &data, dataoff, &mscm) < 0) | 599 | if (process_h245(skb, ct, ctinfo, &data, dataoff, &mscm) < 0) |
600 | goto drop; | 600 | goto drop; |
601 | } | 601 | } |
602 | 602 | ||
@@ -654,7 +654,7 @@ int get_h225_addr(struct nf_conn *ct, unsigned char *data, | |||
654 | } | 654 | } |
655 | 655 | ||
656 | /****************************************************************************/ | 656 | /****************************************************************************/ |
657 | static int expect_h245(struct sk_buff **pskb, struct nf_conn *ct, | 657 | static int expect_h245(struct sk_buff *skb, struct nf_conn *ct, |
658 | enum ip_conntrack_info ctinfo, | 658 | enum ip_conntrack_info ctinfo, |
659 | unsigned char **data, int dataoff, | 659 | unsigned char **data, int dataoff, |
660 | TransportAddress *taddr) | 660 | TransportAddress *taddr) |
@@ -687,7 +687,7 @@ static int expect_h245(struct sk_buff **pskb, struct nf_conn *ct, | |||
687 | (nat_h245 = rcu_dereference(nat_h245_hook)) && | 687 | (nat_h245 = rcu_dereference(nat_h245_hook)) && |
688 | ct->status & IPS_NAT_MASK) { | 688 | ct->status & IPS_NAT_MASK) { |
689 | /* NAT needed */ | 689 | /* NAT needed */ |
690 | ret = nat_h245(pskb, ct, ctinfo, data, dataoff, taddr, | 690 | ret = nat_h245(skb, ct, ctinfo, data, dataoff, taddr, |
691 | port, exp); | 691 | port, exp); |
692 | } else { /* Conntrack only */ | 692 | } else { /* Conntrack only */ |
693 | if (nf_ct_expect_related(exp) == 0) { | 693 | if (nf_ct_expect_related(exp) == 0) { |
@@ -758,7 +758,7 @@ static int callforward_do_filter(union nf_conntrack_address *src, | |||
758 | } | 758 | } |
759 | 759 | ||
760 | /****************************************************************************/ | 760 | /****************************************************************************/ |
761 | static int expect_callforwarding(struct sk_buff **pskb, | 761 | static int expect_callforwarding(struct sk_buff *skb, |
762 | struct nf_conn *ct, | 762 | struct nf_conn *ct, |
763 | enum ip_conntrack_info ctinfo, | 763 | enum ip_conntrack_info ctinfo, |
764 | unsigned char **data, int dataoff, | 764 | unsigned char **data, int dataoff, |
@@ -798,7 +798,7 @@ static int expect_callforwarding(struct sk_buff **pskb, | |||
798 | (nat_callforwarding = rcu_dereference(nat_callforwarding_hook)) && | 798 | (nat_callforwarding = rcu_dereference(nat_callforwarding_hook)) && |
799 | ct->status & IPS_NAT_MASK) { | 799 | ct->status & IPS_NAT_MASK) { |
800 | /* Need NAT */ | 800 | /* Need NAT */ |
801 | ret = nat_callforwarding(pskb, ct, ctinfo, data, dataoff, | 801 | ret = nat_callforwarding(skb, ct, ctinfo, data, dataoff, |
802 | taddr, port, exp); | 802 | taddr, port, exp); |
803 | } else { /* Conntrack only */ | 803 | } else { /* Conntrack only */ |
804 | if (nf_ct_expect_related(exp) == 0) { | 804 | if (nf_ct_expect_related(exp) == 0) { |
@@ -814,7 +814,7 @@ static int expect_callforwarding(struct sk_buff **pskb, | |||
814 | } | 814 | } |
815 | 815 | ||
816 | /****************************************************************************/ | 816 | /****************************************************************************/ |
817 | static int process_setup(struct sk_buff **pskb, struct nf_conn *ct, | 817 | static int process_setup(struct sk_buff *skb, struct nf_conn *ct, |
818 | enum ip_conntrack_info ctinfo, | 818 | enum ip_conntrack_info ctinfo, |
819 | unsigned char **data, int dataoff, | 819 | unsigned char **data, int dataoff, |
820 | Setup_UUIE *setup) | 820 | Setup_UUIE *setup) |
@@ -829,7 +829,7 @@ static int process_setup(struct sk_buff **pskb, struct nf_conn *ct, | |||
829 | pr_debug("nf_ct_q931: Setup\n"); | 829 | pr_debug("nf_ct_q931: Setup\n"); |
830 | 830 | ||
831 | if (setup->options & eSetup_UUIE_h245Address) { | 831 | if (setup->options & eSetup_UUIE_h245Address) { |
832 | ret = expect_h245(pskb, ct, ctinfo, data, dataoff, | 832 | ret = expect_h245(skb, ct, ctinfo, data, dataoff, |
833 | &setup->h245Address); | 833 | &setup->h245Address); |
834 | if (ret < 0) | 834 | if (ret < 0) |
835 | return -1; | 835 | return -1; |
@@ -846,7 +846,7 @@ static int process_setup(struct sk_buff **pskb, struct nf_conn *ct, | |||
846 | NIP6(*(struct in6_addr *)&addr), ntohs(port), | 846 | NIP6(*(struct in6_addr *)&addr), ntohs(port), |
847 | NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.src.u3), | 847 | NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.src.u3), |
848 | ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port)); | 848 | ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port)); |
849 | ret = set_h225_addr(pskb, data, dataoff, | 849 | ret = set_h225_addr(skb, data, dataoff, |
850 | &setup->destCallSignalAddress, | 850 | &setup->destCallSignalAddress, |
851 | &ct->tuplehash[!dir].tuple.src.u3, | 851 | &ct->tuplehash[!dir].tuple.src.u3, |
852 | ct->tuplehash[!dir].tuple.src.u.tcp.port); | 852 | ct->tuplehash[!dir].tuple.src.u.tcp.port); |
@@ -864,7 +864,7 @@ static int process_setup(struct sk_buff **pskb, struct nf_conn *ct, | |||
864 | NIP6(*(struct in6_addr *)&addr), ntohs(port), | 864 | NIP6(*(struct in6_addr *)&addr), ntohs(port), |
865 | NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.dst.u3), | 865 | NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.dst.u3), |
866 | ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port)); | 866 | ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port)); |
867 | ret = set_h225_addr(pskb, data, dataoff, | 867 | ret = set_h225_addr(skb, data, dataoff, |
868 | &setup->sourceCallSignalAddress, | 868 | &setup->sourceCallSignalAddress, |
869 | &ct->tuplehash[!dir].tuple.dst.u3, | 869 | &ct->tuplehash[!dir].tuple.dst.u3, |
870 | ct->tuplehash[!dir].tuple.dst.u.tcp.port); | 870 | ct->tuplehash[!dir].tuple.dst.u.tcp.port); |
@@ -874,7 +874,7 @@ static int process_setup(struct sk_buff **pskb, struct nf_conn *ct, | |||
874 | 874 | ||
875 | if (setup->options & eSetup_UUIE_fastStart) { | 875 | if (setup->options & eSetup_UUIE_fastStart) { |
876 | for (i = 0; i < setup->fastStart.count; i++) { | 876 | for (i = 0; i < setup->fastStart.count; i++) { |
877 | ret = process_olc(pskb, ct, ctinfo, data, dataoff, | 877 | ret = process_olc(skb, ct, ctinfo, data, dataoff, |
878 | &setup->fastStart.item[i]); | 878 | &setup->fastStart.item[i]); |
879 | if (ret < 0) | 879 | if (ret < 0) |
880 | return -1; | 880 | return -1; |
@@ -885,7 +885,7 @@ static int process_setup(struct sk_buff **pskb, struct nf_conn *ct, | |||
885 | } | 885 | } |
886 | 886 | ||
887 | /****************************************************************************/ | 887 | /****************************************************************************/ |
888 | static int process_callproceeding(struct sk_buff **pskb, | 888 | static int process_callproceeding(struct sk_buff *skb, |
889 | struct nf_conn *ct, | 889 | struct nf_conn *ct, |
890 | enum ip_conntrack_info ctinfo, | 890 | enum ip_conntrack_info ctinfo, |
891 | unsigned char **data, int dataoff, | 891 | unsigned char **data, int dataoff, |
@@ -897,7 +897,7 @@ static int process_callproceeding(struct sk_buff **pskb, | |||
897 | pr_debug("nf_ct_q931: CallProceeding\n"); | 897 | pr_debug("nf_ct_q931: CallProceeding\n"); |
898 | 898 | ||
899 | if (callproc->options & eCallProceeding_UUIE_h245Address) { | 899 | if (callproc->options & eCallProceeding_UUIE_h245Address) { |
900 | ret = expect_h245(pskb, ct, ctinfo, data, dataoff, | 900 | ret = expect_h245(skb, ct, ctinfo, data, dataoff, |
901 | &callproc->h245Address); | 901 | &callproc->h245Address); |
902 | if (ret < 0) | 902 | if (ret < 0) |
903 | return -1; | 903 | return -1; |
@@ -905,7 +905,7 @@ static int process_callproceeding(struct sk_buff **pskb, | |||
905 | 905 | ||
906 | if (callproc->options & eCallProceeding_UUIE_fastStart) { | 906 | if (callproc->options & eCallProceeding_UUIE_fastStart) { |
907 | for (i = 0; i < callproc->fastStart.count; i++) { | 907 | for (i = 0; i < callproc->fastStart.count; i++) { |
908 | ret = process_olc(pskb, ct, ctinfo, data, dataoff, | 908 | ret = process_olc(skb, ct, ctinfo, data, dataoff, |
909 | &callproc->fastStart.item[i]); | 909 | &callproc->fastStart.item[i]); |
910 | if (ret < 0) | 910 | if (ret < 0) |
911 | return -1; | 911 | return -1; |
@@ -916,7 +916,7 @@ static int process_callproceeding(struct sk_buff **pskb, | |||
916 | } | 916 | } |
917 | 917 | ||
918 | /****************************************************************************/ | 918 | /****************************************************************************/ |
919 | static int process_connect(struct sk_buff **pskb, struct nf_conn *ct, | 919 | static int process_connect(struct sk_buff *skb, struct nf_conn *ct, |
920 | enum ip_conntrack_info ctinfo, | 920 | enum ip_conntrack_info ctinfo, |
921 | unsigned char **data, int dataoff, | 921 | unsigned char **data, int dataoff, |
922 | Connect_UUIE *connect) | 922 | Connect_UUIE *connect) |
@@ -927,7 +927,7 @@ static int process_connect(struct sk_buff **pskb, struct nf_conn *ct, | |||
927 | pr_debug("nf_ct_q931: Connect\n"); | 927 | pr_debug("nf_ct_q931: Connect\n"); |
928 | 928 | ||
929 | if (connect->options & eConnect_UUIE_h245Address) { | 929 | if (connect->options & eConnect_UUIE_h245Address) { |
930 | ret = expect_h245(pskb, ct, ctinfo, data, dataoff, | 930 | ret = expect_h245(skb, ct, ctinfo, data, dataoff, |
931 | &connect->h245Address); | 931 | &connect->h245Address); |
932 | if (ret < 0) | 932 | if (ret < 0) |
933 | return -1; | 933 | return -1; |
@@ -935,7 +935,7 @@ static int process_connect(struct sk_buff **pskb, struct nf_conn *ct, | |||
935 | 935 | ||
936 | if (connect->options & eConnect_UUIE_fastStart) { | 936 | if (connect->options & eConnect_UUIE_fastStart) { |
937 | for (i = 0; i < connect->fastStart.count; i++) { | 937 | for (i = 0; i < connect->fastStart.count; i++) { |
938 | ret = process_olc(pskb, ct, ctinfo, data, dataoff, | 938 | ret = process_olc(skb, ct, ctinfo, data, dataoff, |
939 | &connect->fastStart.item[i]); | 939 | &connect->fastStart.item[i]); |
940 | if (ret < 0) | 940 | if (ret < 0) |
941 | return -1; | 941 | return -1; |
@@ -946,7 +946,7 @@ static int process_connect(struct sk_buff **pskb, struct nf_conn *ct, | |||
946 | } | 946 | } |
947 | 947 | ||
948 | /****************************************************************************/ | 948 | /****************************************************************************/ |
949 | static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct, | 949 | static int process_alerting(struct sk_buff *skb, struct nf_conn *ct, |
950 | enum ip_conntrack_info ctinfo, | 950 | enum ip_conntrack_info ctinfo, |
951 | unsigned char **data, int dataoff, | 951 | unsigned char **data, int dataoff, |
952 | Alerting_UUIE *alert) | 952 | Alerting_UUIE *alert) |
@@ -957,7 +957,7 @@ static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct, | |||
957 | pr_debug("nf_ct_q931: Alerting\n"); | 957 | pr_debug("nf_ct_q931: Alerting\n"); |
958 | 958 | ||
959 | if (alert->options & eAlerting_UUIE_h245Address) { | 959 | if (alert->options & eAlerting_UUIE_h245Address) { |
960 | ret = expect_h245(pskb, ct, ctinfo, data, dataoff, | 960 | ret = expect_h245(skb, ct, ctinfo, data, dataoff, |
961 | &alert->h245Address); | 961 | &alert->h245Address); |
962 | if (ret < 0) | 962 | if (ret < 0) |
963 | return -1; | 963 | return -1; |
@@ -965,7 +965,7 @@ static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct, | |||
965 | 965 | ||
966 | if (alert->options & eAlerting_UUIE_fastStart) { | 966 | if (alert->options & eAlerting_UUIE_fastStart) { |
967 | for (i = 0; i < alert->fastStart.count; i++) { | 967 | for (i = 0; i < alert->fastStart.count; i++) { |
968 | ret = process_olc(pskb, ct, ctinfo, data, dataoff, | 968 | ret = process_olc(skb, ct, ctinfo, data, dataoff, |
969 | &alert->fastStart.item[i]); | 969 | &alert->fastStart.item[i]); |
970 | if (ret < 0) | 970 | if (ret < 0) |
971 | return -1; | 971 | return -1; |
@@ -976,7 +976,7 @@ static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct, | |||
976 | } | 976 | } |
977 | 977 | ||
978 | /****************************************************************************/ | 978 | /****************************************************************************/ |
979 | static int process_facility(struct sk_buff **pskb, struct nf_conn *ct, | 979 | static int process_facility(struct sk_buff *skb, struct nf_conn *ct, |
