aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/bridge/br.c2
-rw-r--r--net/bridge/br_input.c2
-rw-r--r--net/bridge/br_netfilter.c33
-rw-r--r--net/bridge/netfilter/ebt_arpreply.c3
-rw-r--r--net/bridge/netfilter/ebt_dnat.c6
-rw-r--r--net/bridge/netfilter/ebt_mark.c10
-rw-r--r--net/bridge/netfilter/ebt_redirect.c10
-rw-r--r--net/bridge/netfilter/ebt_snat.c12
-rw-r--r--net/bridge/netfilter/ebtable_broute.c4
-rw-r--r--net/bridge/netfilter/ebtable_filter.c4
-rw-r--r--net/bridge/netfilter/ebtable_nat.c8
-rw-r--r--net/bridge/netfilter/ebtables.c12
-rw-r--r--net/decnet/netfilter/dn_rtmsg.c4
-rw-r--r--net/ipv4/ipvs/ip_vs_app.c32
-rw-r--r--net/ipv4/ipvs/ip_vs_core.c36
-rw-r--r--net/ipv4/ipvs/ip_vs_ftp.c18
-rw-r--r--net/ipv4/ipvs/ip_vs_proto_tcp.c50
-rw-r--r--net/ipv4/ipvs/ip_vs_proto_udp.c50
-rw-r--r--net/ipv4/ipvs/ip_vs_xmit.c2
-rw-r--r--net/ipv4/netfilter.c58
-rw-r--r--net/ipv4/netfilter/arp_tables.c20
-rw-r--r--net/ipv4/netfilter/arpt_mangle.c16
-rw-r--r--net/ipv4/netfilter/arptable_filter.c4
-rw-r--r--net/ipv4/netfilter/ip_tables.c20
-rw-r--r--net/ipv4/netfilter/ipt_CLUSTERIP.c14
-rw-r--r--net/ipv4/netfilter/ipt_ECN.c27
-rw-r--r--net/ipv4/netfilter/ipt_LOG.c4
-rw-r--r--net/ipv4/netfilter/ipt_MASQUERADE.c6
-rw-r--r--net/ipv4/netfilter/ipt_NETMAP.c8
-rw-r--r--net/ipv4/netfilter/ipt_REDIRECT.c6
-rw-r--r--net/ipv4/netfilter/ipt_REJECT.c22
-rw-r--r--net/ipv4/netfilter/ipt_SAME.c4
-rw-r--r--net/ipv4/netfilter/ipt_TOS.c8
-rw-r--r--net/ipv4/netfilter/ipt_TTL.c6
-rw-r--r--net/ipv4/netfilter/ipt_ULOG.c4
-rw-r--r--net/ipv4/netfilter/iptable_filter.c12
-rw-r--r--net/ipv4/netfilter/iptable_mangle.c22
-rw-r--r--net/ipv4/netfilter/iptable_raw.c12
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c30
-rw-r--r--net/ipv4/netfilter/nf_nat_amanda.c4
-rw-r--r--net/ipv4/netfilter/nf_nat_core.c50
-rw-r--r--net/ipv4/netfilter/nf_nat_ftp.c18
-rw-r--r--net/ipv4/netfilter/nf_nat_h323.c58
-rw-r--r--net/ipv4/netfilter/nf_nat_helper.c110
-rw-r--r--net/ipv4/netfilter/nf_nat_irc.c4
-rw-r--r--net/ipv4/netfilter/nf_nat_pptp.c8
-rw-r--r--net/ipv4/netfilter/nf_nat_proto_gre.c8
-rw-r--r--net/ipv4/netfilter/nf_nat_proto_icmp.c10
-rw-r--r--net/ipv4/netfilter/nf_nat_proto_tcp.c16
-rw-r--r--net/ipv4/netfilter/nf_nat_proto_udp.c16
-rw-r--r--net/ipv4/netfilter/nf_nat_proto_unknown.c2
-rw-r--r--net/ipv4/netfilter/nf_nat_rule.c14
-rw-r--r--net/ipv4/netfilter/nf_nat_sip.c56
-rw-r--r--net/ipv4/netfilter/nf_nat_snmp_basic.c14
-rw-r--r--net/ipv4/netfilter/nf_nat_standalone.c62
-rw-r--r--net/ipv4/netfilter/nf_nat_tftp.c2
-rw-r--r--net/ipv4/xfrm4_output.c4
-rw-r--r--net/ipv6/netfilter.c6
-rw-r--r--net/ipv6/netfilter/ip6_tables.c16
-rw-r--r--net/ipv6/netfilter/ip6t_HL.c6
-rw-r--r--net/ipv6/netfilter/ip6t_LOG.c5
-rw-r--r--net/ipv6/netfilter/ip6t_REJECT.c14
-rw-r--r--net/ipv6/netfilter/ip6table_filter.c12
-rw-r--r--net/ipv6/netfilter/ip6table_mangle.c32
-rw-r--r--net/ipv6/netfilter/ip6table_raw.c4
-rw-r--r--net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c44
-rw-r--r--net/ipv6/xfrm6_output.c4
-rw-r--r--net/netfilter/core.c10
-rw-r--r--net/netfilter/nf_conntrack_amanda.c20
-rw-r--r--net/netfilter/nf_conntrack_core.c30
-rw-r--r--net/netfilter/nf_conntrack_ftp.c18
-rw-r--r--net/netfilter/nf_conntrack_h323_main.c236
-rw-r--r--net/netfilter/nf_conntrack_irc.c16
-rw-r--r--net/netfilter/nf_conntrack_netbios_ns.c10
-rw-r--r--net/netfilter/nf_conntrack_pptp.c28
-rw-r--r--net/netfilter/nf_conntrack_sane.c10
-rw-r--r--net/netfilter/nf_conntrack_sip.c24
-rw-r--r--net/netfilter/nf_conntrack_tftp.c8
-rw-r--r--net/netfilter/nf_internals.h2
-rw-r--r--net/netfilter/nf_queue.c4
-rw-r--r--net/netfilter/xt_CLASSIFY.c4
-rw-r--r--net/netfilter/xt_CONNMARK.c14
-rw-r--r--net/netfilter/xt_CONNSECMARK.c3
-rw-r--r--net/netfilter/xt_DSCP.c16
-rw-r--r--net/netfilter/xt_MARK.c12
-rw-r--r--net/netfilter/xt_NFLOG.c4
-rw-r--r--net/netfilter/xt_NFQUEUE.c2
-rw-r--r--net/netfilter/xt_NOTRACK.c10
-rw-r--r--net/netfilter/xt_SECMARK.c4
-rw-r--r--net/netfilter/xt_TCPMSS.c52
-rw-r--r--net/netfilter/xt_TRACE.c4
-rw-r--r--net/sched/act_ipt.c6
-rw-r--r--net/sched/sch_ingress.c5
93 files changed, 858 insertions, 894 deletions
diff --git a/net/bridge/br.c b/net/bridge/br.c
index 848b8fa8bedd..93867bb6cc97 100644
--- a/net/bridge/br.c
+++ b/net/bridge/br.c
@@ -23,7 +23,7 @@
23 23
24#include "br_private.h" 24#include "br_private.h"
25 25
26int (*br_should_route_hook) (struct sk_buff **pskb) = NULL; 26int (*br_should_route_hook)(struct sk_buff *skb);
27 27
28static struct llc_sap *br_stp_sap; 28static struct llc_sap *br_stp_sap;
29 29
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index f8e0a2fa796e..3cedd4eeeed6 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -149,7 +149,7 @@ struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb)
149 case BR_STATE_FORWARDING: 149 case BR_STATE_FORWARDING:
150 150
151 if (br_should_route_hook) { 151 if (br_should_route_hook) {
152 if (br_should_route_hook(&skb)) 152 if (br_should_route_hook(skb))
153 return skb; 153 return skb;
154 dest = eth_hdr(skb)->h_dest; 154 dest = eth_hdr(skb)->h_dest;
155 } 155 }
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 8245f051ccbb..246bf23a8775 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -503,13 +503,12 @@ inhdr_error:
503 * receiving device) to make netfilter happy, the REDIRECT 503 * receiving device) to make netfilter happy, the REDIRECT
504 * target in particular. Save the original destination IP 504 * target in particular. Save the original destination IP
505 * address to be able to detect DNAT afterwards. */ 505 * address to be able to detect DNAT afterwards. */
506static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb, 506static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb,
507 const struct net_device *in, 507 const struct net_device *in,
508 const struct net_device *out, 508 const struct net_device *out,
509 int (*okfn)(struct sk_buff *)) 509 int (*okfn)(struct sk_buff *))
510{ 510{
511 struct iphdr *iph; 511 struct iphdr *iph;
512 struct sk_buff *skb = *pskb;
513 __u32 len = nf_bridge_encap_header_len(skb); 512 __u32 len = nf_bridge_encap_header_len(skb);
514 513
515 if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) 514 if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
@@ -584,13 +583,11 @@ out:
584 * took place when the packet entered the bridge), but we 583 * took place when the packet entered the bridge), but we
585 * register an IPv4 PRE_ROUTING 'sabotage' hook that will 584 * register an IPv4 PRE_ROUTING 'sabotage' hook that will
586 * prevent this from happening. */ 585 * prevent this from happening. */
587static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff **pskb, 586static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff *skb,
588 const struct net_device *in, 587 const struct net_device *in,
589 const struct net_device *out, 588 const struct net_device *out,
590 int (*okfn)(struct sk_buff *)) 589 int (*okfn)(struct sk_buff *))
591{ 590{
592 struct sk_buff *skb = *pskb;
593
594 if (skb->dst == (struct dst_entry *)&__fake_rtable) { 591 if (skb->dst == (struct dst_entry *)&__fake_rtable) {
595 dst_release(skb->dst); 592 dst_release(skb->dst);
596 skb->dst = NULL; 593 skb->dst = NULL;
@@ -625,12 +622,11 @@ static int br_nf_forward_finish(struct sk_buff *skb)
625 * but we are still able to filter on the 'real' indev/outdev 622 * but we are still able to filter on the 'real' indev/outdev
626 * because of the physdev module. For ARP, indev and outdev are the 623 * because of the physdev module. For ARP, indev and outdev are the
627 * bridge ports. */ 624 * bridge ports. */
628static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb, 625static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff *skb,
629 const struct net_device *in, 626 const struct net_device *in,
630 const struct net_device *out, 627 const struct net_device *out,
631 int (*okfn)(struct sk_buff *)) 628 int (*okfn)(struct sk_buff *))
632{ 629{
633 struct sk_buff *skb = *pskb;
634 struct nf_bridge_info *nf_bridge; 630 struct nf_bridge_info *nf_bridge;
635 struct net_device *parent; 631 struct net_device *parent;
636 int pf; 632 int pf;
@@ -648,7 +644,7 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb,
648 else 644 else
649 pf = PF_INET6; 645 pf = PF_INET6;
650 646
651 nf_bridge_pull_encap_header(*pskb); 647 nf_bridge_pull_encap_header(skb);
652 648
653 nf_bridge = skb->nf_bridge; 649 nf_bridge = skb->nf_bridge;
654 if (skb->pkt_type == PACKET_OTHERHOST) { 650 if (skb->pkt_type == PACKET_OTHERHOST) {
@@ -666,12 +662,11 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb,
666 return NF_STOLEN; 662 return NF_STOLEN;
667} 663}
668 664
669static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb, 665static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff *skb,
670 const struct net_device *in, 666 const struct net_device *in,
671 const struct net_device *out, 667 const struct net_device *out,
672 int (*okfn)(struct sk_buff *)) 668 int (*okfn)(struct sk_buff *))
673{ 669{
674 struct sk_buff *skb = *pskb;
675 struct net_device **d = (struct net_device **)(skb->cb); 670 struct net_device **d = (struct net_device **)(skb->cb);
676 671
677#ifdef CONFIG_SYSCTL 672#ifdef CONFIG_SYSCTL
@@ -682,12 +677,12 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb,
682 if (skb->protocol != htons(ETH_P_ARP)) { 677 if (skb->protocol != htons(ETH_P_ARP)) {
683 if (!IS_VLAN_ARP(skb)) 678 if (!IS_VLAN_ARP(skb))
684 return NF_ACCEPT; 679 return NF_ACCEPT;
685 nf_bridge_pull_encap_header(*pskb); 680 nf_bridge_pull_encap_header(skb);
686 } 681 }
687 682
688 if (arp_hdr(skb)->ar_pln != 4) { 683 if (arp_hdr(skb)->ar_pln != 4) {
689 if (IS_VLAN_ARP(skb)) 684 if (IS_VLAN_ARP(skb))
690 nf_bridge_push_encap_header(*pskb); 685 nf_bridge_push_encap_header(skb);
691 return NF_ACCEPT; 686 return NF_ACCEPT;
692 } 687 }
693 *d = (struct net_device *)in; 688 *d = (struct net_device *)in;
@@ -709,13 +704,12 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb,
709 * NF_BR_PRI_FIRST, so no relevant PF_BRIDGE/INPUT functions have been nor 704 * NF_BR_PRI_FIRST, so no relevant PF_BRIDGE/INPUT functions have been nor
710 * will be executed. 705 * will be executed.
711 */ 706 */
712static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff **pskb, 707static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff *skb,
713 const struct net_device *in, 708 const struct net_device *in,
714 const struct net_device *out, 709 const struct net_device *out,
715 int (*okfn)(struct sk_buff *)) 710 int (*okfn)(struct sk_buff *))
716{ 711{
717 struct net_device *realindev; 712 struct net_device *realindev;
718 struct sk_buff *skb = *pskb;
719 struct nf_bridge_info *nf_bridge; 713 struct nf_bridge_info *nf_bridge;
720 714
721 if (!skb->nf_bridge) 715 if (!skb->nf_bridge)
@@ -752,13 +746,12 @@ static int br_nf_dev_queue_xmit(struct sk_buff *skb)
752} 746}
753 747
754/* PF_BRIDGE/POST_ROUTING ********************************************/ 748/* PF_BRIDGE/POST_ROUTING ********************************************/
755static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb, 749static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,
756 const struct net_device *in, 750 const struct net_device *in,
757 const struct net_device *out, 751 const struct net_device *out,
758 int (*okfn)(struct sk_buff *)) 752 int (*okfn)(struct sk_buff *))
759{ 753{
760 struct sk_buff *skb = *pskb; 754 struct nf_bridge_info *nf_bridge = skb->nf_bridge;
761 struct nf_bridge_info *nf_bridge = (*pskb)->nf_bridge;
762 struct net_device *realoutdev = bridge_parent(skb->dev); 755 struct net_device *realoutdev = bridge_parent(skb->dev);
763 int pf; 756 int pf;
764 757
@@ -828,13 +821,13 @@ print_error:
828/* IP/SABOTAGE *****************************************************/ 821/* IP/SABOTAGE *****************************************************/
829/* Don't hand locally destined packets to PF_INET(6)/PRE_ROUTING 822/* Don't hand locally destined packets to PF_INET(6)/PRE_ROUTING
830 * for the second time. */ 823 * for the second time. */
831static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff **pskb, 824static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff *skb,
832 const struct net_device *in, 825 const struct net_device *in,
833 const struct net_device *out, 826 const struct net_device *out,
834 int (*okfn)(struct sk_buff *)) 827 int (*okfn)(struct sk_buff *))
835{ 828{
836 if ((*pskb)->nf_bridge && 829 if (skb->nf_bridge &&
837 !((*pskb)->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)) { 830 !(skb->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)) {
838 return NF_STOP; 831 return NF_STOP;
839 } 832 }
840 833
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c
index ffe468a632e7..48a80e423287 100644
--- a/net/bridge/netfilter/ebt_arpreply.c
+++ b/net/bridge/netfilter/ebt_arpreply.c
@@ -15,7 +15,7 @@
15#include <net/arp.h> 15#include <net/arp.h>
16#include <linux/module.h> 16#include <linux/module.h>
17 17
18static int ebt_target_reply(struct sk_buff **pskb, unsigned int hooknr, 18static int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr,
19 const struct net_device *in, const struct net_device *out, 19 const struct net_device *in, const struct net_device *out,
20 const void *data, unsigned int datalen) 20 const void *data, unsigned int datalen)
21{ 21{
@@ -23,7 +23,6 @@ static int ebt_target_reply(struct sk_buff **pskb, unsigned int hooknr,
23 __be32 _sip, *siptr, _dip, *diptr; 23 __be32 _sip, *siptr, _dip, *diptr;
24 struct arphdr _ah, *ap; 24 struct arphdr _ah, *ap;
25 unsigned char _sha[ETH_ALEN], *shp; 25 unsigned char _sha[ETH_ALEN], *shp;
26 struct sk_buff *skb = *pskb;
27 26
28 ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah); 27 ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah);
29 if (ap == NULL) 28 if (ap == NULL)
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c
index 9d74dee20ab0..74262e9a566a 100644
--- a/net/bridge/netfilter/ebt_dnat.c
+++ b/net/bridge/netfilter/ebt_dnat.c
@@ -14,16 +14,16 @@
14#include <linux/module.h> 14#include <linux/module.h>
15#include <net/sock.h> 15#include <net/sock.h>
16 16
17static int ebt_target_dnat(struct sk_buff **pskb, unsigned int hooknr, 17static int ebt_target_dnat(struct sk_buff *skb, unsigned int hooknr,
18 const struct net_device *in, const struct net_device *out, 18 const struct net_device *in, const struct net_device *out,
19 const void *data, unsigned int datalen) 19 const void *data, unsigned int datalen)
20{ 20{
21 struct ebt_nat_info *info = (struct ebt_nat_info *)data; 21 struct ebt_nat_info *info = (struct ebt_nat_info *)data;
22 22
23 if (skb_make_writable(*pskb, 0)) 23 if (skb_make_writable(skb, 0))
24 return NF_DROP; 24 return NF_DROP;
25 25
26 memcpy(eth_hdr(*pskb)->h_dest, info->mac, ETH_ALEN); 26 memcpy(eth_hdr(skb)->h_dest, info->mac, ETH_ALEN);
27 return info->target; 27 return info->target;
28} 28}
29 29
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c
index 62d23c7b25e6..6cba54309c09 100644
--- a/net/bridge/netfilter/ebt_mark.c
+++ b/net/bridge/netfilter/ebt_mark.c
@@ -17,7 +17,7 @@
17#include <linux/netfilter_bridge/ebt_mark_t.h> 17#include <linux/netfilter_bridge/ebt_mark_t.h>
18#include <linux/module.h> 18#include <linux/module.h>
19 19
20static int ebt_target_mark(struct sk_buff **pskb, unsigned int hooknr, 20static int ebt_target_mark(struct sk_buff *skb, unsigned int hooknr,
21 const struct net_device *in, const struct net_device *out, 21 const struct net_device *in, const struct net_device *out,
22 const void *data, unsigned int datalen) 22 const void *data, unsigned int datalen)
23{ 23{
@@ -25,13 +25,13 @@ static int ebt_target_mark(struct sk_buff **pskb, unsigned int hooknr,
25 int action = info->target & -16; 25 int action = info->target & -16;
26 26
27 if (action == MARK_SET_VALUE) 27 if (action == MARK_SET_VALUE)
28 (*pskb)->mark = info->mark; 28 skb->mark = info->mark;
29 else if (action == MARK_OR_VALUE) 29 else if (action == MARK_OR_VALUE)
30 (*pskb)->mark |= info->mark; 30 skb->mark |= info->mark;
31 else if (action == MARK_AND_VALUE) 31 else if (action == MARK_AND_VALUE)
32 (*pskb)->mark &= info->mark; 32 skb->mark &= info->mark;
33 else 33 else
34 (*pskb)->mark ^= info->mark; 34 skb->mark ^= info->mark;
35 35
36 return info->target | ~EBT_VERDICT_BITS; 36 return info->target | ~EBT_VERDICT_BITS;
37} 37}
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c
index 81371cd01bd0..422cb834cff9 100644
--- a/net/bridge/netfilter/ebt_redirect.c
+++ b/net/bridge/netfilter/ebt_redirect.c
@@ -15,21 +15,21 @@
15#include <net/sock.h> 15#include <net/sock.h>
16#include "../br_private.h" 16#include "../br_private.h"
17 17
18static int ebt_target_redirect(struct sk_buff **pskb, unsigned int hooknr, 18static int ebt_target_redirect(struct sk_buff *skb, unsigned int hooknr,
19 const struct net_device *in, const struct net_device *out, 19 const struct net_device *in, const struct net_device *out,
20 const void *data, unsigned int datalen) 20 const void *data, unsigned int datalen)
21{ 21{
22 struct ebt_redirect_info *info = (struct ebt_redirect_info *)data; 22 struct ebt_redirect_info *info = (struct ebt_redirect_info *)data;
23 23
24 if (skb_make_writable(*pskb, 0)) 24 if (skb_make_writable(skb, 0))
25 return NF_DROP; 25 return NF_DROP;
26 26
27 if (hooknr != NF_BR_BROUTING) 27 if (hooknr != NF_BR_BROUTING)
28 memcpy(eth_hdr(*pskb)->h_dest, 28 memcpy(eth_hdr(skb)->h_dest,
29 in->br_port->br->dev->dev_addr, ETH_ALEN); 29 in->br_port->br->dev->dev_addr, ETH_ALEN);
30 else 30 else
31 memcpy(eth_hdr(*pskb)->h_dest, in->dev_addr, ETH_ALEN); 31 memcpy(eth_hdr(skb)->h_dest, in->dev_addr, ETH_ALEN);
32 (*pskb)->pkt_type = PACKET_HOST; 32 skb->pkt_type = PACKET_HOST;
33 return info->target; 33 return info->target;
34} 34}
35 35
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c
index b0c63684e2f5..425ac920904d 100644
--- a/net/bridge/netfilter/ebt_snat.c
+++ b/net/bridge/netfilter/ebt_snat.c
@@ -16,26 +16,26 @@
16#include <linux/if_arp.h> 16#include <linux/if_arp.h>
17#include <net/arp.h> 17#include <net/arp.h>
18 18
19static int ebt_target_snat(struct sk_buff **pskb, unsigned int hooknr, 19static int ebt_target_snat(struct sk_buff *skb, unsigned int hooknr,
20 const struct net_device *in, const struct net_device *out, 20 const struct net_device *in, const struct net_device *out,
21 const void *data, unsigned int datalen) 21 const void *data, unsigned int datalen)
22{ 22{
23 struct ebt_nat_info *info = (struct ebt_nat_info *) data; 23 struct ebt_nat_info *info = (struct ebt_nat_info *) data;
24 24
25 if (skb_make_writable(*pskb, 0)) 25 if (skb_make_writable(skb, 0))
26 return NF_DROP; 26 return NF_DROP;
27 27
28 memcpy(eth_hdr(*pskb)->h_source, info->mac, ETH_ALEN); 28 memcpy(eth_hdr(skb)->h_source, info->mac, ETH_ALEN);
29 if (!(info->target & NAT_ARP_BIT) && 29 if (!(info->target & NAT_ARP_BIT) &&
30 eth_hdr(*pskb)->h_proto == htons(ETH_P_ARP)) { 30 eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) {
31 struct arphdr _ah, *ap; 31 struct arphdr _ah, *ap;
32 32
33 ap = skb_header_pointer(*pskb, 0, sizeof(_ah), &_ah); 33 ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah);
34 if (ap == NULL) 34 if (ap == NULL)
35 return EBT_DROP; 35 return EBT_DROP;
36 if (ap->ar_hln != ETH_ALEN) 36 if (ap->ar_hln != ETH_ALEN)
37 goto out; 37 goto out;
38 if (skb_store_bits(*pskb, sizeof(_ah), info->mac,ETH_ALEN)) 38 if (skb_store_bits(skb, sizeof(_ah), info->mac,ETH_ALEN))
39 return EBT_DROP; 39 return EBT_DROP;
40 } 40 }
41out: 41out:
diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c
index d37ce0478938..e44519ebf1d2 100644
--- a/net/bridge/netfilter/ebtable_broute.c
+++ b/net/bridge/netfilter/ebtable_broute.c
@@ -51,11 +51,11 @@ static struct ebt_table broute_table =
51 .me = THIS_MODULE, 51 .me = THIS_MODULE,
52}; 52};
53 53
54static int ebt_broute(struct sk_buff **pskb) 54static int ebt_broute(struct sk_buff *skb)
55{ 55{
56 int ret; 56 int ret;
57 57
58 ret = ebt_do_table(NF_BR_BROUTING, pskb, (*pskb)->dev, NULL, 58 ret = ebt_do_table(NF_BR_BROUTING, skb, skb->dev, NULL,
59 &broute_table); 59 &broute_table);
60 if (ret == NF_DROP) 60 if (ret == NF_DROP)
61 return 1; /* route it */ 61 return 1; /* route it */
diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c
index 81d84145c417..210493f99bc4 100644
--- a/net/bridge/netfilter/ebtable_filter.c
+++ b/net/bridge/netfilter/ebtable_filter.c
@@ -61,10 +61,10 @@ static struct ebt_table frame_filter =
61}; 61};
62 62
63static unsigned int 63static unsigned int
64ebt_hook (unsigned int hook, struct sk_buff **pskb, const struct net_device *in, 64ebt_hook(unsigned int hook, struct sk_buff *skb, const struct net_device *in,
65 const struct net_device *out, int (*okfn)(struct sk_buff *)) 65 const struct net_device *out, int (*okfn)(struct sk_buff *))
66{ 66{
67 return ebt_do_table(hook, pskb, in, out, &frame_filter); 67 return ebt_do_table(hook, skb, in, out, &frame_filter);
68} 68}
69 69
70static struct nf_hook_ops ebt_ops_filter[] = { 70static struct nf_hook_ops ebt_ops_filter[] = {
diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c
index 9c50488b62eb..3e58c2e5ee21 100644
--- a/net/bridge/netfilter/ebtable_nat.c
+++ b/net/bridge/netfilter/ebtable_nat.c
@@ -61,17 +61,17 @@ static struct ebt_table frame_nat =
61}; 61};
62 62
63static unsigned int 63static unsigned int
64ebt_nat_dst(unsigned int hook, struct sk_buff **pskb, const struct net_device *in 64ebt_nat_dst(unsigned int hook, struct sk_buff *skb, const struct net_device *in
65 , const struct net_device *out, int (*okfn)(struct sk_buff *)) 65 , const struct net_device *out, int (*okfn)(struct sk_buff *))
66{ 66{
67 return ebt_do_table(hook, pskb, in, out, &frame_nat); 67 return ebt_do_table(hook, skb, in, out, &frame_nat);
68} 68}
69 69
70static unsigned int 70static unsigned int
71ebt_nat_src(unsigned int hook, struct sk_buff **pskb, const struct net_device *in 71ebt_nat_src(unsigned int hook, struct sk_buff *skb, const struct net_device *in
72 , const struct net_device *out, int (*okfn)(struct sk_buff *)) 72 , const struct net_device *out, int (*okfn)(struct sk_buff *))
73{ 73{
74 return ebt_do_table(hook, pskb, in, out, &frame_nat); 74 return ebt_do_table(hook, skb, in, out, &frame_nat);
75} 75}
76 76
77static struct nf_hook_ops ebt_ops_nat[] = { 77static struct nf_hook_ops ebt_ops_nat[] = {
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 6018d0e51938..d5a09eaef915 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -142,7 +142,7 @@ static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h,
142} 142}
143 143
144/* Do some firewalling */ 144/* Do some firewalling */
145unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, 145unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
146 const struct net_device *in, const struct net_device *out, 146 const struct net_device *in, const struct net_device *out,
147 struct ebt_table *table) 147 struct ebt_table *table)
148{ 148{
@@ -172,19 +172,19 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
172 base = private->entries; 172 base = private->entries;
173 i = 0; 173 i = 0;
174 while (i < nentries) { 174 while (i < nentries) {
175 if (ebt_basic_match(point, eth_hdr(*pskb), in, out)) 175 if (ebt_basic_match(point, eth_hdr(skb), in, out))
176 goto letscontinue; 176 goto letscontinue;
177 177
178 if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0) 178 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, in, out) != 0)
179 goto letscontinue; 179 goto letscontinue;
180 180
181 /* increase counter */ 181 /* increase counter */
182 (*(counter_base + i)).pcnt++; 182 (*(counter_base + i)).pcnt++;
183 (*(counter_base + i)).bcnt+=(**pskb).len; 183 (*(counter_base + i)).bcnt += skb->len;
184 184
185 /* these should only watch: not modify, nor tell us 185 /* these should only watch: not modify, nor tell us
186 what to do with the packet */ 186 what to do with the packet */
187 EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in, 187 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, hook, in,
188 out); 188 out);
189 189
190 t = (struct ebt_entry_target *) 190 t = (struct ebt_entry_target *)
@@ -193,7 +193,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
193 if (!t->u.target->target) 193 if (!t->u.target->target)
194 verdict = ((struct ebt_standard_target *)t)->verdict; 194 verdict = ((struct ebt_standard_target *)t)->verdict;
195 else 195 else
196 verdict = t->u.target->target(pskb, hook, 196 verdict = t->u.target->target(skb, hook,
197 in, out, t->data, t->target_size); 197 in, out, t->data, t->target_size);
198 if (verdict == EBT_ACCEPT) { 198 if (verdict == EBT_ACCEPT) {
199 read_unlock_bh(&table->lock); 199 read_unlock_bh(&table->lock);
diff --git a/net/decnet/netfilter/dn_rtmsg.c b/net/decnet/netfilter/dn_rtmsg.c
index f7fba7721e63..43fcd29046d1 100644
--- a/net/decnet/netfilter/dn_rtmsg.c
+++ b/net/decnet/netfilter/dn_rtmsg.c
@@ -88,12 +88,12 @@ static void dnrmg_send_peer(struct sk_buff *skb)
88 88
89 89
90static unsigned int dnrmg_hook(unsigned int hook, 90static unsigned int dnrmg_hook(unsigned int hook,
91 struct sk_buff **pskb, 91 struct sk_buff *skb,
92 const struct net_device *in, 92 const struct net_device *in,
93 const struct net_device *out, 93 const struct net_device *out,
94 int (*okfn)(struct sk_buff *)) 94 int (*okfn)(struct sk_buff *))
95{ 95{
96 dnrmg_send_peer(*pskb); 96 dnrmg_send_peer(skb);
97 return NF_ACCEPT; 97 return NF_ACCEPT;
98} 98}
99 99
diff --git a/net/ipv4/ipvs/ip_vs_app.c b/net/ipv4/ipvs/ip_vs_app.c
index 8ca5f4806a63..664cb8e97c1c 100644
--- a/net/ipv4/ipvs/ip_vs_app.c
+++ b/net/ipv4/ipvs/ip_vs_app.c
@@ -329,18 +329,18 @@ static inline void vs_seq_update(struct ip_vs_conn *cp, struct ip_vs_seq *vseq,
329 spin_unlock(&cp->lock); 329 spin_unlock(&cp->lock);
330} 330}
331 331
332static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb, 332static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff *skb,
333 struct ip_vs_app *app) 333 struct ip_vs_app *app)
334{ 334{
335 int diff; 335 int diff;
336 const unsigned int tcp_offset = ip_hdrlen(*pskb); 336 const unsigned int tcp_offset = ip_hdrlen(skb);
337 struct tcphdr *th; 337 struct tcphdr *th;
338 __u32 seq; 338 __u32 seq;
339 339
340 if (!skb_make_writable(*pskb, tcp_offset + sizeof(*th))) 340 if (!skb_make_writable(skb, tcp_offset + sizeof(*th)))
341 return 0; 341 return 0;
342 342
343 th = (struct tcphdr *)(skb_network_header(*pskb) + tcp_offset); 343 th = (struct tcphdr *)(skb_network_header(skb) + tcp_offset);
344 344
345 /* 345 /*
346 * Remember seq number in case this pkt gets resized 346 * Remember seq number in case this pkt gets resized
@@ -361,7 +361,7 @@ static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb,
361 if (app->pkt_out == NULL) 361 if (app->pkt_out == NULL)
362 return 1; 362 return 1;
363 363
364 if (!app->pkt_out(app, cp, pskb, &diff)) 364 if (!app->pkt_out(app, cp, skb, &diff))
365 return 0; 365 return 0;
366 366
367 /* 367 /*
@@ -379,7 +379,7 @@ static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb,
379 * called by ipvs packet handler, assumes previously checked cp!=NULL 379 * called by ipvs packet handler, assumes previously checked cp!=NULL
380 * returns false if it can't handle packet (oom) 380 * returns false if it can't handle packet (oom)
381 */ 381 */
382int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb) 382int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff *skb)
383{ 383{
384 struct ip_vs_app *app; 384 struct ip_vs_app *app;
385 385
@@ -392,7 +392,7 @@ int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb)
392 392
393 /* TCP is complicated */ 393 /* TCP is complicated */
394 if (cp->protocol == IPPROTO_TCP) 394 if (cp->protocol == IPPROTO_TCP)
395 return app_tcp_pkt_out(cp, pskb, app); 395 return app_tcp_pkt_out(cp, skb, app);
396 396
397 /* 397 /*
398 * Call private output hook function 398 * Call private output hook function
@@ -400,22 +400,22 @@ int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb)
400 if (app->pkt_out == NULL) 400 if (app->pkt_out == NULL)
401 return 1; 401 return 1;
402 402
403 return app->pkt_out(app, cp, pskb, NULL); 403 return app->pkt_out(app, cp, skb, NULL);
404} 404}
405 405
406 406
407static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb, 407static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff *skb,
408 struct ip_vs_app *app) 408 struct ip_vs_app *app)
409{ 409{
410 int diff; 410 int diff;
411 const unsigned int tcp_offset = ip_hdrlen(*pskb); 411 const unsigned int tcp_offset = ip_hdrlen(skb);
412 struct tcphdr *th; 412 struct tcphdr *th;
413 __u32 seq; 413 __u32 seq;
414 414
415 if (!skb_make_writable(*pskb, tcp_offset + sizeof(*th))) 415 if (!skb_make_writable(skb, tcp_offset + sizeof(*th)))
416 return 0; 416 return 0;
417 417
418 th = (struct tcphdr *)(skb_network_header(*pskb) + tcp_offset); 418 th = (struct tcphdr *)(skb_network_header(skb) + tcp_offset);
419 419
420 /* 420 /*
421 * Remember seq number in case this pkt gets resized 421 * Remember seq number in case this pkt gets resized
@@ -436,7 +436,7 @@ static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb,
436 if (app->pkt_in == NULL) 436 if (app->pkt_in == NULL)
437 return 1; 437 return 1;
438 438
439 if (!app->pkt_in(app, cp, pskb, &diff)) 439 if (!app->pkt_in(app, cp, skb, &diff))
440 return 0; 440 return 0;
441 441
442 /* 442 /*
@@ -454,7 +454,7 @@ static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb,
454 * called by ipvs packet handler, assumes previously checked cp!=NULL. 454 * called by ipvs packet handler, assumes previously checked cp!=NULL.