980 | enum ip_conntrack_info ctinfo, | 980 | enum ip_conntrack_info ctinfo, |
981 | unsigned char **data, int dataoff, | 981 | unsigned char **data, int dataoff, |
982 | Facility_UUIE *facility) | 982 | Facility_UUIE *facility) |
@@ -988,7 +988,7 @@ static int process_facility(struct sk_buff **pskb, struct nf_conn *ct, | |||
988 | 988 | ||
989 | if (facility->reason.choice == eFacilityReason_callForwarded) { | 989 | if (facility->reason.choice == eFacilityReason_callForwarded) { |
990 | if (facility->options & eFacility_UUIE_alternativeAddress) | 990 | if (facility->options & eFacility_UUIE_alternativeAddress) |
991 | return expect_callforwarding(pskb, ct, ctinfo, data, | 991 | return expect_callforwarding(skb, ct, ctinfo, data, |
992 | dataoff, | 992 | dataoff, |
993 | &facility-> | 993 | &facility-> |
994 | alternativeAddress); | 994 | alternativeAddress); |
@@ -996,7 +996,7 @@ static int process_facility(struct sk_buff **pskb, struct nf_conn *ct, | |||
996 | } | 996 | } |
997 | 997 | ||
998 | if (facility->options & eFacility_UUIE_h245Address) { | 998 | if (facility->options & eFacility_UUIE_h245Address) { |
999 | ret = expect_h245(pskb, ct, ctinfo, data, dataoff, | 999 | ret = expect_h245(skb, ct, ctinfo, data, dataoff, |
1000 | &facility->h245Address); | 1000 | &facility->h245Address); |
1001 | if (ret < 0) | 1001 | if (ret < 0) |
1002 | return -1; | 1002 | return -1; |
@@ -1004,7 +1004,7 @@ static int process_facility(struct sk_buff **pskb, struct nf_conn *ct, | |||
1004 | 1004 | ||
1005 | if (facility->options & eFacility_UUIE_fastStart) { | 1005 | if (facility->options & eFacility_UUIE_fastStart) { |
1006 | for (i = 0; i < facility->fastStart.count; i++) { | 1006 | for (i = 0; i < facility->fastStart.count; i++) { |
1007 | ret = process_olc(pskb, ct, ctinfo, data, dataoff, | 1007 | ret = process_olc(skb, ct, ctinfo, data, dataoff, |
1008 | &facility->fastStart.item[i]); | 1008 | &facility->fastStart.item[i]); |
1009 | if (ret < 0) | 1009 | if (ret < 0) |
1010 | return -1; | 1010 | return -1; |
@@ -1015,7 +1015,7 @@ static int process_facility(struct sk_buff **pskb, struct nf_conn *ct, | |||
1015 | } | 1015 | } |
1016 | 1016 | ||
1017 | /****************************************************************************/ | 1017 | /****************************************************************************/ |
1018 | static int process_progress(struct sk_buff **pskb, struct nf_conn *ct, | 1018 | static int process_progress(struct sk_buff *skb, struct nf_conn *ct, |
1019 | enum ip_conntrack_info ctinfo, | 1019 | enum ip_conntrack_info ctinfo, |
1020 | unsigned char **data, int dataoff, | 1020 | unsigned char **data, int dataoff, |
1021 | Progress_UUIE *progress) | 1021 | Progress_UUIE *progress) |
@@ -1026,7 +1026,7 @@ static int process_progress(struct sk_buff **pskb, struct nf_conn *ct, | |||
1026 | pr_debug("nf_ct_q931: Progress\n"); | 1026 | pr_debug("nf_ct_q931: Progress\n"); |
1027 | 1027 | ||
1028 | if (progress->options & eProgress_UUIE_h245Address) { | 1028 | if (progress->options & eProgress_UUIE_h245Address) { |
1029 | ret = expect_h245(pskb, ct, ctinfo, data, dataoff, | 1029 | ret = expect_h245(skb, ct, ctinfo, data, dataoff, |
1030 | &progress->h245Address); | 1030 | &progress->h245Address); |
1031 | if (ret < 0) | 1031 | if (ret < 0) |
1032 | return -1; | 1032 | return -1; |
@@ -1034,7 +1034,7 @@ static int process_progress(struct sk_buff **pskb, struct nf_conn *ct, | |||
1034 | 1034 | ||
1035 | if (progress->options & eProgress_UUIE_fastStart) { | 1035 | if (progress->options & eProgress_UUIE_fastStart) { |
1036 | for (i = 0; i < progress->fastStart.count; i++) { | 1036 | for (i = 0; i < progress->fastStart.count; i++) { |
1037 | ret = process_olc(pskb, ct, ctinfo, data, dataoff, | 1037 | ret = process_olc(skb, ct, ctinfo, data, dataoff, |
1038 | &progress->fastStart.item[i]); | 1038 | &progress->fastStart.item[i]); |
1039 | if (ret < 0) | 1039 | if (ret < 0) |
1040 | return -1; | 1040 | return -1; |
@@ -1045,7 +1045,7 @@ static int process_progress(struct sk_buff **pskb, struct nf_conn *ct, | |||
1045 | } | 1045 | } |
1046 | 1046 | ||
1047 | /****************************************************************************/ | 1047 | /****************************************************************************/ |
1048 | static int process_q931(struct sk_buff **pskb, struct nf_conn *ct, | 1048 | static int process_q931(struct sk_buff *skb, struct nf_conn *ct, |
1049 | enum ip_conntrack_info ctinfo, | 1049 | enum ip_conntrack_info ctinfo, |
1050 | unsigned char **data, int dataoff, Q931 *q931) | 1050 | unsigned char **data, int dataoff, Q931 *q931) |
1051 | { | 1051 | { |
@@ -1055,28 +1055,28 @@ static int process_q931(struct sk_buff **pskb, struct nf_conn *ct, | |||
1055 | 1055 | ||
1056 | switch (pdu->h323_message_body.choice) { | 1056 | switch (pdu->h323_message_body.choice) { |
1057 | case eH323_UU_PDU_h323_message_body_setup: | 1057 | case eH323_UU_PDU_h323_message_body_setup: |
1058 | ret = process_setup(pskb, ct, ctinfo, data, dataoff, | 1058 | ret = process_setup(skb, ct, ctinfo, data, dataoff, |
1059 | &pdu->h323_message_body.setup); | 1059 | &pdu->h323_message_body.setup); |
1060 | break; | 1060 | break; |
1061 | case eH323_UU_PDU_h323_message_body_callProceeding: | 1061 | case eH323_UU_PDU_h323_message_body_callProceeding: |
1062 | ret = process_callproceeding(pskb, ct, ctinfo, data, dataoff, | 1062 | ret = process_callproceeding(skb, ct, ctinfo, data, dataoff, |
1063 | &pdu->h323_message_body. | 1063 | &pdu->h323_message_body. |
1064 | callProceeding); | 1064 | callProceeding); |
1065 | break; | 1065 | break; |
1066 | case eH323_UU_PDU_h323_message_body_connect: | 1066 | case eH323_UU_PDU_h323_message_body_connect: |
1067 | ret = process_connect(pskb, ct, ctinfo, data, dataoff, | 1067 | ret = process_connect(skb, ct, ctinfo, data, dataoff, |
1068 | &pdu->h323_message_body.connect); | 1068 | &pdu->h323_message_body.connect); |
1069 | break; | 1069 | break; |
1070 | case eH323_UU_PDU_h323_message_body_alerting: | 1070 | case eH323_UU_PDU_h323_message_body_alerting: |
1071 | ret = process_alerting(pskb, ct, ctinfo, data, dataoff, | 1071 | ret = process_alerting(skb, ct, ctinfo, data, dataoff, |
1072 | &pdu->h323_message_body.alerting); | 1072 | &pdu->h323_message_body.alerting); |
1073 | break; | 1073 | break; |
1074 | case eH323_UU_PDU_h323_message_body_facility: | 1074 | case eH323_UU_PDU_h323_message_body_facility: |
1075 | ret = process_facility(pskb, ct, ctinfo, data, dataoff, | 1075 | ret = process_facility(skb, ct, ctinfo, data, dataoff, |
1076 | &pdu->h323_message_body.facility); | 1076 | &pdu->h323_message_body.facility); |
1077 | break; | 1077 | break; |
1078 | case eH323_UU_PDU_h323_message_body_progress: | 1078 | case eH323_UU_PDU_h323_message_body_progress: |
1079 | ret = process_progress(pskb, ct, ctinfo, data, dataoff, | 1079 | ret = process_progress(skb, ct, ctinfo, data, dataoff, |
1080 | &pdu->h323_message_body.progress); | 1080 | &pdu->h323_message_body.progress); |
1081 | break; | 1081 | break; |
1082 | default: | 1082 | default: |
@@ -1090,7 +1090,7 @@ static int process_q931(struct sk_buff **pskb, struct nf_conn *ct, | |||
1090 | 1090 | ||
1091 | if (pdu->options & eH323_UU_PDU_h245Control) { | 1091 | if (pdu->options & eH323_UU_PDU_h245Control) { |
1092 | for (i = 0; i < pdu->h245Control.count; i++) { | 1092 | for (i = 0; i < pdu->h245Control.count; i++) { |
1093 | ret = process_h245(pskb, ct, ctinfo, data, dataoff, | 1093 | ret = process_h245(skb, ct, ctinfo, data, dataoff, |
1094 | &pdu->h245Control.item[i]); | 1094 | &pdu->h245Control.item[i]); |
1095 | if (ret < 0) | 1095 | if (ret < 0) |
1096 | return -1; | 1096 | return -1; |
@@ -1101,7 +1101,7 @@ static int process_q931(struct sk_buff **pskb, struct nf_conn *ct, | |||
1101 | } | 1101 | } |
1102 | 1102 | ||
1103 | /****************************************************************************/ | 1103 | /****************************************************************************/ |
1104 | static int q931_help(struct sk_buff **pskb, unsigned int protoff, | 1104 | static int q931_help(struct sk_buff *skb, unsigned int protoff, |
1105 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) | 1105 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) |
1106 | { | 1106 | { |
1107 | static Q931 q931; | 1107 | static Q931 q931; |
@@ -1115,12 +1115,12 @@ static int q931_help(struct sk_buff **pskb, unsigned int protoff, | |||
1115 | ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) { | 1115 | ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) { |
1116 | return NF_ACCEPT; | 1116 | return NF_ACCEPT; |
1117 | } | 1117 | } |
1118 | pr_debug("nf_ct_q931: skblen = %u\n", (*pskb)->len); | 1118 | pr_debug("nf_ct_q931: skblen = %u\n", skb->len); |
1119 | 1119 | ||
1120 | spin_lock_bh(&nf_h323_lock); | 1120 | spin_lock_bh(&nf_h323_lock); |
1121 | 1121 | ||
1122 | /* Process each TPKT */ | 1122 | /* Process each TPKT */ |
1123 | while (get_tpkt_data(pskb, protoff, ct, ctinfo, | 1123 | while (get_tpkt_data(skb, protoff, ct, ctinfo, |
1124 | &data, &datalen, &dataoff)) { | 1124 | &data, &datalen, &dataoff)) { |
1125 | pr_debug("nf_ct_q931: TPKT len=%d ", datalen); | 1125 | pr_debug("nf_ct_q931: TPKT len=%d ", datalen); |
1126 | NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); | 1126 | NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); |
@@ -1136,7 +1136,7 @@ static int q931_help(struct sk_buff **pskb, unsigned int protoff, | |||
1136 | } | 1136 | } |
1137 | 1137 | ||
1138 | /* Process Q.931 signal */ | 1138 | /* Process Q.931 signal */ |
1139 | if (process_q931(pskb, ct, ctinfo, &data, dataoff, &q931) < 0) | 1139 | if (process_q931(skb, ct, ctinfo, &data, dataoff, &q931) < 0) |
1140 | goto drop; | 1140 | goto drop; |
1141 | } | 1141 | } |
1142 | 1142 | ||
@@ -1177,20 +1177,20 @@ static struct nf_conntrack_helper nf_conntrack_helper_q931[] __read_mostly = { | |||
1177 | }; | 1177 | }; |
1178 | 1178 | ||
1179 | /****************************************************************************/ | 1179 | /****************************************************************************/ |
1180 | static unsigned char *get_udp_data(struct sk_buff **pskb, unsigned int protoff, | 1180 | static unsigned char *get_udp_data(struct sk_buff *skb, unsigned int protoff, |
1181 | int *datalen) | 1181 | int *datalen) |
1182 | { | 1182 | { |
1183 | struct udphdr _uh, *uh; | 1183 | struct udphdr _uh, *uh; |
1184 | int dataoff; | 1184 | int dataoff; |
1185 | 1185 | ||
1186 | uh = skb_header_pointer(*pskb, protoff, sizeof(_uh), &_uh); | 1186 | uh = skb_header_pointer(skb, protoff, sizeof(_uh), &_uh); |
1187 | if (uh == NULL) | 1187 | if (uh == NULL) |
1188 | return NULL; | 1188 | return NULL; |
1189 | dataoff = protoff + sizeof(_uh); | 1189 | dataoff = protoff + sizeof(_uh); |
1190 | if (dataoff >= (*pskb)->len) | 1190 | if (dataoff >= skb->len) |
1191 | return NULL; | 1191 | return NULL; |
1192 | *datalen = (*pskb)->len - dataoff; | 1192 | *datalen = skb->len - dataoff; |
1193 | return skb_header_pointer(*pskb, dataoff, *datalen, h323_buffer); | 1193 | return skb_header_pointer(skb, dataoff, *datalen, h323_buffer); |
1194 | } | 1194 | } |
1195 | 1195 | ||
1196 | /****************************************************************************/ | 1196 | /****************************************************************************/ |
@@ -1227,7 +1227,7 @@ static int set_expect_timeout(struct nf_conntrack_expect *exp, | |||
1227 | } | 1227 | } |
1228 | 1228 | ||
1229 | /****************************************************************************/ | 1229 | /****************************************************************************/ |
1230 | static int expect_q931(struct sk_buff **pskb, struct nf_conn *ct, | 1230 | static int expect_q931(struct sk_buff *skb, struct nf_conn *ct, |
1231 | enum ip_conntrack_info ctinfo, | 1231 | enum ip_conntrack_info ctinfo, |
1232 | unsigned char **data, | 1232 | unsigned char **data, |
1233 | TransportAddress *taddr, int count) | 1233 | TransportAddress *taddr, int count) |
@@ -1265,7 +1265,7 @@ static int expect_q931(struct sk_buff **pskb, struct nf_conn *ct, | |||
1265 | 1265 | ||
1266 | nat_q931 = rcu_dereference(nat_q931_hook); | 1266 | nat_q931 = rcu_dereference(nat_q931_hook); |