455 * returns false if can't handle packet (oom). 455 * returns false if can't handle packet (oom).
456 */ 456 */
457int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb) 457int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff *skb)
458{ 458{
459 struct ip_vs_app *app; 459 struct ip_vs_app *app;
460 460
@@ -467,7 +467,7 @@ int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb)
467 467
468 /* TCP is complicated */ 468 /* TCP is complicated */
469 if (cp->protocol == IPPROTO_TCP) 469 if (cp->protocol == IPPROTO_TCP)
470 return app_tcp_pkt_in(cp, pskb, app); 470 return app_tcp_pkt_in(cp, skb, app);
471 471
472 /* 472 /*
473 * Call private input hook function 473 * Call private input hook function
@@ -475,7 +475,7 @@ int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb)
475 if (app->pkt_in == NULL) 475 if (app->pkt_in == NULL)
476 return 1; 476 return 1;
477 477
478 return app->pkt_in(app, cp, pskb, NULL); 478 return app->pkt_in(app, cp, skb, NULL);
479} 479}
480 480
481 481
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
index 09cac38580fe..c6ed7654e839 100644
--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -488,12 +488,12 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
488 * for VS/NAT. 488 * for VS/NAT.
489 */ 489 */
490static unsigned int ip_vs_post_routing(unsigned int hooknum, 490static unsigned int ip_vs_post_routing(unsigned int hooknum,
491 struct sk_buff **pskb, 491 struct sk_buff *skb,
492 const struct net_device *in, 492 const struct net_device *in,
493 const struct net_device *out, 493 const struct net_device *out,
494 int (*okfn)(struct sk_buff *)) 494 int (*okfn)(struct sk_buff *))
495{ 495{
496 if (!((*pskb)->ipvs_property)) 496 if (!skb->ipvs_property)
497 return NF_ACCEPT; 497 return NF_ACCEPT;
498 /* The packet was sent from IPVS, exit this chain */ 498 /* The packet was sent from IPVS, exit this chain */
499 return NF_STOP; 499 return NF_STOP;
@@ -569,9 +569,8 @@ void ip_vs_nat_icmp(struct sk_buff *skb, struct ip_vs_protocol *pp,
569 * Currently handles error types - unreachable, quench, ttl exceeded. 569 * Currently handles error types - unreachable, quench, ttl exceeded.
570 * (Only used in VS/NAT) 570 * (Only used in VS/NAT)
571 */ 571 */
572static int ip_vs_out_icmp(struct sk_buff **pskb, int *related) 572static int ip_vs_out_icmp(struct sk_buff *skb, int *related)
573{ 573{
574 struct sk_buff *skb = *pskb;
575 struct iphdr *iph; 574 struct iphdr *iph;
576 struct icmphdr _icmph, *ic; 575 struct icmphdr _icmph, *ic;
577 struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ 576 struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */
@@ -685,11 +684,10 @@ static inline int is_tcp_reset(const struct sk_buff *skb)
685 * rewrite addresses of the packet and send it on its way... 684 * rewrite addresses of the packet and send it on its way...
686 */ 685 */
687static unsigned int 686static unsigned int
688ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, 687ip_vs_out(unsigned int hooknum, struct sk_buff *skb,
689 const struct net_device *in, const struct net_device *out, 688 const struct net_device *in, const struct net_device *out,
690 int (*okfn)(struct sk_buff *)) 689 int (*okfn)(struct sk_buff *))
691{ 690{
692 struct sk_buff *skb = *pskb;
693 struct iphdr *iph; 691 struct iphdr *iph;
694 struct ip_vs_protocol *pp; 692 struct ip_vs_protocol *pp;
695 struct ip_vs_conn *cp; 693 struct ip_vs_conn *cp;
@@ -702,11 +700,10 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
702 700
703 iph = ip_hdr(skb); 701 iph = ip_hdr(skb);
704 if (unlikely(iph->protocol == IPPROTO_ICMP)) { 702 if (unlikely(iph->protocol == IPPROTO_ICMP)) {
705 int related, verdict = ip_vs_out_icmp(pskb, &related); 703 int related, verdict = ip_vs_out_icmp(skb, &related);
706 704
707 if (related) 705 if (related)
708 return verdict; 706 return verdict;
709 skb = *pskb;
710 iph = ip_hdr(skb); 707 iph = ip_hdr(skb);
711 } 708 }
712 709
@@ -765,9 +762,8 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
765 goto drop; 762 goto drop;
766 763
767 /* mangle the packet */ 764 /* mangle the packet */
768 if (pp->snat_handler && !pp->snat_handler(pskb, pp, cp)) 765 if (pp->snat_handler && !pp->snat_handler(skb, pp, cp))
769 goto drop; 766 goto drop;
770 skb = *pskb;
771 ip_hdr(skb)->saddr = cp->vaddr; 767 ip_hdr(skb)->saddr = cp->vaddr;
772 ip_send_check(ip_hdr(skb)); 768 ip_send_check(ip_hdr(skb));
773 769
@@ -777,9 +773,8 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
777 * if it came from this machine itself. So re-compute 773 * if it came from this machine itself. So re-compute
778 * the routing information. 774 * the routing information.
779 */ 775 */
780 if (ip_route_me_harder(pskb, RTN_LOCAL) != 0) 776 if (ip_route_me_harder(skb, RTN_LOCAL) != 0)
781 goto drop; 777 goto drop;
782 skb = *pskb;
783 778
784 IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT"); 779 IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT");
785 780
@@ -794,7 +789,7 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
794 789
795 drop: 790 drop:
796 ip_vs_conn_put(cp); 791 ip_vs_conn_put(cp);
797 kfree_skb(*pskb); 792 kfree_skb(skb);
798 return NF_STOLEN; 793 return NF_STOLEN;
799} 794}
800 795
@@ -806,9 +801,8 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
806 * Currently handles error types - unreachable, quench, ttl exceeded. 801 * Currently handles error types - unreachable, quench, ttl exceeded.
807 */ 802 */
808static int 803static int
809ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum) 804ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum)
810{ 805{
811 struct sk_buff *skb = *pskb;
812 struct iphdr *iph; 806 struct iphdr *iph;
813 struct icmphdr _icmph, *ic; 807 struct icmphdr _icmph, *ic;
814 struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ 808 struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */
@@ -901,11 +895,10 @@ ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum)
901 * and send it on its way... 895 * and send it on its way...
902 */ 896 */
903static unsigned int 897static unsigned int
904ip_vs_in(unsigned int hooknum, struct sk_buff **pskb, 898ip_vs_in(unsigned int hooknum, struct sk_buff *skb,
905 const struct net_device *in, const struct net_device *out, 899 const struct net_device *in, const struct net_device *out,
906 int (*okfn)(struct sk_buff *)) 900 int (*okfn)(struct sk_buff *))
907{ 901{
908 struct sk_buff *skb = *pskb;
909 struct iphdr *iph; 902 struct iphdr *iph;
910 struct ip_vs_protocol *pp; 903 struct ip_vs_protocol *pp;
911 struct ip_vs_conn *cp; 904 struct ip_vs_conn *cp;
@@ -927,11 +920,10 @@ ip_vs_in(unsigned int hooknum, struct sk_buff **pskb,
927 920
928 iph = ip_hdr(skb); 921 iph = ip_hdr(skb);
929 if (unlikely(iph->protocol == IPPROTO_ICMP)) { 922 if (unlikely(iph->protocol == IPPROTO_ICMP)) {
930 int related, verdict = ip_vs_in_icmp(pskb, &related, hooknum); 923 int related, verdict = ip_vs_in_icmp(skb, &related, hooknum);
931 924
932 if (related) 925 if (related)
933 return verdict; 926 return verdict;
934 skb = *pskb;
935 iph = ip_hdr(skb); 927 iph = ip_hdr(skb);
936 } 928 }
937 929
@@ -1012,16 +1004,16 @@ ip_vs_in(unsigned int hooknum, struct sk_buff **pskb,
1012 * and send them to ip_vs_in_icmp. 1004 * and send them to ip_vs_in_icmp.
1013 */ 1005 */
1014static unsigned int 1006static unsigned int
1015ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff **pskb, 1007ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff *skb,
1016 const struct net_device *in, const struct net_device *out, 1008 const struct net_device *in, const struct net_device *out,
1017 int (*okfn)(struct sk_buff *)) 1009 int (*okfn)(struct sk_buff *))
1018{ 1010{
1019 int r; 1011 int r;
1020 1012
1021 if (ip_hdr(*pskb)->protocol != IPPROTO_ICMP) 1013 if (ip_hdr(skb)->protocol != IPPROTO_ICMP)
1022 return NF_ACCEPT; 1014 return NF_ACCEPT;
1023 1015
1024 return ip_vs_in_icmp(pskb, &r, hooknum); 1016 return ip_vs_in_icmp(skb, &r, hooknum);
1025} 1017}
1026 1018
1027 1019
diff --git a/net/ipv4/ipvs/ip_vs_ftp.c b/net/ipv4/ipvs/ip_vs_ftp.c
index 4167d419b666..59aa166b7678 100644
--- a/net/ipv4/ipvs/ip_vs_ftp.c
+++ b/net/ipv4/ipvs/ip_vs_ftp.c
@@ -136,7 +136,7 @@ static int ip_vs_ftp_get_addrport(char *data, char *data_limit,
136 * xxx,xxx,xxx,xxx is the server address, ppp,ppp is the server port number. 136 * xxx,xxx,xxx,xxx is the server address, ppp,ppp is the server port number.
137 */ 137 */
138static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp, 138static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
139 struct sk_buff **pskb, int *diff) 139 struct sk_buff *skb, int *diff)
140{ 140{
141 struct iphdr *iph; 141 struct iphdr *iph;
142 struct tcphdr *th; 142 struct tcphdr *th;
@@ -156,14 +156,14 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
156 return 1; 156 return 1;
157 157
158 /* Linear packets are much easier to deal with. */ 158 /* Linear packets are much easier to deal with. */
159 if (!skb_make_writable(*pskb, (*pskb)->len)) 159 if (!skb_make_writable(skb, skb->len))
160 return 0; 160 return 0;
161 161
162 if (cp->app_data == &ip_vs_ftp_pasv) { 162 if (cp->app_data == &ip_vs_ftp_pasv) {
163 iph = ip_hdr(*pskb); 163 iph = ip_hdr(skb);
164 th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); 164 th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]);
165 data = (char *)th + (th->doff << 2); 165 data = (char *)th + (th->doff << 2);
166 data_limit = skb_tail_pointer(*pskb); 166 data_limit = skb_tail_pointer(skb);
167 167
168 if (ip_vs_ftp_get_addrport(data, data_limit, 168 if (ip_vs_ftp_get_addrport(data, data_limit,
169 SERVER_STRING, 169 SERVER_STRING,
@@ -214,7 +214,7 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
214 memcpy(start, buf, buf_len); 214 memcpy(start, buf, buf_len);
215 ret = 1; 215 ret = 1;
216 } else { 216 } else {
217 ret = !ip_vs_skb_replace(*pskb, GFP_ATOMIC, start, 217 ret = !ip_vs_skb_replace(skb, GFP_ATOMIC, start,
218 end-start, buf, buf_len); 218 end-start, buf, buf_len);
219 } 219 }
220 220
@@ -239,7 +239,7 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
239 * the client. 239 * the client.
240 */ 240 */
241static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp, 241static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp,
242 struct sk_buff **pskb, int *diff) 242 struct sk_buff *skb, int *diff)
243{ 243{
244 struct iphdr *iph; 244 struct iphdr *iph;
245 struct tcphdr *th; 245 struct tcphdr *th;
@@ -257,20 +257,20 @@ static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp,
257 return 1; 257 return 1;
258 258
259 /* Linear packets are much easier to deal with. */ 259 /* Linear packets are much easier to deal with. */
260 if (!skb_make_writable(*pskb, (*pskb)->len)) 260 if (!skb_make_writable(skb, skb->len))
261 return 0; 261 return 0;
262 262
263 /* 263 /*
264 * Detecting whether it is passive 264 * Detecting whether it is passive
265 */ 265 */
266 iph = ip_hdr(*pskb); 266 iph = ip_hdr(skb);
267 th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); 267 th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]);
268 268
269 /* Since there may be OPTIONS in the TCP packet and the HLEN is 269 /* Since there may be OPTIONS in the TCP packet and the HLEN is
270 the length of the header in 32-bit multiples, it is accurate 270 the length of the header in 32-bit multiples, it is accurate
271 to calculate data address by th+HLEN*4 */ 271 to calculate data address by th+HLEN*4 */
272 data = data_start = (char *)th + (th->doff << 2); 272 data = data_start = (char *)th + (th->doff << 2);
273 data_limit = skb_tail_pointer(*pskb); 273 data_limit = skb_tail_pointer(skb);
274 274
275 while (data <= data_limit - 6) { 275 while (data <= data_limit - 6) {
276 if (strnicmp(data, "PASV\r\n", 6) == 0) { 276 if (strnicmp(data, "PASV\r\n", 6) == 0) {
diff --git a/net/ipv4/ipvs/ip_vs_proto_tcp.c b/net/ipv4/ipvs/ip_vs_proto_tcp.c
index b65b1a352ba3..12dc0d640b6d 100644
--- a/net/ipv4/ipvs/ip_vs_proto_tcp.c
+++ b/net/ipv4/ipvs/ip_vs_proto_tcp.c
@@ -123,27 +123,27 @@ tcp_fast_csum_update(struct tcphdr *tcph, __be32 oldip, __be32 newip,
123 123
124 124
125static int 125static int
126tcp_snat_handler(struct sk_buff **pskb, 126tcp_snat_handler(struct sk_buff *skb,
127 struct ip_vs_protocol *pp, struct ip_vs_conn *cp) 127 struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
128{ 128{
129 struct tcphdr *tcph; 129 struct tcphdr *tcph;
130 const unsigned int tcphoff = ip_hdrlen(*pskb); 130 const unsigned int tcphoff = ip_hdrlen(skb);
131 131
132 /* csum_check requires unshared skb */ 132 /* csum_check requires unshared skb */
133 if (!skb_make_writable(*pskb, tcphoff+sizeof(*tcph))) 133 if (!skb_make_writable(skb, tcphoff+sizeof(*tcph)))
134 return 0; 134 return 0;
135 135
136 if (unlikely(cp->app != NULL)) { 136 if (unlikely(cp->app != NULL)) {
137 /* Some checks before mangling */ 137 /* Some checks before mangling */
138 if (pp->csum_check && !pp->csum_check(*pskb, pp)) 138 if (pp->csum_check && !pp->csum_check(skb, pp))
139 return 0; 139 return 0;
140 140
141 /* Call application helper if needed */ 141 /* Call application helper if needed */
142 if (!ip_vs_app_pkt_out(cp, pskb)) 142 if (!ip_vs_app_pkt_out(cp, skb))
143 return 0; 143 return 0;
144 } 144 }
145 145
146 tcph = (void *)ip_hdr(*pskb) + tcphoff; 146 tcph = (void *)ip_hdr(skb) + tcphoff;
147 tcph->source = cp->vport; 147 tcph->source = cp->vport;
148 148
149 /* Adjust TCP checksums */ 149 /* Adjust TCP checksums */
@@ -151,17 +151,15 @@ tcp_snat_handler(struct sk_buff **pskb,
151 /* Only port and addr are changed, do fast csum update */ 151 /* Only port and addr are changed, do fast csum update */
152 tcp_fast_csum_update(tcph, cp->daddr, cp->vaddr, 152 tcp_fast_csum_update(tcph, cp->daddr, cp->vaddr,
153 cp->dport, cp->vport); 153 cp->dport, cp->vport);
154 if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) 154 if (skb->ip_summed == CHECKSUM_COMPLETE)
155 (*pskb)->ip_summed = CHECKSUM_NONE; 155 skb->ip_summed = CHECKSUM_NONE;
156 } else { 156 } else {
157 /* full checksum calculation */ 157 /* full checksum calculation */
158 tcph->check = 0; 158 tcph->check = 0;
159 (*pskb)->csum = skb_checksum(*pskb, tcphoff, 159 skb->csum = skb_checksum(skb, tcphoff, skb->len - tcphoff, 0);
160 (*pskb)->len - tcphoff, 0);
161 tcph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr, 160 tcph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr,
162 (*pskb)->len - tcphoff, 161 skb->len - tcphoff,
163 cp->protocol, 162 cp->protocol, skb->csum);
164 (*pskb)->csum);
165 IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n", 163 IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n",
166 pp->name, tcph->check, 164 pp->name, tcph->check,
167 (char*)&(tcph->check) - (char*)tcph); 165 (char*)&(tcph->check) - (char*)tcph);
@@ -171,30 +169,30 @@ tcp_snat_handler(struct sk_buff **pskb,
171 169
172 170
173static int 171static int
174tcp_dnat_handler(struct sk_buff **pskb, 172tcp_dnat_handler(struct sk_buff *skb,
175 struct ip_vs_protocol *pp, struct ip_vs_conn *cp) 173 struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
176{ 174{
177 struct tcphdr *tcph; 175 struct tcphdr *tcph;
178 const unsigned int tcphoff = ip_hdrlen(*pskb); 176 const unsigned int tcphoff = ip_hdrlen(skb);
179 177
180 /* csum_check requires unshared skb */ 178 /* csum_check requires unshared skb */
181 if (!skb_make_writable(*pskb, tcphoff+sizeof(*tcph))) 179 if (!skb_make_writable(skb, tcphoff+sizeof(*tcph)))
182 return 0; 180 return 0;
183 181
184 if (unlikely(cp->app != NULL)) { 182 if (unlikely(cp->app != NULL)) {
185 /* Some checks before mangling */ 183 /* Some checks before mangling */
186 if (pp->csum_check && !pp->csum_check(*pskb, pp)) 184 if (pp->csum_check && !pp->csum_check(skb, pp))
187 return 0; 185 return 0;
188 186
189 /* 187 /*
190 * Attempt ip_vs_app call. 188 * Attempt ip_vs_app call.
191 * It will fix ip_vs_conn and iph ack_seq stuff 189 * It will fix ip_vs_conn and iph ack_seq stuff
192 */ 190 */
193 if (!ip_vs_app_pkt_in(cp, pskb)) 191 if (!ip_vs_app_pkt_in(cp, skb))
194 return 0; 192 return 0;
195 } 193 }
196 194
197 tcph = (void *)ip_hdr(*pskb) + tcphoff; 195 tcph = (void *)ip_hdr(skb) + tcphoff;
198 tcph->dest = cp->dport; 196 tcph->dest = cp->dport;
199 197
200 /* 198 /*
@@ -204,18 +202,16 @@ tcp_dnat_handler(struct sk_buff **pskb,
204 /* Only port and addr are changed, do fast csum update */ 202 /* Only port and addr are changed, do fast csum update */
205 tcp_fast_csum_update(tcph, cp->vaddr, cp->daddr, 203 tcp_fast_csum_update(tcph, cp->vaddr, cp->daddr,
206 cp->vport, cp->dport); 204 cp->vport, cp->dport);
207 if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) 205 if (skb->ip_summed == CHECKSUM_COMPLETE)
208 (*pskb)->ip_summed = CHECKSUM_NONE; 206 skb->ip_summed = CHECKSUM_NONE;
209 } else { 207 } else {
210 /* full checksum calculation */ 208 /* full checksum calculation */
211 tcph->check = 0; 209 tcph->check = 0;
212 (*pskb)->csum = skb_checksum(*pskb, tcphoff, 210 skb->csum = skb_checksum(skb, tcphoff, skb->len - tcphoff, 0);
213 (*pskb)->len - tcphoff, 0);
214 tcph->check = csum_tcpudp_magic(cp->caddr, cp->daddr, 211 tcph->check = csum_tcpudp_magic(cp->caddr, cp->daddr,
215 (*pskb)->len - tcphoff, 212 skb->len - tcphoff,
216 cp->protocol, 213 cp->protocol, skb->csum);
217 (*pskb)->csum); 214 skb->ip_summed = CHECKSUM_UNNECESSARY;
218 (*pskb)->ip_summed = CHECKSUM_UNNECESSARY;
219 } 215 }
220 return 1; 216 return 1;
221} 217}
diff --git a/net/ipv4/ipvs/ip_vs_proto_udp.c b/net/ipv4/ipvs/ip_vs_proto_udp.c
index c70aa40e2c9d..1fa7b330b9ac 100644
--- a/net/ipv4/ipvs/ip_vs_proto_udp.c
+++ b/net/ipv4/ipvs/ip_vs_proto_udp.c
@@ -130,29 +130,29 @@ udp_fast_csum_update(struct udphdr *uhdr, __be32 oldip, __be32 newip,
130} 130}
131 131
132static int 132static int
133udp_snat_handler(struct sk_buff **pskb, 133udp_snat_handler(struct sk_buff *skb,
134 struct ip_vs_protocol *pp, struct ip_vs_conn *cp) 134 struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
135{ 135{
136 struct udphdr *udph; 136 struct udphdr *udph;
137 const unsigned int udphoff = ip_hdrlen(*pskb); 137 const unsigned int udphoff = ip_hdrlen(skb);
138 138
139 /* csum_check requires unshared skb */ 139 /* csum_check requires unshared skb */
140 if (!skb_make_writable(*pskb, udphoff+sizeof(*udph))) 140 if (!skb_make_writable(skb, udphoff+sizeof(*udph)))
141 return 0; 141 return 0;
142 142
143 if (unlikely(cp->app != NULL)) { 143 if (unlikely(cp->app != NULL)) {
144 /* Some checks before mangling */ 144 /* Some checks before mangling */
145 if (pp->csum_check && !pp->csum_check(*pskb, pp)) 145 if (pp->csum_check && !pp->csum_check(skb, pp))
146 return 0; 146 return 0;
147 147
148 /* 148 /*
149 * Call application helper if needed 149 * Call application helper if needed
150 */ 150 */
151 if (!ip_vs_app_pkt_out(cp, pskb)) 151 if (!ip_vs_app_pkt_out(cp, skb))
152 return 0; 152 return 0;
153 } 153 }
154 154
155 udph = (void *)ip_hdr(*pskb) + udphoff; 155 udph = (void *)ip_hdr(skb) + udphoff;
156 udph->source = cp->vport; 156 udph->source = cp->vport;
157 157
158 /* 158 /*
@@ -162,17 +162,15 @@ udp_snat_handler(struct sk_buff **pskb,
162 /* Only port and addr are changed, do fast csum update */ 162 /* Only port and addr are changed, do fast csum update */
163 udp_fast_csum_update(udph, cp->daddr, cp->vaddr, 163 udp_fast_csum_update(udph, cp->daddr, cp->vaddr,
164 cp->dport, cp->vport); 164 cp->dport, cp->vport);
165 if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) 165 if (skb->ip_summed == CHECKSUM_COMPLETE)
166 (*pskb)->ip_summed = CHECKSUM_NONE; 166 skb->ip_summed = CHECKSUM_NONE;
167 } else { 167 } else {
168 /* full checksum calculation */ 168 /* full checksum calculation */
169 udph->check = 0; 169 udph->check = 0;
170 (*pskb)->csum = skb_checksum(*pskb, udphoff, 170 skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0);
171 (*pskb)->len - udphoff, 0);
172 udph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr, 171 udph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr,
173 (*pskb)->len - udphoff, 172 skb->len - udphoff,
174 cp->protocol, 173 cp->protocol, skb->csum);
175 (*pskb)->csum);
176 if (udph->check == 0) 174 if (udph->check == 0)
177 udph->check = CSUM_MANGLED_0; 175 udph->check = CSUM_MANGLED_0;
178 IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n", 176 IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n",
@@ -184,30 +182,30 @@ udp_snat_handler(struct sk_buff **pskb,
184 182
185 183
186static int 184static int
187udp_dnat_handler(struct sk_buff **pskb, 185udp_dnat_handler(struct sk_buff *skb,
188 struct ip_vs_protocol *pp, struct ip_vs_conn *cp) 186 struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
189{ 187{
190 struct udphdr *udph; 188 struct udphdr *udph;
191 unsigned int udphoff = ip_hdrlen(*pskb); 189 unsigned int udphoff = ip_hdrlen(skb);
192 190
193 /* csum_check requires unshared skb */ 191 /* csum_check requires unshared skb */
194 if (!skb_make_writable(*pskb, udphoff+sizeof(*udph))) 192 if (!skb_make_writable(skb, udphoff+sizeof(*udph)))
195 return 0; 193 return 0;
196 194
197 if (unlikely(cp->app != NULL)) { 195 if (unlikely(cp->app != NULL)) {
198 /* Some checks before mangling */ 196 /* Some checks before mangling */
199 if (pp->csum_check && !pp->csum_check(*pskb, pp)) 197 if (pp->csum_check && !pp->csum_check(skb, pp))
200 return 0; 198 return 0;
201 199
202 /* 200 /*
203 * Attempt ip_vs_app call. 201 * Attempt ip_vs_app call.