1267 | if (nat_q931 && ct->status & IPS_NAT_MASK) { /* Need NAT */ | 1267 | if (nat_q931 && ct->status & IPS_NAT_MASK) { /* Need NAT */ |
1268 | ret = nat_q931(pskb, ct, ctinfo, data, taddr, i, port, exp); | 1268 | ret = nat_q931(skb, ct, ctinfo, data, taddr, i, port, exp); |
1269 | } else { /* Conntrack only */ | 1269 | } else { /* Conntrack only */ |
1270 | if (nf_ct_expect_related(exp) == 0) { | 1270 | if (nf_ct_expect_related(exp) == 0) { |
1271 | pr_debug("nf_ct_ras: expect Q.931 "); | 1271 | pr_debug("nf_ct_ras: expect Q.931 "); |
@@ -1283,7 +1283,7 @@ static int expect_q931(struct sk_buff **pskb, struct nf_conn *ct, | |||
1283 | } | 1283 | } |
1284 | 1284 | ||
1285 | /****************************************************************************/ | 1285 | /****************************************************************************/ |
1286 | static int process_grq(struct sk_buff **pskb, struct nf_conn *ct, | 1286 | static int process_grq(struct sk_buff *skb, struct nf_conn *ct, |
1287 | enum ip_conntrack_info ctinfo, | 1287 | enum ip_conntrack_info ctinfo, |
1288 | unsigned char **data, GatekeeperRequest *grq) | 1288 | unsigned char **data, GatekeeperRequest *grq) |
1289 | { | 1289 | { |
@@ -1293,13 +1293,13 @@ static int process_grq(struct sk_buff **pskb, struct nf_conn *ct, | |||
1293 | 1293 | ||
1294 | set_ras_addr = rcu_dereference(set_ras_addr_hook); | 1294 | set_ras_addr = rcu_dereference(set_ras_addr_hook); |
1295 | if (set_ras_addr && ct->status & IPS_NAT_MASK) /* NATed */ | 1295 | if (set_ras_addr && ct->status & IPS_NAT_MASK) /* NATed */ |
1296 | return set_ras_addr(pskb, ct, ctinfo, data, | 1296 | return set_ras_addr(skb, ct, ctinfo, data, |
1297 | &grq->rasAddress, 1); | 1297 | &grq->rasAddress, 1); |
1298 | return 0; | 1298 | return 0; |
1299 | } | 1299 | } |
1300 | 1300 | ||
1301 | /****************************************************************************/ | 1301 | /****************************************************************************/ |
1302 | static int process_gcf(struct sk_buff **pskb, struct nf_conn *ct, | 1302 | static int process_gcf(struct sk_buff *skb, struct nf_conn *ct, |
1303 | enum ip_conntrack_info ctinfo, | 1303 | enum ip_conntrack_info ctinfo, |
1304 | unsigned char **data, GatekeeperConfirm *gcf) | 1304 | unsigned char **data, GatekeeperConfirm *gcf) |
1305 | { | 1305 | { |
@@ -1343,7 +1343,7 @@ static int process_gcf(struct sk_buff **pskb, struct nf_conn *ct, | |||
1343 | } | 1343 | } |
1344 | 1344 | ||
1345 | /****************************************************************************/ | 1345 | /****************************************************************************/ |
1346 | static int process_rrq(struct sk_buff **pskb, struct nf_conn *ct, | 1346 | static int process_rrq(struct sk_buff *skb, struct nf_conn *ct, |
1347 | enum ip_conntrack_info ctinfo, | 1347 | enum ip_conntrack_info ctinfo, |
1348 | unsigned char **data, RegistrationRequest *rrq) | 1348 | unsigned char **data, RegistrationRequest *rrq) |
1349 | { | 1349 | { |
@@ -1353,7 +1353,7 @@ static int process_rrq(struct sk_buff **pskb, struct nf_conn *ct, | |||
1353 | 1353 | ||
1354 | pr_debug("nf_ct_ras: RRQ\n"); | 1354 | pr_debug("nf_ct_ras: RRQ\n"); |
1355 | 1355 | ||
1356 | ret = expect_q931(pskb, ct, ctinfo, data, | 1356 | ret = expect_q931(skb, ct, ctinfo, data, |
1357 | rrq->callSignalAddress.item, | 1357 | rrq->callSignalAddress.item, |
1358 | rrq->callSignalAddress.count); | 1358 | rrq->callSignalAddress.count); |
1359 | if (ret < 0) | 1359 | if (ret < 0) |
@@ -1361,7 +1361,7 @@ static int process_rrq(struct sk_buff **pskb, struct nf_conn *ct, | |||
1361 | 1361 | ||
1362 | set_ras_addr = rcu_dereference(set_ras_addr_hook); | 1362 | set_ras_addr = rcu_dereference(set_ras_addr_hook); |
1363 | if (set_ras_addr && ct->status & IPS_NAT_MASK) { | 1363 | if (set_ras_addr && ct->status & IPS_NAT_MASK) { |
1364 | ret = set_ras_addr(pskb, ct, ctinfo, data, | 1364 | ret = set_ras_addr(skb, ct, ctinfo, data, |
1365 | rrq->rasAddress.item, | 1365 | rrq->rasAddress.item, |
1366 | rrq->rasAddress.count); | 1366 | rrq->rasAddress.count); |
1367 | if (ret < 0) | 1367 | if (ret < 0) |
@@ -1378,7 +1378,7 @@ static int process_rrq(struct sk_buff **pskb, struct nf_conn *ct, | |||
1378 | } | 1378 | } |
1379 | 1379 | ||
1380 | /****************************************************************************/ | 1380 | /****************************************************************************/ |
1381 | static int process_rcf(struct sk_buff **pskb, struct nf_conn *ct, | 1381 | static int process_rcf(struct sk_buff *skb, struct nf_conn *ct, |
1382 | enum ip_conntrack_info ctinfo, | 1382 | enum ip_conntrack_info ctinfo, |
1383 | unsigned char **data, RegistrationConfirm *rcf) | 1383 | unsigned char **data, RegistrationConfirm *rcf) |
1384 | { | 1384 | { |
@@ -1392,7 +1392,7 @@ static int process_rcf(struct sk_buff **pskb, struct nf_conn *ct, | |||
1392 | 1392 | ||
1393 | set_sig_addr = rcu_dereference(set_sig_addr_hook); | 1393 | set_sig_addr = rcu_dereference(set_sig_addr_hook); |
1394 | if (set_sig_addr && ct->status & IPS_NAT_MASK) { | 1394 | if (set_sig_addr && ct->status & IPS_NAT_MASK) { |
1395 | ret = set_sig_addr(pskb, ct, ctinfo, data, | 1395 | ret = set_sig_addr(skb, ct, ctinfo, data, |
1396 | rcf->callSignalAddress.item, | 1396 | rcf->callSignalAddress.item, |
1397 | rcf->callSignalAddress.count); | 1397 | rcf->callSignalAddress.count); |
1398 | if (ret < 0) | 1398 | if (ret < 0) |
@@ -1407,7 +1407,7 @@ static int process_rcf(struct sk_buff **pskb, struct nf_conn *ct, | |||
1407 | if (info->timeout > 0) { | 1407 | if (info->timeout > 0) { |
1408 | pr_debug("nf_ct_ras: set RAS connection timeout to " | 1408 | pr_debug("nf_ct_ras: set RAS connection timeout to " |
1409 | "%u seconds\n", info->timeout); | 1409 | "%u seconds\n", info->timeout); |
1410 | nf_ct_refresh(ct, *pskb, info->timeout * HZ); | 1410 | nf_ct_refresh(ct, skb, info->timeout * HZ); |
1411 | 1411 | ||
1412 | /* Set expect timeout */ | 1412 | /* Set expect timeout */ |
1413 | read_lock_bh(&nf_conntrack_lock); | 1413 | read_lock_bh(&nf_conntrack_lock); |
@@ -1427,7 +1427,7 @@ static int process_rcf(struct sk_buff **pskb, struct nf_conn *ct, | |||
1427 | } | 1427 | } |
1428 | 1428 | ||
1429 | /****************************************************************************/ | 1429 | /****************************************************************************/ |
1430 | static int process_urq(struct sk_buff **pskb, struct nf_conn *ct, | 1430 | static int process_urq(struct sk_buff *skb, struct nf_conn *ct, |
1431 | enum ip_conntrack_info ctinfo, | 1431 | enum ip_conntrack_info ctinfo, |
1432 | unsigned char **data, UnregistrationRequest *urq) | 1432 | unsigned char **data, UnregistrationRequest *urq) |
1433 | { | 1433 | { |
@@ -1440,7 +1440,7 @@ static int process_urq(struct sk_buff **pskb, struct nf_conn *ct, | |||
1440 | 1440 | ||
1441 | set_sig_addr = rcu_dereference(set_sig_addr_hook); | 1441 | set_sig_addr = rcu_dereference(set_sig_addr_hook); |
1442 | if (set_sig_addr && ct->status & IPS_NAT_MASK) { | 1442 | if (set_sig_addr && ct->status & IPS_NAT_MASK) { |
1443 | ret = set_sig_addr(pskb, ct, ctinfo, data, | 1443 | ret = set_sig_addr(skb, ct, ctinfo, data, |
1444 | urq->callSignalAddress.item, | 1444 | urq->callSignalAddress.item, |
1445 | urq->callSignalAddress.count); | 1445 | urq->callSignalAddress.count); |
1446 | if (ret < 0) | 1446 | if (ret < 0) |
@@ -1453,13 +1453,13 @@ static int process_urq(struct sk_buff **pskb, struct nf_conn *ct, | |||
1453 | info->sig_port[!dir] = 0; | 1453 | info->sig_port[!dir] = 0; |
1454 | 1454 | ||
1455 | /* Give it 30 seconds for UCF or URJ */ | 1455 | /* Give it 30 seconds for UCF or URJ */ |
1456 | nf_ct_refresh(ct, *pskb, 30 * HZ); | 1456 | nf_ct_refresh(ct, skb, 30 * HZ); |
1457 | 1457 | ||
1458 | return 0; | 1458 | return 0; |
1459 | } | 1459 | } |
1460 | 1460 | ||
1461 | /****************************************************************************/ | 1461 | /****************************************************************************/ |
1462 | static int process_arq(struct sk_buff **pskb, struct nf_conn *ct, | 1462 | static int process_arq(struct sk_buff *skb, struct nf_conn *ct, |
1463 | enum ip_conntrack_info ctinfo, | 1463 | enum ip_conntrack_info ctinfo, |
1464 | unsigned char **data, AdmissionRequest *arq) | 1464 | unsigned char **data, AdmissionRequest *arq) |
1465 | { | 1465 | { |
@@ -1479,7 +1479,7 @@ static int process_arq(struct sk_buff **pskb, struct nf_conn *ct, | |||
1479 | port == info->sig_port[dir] && | 1479 | port == info->sig_port[dir] && |
1480 | set_h225_addr && ct->status & IPS_NAT_MASK) { | 1480 | set_h225_addr && ct->status & IPS_NAT_MASK) { |
1481 | /* Answering ARQ */ | 1481 | /* Answering ARQ */ |
1482 | return set_h225_addr(pskb, data, 0, | 1482 | return set_h225_addr(skb, data, 0, |
1483 | &arq->destCallSignalAddress, | 1483 | &arq->destCallSignalAddress, |
1484 | &ct->tuplehash[!dir].tuple.dst.u3, | 1484 | &ct->tuplehash[!dir].tuple.dst.u3, |
1485 | info->sig_port[!dir]); | 1485 | info->sig_port[!dir]); |
@@ -1491,7 +1491,7 @@ static int process_arq(struct sk_buff **pskb, struct nf_conn *ct, | |||
1491 | !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) && | 1491 | !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) && |
1492 | set_h225_addr && ct->status & IPS_NAT_MASK) { | 1492 | set_h225_addr && ct->status & IPS_NAT_MASK) { |
1493 | /* Calling ARQ */ | 1493 | /* Calling ARQ */ |
1494 | return set_h225_addr(pskb, data, 0, | 1494 | return set_h225_addr(skb, data, 0, |
1495 | &arq->srcCallSignalAddress, | 1495 | &arq->srcCallSignalAddress, |
1496 | &ct->tuplehash[!dir].tuple.dst.u3, | 1496 | &ct->tuplehash[!dir].tuple.dst.u3, |
1497 | port); | 1497 | port); |
@@ -1501,7 +1501,7 @@ static int process_arq(struct sk_buff **pskb, struct nf_conn *ct, | |||
1501 | } | 1501 | } |
1502 | 1502 | ||
1503 | /****************************************************************************/ | 1503 | /****************************************************************************/ |
1504 | static int process_acf(struct sk_buff **pskb, struct nf_conn *ct, | 1504 | static int process_acf(struct sk_buff *skb, struct nf_conn *ct, |
1505 | enum ip_conntrack_info ctinfo, | 1505 | enum ip_conntrack_info ctinfo, |
1506 | unsigned char **data, AdmissionConfirm *acf) | 1506 | unsigned char **data, AdmissionConfirm *acf) |
1507 | { | 1507 | { |
@@ -1522,7 +1522,7 @@ static int process_acf(struct sk_buff **pskb, struct nf_conn *ct, | |||
1522 | /* Answering ACF */ | 1522 | /* Answering ACF */ |
1523 | set_sig_addr = rcu_dereference(set_sig_addr_hook); | 1523 | set_sig_addr = rcu_dereference(set_sig_addr_hook); |
1524 | if (set_sig_addr && ct->status & IPS_NAT_MASK) | 1524 | if (set_sig_addr && ct->status & IPS_NAT_MASK) |
1525 | return set_sig_addr(pskb, ct, ctinfo, data, | 1525 | return set_sig_addr(skb, ct, ctinfo, data, |
1526 | &acf->destCallSignalAddress, 1); | 1526 | &acf->destCallSignalAddress, 1); |
1527 | return 0; | 1527 | return 0; |
1528 | } | 1528 | } |
@@ -1548,7 +1548,7 @@ static int process_acf(struct sk_buff **pskb, struct nf_conn *ct, | |||
1548 | } | 1548 | } |
1549 | 1549 | ||
1550 | /****************************************************************************/ | 1550 | /****************************************************************************/ |
1551 | static int process_lrq(struct sk_buff **pskb, struct nf_conn *ct, | 1551 | static int process_lrq(struct sk_buff *skb, struct nf_conn *ct, |
1552 | enum ip_conntrack_info ctinfo, | 1552 | enum ip_conntrack_info ctinfo, |
1553 | unsigned char **data, LocationRequest *lrq) | 1553 | unsigned char **data, LocationRequest *lrq) |
1554 | { | 1554 | { |
@@ -1558,13 +1558,13 @@ static int process_lrq(struct sk_buff **pskb, struct nf_conn *ct, | |||
1558 | 1558 | ||
1559 | set_ras_addr = rcu_dereference(set_ras_addr_hook); | 1559 | set_ras_addr = rcu_dereference(set_ras_addr_hook); |
1560 | if (set_ras_addr && ct->status & IPS_NAT_MASK) | 1560 | if (set_ras_addr && ct->status & IPS_NAT_MASK) |
1561 | return set_ras_addr(pskb, ct, ctinfo, data, | 1561 | return set_ras_addr(skb, ct, ctinfo, data, |
1562 | &lrq->replyAddress, 1); | 1562 | &lrq->replyAddress, 1); |
1563 | return 0; | 1563 | return 0; |
1564 | } | 1564 | } |
1565 | 1565 | ||
1566 | /****************************************************************************/ | 1566 | /****************************************************************************/ |
1567 | static int process_lcf(struct sk_buff **pskb, struct nf_conn *ct, | 1567 | static int process_lcf(struct sk_buff *skb, struct nf_conn *ct, |
1568 | enum ip_conntrack_info ctinfo, | 1568 | enum ip_conntrack_info ctinfo, |
1569 | unsigned char **data, LocationConfirm *lcf) | 1569 | unsigned char **data, LocationConfirm *lcf) |
1570 | { | 1570 | { |
@@ -1603,7 +1603,7 @@ static int process_lcf(struct sk_buff **pskb, struct nf_conn *ct, | |||
1603 | } | 1603 | } |
1604 | 1604 | ||
1605 | /****************************************************************************/ | 1605 | /****************************************************************************/ |
1606 | static int process_irr(struct sk_buff **pskb, struct nf_conn *ct, | 1606 | static int process_irr(struct sk_buff *skb, struct nf_conn *ct, |
1607 | enum ip_conntrack_info ctinfo, | 1607 | enum ip_conntrack_info ctinfo, |
1608 | unsigned char **data, InfoRequestResponse *irr) | 1608 | unsigned char **data, InfoRequestResponse *irr) |
1609 | { | 1609 | { |
@@ -1615,7 +1615,7 @@ static int process_irr(struct sk_buff **pskb, struct nf_conn *ct, | |||
1615 | 1615 | ||
1616 | set_ras_addr = rcu_dereference(set_ras_addr_hook); | 1616 | set_ras_addr = rcu_dereference(set_ras_addr_hook); |
1617 | if (set_ras_addr && ct->status & IPS_NAT_MASK) { | 1617 | if (set_ras_addr && ct->status & IPS_NAT_MASK) { |
1618 | ret = set_ras_addr(pskb, ct, ctinfo, data, | 1618 | ret = set_ras_addr(skb, ct, ctinfo, data, |
1619 | &irr->rasAddress, 1); | 1619 | &irr->rasAddress, 1); |
1620 | if (ret < 0) | 1620 | if (ret < 0) |
1621 | return -1; | 1621 | return -1; |
@@ -1623,7 +1623,7 @@ static int process_irr(struct sk_buff **pskb, struct nf_conn *ct, | |||
1623 | 1623 | ||
1624 | set_sig_addr = rcu_dereference(set_sig_addr_hook); | 1624 | set_sig_addr = rcu_dereference(set_sig_addr_hook); |
1625 | if (set_sig_addr && ct->status & IPS_NAT_MASK) { | 1625 | if (set_sig_addr && ct->status & IPS_NAT_MASK) { |
1626 | ret = set_sig_addr(pskb, ct, ctinfo, data, | 1626 | ret = set_sig_addr(skb, ct, ctinfo, data, |
1627 | irr->callSignalAddress.item, | 1627 | irr->callSignalAddress.item, |
1628 | irr->callSignalAddress.count); | 1628 | irr->callSignalAddress.count); |
1629 | if (ret < 0) | 1629 | if (ret < 0) |
@@ -1634,40 +1634,40 @@ static int process_irr(struct sk_buff **pskb, struct nf_conn *ct, | |||
1634 | } | 1634 | } |
1635 | 1635 | ||
1636 | /****************************************************************************/ | 1636 | /****************************************************************************/ |
1637 | static int process_ras(struct sk_buff **pskb, struct nf_conn *ct, | 1637 | static int process_ras(struct sk_buff *skb, struct nf_conn *ct, |
1638 | enum ip_conntrack_info ctinfo, | 1638 | enum ip_conntrack_info ctinfo, |
1639 | unsigned char **data, RasMessage *ras) | 1639 | unsigned char **data, RasMessage *ras) |
1640 | { | 1640 | { |
1641 | switch (ras->choice) { | 1641 | switch (ras->choice) { |
1642 | case eRasMessage_gatekeeperRequest: | 1642 | case eRasMessage_gatekeeperRequest: |
1643 | return process_grq(pskb, ct, ctinfo, data, | 1643 | return process_grq(skb, ct, ctinfo, data, |
1644 | &ras->gatekeeperRequest); | 1644 | &ras->gatekeeperRequest); |
1645 | case eRasMessage_gatekeeperConfirm: | 1645 | case eRasMessage_gatekeeperConfirm: |
1646 | return process_gcf(pskb, ct, ctinfo, data, | 1646 | return process_gcf(skb, ct, ctinfo, data, |
1647 | &ras->gatekeeperConfirm); | 1647 | &ras->gatekeeperConfirm); |
1648 | case eRasMessage_registrationRequest: | 1648 | case eRasMessage_registrationRequest: |
1649 | return process_rrq(pskb, ct, ctinfo, data, | 1649 | return process_rrq(skb, ct, ctinfo, data, |
1650 | &ras->registrationRequest); | 1650 | &ras->registrationRequest); |
1651 | case eRasMessage_registrationConfirm: | 1651 | case eRasMessage_registrationConfirm: |
1652 | return process_rcf(pskb, ct, ctinfo, data, | 1652 | return process_rcf(skb, ct, ctinfo, data, |
1653 | &ras->registrationConfirm); | 1653 | &ras->registrationConfirm); |
1654 | case eRasMessage_unregistrationRequest: | 1654 | case eRasMessage_unregistrationRequest: |
1655 | return process_urq(pskb, ct, ctinfo, data, | 1655 | return process_urq(skb, ct, ctinfo, data, |
1656 | &ras->unregistrationRequest); | 1656 | &ras->unregistrationRequest); |
1657 | case eRasMessage_admissionRequest: | 1657 | case eRasMessage_admissionRequest: |
1658 | return process_arq(pskb, ct, ctinfo, data, | 1658 | return process_arq(skb, ct, ctinfo, data, |
1659 | &ras->admissionRequest); | 1659 | &ras->admissionRequest); |
1660 | case eRasMessage_admissionConfirm: | 1660 | case eRasMessage_admissionConfirm: |
1661 | return process_acf(pskb, ct, ctinfo, data, | 1661 | return process_acf(skb, ct, ctinfo, data, |
1662 | &ras->admissionConfirm); | 1662 | &ras->admissionConfirm); |
1663 | case eRasMessage_locationRequest: | 1663 | case eRasMessage_locationRequest: |
1664 | return process_lrq(pskb, ct, ctinfo, data, | 1664 | return process_lrq(skb, ct, ctinfo, data, |
1665 | &ras->locationRequest); | 1665 | &ras->locationRequest); |
1666 | case eRasMessage_locationConfirm: | 1666 | case eRasMessage_locationConfirm: |
1667 | return process_lcf(pskb, ct, ctinfo, data, | 1667 | return process_lcf(skb, ct, ctinfo, data, |
1668 | &ras->locationConfirm); | 1668 | &ras->locationConfirm); |
1669 | case eRasMessage_infoRequestResponse: | 1669 | case eRasMessage_infoRequestResponse: |
1670 | return process_irr(pskb, ct, ctinfo, data, | 1670 | return process_irr(skb, ct, ctinfo, data, |
1671 | &ras->infoRequestResponse); | 1671 | &ras->infoRequestResponse); |
1672 | default: | 1672 | default: |
1673 | pr_debug("nf_ct_ras: RAS message %d\n", ras->choice); | 1673 | pr_debug("nf_ct_ras: RAS message %d\n", ras->choice); |
@@ -1678,7 +1678,7 @@ static int process_ras(struct sk_buff **pskb, struct nf_conn *ct, | |||
1678 | } | 1678 | } |
1679 | 1679 | ||
1680 | /****************************************************************************/ | 1680 | /****************************************************************************/ |
1681 | static int ras_help(struct sk_buff **pskb, unsigned int protoff, | 1681 | static int ras_help(struct sk_buff *skb, unsigned int protoff, |
1682 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) | 1682 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) |
1683 | { | 1683 | { |
1684 | static RasMessage ras; | 1684 | static RasMessage ras; |
@@ -1686,12 +1686,12 @@ static int ras_help(struct sk_buff **pskb, unsigned int protoff, | |||
1686 | int datalen = 0; | 1686 | int datalen = 0; |
1687 | int ret; | 1687 | int ret; |
1688 | 1688 | ||
1689 | pr_debug("nf_ct_ras: skblen = %u\n", (*pskb)->len); | 1689 | pr_debug("nf_ct_ras: skblen = %u\n", skb->len); |
1690 | 1690 | ||
1691 | spin_lock_bh(&nf_h323_lock); | 1691 | spin_lock_bh(&nf_h323_lock); |
1692 | 1692 | ||
1693 | /* Get UDP data */ | 1693 | /* Get UDP data */ |
1694 | data = get_udp_data(pskb, protoff, &datalen); | 1694 | data = get_udp_data(skb, protoff, &datalen); |
1695 | if (data == NULL) | 1695 | if (data == NULL) |
1696 | goto accept; | 1696 | goto accept; |
1697 | pr_debug("nf_ct_ras: RAS message len=%d ", datalen); | 1697 | pr_debug("nf_ct_ras: RAS message len=%d ", datalen); |
@@ -1707,7 +1707,7 @@ static int ras_help(struct sk_buff **pskb, unsigned int protoff, | |||
1707 | } | 1707 | } |
1708 | 1708 | ||
1709 | /* Process RAS message */ | 1709 | /* Process RAS message */ |
1710 | if (process_ras(pskb, ct, ctinfo, &data, &ras) < 0) | 1710 | if (process_ras(skb, ct, ctinfo, &data, &ras) < 0) |
1711 | goto drop; | 1711 | goto drop; |
1712 | 1712 | ||
1713 | accept: | 1713 | accept: |
diff --git a/net/netfilter/nf_conntrack_irc.c b/net/netfilter/nf_conntrack_irc.c index 1562ca97a349..dfaed4ba83cd 100644 --- a/net/netfilter/nf_conntrack_irc.c +++ b/net/netfilter/nf_conntrack_irc.c | |||
@@ -30,7 +30,7 @@ static unsigned int dcc_timeout __read_mostly = 300; | |||
30 | static char *irc_buffer; | 30 | static char *irc_buffer; |
31 | static DEFINE_SPINLOCK(irc_buffer_lock); | 31 | static DEFINE_SPINLOCK(irc_buffer_lock); |
32 | 32 | ||
33 | unsigned int (*nf_nat_irc_hook)(struct sk_buff **pskb, | 33 | unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb, |
34 | enum ip_conntrack_info ctinfo, | 34 | enum ip_conntrack_info ctinfo, |
35 | unsigned int matchoff, | 35 | unsigned int matchoff, |
36 | unsigned int matchlen, | 36 | unsigned int matchlen, |
@@ -89,7 +89,7 @@ static int parse_dcc(char *data, char *data_end, u_int32_t *ip, | |||
89 | return 0; | 89 | return 0; |
90 | } | 90 | } |
91 | 91 | ||
92 | static int help(struct sk_buff **pskb, unsigned int protoff, | 92 | static int help(struct sk_buff *skb, unsigned int protoff, |
93 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) | 93 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) |
94 | { | 94 | { |
95 | unsigned int dataoff; | 95 | unsigned int dataoff; |
@@ -116,22 +116,22 @@ static int help(struct sk_buff **pskb, unsigned int protoff, | |||
116 | return NF_ACCEPT; | 116 | return NF_ACCEPT; |
117 | 117 | ||
118 | /* Not a full tcp header? */ | 118 | /* Not a full tcp header? */ |
119 | th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); | 119 | th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); |
120 | if (th == NULL) | 120 | if (th == NULL) |
121 | return NF_ACCEPT; | 121 | return NF_ACCEPT; |
122 | 122 | ||
123 | /* No data? */ | 123 | /* No data? */ |
124 | dataoff = protoff + th->doff*4; | 124 | dataoff = protoff + th->doff*4; |
125 | if (dataoff >= (*pskb)->len) | 125 | if (dataoff >= skb->len) |
126 | return NF_ACCEPT; | 126 | return NF_ACCEPT; |
127 | 127 | ||
128 | spin_lock_bh(&irc_buffer_lock); | 128 | spin_lock_bh(&irc_buffer_lock); |
129 | ib_ptr = skb_header_pointer(*pskb, dataoff, (*pskb)->len - dataoff, | 129 | ib_ptr = skb_header_pointer(skb, dataoff, skb->len - dataoff, |
130 | irc_buffer); | 130 | irc_buffer); |
131 | BUG_ON(ib_ptr == NULL); | 131 | BUG_ON(ib_ptr == NULL); |
132 | 132 | ||
133 | data = ib_ptr; | 133 | data = ib_ptr; |
134 | data_limit = ib_ptr + (*pskb)->len - dataoff; | 134 | data_limit = ib_ptr + skb->len - dataoff; |
135 | 135 | ||
136 | /* strlen("\1DCC SENT t AAAAAAAA P\1\n")=24 | 136 | /* strlen("\1DCC SENT t AAAAAAAA P\1\n")=24 |
137 | * 5+MINMATCHLEN+strlen("t AAAAAAAA P\1\n")=14 */ | 137 | * 5+MINMATCHLEN+strlen("t AAAAAAAA P\1\n")=14 */ |
@@ -143,7 +143,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff, | |||
143 | data += 5; | 143 | data += 5; |
144 | /* we have at least (19+MINMATCHLEN)-5 bytes valid data left */ | 144 | /* we have at least (19+MINMATCHLEN)-5 bytes valid data left */ |
145 | 145 | ||
146 | iph = ip_hdr(*pskb); | 146 | iph = ip_hdr(skb); |
147 | pr_debug("DCC found in master %u.%u.%u.%u:%u %u.%u.%u.%u:%u\n", | 147 | pr_debug("DCC found in master %u.%u.%u.%u:%u %u.%u.%u.%u:%u\n", |
148 | NIPQUAD(iph->saddr), ntohs(th->source), | 148 | NIPQUAD(iph->saddr), ntohs(th->source), |
149 | NIPQUAD(iph->daddr), ntohs(th->dest)); | 149 | NIPQUAD(iph->daddr), ntohs(th->dest)); |
@@ -193,7 +193,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff, | |||
193 | 193 | ||
194 | nf_nat_irc = rcu_dereference(nf_nat_irc_hook); | 194 | nf_nat_irc = rcu_dereference(nf_nat_irc_hook); |
195 | if (nf_nat_irc && ct->status & IPS_NAT_MASK) | 195 | if (nf_nat_irc && ct->status & IPS_NAT_MASK) |
196 | ret = nf_nat_irc(pskb, ctinfo, | 196 | ret = nf_nat_irc(skb, ctinfo, |
197 | addr_beg_p - ib_ptr, | 197 | addr_beg_p - ib_ptr, |
198 | addr_end_p - addr_beg_p, | 198 | addr_end_p - addr_beg_p, |
199 | exp); | 199 | exp); |
diff --git a/net/netfilter/nf_conntrack_netbios_ns.c b/net/netfilter/nf_conntrack_netbios_ns.c index 1d59fabeb5f7..9810d81e2a06 100644 --- a/net/netfilter/nf_conntrack_netbios_ns.c +++ b/net/netfilter/nf_conntrack_netbios_ns.c | |||
@@ -42,17 +42,17 @@ static unsigned int timeout __read_mostly = 3; | |||
42 | module_param(timeout, uint, 0400); | 42 | module_param(timeout, uint, 0400); |
43 | MODULE_PARM_DESC(timeout, "timeout for master connection/replies in seconds"); | 43 | MODULE_PARM_DESC(timeout, "timeout for master connection/replies in seconds"); |