204 * It will fix ip_vs_conn 202 * It will fix ip_vs_conn
205 */ 203 */
206 if (!ip_vs_app_pkt_in(cp, pskb)) 204 if (!ip_vs_app_pkt_in(cp, skb))
207 return 0; 205 return 0;
208 } 206 }
209 207
210 udph = (void *)ip_hdr(*pskb) + udphoff; 208 udph = (void *)ip_hdr(skb) + udphoff;
211 udph->dest = cp->dport; 209 udph->dest = cp->dport;
212 210
213 /* 211 /*
@@ -217,20 +215,18 @@ udp_dnat_handler(struct sk_buff **pskb,
217 /* Only port and addr are changed, do fast csum update */ 215 /* Only port and addr are changed, do fast csum update */
218 udp_fast_csum_update(udph, cp->vaddr, cp->daddr, 216 udp_fast_csum_update(udph, cp->vaddr, cp->daddr,
219 cp->vport, cp->dport); 217 cp->vport, cp->dport);
220 if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) 218 if (skb->ip_summed == CHECKSUM_COMPLETE)
221 (*pskb)->ip_summed = CHECKSUM_NONE; 219 skb->ip_summed = CHECKSUM_NONE;
222 } else { 220 } else {
223 /* full checksum calculation */ 221 /* full checksum calculation */
224 udph->check = 0; 222 udph->check = 0;
225 (*pskb)->csum = skb_checksum(*pskb, udphoff, 223 skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0);
226 (*pskb)->len - udphoff, 0);
227 udph->check = csum_tcpudp_magic(cp->caddr, cp->daddr, 224 udph->check = csum_tcpudp_magic(cp->caddr, cp->daddr,
228 (*pskb)->len - udphoff, 225 skb->len - udphoff,
229 cp->protocol, 226 cp->protocol, skb->csum);
230 (*pskb)->csum);
231 if (udph->check == 0) 227 if (udph->check == 0)
232 udph->check = CSUM_MANGLED_0; 228 udph->check = CSUM_MANGLED_0;
233 (*pskb)->ip_summed = CHECKSUM_UNNECESSARY; 229 skb->ip_summed = CHECKSUM_UNNECESSARY;
234 } 230 }
235 return 1; 231 return 1;
236} 232}
diff --git a/net/ipv4/ipvs/ip_vs_xmit.c b/net/ipv4/ipvs/ip_vs_xmit.c
index afd90d4d7399..d0a92dec1050 100644
--- a/net/ipv4/ipvs/ip_vs_xmit.c
+++ b/net/ipv4/ipvs/ip_vs_xmit.c
@@ -264,7 +264,7 @@ ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
264 skb->dst = &rt->u.dst; 264 skb->dst = &rt->u.dst;
265 265
266 /* mangle the packet */ 266 /* mangle the packet */
267 if (pp->dnat_handler && !pp->dnat_handler(&skb, pp, cp)) 267 if (pp->dnat_handler && !pp->dnat_handler(skb, pp, cp))
268 goto tx_error; 268 goto tx_error;
269 ip_hdr(skb)->daddr = cp->daddr; 269 ip_hdr(skb)->daddr = cp->daddr;
270 ip_send_check(ip_hdr(skb)); 270 ip_send_check(ip_hdr(skb));
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index d1e3012d891f..5539debf4973 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -9,9 +9,9 @@
9#include <net/ip.h> 9#include <net/ip.h>
10 10
11/* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */ 11/* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */
12int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type) 12int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
13{ 13{
14 const struct iphdr *iph = ip_hdr(*pskb); 14 const struct iphdr *iph = ip_hdr(skb);
15 struct rtable *rt; 15 struct rtable *rt;
16 struct flowi fl = {}; 16 struct flowi fl = {};
17 struct dst_entry *odst; 17 struct dst_entry *odst;
@@ -30,14 +30,14 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type)
30 if (type == RTN_LOCAL) 30 if (type == RTN_LOCAL)
31 fl.nl_u.ip4_u.saddr = iph->saddr; 31 fl.nl_u.ip4_u.saddr = iph->saddr;
32 fl.nl_u.ip4_u.tos = RT_TOS(iph->tos); 32 fl.nl_u.ip4_u.tos = RT_TOS(iph->tos);
33 fl.oif = (*pskb)->sk ? (*pskb)->sk->sk_bound_dev_if : 0; 33 fl.oif = skb->sk ? skb->sk->sk_bound_dev_if : 0;
34 fl.mark = (*pskb)->mark; 34 fl.mark = skb->mark;
35 if (ip_route_output_key(&rt, &fl) != 0) 35 if (ip_route_output_key(&rt, &fl) != 0)
36 return -1; 36 return -1;
37 37
38 /* Drop old route. */ 38 /* Drop old route. */
39 dst_release((*pskb)->dst); 39 dst_release(skb->dst);
40 (*pskb)->dst = &rt->u.dst; 40 skb->dst = &rt->u.dst;
41 } else { 41 } else {
42 /* non-local src, find valid iif to satisfy 42 /* non-local src, find valid iif to satisfy
43 * rp-filter when calling ip_route_input. */ 43 * rp-filter when calling ip_route_input. */
@@ -45,8 +45,8 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type)
45 if (ip_route_output_key(&rt, &fl) != 0) 45 if (ip_route_output_key(&rt, &fl) != 0)
46 return -1; 46 return -1;
47 47
48 odst = (*pskb)->dst; 48 odst = skb->dst;
49 if (ip_route_input(*pskb, iph->daddr, iph->saddr, 49 if (ip_route_input(skb, iph->daddr, iph->saddr,
50 RT_TOS(iph->tos), rt->u.dst.dev) != 0) { 50 RT_TOS(iph->tos), rt->u.dst.dev) != 0) {
51 dst_release(&rt->u.dst); 51 dst_release(&rt->u.dst);
52 return -1; 52 return -1;
@@ -55,21 +55,20 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type)
55 dst_release(odst); 55 dst_release(odst);
56 } 56 }
57 57
58 if ((*pskb)->dst->error) 58 if (skb->dst->error)
59 return -1; 59 return -1;
60 60
61#ifdef CONFIG_XFRM 61#ifdef CONFIG_XFRM
62 if (!(IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED) && 62 if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) &&
63 xfrm_decode_session(*pskb, &fl, AF_INET) == 0) 63 xfrm_decode_session(skb, &fl, AF_INET) == 0)
64 if (xfrm_lookup(&(*pskb)->dst, &fl, (*pskb)->sk, 0)) 64 if (xfrm_lookup(&skb->dst, &fl, skb->sk, 0))
65 return -1; 65 return -1;
66#endif 66#endif
67 67
68 /* Change in oif may mean change in hh_len. */ 68 /* Change in oif may mean change in hh_len. */
69 hh_len = (*pskb)->dst->dev->hard_header_len; 69 hh_len = skb->dst->dev->hard_header_len;
70 if (skb_headroom(*pskb) < hh_len && 70 if (skb_headroom(skb) < hh_len &&
71 pskb_expand_head(*pskb, hh_len - skb_headroom(*pskb), 0, 71 pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC))
72 GFP_ATOMIC))
73 return -1; 72 return -1;
74 73
75 return 0; 74 return 0;
@@ -77,33 +76,32 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type)
77EXPORT_SYMBOL(ip_route_me_harder); 76EXPORT_SYMBOL(ip_route_me_harder);
78 77
79#ifdef CONFIG_XFRM 78#ifdef CONFIG_XFRM
80int ip_xfrm_me_harder(struct sk_buff **pskb) 79int ip_xfrm_me_harder(struct sk_buff *skb)
81{ 80{
82 struct flowi fl; 81 struct flowi fl;
83 unsigned int hh_len; 82 unsigned int hh_len;
84 struct dst_entry *dst; 83 struct dst_entry *dst;
85 84
86 if (IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED) 85 if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED)
87 return 0; 86 return 0;
88 if (xfrm_decode_session(*pskb, &fl, AF_INET) < 0) 87 if (xfrm_decode_session(skb, &fl, AF_INET) < 0)
89 return -1; 88 return -1;
90 89
91 dst = (*pskb)->dst; 90 dst = skb->dst;
92 if (dst->xfrm) 91 if (dst->xfrm)
93 dst = ((struct xfrm_dst *)dst)->route; 92 dst = ((struct xfrm_dst *)dst)->route;
94 dst_hold(dst); 93 dst_hold(dst);
95 94
96 if (xfrm_lookup(&dst, &fl, (*pskb)->sk, 0) < 0) 95 if (xfrm_lookup(&dst, &fl, skb->sk, 0) < 0)
97 return -1; 96 return -1;
98 97
99 dst_release((*pskb)->dst); 98 dst_release(skb->dst);
100 (*pskb)->dst = dst; 99 skb->dst = dst;
101 100
102 /* Change in oif may mean change in hh_len. */ 101 /* Change in oif may mean change in hh_len. */
103 hh_len = (*pskb)->dst->dev->hard_header_len; 102 hh_len = skb->dst->dev->hard_header_len;
104 if (skb_headroom(*pskb) < hh_len && 103 if (skb_headroom(skb) < hh_len &&
105 pskb_expand_head(*pskb, hh_len - skb_headroom(*pskb), 0, 104 pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC))
106 GFP_ATOMIC))
107 return -1; 105 return -1;
108 return 0; 106 return 0;
109} 107}
@@ -137,17 +135,17 @@ static void nf_ip_saveroute(const struct sk_buff *skb, struct nf_info *info)
137 } 135 }
138} 136}
139 137
140static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info) 138static int nf_ip_reroute(struct sk_buff *skb, const struct nf_info *info)
141{ 139{
142 const struct ip_rt_info *rt_info = nf_info_reroute(info); 140 const struct ip_rt_info *rt_info = nf_info_reroute(info);
143 141
144 if (info->hook == NF_IP_LOCAL_OUT) { 142 if (info->hook == NF_IP_LOCAL_OUT) {
145 const struct iphdr *iph = ip_hdr(*pskb); 143 const struct iphdr *iph = ip_hdr(skb);
146 144
147 if (!(iph->tos == rt_info->tos 145 if (!(iph->tos == rt_info->tos
148 && iph->daddr == rt_info->daddr 146 && iph->daddr == rt_info->daddr
149 && iph->saddr == rt_info->saddr)) 147 && iph->saddr == rt_info->saddr))
150 return ip_route_me_harder(pskb, RTN_UNSPEC); 148 return ip_route_me_harder(skb, RTN_UNSPEC);
151 } 149 }
152 return 0; 150 return 0;
153} 151}
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 29114a9ccd1d..2909c92ecd99 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -197,7 +197,7 @@ static inline int arp_checkentry(const struct arpt_arp *arp)
197 return 1; 197 return 1;
198} 198}
199 199
200static unsigned int arpt_error(struct sk_buff **pskb, 200static unsigned int arpt_error(struct sk_buff *skb,
201 const struct net_device *in, 201 const struct net_device *in,
202 const struct net_device *out, 202 const struct net_device *out,
203 unsigned int hooknum, 203 unsigned int hooknum,
@@ -215,7 +215,7 @@ static inline struct arpt_entry *get_entry(void *base, unsigned int offset)
215 return (struct arpt_entry *)(base + offset); 215 return (struct arpt_entry *)(base + offset);
216} 216}
217 217
218unsigned int arpt_do_table(struct sk_buff **pskb, 218unsigned int arpt_do_table(struct sk_buff *skb,
219 unsigned int hook, 219 unsigned int hook,
220 const struct net_device *in, 220 const struct net_device *in,
221 const struct net_device *out, 221 const struct net_device *out,
@@ -231,9 +231,9 @@ unsigned int arpt_do_table(struct sk_buff **pskb,
231 struct xt_table_info *private; 231 struct xt_table_info *private;
232 232
233 /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ 233 /* ARP header, plus 2 device addresses, plus 2 IP addresses. */
234 if (!pskb_may_pull((*pskb), (sizeof(struct arphdr) + 234 if (!pskb_may_pull(skb, (sizeof(struct arphdr) +
235 (2 * (*pskb)->dev->addr_len) + 235 (2 * skb->dev->addr_len) +
236 (2 * sizeof(u32))))) 236 (2 * sizeof(u32)))))
237 return NF_DROP; 237 return NF_DROP;
238 238
239 indev = in ? in->name : nulldevname; 239 indev = in ? in->name : nulldevname;
@@ -245,14 +245,14 @@ unsigned int arpt_do_table(struct sk_buff **pskb,
245 e = get_entry(table_base, private->hook_entry[hook]); 245 e = get_entry(table_base, private->hook_entry[hook]);
246 back = get_entry(table_base, private->underflow[hook]); 246 back = get_entry(table_base, private->underflow[hook]);
247 247
248 arp = arp_hdr(*pskb); 248 arp = arp_hdr(skb);
249 do { 249 do {
250 if (arp_packet_match(arp, (*pskb)->dev, indev, outdev, &e->arp)) { 250 if (arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) {
251 struct arpt_entry_target *t; 251 struct arpt_entry_target *t;
252 int hdr_len; 252 int hdr_len;
253 253
254 hdr_len = sizeof(*arp) + (2 * sizeof(struct in_addr)) + 254 hdr_len = sizeof(*arp) + (2 * sizeof(struct in_addr)) +
255 (2 * (*pskb)->dev->addr_len); 255 (2 * skb->dev->addr_len);
256 ADD_COUNTER(e->counters, hdr_len, 1); 256 ADD_COUNTER(e->counters, hdr_len, 1);
257 257
258 t = arpt_get_target(e); 258 t = arpt_get_target(e);
@@ -290,14 +290,14 @@ unsigned int arpt_do_table(struct sk_buff **pskb,
290 /* Targets which reenter must return 290 /* Targets which reenter must return
291 * abs. verdicts 291 * abs. verdicts
292 */ 292 */
293 verdict = t->u.kernel.target->target(pskb, 293 verdict = t->u.kernel.target->target(skb,
294 in, out, 294 in, out,
295 hook, 295 hook,
296 t->u.kernel.target, 296 t->u.kernel.target,
297 t->data); 297 t->data);
298 298
299 /* Target might have changed stuff. */ 299 /* Target might have changed stuff. */
300 arp = arp_hdr(*pskb); 300 arp = arp_hdr(skb);
301 301
302 if (verdict == ARPT_CONTINUE) 302 if (verdict == ARPT_CONTINUE)
303 e = (void *)e + e->next_offset; 303 e = (void *)e + e->next_offset;
diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c
index 0181f919a79c..45fa4e20094a 100644
--- a/net/ipv4/netfilter/arpt_mangle.c
+++ b/net/ipv4/netfilter/arpt_mangle.c
@@ -9,7 +9,7 @@ MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>");
9MODULE_DESCRIPTION("arptables arp payload mangle target"); 9MODULE_DESCRIPTION("arptables arp payload mangle target");
10 10
11static unsigned int 11static unsigned int
12target(struct sk_buff **pskb, 12target(struct sk_buff *skb,
13 const struct net_device *in, const struct net_device *out, 13 const struct net_device *in, const struct net_device *out,
14 unsigned int hooknum, const struct xt_target *target, 14 unsigned int hooknum, const struct xt_target *target,
15 const void *targinfo) 15 const void *targinfo)
@@ -19,38 +19,38 @@ target(struct sk_buff **pskb,
19 unsigned char *arpptr; 19 unsigned char *arpptr;
20 int pln, hln; 20 int pln, hln;
21 21
22 if (skb_make_writable(*pskb, (*pskb)->len)) 22 if (skb_make_writable(skb, skb->len))
23 return NF_DROP; 23 return NF_DROP;
24 24
25 arp = arp_hdr(*pskb); 25 arp = arp_hdr(skb);
26 arpptr = skb_network_header(*pskb) + sizeof(*arp); 26 arpptr = skb_network_header(skb) + sizeof(*arp);
27 pln = arp->ar_pln; 27 pln = arp->ar_pln;
28 hln = arp->ar_hln; 28 hln = arp->ar_hln;
29 /* We assume that pln and hln were checked in the match */ 29 /* We assume that pln and hln were checked in the match */
30 if (mangle->flags & ARPT_MANGLE_SDEV) { 30 if (mangle->flags & ARPT_MANGLE_SDEV) {
31 if (ARPT_DEV_ADDR_LEN_MAX < hln || 31 if (ARPT_DEV_ADDR_LEN_MAX < hln ||
32 (arpptr + hln > skb_tail_pointer(*pskb))) 32 (arpptr + hln > skb_tail_pointer(skb)))
33 return NF_DROP; 33 return NF_DROP;
34 memcpy(arpptr, mangle->src_devaddr, hln); 34 memcpy(arpptr, mangle->src_devaddr, hln);
35 } 35 }
36 arpptr += hln; 36 arpptr += hln;
37 if (mangle->flags & ARPT_MANGLE_SIP) { 37 if (mangle->flags & ARPT_MANGLE_SIP) {
38 if (ARPT_MANGLE_ADDR_LEN_MAX < pln || 38 if (ARPT_MANGLE_ADDR_LEN_MAX < pln ||
39 (arpptr + pln > skb_tail_pointer(*pskb))) 39 (arpptr + pln > skb_tail_pointer(skb)))
40 return NF_DROP; 40 return NF_DROP;
41 memcpy(arpptr, &mangle->u_s.src_ip, pln); 41 memcpy(arpptr, &mangle->u_s.src_ip, pln);
42 } 42 }
43 arpptr += pln; 43 arpptr += pln;
44 if (mangle->flags & ARPT_MANGLE_TDEV) { 44 if (mangle->flags & ARPT_MANGLE_TDEV) {
45 if (ARPT_DEV_ADDR_LEN_MAX < hln || 45 if (ARPT_DEV_ADDR_LEN_MAX < hln ||
46 (arpptr + hln > skb_tail_pointer(*pskb))) 46 (arpptr + hln > skb_tail_pointer(skb)))
47 return NF_DROP; 47 return NF_DROP;
48 memcpy(arpptr, mangle->tgt_devaddr, hln); 48 memcpy(arpptr, mangle->tgt_devaddr, hln);
49 } 49 }
50 arpptr += hln; 50 arpptr += hln;
51 if (mangle->flags & ARPT_MANGLE_TIP) { 51 if (mangle->flags & ARPT_MANGLE_TIP) {
52 if (ARPT_MANGLE_ADDR_LEN_MAX < pln || 52 if (ARPT_MANGLE_ADDR_LEN_MAX < pln ||
53 (arpptr + pln > skb_tail_pointer(*pskb))) 53 (arpptr + pln > skb_tail_pointer(skb)))
54 return NF_DROP; 54 return NF_DROP;
55 memcpy(arpptr, &mangle->u_t.tgt_ip, pln); 55 memcpy(arpptr, &mangle->u_t.tgt_ip, pln);
56 } 56 }
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c
index 75c023062533..302d3da5f696 100644
--- a/net/ipv4/netfilter/arptable_filter.c
+++ b/net/ipv4/netfilter/arptable_filter.c
@@ -56,12 +56,12 @@ static struct arpt_table packet_filter = {
56 56
57/* The work comes in here from netfilter.c */ 57/* The work comes in here from netfilter.c */
58static unsigned int arpt_hook(unsigned int hook, 58static unsigned int arpt_hook(unsigned int hook,
59 struct sk_buff **pskb, 59 struct sk_buff *skb,
60 const struct net_device *in, 60 const struct net_device *in,
61 const struct net_device *out, 61 const struct net_device *out,
62 int (*okfn)(struct sk_buff *)) 62 int (*okfn)(struct sk_buff *))
63{ 63{
64 return arpt_do_table(pskb, hook, in, out, &packet_filter); 64 return arpt_do_table(skb, hook, in, out, &packet_filter);
65} 65}
66 66
67static struct nf_hook_ops arpt_ops[] = { 67static struct nf_hook_ops arpt_ops[] = {
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 6486894f450c..4b10b98640ac 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -169,7 +169,7 @@ ip_checkentry(const struct ipt_ip *ip)
169} 169}
170 170
171static unsigned int 171static unsigned int
172ipt_error(struct sk_buff **pskb, 172ipt_error(struct sk_buff *skb,
173 const struct net_device *in, 173 const struct net_device *in,
174 const struct net_device *out, 174 const struct net_device *out,
175 unsigned int hooknum, 175 unsigned int hooknum,
@@ -312,7 +312,7 @@ static void trace_packet(struct sk_buff *skb,
312 312
313/* Returns one of the generic firewall policies, like NF_ACCEPT. */ 313/* Returns one of the generic firewall policies, like NF_ACCEPT. */
314unsigned int 314unsigned int
315ipt_do_table(struct sk_buff **pskb, 315ipt_do_table(struct sk_buff *skb,
316 unsigned int hook, 316 unsigned int hook,
317 const struct net_device *in, 317 const struct net_device *in,
318 const struct net_device *out, 318 const struct net_device *out,
@@ -331,8 +331,8 @@ ipt_do_table(struct sk_buff **pskb,
331 struct xt_table_info *private; 331 struct xt_table_info *private;
332 332
333 /* Initialization */ 333 /* Initialization */
334 ip = ip_hdr(*pskb); 334 ip = ip_hdr(skb);
335 datalen = (*pskb)->len - ip->ihl * 4; 335 datalen = skb->len - ip->ihl * 4;
336 indev = in ? in->name : nulldevname; 336 indev = in ? in->name : nulldevname;
337 outdev = out ? out->name : nulldevname; 337 outdev = out ? out->name : nulldevname;
338 /* We handle fragments by dealing with the first fragment as 338 /* We handle fragments by dealing with the first fragment as
@@ -359,7 +359,7 @@ ipt_do_table(struct sk_buff **pskb,
359 struct ipt_entry_target *t; 359 struct ipt_entry_target *t;
360 360
361 if (IPT_MATCH_ITERATE(e, do_match, 361 if (IPT_MATCH_ITERATE(e, do_match,
362 *pskb, in, out, 362 skb, in, out,
363 offset, &hotdrop) != 0) 363 offset, &hotdrop) != 0)
364 goto no_match; 364 goto no_match;
365 365
@@ -371,8 +371,8 @@ ipt_do_table(struct sk_buff **pskb,
371#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ 371#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
372 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) 372 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
373 /* The packet is traced: log it */ 373 /* The packet is traced: log it */
374 if (unlikely((*pskb)->nf_trace)) 374 if (unlikely(skb->nf_trace))
375 trace_packet(*pskb, hook, in, out, 375 trace_packet(skb, hook, in, out,
376 table->name, private, e); 376 table->name, private, e);
377#endif 377#endif
378 /* Standard target? */ 378 /* Standard target? */
@@ -410,7 +410,7 @@ ipt_do_table(struct sk_buff **pskb,
410 ((struct ipt_entry *)table_base)->comefrom 410 ((struct ipt_entry *)table_base)->comefrom
411 = 0xeeeeeeec; 411 = 0xeeeeeeec;
412#endif 412#endif
413 verdict = t->u.kernel.target->target(pskb, 413 verdict = t->u.kernel.target->target(skb,
414 in, out, 414 in, out,
415 hook, 415 hook,
416 t->u.kernel.target, 416 t->u.kernel.target,
@@ -428,8 +428,8 @@ ipt_do_table(struct sk_buff **pskb,
428 = 0x57acc001; 428 = 0x57acc001;
429#endif 429#endif
430 /* Target might have changed stuff. */ 430 /* Target might have changed stuff. */
431 ip = ip_hdr(*pskb); 431 ip = ip_hdr(skb);
432 datalen = (*pskb)->len - ip->ihl * 4; 432 datalen = skb->len - ip->ihl * 4;
433 433
434 if (verdict == IPT_CONTINUE) 434 if (verdict == IPT_CONTINUE)
435 e = (void *)e + e->next_offset; 435 e = (void *)e + e->next_offset;
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 27f14e1ebd8b..2f544dac72df 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -289,7 +289,7 @@ clusterip_responsible(const struct clusterip_config *config, u_int32_t hash)
289 ***********************************************************************/ 289 ***********************************************************************/
290 290
291static unsigned int 291static unsigned int
292target(struct sk_buff **pskb, 292target(struct sk_buff *skb,
293 const struct net_device *in, 293 const struct net_device *in,
294 const struct net_device *out, 294 const struct net_device *out,
295 unsigned int hooknum, 295 unsigned int hooknum,
@@ -305,7 +305,7 @@ target(struct sk_buff **pskb,
305 * is only decremented by destroy() - and ip_tables guarantees 305 * is only decremented by destroy() - and ip_tables guarantees
306 * that the ->target() function isn't called after ->destroy() */ 306 * that the ->target() function isn't called after ->destroy() */
307 307
308 ct = nf_ct_get(*pskb, &ctinfo); 308 ct = nf_ct_get(skb, &ctinfo);
309 if (ct == NULL) { 309 if (ct == NULL) {
310 printk(KERN_ERR "CLUSTERIP: no conntrack!\n"); 310 printk(KERN_ERR "CLUSTERIP: no conntrack!\n");
311 /* FIXME: need to drop invalid ones, since replies 311 /* FIXME: need to drop invalid ones, since replies
@@ -316,7 +316,7 @@ target(struct sk_buff **pskb,
316 316
317 /* special case: ICMP error handling. conntrack distinguishes between 317 /* special case: ICMP error handling. conntrack distinguishes between
318 * error messages (RELATED) and information requests (see below) */ 318 * error messages (RELATED) and information requests (see below) */
319 if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP 319 if (ip_hdr(skb)->protocol == IPPROTO_ICMP
320 && (ctinfo == IP_CT_RELATED 320 && (ctinfo == IP_CT_RELATED
321 || ctinfo == IP_CT_RELATED+IP_CT_IS_REPLY)) 321 || ctinfo == IP_CT_RELATED+IP_CT_IS_REPLY))
322 return XT_CONTINUE; 322 return XT_CONTINUE;
@@ -325,7 +325,7 @@ target(struct sk_buff **pskb,
325 * TIMESTAMP, INFO_REQUEST or ADDRESS type icmp packets from here 325 * TIMESTAMP, INFO_REQUEST or ADDRESS type icmp packets from here
326 * on, which all have an ID field [relevant for hashing]. */ 326 * on, which all have an ID field [relevant for hashing]. */
327 327
328 hash = clusterip_hashfn(*pskb, cipinfo->config); 328 hash = clusterip_hashfn(skb, cipinfo->config);
329 329
330 switch (ctinfo) { 330 switch (ctinfo) {
331 case IP_CT_NEW: 331 case IP_CT_NEW:
@@ -355,7 +355,7 @@ target(struct sk_buff **pskb,
355 355
356 /* despite being received via linklayer multicast, this is 356 /* despite being received via linklayer multicast, this is
357 * actually a unicast IP packet. TCP doesn't like PACKET_MULTICAST */ 357 * actually a unicast IP packet. TCP doesn't like PACKET_MULTICAST */
358 (*pskb)->pkt_type = PACKET_HOST; 358 skb->pkt_type = PACKET_HOST;
359 359
360 return XT_CONTINUE; 360 return XT_CONTINUE;
361} 361}
@@ -505,12 +505,12 @@ static void arp_print(struct arp_payload *payload)
505 505
506static unsigned int 506static unsigned int
507arp_mangle(unsigned int hook, 507arp_mangle(unsigned int hook,
508 struct sk_buff **pskb, 508 struct sk_buff *skb,
509 const struct net_device *in, 509 const struct net_device *in,
510 const struct net_device *out, 510 const struct net_device *out,
511 int (*okfn)(struct sk_buff *)) 511 int (*okfn)(struct sk_buff *))
512{ 512{
513 struct arphdr *arp = arp_hdr(*pskb); 513 struct arphdr *arp = arp_hdr(skb);
514 struct arp_payload *payload; 514 struct arp_payload *payload;
515 struct clusterip_config *c; 515 struct clusterip_config *c;
516 516
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c
index 92744be1c55e..add110060a22 100644
--- a/net/ipv4/netfilter/ipt_ECN.c
+++ b/net/ipv4/netfilter/ipt_ECN.c
@@ -26,15 +26,15 @@ MODULE_DESCRIPTION("iptables ECN modification module");
26/* set ECT codepoint from IP header. 26/* set ECT codepoint from IP header.
27 * return false if there was an error. */ 27 * return false if there was an error. */
28static inline bool 28static inline bool
29set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) 29set_ect_ip(struct sk_buff *skb, const struct ipt_ECN_info *einfo)
30{ 30{
31 struct iphdr *iph = ip_hdr(*pskb); 31 struct iphdr *iph = ip_hdr(skb);
32 32
33 if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) { 33 if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) {
34 __u8 oldtos; 34 __u8 oldtos;
35 if (!skb_make_writable(*pskb, sizeof(struct iphdr))) 35 if (!skb_make_writable(skb, sizeof(struct iphdr)))
36 return false; 36 return false;
37 iph = ip_hdr(*pskb); 37 iph = ip_hdr(skb);
38 oldtos = iph->tos; 38 oldtos = iph->tos;
39 iph->tos &= ~IPT_ECN_IP_MASK; 39 iph->tos &= ~IPT_ECN_IP_MASK;
40 iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK); 40 iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK);
@@ -45,14 +45,13 @@ set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
45 45
46/* Return false if there was an error. */ 46/* Return false if there was an error. */
47static inline bool 47static inline bool
48set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) 48set_ect_tcp(struct sk_buff *skb, const struct ipt_ECN_info *einfo)
49{ 49{
50 struct tcphdr _tcph, *tcph; 50 struct tcphdr _tcph, *tcph;
51 __be16 oldval; 51 __be16 oldval;
52 52
53 /* Not enought header? */ 53 /* Not enought header? */
54 tcph = skb_header_pointer(*pskb, ip_hdrlen(*pskb), 54 tcph = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph);
55 sizeof(_tcph), &_tcph);
56 if (!tcph) 55 if (!tcph)
57 return false; 56 return false;
58 57
@@ -62,9 +61,9 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
62 tcph->cwr == einfo->proto.tcp.cwr)) 61 tcph->cwr == einfo->proto.tcp.cwr))
63 return true; 62 return true;
64 63
65 if (!skb_make_writable(*pskb, ip_hdrlen(*pskb) + sizeof(*tcph))) 64 if (!skb_make_writable(skb, ip_hdrlen(skb) + sizeof(*tcph)))
66 return false; 65 return false;
67 tcph = (void *)ip_hdr(*pskb) + ip_hdrlen(*pskb); 66 tcph = (void *)ip_hdr(skb) + ip_hdrlen(skb);
68 67
69 oldval = ((__be16 *)tcph)[6]; 68 oldval = ((__be16 *)tcph)[6];
70 if (einfo->operation & IPT_ECN_OP_SET_ECE) 69 if (einfo->operation & IPT_ECN_OP_SET_ECE)
@@ -72,13 +71,13 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
72 if (einfo->operation & IPT_ECN_OP_SET_CWR) 71 if (einfo->operation & IPT_ECN_OP_SET_CWR)
73 tcph->cwr = einfo->proto.tcp.cwr; 72 tcph->cwr = einfo->proto.tcp.cwr;
74 73
75 nf_proto_csum_replace2(&tcph->check, *pskb, 74 nf_proto_csum_replace2(&tcph->check, skb,
76 oldval, ((__be16 *)tcph)[6], 0); 75 oldval, ((__be16 *)tcph)[6], 0);
77 return true; 76 return true;
78} 77}
79 78
80static unsigned int 79static unsigned int
81target(struct sk_buff **pskb, 80target(struct sk_buff *skb,
82 const struct net_device *in, 81 const struct net_device *in,
83 const struct net_device *out, 82 const struct net_device *out,
84 unsigned int hooknum, 83 unsigned int hooknum,
@@ -88,12 +87,12 @@ target(struct sk_buff **pskb,
88 const struct ipt_ECN_info *einfo = targinfo; 87 const struct ipt_ECN_info *einfo = targinfo;
89 88
90 if (einfo->operation & IPT_ECN_OP_SET_IP) 89 if (einfo->operation & IPT_ECN_OP_SET_IP)
91 if (!set_ect_ip(pskb, einfo)) 90 if (!set_ect_ip(skb, einfo))
92 return NF_DROP; 91 return NF_DROP;
93 92
94 if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR) 93 if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR)
95 && ip_hdr(*pskb)->protocol == IPPROTO_TCP) 94 && ip_hdr(skb)->protocol == IPPROTO_TCP)
96 if (!set_ect_tcp(pskb, einfo)) 95 if (!set_ect_tcp(skb, einfo))
97 return NF_DROP; 96 return NF_DROP;
98 97
99 return XT_CONTINUE; 98 return XT_CONTINUE;
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
index 127a5e89bf14..4b5e8216a4e7 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -418,7 +418,7 @@ ipt_log_packet(unsigned int pf,
418} 418}
419 419
420static unsigned int 420static unsigned int
421ipt_log_target(struct sk_buff **pskb, 421ipt_log_target(struct sk_buff *skb,
422 const struct net_device *in, 422 const struct net_device *in,
423 const struct net_device *out, 423 const struct net_device *out,
424 unsigned int hooknum, 424 unsigned int hooknum,
@@ -432,7 +432,7 @@ ipt_log_target(struct sk_buff **pskb,
432 li.u.log.level = loginfo->level; 432 li.u.log.level = loginfo->level;
433 li.u.log.logflags = loginfo->logflags; 433 li.u.log.logflags = loginfo->logflags;
434 434
435 ipt_log_packet(PF_INET, hooknum, *pskb, in, out, &li, 435 ipt_log_packet(PF_INET, hooknum, skb, in, out, &li,
436 loginfo->prefix); 436 loginfo->prefix);
437 return XT_CONTINUE; 437 return XT_CONTINUE;
438} 438}
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index 3e0b562b2db7..44b516e7cb79 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -52,7 +52,7 @@ masquerade_check(const char *tablename,
52} 52}
53 53
54static unsigned int 54static unsigned int
55masquerade_target(struct sk_buff **pskb, 55masquerade_target(struct sk_buff *skb,
56 const struct net_device *in, 56 const struct net_device *in,
57 const struct net_device *out, 57 const struct net_device *out,
58 unsigned int hooknum, 58 unsigned int hooknum,
@@ -69,7 +69,7 @@ masquerade_target(struct sk_buff **pskb,
69 69
70 NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); 70 NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING);
71 71
72 ct = nf_ct_get(*pskb, &ctinfo); 72 ct = nf_ct_get(skb, &ctinfo);
73 nat = nfct_nat(ct); 73 nat = nfct_nat(ct);
74 74
75 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED 75 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED
@@ -82,7 +82,7 @@ masquerade_target(struct sk_buff **pskb,
82 return NF_ACCEPT; 82 return NF_ACCEPT;
83 83
84 mr = targinfo; 84 mr = targinfo;
85 rt = (struct rtable *)(*pskb)->dst; 85 rt = (struct rtable *)skb->dst;
86 newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE); 86 newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
87 if (!newsrc) { 87 if (!newsrc) {
88 printk("MASQUERADE: %s ate my IP address\n", out->name); 88 printk("MASQUERADE: %s ate my IP address\n", out->name);
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
index 41a011d5a065..f8699291e33d 100644
--- a/net/ipv4/netfilter/ipt_NETMAP.c
+++ b/net/ipv4/netfilter/ipt_NETMAP.c
@@ -43,7 +43,7 @@ check(const char *tablename,
43} 43}
44 44
45static unsigned int 45static unsigned int
46target(struct sk_buff **pskb, 46target(struct sk_buff *skb,
47 const struct net_device *in, 47 const struct net_device *in,
48 const struct net_device *out, 48 const struct net_device *out,
49 unsigned int hooknum, 49 unsigned int hooknum,
@@ -59,14 +59,14 @@ target(struct sk_buff **pskb,
59 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING 59 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING
60 || hooknum == NF_IP_POST_ROUTING 60 || hooknum == NF_IP_POST_ROUTING
61 || hooknum == NF_IP_LOCAL_OUT); 61 || hooknum == NF_IP_LOCAL_OUT);
62 ct = nf_ct_get(*pskb, &ctinfo); 62 ct = nf_ct_get(skb, &ctinfo);
63 63
64 netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip); 64 netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
65 65
66 if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT) 66 if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT)
67 new_ip = ip_hdr(*pskb)->daddr & ~netmask; 67 new_ip = ip_hdr(skb)->daddr & ~netmask;
68 else 68 else
69 new_ip = ip_hdr(*pskb)->saddr & ~netmask; 69 new_ip = ip_hdr(skb)->saddr & ~netmask;
70 new_ip |= mr->range[0].min_ip & netmask; 70 new_ip |= mr->range[0].min_ip & netmask;
71 71
72 newrange = ((struct nf_nat_range) 72 newrange = ((struct nf_nat_range)
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c
index 6ac7a2373316..f7cf7d61a2d4 100644
--- a/net/ipv4/netfilter/ipt_REDIRECT.c
+++ b/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -47,7 +47,7 @@ redirect_check(const char *tablename,
47} 47}
48 48
49static unsigned int 49static unsigned int
50redirect_target(struct sk_buff **pskb, 50redirect_target(struct sk_buff *skb,
51 const struct net_device *in, 51 const struct net_device *in,
52 const struct net_device *out, 52 const struct net_device *out,
53 unsigned int hooknum, 53 unsigned int hooknum,
@@ -63,7 +63,7 @@ redirect_target(struct sk_buff **pskb,
63 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING 63 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING
64 || hooknum == NF_IP_LOCAL_OUT); 64 || hooknum == NF_IP_LOCAL_OUT);
65 65
66 ct = nf_ct_get(*pskb, &ctinfo); 66 ct = nf_ct_get(skb, &ctinfo);
67 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); 67 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
68 68
69 /* Local packets: make them go to loopback */ 69 /* Local packets: make them go to loopback */
@@ -76,7 +76,7 @@ redirect_target(struct sk_buff **pskb,
76 newdst = 0; 76 newdst = 0;
77 77
78 rcu_read_lock(); 78 rcu_read_lock();
79 indev = __in_dev_get_rcu((*pskb)->dev); 79 indev = __in_dev_get_rcu(skb->dev);
80 if (indev && (ifa = indev->ifa_list)) 80 if (indev && (ifa = indev->ifa_list))
81 newdst = ifa->ifa_local; 81 newdst = ifa->ifa_local;
82 rcu_read_unlock(); 82 rcu_read_unlock();
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index cb038c8fbc9d..dcf4d21d5116 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -131,7 +131,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
131 ) 131 )
132 addr_type = RTN_LOCAL; 132 addr_type = RTN_LOCAL;
133 133
134 if (ip_route_me_harder(&nskb, addr_type)) 134 if (ip_route_me_harder(nskb, addr_type))
135 goto free_nskb; 135 goto free_nskb;
136 136
137 nskb->ip_summed = CHECKSUM_NONE; 137 nskb->ip_summed = CHECKSUM_NONE;
@@ -162,7 +162,7 @@ static inline void send_unreach(struct sk_buff *skb_in, int code)
162 icmp_send(skb_in, ICMP_DEST_UNREACH, code, 0); 162 icmp_send(skb_in, ICMP_DEST_UNREACH, code, 0);
163} 163}
164 164
165static unsigned int reject(struct sk_buff **pskb, 165static unsigned int reject(struct sk_buff *skb,
166 const struct net_device *in, 166 const struct net_device *in,
167 const struct net_device *out, 167 const struct net_device *out,
168 unsigned int hooknum, 168 unsigned int hooknum,
@@ -173,7 +173,7 @@ static unsigned int reject(struct sk_buff **pskb,
173 173
174 /* Our naive response construction doesn't deal with IP 174 /* Our naive response construction doesn't deal with IP
175 options, and probably shouldn't try. */ 175 options, and probably shouldn't try. */
176 if (ip_hdrlen(*pskb) != sizeof(struct iphdr)) 176 if (ip_hdrlen(skb) != sizeof(struct iphdr))
177 return NF_DROP; 177 return NF_DROP;
178 178
179 /* WARNING: This code causes reentry within iptables. 179 /* WARNING: This code causes reentry within iptables.