44 | 44 | ||
45 | static int help(struct sk_buff **pskb, unsigned int protoff, | 45 | static int help(struct sk_buff *skb, unsigned int protoff, |
46 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) | 46 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) |
47 | { | 47 | { |
48 | struct nf_conntrack_expect *exp; | 48 | struct nf_conntrack_expect *exp; |
49 | struct iphdr *iph = ip_hdr(*pskb); | 49 | struct iphdr *iph = ip_hdr(skb); |
50 | struct rtable *rt = (struct rtable *)(*pskb)->dst; | 50 | struct rtable *rt = (struct rtable *)skb->dst; |
51 | struct in_device *in_dev; | 51 | struct in_device *in_dev; |
52 | __be32 mask = 0; | 52 | __be32 mask = 0; |
53 | 53 | ||
54 | /* we're only interested in locally generated packets */ | 54 | /* we're only interested in locally generated packets */ |
55 | if ((*pskb)->sk == NULL) | 55 | if (skb->sk == NULL) |
56 | goto out; | 56 | goto out; |
57 | if (rt == NULL || !(rt->rt_flags & RTCF_BROADCAST)) | 57 | if (rt == NULL || !(rt->rt_flags & RTCF_BROADCAST)) |
58 | goto out; | 58 | goto out; |
@@ -91,7 +91,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff, | |||
91 | nf_ct_expect_related(exp); | 91 | nf_ct_expect_related(exp); |
92 | nf_ct_expect_put(exp); | 92 | nf_ct_expect_put(exp); |
93 | 93 | ||
94 | nf_ct_refresh(ct, *pskb, timeout * HZ); | 94 | nf_ct_refresh(ct, skb, timeout * HZ); |
95 | out: | 95 | out: |
96 | return NF_ACCEPT; | 96 | return NF_ACCEPT; |
97 | } | 97 | } |
diff --git a/net/netfilter/nf_conntrack_pptp.c b/net/netfilter/nf_conntrack_pptp.c index b0804199ab59..099b6df3e2b5 100644 --- a/net/netfilter/nf_conntrack_pptp.c +++ b/net/netfilter/nf_conntrack_pptp.c | |||
@@ -41,14 +41,14 @@ MODULE_ALIAS("ip_conntrack_pptp"); | |||
41 | static DEFINE_SPINLOCK(nf_pptp_lock); | 41 | static DEFINE_SPINLOCK(nf_pptp_lock); |
42 | 42 | ||
43 | int | 43 | int |
44 | (*nf_nat_pptp_hook_outbound)(struct sk_buff **pskb, | 44 | (*nf_nat_pptp_hook_outbound)(struct sk_buff *skb, |
45 | struct nf_conn *ct, enum ip_conntrack_info ctinfo, | 45 | struct nf_conn *ct, enum ip_conntrack_info ctinfo, |
46 | struct PptpControlHeader *ctlh, | 46 | struct PptpControlHeader *ctlh, |
47 | union pptp_ctrl_union *pptpReq) __read_mostly; | 47 | union pptp_ctrl_union *pptpReq) __read_mostly; |
48 | EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_outbound); | 48 | EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_outbound); |
49 | 49 | ||
50 | int | 50 | int |
51 | (*nf_nat_pptp_hook_inbound)(struct sk_buff **pskb, | 51 | (*nf_nat_pptp_hook_inbound)(struct sk_buff *skb, |
52 | struct nf_conn *ct, enum ip_conntrack_info ctinfo, | 52 | struct nf_conn *ct, enum ip_conntrack_info ctinfo, |
53 | struct PptpControlHeader *ctlh, | 53 | struct PptpControlHeader *ctlh, |
54 | union pptp_ctrl_union *pptpReq) __read_mostly; | 54 | union pptp_ctrl_union *pptpReq) __read_mostly; |
@@ -254,7 +254,7 @@ out_unexpect_orig: | |||
254 | } | 254 | } |
255 | 255 | ||
256 | static inline int | 256 | static inline int |
257 | pptp_inbound_pkt(struct sk_buff **pskb, | 257 | pptp_inbound_pkt(struct sk_buff *skb, |
258 | struct PptpControlHeader *ctlh, | 258 | struct PptpControlHeader *ctlh, |
259 | union pptp_ctrl_union *pptpReq, | 259 | union pptp_ctrl_union *pptpReq, |
260 | unsigned int reqlen, | 260 | unsigned int reqlen, |
@@ -367,7 +367,7 @@ pptp_inbound_pkt(struct sk_buff **pskb, | |||
367 | 367 | ||
368 | nf_nat_pptp_inbound = rcu_dereference(nf_nat_pptp_hook_inbound); | 368 | nf_nat_pptp_inbound = rcu_dereference(nf_nat_pptp_hook_inbound); |
369 | if (nf_nat_pptp_inbound && ct->status & IPS_NAT_MASK) | 369 | if (nf_nat_pptp_inbound && ct->status & IPS_NAT_MASK) |
370 | return nf_nat_pptp_inbound(pskb, ct, ctinfo, ctlh, pptpReq); | 370 | return nf_nat_pptp_inbound(skb, ct, ctinfo, ctlh, pptpReq); |
371 | return NF_ACCEPT; | 371 | return NF_ACCEPT; |
372 | 372 | ||
373 | invalid: | 373 | invalid: |
@@ -380,7 +380,7 @@ invalid: | |||
380 | } | 380 | } |
381 | 381 | ||
382 | static inline int | 382 | static inline int |
383 | pptp_outbound_pkt(struct sk_buff **pskb, | 383 | pptp_outbound_pkt(struct sk_buff *skb, |
384 | struct PptpControlHeader *ctlh, | 384 | struct PptpControlHeader *ctlh, |
385 | union pptp_ctrl_union *pptpReq, | 385 | union pptp_ctrl_union *pptpReq, |
386 | unsigned int reqlen, | 386 | unsigned int reqlen, |
@@ -462,7 +462,7 @@ pptp_outbound_pkt(struct sk_buff **pskb, | |||
462 | 462 | ||
463 | nf_nat_pptp_outbound = rcu_dereference(nf_nat_pptp_hook_outbound); | 463 | nf_nat_pptp_outbound = rcu_dereference(nf_nat_pptp_hook_outbound); |
464 | if (nf_nat_pptp_outbound && ct->status & IPS_NAT_MASK) | 464 | if (nf_nat_pptp_outbound && ct->status & IPS_NAT_MASK) |
465 | return nf_nat_pptp_outbound(pskb, ct, ctinfo, ctlh, pptpReq); | 465 | return nf_nat_pptp_outbound(skb, ct, ctinfo, ctlh, pptpReq); |
466 | return NF_ACCEPT; | 466 | return NF_ACCEPT; |
467 | 467 | ||
468 | invalid: | 468 | invalid: |
@@ -492,7 +492,7 @@ static const unsigned int pptp_msg_size[] = { | |||
492 | 492 | ||
493 | /* track caller id inside control connection, call expect_related */ | 493 | /* track caller id inside control connection, call expect_related */ |
494 | static int | 494 | static int |
495 | conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff, | 495 | conntrack_pptp_help(struct sk_buff *skb, unsigned int protoff, |
496 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) | 496 | struct nf_conn *ct, enum ip_conntrack_info ctinfo) |
497 | 497 | ||
498 | { | 498 | { |
@@ -502,7 +502,7 @@ conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff, | |||
502 | struct pptp_pkt_hdr _pptph, *pptph; | 502 | struct pptp_pkt_hdr _pptph, *pptph; |
503 | struct PptpControlHeader _ctlh, *ctlh; | 503 | struct PptpControlHeader _ctlh, *ctlh; |
504 | union pptp_ctrl_union _pptpReq, *pptpReq; | 504 | union pptp_ctrl_union _pptpReq, *pptpReq; |
505 | unsigned int tcplen = (*pskb)->len - protoff; | 505 | unsigned int tcplen = skb->len - protoff; |
506 | unsigned int datalen, reqlen, nexthdr_off; | 506 | unsigned int datalen, reqlen, nexthdr_off; |
507 | int oldsstate, oldcstate; | 507 | int oldsstate, oldcstate; |
508 | int ret; | 508 | int ret; |
@@ -514,12 +514,12 @@ conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff, | |||
514 | return NF_ACCEPT; | 514 | return NF_ACCEPT; |
515 | 515 | ||
516 | nexthdr_off = protoff; | 516 | nexthdr_off = protoff; |
517 | tcph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_tcph), &_tcph); | 517 | tcph = skb_header_pointer(skb, nexthdr_off, sizeof(_tcph), &_tcph); |
518 | BUG_ON(!tcph); | 518 | BUG_ON(!tcph); |
519 | nexthdr_off += tcph->doff * 4; | 519 | nexthdr_off += tcph->doff * 4; |
520 | datalen = tcplen - tcph->doff * 4; | 520 | datalen = tcplen - tcph->doff * 4; |
521 | 521 | ||
522 | pptph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_pptph), &_pptph); | 522 | pptph = skb_header_pointer(skb, nexthdr_off, sizeof(_pptph), &_pptph); |
523 | if (!pptph) { | 523 | if (!pptph) { |
524 | pr_debug("no full PPTP header, can't track\n"); | 524 | pr_debug("no full PPTP header, can't track\n"); |
525 | return NF_ACCEPT; | 525 | return NF_ACCEPT; |
@@ -534,7 +534,7 @@ conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff, | |||
534 | return NF_ACCEPT; | 534 | return NF_ACCEPT; |
535 | } | 535 | } |
536 | 536 | ||
537 | ctlh = skb_header_pointer(*pskb, nexthdr_off, sizeof(_ctlh), &_ctlh); | 537 | ctlh = skb_header_pointer(skb, nexthdr_off, sizeof(_ctlh), &_ctlh); |
538 | if (!ctlh) | 538 | if (!ctlh) |
539 | return NF_ACCEPT; | 539 | return NF_ACCEPT; |
540 | nexthdr_off += sizeof(_ctlh); | 540 | nexthdr_off += sizeof(_ctlh); |
@@ -547,7 +547,7 @@ conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff, | |||
547 | if (reqlen > sizeof(*pptpReq)) | 547 | if (reqlen > sizeof(*pptpReq)) |
548 | reqlen = sizeof(*pptpReq); | 548 | reqlen = sizeof(*pptpReq); |
549 | 549 | ||
550 | pptpReq = skb_header_pointer(*pskb, nexthdr_off, reqlen, &_pptpReq); | 550 | pptpReq = skb_header_pointer(skb, nexthdr_off, reqlen, &_pptpReq); |
551 | if (!pptpReq) | 551 | if (!pptpReq) |
552 | return NF_ACCEPT; | 552 | return NF_ACCEPT; |
553 | 553 | ||
@@ -560,11 +560,11 @@ conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff, | |||
560 | * established from PNS->PAC. However, RFC makes no guarantee */ | 560 | * established from PNS->PAC. However, RFC makes no guarantee */ |
561 | if (dir == IP_CT_DIR_ORIGINAL) | 561 | if (dir == IP_CT_DIR_ORIGINAL) |
562 | /* client -> server (PNS -> PAC) */ | 562 | /* client -> server (PNS -> PAC) */ |
563 | ret = pptp_outbound_pkt(pskb, ctlh, pptpReq, reqlen, ct, | 563 | ret = pptp_outbound_pkt(skb, ctlh, pptpReq, reqlen, ct, |
564 | ctinfo); | 564 | ctinfo); |
565 | else | 565 | else |
566 | /* server -> client (PAC -> PNS) */ | 566 | /* server -> client (PAC -> PNS) */ |
567 | ret = pptp_inbound_pkt(pskb, ctlh, pptpReq, reqlen, ct, | 567 | ret = pptp_inbound_pkt(skb, ctlh, pptpReq, reqlen, ct, |
568 | ctinfo); | 568 | ctinfo); |
569 | pr_debug("sstate: %d->%d, cstate: %d->%d\n", | 569 | pr_debug("sstate: %d->%d, cstate: %d->%d\n", |
570 | oldsstate, info->sstate, oldcstate, info->cstate); | 570 | oldsstate, info->sstate, oldcstate, info->cstate); |
diff --git a/net/netfilter/nf_conntrack_sane.c b/net/netfilter/nf_conntrack_sane.c index 355d371bac93..b5a16c6e21c2 100644 --- a/net/netfilter/nf_conntrack_sane.c +++ b/net/netfilter/nf_conntrack_sane.c | |||
@@ -56,7 +56,7 @@ struct sane_reply_net_start { | |||
56 | /* other fields aren't interesting for conntrack */ | 56 | /* other fields aren't interesting for conntrack */ |
57 | }; | 57 | }; |
58 | 58 | ||
59 | static int help(struct sk_buff **pskb, | 59 | static int help(struct sk_buff *skb, |
60 | unsigned int protoff, | 60 | unsigned int protoff, |
61 | struct nf_conn *ct, | 61 | struct nf_conn *ct, |
62 | enum ip_conntrack_info ctinfo) | 62 | enum ip_conntrack_info ctinfo) |
@@ -80,19 +80,19 @@ static int help(struct sk_buff **pskb, | |||
80 | return NF_ACCEPT; | 80 | return NF_ACCEPT; |
81 | 81 | ||
82 | /* Not a full tcp header? */ | 82 | /* Not a full tcp header? */ |
83 | th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); | 83 | th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); |
84 | if (th == NULL) | 84 | if (th == NULL) |
85 | return NF_ACCEPT; | 85 | return NF_ACCEPT; |
86 | 86 | ||
87 | /* No data? */ | 87 | /* No data? */ |
88 | dataoff = protoff + th->doff * 4; | 88 | dataoff = protoff + th->doff * 4; |
89 | if (dataoff >= (*pskb)->len) | 89 | if (dataoff >= skb->len) |
90 | return NF_ACCEPT; | 90 | return NF_ACCEPT; |
91 | 91 | ||
92 | datalen = (*pskb)->len - dataoff; | 92 | datalen = skb->len - dataoff; |
93 | 93 | ||
94 | spin_lock_bh(&nf_sane_lock); | 94 | spin_lock_bh(&nf_sane_lock); |
95 | sb_ptr = skb_header_pointer(*pskb, dataoff, datalen, sane_buffer); | 95 | sb_ptr = skb_header_pointer(skb, dataoff, datalen, sane_buffer); |
96 | BUG_ON(sb_ptr == NULL); | 96 | BUG_ON(sb_ptr == NULL); |
97 | 97 | ||
98 | if (dir == IP_CT_DIR_ORIGINAL) { | 98 | if (dir == IP_CT_DIR_ORIGINAL) { |
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c index d449fa47491c..8f8b5a48df38 100644 --- a/net/netfilter/nf_conntrack_sip.c +++ b/net/netfilter/nf_conntrack_sip.c | |||
@@ -36,13 +36,13 @@ static unsigned int sip_timeout __read_mostly = SIP_TIMEOUT; | |||
36 | module_param(sip_timeout, uint, 0600); | 36 | module_param(sip_timeout, uint, 0600); |
37 | MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session"); | 37 | MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session"); |
38 | 38 | ||
39 | unsigned int (*nf_nat_sip_hook)(struct sk_buff **pskb, | 39 | unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb, |
40 | enum ip_conntrack_info ctinfo, | 40 | enum ip_conntrack_info ctinfo, |
41 | struct nf_conn *ct, | 41 | struct nf_conn *ct, |
42 | const char **dptr) __read_mostly; | 42 | const char **dptr) __read_mostly; |
43 | EXPORT_SYMBOL_GPL(nf_nat_sip_hook); | 43 | EXPORT_SYMBOL_GPL(nf_nat_sip_hook); |
44 | 44 | ||
45 | unsigned int (*nf_nat_sdp_hook)(struct sk_buff **pskb, | 45 | unsigned int (*nf_nat_sdp_hook)(struct sk_buff *skb, |
46 | enum ip_conntrack_info ctinfo, | 46 | enum ip_conntrack_info ctinfo, |
47 | struct nf_conntrack_expect *exp, | 47 | struct nf_conntrack_expect *exp, |
48 | const char *dptr) __read_mostly; | 48 | const char *dptr) __read_mostly; |
@@ -363,7 +363,7 @@ int ct_sip_get_info(struct nf_conn *ct, | |||
363 | } | 363 | } |
364 | EXPORT_SYMBOL_GPL(ct_sip_get_info); | 364 | EXPORT_SYMBOL_GPL(ct_sip_get_info); |
365 | 365 | ||
366 | static int set_expected_rtp(struct sk_buff **pskb, | 366 | static int set_expected_rtp(struct sk_buff *skb, |
367 | struct nf_conn *ct, | 367 | struct nf_conn *ct, |
368 | enum ip_conntrack_info ctinfo, | 368 | enum ip_conntrack_info ctinfo, |
369 | union nf_conntrack_address *addr, | 369 | union nf_conntrack_address *addr, |
@@ -385,7 +385,7 @@ static int set_expected_rtp(struct sk_buff **pskb, | |||
385 | 385 | ||
386 | nf_nat_sdp = rcu_dereference(nf_nat_sdp_hook); | 386 | nf_nat_sdp = rcu_dereference(nf_nat_sdp_hook); |
387 | if (nf_nat_sdp && ct->status & IPS_NAT_MASK) | 387 | if (nf_nat_sdp && ct->status & IPS_NAT_MASK) |
388 | ret = nf_nat_sdp(pskb, ctinfo, exp, dptr); | 388 | ret = nf_nat_sdp(skb, ctinfo, exp, dptr); |
389 | else { | 389 | else { |
390 | if (nf_ct_expect_related(exp) != 0) | 390 | if (nf_ct_expect_related(exp) != 0) |
391 | ret = NF_DROP; | 391 | ret = NF_DROP; |
@@ -397,7 +397,7 @@ static int set_expected_rtp(struct sk_buff **pskb, | |||
397 | return ret; | 397 | return ret; |
398 | } | 398 | } |
399 | 399 | ||
400 | static int sip_help(struct sk_buff **pskb, | 400 | static int sip_help(struct sk_buff *skb, |
401 | unsigned int protoff, | 401 | unsigned int protoff, |
402 | struct nf_conn *ct, | 402 | struct nf_conn *ct, |
403 | enum ip_conntrack_info ctinfo) | 403 | enum ip_conntrack_info ctinfo) |
@@ -414,13 +414,13 @@ static int sip_help(struct sk_buff **pskb, | |||
414 | 414 | ||
415 | /* No Data ? */ | 415 | /* No Data ? */ |
416 | dataoff = protoff + sizeof(struct udphdr); | 416 | dataoff = protoff + sizeof(struct udphdr); |
417 | if (dataoff >= (*pskb)->len) | 417 | if (dataoff >= skb->len) |
418 | return NF_ACCEPT; | 418 | return NF_ACCEPT; |
419 | 419 | ||
420 | nf_ct_refresh(ct, *pskb, sip_timeout * HZ); | 420 | nf_ct_refresh(ct, skb, sip_timeout * HZ); |
421 | 421 | ||
422 | if (!skb_is_nonlinear(*pskb)) | 422 | if (!skb_is_nonlinear(skb)) |
423 | dptr = (*pskb)->data + dataoff; | 423 | dptr = skb->data + dataoff; |
424 | else { | 424 | else { |
425 | pr_debug("Copy of skbuff not supported yet.\n"); | 425 | pr_debug("Copy of skbuff not supported yet.\n"); |
426 | goto out; | 426 | goto out; |
@@ -428,13 +428,13 @@ static int sip_help(struct sk_buff **pskb, | |||
428 | 428 | ||
429 | nf_nat_sip = rcu_dereference(nf_nat_sip_hook); | 429 | nf_nat_sip = rcu_dereference(nf_nat_sip_hook); |
430 | if (nf_nat_sip && ct->status & IPS_NAT_MASK) { | 430 | if (nf_nat_sip && ct->status & IPS_NAT_MASK) { |
431 | if (!nf_nat_sip(pskb, ctinfo, ct, &dptr)) { | 431 | if (!nf_nat_sip(skb, ctinfo, ct, &dptr)) { |
432 | ret = NF_DROP; | 432 | ret = NF_DROP; |
433 | goto out; | 433 | goto out; |
434 | } | 434 | } |
435 | } | 435 | } |
436 | 436 | ||
437 | datalen = (*pskb)->len - dataoff; | 437 | datalen = skb->len - dataoff; |
438 | if (datalen < sizeof("SIP/2.0 200") - 1) | 438 | if (datalen < sizeof("SIP/2.0 200") - 1) |
439 | goto out; | 439 | goto out; |
440 | 440 | ||
@@ -464,7 +464,7 @@ static int sip_help(struct sk_buff **pskb, | |||
464 | ret = NF_DROP; | 464 | ret = NF_DROP; |
465 | goto out; | 465 | goto out; |
466 | } | 466 | } |
467 | ret = set_expected_rtp(pskb, ct, ctinfo, &addr, | 467 | ret = set_expected_rtp(skb, ct, ctinfo, &addr, |
468 | htons(port), dptr); | 468 | htons(port), dptr); |
469 | } | 469 | } |
470 | } | 470 | } |
diff --git a/net/netfilter/nf_conntrack_tftp.c b/net/netfilter/nf_conntrack_tftp.c index cc19506cf2f8..e894aa1ff3ad 100644 --- a/net/netfilter/nf_conntrack_tftp.c +++ b/net/netfilter/nf_conntrack_tftp.c | |||
@@ -29,12 +29,12 @@ static int ports_c; | |||
29 | module_param_array(ports, ushort, &ports_c, 0400); | 29 | module_param_array(ports, ushort, &ports_c, 0400); |
30 | MODULE_PARM_DESC(ports, "Port numbers of TFTP servers"); | 30 | MODULE_PARM_DESC(ports, "Port numbers of TFTP servers"); |
31 | 31 | ||
32 | unsigned int (*nf_nat_tftp_hook)(struct sk_buff **pskb, | 32 | unsigned int (*nf_nat_tftp_hook)(struct sk_buff *skb, |
33 | enum ip_conntrack_info ctinfo, | 33 | enum ip_conntrack_info ctinfo, |
34 | struct nf_conntrack_expect *exp) __read_mostly; | 34 | struct nf_conntrack_expect *exp) __read_mostly; |
35 | EXPORT_SYMBOL_GPL(nf_nat_tftp_hook); | 35 | EXPORT_SYMBOL_GPL(nf_nat_tftp_hook); |
36 | 36 | ||
37 | static int tftp_help(struct sk_buff **pskb, | 37 | static int tftp_help(struct sk_buff *skb, |
38 | unsigned int protoff, | 38 | unsigned int protoff, |
39 | struct nf_conn *ct, | 39 | struct nf_conn *ct, |
40 | enum ip_conntrack_info ctinfo) | 40 | enum ip_conntrack_info ctinfo) |
@@ -46,7 +46,7 @@ static int tftp_help(struct sk_buff **pskb, | |||
46 | int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num; | 46 | int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num; |
47 | typeof(nf_nat_tftp_hook) nf_nat_tftp; | 47 | typeof(nf_nat_tftp_hook) nf_nat_tftp; |
48 | 48 | ||
49 | tfh = skb_header_pointer(*pskb, protoff + sizeof(struct udphdr), | 49 | tfh = skb_header_pointer(skb, protoff + sizeof(struct udphdr), |
50 | sizeof(_tftph), &_tftph); | 50 | sizeof(_tftph), &_tftph); |
51 | if (tfh == NULL) | 51 | if (tfh == NULL) |
52 | return NF_ACCEPT; | 52 | return NF_ACCEPT; |
@@ -70,7 +70,7 @@ static int tftp_help(struct sk_buff **pskb, | |||
70 | 70 | ||
71 | nf_nat_tftp = rcu_dereference(nf_nat_tftp_hook); | 71 | nf_nat_tftp = rcu_dereference(nf_nat_tftp_hook); |
72 | if (nf_nat_tftp && ct->status & IPS_NAT_MASK) | 72 | if (nf_nat_tftp && ct->status & IPS_NAT_MASK) |
73 | ret = nf_nat_tftp(pskb, ctinfo, exp); | 73 | ret = nf_nat_tftp(skb, ctinfo, exp); |
74 | else if (nf_ct_expect_related(exp) != 0) | 74 | else if (nf_ct_expect_related(exp) != 0) |
75 | ret = NF_DROP; | 75 | ret = NF_DROP; |
76 | nf_ct_expect_put(exp); | 76 | nf_ct_expect_put(exp); |
diff --git a/net/netfilter/nf_internals.h b/net/netfilter/nf_internals.h index 0df7fff196a7..196269c1e586 100644 --- a/net/netfilter/nf_internals.h +++ b/net/netfilter/nf_internals.h | |||
@@ -14,7 +14,7 @@ | |||
14 | 14 | ||
15 | /* core.c */ | 15 | /* core.c */ |
16 | extern unsigned int nf_iterate(struct list_head *head, | 16 | extern unsigned int nf_iterate(struct list_head *head, |
17 | struct sk_buff **skb, | 17 | struct sk_buff *skb, |
18 | int hook, | 18 | int hook, |
19 | const struct net_device *indev, | 19 | const struct net_device *indev, |
20 | const struct net_device *outdev, | 20 | const struct net_device *outdev, |
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c index a481a349f7bf..0cef1433d660 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c | |||
@@ -256,14 +256,14 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info, | |||
256 | 256 | ||
257 | if (verdict == NF_ACCEPT) { | 257 | if (verdict == NF_ACCEPT) { |
258 | afinfo = nf_get_afinfo(info->pf); | 258 | afinfo = nf_get_afinfo(info->pf); |
259 | if (!afinfo || afinfo->reroute(&skb, info) < 0) | 259 | if (!afinfo || afinfo->reroute(skb, info) < 0) |
260 | verdict = NF_DROP; | 260 | verdict = NF_DROP; |
261 | } | 261 | } |
262 | 262 | ||
263 | if (verdict == NF_ACCEPT) { | 263 | if (verdict == NF_ACCEPT) { |
264 | next_hook: | 264 | next_hook: |
265 | verdict = nf_iterate(&nf_hooks[info->pf][info->hook], | 265 | verdict = nf_iterate(&nf_hooks[info->pf][info->hook], |
266 | &skb, info->hook, | 266 | skb, info->hook, |
267 | info->indev, info->outdev, &elem, | 267 | info->indev, info->outdev, &elem, |
268 | info->okfn, INT_MIN); | 268 | info->okfn, INT_MIN); |
269 | } | 269 | } |
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 49f0480afe09..3ceeffcf6f9d 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c | |||
@@ -617,6 +617,7 @@ static int | |||
617 | nfqnl_mangle(void *data, int data_len, struct nfqnl_queue_entry *e) | 617 | nfqnl_mangle(void *data, int data_len, struct nfqnl_queue_entry *e) |
618 | { | 618 | { |
619 | int diff; | 619 | int diff; |
620 | int err; | ||
620 | 621 | ||
621 | diff = data_len - e->skb->len; | 622 | diff = data_len - e->skb->len; |
622 | if (diff < 0) { | 623 | if (diff < 0) { |
@@ -626,25 +627,18 @@ nfqnl_mangle(void *data, int data_len, struct nfqnl_queue_entry *e) | |||
626 | if (data_len > 0xFFFF) | 627 | if (data_len > 0xFFFF) |
627 | return -EINVAL; | 628 | return -EINVAL; |
628 | if (diff > skb_tailroom(e->skb)) { | 629 | if (diff > skb_tailroom(e->skb)) { |
629 | struct sk_buff *newskb; | 630 | err = pskb_expand_head(e->skb, 0, |
630 | 631 | diff - skb_tailroom(e->skb), | |
631 | newskb = skb_copy_expand(e->skb, | 632 | GFP_ATOMIC); |
632 | skb_headroom(e->skb), | 633 | if (err) { |
633 | diff, | ||
634 | GFP_ATOMIC); | ||
635 | if (newskb == NULL) { | ||
636 | printk(KERN_WARNING "nf_queue: OOM " | 634 | printk(KERN_WARNING "nf_queue: OOM " |
637 | "in mangle, dropping packet\n"); | 635 | "in mangle, dropping packet\n"); |
638 | return -ENOMEM; | 636 | return err; |
639 | } | 637 | } |
640 | if (e->skb->sk) | ||
641 | skb_set_owner_w(newskb, e->skb->sk); | ||
642 | kfree_skb(e->skb); | ||
643 | e->skb = newskb; | ||
644 | } | 638 | } |
645 | skb_put(e->skb, diff); | 639 | skb_put(e->skb, diff); |
646 | } | 640 | } |
647 | if (!skb_make_writable(&e->skb, data_len)) | 641 | if (!skb_make_writable(e->skb, data_len)) |
648 | return -ENOMEM; | 642 | return -ENOMEM; |
649 | skb_copy_to_linear_data(e->skb, data, data_len); | 643 | skb_copy_to_linear_data(e->skb, data, data_len); |
650 | e->skb->ip_summed = CHECKSUM_NONE; | 644 | e->skb->ip_summed = CHECKSUM_NONE; |
diff --git a/net/netfilter/xt_CLASSIFY.c b/net/netfilter/xt_CLASSIFY.c index 07a1b9665005..77eeae658d42 100644 --- a/net/netfilter/xt_CLASSIFY.c +++ b/net/netfilter/xt_CLASSIFY.c | |||
@@ -27,7 +27,7 @@ MODULE_ALIAS("ipt_CLASSIFY"); | |||
27 | MODULE_ALIAS("ip6t_CLASSIFY"); | 27 | MODULE_ALIAS("ip6t_CLASSIFY"); |
28 | 28 | ||
29 | static unsigned int | 29 | static unsigned int |
30 | target(struct sk_buff **pskb, | 30 | target(struct sk_buff *skb, |
31 | const struct net_device *in, | 31 | const struct net_device *in, |
32 | const struct net_device *out, | 32 | const struct net_device *out, |
33 | unsigned int hooknum, | 33 | unsigned int hooknum, |
@@ -36,7 +36,7 @@ target(struct sk_buff **pskb, | |||
36 | { | 36 | { |
37 | const struct xt_classify_target_info *clinfo = targinfo; | 37 | const struct xt_classify_target_info *clinfo = targinfo; |
38 | 38 | ||
39 | (*pskb)->priority = clinfo->priority; | 39 | skb->priority = clinfo->priority; |
40 | return XT_CONTINUE; | 40 | return XT_CONTINUE; |
41 | } | 41 | } |
42 | 42 | ||
diff --git a/net/netfilter/xt_CONNMARK.c b/net/netfilter/xt_CONNMARK.c index 7043c2757e09..8cc324b159e9 100644 --- a/net/netfilter/xt_CONNMARK.c +++ b/net/netfilter/xt_CONNMARK.c | |||
@@ -34,7 +34,7 @@ MODULE_ALIAS("ip6t_CONNMARK"); | |||
34 | #include <net/netfilter/nf_conntrack_ecache.h> | 34 | #include <net/netfilter/nf_conntrack_ecache.h> |
35 | 35 | ||
36 | static unsigned int | 36 | static unsigned int |
37 | target(struct sk_buff **pskb, | 37 | target(struct sk_buff *skb, |
38 | const struct net_device *in, | 38 | const struct net_device *in, |
39 | const struct net_device *out, | 39 | const struct net_device *out, |
40 | unsigned int hooknum, | 40 | unsigned int hooknum, |
@@ -48,28 +48,28 @@ target(struct sk_buff **pskb, | |||
48 | u_int32_t mark; | 48 | u_int32_t mark; |
49 | u_int32_t newmark; | 49 | u_int32_t newmark; |
50 | 50 | ||
51 | ct = nf_ct_get(*pskb, &ctinfo); | 51 | ct = nf_ct_get(skb, &ctinfo); |
52 | if (ct) { | 52 | if (ct) { |
53 | switch(markinfo->mode) { | 53 | switch(markinfo->mode) { |
54 | case XT_CONNMARK_SET: | 54 | case XT_CONNMARK_SET: |
55 | newmark = (ct->mark & ~markinfo->mask) | markinfo->mark; | 55 | newmark = (ct->mark & ~markinfo->mask) | markinfo->mark; |
56 | if (newmark != ct->mark) { | 56 | if (newmark != ct->mark) { |
57 | ct->mark = newmark; | 57 | ct->mark = newmark; |
58 | nf_conntrack_event_cache(IPCT_MARK, *pskb); | 58 | nf_conntrack_event_cache(IPCT_MARK, skb); |
59 | } | 59 | } |
60 | break; | 60 | break; |
61 | case XT_CONNMARK_SAVE: | 61 | case XT_CONNMARK_SAVE: |
62 | newmark = (ct->mark & ~markinfo->mask) | | 62 | newmark = (ct->mark & ~markinfo->mask) | |
63 | ((*pskb)->mark & markinfo->mask); | 63 | (skb->mark & markinfo->mask); |