@@ -181,28 +181,28 @@ static unsigned int reject(struct sk_buff **pskb,
181 must return an absolute verdict. --RR */ 181 must return an absolute verdict. --RR */
182 switch (reject->with) { 182 switch (reject->with) {
183 case IPT_ICMP_NET_UNREACHABLE: 183 case IPT_ICMP_NET_UNREACHABLE:
184 send_unreach(*pskb, ICMP_NET_UNREACH); 184 send_unreach(skb, ICMP_NET_UNREACH);
185 break; 185 break;
186 case IPT_ICMP_HOST_UNREACHABLE: 186 case IPT_ICMP_HOST_UNREACHABLE:
187 send_unreach(*pskb, ICMP_HOST_UNREACH); 187 send_unreach(skb, ICMP_HOST_UNREACH);
188 break; 188 break;
189 case IPT_ICMP_PROT_UNREACHABLE: 189 case IPT_ICMP_PROT_UNREACHABLE:
190 send_unreach(*pskb, ICMP_PROT_UNREACH); 190 send_unreach(skb, ICMP_PROT_UNREACH);
191 break; 191 break;
192 case IPT_ICMP_PORT_UNREACHABLE: 192 case IPT_ICMP_PORT_UNREACHABLE:
193 send_unreach(*pskb, ICMP_PORT_UNREACH); 193 send_unreach(skb, ICMP_PORT_UNREACH);
194 break; 194 break;
195 case IPT_ICMP_NET_PROHIBITED: 195 case IPT_ICMP_NET_PROHIBITED:
196 send_unreach(*pskb, ICMP_NET_ANO); 196 send_unreach(skb, ICMP_NET_ANO);
197 break; 197 break;
198 case IPT_ICMP_HOST_PROHIBITED: 198 case IPT_ICMP_HOST_PROHIBITED:
199 send_unreach(*pskb, ICMP_HOST_ANO); 199 send_unreach(skb, ICMP_HOST_ANO);
200 break; 200 break;
201 case IPT_ICMP_ADMIN_PROHIBITED: 201 case IPT_ICMP_ADMIN_PROHIBITED:
202 send_unreach(*pskb, ICMP_PKT_FILTERED); 202 send_unreach(skb, ICMP_PKT_FILTERED);
203 break; 203 break;
204 case IPT_TCP_RESET: 204 case IPT_TCP_RESET:
205 send_reset(*pskb, hooknum); 205 send_reset(skb, hooknum);
206 case IPT_ICMP_ECHOREPLY: 206 case IPT_ICMP_ECHOREPLY:
207 /* Doesn't happen. */ 207 /* Doesn't happen. */
208 break; 208 break;
diff --git a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c
index 97641f1a97f6..8988571436b8 100644
--- a/net/ipv4/netfilter/ipt_SAME.c
+++ b/net/ipv4/netfilter/ipt_SAME.c
@@ -104,7 +104,7 @@ same_destroy(const struct xt_target *target, void *targinfo)
104} 104}
105 105
106static unsigned int 106static unsigned int
107same_target(struct sk_buff **pskb, 107same_target(struct sk_buff *skb,
108 const struct net_device *in, 108 const struct net_device *in,
109 const struct net_device *out, 109 const struct net_device *out,
110 unsigned int hooknum, 110 unsigned int hooknum,
@@ -121,7 +121,7 @@ same_target(struct sk_buff **pskb,
121 121
122 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || 122 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING ||
123 hooknum == NF_IP_POST_ROUTING); 123 hooknum == NF_IP_POST_ROUTING);
124 ct = nf_ct_get(*pskb, &ctinfo); 124 ct = nf_ct_get(skb, &ctinfo);
125 125
126 t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; 126 t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
127 127
diff --git a/net/ipv4/netfilter/ipt_TOS.c b/net/ipv4/netfilter/ipt_TOS.c
index 87b689ac09a5..d4573baa7f27 100644
--- a/net/ipv4/netfilter/ipt_TOS.c
+++ b/net/ipv4/netfilter/ipt_TOS.c
@@ -21,7 +21,7 @@ MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
21MODULE_DESCRIPTION("iptables TOS mangling module"); 21MODULE_DESCRIPTION("iptables TOS mangling module");
22 22
23static unsigned int 23static unsigned int
24target(struct sk_buff **pskb, 24target(struct sk_buff *skb,
25 const struct net_device *in, 25 const struct net_device *in,
26 const struct net_device *out, 26 const struct net_device *out,
27 unsigned int hooknum, 27 unsigned int hooknum,
@@ -29,13 +29,13 @@ target(struct sk_buff **pskb,
29 const void *targinfo) 29 const void *targinfo)
30{ 30{
31 const struct ipt_tos_target_info *tosinfo = targinfo; 31 const struct ipt_tos_target_info *tosinfo = targinfo;
32 struct iphdr *iph = ip_hdr(*pskb); 32 struct iphdr *iph = ip_hdr(skb);
33 33
34 if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) { 34 if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) {
35 __u8 oldtos; 35 __u8 oldtos;
36 if (!skb_make_writable(*pskb, sizeof(struct iphdr))) 36 if (!skb_make_writable(skb, sizeof(struct iphdr)))
37 return NF_DROP; 37 return NF_DROP;
38 iph = ip_hdr(*pskb); 38 iph = ip_hdr(skb);
39 oldtos = iph->tos; 39 oldtos = iph->tos;
40 iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos; 40 iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos;
41 nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos)); 41 nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos));
diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c
index 3dd467611e11..c620a0527666 100644
--- a/net/ipv4/netfilter/ipt_TTL.c
+++ b/net/ipv4/netfilter/ipt_TTL.c
@@ -20,7 +20,7 @@ MODULE_DESCRIPTION("IP tables TTL modification module");
20MODULE_LICENSE("GPL"); 20MODULE_LICENSE("GPL");
21 21
22static unsigned int 22static unsigned int
23ipt_ttl_target(struct sk_buff **pskb, 23ipt_ttl_target(struct sk_buff *skb,
24 const struct net_device *in, const struct net_device *out, 24 const struct net_device *in, const struct net_device *out,
25 unsigned int hooknum, const struct xt_target *target, 25 unsigned int hooknum, const struct xt_target *target,
26 const void *targinfo) 26 const void *targinfo)
@@ -29,10 +29,10 @@ ipt_ttl_target(struct sk_buff **pskb,
29 const struct ipt_TTL_info *info = targinfo; 29 const struct ipt_TTL_info *info = targinfo;
30 int new_ttl; 30 int new_ttl;
31 31
32 if (!skb_make_writable(*pskb, (*pskb)->len)) 32 if (!skb_make_writable(skb, skb->len))
33 return NF_DROP; 33 return NF_DROP;
34 34
35 iph = ip_hdr(*pskb); 35 iph = ip_hdr(skb);
36 36
37 switch (info->mode) { 37 switch (info->mode) {
38 case IPT_TTL_SET: 38 case IPT_TTL_SET:
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index c636d6d63574..212b830765a4 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -279,7 +279,7 @@ alloc_failure:
279 spin_unlock_bh(&ulog_lock); 279 spin_unlock_bh(&ulog_lock);
280} 280}
281 281
282static unsigned int ipt_ulog_target(struct sk_buff **pskb, 282static unsigned int ipt_ulog_target(struct sk_buff *skb,
283 const struct net_device *in, 283 const struct net_device *in,
284 const struct net_device *out, 284 const struct net_device *out,
285 unsigned int hooknum, 285 unsigned int hooknum,
@@ -288,7 +288,7 @@ static unsigned int ipt_ulog_target(struct sk_buff **pskb,
288{ 288{
289 struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; 289 struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
290 290
291 ipt_ulog_packet(hooknum, *pskb, in, out, loginfo, NULL); 291 ipt_ulog_packet(hooknum, skb, in, out, loginfo, NULL);
292 292
293 return XT_CONTINUE; 293 return XT_CONTINUE;
294} 294}
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c
index 4f51c1d7d2d6..ba3262c60437 100644
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -62,31 +62,31 @@ static struct xt_table packet_filter = {
62/* The work comes in here from netfilter.c. */ 62/* The work comes in here from netfilter.c. */
63static unsigned int 63static unsigned int
64ipt_hook(unsigned int hook, 64ipt_hook(unsigned int hook,
65 struct sk_buff **pskb, 65 struct sk_buff *skb,
66 const struct net_device *in, 66 const struct net_device *in,
67 const struct net_device *out, 67 const struct net_device *out,
68 int (*okfn)(struct sk_buff *)) 68 int (*okfn)(struct sk_buff *))
69{ 69{
70 return ipt_do_table(pskb, hook, in, out, &packet_filter); 70 return ipt_do_table(skb, hook, in, out, &packet_filter);
71} 71}
72 72
73static unsigned int 73static unsigned int
74ipt_local_out_hook(unsigned int hook, 74ipt_local_out_hook(unsigned int hook,
75 struct sk_buff **pskb, 75 struct sk_buff *skb,
76 const struct net_device *in, 76 const struct net_device *in,
77 const struct net_device *out, 77 const struct net_device *out,
78 int (*okfn)(struct sk_buff *)) 78 int (*okfn)(struct sk_buff *))
79{ 79{
80 /* root is playing with raw sockets. */ 80 /* root is playing with raw sockets. */
81 if ((*pskb)->len < sizeof(struct iphdr) 81 if (skb->len < sizeof(struct iphdr) ||
82 || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 82 ip_hdrlen(skb) < sizeof(struct iphdr)) {
83 if (net_ratelimit()) 83 if (net_ratelimit())
84 printk("iptable_filter: ignoring short SOCK_RAW " 84 printk("iptable_filter: ignoring short SOCK_RAW "
85 "packet.\n"); 85 "packet.\n");
86 return NF_ACCEPT; 86 return NF_ACCEPT;
87 } 87 }
88 88
89 return ipt_do_table(pskb, hook, in, out, &packet_filter); 89 return ipt_do_table(skb, hook, in, out, &packet_filter);
90} 90}
91 91
92static struct nf_hook_ops ipt_ops[] = { 92static struct nf_hook_ops ipt_ops[] = {
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index 902446f7cbca..b4360a69d5ca 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -75,17 +75,17 @@ static struct xt_table packet_mangler = {
75/* The work comes in here from netfilter.c. */ 75/* The work comes in here from netfilter.c. */
76static unsigned int 76static unsigned int
77ipt_route_hook(unsigned int hook, 77ipt_route_hook(unsigned int hook,
78 struct sk_buff **pskb, 78 struct sk_buff *skb,
79 const struct net_device *in, 79 const struct net_device *in,
80 const struct net_device *out, 80 const struct net_device *out,
81 int (*okfn)(struct sk_buff *)) 81 int (*okfn)(struct sk_buff *))
82{ 82{
83 return ipt_do_table(pskb, hook, in, out, &packet_mangler); 83 return ipt_do_table(skb, hook, in, out, &packet_mangler);
84} 84}
85 85
86static unsigned int 86static unsigned int
87ipt_local_hook(unsigned int hook, 87ipt_local_hook(unsigned int hook,
88 struct sk_buff **pskb, 88 struct sk_buff *skb,
89 const struct net_device *in, 89 const struct net_device *in,
90 const struct net_device *out, 90 const struct net_device *out,
91 int (*okfn)(struct sk_buff *)) 91 int (*okfn)(struct sk_buff *))
@@ -97,8 +97,8 @@ ipt_local_hook(unsigned int hook,
97 u_int32_t mark; 97 u_int32_t mark;
98 98
99 /* root is playing with raw sockets. */ 99 /* root is playing with raw sockets. */
100 if ((*pskb)->len < sizeof(struct iphdr) 100 if (skb->len < sizeof(struct iphdr)
101 || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 101 || ip_hdrlen(skb) < sizeof(struct iphdr)) {
102 if (net_ratelimit()) 102 if (net_ratelimit())
103 printk("iptable_mangle: ignoring short SOCK_RAW " 103 printk("iptable_mangle: ignoring short SOCK_RAW "
104 "packet.\n"); 104 "packet.\n");
@@ -106,22 +106,22 @@ ipt_local_hook(unsigned int hook,
106 } 106 }
107 107
108 /* Save things which could affect route */ 108 /* Save things which could affect route */
109 mark = (*pskb)->mark; 109 mark = skb->mark;
110 iph = ip_hdr(*pskb); 110 iph = ip_hdr(skb);
111 saddr = iph->saddr; 111 saddr = iph->saddr;
112 daddr = iph->daddr; 112 daddr = iph->daddr;
113 tos = iph->tos; 113 tos = iph->tos;
114 114
115 ret = ipt_do_table(pskb, hook, in, out, &packet_mangler); 115 ret = ipt_do_table(skb, hook, in, out, &packet_mangler);
116 /* Reroute for ANY change. */ 116 /* Reroute for ANY change. */
117 if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) { 117 if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) {
118 iph = ip_hdr(*pskb); 118 iph = ip_hdr(skb);
119 119
120 if (iph->saddr != saddr || 120 if (iph->saddr != saddr ||
121 iph->daddr != daddr || 121 iph->daddr != daddr ||
122 (*pskb)->mark != mark || 122 skb->mark != mark ||
123 iph->tos != tos) 123 iph->tos != tos)
124 if (ip_route_me_harder(pskb, RTN_UNSPEC)) 124 if (ip_route_me_harder(skb, RTN_UNSPEC))
125 ret = NF_DROP; 125 ret = NF_DROP;
126 } 126 }
127 127
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c
index d6e503395684..5de6e57ac55c 100644
--- a/net/ipv4/netfilter/iptable_raw.c
+++ b/net/ipv4/netfilter/iptable_raw.c
@@ -47,30 +47,30 @@ static struct xt_table packet_raw = {
47/* The work comes in here from netfilter.c. */ 47/* The work comes in here from netfilter.c. */
48static unsigned int 48static unsigned int
49ipt_hook(unsigned int hook, 49ipt_hook(unsigned int hook,
50 struct sk_buff **pskb, 50 struct sk_buff *skb,
51 const struct net_device *in, 51 const struct net_device *in,
52 const struct net_device *out, 52 const struct net_device *out,
53 int (*okfn)(struct sk_buff *)) 53 int (*okfn)(struct sk_buff *))
54{ 54{
55 return ipt_do_table(pskb, hook, in, out, &packet_raw); 55 return ipt_do_table(skb, hook, in, out, &packet_raw);
56} 56}
57 57
58static unsigned int 58static unsigned int
59ipt_local_hook(unsigned int hook, 59ipt_local_hook(unsigned int hook,
60 struct sk_buff **pskb, 60 struct sk_buff *skb,
61 const struct net_device *in, 61 const struct net_device *in,
62 const struct net_device *out, 62 const struct net_device *out,
63 int (*okfn)(struct sk_buff *)) 63 int (*okfn)(struct sk_buff *))
64{ 64{
65 /* root is playing with raw sockets. */ 65 /* root is playing with raw sockets. */
66 if ((*pskb)->len < sizeof(struct iphdr) || 66 if (skb->len < sizeof(struct iphdr) ||
67 ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 67 ip_hdrlen(skb) < sizeof(struct iphdr)) {
68 if (net_ratelimit()) 68 if (net_ratelimit())
69 printk("iptable_raw: ignoring short SOCK_RAW" 69 printk("iptable_raw: ignoring short SOCK_RAW"
70 "packet.\n"); 70 "packet.\n");
71 return NF_ACCEPT; 71 return NF_ACCEPT;
72 } 72 }
73 return ipt_do_table(pskb, hook, in, out, &packet_raw); 73 return ipt_do_table(skb, hook, in, out, &packet_raw);
74} 74}
75 75
76/* 'raw' is the very first table. */ 76/* 'raw' is the very first table. */
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 48fdd9eb1c71..831e9b29806d 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -100,17 +100,17 @@ static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
100} 100}
101 101
102static unsigned int ipv4_confirm(unsigned int hooknum, 102static unsigned int ipv4_confirm(unsigned int hooknum,
103 struct sk_buff **pskb, 103 struct sk_buff *skb,
104 const struct net_device *in, 104 const struct net_device *in,
105 const struct net_device *out, 105 const struct net_device *out,
106 int (*okfn)(struct sk_buff *)) 106 int (*okfn)(struct sk_buff *))
107{ 107{
108 /* We've seen it coming out the other side: confirm it */ 108 /* We've seen it coming out the other side: confirm it */
109 return nf_conntrack_confirm(pskb); 109 return nf_conntrack_confirm(skb);
110} 110}
111 111
112static unsigned int ipv4_conntrack_help(unsigned int hooknum, 112static unsigned int ipv4_conntrack_help(unsigned int hooknum,
113 struct sk_buff **pskb, 113 struct sk_buff *skb,
114 const struct net_device *in, 114 const struct net_device *in,
115 const struct net_device *out, 115 const struct net_device *out,
116 int (*okfn)(struct sk_buff *)) 116 int (*okfn)(struct sk_buff *))
@@ -121,7 +121,7 @@ static unsigned int ipv4_conntrack_help(unsigned int hooknum,
121 struct nf_conntrack_helper *helper; 121 struct nf_conntrack_helper *helper;
122 122
123 /* This is where we call the helper: as the packet goes out. */ 123 /* This is where we call the helper: as the packet goes out. */
124 ct = nf_ct_get(*pskb, &ctinfo); 124 ct = nf_ct_get(skb, &ctinfo);
125 if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY) 125 if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)
126 return NF_ACCEPT; 126 return NF_ACCEPT;
127 127
@@ -132,24 +132,24 @@ static unsigned int ipv4_conntrack_help(unsigned int hooknum,
132 helper = rcu_dereference(help->helper); 132 helper = rcu_dereference(help->helper);
133 if (!helper) 133 if (!helper)
134 return NF_ACCEPT; 134 return NF_ACCEPT;
135 return helper->help(pskb, skb_network_offset(*pskb) + ip_hdrlen(*pskb), 135 return helper->help(skb, skb_network_offset(skb) + ip_hdrlen(skb),
136 ct, ctinfo); 136 ct, ctinfo);
137} 137}
138 138
139static unsigned int ipv4_conntrack_defrag(unsigned int hooknum, 139static unsigned int ipv4_conntrack_defrag(unsigned int hooknum,
140 struct sk_buff **pskb, 140 struct sk_buff *skb,
141 const struct net_device *in, 141 const struct net_device *in,
142 const struct net_device *out, 142 const struct net_device *out,
143 int (*okfn)(struct sk_buff *)) 143 int (*okfn)(struct sk_buff *))
144{ 144{
145 /* Previously seen (loopback)? Ignore. Do this before 145 /* Previously seen (loopback)? Ignore. Do this before
146 fragment check. */ 146 fragment check. */
147 if ((*pskb)->nfct) 147 if (skb->nfct)
148 return NF_ACCEPT; 148 return NF_ACCEPT;
149 149
150 /* Gather fragments. */ 150 /* Gather fragments. */
151 if (ip_hdr(*pskb)->frag_off & htons(IP_MF | IP_OFFSET)) { 151 if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
152 if (nf_ct_ipv4_gather_frags(*pskb, 152 if (nf_ct_ipv4_gather_frags(skb,
153 hooknum == NF_IP_PRE_ROUTING ? 153 hooknum == NF_IP_PRE_ROUTING ?
154 IP_DEFRAG_CONNTRACK_IN : 154 IP_DEFRAG_CONNTRACK_IN :
155 IP_DEFRAG_CONNTRACK_OUT)) 155 IP_DEFRAG_CONNTRACK_OUT))
@@ -159,28 +159,28 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum,
159} 159}
160 160
161static unsigned int ipv4_conntrack_in(unsigned int hooknum, 161static unsigned int ipv4_conntrack_in(unsigned int hooknum,
162 struct sk_buff **pskb, 162 struct sk_buff *skb,
163 const struct net_device *in, 163 const struct net_device *in,
164 const struct net_device *out, 164 const struct net_device *out,
165 int (*okfn)(struct sk_buff *)) 165 int (*okfn)(struct sk_buff *))
166{ 166{
167 return nf_conntrack_in(PF_INET, hooknum, pskb); 167 return nf_conntrack_in(PF_INET, hooknum, skb);
168} 168}
169 169
170static unsigned int ipv4_conntrack_local(unsigned int hooknum, 170static unsigned int ipv4_conntrack_local(unsigned int hooknum,
171 struct sk_buff **pskb, 171 struct sk_buff *skb,
172 const struct net_device *in, 172 const struct net_device *in,
173 const struct net_device *out, 173 const struct net_device *out,
174 int (*okfn)(struct sk_buff *)) 174 int (*okfn)(struct sk_buff *))
175{ 175{
176 /* root is playing with raw sockets. */ 176 /* root is playing with raw sockets. */
177 if ((*pskb)->len < sizeof(struct iphdr) 177 if (skb->len < sizeof(struct iphdr) ||
178 || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 178 ip_hdrlen(skb) < sizeof(struct iphdr)) {
179 if (net_ratelimit()) 179 if (net_ratelimit())
180 printk("ipt_hook: happy cracking.\n"); 180 printk("ipt_hook: happy cracking.\n");
181 return NF_ACCEPT; 181 return NF_ACCEPT;
182 } 182 }
183 return nf_conntrack_in(PF_INET, hooknum, pskb); 183 return nf_conntrack_in(PF_INET, hooknum, skb);
184} 184}
185 185
186/* Connection tracking may drop packets, but never alters them, so 186/* Connection tracking may drop packets, but never alters them, so
diff --git a/net/ipv4/netfilter/nf_nat_amanda.c b/net/ipv4/netfilter/nf_nat_amanda.c
index bd93a1d71052..35a5aa69cd92 100644
--- a/net/ipv4/netfilter/nf_nat_amanda.c
+++ b/net/ipv4/netfilter/nf_nat_amanda.c
@@ -24,7 +24,7 @@ MODULE_DESCRIPTION("Amanda NAT helper");
24MODULE_LICENSE("GPL"); 24MODULE_LICENSE("GPL");
25MODULE_ALIAS("ip_nat_amanda"); 25MODULE_ALIAS("ip_nat_amanda");
26 26
27static unsigned int help(struct sk_buff **pskb, 27static unsigned int help(struct sk_buff *skb,
28 enum ip_conntrack_info ctinfo, 28 enum ip_conntrack_info ctinfo,
29 unsigned int matchoff, 29 unsigned int matchoff,
30 unsigned int matchlen, 30 unsigned int matchlen,
@@ -53,7 +53,7 @@ static unsigned int help(struct sk_buff **pskb,
53 return NF_DROP; 53 return NF_DROP;
54 54
55 sprintf(buffer, "%u", port); 55 sprintf(buffer, "%u", port);
56 ret = nf_nat_mangle_udp_packet(pskb, exp->master, ctinfo, 56 ret = nf_nat_mangle_udp_packet(skb, exp->master, ctinfo,
57 matchoff, matchlen, 57 matchoff, matchlen,
58 buffer, strlen(buffer)); 58 buffer, strlen(buffer));
59 if (ret != NF_ACCEPT) 59 if (ret != NF_ACCEPT)
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 3b5eb7c1a13c..56e93f692e82 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -349,7 +349,7 @@ EXPORT_SYMBOL(nf_nat_setup_info);
349/* Returns true if succeeded. */ 349/* Returns true if succeeded. */
350static int 350static int
351manip_pkt(u_int16_t proto, 351manip_pkt(u_int16_t proto,
352 struct sk_buff **pskb, 352 struct sk_buff *skb,
353 unsigned int iphdroff, 353 unsigned int iphdroff,
354 const struct nf_conntrack_tuple *target, 354 const struct nf_conntrack_tuple *target,
355 enum nf_nat_manip_type maniptype) 355 enum nf_nat_manip_type maniptype)
@@ -357,19 +357,19 @@ manip_pkt(u_int16_t proto,
357 struct iphdr *iph; 357 struct iphdr *iph;
358 struct nf_nat_protocol *p; 358 struct nf_nat_protocol *p;
359 359
360 if (!skb_make_writable(*pskb, iphdroff + sizeof(*iph))) 360 if (!skb_make_writable(skb, iphdroff + sizeof(*iph)))
361 return 0; 361 return 0;
362 362
363 iph = (void *)(*pskb)->data + iphdroff; 363 iph = (void *)skb->data + iphdroff;
364 364
365 /* Manipulate protcol part. */ 365 /* Manipulate protcol part. */
366 366
367 /* rcu_read_lock()ed by nf_hook_slow */ 367 /* rcu_read_lock()ed by nf_hook_slow */
368 p = __nf_nat_proto_find(proto); 368 p = __nf_nat_proto_find(proto);
369 if (!p->manip_pkt(pskb, iphdroff, target, maniptype)) 369 if (!p->manip_pkt(skb, iphdroff, target, maniptype))
370 return 0; 370 return 0;
371 371
372 iph = (void *)(*pskb)->data + iphdroff; 372 iph = (void *)skb->data + iphdroff;
373 373
374 if (maniptype == IP_NAT_MANIP_SRC) { 374 if (maniptype == IP_NAT_MANIP_SRC) {
375 nf_csum_replace4(&iph->check, iph->saddr, target->src.u3.ip); 375 nf_csum_replace4(&iph->check, iph->saddr, target->src.u3.ip);
@@ -385,7 +385,7 @@ manip_pkt(u_int16_t proto,
385unsigned int nf_nat_packet(struct nf_conn *ct, 385unsigned int nf_nat_packet(struct nf_conn *ct,
386 enum ip_conntrack_info ctinfo, 386 enum ip_conntrack_info ctinfo,
387 unsigned int hooknum, 387 unsigned int hooknum,
388 struct sk_buff **pskb) 388 struct sk_buff *skb)
389{ 389{
390 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 390 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
391 unsigned long statusbit; 391 unsigned long statusbit;
@@ -407,7 +407,7 @@ unsigned int nf_nat_packet(struct nf_conn *ct,
407 /* We are aiming to look like inverse of other direction. */ 407 /* We are aiming to look like inverse of other direction. */
408 nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple); 408 nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple);
409 409
410 if (!manip_pkt(target.dst.protonum, pskb, 0, &target, mtype)) 410 if (!manip_pkt(target.dst.protonum, skb, 0, &target, mtype))
411 return NF_DROP; 411 return NF_DROP;
412 } 412 }
413 return NF_ACCEPT; 413 return NF_ACCEPT;
@@ -418,7 +418,7 @@ EXPORT_SYMBOL_GPL(nf_nat_packet);
418int nf_nat_icmp_reply_translation(struct nf_conn *ct, 418int nf_nat_icmp_reply_translation(struct nf_conn *ct,
419 enum ip_conntrack_info ctinfo, 419 enum ip_conntrack_info ctinfo,
420 unsigned int hooknum, 420 unsigned int hooknum,
421 struct sk_buff **pskb) 421 struct sk_buff *skb)
422{ 422{
423 struct { 423 struct {
424 struct icmphdr icmp; 424 struct icmphdr icmp;
@@ -426,24 +426,24 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
426 } *inside; 426 } *inside;
427 struct nf_conntrack_l4proto *l4proto; 427 struct nf_conntrack_l4proto *l4proto;
428 struct nf_conntrack_tuple inner, target; 428 struct nf_conntrack_tuple inner, target;
429 int hdrlen = ip_hdrlen(*pskb); 429 int hdrlen = ip_hdrlen(skb);
430 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 430 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
431 unsigned long statusbit; 431 unsigned long statusbit;
432 enum nf_nat_manip_type manip = HOOK2MANIP(hooknum); 432 enum nf_nat_manip_type manip = HOOK2MANIP(hooknum);
433 433
434 if (!skb_make_writable(*pskb, hdrlen + sizeof(*inside))) 434 if (!skb_make_writable(skb, hdrlen + sizeof(*inside)))
435 return 0; 435 return 0;
436 436
437 inside = (void *)(*pskb)->data + ip_hdrlen(*pskb); 437 inside = (void *)skb->data + ip_hdrlen(skb);
438 438
439 /* We're actually going to mangle it beyond trivial checksum 439 /* We're actually going to mangle it beyond trivial checksum
440 adjustment, so make sure the current checksum is correct. */ 440 adjustment, so make sure the current checksum is correct. */
441 if (nf_ip_checksum(*pskb, hooknum, hdrlen, 0)) 441 if (nf_ip_checksum(skb, hooknum, hdrlen, 0))
442 return 0; 442 return 0;
443 443
444 /* Must be RELATED */ 444 /* Must be RELATED */
445 NF_CT_ASSERT((*pskb)->nfctinfo == IP_CT_RELATED || 445 NF_CT_ASSERT(skb->nfctinfo == IP_CT_RELATED ||
446 (*pskb)->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY); 446 skb->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY);
447 447
448 /* Redirects on non-null nats must be dropped, else they'll 448 /* Redirects on non-null nats must be dropped, else they'll
449 start talking to each other without our translation, and be 449 start talking to each other without our translation, and be
@@ -458,15 +458,15 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
458 } 458 }
459 459
460 pr_debug("icmp_reply_translation: translating error %p manip %u " 460 pr_debug("icmp_reply_translation: translating error %p manip %u "
461 "dir %s\n", *pskb, manip, 461 "dir %s\n", skb, manip,
462 dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY"); 462 dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY");
463 463
464 /* rcu_read_lock()ed by nf_hook_slow */ 464 /* rcu_read_lock()ed by nf_hook_slow */
465 l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol); 465 l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol);
466 466
467 if (!nf_ct_get_tuple(*pskb, 467 if (!nf_ct_get_tuple(skb,
468 ip_hdrlen(*pskb) + sizeof(struct icmphdr), 468 ip_hdrlen(skb) + sizeof(struct icmphdr),
469 (ip_hdrlen(*pskb) + 469 (ip_hdrlen(skb) +
470 sizeof(struct icmphdr) + inside->ip.ihl * 4), 470 sizeof(struct icmphdr) + inside->ip.ihl * 4),
471 (u_int16_t)AF_INET, 471 (u_int16_t)AF_INET,
472 inside->ip.protocol, 472 inside->ip.protocol,
@@ -478,19 +478,19 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
478 pass all hooks (locally-generated ICMP). Consider incoming 478 pass all hooks (locally-generated ICMP). Consider incoming
479 packet: PREROUTING (DST manip), routing produces ICMP, goes 479 packet: PREROUTING (DST manip), routing produces ICMP, goes
480 through POSTROUTING (which must correct the DST manip). */ 480 through POSTROUTING (which must correct the DST manip). */
481 if (!manip_pkt(inside->ip.protocol, pskb, 481 if (!manip_pkt(inside->ip.protocol, skb,
482 ip_hdrlen(*pskb) + sizeof(inside->icmp), 482 ip_hdrlen(skb) + sizeof(inside->icmp),
483 &ct->tuplehash[!dir].tuple, 483 &ct->tuplehash[!dir].tuple,
484 !manip)) 484 !manip))
485 return 0; 485 return 0;
486 486
487 if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { 487 if (skb->ip_summed != CHECKSUM_PARTIAL) {
488 /* Reloading "inside" here since manip_pkt inner. */ 488 /* Reloading "inside" here since manip_pkt inner. */
489 inside = (void *)(*pskb)->data + ip_hdrlen(*pskb); 489 inside = (void *)skb->data + ip_hdrlen(skb);
490 inside->icmp.checksum = 0; 490 inside->icmp.checksum = 0;
491 inside->icmp.checksum = 491 inside->icmp.checksum =
492 csum_fold(skb_checksum(*pskb, hdrlen, 492 csum_fold(skb_checksum(skb, hdrlen,
493 (*pskb)->len - hdrlen, 0)); 493 skb->len - hdrlen, 0));
494 } 494 }
495 495
496 /* Change outer to look the reply to an incoming packet 496 /* Change outer to look the reply to an incoming packet
@@ -506,7 +506,7 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
506 506
507 if (ct->status & statusbit) { 507 if (ct->status & statusbit) {
508 nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple); 508 nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple);
509 if (!manip_pkt(0, pskb, 0, &target, manip)) 509 if (!manip_pkt(0, skb, 0, &target, manip))
510 return 0; 510 return 0;
511 } 511 }
512 512
diff --git a/net/ipv4/netfilter/nf_nat_ftp.c b/net/ipv4/netfilter/nf_nat_ftp.c
index 3663bd879c39..e1a16d3ea4cb 100644
--- a/net/ipv4/netfilter/nf_nat_ftp.c
+++ b/net/ipv4/netfilter/nf_nat_ftp.c
@@ -28,7 +28,7 @@ MODULE_ALIAS("ip_nat_ftp");
28/* FIXME: Time out? --RR */ 28/* FIXME: Time out? --RR */
29 29
30static int 30static int
31mangle_rfc959_packet(struct sk_buff **pskb, 31mangle_rfc959_packet(struct sk_buff *skb,
32 __be32 newip, 32 __be32 newip,
33 u_int16_t port, 33 u_int16_t port,
34 unsigned int matchoff, 34 unsigned int matchoff,
@@ -43,13 +43,13 @@ mangle_rfc959_packet(struct sk_buff **pskb,
43 43
44 pr_debug("calling nf_nat_mangle_tcp_packet\n"); 44 pr_debug("calling nf_nat_mangle_tcp_packet\n");
45 45
46 return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, 46 return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
47 matchlen, buffer, strlen(buffer)); 47 matchlen, buffer, strlen(buffer));
48} 48}
49 49
50/* |1|132.235.1.2|6275| */ 50/* |1|132.235.1.2|6275| */
51static int 51static int
52mangle_eprt_packet(struct sk_buff **pskb, 52mangle_eprt_packet(struct sk_buff *skb,
53 __be32 newip, 53 __be32 newip,
54 u_int16_t port, 54 u_int16_t port,
55 unsigned int matchoff, 55 unsigned int matchoff,
@@ -63,13 +63,13 @@ mangle_eprt_packet(struct sk_buff **pskb,
63 63
64 pr_debug("calling nf_nat_mangle_tcp_packet\n"); 64 pr_debug("calling nf_nat_mangle_tcp_packet\n");
65 65
66 return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, 66 return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
67 matchlen, buffer, strlen(buffer)); 67 matchlen, buffer, strlen(buffer));
68} 68}
69 69
70/* |1|132.235.1.2|6275| */ 70/* |1|132.235.1.2|6275| */
71static int 71static int
72mangle_epsv_packet(struct sk_buff **pskb, 72mangle_epsv_packet(struct sk_buff *skb,
73 __be32 newip, 73 __be32 newip,
74 u_int16_t port, 74 u_int16_t port,
75 unsigned int matchoff, 75 unsigned int matchoff,
@@ -83,11 +83,11 @@ mangle_epsv_packet(struct sk_buff **pskb,
83 83
84 pr_debug("calling nf_nat_mangle_tcp_packet\n"); 84 pr_debug("calling nf_nat_mangle_tcp_packet\n");
85 85
86 return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, 86 return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
87 matchlen, buffer, strlen(buffer)); 87 matchlen, buffer, strlen(buffer));
88} 88}
89 89
90static int (*mangle[])(struct sk_buff **, __be32, u_int16_t, 90static int (*mangle[])(struct sk_buff *, __be32, u_int16_t,
91 unsigned int, unsigned int, struct nf_conn *, 91 unsigned int, unsigned int, struct nf_conn *,
92 enum ip_conntrack_info) 92 enum ip_conntrack_info)
93= { 93= {
@@ -99,7 +99,7 @@ static int (*mangle[])(struct sk_buff **, __be32, u_int16_t,
99 99
100/* So, this packet has hit the connection tracking matching code. 100/* So, this packet has hit the connection tracking matching code.
101 Mangle it, and change the expectation to match the new version. */ 101 Mangle it, and change the expectation to match the new version. */
102static unsigned int nf_nat_ftp(struct sk_buff **pskb, 102static unsigned int nf_nat_ftp(struct sk_buff *skb,
103 enum ip_conntrack_info ctinfo, 103 enum ip_conntrack_info ctinfo,
104 enum nf_ct_ftp_type type, 104 enum nf_ct_ftp_type type,
105 unsigned int matchoff, 105 unsigned int matchoff,
@@ -132,7 +132,7 @@ static unsigned int nf_nat_ftp(struct sk_buff **pskb,
132 if (port == 0) 132 if (port == 0)
133 return NF_DROP; 133 return NF_DROP;
134 134
135 if (!mangle[type](pskb, newip, port, matchoff, matchlen, ct, ctinfo)) { 135 if (!mangle[type](skb, newip, port, matchoff, matchlen, ct, ctinfo)) {
136 nf_ct_unexpect_related(exp); 136 nf_ct_unexpect_related(exp);
137 return NF_DROP; 137 return NF_DROP;
138 } 138 }
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c
index c1b059a73708..a868c8c41328 100644
--- a/net/ipv4/netfilter/nf_nat_h323.c
+++ b/net/ipv4/netfilter/nf_nat_h323.c
@@ -22,12 +22,12 @@
22#include <linux/netfilter/nf_conntrack_h323.h> 22#include <linux/netfilter/nf_conntrack_h323.h>
23 23
24/****************************************************************************/ 24/****************************************************************************/
25static int set_addr(struct sk_buff **pskb, 25static int set_addr(struct sk_buff *skb,
26 unsigned char **data, int dataoff, 26 unsigned char **data, int dataoff,
27 unsigned int addroff, __be32 ip, __be16 port) 27 unsigned int addroff, __be32 ip, __be16 port)
28{ 28{
29 enum ip_conntrack_info ctinfo; 29 enum ip_conntrack_info ctinfo;
30 struct nf_conn *ct = nf_ct_get(*pskb, &ctinfo); 30 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
31 struct { 31 struct {
32 __be32 ip; 32 __be32 ip;
33 __be16 port; 33 __be16 port;
@@ -38,8 +38,8 @@ static int set_addr(struct sk_buff **pskb,
38 buf.port = port; 38 buf.port = port;
39 addroff += dataoff; 39 addroff += dataoff;
40 40
41 if (ip_hdr(*pskb)->protocol == IPPROTO_TCP) { 41 if (ip_hdr(skb)->protocol == IPPROTO_TCP) {
42 if (!nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, 42 if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
43 addroff, sizeof(buf), 43 addroff, sizeof(buf),
44 (char *) &buf, sizeof(buf))) { 44 (char *) &buf, sizeof(buf))) {
45 if (net_ratelimit()) 45 if (net_ratelimit())
@@ -49,14 +49,13 @@ static int set_addr(struct sk_buff **pskb,
49 } 49 }
50 50
51 /* Relocate data pointer */ 51 /* Relocate data pointer */
52 th = skb_header_pointer(*pskb, ip_hdrlen(*pskb), 52 th = skb_header_pointer(skb, ip_hdrlen(skb),
53 sizeof(_tcph), &_tcph); 53 sizeof(_tcph), &_tcph);
54 if (th == NULL) 54 if (th == NULL)
55 return -1; 55 return -1;
56 *data = (*pskb)->data + ip_hdrlen(*pskb) + 56 *data = skb->data + ip_hdrlen(skb) + th->doff * 4 + dataoff;
57 th->doff * 4 + dataoff;
58 } else { 57 } else {
59 if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, 58 if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
60 addroff, sizeof(buf), 59 addroff, sizeof(buf),
61 (char *) &buf, sizeof(buf))) { 60 (char *) &buf, sizeof(buf))) {
62 if (net_ratelimit()) 61 if (net_ratelimit())
@@ -67,36 +66,35 @@ static int set_addr(struct sk_buff **pskb,
67 /* nf_nat_mangle_udp_packet uses skb_make_writable() to copy 66 /* nf_nat_mangle_udp_packet uses skb_make_writable() to copy
68 * or pull everything in a linear buffer, so we can safely 67 * or pull everything in a linear buffer, so we can safely
69 * use the skb pointers now */ 68 * use the skb pointers now */
70 *data = ((*pskb)->data + ip_hdrlen(*pskb) + 69 *data = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
71 sizeof(struct udphdr));
72 } 70 }
73 71
74 return 0; 72 return 0;
75} 73}
76 74
77/****************************************************************************/ 75/****************************************************************************/
78static int set_h225_addr(struct sk_buff **pskb, 76static int set_h225_addr(struct sk_buff *skb,
79 unsigned char **data, int dataoff, 77 unsigned char **data, int dataoff,
80 TransportAddress *taddr, 78 TransportAddress *taddr,
81 union nf_conntrack_address *addr, __be16 port) 79 union nf_conntrack_address *addr, __be16 port)
82{ 80{
83 return set_addr(pskb, data, dataoff, taddr->ipAddress.ip, 81 return set_addr(skb, data, dataoff, taddr->ipAddress.ip,
84 addr->ip, port); 82 addr->ip, port);
85} 83}
86 84
87/****************************************************************************/ 85/****************************************************************************/
88static int set_h245_addr(struct sk_buff **pskb, 86static int set_h245_addr(struct sk_buff *skb,
89 unsigned char **data, int dataoff, 87 unsigned char **data, int dataoff,
90 H245_TransportAddress *taddr, 88 H245_TransportAddress *taddr,
91 union nf_conntrack_address *addr, __be16 port) 89 union nf_conntrack_address *addr, __be16 port)
92{ 90{
93 return set_addr(pskb, data, dataoff, 91 return set_addr(skb, data, dataoff,
94 taddr->unicastAddress.iPAddress.network, 92 taddr->unicastAddress.iPAddress.network,
95 addr->ip, port); 93 addr->ip, port);
96} 94}
97 95
98/****************************************************************************/ 96/****************************************************************************/
99static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct, 97static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct,
100 enum ip_conntrack_info ctinfo, 98 enum ip_conntrack_info ctinfo,
101 unsigned char **data, 99 unsigned char **data,
102 TransportAddress *taddr, int count) 100 TransportAddress *taddr, int count)
@@ -125,7 +123,7 @@ static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct,
125 NIPQUAD(addr.ip), port, 123 NIPQUAD(addr.ip), port,
126 NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip), 124 NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip),
127 info->sig_port[!dir]); 125 info->sig_port[!dir]);
128 return set_h225_addr(pskb, data, 0, &taddr[i], 126 return set_h225_addr(skb, data, 0, &taddr[i],
129 &ct->tuplehash[!dir]. 127 &ct->tuplehash[!dir].
130 tuple.dst.u3, 128 tuple.dst.u3,
131 info->sig_port[!dir]); 129 info->sig_port[!dir]);
@@ -137,7 +135,7 @@ static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct,
137 NIPQUAD(addr.ip), port, 135 NIPQUAD(addr.ip), port,
138 NIPQUAD(ct->tuplehash[!dir].tuple.src.u3.ip), 136 NIPQUAD(ct->tuplehash[!dir].tuple.src.u3.ip),
139 info->sig_port[!dir]); 137 info->sig_port[!dir]);
140 return set_h225_addr(pskb, data, 0, &taddr[i], 138 return set_h225_addr(skb, data, 0, &taddr[i],
141 &ct->tuplehash[!dir]. 139 &ct->tuplehash[!dir].
142 tuple.src.u3, 140 tuple.src.u3,
143 info->sig_port[!dir]); 141 info->sig_port[!dir]);
@@ -149,7 +147,7 @@ static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct,
149} 147}
150 148
151/****************************************************************************/ 149/****************************************************************************/
152static int set_ras_addr(struct sk_buff **pskb, struct nf_conn *ct, 150static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct,
153 enum ip_conntrack_info ctinfo, 151 enum ip_conntrack_info ctinfo,
154 unsigned char **data, 152 unsigned char **data,
155 TransportAddress *taddr, int count) 153 TransportAddress *taddr, int count)
@@ -168,7 +166,7 @@ static int set_ras_addr(struct sk_buff **pskb, struct nf_conn *ct,
168 NIPQUAD(addr.ip), ntohs(port), 166 NIPQUAD(addr.ip), ntohs(port),
169 NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip), 167 NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip),
170 ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port)); 168 ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port));
171 return set_h225_addr(pskb, data, 0, &taddr[i], 169 return set_h225_addr(skb, data, 0, &taddr[i],
172 &ct->tuplehash[!dir].tuple.dst.u3, 170 &ct->tuplehash[!dir].tuple.dst.u3,
173 ct->tuplehash[!dir].tuple. 171 ct->tuplehash[!dir].tuple.
174 dst.u.udp.port); 172 dst.u.udp.port);
@@ -179,7 +177,7 @@ static int set_ras_addr(struct sk_buff **pskb, struct nf_conn *ct,
179} 177}
180 178
181/****************************************************************************/ 179/****************************************************************************/
182static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, 180static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
183 enum ip_conntrack_info ctinfo, 181 enum ip_conntrack_info ctinfo,
184 unsigned char **data, int dataoff, 182 unsigned char **data, int dataoff,
185 H245_TransportAddress *taddr, 183 H245_TransportAddress *taddr,
@@ -244,7 +242,7 @@ static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct,
244 } 242 }
245 243
246 /* Modify signal */ 244 /* Modify signal */
247 if (set_h245_addr(pskb, data, dataoff, taddr, 245 if (set_h245_addr(skb, data, dataoff, taddr,
248 &ct->tuplehash[!dir].tuple.dst.u3, 246 &ct->tuplehash[!dir].tuple.dst.u3,
249 htons((port & htons(1)) ? nated_port + 1 : 247 htons((port & htons(1)) ? nated_port + 1 :
250 nated_port)) == 0) { 248 nated_port)) == 0) {
@@ -273,7 +271,7 @@ static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct,
273} 271}
274 272
275/****************************************************************************/ 273/****************************************************************************/
276static int nat_t120(struct sk_buff **pskb, struct nf_conn *ct, 274static int nat_t120(struct sk_buff *skb, struct nf_conn *ct,
277 enum ip_conntrack_info ctinfo, 275 enum ip_conntrack_info ctinfo,
278 unsigned char **data, int dataoff, 276 unsigned char **data, int dataoff,
279 H245_TransportAddress *taddr, __be16 port, 277 H245_TransportAddress *taddr, __be16 port,
@@ -301,7 +299,7 @@ static int nat_t120(struct sk_buff **pskb, struct nf_conn *ct,
301 } 299 }
302 300
303 /* Modify signal */ 301 /* Modify signal */
304 if (set_h245_addr(pskb, data, dataoff, taddr, 302 if (set_h245_addr(skb, data, dataoff, taddr,
305 &ct->tuplehash[!dir].tuple.dst.u3, 303 &ct->tuplehash[!dir].tuple.dst.u3,
306 htons(nated_port)) < 0) { 304 htons(nated_port)) < 0) {
307 nf_ct_unexpect_related(exp); 305 nf_ct_unexpect_related(exp);
@@ -318,7 +316,7 @@ static int nat_t120(struct sk_buff **pskb, struct nf_conn *ct,
318} 316}
319 317
320/****************************************************************************/ 318/****************************************************************************/
321static int nat_h245(struct sk_buff **pskb, struct nf_conn *ct, 319static int nat_h245(struct sk_buff *skb, struct nf_conn *ct,
322 enum ip_conntrack_info ctinfo, 320 enum ip_conntrack_info ctinfo,
323 unsigned char **data, int dataoff, 321 unsigned char **data, int dataoff,
324 TransportAddress *taddr, __be16 port, 322 TransportAddress *taddr, __be16 port,
@@ -351,7 +349,7 @@ static int nat_h245(struct sk_buff **pskb, struct nf_conn *ct,
351 } 349 }
352 350
353 /* Modify signal */ 351 /* Modify signal */
354 if (set_h225_addr(pskb, data, dataoff, taddr, 352 if (set_h225_addr(skb, data, dataoff, taddr,
355 &ct->tuplehash[!dir].tuple.dst.u3, 353 &ct->tuplehash[!dir].tuple.dst.u3,
356 htons(nated_port)) == 0) { 354 htons(nated_port)) == 0) {
357 /* Save ports */ 355 /* Save ports */
@@ -406,7 +404,7 @@ static void ip_nat_q931_expect(struct nf_conn *new,
406} 404}
407 405
408/****************************************************************************/ 406/****************************************************************************/
409static int nat_q931(struct sk_buff **pskb, struct nf_conn *ct, 407static int nat_q931(struct sk_buff *skb, struct nf_conn *ct,
410 enum ip_conntrack_info ctinfo, 408 enum ip_conntrack_info ctinfo,
411 unsigned char **data, TransportAddress *taddr, int idx, 409 unsigned char **data, TransportAddress *taddr, int idx,
412 __be16 port, struct nf_conntrack_expect *exp) 410 __be16 port, struct nf_conntrack_expect *exp)
@@ -439,7 +437,7 @@ static int nat_q931(struct sk_buff **pskb, struct nf_conn *ct,
439 } 437 }
440 438
441 /* Modify signal */ 439 /* Modify signal */
442 if (set_h225_addr(pskb, data, 0, &taddr[idx], 440 if (set_h225_addr(skb, data, 0, &taddr[idx],
443 &ct->tuplehash[!dir].tuple.dst.u3, 441 &ct->tuplehash[!dir].tuple.dst.u3,
444 htons(nated_port)) == 0) { 442 htons(nated_port)) == 0) {
445 /* Save ports */ 443 /* Save ports */
@@ -450,7 +448,7 @@ static int nat_q931(struct sk_buff **pskb, struct nf_conn *ct,
450 if (idx > 0 && 448 if (idx > 0 &&
451 get_h225_addr(ct, *data, &taddr[0], &addr, &port) && 449 get_h225_addr(ct, *data, &taddr[0], &addr, &port) &&
452 (ntohl(addr.ip) & 0xff000000) == 0x7f000000) { 450 (ntohl(addr.ip) & 0xff000000) == 0x7f000000) {
453 set_h225_addr(pskb, data, 0, &taddr[0], 451 set_h225_addr(skb, data, 0, &taddr[0],
454 &ct->tuplehash[!dir].tuple.dst.u3, 452 &ct->tuplehash[!dir].tuple.dst.u3,
455 info->sig_port[!dir]); 453 info->sig_port[!dir]);
456 } 454 }
@@ -495,7 +493,7 @@ static void ip_nat_callforwarding_expect(struct nf_conn *new,
495} 493}
496 494
497/****************************************************************************/ 495/****************************************************************************/
498static int nat_callforwarding(struct sk_buff **pskb, struct nf_conn *ct, 496static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct,
499 enum ip_conntrack_info ctinfo, 497 enum ip_conntrack_info ctinfo,
500 unsigned char **data, int dataoff, 498 unsigned char **data, int dataoff,
501 TransportAddress *taddr, __be16 port, 499 TransportAddress *taddr, __be16 port,
@@ -525,7 +523,7 @@ static int nat_callforwarding(struct sk_buff **pskb, struct nf_conn *ct,
525 } 523 }
526 524
527 /* Modify signal */ 525 /* Modify signal */
528 if (!set_h225_addr(pskb, data, dataoff, taddr, 526 if (!set_h225_addr(skb, data, dataoff, taddr,
529 &ct->tuplehash[!dir].tuple.dst.u3, 527 &ct->tuplehash[!dir].tuple.dst.u3,
530 htons(nated_port)) == 0) { 528 htons(nated_port)) == 0) {
531 nf_ct_unexpect_related(exp); 529 nf_ct_unexpect_related(exp);
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c
index 40b429e4540d..8718da00ef2a 100644
--- a/net/ipv4/netfilter/nf_nat_helper.c
+++ b/net/ipv4/netfilter/nf_nat_helper.c
@@ -111,12 +111,12 @@ static void mangle_contents(struct sk_buff *skb,
111} 111}
112 112
113/* Unusual, but possible case. */ 113/* Unusual, but possible case. */
114static int enlarge_skb(struct sk_buff **pskb, unsigned int extra) 114static int enlarge_skb(struct sk_buff *skb, unsigned int extra)
115{ 115{
116 if ((*pskb)->len + extra > 65535) 116 if (skb->len + extra > 65535)
117 return 0; 117 return 0;
118 118
119 if (pskb_expand_head(*pskb, 0, extra - skb_tailroom(*pskb), GFP_ATOMIC)) 119 if (pskb_expand_head(skb, 0, extra - skb_tailroom(skb), GFP_ATOMIC))
120 return 0; 120 return 0;
121 121
122 return 1; 122 return 1;
@@ -131,7 +131,7 @@ static int enlarge_skb(struct sk_buff **pskb, unsigned int extra)
131 * 131 *
132 * */ 132 * */
133int 133int
134nf_nat_mangle_tcp_packet(struct sk_buff **pskb, 134nf_nat_mangle_tcp_packet(struct sk_buff *skb,
135 struct nf_conn *ct, 135 struct nf_conn *ct,
136 enum ip_conntrack_info ctinfo, 136 enum ip_conntrack_info ctinfo,
137 unsigned int match_offset, 137 unsigned int match_offset,
@@ -139,37 +139,37 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb,
139 const char *rep_buffer, 139 const char *rep_buffer,
140 unsigned int rep_len) 140 unsigned int rep_len)
141{ 141{
142 struct rtable *rt = (struct rtable *)(*pskb)->dst; 142 struct rtable *rt = (struct rtable *)skb->dst;
143 struct iphdr *iph; 143 struct iphdr *iph;
144 struct tcphdr *tcph; 144 struct tcphdr *tcph;
145 int oldlen, datalen; 145 int oldlen, datalen;
146 146
147 if (!skb_make_writable(*pskb, (*pskb)->len)) 147 if (!skb_make_writable(skb, skb->len))
148 return 0; 148 return 0;
149 149
150 if (rep_len > match_len && 150 if (rep_len > match_len &&
151 rep_len - match_len > skb_tailroom(*pskb) && 151 rep_len - match_len > skb_tailroom(skb) &&
152 !enlarge_skb(pskb, rep_len - match_len)) 152 !enlarge_skb(skb, rep_len - match_len))
153 return 0; 153 return 0;
154 154
155 SKB_LINEAR_ASSERT(*pskb); 155 SKB_LINEAR_ASSERT(skb);
156 156
157 iph = ip_hdr(*pskb); 157 iph = ip_hdr(skb);
158 tcph = (void *)iph + iph->ihl*4; 158 tcph = (void *)iph + iph->ihl*4;
159 159
160 oldlen = (*pskb)->len - iph->ihl*4; 160 oldlen = skb->len - iph->ihl*4;
161 mangle_contents(*pskb, iph->ihl*4 + tcph->doff*4, 161 mangle_contents(skb, iph->ihl*4 + tcph->doff*4,
162 match_offset, match_len, rep_buffer, rep_len); 162 match_offset, match_len, rep_buffer, rep_len);
163 163
164 datalen = (*pskb)->len - iph->ihl*4; 164 datalen = skb->len - iph->ihl*4;
165 if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { 165 if (skb->ip_summed != CHECKSUM_PARTIAL) {
166 if (!(rt->rt_flags & RTCF_LOCAL) && 166 if (!(rt->rt_flags & RTCF_LOCAL) &&
167 (*pskb)->dev->features & NETIF_F_V4_CSUM) { 167 skb->dev->features & NETIF_F_V4_CSUM) {
168 (*pskb)->ip_summed = CHECKSUM_PARTIAL; 168 skb->ip_summed = CHECKSUM_PARTIAL;
169 (*pskb)->csum_start = skb_headroom(*pskb) + 169 skb->csum_start = skb_headroom(skb) +
170 skb_network_offset(*pskb) + 170 skb_network_offset(skb) +
171 iph->ihl * 4; 171 iph->ihl * 4;
172 (*pskb)->csum_offset = offsetof(struct tcphdr, check); 172 skb->csum_offset = offsetof(struct tcphdr, check);
173 tcph->check = ~tcp_v4_check(datalen, 173 tcph->check = ~tcp_v4_check(datalen,
174 iph->saddr, iph->daddr, 0); 174 iph->saddr, iph->daddr, 0);
175 } else { 175 } else {
@@ -180,7 +180,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb,
180 datalen, 0)); 180 datalen, 0));
181 } 181 }
182 } else 182 } else
183 nf_proto_csum_replace2(&tcph->check, *pskb, 183 nf_proto_csum_replace2(&tcph->check, skb,
184 htons(oldlen), htons(datalen), 1); 184 htons(oldlen), htons(datalen), 1);
185 185
186 if (rep_len != match_len) { 186 if (rep_len != match_len) {
@@ -189,7 +189,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb,
189 (int)rep_len - (int)match_len, 189 (int)rep_len - (int)match_len,
190 ct, ctinfo); 190 ct, ctinfo);
191 /* Tell TCP window tracking about seq change */ 191 /* Tell TCP window tracking about seq change */
192 nf_conntrack_tcp_update(*pskb, ip_hdrlen(*pskb), 192 nf_conntrack_tcp_update(skb, ip_hdrlen(skb),
193 ct, CTINFO2DIR(ctinfo)); 193 ct, CTINFO2DIR(ctinfo));
194 } 194 }
195 return 1; 195 return 1;
@@ -207,7 +207,7 @@ EXPORT_SYMBOL(nf_nat_mangle_tcp_packet);
207 * should be fairly easy to do. 207 * should be fairly easy to do.