64 | if (ct->mark != newmark) { | 64 | if (ct->mark != newmark) { |
65 | ct->mark = newmark; | 65 | ct->mark = newmark; |
66 | nf_conntrack_event_cache(IPCT_MARK, *pskb); | 66 | nf_conntrack_event_cache(IPCT_MARK, skb); |
67 | } | 67 | } |
68 | break; | 68 | break; |
69 | case XT_CONNMARK_RESTORE: | 69 | case XT_CONNMARK_RESTORE: |
70 | mark = (*pskb)->mark; | 70 | mark = skb->mark; |
71 | diff = (ct->mark ^ mark) & markinfo->mask; | 71 | diff = (ct->mark ^ mark) & markinfo->mask; |
72 | (*pskb)->mark = mark ^ diff; | 72 | skb->mark = mark ^ diff; |
73 | break; | 73 | break; |
74 | } | 74 | } |
75 | } | 75 | } |
diff --git a/net/netfilter/xt_CONNSECMARK.c b/net/netfilter/xt_CONNSECMARK.c index 63d73138c1b9..021b5c8d20e2 100644 --- a/net/netfilter/xt_CONNSECMARK.c +++ b/net/netfilter/xt_CONNSECMARK.c | |||
@@ -61,12 +61,11 @@ static void secmark_restore(struct sk_buff *skb) | |||
61 | } | 61 | } |
62 | } | 62 | } |
63 | 63 | ||
64 | static unsigned int target(struct sk_buff **pskb, const struct net_device *in, | 64 | static unsigned int target(struct sk_buff *skb, const struct net_device *in, |
65 | const struct net_device *out, unsigned int hooknum, | 65 | const struct net_device *out, unsigned int hooknum, |
66 | const struct xt_target *target, | 66 | const struct xt_target *target, |
67 | const void *targinfo) | 67 | const void *targinfo) |
68 | { | 68 | { |
69 | struct sk_buff *skb = *pskb; | ||
70 | const struct xt_connsecmark_target_info *info = targinfo; | 69 | const struct xt_connsecmark_target_info *info = targinfo; |
71 | 70 | ||
72 | switch (info->mode) { | 71 | switch (info->mode) { |
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c index 798ab731009d..6322a933ab71 100644 --- a/net/netfilter/xt_DSCP.c +++ b/net/netfilter/xt_DSCP.c | |||
@@ -25,7 +25,7 @@ MODULE_LICENSE("GPL"); | |||
25 | MODULE_ALIAS("ipt_DSCP"); | 25 | MODULE_ALIAS("ipt_DSCP"); |
26 | MODULE_ALIAS("ip6t_DSCP"); | 26 | MODULE_ALIAS("ip6t_DSCP"); |
27 | 27 | ||
28 | static unsigned int target(struct sk_buff **pskb, | 28 | static unsigned int target(struct sk_buff *skb, |
29 | const struct net_device *in, | 29 | const struct net_device *in, |
30 | const struct net_device *out, | 30 | const struct net_device *out, |
31 | unsigned int hooknum, | 31 | unsigned int hooknum, |
@@ -33,20 +33,20 @@ static unsigned int target(struct sk_buff **pskb, | |||
33 | const void *targinfo) | 33 | const void *targinfo) |
34 | { | 34 | { |
35 | const struct xt_DSCP_info *dinfo = targinfo; | 35 | const struct xt_DSCP_info *dinfo = targinfo; |
36 | u_int8_t dscp = ipv4_get_dsfield(ip_hdr(*pskb)) >> XT_DSCP_SHIFT; | 36 | u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT; |
37 | 37 | ||
38 | if (dscp != dinfo->dscp) { | 38 | if (dscp != dinfo->dscp) { |
39 | if (!skb_make_writable(pskb, sizeof(struct iphdr))) | 39 | if (!skb_make_writable(skb, sizeof(struct iphdr))) |
40 | return NF_DROP; | 40 | return NF_DROP; |
41 | 41 | ||
42 | ipv4_change_dsfield(ip_hdr(*pskb), (__u8)(~XT_DSCP_MASK), | 42 | ipv4_change_dsfield(ip_hdr(skb), (__u8)(~XT_DSCP_MASK), |
43 | dinfo->dscp << XT_DSCP_SHIFT); | 43 | dinfo->dscp << XT_DSCP_SHIFT); |
44 | 44 | ||
45 | } | 45 | } |
46 | return XT_CONTINUE; | 46 | return XT_CONTINUE; |
47 | } | 47 | } |
48 | 48 | ||
49 | static unsigned int target6(struct sk_buff **pskb, | 49 | static unsigned int target6(struct sk_buff *skb, |
50 | const struct net_device *in, | 50 | const struct net_device *in, |
51 | const struct net_device *out, | 51 | const struct net_device *out, |
52 | unsigned int hooknum, | 52 | unsigned int hooknum, |
@@ -54,13 +54,13 @@ static unsigned int target6(struct sk_buff **pskb, | |||
54 | const void *targinfo) | 54 | const void *targinfo) |
55 | { | 55 | { |
56 | const struct xt_DSCP_info *dinfo = targinfo; | 56 | const struct xt_DSCP_info *dinfo = targinfo; |
57 | u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(*pskb)) >> XT_DSCP_SHIFT; | 57 | u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT; |
58 | 58 | ||
59 | if (dscp != dinfo->dscp) { | 59 | if (dscp != dinfo->dscp) { |
60 | if (!skb_make_writable(pskb, sizeof(struct ipv6hdr))) | 60 | if (!skb_make_writable(skb, sizeof(struct ipv6hdr))) |
61 | return NF_DROP; | 61 | return NF_DROP; |
62 | 62 | ||
63 | ipv6_change_dsfield(ipv6_hdr(*pskb), (__u8)(~XT_DSCP_MASK), | 63 | ipv6_change_dsfield(ipv6_hdr(skb), (__u8)(~XT_DSCP_MASK), |
64 | dinfo->dscp << XT_DSCP_SHIFT); | 64 | dinfo->dscp << XT_DSCP_SHIFT); |
65 | } | 65 | } |
66 | return XT_CONTINUE; | 66 | return XT_CONTINUE; |
diff --git a/net/netfilter/xt_MARK.c b/net/netfilter/xt_MARK.c index f30fe0baf7de..bc6503d77d75 100644 --- a/net/netfilter/xt_MARK.c +++ b/net/netfilter/xt_MARK.c | |||
@@ -22,7 +22,7 @@ MODULE_ALIAS("ipt_MARK"); | |||
22 | MODULE_ALIAS("ip6t_MARK"); | 22 | MODULE_ALIAS("ip6t_MARK"); |
23 | 23 | ||
24 | static unsigned int | 24 | static unsigned int |
25 | target_v0(struct sk_buff **pskb, | 25 | target_v0(struct sk_buff *skb, |
26 | const struct net_device *in, | 26 | const struct net_device *in, |
27 | const struct net_device *out, | 27 | const struct net_device *out, |
28 | unsigned int hooknum, | 28 | unsigned int hooknum, |
@@ -31,12 +31,12 @@ target_v0(struct sk_buff **pskb, | |||
31 | { | 31 | { |
32 | const struct xt_mark_target_info *markinfo = targinfo; | 32 | const struct xt_mark_target_info *markinfo = targinfo; |
33 | 33 | ||
34 | (*pskb)->mark = markinfo->mark; | 34 | skb->mark = markinfo->mark; |
35 | return XT_CONTINUE; | 35 | return XT_CONTINUE; |
36 | } | 36 | } |
37 | 37 | ||
38 | static unsigned int | 38 | static unsigned int |
39 | target_v1(struct sk_buff **pskb, | 39 | target_v1(struct sk_buff *skb, |
40 | const struct net_device *in, | 40 | const struct net_device *in, |
41 | const struct net_device *out, | 41 | const struct net_device *out, |
42 | unsigned int hooknum, | 42 | unsigned int hooknum, |
@@ -52,15 +52,15 @@ target_v1(struct sk_buff **pskb, | |||
52 | break; | 52 | break; |
53 | 53 | ||
54 | case XT_MARK_AND: | 54 | case XT_MARK_AND: |
55 | mark = (*pskb)->mark & markinfo->mark; | 55 | mark = skb->mark & markinfo->mark; |
56 | break; | 56 | break; |
57 | 57 | ||
58 | case XT_MARK_OR: | 58 | case XT_MARK_OR: |
59 | mark = (*pskb)->mark | markinfo->mark; | 59 | mark = skb->mark | markinfo->mark; |
60 | break; | 60 | break; |
61 | } | 61 | } |
62 | 62 | ||
63 | (*pskb)->mark = mark; | 63 | skb->mark = mark; |
64 | return XT_CONTINUE; | 64 | return XT_CONTINUE; |
65 | } | 65 | } |
66 | 66 | ||
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c index d3594c7ccb26..9fb449ffbf8b 100644 --- a/net/netfilter/xt_NFLOG.c +++ b/net/netfilter/xt_NFLOG.c | |||
@@ -20,7 +20,7 @@ MODULE_ALIAS("ipt_NFLOG"); | |||
20 | MODULE_ALIAS("ip6t_NFLOG"); | 20 | MODULE_ALIAS("ip6t_NFLOG"); |
21 | 21 | ||
22 | static unsigned int | 22 | static unsigned int |
23 | nflog_target(struct sk_buff **pskb, | 23 | nflog_target(struct sk_buff *skb, |
24 | const struct net_device *in, const struct net_device *out, | 24 | const struct net_device *in, const struct net_device *out, |
25 | unsigned int hooknum, const struct xt_target *target, | 25 | unsigned int hooknum, const struct xt_target *target, |
26 | const void *targinfo) | 26 | const void *targinfo) |
@@ -33,7 +33,7 @@ nflog_target(struct sk_buff **pskb, | |||
33 | li.u.ulog.group = info->group; | 33 | li.u.ulog.group = info->group; |
34 | li.u.ulog.qthreshold = info->threshold; | 34 | li.u.ulog.qthreshold = info->threshold; |
35 | 35 | ||
36 | nf_log_packet(target->family, hooknum, *pskb, in, out, &li, | 36 | nf_log_packet(target->family, hooknum, skb, in, out, &li, |
37 | "%s", info->prefix); | 37 | "%s", info->prefix); |
38 | return XT_CONTINUE; | 38 | return XT_CONTINUE; |
39 | } | 39 | } |
diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c index 13f59f3e8c38..c3984e9f766a 100644 --- a/net/netfilter/xt_NFQUEUE.c +++ b/net/netfilter/xt_NFQUEUE.c | |||
@@ -24,7 +24,7 @@ MODULE_ALIAS("ip6t_NFQUEUE"); | |||
24 | MODULE_ALIAS("arpt_NFQUEUE"); | 24 | MODULE_ALIAS("arpt_NFQUEUE"); |
25 | 25 | ||
26 | static unsigned int | 26 | static unsigned int |
27 | target(struct sk_buff **pskb, | 27 | target(struct sk_buff *skb, |
28 | const struct net_device *in, | 28 | const struct net_device *in, |
29 | const struct net_device *out, | 29 | const struct net_device *out, |
30 | unsigned int hooknum, | 30 | unsigned int hooknum, |
diff --git a/net/netfilter/xt_NOTRACK.c b/net/netfilter/xt_NOTRACK.c index fec1aefb1c32..4976ce186615 100644 --- a/net/netfilter/xt_NOTRACK.c +++ b/net/netfilter/xt_NOTRACK.c | |||
@@ -12,7 +12,7 @@ MODULE_ALIAS("ipt_NOTRACK"); | |||
12 | MODULE_ALIAS("ip6t_NOTRACK"); | 12 | MODULE_ALIAS("ip6t_NOTRACK"); |
13 | 13 | ||
14 | static unsigned int | 14 | static unsigned int |
15 | target(struct sk_buff **pskb, | 15 | target(struct sk_buff *skb, |
16 | const struct net_device *in, | 16 | const struct net_device *in, |
17 | const struct net_device *out, | 17 | const struct net_device *out, |
18 | unsigned int hooknum, | 18 | unsigned int hooknum, |
@@ -20,16 +20,16 @@ target(struct sk_buff **pskb, | |||
20 | const void *targinfo) | 20 | const void *targinfo) |
21 | { | 21 | { |
22 | /* Previously seen (loopback)? Ignore. */ | 22 | /* Previously seen (loopback)? Ignore. */ |
23 | if ((*pskb)->nfct != NULL) | 23 | if (skb->nfct != NULL) |
24 | return XT_CONTINUE; | 24 | return XT_CONTINUE; |
25 | 25 | ||
26 | /* Attach fake conntrack entry. | 26 | /* Attach fake conntrack entry. |
27 | If there is a real ct entry correspondig to this packet, | 27 | If there is a real ct entry correspondig to this packet, |
28 | it'll hang aroun till timing out. We don't deal with it | 28 | it'll hang aroun till timing out. We don't deal with it |
29 | for performance reasons. JK */ | 29 | for performance reasons. JK */ |
30 | (*pskb)->nfct = &nf_conntrack_untracked.ct_general; | 30 | skb->nfct = &nf_conntrack_untracked.ct_general; |
31 | (*pskb)->nfctinfo = IP_CT_NEW; | 31 | skb->nfctinfo = IP_CT_NEW; |
32 | nf_conntrack_get((*pskb)->nfct); | 32 | nf_conntrack_get(skb->nfct); |
33 | 33 | ||
34 | return XT_CONTINUE; | 34 | return XT_CONTINUE; |
35 | } | 35 | } |
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c index c83779a941a1..235806eb6ecd 100644 --- a/net/netfilter/xt_SECMARK.c +++ b/net/netfilter/xt_SECMARK.c | |||
@@ -28,7 +28,7 @@ MODULE_ALIAS("ip6t_SECMARK"); | |||
28 | 28 | ||
29 | static u8 mode; | 29 | static u8 mode; |
30 | 30 | ||
31 | static unsigned int target(struct sk_buff **pskb, const struct net_device *in, | 31 | static unsigned int target(struct sk_buff *skb, const struct net_device *in, |
32 | const struct net_device *out, unsigned int hooknum, | 32 | const struct net_device *out, unsigned int hooknum, |
33 | const struct xt_target *target, | 33 | const struct xt_target *target, |
34 | const void *targinfo) | 34 | const void *targinfo) |
@@ -47,7 +47,7 @@ static unsigned int target(struct sk_buff **pskb, const struct net_device *in, | |||
47 | BUG(); | 47 | BUG(); |
48 | } | 48 | } |
49 | 49 | ||
50 | (*pskb)->secmark = secmark; | 50 | skb->secmark = secmark; |
51 | return XT_CONTINUE; | 51 | return XT_CONTINUE; |
52 | } | 52 | } |
53 | 53 | ||
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c index d40f7e4b1289..07435a602b11 100644 --- a/net/netfilter/xt_TCPMSS.c +++ b/net/netfilter/xt_TCPMSS.c | |||
@@ -39,7 +39,7 @@ optlen(const u_int8_t *opt, unsigned int offset) | |||
39 | } | 39 | } |
40 | 40 | ||
41 | static int | 41 | static int |
42 | tcpmss_mangle_packet(struct sk_buff **pskb, | 42 | tcpmss_mangle_packet(struct sk_buff *skb, |
43 | const struct xt_tcpmss_info *info, | 43 | const struct xt_tcpmss_info *info, |
44 | unsigned int tcphoff, | 44 | unsigned int tcphoff, |
45 | unsigned int minlen) | 45 | unsigned int minlen) |
@@ -50,11 +50,11 @@ tcpmss_mangle_packet(struct sk_buff **pskb, | |||
50 | u16 newmss; | 50 | u16 newmss; |
51 | u8 *opt; | 51 | u8 *opt; |
52 | 52 | ||
53 | if (!skb_make_writable(pskb, (*pskb)->len)) | 53 | if (!skb_make_writable(skb, skb->len)) |
54 | return -1; | 54 | return -1; |
55 | 55 | ||
56 | tcplen = (*pskb)->len - tcphoff; | 56 | tcplen = skb->len - tcphoff; |
57 | tcph = (struct tcphdr *)(skb_network_header(*pskb) + tcphoff); | 57 | tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff); |
58 | 58 | ||