208 */ 208 */
209int 209int
210nf_nat_mangle_udp_packet(struct sk_buff **pskb, 210nf_nat_mangle_udp_packet(struct sk_buff *skb,
211 struct nf_conn *ct, 211 struct nf_conn *ct,
212 enum ip_conntrack_info ctinfo, 212 enum ip_conntrack_info ctinfo,
213 unsigned int match_offset, 213 unsigned int match_offset,
@@ -215,48 +215,48 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb,
215 const char *rep_buffer, 215 const char *rep_buffer,
216 unsigned int rep_len) 216 unsigned int rep_len)
217{ 217{
218 struct rtable *rt = (struct rtable *)(*pskb)->dst; 218 struct rtable *rt = (struct rtable *)skb->dst;
219 struct iphdr *iph; 219 struct iphdr *iph;
220 struct udphdr *udph; 220 struct udphdr *udph;
221 int datalen, oldlen; 221 int datalen, oldlen;
222 222
223 /* UDP helpers might accidentally mangle the wrong packet */ 223 /* UDP helpers might accidentally mangle the wrong packet */
224 iph = ip_hdr(*pskb); 224 iph = ip_hdr(skb);
225 if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) + 225 if (skb->len < iph->ihl*4 + sizeof(*udph) +
226 match_offset + match_len) 226 match_offset + match_len)
227 return 0; 227 return 0;
228 228
229 if (!skb_make_writable(*pskb, (*pskb)->len)) 229 if (!skb_make_writable(skb, skb->len))
230 return 0; 230 return 0;
231 231
232 if (rep_len > match_len && 232 if (rep_len > match_len &&
233 rep_len - match_len > skb_tailroom(*pskb) && 233 rep_len - match_len > skb_tailroom(skb) &&
234 !enlarge_skb(pskb, rep_len - match_len)) 234 !enlarge_skb(skb, rep_len - match_len))
235 return 0; 235 return 0;
236 236
237 iph = ip_hdr(*pskb); 237 iph = ip_hdr(skb);
238 udph = (void *)iph + iph->ihl*4; 238 udph = (void *)iph + iph->ihl*4;
239 239
240 oldlen = (*pskb)->len - iph->ihl*4; 240 oldlen = skb->len - iph->ihl*4;
241 mangle_contents(*pskb, iph->ihl*4 + sizeof(*udph), 241 mangle_contents(skb, iph->ihl*4 + sizeof(*udph),
242 match_offset, match_len, rep_buffer, rep_len); 242 match_offset, match_len, rep_buffer, rep_len);
243 243
244 /* update the length of the UDP packet */ 244 /* update the length of the UDP packet */
245 datalen = (*pskb)->len - iph->ihl*4; 245 datalen = skb->len - iph->ihl*4;
246 udph->len = htons(datalen); 246 udph->len = htons(datalen);
247 247
248 /* fix udp checksum if udp checksum was previously calculated */ 248 /* fix udp checksum if udp checksum was previously calculated */
249 if (!udph->check && (*pskb)->ip_summed != CHECKSUM_PARTIAL) 249 if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL)
250 return 1; 250 return 1;
251 251
252 if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { 252 if (skb->ip_summed != CHECKSUM_PARTIAL) {
253 if (!(rt->rt_flags & RTCF_LOCAL) && 253 if (!(rt->rt_flags & RTCF_LOCAL) &&
254 (*pskb)->dev->features & NETIF_F_V4_CSUM) { 254 skb->dev->features & NETIF_F_V4_CSUM) {
255 (*pskb)->ip_summed = CHECKSUM_PARTIAL; 255 skb->ip_summed = CHECKSUM_PARTIAL;
256 (*pskb)->csum_start = skb_headroom(*pskb) + 256 skb->csum_start = skb_headroom(skb) +
257 skb_network_offset(*pskb) + 257 skb_network_offset(skb) +
258 iph->ihl * 4; 258 iph->ihl * 4;
259 (*pskb)->csum_offset = offsetof(struct udphdr, check); 259 skb->csum_offset = offsetof(struct udphdr, check);
260 udph->check = ~csum_tcpudp_magic(iph->saddr, iph->daddr, 260 udph->check = ~csum_tcpudp_magic(iph->saddr, iph->daddr,
261 datalen, IPPROTO_UDP, 261 datalen, IPPROTO_UDP,
262 0); 262 0);
@@ -270,7 +270,7 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb,
270 udph->check = CSUM_MANGLED_0; 270 udph->check = CSUM_MANGLED_0;
271 } 271 }
272 } else 272 } else
273 nf_proto_csum_replace2(&udph->check, *pskb, 273 nf_proto_csum_replace2(&udph->check, skb,
274 htons(oldlen), htons(datalen), 1); 274 htons(oldlen), htons(datalen), 1);
275 275
276 return 1; 276 return 1;
@@ -322,7 +322,7 @@ sack_adjust(struct sk_buff *skb,
322 322
323/* TCP SACK sequence number adjustment */ 323/* TCP SACK sequence number adjustment */
324static inline unsigned int 324static inline unsigned int
325nf_nat_sack_adjust(struct sk_buff **pskb, 325nf_nat_sack_adjust(struct sk_buff *skb,
326 struct tcphdr *tcph, 326 struct tcphdr *tcph,
327 struct nf_conn *ct, 327 struct nf_conn *ct,
328 enum ip_conntrack_info ctinfo) 328 enum ip_conntrack_info ctinfo)
@@ -330,17 +330,17 @@ nf_nat_sack_adjust(struct sk_buff **pskb,
330 unsigned int dir, optoff, optend; 330 unsigned int dir, optoff, optend;
331 struct nf_conn_nat *nat = nfct_nat(ct); 331 struct nf_conn_nat *nat = nfct_nat(ct);
332 332
333 optoff = ip_hdrlen(*pskb) + sizeof(struct tcphdr); 333 optoff = ip_hdrlen(skb) + sizeof(struct tcphdr);
334 optend = ip_hdrlen(*pskb) + tcph->doff * 4; 334 optend = ip_hdrlen(skb) + tcph->doff * 4;
335 335
336 if (!skb_make_writable(*pskb, optend)) 336 if (!skb_make_writable(skb, optend))
337 return 0; 337 return 0;
338 338
339 dir = CTINFO2DIR(ctinfo); 339 dir = CTINFO2DIR(ctinfo);
340 340
341 while (optoff < optend) { 341 while (optoff < optend) {
342 /* Usually: option, length. */ 342 /* Usually: option, length. */
343 unsigned char *op = (*pskb)->data + optoff; 343 unsigned char *op = skb->data + optoff;
344 344
345 switch (op[0]) { 345 switch (op[0]) {
346 case TCPOPT_EOL: 346 case TCPOPT_EOL:
@@ -357,7 +357,7 @@ nf_nat_sack_adjust(struct sk_buff **pskb,
357 if (op[0] == TCPOPT_SACK && 357 if (op[0] == TCPOPT_SACK &&
358 op[1] >= 2+TCPOLEN_SACK_PERBLOCK && 358 op[1] >= 2+TCPOLEN_SACK_PERBLOCK &&
359 ((op[1] - 2) % TCPOLEN_SACK_PERBLOCK) == 0) 359 ((op[1] - 2) % TCPOLEN_SACK_PERBLOCK) == 0)
360 sack_adjust(*pskb, tcph, optoff+2, 360 sack_adjust(skb, tcph, optoff+2,
361 optoff+op[1], &nat->seq[!dir]); 361 optoff+op[1], &nat->seq[!dir]);
362 optoff += op[1]; 362 optoff += op[1];
363 } 363 }
@@ -367,7 +367,7 @@ nf_nat_sack_adjust(struct sk_buff **pskb,
367 367
368/* TCP sequence number adjustment. Returns 1 on success, 0 on failure */ 368/* TCP sequence number adjustment. Returns 1 on success, 0 on failure */
369int 369int
370nf_nat_seq_adjust(struct sk_buff **pskb, 370nf_nat_seq_adjust(struct sk_buff *skb,
371 struct nf_conn *ct, 371 struct nf_conn *ct,
372 enum ip_conntrack_info ctinfo) 372 enum ip_conntrack_info ctinfo)
373{ 373{
@@ -382,10 +382,10 @@ nf_nat_seq_adjust(struct sk_buff **pskb,
382 this_way = &nat->seq[dir]; 382 this_way = &nat->seq[dir];
383 other_way = &nat->seq[!dir]; 383 other_way = &nat->seq[!dir];
384 384
385 if (!skb_make_writable(*pskb, ip_hdrlen(*pskb) + sizeof(*tcph))) 385 if (!skb_make_writable(skb, ip_hdrlen(skb) + sizeof(*tcph)))
386 return 0; 386 return 0;
387 387
388 tcph = (void *)(*pskb)->data + ip_hdrlen(*pskb); 388 tcph = (void *)skb->data + ip_hdrlen(skb);
389 if (after(ntohl(tcph->seq), this_way->correction_pos)) 389 if (after(ntohl(tcph->seq), this_way->correction_pos))
390 newseq = htonl(ntohl(tcph->seq) + this_way->offset_after); 390 newseq = htonl(ntohl(tcph->seq) + this_way->offset_after);
391 else 391 else
@@ -397,8 +397,8 @@ nf_nat_seq_adjust(struct sk_buff **pskb,
397 else 397 else
398 newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before); 398 newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before);
399 399
400 nf_proto_csum_replace4(&tcph->check, *pskb, tcph->seq, newseq, 0); 400 nf_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, 0);
401 nf_proto_csum_replace4(&tcph->check, *pskb, tcph->ack_seq, newack, 0); 401 nf_proto_csum_replace4(&tcph->check, skb, tcph->ack_seq, newack, 0);
402 402
403 pr_debug("Adjusting sequence number from %u->%u, ack from %u->%u\n", 403 pr_debug("Adjusting sequence number from %u->%u, ack from %u->%u\n",
404 ntohl(tcph->seq), ntohl(newseq), ntohl(tcph->ack_seq), 404 ntohl(tcph->seq), ntohl(newseq), ntohl(tcph->ack_seq),
@@ -407,10 +407,10 @@ nf_nat_seq_adjust(struct sk_buff **pskb,
407 tcph->seq = newseq; 407 tcph->seq = newseq;
408 tcph->ack_seq = newack; 408 tcph->ack_seq = newack;
409 409
410 if (!nf_nat_sack_adjust(pskb, tcph, ct, ctinfo)) 410 if (!nf_nat_sack_adjust(skb, tcph, ct, ctinfo))
411 return 0; 411 return 0;
412 412
413 nf_conntrack_tcp_update(*pskb, ip_hdrlen(*pskb), ct, dir); 413 nf_conntrack_tcp_update(skb, ip_hdrlen(skb), ct, dir);
414 414
415 return 1; 415 return 1;
416} 416}
diff --git a/net/ipv4/netfilter/nf_nat_irc.c b/net/ipv4/netfilter/nf_nat_irc.c
index bcf274bba602..766e2c16c6b9 100644
--- a/net/ipv4/netfilter/nf_nat_irc.c
+++ b/net/ipv4/netfilter/nf_nat_irc.c
@@ -27,7 +27,7 @@ MODULE_DESCRIPTION("IRC (DCC) NAT helper");
27MODULE_LICENSE("GPL"); 27MODULE_LICENSE("GPL");
28MODULE_ALIAS("ip_nat_irc"); 28MODULE_ALIAS("ip_nat_irc");
29 29
30static unsigned int help(struct sk_buff **pskb, 30static unsigned int help(struct sk_buff *skb,
31 enum ip_conntrack_info ctinfo, 31 enum ip_conntrack_info ctinfo,
32 unsigned int matchoff, 32 unsigned int matchoff,
33 unsigned int matchlen, 33 unsigned int matchlen,
@@ -58,7 +58,7 @@ static unsigned int help(struct sk_buff **pskb,
58 pr_debug("nf_nat_irc: inserting '%s' == %u.%u.%u.%u, port %u\n", 58 pr_debug("nf_nat_irc: inserting '%s' == %u.%u.%u.%u, port %u\n",
59 buffer, NIPQUAD(ip), port); 59 buffer, NIPQUAD(ip), port);
60 60
61 ret = nf_nat_mangle_tcp_packet(pskb, exp->master, ctinfo, 61 ret = nf_nat_mangle_tcp_packet(skb, exp->master, ctinfo,
62 matchoff, matchlen, buffer, 62 matchoff, matchlen, buffer,
63 strlen(buffer)); 63 strlen(buffer));
64 if (ret != NF_ACCEPT) 64 if (ret != NF_ACCEPT)
diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c
index 984ec8308b2e..e1385a099079 100644
--- a/net/ipv4/netfilter/nf_nat_pptp.c
+++ b/net/ipv4/netfilter/nf_nat_pptp.c
@@ -110,7 +110,7 @@ static void pptp_nat_expected(struct nf_conn *ct,
110 110
111/* outbound packets == from PNS to PAC */ 111/* outbound packets == from PNS to PAC */
112static int 112static int
113pptp_outbound_pkt(struct sk_buff **pskb, 113pptp_outbound_pkt(struct sk_buff *skb,
114 struct nf_conn *ct, 114 struct nf_conn *ct,
115 enum ip_conntrack_info ctinfo, 115 enum ip_conntrack_info ctinfo,
116 struct PptpControlHeader *ctlh, 116 struct PptpControlHeader *ctlh,
@@ -175,7 +175,7 @@ pptp_outbound_pkt(struct sk_buff **pskb,
175 ntohs(REQ_CID(pptpReq, cid_off)), ntohs(new_callid)); 175 ntohs(REQ_CID(pptpReq, cid_off)), ntohs(new_callid));
176 176
177 /* mangle packet */ 177 /* mangle packet */
178 if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, 178 if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
179 cid_off + sizeof(struct pptp_pkt_hdr) + 179 cid_off + sizeof(struct pptp_pkt_hdr) +
180 sizeof(struct PptpControlHeader), 180 sizeof(struct PptpControlHeader),
181 sizeof(new_callid), (char *)&new_callid, 181 sizeof(new_callid), (char *)&new_callid,
@@ -213,7 +213,7 @@ pptp_exp_gre(struct nf_conntrack_expect *expect_orig,
213 213
214/* inbound packets == from PAC to PNS */ 214/* inbound packets == from PAC to PNS */
215static int 215static int
216pptp_inbound_pkt(struct sk_buff **pskb, 216pptp_inbound_pkt(struct sk_buff *skb,
217 struct nf_conn *ct, 217 struct nf_conn *ct,
218 enum ip_conntrack_info ctinfo, 218 enum ip_conntrack_info ctinfo,
219 struct PptpControlHeader *ctlh, 219 struct PptpControlHeader *ctlh,
@@ -268,7 +268,7 @@ pptp_inbound_pkt(struct sk_buff **pskb,
268 pr_debug("altering peer call id from 0x%04x to 0x%04x\n", 268 pr_debug("altering peer call id from 0x%04x to 0x%04x\n",
269 ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid)); 269 ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid));
270 270
271 if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, 271 if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
272 pcid_off + sizeof(struct pptp_pkt_hdr) + 272 pcid_off + sizeof(struct pptp_pkt_hdr) +
273 sizeof(struct PptpControlHeader), 273 sizeof(struct PptpControlHeader),
274 sizeof(new_pcid), (char *)&new_pcid, 274 sizeof(new_pcid), (char *)&new_pcid,
diff --git a/net/ipv4/netfilter/nf_nat_proto_gre.c b/net/ipv4/netfilter/nf_nat_proto_gre.c
index e7a2aafcce5b..b820f9960356 100644
--- a/net/ipv4/netfilter/nf_nat_proto_gre.c
+++ b/net/ipv4/netfilter/nf_nat_proto_gre.c
@@ -98,21 +98,21 @@ gre_unique_tuple(struct nf_conntrack_tuple *tuple,
98 98
99/* manipulate a GRE packet according to maniptype */ 99/* manipulate a GRE packet according to maniptype */
100static int 100static int
101gre_manip_pkt(struct sk_buff **pskb, unsigned int iphdroff, 101gre_manip_pkt(struct sk_buff *skb, unsigned int iphdroff,
102 const struct nf_conntrack_tuple *tuple, 102 const struct nf_conntrack_tuple *tuple,
103 enum nf_nat_manip_type maniptype) 103 enum nf_nat_manip_type maniptype)
104{ 104{
105 struct gre_hdr *greh; 105 struct gre_hdr *greh;
106 struct gre_hdr_pptp *pgreh; 106 struct gre_hdr_pptp *pgreh;
107 struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); 107 struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff);
108 unsigned int hdroff = iphdroff + iph->ihl * 4; 108 unsigned int hdroff = iphdroff + iph->ihl * 4;
109 109
110 /* pgreh includes two optional 32bit fields which are not required 110 /* pgreh includes two optional 32bit fields which are not required
111 * to be there. That's where the magic '8' comes from */ 111 * to be there. That's where the magic '8' comes from */
112 if (!skb_make_writable(*pskb, hdroff + sizeof(*pgreh) - 8)) 112 if (!skb_make_writable(skb, hdroff + sizeof(*pgreh) - 8))
113 return 0; 113 return 0;
114 114
115 greh = (void *)(*pskb)->data + hdroff; 115 greh = (void *)skb->data + hdroff;
116 pgreh = (struct gre_hdr_pptp *)greh; 116 pgreh = (struct gre_hdr_pptp *)greh;
117 117
118 /* we only have destination manip of a packet, since 'source key' 118 /* we only have destination manip of a packet, since 'source key'
diff --git a/net/ipv4/netfilter/nf_nat_proto_icmp.c b/net/ipv4/netfilter/nf_nat_proto_icmp.c
index 4087f4f42c34..b9fc724388fc 100644
--- a/net/ipv4/netfilter/nf_nat_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_nat_proto_icmp.c
@@ -52,20 +52,20 @@ icmp_unique_tuple(struct nf_conntrack_tuple *tuple,
52} 52}
53 53
54static int 54static int
55icmp_manip_pkt(struct sk_buff **pskb, 55icmp_manip_pkt(struct sk_buff *skb,
56 unsigned int iphdroff, 56 unsigned int iphdroff,
57 const struct nf_conntrack_tuple *tuple, 57 const struct nf_conntrack_tuple *tuple,
58 enum nf_nat_manip_type maniptype) 58 enum nf_nat_manip_type maniptype)
59{ 59{
60 struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); 60 struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff);
61 struct icmphdr *hdr; 61 struct icmphdr *hdr;
62 unsigned int hdroff = iphdroff + iph->ihl*4; 62 unsigned int hdroff = iphdroff + iph->ihl*4;
63 63
64 if (!skb_make_writable(*pskb, hdroff + sizeof(*hdr))) 64 if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
65 return 0; 65 return 0;
66 66
67 hdr = (struct icmphdr *)((*pskb)->data + hdroff); 67 hdr = (struct icmphdr *)(skb->data + hdroff);
68 nf_proto_csum_replace2(&hdr->checksum, *pskb, 68 nf_proto_csum_replace2(&hdr->checksum, skb,
69 hdr->un.echo.id, tuple->src.u.icmp.id, 0); 69 hdr->un.echo.id, tuple->src.u.icmp.id, 0);
70 hdr->un.echo.id = tuple->src.u.icmp.id; 70 hdr->un.echo.id = tuple->src.u.icmp.id;
71 return 1; 71 return 1;
diff --git a/net/ipv4/netfilter/nf_nat_proto_tcp.c b/net/ipv4/netfilter/nf_nat_proto_tcp.c
index e544125dc037..6bab2e184455 100644
--- a/net/ipv4/netfilter/nf_nat_proto_tcp.c
+++ b/net/ipv4/netfilter/nf_nat_proto_tcp.c
@@ -88,12 +88,12 @@ tcp_unique_tuple(struct nf_conntrack_tuple *tuple,
88} 88}
89 89
90static int 90static int
91tcp_manip_pkt(struct sk_buff **pskb, 91tcp_manip_pkt(struct sk_buff *skb,
92 unsigned int iphdroff, 92 unsigned int iphdroff,
93 const struct nf_conntrack_tuple *tuple, 93 const struct nf_conntrack_tuple *tuple,
94 enum nf_nat_manip_type maniptype) 94 enum nf_nat_manip_type maniptype)
95{ 95{
96 struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); 96 struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff);
97 struct tcphdr *hdr; 97 struct tcphdr *hdr;
98 unsigned int hdroff = iphdroff + iph->ihl*4; 98 unsigned int hdroff = iphdroff + iph->ihl*4;
99 __be32 oldip, newip; 99 __be32 oldip, newip;
@@ -103,14 +103,14 @@ tcp_manip_pkt(struct sk_buff **pskb,
103 /* this could be a inner header returned in icmp packet; in such 103 /* this could be a inner header returned in icmp packet; in such
104 cases we cannot update the checksum field since it is outside of 104 cases we cannot update the checksum field since it is outside of
105 the 8 bytes of transport layer headers we are guaranteed */ 105 the 8 bytes of transport layer headers we are guaranteed */
106 if ((*pskb)->len >= hdroff + sizeof(struct tcphdr)) 106 if (skb->len >= hdroff + sizeof(struct tcphdr))
107 hdrsize = sizeof(struct tcphdr); 107 hdrsize = sizeof(struct tcphdr);
108 108
109 if (!skb_make_writable(*pskb, hdroff + hdrsize)) 109 if (!skb_make_writable(skb, hdroff + hdrsize))
110 return 0; 110 return 0;
111 111
112 iph = (struct iphdr *)((*pskb)->data + iphdroff); 112 iph = (struct iphdr *)(skb->data + iphdroff);
113 hdr = (struct tcphdr *)((*pskb)->data + hdroff); 113 hdr = (struct tcphdr *)(skb->data + hdroff);
114 114
115 if (maniptype == IP_NAT_MANIP_SRC) { 115 if (maniptype == IP_NAT_MANIP_SRC) {
116 /* Get rid of src ip and src pt */ 116 /* Get rid of src ip and src pt */
@@ -132,8 +132,8 @@ tcp_manip_pkt(struct sk_buff **pskb,
132 if (hdrsize < sizeof(*hdr)) 132 if (hdrsize < sizeof(*hdr))
133 return 1; 133 return 1;
134 134
135 nf_proto_csum_replace4(&hdr->check, *pskb, oldip, newip, 1); 135 nf_proto_csum_replace4(&hdr->check, skb, oldip, newip, 1);
136 nf_proto_csum_replace2(&hdr->check, *pskb, oldport, newport, 0); 136 nf_proto_csum_replace2(&hdr->check, skb, oldport, newport, 0);
137 return 1; 137 return 1;
138} 138}
139 139
diff --git a/net/ipv4/netfilter/nf_nat_proto_udp.c b/net/ipv4/netfilter/nf_nat_proto_udp.c
index ebe9b42a8e94..cbf1a61e2908 100644
--- a/net/ipv4/netfilter/nf_nat_proto_udp.c
+++ b/net/ipv4/netfilter/nf_nat_proto_udp.c
@@ -86,22 +86,22 @@ udp_unique_tuple(struct nf_conntrack_tuple *tuple,
86} 86}
87 87
88static int 88static int
89udp_manip_pkt(struct sk_buff **pskb, 89udp_manip_pkt(struct sk_buff *skb,
90 unsigned int iphdroff, 90 unsigned int iphdroff,
91 const struct nf_conntrack_tuple *tuple, 91 const struct nf_conntrack_tuple *tuple,
92 enum nf_nat_manip_type maniptype) 92 enum nf_nat_manip_type maniptype)
93{ 93{
94 struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); 94 struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff);
95 struct udphdr *hdr; 95 struct udphdr *hdr;
96 unsigned int hdroff = iphdroff + iph->ihl*4; 96 unsigned int hdroff = iphdroff + iph->ihl*4;
97 __be32 oldip, newip; 97 __be32 oldip, newip;
98 __be16 *portptr, newport; 98 __be16 *portptr, newport;
99 99
100 if (!skb_make_writable(*pskb, hdroff + sizeof(*hdr))) 100 if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
101 return 0; 101 return 0;
102 102
103 iph = (struct iphdr *)((*pskb)->data + iphdroff); 103 iph = (struct iphdr *)(skb->data + iphdroff);
104 hdr = (struct udphdr *)((*pskb)->data + hdroff); 104 hdr = (struct udphdr *)(skb->data + hdroff);
105 105
106 if (maniptype == IP_NAT_MANIP_SRC) { 106 if (maniptype == IP_NAT_MANIP_SRC) {
107 /* Get rid of src ip and src pt */ 107 /* Get rid of src ip and src pt */
@@ -116,9 +116,9 @@ udp_manip_pkt(struct sk_buff **pskb,
116 newport = tuple->dst.u.udp.port; 116 newport = tuple->dst.u.udp.port;
117 portptr = &hdr->dest; 117 portptr = &hdr->dest;
118 } 118 }
119 if (hdr->check || (*pskb)->ip_summed == CHECKSUM_PARTIAL) { 119 if (hdr->check || skb->ip_summed == CHECKSUM_PARTIAL) {
120 nf_proto_csum_replace4(&hdr->check, *pskb, oldip, newip, 1); 120 nf_proto_csum_replace4(&hdr->check, skb, oldip, newip, 1);
121 nf_proto_csum_replace2(&hdr->check, *pskb, *portptr, newport, 121 nf_proto_csum_replace2(&hdr->check, skb, *portptr, newport,
122 0); 122 0);
123 if (!hdr->check) 123 if (!hdr->check)
124 hdr->check = CSUM_MANGLED_0; 124 hdr->check = CSUM_MANGLED_0;
diff --git a/net/ipv4/netfilter/nf_nat_proto_unknown.c b/net/ipv4/netfilter/nf_nat_proto_unknown.c
index f50d0203f9c0..cfd2742e9706 100644
--- a/net/ipv4/netfilter/nf_nat_proto_unknown.c
+++ b/net/ipv4/netfilter/nf_nat_proto_unknown.c
@@ -37,7 +37,7 @@ static int unknown_unique_tuple(struct nf_conntrack_tuple *tuple,
37} 37}
38 38
39static int 39static int
40unknown_manip_pkt(struct sk_buff **pskb, 40unknown_manip_pkt(struct sk_buff *skb,
41 unsigned int iphdroff, 41 unsigned int iphdroff,
42 const struct nf_conntrack_tuple *tuple, 42 const struct nf_conntrack_tuple *tuple,
43 enum nf_nat_manip_type maniptype) 43 enum nf_nat_manip_type maniptype)
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index 76ec59ae524d..46b25ab5f78b 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -65,7 +65,7 @@ static struct xt_table nat_table = {
65}; 65};
66 66
67/* Source NAT */ 67/* Source NAT */
68static unsigned int ipt_snat_target(struct sk_buff **pskb, 68static unsigned int ipt_snat_target(struct sk_buff *skb,
69 const struct net_device *in, 69 const struct net_device *in,
70 const struct net_device *out, 70 const struct net_device *out,
71 unsigned int hooknum, 71 unsigned int hooknum,
@@ -78,7 +78,7 @@ static unsigned int ipt_snat_target(struct sk_buff **pskb,
78 78
79 NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); 79 NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING);
80 80
81 ct = nf_ct_get(*pskb, &ctinfo); 81 ct = nf_ct_get(skb, &ctinfo);
82 82
83 /* Connection must be valid and new. */ 83 /* Connection must be valid and new. */
84 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED || 84 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
@@ -107,7 +107,7 @@ static void warn_if_extra_mangle(__be32 dstip, __be32 srcip)
107 ip_rt_put(rt); 107 ip_rt_put(rt);
108} 108}
109 109
110static unsigned int ipt_dnat_target(struct sk_buff **pskb, 110static unsigned int ipt_dnat_target(struct sk_buff *skb,
111 const struct net_device *in, 111 const struct net_device *in,
112 const struct net_device *out, 112 const struct net_device *out,
113 unsigned int hooknum, 113 unsigned int hooknum,
@@ -121,14 +121,14 @@ static unsigned int ipt_dnat_target(struct sk_buff **pskb,
121 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || 121 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING ||
122 hooknum == NF_IP_LOCAL_OUT); 122 hooknum == NF_IP_LOCAL_OUT);
123 123
124 ct = nf_ct_get(*pskb, &ctinfo); 124 ct = nf_ct_get(skb, &ctinfo);
125 125
126 /* Connection must be valid and new. */ 126 /* Connection must be valid and new. */
127 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); 127 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
128 128
129 if (hooknum == NF_IP_LOCAL_OUT && 129 if (hooknum == NF_IP_LOCAL_OUT &&
130 mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) 130 mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)
131 warn_if_extra_mangle(ip_hdr(*pskb)->daddr, 131 warn_if_extra_mangle(ip_hdr(skb)->daddr,
132 mr->range[0].min_ip); 132 mr->range[0].min_ip);
133 133
134 return nf_nat_setup_info(ct, &mr->range[0], hooknum); 134 return nf_nat_setup_info(ct, &mr->range[0], hooknum);
@@ -204,7 +204,7 @@ alloc_null_binding_confirmed(struct nf_conn *ct, unsigned int hooknum)
204 return nf_nat_setup_info(ct, &range, hooknum); 204 return nf_nat_setup_info(ct, &range, hooknum);
205} 205}
206 206
207int nf_nat_rule_find(struct sk_buff **pskb, 207int nf_nat_rule_find(struct sk_buff *skb,
208 unsigned int hooknum, 208 unsigned int hooknum,
209 const struct net_device *in, 209 const struct net_device *in,
210 const struct net_device *out, 210 const struct net_device *out,
@@ -212,7 +212,7 @@ int nf_nat_rule_find(struct sk_buff **pskb,
212{ 212{
213 int ret; 213 int ret;
214 214
215 ret = ipt_do_table(pskb, hooknum, in, out, &nat_table); 215 ret = ipt_do_table(skb, hooknum, in, out, &nat_table);
216 216
217 if (ret == NF_ACCEPT) { 217 if (ret == NF_ACCEPT) {
218 if (!nf_nat_initialized(ct, HOOK2MANIP(hooknum))) 218 if (!nf_nat_initialized(ct, HOOK2MANIP(hooknum)))
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c
index e14d41976c27..ce9edbcc01e3 100644
--- a/net/ipv4/netfilter/nf_nat_sip.c
+++ b/net/ipv4/netfilter/nf_nat_sip.c
@@ -60,7 +60,7 @@ static void addr_map_init(struct nf_conn *ct, struct addr_map *map)
60 } 60 }
61} 61}
62 62
63static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo, 63static int map_sip_addr(struct sk_buff *skb, enum ip_conntrack_info ctinfo,
64 struct nf_conn *ct, const char **dptr, size_t dlen, 64 struct nf_conn *ct, const char **dptr, size_t dlen,
65 enum sip_header_pos pos, struct addr_map *map) 65 enum sip_header_pos pos, struct addr_map *map)
66{ 66{
@@ -84,15 +84,15 @@ static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo,
84 } else 84 } else
85 return 1; 85 return 1;
86 86
87 if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, 87 if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
88 matchoff, matchlen, addr, addrlen)) 88 matchoff, matchlen, addr, addrlen))
89 return 0; 89 return 0;
90 *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr); 90 *dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
91 return 1; 91 return 1;
92 92
93} 93}
94 94
95static unsigned int ip_nat_sip(struct sk_buff **pskb, 95static unsigned int ip_nat_sip(struct sk_buff *skb,
96 enum ip_conntrack_info ctinfo, 96 enum ip_conntrack_info ctinfo,
97 struct nf_conn *ct, 97 struct nf_conn *ct,
98 const char **dptr) 98 const char **dptr)
@@ -101,8 +101,8 @@ static unsigned int ip_nat_sip(struct sk_buff **pskb,
101 struct addr_map map; 101 struct addr_map map;
102 int dataoff, datalen; 102 int dataoff, datalen;
103 103
104 dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); 104 dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);
105 datalen = (*pskb)->len - dataoff; 105 datalen = skb->len - dataoff;
106 if (datalen < sizeof("SIP/2.0") - 1) 106 if (datalen < sizeof("SIP/2.0") - 1)
107 return NF_ACCEPT; 107 return NF_ACCEPT;
108 108
@@ -121,19 +121,19 @@ static unsigned int ip_nat_sip(struct sk_buff **pskb,
121 else 121 else
122 pos = POS_REQ_URI; 122 pos = POS_REQ_URI;
123 123
124 if (!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, pos, &map)) 124 if (!map_sip_addr(skb, ctinfo, ct, dptr, datalen, pos, &map))
125 return NF_DROP; 125 return NF_DROP;
126 } 126 }
127 127
128 if (!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_FROM, &map) || 128 if (!map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_FROM, &map) ||
129 !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_TO, &map) || 129 !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_TO, &map) ||
130 !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_VIA, &map) || 130 !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_VIA, &map) ||
131 !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_CONTACT, &map)) 131 !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_CONTACT, &map))
132 return NF_DROP; 132 return NF_DROP;
133 return NF_ACCEPT; 133 return NF_ACCEPT;
134} 134}
135 135
136static unsigned int mangle_sip_packet(struct sk_buff **pskb, 136static unsigned int mangle_sip_packet(struct sk_buff *skb,
137 enum ip_conntrack_info ctinfo, 137 enum ip_conntrack_info ctinfo,
138 struct nf_conn *ct, 138 struct nf_conn *ct,
139 const char **dptr, size_t dlen, 139 const char **dptr, size_t dlen,
@@ -145,16 +145,16 @@ static unsigned int mangle_sip_packet(struct sk_buff **pskb,
145 if (ct_sip_get_info(ct, *dptr, dlen, &matchoff, &matchlen, pos) <= 0) 145 if (ct_sip_get_info(ct, *dptr, dlen, &matchoff, &matchlen, pos) <= 0)
146 return 0; 146 return 0;
147 147
148 if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, 148 if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
149 matchoff, matchlen, buffer, bufflen)) 149 matchoff, matchlen, buffer, bufflen))
150 return 0; 150 return 0;
151 151
152 /* We need to reload this. Thanks Patrick. */ 152 /* We need to reload this. Thanks Patrick. */
153 *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr); 153 *dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
154 return 1; 154 return 1;
155} 155}
156 156
157static int mangle_content_len(struct sk_buff **pskb, 157static int mangle_content_len(struct sk_buff *skb,
158 enum ip_conntrack_info ctinfo, 158 enum ip_conntrack_info ctinfo,
159 struct nf_conn *ct, 159 struct nf_conn *ct,
160 const char *dptr) 160 const char *dptr)
@@ -163,22 +163,22 @@ static int mangle_content_len(struct sk_buff **pskb,
163 char buffer[sizeof("65536")]; 163 char buffer[sizeof("65536")];
164 int bufflen; 164 int bufflen;
165 165
166 dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); 166 dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);
167 167
168 /* Get actual SDP lenght */ 168 /* Get actual SDP lenght */
169 if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff, 169 if (ct_sip_get_info(ct, dptr, skb->len - dataoff, &matchoff,
170 &matchlen, POS_SDP_HEADER) > 0) { 170 &matchlen, POS_SDP_HEADER) > 0) {
171 171
172 /* since ct_sip_get_info() give us a pointer passing 'v=' 172 /* since ct_sip_get_info() give us a pointer passing 'v='
173 we need to add 2 bytes in this count. */ 173 we need to add 2 bytes in this count. */
174 int c_len = (*pskb)->len - dataoff - matchoff + 2; 174 int c_len = skb->len - dataoff - matchoff + 2;
175 175
176 /* Now, update SDP length */ 176 /* Now, update SDP length */
177 if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff, 177 if (ct_sip_get_info(ct, dptr, skb->len - dataoff, &matchoff,
178 &matchlen, POS_CONTENT) > 0) { 178 &matchlen, POS_CONTENT) > 0) {
179 179
180 bufflen = sprintf(buffer, "%u", c_len); 180 bufflen = sprintf(buffer, "%u", c_len);
181 return nf_nat_mangle_udp_packet(pskb, ct, ctinfo, 181 return nf_nat_mangle_udp_packet(skb, ct, ctinfo,
182 matchoff, matchlen, 182 matchoff, matchlen,
183 buffer, bufflen); 183 buffer, bufflen);
184 } 184 }
@@ -186,7 +186,7 @@ static int mangle_content_len(struct sk_buff **pskb,
186 return 0; 186 return 0;
187} 187}
188 188
189static unsigned int mangle_sdp(struct sk_buff **pskb, 189static unsigned int mangle_sdp(struct sk_buff *skb,
190 enum ip_conntrack_info ctinfo, 190 enum ip_conntrack_info ctinfo,
191 struct nf_conn *ct, 191 struct nf_conn *ct,
192 __be32 newip, u_int16_t port, 192 __be32 newip, u_int16_t port,
@@ -195,25 +195,25 @@ static unsigned int mangle_sdp(struct sk_buff **pskb,
195 char buffer[sizeof("nnn.nnn.nnn.nnn")]; 195 char buffer[sizeof("nnn.nnn.nnn.nnn")];
196 unsigned int dataoff, bufflen; 196 unsigned int dataoff, bufflen;
197 197
198 dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); 198 dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);
199 199
200 /* Mangle owner and contact info. */ 200 /* Mangle owner and contact info. */
201 bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip)); 201 bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip));
202 if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, 202 if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,
203 buffer, bufflen, POS_OWNER_IP4)) 203 buffer, bufflen, POS_OWNER_IP4))
204 return 0; 204 return 0;
205 205
206 if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, 206 if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,
207 buffer, bufflen, POS_CONNECTION_IP4)) 207 buffer, bufflen, POS_CONNECTION_IP4))
208 return 0; 208 return 0;
209 209
210 /* Mangle media port. */ 210 /* Mangle media port. */
211 bufflen = sprintf(buffer, "%u", port); 211 bufflen = sprintf(buffer, "%u", port);
212 if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, 212 if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,
213 buffer, bufflen, POS_MEDIA)) 213 buffer, bufflen, POS_MEDIA))
214 return 0; 214 return 0;
215 215
216 return mangle_content_len(pskb, ctinfo, ct, dptr); 216 return mangle_content_len(skb, ctinfo, ct, dptr);
217} 217}
218 218
219static void ip_nat_sdp_expect(struct nf_conn *ct, 219static void ip_nat_sdp_expect(struct nf_conn *ct,
@@ -241,7 +241,7 @@ static void ip_nat_sdp_expect(struct nf_conn *ct,
241 241
242/* So, this packet has hit the connection tracking matching code. 242/* So, this packet has hit the connection tracking matching code.
243 Mangle it, and change the expectation to match the new version. */ 243 Mangle it, and change the expectation to match the new version. */
244static unsigned int ip_nat_sdp(struct sk_buff **pskb, 244static unsigned int ip_nat_sdp(struct sk_buff *skb,
245 enum ip_conntrack_info ctinfo, 245 enum ip_conntrack_info ctinfo,
246 struct nf_conntrack_expect *exp, 246 struct nf_conntrack_expect *exp,
247 const char *dptr) 247 const char *dptr)
@@ -277,7 +277,7 @@ static unsigned int ip_nat_sdp(struct sk_buff **pskb,
277 if (port == 0) 277 if (port == 0)
278 return NF_DROP; 278 return NF_DROP;
279 279
280 if (!mangle_sdp(pskb, ctinfo, ct, newip, port, dptr)) { 280 if (!mangle_sdp(skb, ctinfo, ct, newip, port, dptr)) {
281 nf_ct_unexpect_related(exp); 281 nf_ct_unexpect_related(exp);
282 return NF_DROP; 282 return NF_DROP;
283 } 283 }
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c
index 87011fe806ca..03709d6b4b06 100644
--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
@@ -1188,9 +1188,9 @@ static int snmp_parse_mangle(unsigned char *msg,
1188 */ 1188 */
1189static int snmp_translate(struct nf_conn *ct, 1189static int snmp_translate(struct nf_conn *ct,
1190 enum ip_conntrack_info ctinfo, 1190 enum ip_conntrack_info ctinfo,
1191 struct sk_buff **pskb) 1191 struct sk_buff *skb)
1192{ 1192{
1193 struct iphdr *iph = ip_hdr(*pskb); 1193 struct iphdr *iph = ip_hdr(skb);
1194 struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl); 1194 struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl);
1195 u_int16_t udplen = ntohs(udph->len); 1195 u_int16_t udplen = ntohs(udph->len);
1196 u_int16_t paylen = udplen - sizeof(struct udphdr); 1196 u_int16_t paylen = udplen - sizeof(struct udphdr);
@@ -1225,13 +1225,13 @@ static int snmp_translate(struct nf_conn *ct,
1225 1225
1226/* We don't actually set up expectations, just adjust internal IP 1226/* We don't actually set up expectations, just adjust internal IP
1227 * addresses if this is being NATted */ 1227 * addresses if this is being NATted */
1228static int help(struct sk_buff **pskb, unsigned int protoff, 1228static int help(struct sk_buff *skb, unsigned int protoff,
1229 struct nf_conn *ct, 1229 struct nf_conn *ct,
1230 enum ip_conntrack_info ctinfo) 1230 enum ip_conntrack_info ctinfo)
1231{ 1231{
1232 int dir = CTINFO2DIR(ctinfo); 1232 int dir = CTINFO2DIR(ctinfo);
1233 unsigned int ret; 1233 unsigned int ret;
1234 struct iphdr *iph = ip_hdr(*pskb); 1234 struct iphdr *iph = ip_hdr(skb);
1235 struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl); 1235 struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl);
1236 1236
1237 /* SNMP replies and originating SNMP traps get mangled */ 1237 /* SNMP replies and originating SNMP traps get mangled */
@@ -1250,7 +1250,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff,
1250 * enough room for a UDP header. Just verify the UDP length field so we 1250 * enough room for a UDP header. Just verify the UDP length field so we
1251 * can mess around with the payload. 1251 * can mess around with the payload.
1252 */ 1252 */
1253 if (ntohs(udph->len) != (*pskb)->len - (iph->ihl << 2)) { 1253 if (ntohs(udph->len) != skb->len - (iph->ihl << 2)) {
1254 if (net_ratelimit()) 1254 if (net_ratelimit())
1255 printk(KERN_WARNING "SNMP: dropping malformed packet " 1255 printk(KERN_WARNING "SNMP: dropping malformed packet "
1256 "src=%u.%u.%u.%u dst=%u.%u.%u.%u\n", 1256 "src=%u.%u.%u.%u dst=%u.%u.%u.%u\n",
@@ -1258,11 +1258,11 @@ static int help(struct sk_buff **pskb, unsigned int protoff,
1258 return NF_DROP; 1258 return NF_DROP;
1259 } 1259 }
1260 1260
1261 if (!skb_make_writable(*pskb, (*pskb)->len)) 1261 if (!skb_make_writable(skb, skb->len))
1262 return NF_DROP; 1262 return NF_DROP;
1263 1263
1264 spin_lock_bh(&snmp_lock); 1264 spin_lock_bh(&snmp_lock);
1265 ret = snmp_translate(ct, ctinfo, pskb); 1265 ret = snmp_translate(ct, ctinfo, skb);
1266 spin_unlock_bh(&snmp_lock); 1266 spin_unlock_bh(&snmp_lock);
1267 return ret; 1267 return ret;
1268} 1268}
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c
index 46cc99def165..7db76ea9af91 100644
--- a/net/ipv4/netfilter/nf_nat_standalone.c
+++ b/net/ipv4/netfilter/nf_nat_standalone.c
@@ -67,7 +67,7 @@ static void nat_decode_session(struct sk_buff *skb, struct flowi *fl)
67 67
68static unsigned int 68static unsigned int
69nf_nat_fn(unsigned int hooknum, 69nf_nat_fn(unsigned int hooknum,
70 struct sk_buff **pskb, 70 struct sk_buff *skb,
71 const struct net_device *in, 71 const struct net_device *in,
72 const struct net_device *out, 72 const struct net_device *out,
73 int (*okfn)(struct sk_buff *)) 73 int (*okfn)(struct sk_buff *))
@@ -80,9 +80,9 @@ nf_nat_fn(unsigned int hooknum,
80 80
81 /* We never see fragments: conntrack defrags on pre-routing 81 /* We never see fragments: conntrack defrags on pre-routing
82 and local-out, and nf_nat_out protects post-routing. */ 82 and local-out, and nf_nat_out protects post-routing. */
83 NF_CT_ASSERT(!(ip_hdr(*pskb)->frag_off & htons(IP_MF | IP_OFFSET))); 83 NF_CT_ASSERT(!(ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)));
84 84
85 ct = nf_ct_get(*pskb, &ctinfo); 85 ct = nf_ct_get(skb, &ctinfo);
86 /* Can't track? It's not due to stress, or conntrack would 86 /* Can't track? It's not due to stress, or conntrack would
87 have dropped it. Hence it's the user's responsibilty to 87 have dropped it. Hence it's the user's responsibilty to
88 packet filter it out, or implement conntrack/NAT for that 88 packet filter it out, or implement conntrack/NAT for that
@@ -91,10 +91,10 @@ nf_nat_fn(unsigned int hooknum,
91 /* Exception: ICMP redirect to new connection (not in 91 /* Exception: ICMP redirect to new connection (not in
92 hash table yet). We must not let this through, in 92 hash table yet). We must not let this through, in
93 case we're doing NAT to the same network. */ 93 case we're doing NAT to the same network. */
94 if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP) { 94 if (ip_hdr(skb)->protocol == IPPROTO_ICMP) {
95 struct icmphdr _hdr, *hp; 95 struct icmphdr _hdr, *hp;
96 96
97 hp = skb_header_pointer(*pskb, ip_hdrlen(*pskb), 97 hp = skb_header_pointer(skb, ip_hdrlen(skb),
98 sizeof(_hdr), &_hdr); 98 sizeof(_hdr), &_hdr);
99 if (hp != NULL && 99 if (hp != NULL &&
100 hp->type == ICMP_REDIRECT) 100 hp->type == ICMP_REDIRECT)
@@ -119,9 +119,9 @@ nf_nat_fn(unsigned int hooknum,
119 switch (ctinfo) { 119 switch (ctinfo) {
120 case IP_CT_RELATED: 120 case IP_CT_RELATED:
121 case IP_CT_RELATED+IP_CT_IS_REPLY: 121 case IP_CT_RELATED+IP_CT_IS_REPLY:
122 if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP) { 122 if (ip_hdr(skb)->protocol == IPPROTO_ICMP) {
123 if (!nf_nat_icmp_reply_translation(ct, ctinfo, 123 if (!nf_nat_icmp_reply_translation(ct, ctinfo,
124 hooknum, pskb)) 124 hooknum, skb))
125 return NF_DROP; 125 return NF_DROP;
126 else 126 else
127 return NF_ACCEPT; 127 return NF_ACCEPT;
@@ -141,7 +141,7 @@ nf_nat_fn(unsigned int hooknum,
141 /* LOCAL_IN hook doesn't have a chain! */ 141 /* LOCAL_IN hook doesn't have a chain! */
142 ret = alloc_null_binding(ct, hooknum); 142 ret = alloc_null_binding(ct, hooknum);
143 else 143 else
144 ret = nf_nat_rule_find(pskb, hooknum, in, out, 144 ret = nf_nat_rule_find(skb, hooknum, in, out,
145 ct); 145 ct);
146 146
147 if (ret != NF_ACCEPT) { 147 if (ret != NF_ACCEPT) {
@@ -159,31 +159,31 @@ nf_nat_fn(unsigned int hooknum,
159 ctinfo == (IP_CT_ESTABLISHED+IP_CT_IS_REPLY)); 159 ctinfo == (IP_CT_ESTABLISHED+IP_CT_IS_REPLY));
160 } 160 }
161 161
162 return nf_nat_packet(ct, ctinfo, hooknum, pskb); 162 return nf_nat_packet(ct, ctinfo, hooknum, skb);
163} 163}
164 164
165static unsigned int 165static unsigned int
166nf_nat_in(unsigned int hooknum, 166nf_nat_in(unsigned int hooknum,
167 struct sk_buff **pskb, 167 struct sk_buff *skb,
168 const struct net_device *in, 168 const struct net_device *in,
169 const struct net_device *out, 169 const struct net_device *out,
170 int (*okfn)(struct sk_buff *)) 170 int (*okfn)(struct sk_buff *))
171{ 171{
172 unsigned int ret; 172 unsigned int ret;
173 __be32 daddr = ip_hdr(*pskb)->daddr; 173 __be32 daddr = ip_hdr(skb)->daddr;
174 174
175 ret = nf_nat_fn(hooknum, pskb, in, out, okfn); 175 ret = nf_nat_fn(hooknum, skb, in, out, okfn);
176 if (ret != NF_DROP && ret != NF_STOLEN && 176 if (ret != NF_DROP && ret != NF_STOLEN &&
177 daddr != ip_hdr(*pskb)->daddr) { 177 daddr != ip_hdr(skb)->daddr) {
178 dst_release((*pskb)->dst); 178 dst_release(skb->dst);
179 (*pskb)->dst = NULL; 179 skb->dst = NULL;
180 } 180 }
181 return ret; 181 return ret;
182} 182}
183 183
184static unsigned int 184static unsigned int
185nf_nat_out(unsigned int hooknum, 185nf_nat_out(unsigned int hooknum,
186 struct sk_buff **pskb, 186 struct sk_buff *skb,
187 const struct net_device *in, 187 const struct net_device *in,
188 const struct net_device *out, 188 const struct net_device *out,
189 int (*okfn)(struct sk_buff *)) 189 int (*okfn)(struct sk_buff *))
@@ -195,14 +195,14 @@ nf_nat_out(unsigned int hooknum,
195 unsigned int ret; 195 unsigned int ret;
196 196
197 /* root is playing with raw sockets. */ 197 /* root is playing with raw sockets. */
198 if ((*pskb)->len < sizeof(struct iphdr) || 198 if (skb->len < sizeof(struct iphdr) ||
199 ip_hdrlen(*pskb) < sizeof(struct iphdr)) 199 ip_hdrlen(skb) < sizeof(struct iphdr))
200 return NF_ACCEPT; 200 return NF_ACCEPT;
201 201
202 ret = nf_nat_fn(hooknum, pskb, in, out, okfn); 202 ret = nf_nat_fn(hooknum, skb, in, out, okfn);
203#ifdef CONFIG_XFRM 203#ifdef CONFIG_XFRM
204 if (ret != NF_DROP && ret != NF_STOLEN && 204 if (ret != NF_DROP && ret != NF_STOLEN &&
205 (ct = nf_ct_get(*pskb, &ctinfo)) != NULL) { 205 (ct = nf_ct_get(skb, &ctinfo)) != NULL) {
206 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 206 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
207 207
208 if (ct->tuplehash[dir].tuple.src.u3.ip != 208 if (ct->tuplehash[dir].tuple.src.u3.ip !=
@@ -210,7 +210,7 @@ nf_nat_out(unsigned int hooknum,
210 || ct->tuplehash[dir].tuple.src.u.all != 210 || ct->tuplehash[dir].tuple.src.u.all !=
211 ct->tuplehash[!dir].tuple.dst.u.all 211 ct->tuplehash[!dir].tuple.dst.u.all
212 ) 212 )
213 return ip_xfrm_me_harder(pskb) == 0 ? ret : NF_DROP; 213 return ip_xfrm_me_harder(skb) == 0 ? ret : NF_DROP;
214 } 214 }
215#endif 215#endif
216 return ret; 216 return ret;
@@ -218,7 +218,7 @@ nf_nat_out(unsigned int hooknum,
218 218
219static unsigned int 219static unsigned int
220nf_nat_local_fn(unsigned int hooknum, 220nf_nat_local_fn(unsigned int hooknum,
221 struct sk_buff **pskb, 221 struct sk_buff *skb,
222 const struct net_device *in, 222 const struct net_device *in,
223 const struct net_device *out, 223 const struct net_device *out,
224 int (*okfn)(struct sk_buff *)) 224 int (*okfn)(struct sk_buff *))
@@ -228,24 +228,24 @@ nf_nat_local_fn(unsigned int hooknum,
228 unsigned int ret; 228 unsigned int ret;
229 229
230 /* root is playing with raw sockets. */ 230 /* root is playing with raw sockets. */
231 if ((*pskb)->len < sizeof(struct iphdr) || 231 if (skb->len < sizeof(struct iphdr) ||
232 ip_hdrlen(*pskb) < sizeof(struct iphdr)) 232 ip_hdrlen(skb) < sizeof(struct iphdr))
233 return NF_ACCEPT; 233 return NF_ACCEPT;
234 234
235 ret = nf_nat_fn(hooknum, pskb, in, out, okfn); 235 ret = nf_nat_fn(hooknum, skb, in, out, okfn);
236 if (ret != NF_DROP && ret != NF_STOLEN && 236 if (ret != NF_DROP && ret != NF_STOLEN &&
237 (ct = nf_ct_get(*pskb, &ctinfo)) != NULL) { 237 (ct = nf_ct_get(skb, &ctinfo)) != NULL) {
238 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 238 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
239 239
240 if (ct->tuplehash[dir].tuple.dst.u3.ip != 240 if (ct->tuplehash[dir].tuple.dst.u3.ip !=
241 ct->tuplehash[!dir].tuple.src.u3.ip) { 241 ct->tuplehash[!dir].tuple.src.u3.ip) {
242 if (ip_route_me_harder(pskb, RTN_UNSPEC)) 242 if (ip_route_me_harder(skb, RTN_UNSPEC))
243 ret = NF_DROP; 243 ret = NF_DROP;
244 } 244 }
245#ifdef CONFIG_XFRM 245#ifdef CONFIG_XFRM
246 else if (ct->tuplehash[dir].tuple.dst.u.all != 246 else if (ct->tuplehash[dir].tuple.dst.u.all !=
247 ct->tuplehash[!dir].tuple.src.u.all) 247 ct->tuplehash[!dir].tuple.src.u.all)
248 if (ip_xfrm_me_harder(pskb)) 248 if (ip_xfrm_me_harder(skb))
249 ret = NF_DROP; 249 ret = NF_DROP;
250#endif 250#endif
251 } 251 }
@@ -254,7 +254,7 @@ nf_nat_local_fn(unsigned int hooknum,
254 254
255static unsigned int 255static unsigned int
256nf_nat_adjust(unsigned int hooknum, 256nf_nat_adjust(unsigned int hooknum,
257 struct sk_buff **pskb, 257 struct sk_buff *skb,
258 const struct net_device *in, 258 const struct net_device *in,
259 const struct net_device *out, 259 const struct net_device *out,
260 int (*okfn)(struct sk_buff *)) 260 int (*okfn)(struct sk_buff *))
@@ -262,10 +262,10 @@ nf_nat_adjust(unsigned int hooknum,
262 struct nf_conn *ct; 262 struct nf_conn *ct;
263 enum ip_conntrack_info ctinfo; 263 enum ip_conntrack_info ctinfo;
264 264
265 ct = nf_ct_get(*pskb, &ctinfo); 265 ct = nf_ct_get(skb, &ctinfo);
266 if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) { 266 if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) {
267 pr_debug("nf_nat_standalone: adjusting sequence number\n"); 267 pr_debug("nf_nat_standalone: adjusting sequence number\n");
268 if (!nf_nat_seq_adjust(pskb, ct, ctinfo)) 268 if (!nf_nat_seq_adjust(skb, ct, ctinfo))
269 return NF_DROP; 269 return NF_DROP;
270 } 270 }
271 return NF_ACCEPT; 271 return NF_ACCEPT;
diff --git a/net/ipv4/netfilter/nf_nat_tftp.c b/net/ipv4/netfilter/nf_nat_tftp.c
index 04dfeaefec02..0ecec701cb44 100644
--- a/net/ipv4/netfilter/nf_nat_tftp.c
+++ b/net/ipv4/netfilter/nf_nat_tftp.c
@@ -20,7 +20,7 @@ MODULE_DESCRIPTION("TFTP NAT helper");
20MODULE_LICENSE("GPL"); 20MODULE_LICENSE("GPL");
21MODULE_ALIAS("ip_nat_tftp"); 21MODULE_ALIAS("ip_nat_tftp");
22 22
23static unsigned int help(struct sk_buff **pskb, 23static unsigned int help(struct sk_buff *skb,
24 enum ip_conntrack_info ctinfo, 24 enum ip_conntrack_info ctinfo,
25 struct nf_conntrack_expect *exp) 25 struct nf_conntrack_expect *exp)
26{ 26{
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index 434ef302ba83..a4edd666318b 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -78,7 +78,7 @@ static int xfrm4_output_finish2(struct sk_buff *skb)
78 while (likely((err = xfrm4_output_one(skb)) == 0)) { 78 while (likely((err = xfrm4_output_one(skb)) == 0)) {
79 nf_reset(skb); 79 nf_reset(skb);
80 80
81 err = nf_hook(PF_INET, NF_IP_LOCAL_OUT, &skb, NULL, 81 err = nf_hook(PF_INET, NF_IP_LOCAL_OUT, skb, NULL,
82 skb->dst->dev, dst_output); 82 skb->dst->dev, dst_output);
83 if (unlikely(err != 1)) 83 if (unlikely(err != 1))
84 break; 84 break;
@@ -86,7 +86,7 @@ static int xfrm4_output_finish2(struct sk_buff *skb)
86 if (!skb->dst->xfrm) 86 if (!skb->dst->xfrm)
87 return dst_output(skb); 87 return dst_output(skb);
88 88
89 err = nf_hook(PF_INET, NF_IP_POST_ROUTING, &skb, NULL, 89 err = nf_hook(PF_INET, NF_IP_POST_ROUTING, skb, NULL,
90 skb->dst->dev, xfrm4_output_finish2); 90 skb->dst->dev, xfrm4_output_finish2);
91 if (unlikely(err != 1)) 91 if (unlikely(err != 1))
92 break; 92 break;
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index 38b149613915..b1326c2bf8aa 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -68,15 +68,15 @@ static void nf_ip6_saveroute(const struct sk_buff *skb, struct nf_info *info)
68 } 68 }
69} 69}
70 70
71static int nf_ip6_reroute(struct sk_buff **pskb, const struct nf_info *info) 71static int nf_ip6_reroute(struct sk_buff *skb, const struct nf_info *info)
72{ 72{
73 struct ip6_rt_info *rt_info = nf_info_reroute(info); 73 struct ip6_rt_info *rt_info = nf_info_reroute(info);
74 74
75 if (info->hook == NF_IP6_LOCAL_OUT) { 75 if (info->hook == NF_IP6_LOCAL_OUT) {
76 struct ipv6hdr *iph = ipv6_hdr(*pskb); 76 struct ipv6hdr *iph = ipv6_hdr(skb);
77 if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) || 77 if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) ||
78 !ipv6_addr_equal(&iph->saddr, &rt_info->saddr)) 78 !ipv6_addr_equal(&iph->saddr, &rt_info->saddr))
79 return ip6_route_me_harder(*pskb); 79 return ip6_route_me_harder(skb);
80 } 80 }
81 return 0; 81 return 0;
82} 82}
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index cd9df02bb85c..acaba1537931 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -205,7 +205,7 @@ ip6_checkentry(const struct ip6t_ip6 *ipv6)
205} 205}
206 206
207static unsigned int 207static unsigned int
208ip6t_error(struct sk_buff **pskb, 208ip6t_error(struct sk_buff *skb,
209 const struct net_device *in, 209 const struct net_device *in,
210 const struct net_device *out, 210 const struct net_device *out,
211 unsigned int hooknum, 211 unsigned int hooknum,
@@ -350,7 +350,7 @@ static void trace_packet(struct sk_buff *skb,
350 350
351/* Returns one of the generic firewall policies, like NF_ACCEPT. */ 351/* Returns one of the generic firewall policies, like NF_ACCEPT. */
352unsigned int 352unsigned int
353ip6t_do_table(struct sk_buff **pskb, 353ip6t_do_table(struct sk_buff *skb,
354 unsigned int hook, 354 unsigned int hook,
355 const struct net_device *in, 355 const struct net_device *in,
356 const struct net_device *out, 356 const struct net_device *out,
@@ -389,17 +389,17 @@ ip6t_do_table(struct sk_buff **pskb,
389 do { 389 do {
390 IP_NF_ASSERT(e); 390 IP_NF_ASSERT(e);
391 IP_NF_ASSERT(back); 391 IP_NF_ASSERT(back);
392 if (ip6_packet_match(*pskb, indev, outdev, &e->ipv6, 392 if (ip6_packet_match(skb, indev, outdev, &e->ipv6,
393 &protoff, &offset, &hotdrop)) { 393 &protoff, &offset, &hotdrop)) {
394 struct ip6t_entry_target *t; 394 struct ip6t_entry_target *t;
395 395
396 if (IP6T_MATCH_ITERATE(e, do_match, 396 if (IP6T_MATCH_ITERATE(e, do_match,
397 *pskb, in, out, 397 skb, in, out,
398 offset, protoff, &hotdrop) != 0) 398 offset, protoff, &hotdrop) != 0)
399 goto no_match; 399 goto no_match;
400 400
401 ADD_COUNTER(e->counters, 401 ADD_COUNTER(e->counters,
402 ntohs(ipv6_hdr(*pskb)->payload_len) 402 ntohs(ipv6_hdr(skb)->payload_len)
403 + IPV6_HDR_LEN, 403 + IPV6_HDR_LEN,
404 1); 404 1);
405 405
@@ -409,8 +409,8 @@ ip6t_do_table(struct sk_buff **pskb,
409#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ 409#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
410 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) 410 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
411 /* The packet is traced: log it */ 411 /* The packet is traced: log it */
412 if (unlikely((*pskb)->nf_trace)) 412 if (unlikely(skb->nf_trace))
413 trace_packet(*pskb, hook, in, out, 413 trace_packet(skb, hook, in, out,
414 table->name, private, e); 414 table->name, private, e);
415#endif 415#endif
416 /* Standard target? */ 416 /* Standard target? */
@@ -448,7 +448,7 @@ ip6t_do_table(struct sk_buff **pskb,
448 ((struct ip6t_entry *)table_base)->comefrom 448 ((struct ip6t_entry *)table_base)->comefrom
449 = 0xeeeeeeec; 449 = 0xeeeeeeec;
450#endif 450#endif
451 verdict = t->u.kernel.target->target(pskb, 451 verdict = t->u.kernel.target->target(skb,
452 in, out, 452 in, out,
453 hook, 453 hook,
454 t->u.kernel.target, 454 t->u.kernel.target,
diff --git a/net/ipv6/netfilter/ip6t_HL.c b/net/ipv6/netfilter/ip6t_HL.c
index f76197fc4dcc..9afc836fd454 100644
--- a/net/ipv6/netfilter/ip6t_HL.c
+++ b/net/ipv6/netfilter/ip6t_HL.c
@@ -18,7 +18,7 @@ MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>");
18MODULE_DESCRIPTION("IP6 tables Hop Limit modification module"); 18MODULE_DESCRIPTION("IP6 tables Hop Limit modification module");
19MODULE_LICENSE("GPL"); 19MODULE_LICENSE("GPL");
20 20
21static unsigned int ip6t_hl_target(struct sk_buff **pskb, 21static unsigned int ip6t_hl_target(struct sk_buff *skb,
22 const struct net_device *in, 22 const struct net_device *in,
23 const struct net_device *out, 23 const struct net_device *out,
24 unsigned int hooknum, 24 unsigned int hooknum,
@@ -29,10 +29,10 @@ static unsigned int ip6t_hl_target(struct sk_buff **pskb,
29 const struct ip6t_HL_info *info = targinfo; 29 const struct ip6t_HL_info *info = targinfo;
30 int new_hl; 30 int new_hl;
31 31
32 if (!skb_make_writable(*pskb, (*pskb)->len)) 32 if (!skb_make_writable(skb, skb->len))
33 return NF_DROP; 33 return NF_DROP;
34 34
35 ip6h = ipv6_hdr(*pskb); 35 ip6h = ipv6_hdr(skb);
36 36
37 switch (info->mode) { 37 switch (info->mode) {
38 case IP6T_HL_SET: 38 case IP6T_HL_SET:
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c
index 6ab99001dccc..7a48c342df46 100644
--- a/net/ipv6/netfilter/ip6t_LOG.c
+++ b/net/ipv6/netfilter/ip6t_LOG.c
@@ -431,7 +431,7 @@ ip6t_log_packet(unsigned int pf,
431} 431}
432 432
433static unsigned int 433static unsigned int
434ip6t_log_target(struct sk_buff **pskb, 434ip6t_log_target(struct sk_buff *skb,
435 const struct net_device *in, 435 const struct net_device *in,
436 const struct net_device *out, 436 const struct net_device *out,
437 unsigned int hooknum, 437 unsigned int hooknum,
@@ -445,8 +445,7 @@ ip6t_log_target(struct sk_buff **pskb,
445 li.u.log.level = loginfo->level; 445 li.u.log.level = loginfo->level;
446 li.u.log.logflags = loginfo->logflags; 446 li.u.log.logflags = loginfo->logflags;
447 447
448 ip6t_log_packet(PF_INET6, hooknum, *pskb, in, out, &li, 448 ip6t_log_packet(PF_INET6, hooknum, skb, in, out, &li, loginfo->prefix);
449 loginfo->prefix);
450 return XT_CONTINUE; 449 return XT_CONTINUE;
451} 450}
452 451
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index 3fd08d5567a6..1a7d2917545d 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -172,7 +172,7 @@ send_unreach(struct sk_buff *skb_in, unsigned char code, unsigned int hooknum)
172 icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0, NULL); 172 icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0, NULL);
173} 173}
174 174
175static unsigned int reject6_target(struct sk_buff **pskb, 175static unsigned int reject6_target(struct sk_buff *skb,
176 const struct net_device *in, 176 const struct net_device *in,
177 const struct net_device *out, 177 const struct net_device *out,
178 unsigned int hooknum, 178 unsigned int hooknum,
@@ -187,25 +187,25 @@ static unsigned int reject6_target(struct sk_buff **pskb,
187 must return an absolute verdict. --RR */ 187 must return an absolute verdict. --RR */
188 switch (reject->with) { 188 switch (reject->with) {
189 case IP6T_ICMP6_NO_ROUTE: 189 case IP6T_ICMP6_NO_ROUTE:
190 send_unreach(*pskb, ICMPV6_NOROUTE, hooknum); 190 send_unreach(skb, ICMPV6_NOROUTE, hooknum);
191 break; 191 break;
192 case IP6T_ICMP6_ADM_PROHIBITED: 192 case IP6T_ICMP6_ADM_PROHIBITED:
193 send_unreach(*pskb, ICMPV6_ADM_PROHIBITED, hooknum); 193 send_unreach(skb, ICMPV6_ADM_PROHIBITED, hooknum);
194 break; 194 break;
195 case IP6T_ICMP6_NOT_NEIGHBOUR: 195 case IP6T_ICMP6_NOT_NEIGHBOUR:
196 send_unreach(*pskb, ICMPV6_NOT_NEIGHBOUR, hooknum); 196 send_unreach(skb, ICMPV6_NOT_NEIGHBOUR, hooknum);
197 break; 197 break;
198 case IP6T_ICMP6_ADDR_UNREACH: 198 case IP6T_ICMP6_ADDR_UNREACH:
199 send_unreach(*pskb, ICMPV6_ADDR_UNREACH, hooknum); 199 send_unreach(skb, ICMPV6_ADDR_UNREACH, hooknum);
200 break; 200 break;
201 case IP6T_ICMP6_PORT_UNREACH: 201 case IP6T_ICMP6_PORT_UNREACH:
202 send_unreach(*pskb, ICMPV6_PORT_UNREACH, hooknum); 202 send_unreach(skb, ICMPV6_PORT_UNREACH, hooknum);
203 break; 203 break;
204 case IP6T_ICMP6_ECHOREPLY: 204 case IP6T_ICMP6_ECHOREPLY:
205 /* Do nothing */ 205 /* Do nothing */
206 break; 206 break;
207 case IP6T_TCP_RESET: 207 case IP6T_TCP_RESET:
208 send_reset(*pskb); 208 send_reset(skb);
209 break; 209 break;
210 default: 210 default:
211 if (net_ratelimit()) 211 if (net_ratelimit())
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c
index 7e32e2aaf7f7..1d26b202bf30 100644
--- a/net/ipv6/netfilter/ip6table_filter.c
+++ b/net/ipv6/netfilter/ip6table_filter.c
@@ -60,32 +60,32 @@ static struct xt_table packet_filter = {
60/* The work comes in here from netfilter.c. */ 60/* The work comes in here from netfilter.c. */
61static unsigned int 61static unsigned int
62ip6t_hook(unsigned int hook, 62ip6t_hook(unsigned int hook,
63 struct sk_buff **pskb, 63 struct sk_buff *skb,
64 const struct net_device *in, 64 const struct net_device *in,
65 const struct net_device *out, 65 const struct net_device *out,
66 int (*okfn)(struct sk_buff *)) 66 int (*okfn)(struct sk_buff *))
67{ 67{
68 return ip6t_do_table(pskb, hook, in, out, &packet_filter); 68 return ip6t_do_table(skb, hook, in, out, &packet_filter);
69} 69}
70 70
71static unsigned int 71static unsigned int
72ip6t_local_out_hook(unsigned int hook, 72ip6t_local_out_hook(unsigned int hook,
73 struct sk_buff **pskb, 73 struct sk_buff *skb,
74 const struct net_device *in, 74 const struct net_device *in,
75 const struct net_device *out, 75 const struct net_device *out,
76 int (*okfn)(struct sk_buff *)) 76 int (*okfn)(struct sk_buff *))
77{ 77{
78#if 0 78#if 0
79 /* root is playing with raw sockets. */ 79 /* root is playing with raw sockets. */
80 if ((*pskb)->len < sizeof(struct iphdr) 80 if (skb->len < sizeof(struct iphdr)
81 || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 81 || ip_hdrlen(skb) < sizeof(struct iphdr)) {
82 if (net_ratelimit()) 82 if (net_ratelimit())
83 printk("ip6t_hook: happy cracking.\n"); 83 printk("ip6t_hook: happy cracking.\n");
84 return NF_ACCEPT; 84 return NF_ACCEPT;
85 } 85 }
86#endif 86#endif
87 87
88 return ip6t_do_table(pskb, hook, in, out, &packet_filter); 88 return ip6t_do_table(skb, hook, in, out, &packet_filter);
89} 89}
90 90
91static struct nf_hook_ops ip6t_ops[] = { 91static struct nf_hook_ops ip6t_ops[] = {
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c
index f0a9efa67fb5..a0b6381f1e8c 100644
--- a/net/ipv6/netfilter/ip6table_mangle.c
+++ b/net/ipv6/netfilter/ip6table_mangle.c
@@ -68,17 +68,17 @@ static struct xt_table packet_mangler = {
68/* The work comes in here from netfilter.c. */ 68/* The work comes in here from netfilter.c. */
69static unsigned int 69static unsigned int
70ip6t_route_hook(unsigned int hook, 70ip6t_route_hook(unsigned int hook,
71 struct sk_buff **pskb, 71 struct sk_buff *skb,
72 const struct net_device *in, 72 const struct net_device *in,
73 const struct net_device *out, 73 const struct net_device *out,
74 int (*okfn)(struct sk_buff *)) 74 int (*okfn)(struct sk_buff *))
75{ 75{
76 return ip6t_do_table(pskb, hook, in, out, &packet_mangler); 76 return ip6t_do_table(skb, hook, in, out, &packet_mangler);
77} 77}
78 78
79static unsigned int 79static unsigned int
80ip6t_local_hook(unsigned int hook, 80ip6t_local_hook(unsigned int hook,
81 struct sk_buff **pskb, 81 struct sk_buff *skb,