59 | /* Since it passed flags test in tcp match, we know it is is | 59 | /* Since it passed flags test in tcp match, we know it is is |
60 | not a fragment, and has data >= tcp header length. SYN | 60 | not a fragment, and has data >= tcp header length. SYN |
@@ -64,19 +64,19 @@ tcpmss_mangle_packet(struct sk_buff **pskb, | |||
64 | if (tcplen != tcph->doff*4) { | 64 | if (tcplen != tcph->doff*4) { |
65 | if (net_ratelimit()) | 65 | if (net_ratelimit()) |
66 | printk(KERN_ERR "xt_TCPMSS: bad length (%u bytes)\n", | 66 | printk(KERN_ERR "xt_TCPMSS: bad length (%u bytes)\n", |
67 | (*pskb)->len); | 67 | skb->len); |
68 | return -1; | 68 | return -1; |
69 | } | 69 | } |
70 | 70 | ||
71 | if (info->mss == XT_TCPMSS_CLAMP_PMTU) { | 71 | if (info->mss == XT_TCPMSS_CLAMP_PMTU) { |
72 | if (dst_mtu((*pskb)->dst) <= minlen) { | 72 | if (dst_mtu(skb->dst) <= minlen) { |
73 | if (net_ratelimit()) | 73 | if (net_ratelimit()) |
74 | printk(KERN_ERR "xt_TCPMSS: " | 74 | printk(KERN_ERR "xt_TCPMSS: " |
75 | "unknown or invalid path-MTU (%u)\n", | 75 | "unknown or invalid path-MTU (%u)\n", |
76 | dst_mtu((*pskb)->dst)); | 76 | dst_mtu(skb->dst)); |
77 | return -1; | 77 | return -1; |
78 | } | 78 | } |
79 | newmss = dst_mtu((*pskb)->dst) - minlen; | 79 | newmss = dst_mtu(skb->dst) - minlen; |
80 | } else | 80 | } else |
81 | newmss = info->mss; | 81 | newmss = info->mss; |
82 | 82 | ||
@@ -95,7 +95,7 @@ tcpmss_mangle_packet(struct sk_buff **pskb, | |||
95 | opt[i+2] = (newmss & 0xff00) >> 8; | 95 | opt[i+2] = (newmss & 0xff00) >> 8; |
96 | opt[i+3] = newmss & 0x00ff; | 96 | opt[i+3] = newmss & 0x00ff; |
97 | 97 | ||
98 | nf_proto_csum_replace2(&tcph->check, *pskb, | 98 | nf_proto_csum_replace2(&tcph->check, skb, |
99 | htons(oldmss), htons(newmss), 0); | 99 | htons(oldmss), htons(newmss), 0); |
100 | return 0; | 100 | return 0; |
101 | } | 101 | } |
@@ -104,57 +104,53 @@ tcpmss_mangle_packet(struct sk_buff **pskb, | |||
104 | /* | 104 | /* |
105 | * MSS Option not found ?! add it.. | 105 | * MSS Option not found ?! add it.. |
106 | */ | 106 | */ |
107 | if (skb_tailroom((*pskb)) < TCPOLEN_MSS) { | 107 | if (skb_tailroom(skb) < TCPOLEN_MSS) { |
108 | struct sk_buff *newskb; | 108 | if (pskb_expand_head(skb, 0, |
109 | 109 | TCPOLEN_MSS - skb_tailroom(skb), | |
110 | newskb = skb_copy_expand(*pskb, skb_headroom(*pskb), | 110 | GFP_ATOMIC)) |
111 | TCPOLEN_MSS, GFP_ATOMIC); | ||
112 | if (!newskb) | ||
113 | return -1; | 111 | return -1; |
114 | kfree_skb(*pskb); | 112 | tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff); |
115 | *pskb = newskb; | ||
116 | tcph = (struct tcphdr *)(skb_network_header(*pskb) + tcphoff); | ||
117 | } | 113 | } |
118 | 114 | ||
119 | skb_put((*pskb), TCPOLEN_MSS); | 115 | skb_put(skb, TCPOLEN_MSS); |
120 | 116 | ||
121 | opt = (u_int8_t *)tcph + sizeof(struct tcphdr); | 117 | opt = (u_int8_t *)tcph + sizeof(struct tcphdr); |
122 | memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr)); | 118 | memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr)); |
123 | 119 | ||
124 | nf_proto_csum_replace2(&tcph->check, *pskb, | 120 | nf_proto_csum_replace2(&tcph->check, skb, |
125 | htons(tcplen), htons(tcplen + TCPOLEN_MSS), 1); | 121 | htons(tcplen), htons(tcplen + TCPOLEN_MSS), 1); |
126 | opt[0] = TCPOPT_MSS; | 122 | opt[0] = TCPOPT_MSS; |
127 | opt[1] = TCPOLEN_MSS; | 123 | opt[1] = TCPOLEN_MSS; |
128 | opt[2] = (newmss & 0xff00) >> 8; | 124 | opt[2] = (newmss & 0xff00) >> 8; |
129 | opt[3] = newmss & 0x00ff; | 125 | opt[3] = newmss & 0x00ff; |
130 | 126 | ||
131 | nf_proto_csum_replace4(&tcph->check, *pskb, 0, *((__be32 *)opt), 0); | 127 | nf_proto_csum_replace4(&tcph->check, skb, 0, *((__be32 *)opt), 0); |
132 | 128 | ||
133 | oldval = ((__be16 *)tcph)[6]; | 129 | oldval = ((__be16 *)tcph)[6]; |
134 | tcph->doff += TCPOLEN_MSS/4; | 130 | tcph->doff += TCPOLEN_MSS/4; |
135 | nf_proto_csum_replace2(&tcph->check, *pskb, | 131 | nf_proto_csum_replace2(&tcph->check, skb, |
136 | oldval, ((__be16 *)tcph)[6], 0); | 132 | oldval, ((__be16 *)tcph)[6], 0); |
137 | return TCPOLEN_MSS; | 133 | return TCPOLEN_MSS; |
138 | } | 134 | } |
139 | 135 | ||
140 | static unsigned int | 136 | static unsigned int |
141 | xt_tcpmss_target4(struct sk_buff **pskb, | 137 | xt_tcpmss_target4(struct sk_buff *skb, |
142 | const struct net_device *in, | 138 | const struct net_device *in, |
143 | const struct net_device *out, | 139 | const struct net_device *out, |
144 | unsigned int hooknum, | 140 | unsigned int hooknum, |
145 | const struct xt_target *target, | 141 | const struct xt_target *target, |
146 | const void *targinfo) | 142 | const void *targinfo) |
147 | { | 143 | { |
148 | struct iphdr *iph = ip_hdr(*pskb); | 144 | struct iphdr *iph = ip_hdr(skb); |
149 | __be16 newlen; | 145 | __be16 newlen; |
150 | int ret; | 146 | int ret; |
151 | 147 | ||
152 | ret = tcpmss_mangle_packet(pskb, targinfo, iph->ihl * 4, | 148 | ret = tcpmss_mangle_packet(skb, targinfo, iph->ihl * 4, |
153 | sizeof(*iph) + sizeof(struct tcphdr)); | 149 | sizeof(*iph) + sizeof(struct tcphdr)); |
154 | if (ret < 0) | 150 | if (ret < 0) |
155 | return NF_DROP; | 151 | return NF_DROP; |
156 | if (ret > 0) { | 152 | if (ret > 0) { |
157 | iph = ip_hdr(*pskb); | 153 | iph = ip_hdr(skb); |
158 | newlen = htons(ntohs(iph->tot_len) + ret); | 154 | newlen = htons(ntohs(iph->tot_len) + ret); |
159 | nf_csum_replace2(&iph->check, iph->tot_len, newlen); | 155 | nf_csum_replace2(&iph->check, iph->tot_len, newlen); |
160 | iph->tot_len = newlen; | 156 | iph->tot_len = newlen; |
@@ -164,30 +160,30 @@ xt_tcpmss_target4(struct sk_buff **pskb, | |||
164 | 160 | ||
165 | #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) | 161 | #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) |
166 | static unsigned int | 162 | static unsigned int |
167 | xt_tcpmss_target6(struct sk_buff **pskb, | 163 | xt_tcpmss_target6(struct sk_buff *skb, |
168 | const struct net_device *in, | 164 | const struct net_device *in, |
169 | const struct net_device *out, | 165 | const struct net_device *out, |
170 | unsigned int hooknum, | 166 | unsigned int hooknum, |
171 | const struct xt_target *target, | 167 | const struct xt_target *target, |
172 | const void *targinfo) | 168 | const void *targinfo) |
173 | { | 169 | { |
174 | struct ipv6hdr *ipv6h = ipv6_hdr(*pskb); | 170 | struct ipv6hdr *ipv6h = ipv6_hdr(skb); |
175 | u8 nexthdr; | 171 | u8 nexthdr; |
176 | int tcphoff; | 172 | int tcphoff; |
177 | int ret; | 173 | int ret; |
178 | 174 | ||
179 | nexthdr = ipv6h->nexthdr; | 175 | nexthdr = ipv6h->nexthdr; |
180 | tcphoff = ipv6_skip_exthdr(*pskb, sizeof(*ipv6h), &nexthdr); | 176 | tcphoff = ipv6_skip_exthdr(skb, sizeof(*ipv6h), &nexthdr); |
181 | if (tcphoff < 0) { | 177 | if (tcphoff < 0) { |
182 | WARN_ON(1); | 178 | WARN_ON(1); |
183 | return NF_DROP; | 179 | return NF_DROP; |
184 | } | 180 | } |
185 | ret = tcpmss_mangle_packet(pskb, targinfo, tcphoff, | 181 | ret = tcpmss_mangle_packet(skb, targinfo, tcphoff, |
186 | sizeof(*ipv6h) + sizeof(struct tcphdr)); | 182 | sizeof(*ipv6h) + sizeof(struct tcphdr)); |
187 | if (ret < 0) | 183 | if (ret < 0) |
188 | return NF_DROP; | 184 | return NF_DROP; |
189 | if (ret > 0) { | 185 | if (ret > 0) { |
190 | ipv6h = ipv6_hdr(*pskb); | 186 | ipv6h = ipv6_hdr(skb); |
191 | ipv6h->payload_len = htons(ntohs(ipv6h->payload_len) + ret); | 187 | ipv6h->payload_len = htons(ntohs(ipv6h->payload_len) + ret); |
192 | } | 188 | } |
193 | return XT_CONTINUE; | 189 | return XT_CONTINUE; |
diff --git a/net/netfilter/xt_TRACE.c b/net/netfilter/xt_TRACE.c index 4df2dedcc0b5..26c5d08ab2c2 100644 --- a/net/netfilter/xt_TRACE.c +++ b/net/netfilter/xt_TRACE.c | |||
@@ -10,14 +10,14 @@ MODULE_ALIAS("ipt_TRACE"); | |||
10 | MODULE_ALIAS("ip6t_TRACE"); | 10 | MODULE_ALIAS("ip6t_TRACE"); |
11 | 11 | ||
12 | static unsigned int | 12 | static unsigned int |
13 | target(struct sk_buff **pskb, | 13 | target(struct sk_buff *skb, |
14 | const struct net_device *in, | 14 | const struct net_device *in, |
15 | const struct net_device *out, | 15 | const struct net_device *out, |
16 | unsigned int hooknum, | 16 | unsigned int hooknum, |
17 | const struct xt_target *target, | 17 | const struct xt_target *target, |
18 | const void *targinfo) | 18 | const void *targinfo) |
19 | { | 19 | { |
20 | (*pskb)->nf_trace = 1; | 20 | skb->nf_trace = 1; |
21 | return XT_CONTINUE; | 21 | return XT_CONTINUE; |
22 | } | 22 | } |
23 | 23 | ||
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index c776bcd9f825..98e313e5e594 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c | |||
@@ -1378,6 +1378,8 @@ netlink_kernel_create(struct net *net, int unit, unsigned int groups, | |||
1378 | nl_table[unit].cb_mutex = cb_mutex; | 1378 | nl_table[unit].cb_mutex = cb_mutex; |
1379 | nl_table[unit].module = module; | 1379 | nl_table[unit].module = module; |
1380 | nl_table[unit].registered = 1; | 1380 | nl_table[unit].registered = 1; |
1381 | } else { | ||
1382 | kfree(listeners); | ||
1381 | } | 1383 | } |
1382 | netlink_table_ungrab(); | 1384 | netlink_table_ungrab(); |
1383 | 1385 | ||
diff --git a/net/sched/act_ipt.c b/net/sched/act_ipt.c index 6b407ece953c..fa006e06ce33 100644 --- a/net/sched/act_ipt.c +++ b/net/sched/act_ipt.c | |||
@@ -202,11 +202,7 @@ static int tcf_ipt(struct sk_buff *skb, struct tc_action *a, | |||
202 | /* yes, we have to worry about both in and out dev | 202 | /* yes, we have to worry about both in and out dev |
203 | worry later - danger - this API seems to have changed | 203 | worry later - danger - this API seems to have changed |
204 | from earlier kernels */ | 204 | from earlier kernels */ |
205 | 205 | ret = ipt->tcfi_t->u.kernel.target->target(skb, skb->dev, NULL, | |
206 | /* iptables targets take a double skb pointer in case the skb | ||
207 | * needs to be replaced. We don't own the skb, so this must not | ||
208 | * happen. The pskb_expand_head above should make sure of this */ | ||
209 | ret = ipt->tcfi_t->u.kernel.target->target(&skb, skb->dev, NULL, | ||
210 | ipt->tcfi_hook, | 206 | ipt->tcfi_hook, |
211 | ipt->tcfi_t->u.kernel.target, | 207 | ipt->tcfi_t->u.kernel.target, |
212 | ipt->tcfi_t->data); | 208 | ipt->tcfi_t->data); |
diff --git a/net/sched/sch_ingress.c b/net/sched/sch_ingress.c index 2d32fd27496e..3f8335e6ea2e 100644 --- a/net/sched/sch_ingress.c +++ b/net/sched/sch_ingress.c | |||
@@ -205,20 +205,19 @@ static unsigned int ingress_drop(struct Qdisc *sch) | |||
205 | #ifndef CONFIG_NET_CLS_ACT | 205 | #ifndef CONFIG_NET_CLS_ACT |
206 | #ifdef CONFIG_NETFILTER | 206 | #ifdef CONFIG_NETFILTER |
207 | static unsigned int | 207 | static unsigned int |
208 | ing_hook(unsigned int hook, struct sk_buff **pskb, | 208 | ing_hook(unsigned int hook, struct sk_buff *skb, |
209 | const struct net_device *indev, | 209 | const struct net_device *indev, |
210 | const struct net_device *outdev, | 210 | const struct net_device *outdev, |
211 | int (*okfn)(struct sk_buff *)) | 211 | int (*okfn)(struct sk_buff *)) |
212 | { | 212 | { |
213 | 213 | ||
214 | struct Qdisc *q; | 214 | struct Qdisc *q; |
215 | struct sk_buff *skb = *pskb; | ||
216 | struct net_device *dev = skb->dev; | 215 | struct net_device *dev = skb->dev; |
217 | int fwres=NF_ACCEPT; | 216 | int fwres=NF_ACCEPT; |
218 | 217 | ||
219 | DPRINTK("ing_hook: skb %s dev=%s len=%u\n", | 218 | DPRINTK("ing_hook: skb %s dev=%s len=%u\n", |
220 | skb->sk ? "(owned)" : "(unowned)", | 219 | skb->sk ? "(owned)" : "(unowned)", |
221 | skb->dev ? (*pskb)->dev->name : "(no dev)", | 220 | skb->dev ? skb->dev->name : "(no dev)", |
222 | skb->len); | 221 | skb->len); |
223 | 222 | ||
224 | if (dev->qdisc_ingress) { | 223 | if (dev->qdisc_ingress) { |
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index 9de3ddaa2768..eb4deaf58914 100644 --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c | |||
@@ -954,9 +954,9 @@ static struct inet_protosw sctpv6_stream_protosw = { | |||
954 | .flags = SCTP_PROTOSW_FLAG, | 954 | .flags = SCTP_PROTOSW_FLAG, |
955 | }; | 955 | }; |
956 | 956 | ||
957 | static int sctp6_rcv(struct sk_buff **pskb) | 957 | static int sctp6_rcv(struct sk_buff *skb) |
958 | { | 958 | { |
959 | return sctp_rcv(*pskb) ? -1 : 0; | 959 | return sctp_rcv(skb) ? -1 : 0; |
960 | } | 960 | } |
961 | 961 | ||
962 | static struct inet6_protocol sctpv6_protocol = { | 962 | static struct inet6_protocol sctpv6_protocol = { |