82 const struct net_device *in, 82 const struct net_device *in,
83 const struct net_device *out, 83 const struct net_device *out,
84 int (*okfn)(struct sk_buff *)) 84 int (*okfn)(struct sk_buff *))
@@ -91,8 +91,8 @@ ip6t_local_hook(unsigned int hook,
91 91
92#if 0 92#if 0
93 /* root is playing with raw sockets. */ 93 /* root is playing with raw sockets. */
94 if ((*pskb)->len < sizeof(struct iphdr) 94 if (skb->len < sizeof(struct iphdr)
95 || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 95 || ip_hdrlen(skb) < sizeof(struct iphdr)) {
96 if (net_ratelimit()) 96 if (net_ratelimit())
97 printk("ip6t_hook: happy cracking.\n"); 97 printk("ip6t_hook: happy cracking.\n");
98 return NF_ACCEPT; 98 return NF_ACCEPT;
@@ -100,22 +100,22 @@ ip6t_local_hook(unsigned int hook,
100#endif 100#endif
101 101
102 /* save source/dest address, mark, hoplimit, flowlabel, priority, */ 102 /* save source/dest address, mark, hoplimit, flowlabel, priority, */
103 memcpy(&saddr, &ipv6_hdr(*pskb)->saddr, sizeof(saddr)); 103 memcpy(&saddr, &ipv6_hdr(skb)->saddr, sizeof(saddr));
104 memcpy(&daddr, &ipv6_hdr(*pskb)->daddr, sizeof(daddr)); 104 memcpy(&daddr, &ipv6_hdr(skb)->daddr, sizeof(daddr));
105 mark = (*pskb)->mark; 105 mark = skb->mark;
106 hop_limit = ipv6_hdr(*pskb)->hop_limit; 106 hop_limit = ipv6_hdr(skb)->hop_limit;
107 107
108 /* flowlabel and prio (includes version, which shouldn't change either */ 108 /* flowlabel and prio (includes version, which shouldn't change either */
109 flowlabel = *((u_int32_t *)ipv6_hdr(*pskb)); 109 flowlabel = *((u_int32_t *)ipv6_hdr(skb));
110 110
111 ret = ip6t_do_table(pskb, hook, in, out, &packet_mangler); 111 ret = ip6t_do_table(skb, hook, in, out, &packet_mangler);
112 112
113 if (ret != NF_DROP && ret != NF_STOLEN 113 if (ret != NF_DROP && ret != NF_STOLEN
114 && (memcmp(&ipv6_hdr(*pskb)->saddr, &saddr, sizeof(saddr)) 114 && (memcmp(&ipv6_hdr(skb)->saddr, &saddr, sizeof(saddr))
115 || memcmp(&ipv6_hdr(*pskb)->daddr, &daddr, sizeof(daddr)) 115 || memcmp(&ipv6_hdr(skb)->daddr, &daddr, sizeof(daddr))
116 || (*pskb)->mark != mark 116 || skb->mark != mark
117 || ipv6_hdr(*pskb)->hop_limit != hop_limit)) 117 || ipv6_hdr(skb)->hop_limit != hop_limit))
118 return ip6_route_me_harder(*pskb) == 0 ? ret : NF_DROP; 118 return ip6_route_me_harder(skb) == 0 ? ret : NF_DROP;
119 119
120 return ret; 120 return ret;
121} 121}
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c
index ec290e4ebdd8..8f7109f991e6 100644
--- a/net/ipv6/netfilter/ip6table_raw.c
+++ b/net/ipv6/netfilter/ip6table_raw.c
@@ -46,12 +46,12 @@ static struct xt_table packet_raw = {
46/* The work comes in here from netfilter.c. */ 46/* The work comes in here from netfilter.c. */
47static unsigned int 47static unsigned int
48ip6t_hook(unsigned int hook, 48ip6t_hook(unsigned int hook,
49 struct sk_buff **pskb, 49 struct sk_buff *skb,
50 const struct net_device *in, 50 const struct net_device *in,
51 const struct net_device *out, 51 const struct net_device *out,
52 int (*okfn)(struct sk_buff *)) 52 int (*okfn)(struct sk_buff *))
53{ 53{
54 return ip6t_do_table(pskb, hook, in, out, &packet_raw); 54 return ip6t_do_table(skb, hook, in, out, &packet_raw);
55} 55}
56 56
57static struct nf_hook_ops ip6t_ops[] = { 57static struct nf_hook_ops ip6t_ops[] = {
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index 37a3db926953..e9369dc02381 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -145,7 +145,7 @@ static int ipv6_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
145} 145}
146 146
147static unsigned int ipv6_confirm(unsigned int hooknum, 147static unsigned int ipv6_confirm(unsigned int hooknum,
148 struct sk_buff **pskb, 148 struct sk_buff *skb,
149 const struct net_device *in, 149 const struct net_device *in,
150 const struct net_device *out, 150 const struct net_device *out,
151 int (*okfn)(struct sk_buff *)) 151 int (*okfn)(struct sk_buff *))
@@ -155,12 +155,12 @@ static unsigned int ipv6_confirm(unsigned int hooknum,
155 struct nf_conntrack_helper *helper; 155 struct nf_conntrack_helper *helper;
156 enum ip_conntrack_info ctinfo; 156 enum ip_conntrack_info ctinfo;
157 unsigned int ret, protoff; 157 unsigned int ret, protoff;
158 unsigned int extoff = (u8 *)(ipv6_hdr(*pskb) + 1) - (*pskb)->data; 158 unsigned int extoff = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
159 unsigned char pnum = ipv6_hdr(*pskb)->nexthdr; 159 unsigned char pnum = ipv6_hdr(skb)->nexthdr;
160 160
161 161
162 /* This is where we call the helper: as the packet goes out. */ 162 /* This is where we call the helper: as the packet goes out. */
163 ct = nf_ct_get(*pskb, &ctinfo); 163 ct = nf_ct_get(skb, &ctinfo);
164 if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY) 164 if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)
165 goto out; 165 goto out;
166 166
@@ -172,23 +172,23 @@ static unsigned int ipv6_confirm(unsigned int hooknum,
172 if (!helper) 172 if (!helper)
173 goto out; 173 goto out;
174 174
175 protoff = nf_ct_ipv6_skip_exthdr(*pskb, extoff, &pnum, 175 protoff = nf_ct_ipv6_skip_exthdr(skb, extoff, &pnum,
176 (*pskb)->len - extoff); 176 skb->len - extoff);
177 if (protoff > (*pskb)->len || pnum == NEXTHDR_FRAGMENT) { 177 if (protoff > skb->len || pnum == NEXTHDR_FRAGMENT) {
178 pr_debug("proto header not found\n"); 178 pr_debug("proto header not found\n");
179 return NF_ACCEPT; 179 return NF_ACCEPT;
180 } 180 }
181 181
182 ret = helper->help(pskb, protoff, ct, ctinfo); 182 ret = helper->help(skb, protoff, ct, ctinfo);
183 if (ret != NF_ACCEPT) 183 if (ret != NF_ACCEPT)
184 return ret; 184 return ret;
185out: 185out:
186 /* We've seen it coming out the other side: confirm it */ 186 /* We've seen it coming out the other side: confirm it */
187 return nf_conntrack_confirm(pskb); 187 return nf_conntrack_confirm(skb);
188} 188}
189 189
190static unsigned int ipv6_defrag(unsigned int hooknum, 190static unsigned int ipv6_defrag(unsigned int hooknum,
191 struct sk_buff **pskb, 191 struct sk_buff *skb,
192 const struct net_device *in, 192 const struct net_device *in,
193 const struct net_device *out, 193 const struct net_device *out,
194 int (*okfn)(struct sk_buff *)) 194 int (*okfn)(struct sk_buff *))
@@ -196,17 +196,17 @@ static unsigned int ipv6_defrag(unsigned int hooknum,
196 struct sk_buff *reasm; 196 struct sk_buff *reasm;
197 197
198 /* Previously seen (loopback)? */ 198 /* Previously seen (loopback)? */
199 if ((*pskb)->nfct) 199 if (skb->nfct)
200 return NF_ACCEPT; 200 return NF_ACCEPT;
201 201
202 reasm = nf_ct_frag6_gather(*pskb); 202 reasm = nf_ct_frag6_gather(skb);
203 203
204 /* queued */ 204 /* queued */
205 if (reasm == NULL) 205 if (reasm == NULL)
206 return NF_STOLEN; 206 return NF_STOLEN;
207 207
208 /* error occured or not fragmented */ 208 /* error occured or not fragmented */
209 if (reasm == *pskb) 209 if (reasm == skb)
210 return NF_ACCEPT; 210 return NF_ACCEPT;
211 211
212 nf_ct_frag6_output(hooknum, reasm, (struct net_device *)in, 212 nf_ct_frag6_output(hooknum, reasm, (struct net_device *)in,
@@ -216,12 +216,12 @@ static unsigned int ipv6_defrag(unsigned int hooknum,
216} 216}
217 217
218static unsigned int ipv6_conntrack_in(unsigned int hooknum, 218static unsigned int ipv6_conntrack_in(unsigned int hooknum,
219 struct sk_buff **pskb, 219 struct sk_buff *skb,
220 const struct net_device *in, 220 const struct net_device *in,
221 const struct net_device *out, 221 const struct net_device *out,
222 int (*okfn)(struct sk_buff *)) 222 int (*okfn)(struct sk_buff *))
223{ 223{
224 struct sk_buff *reasm = (*pskb)->nfct_reasm; 224 struct sk_buff *reasm = skb->nfct_reasm;
225 225
226 /* This packet is fragmented and has reassembled packet. */ 226 /* This packet is fragmented and has reassembled packet. */
227 if (reasm) { 227 if (reasm) {
@@ -229,32 +229,32 @@ static unsigned int ipv6_conntrack_in(unsigned int hooknum,
229 if (!reasm->nfct) { 229 if (!reasm->nfct) {
230 unsigned int ret; 230 unsigned int ret;
231 231
232 ret = nf_conntrack_in(PF_INET6, hooknum, &reasm); 232 ret = nf_conntrack_in(PF_INET6, hooknum, reasm);
233 if (ret != NF_ACCEPT) 233 if (ret != NF_ACCEPT)
234 return ret; 234 return ret;
235 } 235 }
236 nf_conntrack_get(reasm->nfct); 236 nf_conntrack_get(reasm->nfct);
237 (*pskb)->nfct = reasm->nfct; 237 skb->nfct = reasm->nfct;
238 (*pskb)->nfctinfo = reasm->nfctinfo; 238 skb->nfctinfo = reasm->nfctinfo;
239 return NF_ACCEPT; 239 return NF_ACCEPT;
240 } 240 }
241 241
242 return nf_conntrack_in(PF_INET6, hooknum, pskb); 242 return nf_conntrack_in(PF_INET6, hooknum, skb);
243} 243}
244 244
245static unsigned int ipv6_conntrack_local(unsigned int hooknum, 245static unsigned int ipv6_conntrack_local(unsigned int hooknum,
246 struct sk_buff **pskb, 246 struct sk_buff *skb,
247 const struct net_device *in, 247 const struct net_device *in,
248 const struct net_device *out, 248 const struct net_device *out,
249 int (*okfn)(struct sk_buff *)) 249 int (*okfn)(struct sk_buff *))
250{ 250{
251 /* root is playing with raw sockets. */ 251 /* root is playing with raw sockets. */
252 if ((*pskb)->len < sizeof(struct ipv6hdr)) { 252 if (skb->len < sizeof(struct ipv6hdr)) {
253 if (net_ratelimit()) 253 if (net_ratelimit())
254 printk("ipv6_conntrack_local: packet too short\n"); 254 printk("ipv6_conntrack_local: packet too short\n");
255 return NF_ACCEPT; 255 return NF_ACCEPT;
256 } 256 }
257 return ipv6_conntrack_in(hooknum, pskb, in, out, okfn); 257 return ipv6_conntrack_in(hooknum, skb, in, out, okfn);
258} 258}
259 259
260static struct nf_hook_ops ipv6_conntrack_ops[] = { 260static struct nf_hook_ops ipv6_conntrack_ops[] = {
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
index 4618c18e611d..a5a32c17249d 100644
--- a/net/ipv6/xfrm6_output.c
+++ b/net/ipv6/xfrm6_output.c
@@ -80,7 +80,7 @@ static int xfrm6_output_finish2(struct sk_buff *skb)
80 while (likely((err = xfrm6_output_one(skb)) == 0)) { 80 while (likely((err = xfrm6_output_one(skb)) == 0)) {
81 nf_reset(skb); 81 nf_reset(skb);
82 82
83 err = nf_hook(PF_INET6, NF_IP6_LOCAL_OUT, &skb, NULL, 83 err = nf_hook(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL,
84 skb->dst->dev, dst_output); 84 skb->dst->dev, dst_output);
85 if (unlikely(err != 1)) 85 if (unlikely(err != 1))
86 break; 86 break;
@@ -88,7 +88,7 @@ static int xfrm6_output_finish2(struct sk_buff *skb)
88 if (!skb->dst->xfrm) 88 if (!skb->dst->xfrm)
89 return dst_output(skb); 89 return dst_output(skb);
90 90
91 err = nf_hook(PF_INET6, NF_IP6_POST_ROUTING, &skb, NULL, 91 err = nf_hook(PF_INET6, NF_IP6_POST_ROUTING, skb, NULL,
92 skb->dst->dev, xfrm6_output_finish2); 92 skb->dst->dev, xfrm6_output_finish2);
93 if (unlikely(err != 1)) 93 if (unlikely(err != 1))
94 break; 94 break;
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 2c9e8e3652d0..bed9ba01e8ec 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -117,7 +117,7 @@ void nf_unregister_hooks(struct nf_hook_ops *reg, unsigned int n)
117EXPORT_SYMBOL(nf_unregister_hooks); 117EXPORT_SYMBOL(nf_unregister_hooks);
118 118
119unsigned int nf_iterate(struct list_head *head, 119unsigned int nf_iterate(struct list_head *head,
120 struct sk_buff **skb, 120 struct sk_buff *skb,
121 int hook, 121 int hook,
122 const struct net_device *indev, 122 const struct net_device *indev,
123 const struct net_device *outdev, 123 const struct net_device *outdev,
@@ -160,7 +160,7 @@ unsigned int nf_iterate(struct list_head *head,
160 160
161/* Returns 1 if okfn() needs to be executed by the caller, 161/* Returns 1 if okfn() needs to be executed by the caller,
162 * -EPERM for NF_DROP, 0 otherwise. */ 162 * -EPERM for NF_DROP, 0 otherwise. */
163int nf_hook_slow(int pf, unsigned int hook, struct sk_buff **pskb, 163int nf_hook_slow(int pf, unsigned int hook, struct sk_buff *skb,
164 struct net_device *indev, 164 struct net_device *indev,
165 struct net_device *outdev, 165 struct net_device *outdev,
166 int (*okfn)(struct sk_buff *), 166 int (*okfn)(struct sk_buff *),
@@ -175,17 +175,17 @@ int nf_hook_slow(int pf, unsigned int hook, struct sk_buff **pskb,
175 175
176 elem = &nf_hooks[pf][hook]; 176 elem = &nf_hooks[pf][hook];
177next_hook: 177next_hook:
178 verdict = nf_iterate(&nf_hooks[pf][hook], pskb, hook, indev, 178 verdict = nf_iterate(&nf_hooks[pf][hook], skb, hook, indev,
179 outdev, &elem, okfn, hook_thresh); 179 outdev, &elem, okfn, hook_thresh);
180 if (verdict == NF_ACCEPT || verdict == NF_STOP) { 180 if (verdict == NF_ACCEPT || verdict == NF_STOP) {
181 ret = 1; 181 ret = 1;
182 goto unlock; 182 goto unlock;
183 } else if (verdict == NF_DROP) { 183 } else if (verdict == NF_DROP) {
184 kfree_skb(*pskb); 184 kfree_skb(skb);
185 ret = -EPERM; 185 ret = -EPERM;
186 } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) { 186 } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) {
187 NFDEBUG("nf_hook: Verdict = QUEUE.\n"); 187 NFDEBUG("nf_hook: Verdict = QUEUE.\n");
188 if (!nf_queue(*pskb, elem, pf, hook, indev, outdev, okfn, 188 if (!nf_queue(skb, elem, pf, hook, indev, outdev, okfn,
189 verdict >> NF_VERDICT_BITS)) 189 verdict >> NF_VERDICT_BITS))
190 goto next_hook; 190 goto next_hook;
191 } 191 }
diff --git a/net/netfilter/nf_conntrack_amanda.c b/net/netfilter/nf_conntrack_amanda.c
index e42ab230ad88..7b8239c0cd5e 100644
--- a/net/netfilter/nf_conntrack_amanda.c
+++ b/net/netfilter/nf_conntrack_amanda.c
@@ -36,7 +36,7 @@ MODULE_PARM_DESC(master_timeout, "timeout for the master connection");
36module_param(ts_algo, charp, 0400); 36module_param(ts_algo, charp, 0400);
37MODULE_PARM_DESC(ts_algo, "textsearch algorithm to use (default kmp)"); 37MODULE_PARM_DESC(ts_algo, "textsearch algorithm to use (default kmp)");
38 38
39unsigned int (*nf_nat_amanda_hook)(struct sk_buff **pskb, 39unsigned int (*nf_nat_amanda_hook)(struct sk_buff *skb,
40 enum ip_conntrack_info ctinfo, 40 enum ip_conntrack_info ctinfo,
41 unsigned int matchoff, 41 unsigned int matchoff,
42 unsigned int matchlen, 42 unsigned int matchlen,
@@ -79,7 +79,7 @@ static struct {
79 }, 79 },
80}; 80};
81 81
82static int amanda_help(struct sk_buff **pskb, 82static int amanda_help(struct sk_buff *skb,
83 unsigned int protoff, 83 unsigned int protoff,
84 struct nf_conn *ct, 84 struct nf_conn *ct,
85 enum ip_conntrack_info ctinfo) 85 enum ip_conntrack_info ctinfo)
@@ -101,25 +101,25 @@ static int amanda_help(struct sk_buff **pskb,
101 101
102 /* increase the UDP timeout of the master connection as replies from 102 /* increase the UDP timeout of the master connection as replies from
103 * Amanda clients to the server can be quite delayed */ 103 * Amanda clients to the server can be quite delayed */
104 nf_ct_refresh(ct, *pskb, master_timeout * HZ); 104 nf_ct_refresh(ct, skb, master_timeout * HZ);
105 105
106 /* No data? */ 106 /* No data? */
107 dataoff = protoff + sizeof(struct udphdr); 107 dataoff = protoff + sizeof(struct udphdr);
108 if (dataoff >= (*pskb)->len) { 108 if (dataoff >= skb->len) {
109 if (net_ratelimit()) 109 if (net_ratelimit())
110 printk("amanda_help: skblen = %u\n", (*pskb)->len); 110 printk("amanda_help: skblen = %u\n", skb->len);
111 return NF_ACCEPT; 111 return NF_ACCEPT;
112 } 112 }
113 113
114 memset(&ts, 0, sizeof(ts)); 114 memset(&ts, 0, sizeof(ts));
115 start = skb_find_text(*pskb, dataoff, (*pskb)->len, 115 start = skb_find_text(skb, dataoff, skb->len,
116 search[SEARCH_CONNECT].ts, &ts); 116 search[SEARCH_CONNECT].ts, &ts);
117 if (start == UINT_MAX) 117 if (start == UINT_MAX)
118 goto out; 118 goto out;
119 start += dataoff + search[SEARCH_CONNECT].len; 119 start += dataoff + search[SEARCH_CONNECT].len;
120 120
121 memset(&ts, 0, sizeof(ts)); 121 memset(&ts, 0, sizeof(ts));
122 stop = skb_find_text(*pskb, start, (*pskb)->len, 122 stop = skb_find_text(skb, start, skb->len,
123 search[SEARCH_NEWLINE].ts, &ts); 123 search[SEARCH_NEWLINE].ts, &ts);
124 if (stop == UINT_MAX) 124 if (stop == UINT_MAX)
125 goto out; 125 goto out;
@@ -127,13 +127,13 @@ static int amanda_help(struct sk_buff **pskb,
127 127
128 for (i = SEARCH_DATA; i <= SEARCH_INDEX; i++) { 128 for (i = SEARCH_DATA; i <= SEARCH_INDEX; i++) {
129 memset(&ts, 0, sizeof(ts)); 129 memset(&ts, 0, sizeof(ts));
130 off = skb_find_text(*pskb, start, stop, search[i].ts, &ts); 130 off = skb_find_text(skb, start, stop, search[i].ts, &ts);
131 if (off == UINT_MAX) 131 if (off == UINT_MAX)
132 continue; 132 continue;
133 off += start + search[i].len; 133 off += start + search[i].len;
134 134
135 len = min_t(unsigned int, sizeof(pbuf) - 1, stop - off); 135 len = min_t(unsigned int, sizeof(pbuf) - 1, stop - off);
136 if (skb_copy_bits(*pskb, off, pbuf, len)) 136 if (skb_copy_bits(skb, off, pbuf, len))
137 break; 137 break;
138 pbuf[len] = '\0'; 138 pbuf[len] = '\0';
139 139
@@ -153,7 +153,7 @@ static int amanda_help(struct sk_buff **pskb,
153 153
154 nf_nat_amanda = rcu_dereference(nf_nat_amanda_hook); 154 nf_nat_amanda = rcu_dereference(nf_nat_amanda_hook);
155 if (nf_nat_amanda && ct->status & IPS_NAT_MASK) 155 if (nf_nat_amanda && ct->status & IPS_NAT_MASK)
156 ret = nf_nat_amanda(pskb, ctinfo, off - dataoff, 156 ret = nf_nat_amanda(skb, ctinfo, off - dataoff,
157 len, exp); 157 len, exp);
158 else if (nf_ct_expect_related(exp) != 0) 158 else if (nf_ct_expect_related(exp) != 0)
159 ret = NF_DROP; 159 ret = NF_DROP;
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 83c30b45d170..4d6171bc0829 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -307,7 +307,7 @@ EXPORT_SYMBOL_GPL(nf_conntrack_hash_insert);
307 307
308/* Confirm a connection given skb; places it in hash table */ 308/* Confirm a connection given skb; places it in hash table */
309int 309int
310__nf_conntrack_confirm(struct sk_buff **pskb) 310__nf_conntrack_confirm(struct sk_buff *skb)
311{ 311{
312 unsigned int hash, repl_hash; 312 unsigned int hash, repl_hash;
313 struct nf_conntrack_tuple_hash *h; 313 struct nf_conntrack_tuple_hash *h;
@@ -316,7 +316,7 @@ __nf_conntrack_confirm(struct sk_buff **pskb)
316 struct hlist_node *n; 316 struct hlist_node *n;
317 enum ip_conntrack_info ctinfo; 317 enum ip_conntrack_info ctinfo;
318 318
319 ct = nf_ct_get(*pskb, &ctinfo); 319 ct = nf_ct_get(skb, &ctinfo);
320 320
321 /* ipt_REJECT uses nf_conntrack_attach to attach related 321 /* ipt_REJECT uses nf_conntrack_attach to attach related
322 ICMP/TCP RST packets in other direction. Actual packet 322 ICMP/TCP RST packets in other direction. Actual packet
@@ -367,14 +367,14 @@ __nf_conntrack_confirm(struct sk_buff **pskb)
367 write_unlock_bh(&nf_conntrack_lock); 367 write_unlock_bh(&nf_conntrack_lock);
368 help = nfct_help(ct); 368 help = nfct_help(ct);
369 if (help && help->helper) 369 if (help && help->helper)
370 nf_conntrack_event_cache(IPCT_HELPER, *pskb); 370 nf_conntrack_event_cache(IPCT_HELPER, skb);
371#ifdef CONFIG_NF_NAT_NEEDED 371#ifdef CONFIG_NF_NAT_NEEDED
372 if (test_bit(IPS_SRC_NAT_DONE_BIT, &ct->status) || 372 if (test_bit(IPS_SRC_NAT_DONE_BIT, &ct->status) ||
373 test_bit(IPS_DST_NAT_DONE_BIT, &ct->status)) 373 test_bit(IPS_DST_NAT_DONE_BIT, &ct->status))
374 nf_conntrack_event_cache(IPCT_NATINFO, *pskb); 374 nf_conntrack_event_cache(IPCT_NATINFO, skb);
375#endif 375#endif
376 nf_conntrack_event_cache(master_ct(ct) ? 376 nf_conntrack_event_cache(master_ct(ct) ?
377 IPCT_RELATED : IPCT_NEW, *pskb); 377 IPCT_RELATED : IPCT_NEW, skb);
378 return NF_ACCEPT; 378 return NF_ACCEPT;
379 379
380out: 380out:
@@ -632,7 +632,7 @@ resolve_normal_ct(struct sk_buff *skb,
632} 632}
633 633
634unsigned int 634unsigned int
635nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff **pskb) 635nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff *skb)
636{ 636{
637 struct nf_conn *ct; 637 struct nf_conn *ct;
638 enum ip_conntrack_info ctinfo; 638 enum ip_conntrack_info ctinfo;
@@ -644,14 +644,14 @@ nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff **pskb)
644 int ret; 644 int ret;
645 645
646 /* Previously seen (loopback or untracked)? Ignore. */ 646 /* Previously seen (loopback or untracked)? Ignore. */
647 if ((*pskb)->nfct) { 647 if (skb->nfct) {
648 NF_CT_STAT_INC_ATOMIC(ignore); 648 NF_CT_STAT_INC_ATOMIC(ignore);
649 return NF_ACCEPT; 649 return NF_ACCEPT;
650 } 650 }
651 651
652 /* rcu_read_lock()ed by nf_hook_slow */ 652 /* rcu_read_lock()ed by nf_hook_slow */
653 l3proto = __nf_ct_l3proto_find((u_int16_t)pf); 653 l3proto = __nf_ct_l3proto_find((u_int16_t)pf);
654 ret = l3proto->get_l4proto(*pskb, skb_network_offset(*pskb), 654 ret = l3proto->get_l4proto(skb, skb_network_offset(skb),
655 &dataoff, &protonum); 655 &dataoff, &protonum);
656 if (ret <= 0) { 656 if (ret <= 0) {
657 pr_debug("not prepared to track yet or error occured\n"); 657 pr_debug("not prepared to track yet or error occured\n");
@@ -666,13 +666,13 @@ nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff **pskb)
666 * inverse of the return code tells to the netfilter 666 * inverse of the return code tells to the netfilter
667 * core what to do with the packet. */ 667 * core what to do with the packet. */
668 if (l4proto->error != NULL && 668 if (l4proto->error != NULL &&
669 (ret = l4proto->error(*pskb, dataoff, &ctinfo, pf, hooknum)) <= 0) { 669 (ret = l4proto->error(skb, dataoff, &ctinfo, pf, hooknum)) <= 0) {
670 NF_CT_STAT_INC_ATOMIC(error); 670 NF_CT_STAT_INC_ATOMIC(error);
671 NF_CT_STAT_INC_ATOMIC(invalid); 671 NF_CT_STAT_INC_ATOMIC(invalid);
672 return -ret; 672 return -ret;
673 } 673 }
674 674
675 ct = resolve_normal_ct(*pskb, dataoff, pf, protonum, l3proto, l4proto, 675 ct = resolve_normal_ct(skb, dataoff, pf, protonum, l3proto, l4proto,
676 &set_reply, &ctinfo); 676 &set_reply, &ctinfo);
677 if (!ct) { 677 if (!ct) {
678 /* Not valid part of a connection */ 678 /* Not valid part of a connection */
@@ -686,21 +686,21 @@ nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff **pskb)
686 return NF_DROP; 686 return NF_DROP;
687 } 687 }
688 688
689 NF_CT_ASSERT((*pskb)->nfct); 689 NF_CT_ASSERT(skb->nfct);
690 690
691 ret = l4proto->packet(ct, *pskb, dataoff, ctinfo, pf, hooknum); 691 ret = l4proto->packet(ct, skb, dataoff, ctinfo, pf, hooknum);
692 if (ret < 0) { 692 if (ret < 0) {
693 /* Invalid: inverse of the return code tells 693 /* Invalid: inverse of the return code tells
694 * the netfilter core what to do */ 694 * the netfilter core what to do */
695 pr_debug("nf_conntrack_in: Can't track with proto module\n"); 695 pr_debug("nf_conntrack_in: Can't track with proto module\n");
696 nf_conntrack_put((*pskb)->nfct); 696 nf_conntrack_put(skb->nfct);
697 (*pskb)->nfct = NULL; 697 skb->nfct = NULL;
698 NF_CT_STAT_INC_ATOMIC(invalid); 698 NF_CT_STAT_INC_ATOMIC(invalid);
699 return -ret; 699 return -ret;
700 } 700 }
701 701
702 if (set_reply && !test_and_set_bit(IPS_SEEN_REPLY_BIT, &ct->status)) 702 if (set_reply && !test_and_set_bit(IPS_SEEN_REPLY_BIT, &ct->status))
703 nf_conntrack_event_cache(IPCT_STATUS, *pskb); 703 nf_conntrack_event_cache(IPCT_STATUS, skb);
704 704
705 return ret; 705 return ret;
706} 706}
diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c
index c763ee74ea02..6df259067f7e 100644
--- a/net/netfilter/nf_conntrack_ftp.c
+++ b/net/netfilter/nf_conntrack_ftp.c
@@ -43,7 +43,7 @@ module_param_array(ports, ushort, &ports_c, 0400);
43static int loose; 43static int loose;
44module_param(loose, bool, 0600); 44module_param(loose, bool, 0600);
45 45
46unsigned int (*nf_nat_ftp_hook)(struct sk_buff **pskb, 46unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb,
47 enum ip_conntrack_info ctinfo, 47 enum ip_conntrack_info ctinfo,
48 enum nf_ct_ftp_type type, 48 enum nf_ct_ftp_type type,
49 unsigned int matchoff, 49 unsigned int matchoff,
@@ -344,7 +344,7 @@ static void update_nl_seq(u32 nl_seq, struct nf_ct_ftp_master *info, int dir,
344 } 344 }
345} 345}
346 346
347static int help(struct sk_buff **pskb, 347static int help(struct sk_buff *skb,
348 unsigned int protoff, 348 unsigned int protoff,
349 struct nf_conn *ct, 349 struct nf_conn *ct,
350 enum ip_conntrack_info ctinfo) 350 enum ip_conntrack_info ctinfo)
@@ -371,21 +371,21 @@ static int help(struct sk_buff **pskb,
371 return NF_ACCEPT; 371 return NF_ACCEPT;
372 } 372 }
373 373
374 th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); 374 th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
375 if (th == NULL) 375 if (th == NULL)
376 return NF_ACCEPT; 376 return NF_ACCEPT;
377 377
378 dataoff = protoff + th->doff * 4; 378 dataoff = protoff + th->doff * 4;
379 /* No data? */ 379 /* No data? */
380 if (dataoff >= (*pskb)->len) { 380 if (dataoff >= skb->len) {
381 pr_debug("ftp: dataoff(%u) >= skblen(%u)\n", dataoff, 381 pr_debug("ftp: dataoff(%u) >= skblen(%u)\n", dataoff,
382 (*pskb)->len); 382 skb->len);
383 return NF_ACCEPT; 383 return NF_ACCEPT;
384 } 384 }
385 datalen = (*pskb)->len - dataoff; 385 datalen = skb->len - dataoff;
386 386
387 spin_lock_bh(&nf_ftp_lock); 387 spin_lock_bh(&nf_ftp_lock);
388 fb_ptr = skb_header_pointer(*pskb, dataoff, datalen, ftp_buffer); 388 fb_ptr = skb_header_pointer(skb, dataoff, datalen, ftp_buffer);
389 BUG_ON(fb_ptr == NULL); 389 BUG_ON(fb_ptr == NULL);
390 390
391 ends_in_nl = (fb_ptr[datalen - 1] == '\n'); 391 ends_in_nl = (fb_ptr[datalen - 1] == '\n');
@@ -491,7 +491,7 @@ static int help(struct sk_buff **pskb,
491 * (possibly changed) expectation itself. */ 491 * (possibly changed) expectation itself. */
492 nf_nat_ftp = rcu_dereference(nf_nat_ftp_hook); 492 nf_nat_ftp = rcu_dereference(nf_nat_ftp_hook);
493 if (nf_nat_ftp && ct->status & IPS_NAT_MASK) 493 if (nf_nat_ftp && ct->status & IPS_NAT_MASK)
494 ret = nf_nat_ftp(pskb, ctinfo, search[dir][i].ftptype, 494 ret = nf_nat_ftp(skb, ctinfo, search[dir][i].ftptype,
495 matchoff, matchlen, exp); 495 matchoff, matchlen, exp);
496 else { 496 else {
497 /* Can't expect this? Best to drop packet now. */ 497 /* Can't expect this? Best to drop packet now. */
@@ -508,7 +508,7 @@ out_update_nl:
508 /* Now if this ends in \n, update ftp info. Seq may have been 508 /* Now if this ends in \n, update ftp info. Seq may have been
509 * adjusted by NAT code. */ 509 * adjusted by NAT code. */
510 if (ends_in_nl) 510 if (ends_in_nl)
511 update_nl_seq(seq, ct_ftp_info, dir, *pskb); 511 update_nl_seq(seq, ct_ftp_info, dir, skb);
512 out: 512 out:
513 spin_unlock_bh(&nf_ftp_lock); 513 spin_unlock_bh(&nf_ftp_lock);
514 return ret; 514 return ret;
diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c
index a8a9dfbe7a67..f23fd9598e19 100644
--- a/net/netfilter/nf_conntrack_h323_main.c
+++ b/net/netfilter/nf_conntrack_h323_main.c
@@ -47,27 +47,27 @@ MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations "
47 "(determined by routing information)"); 47 "(determined by routing information)");
48 48
49/* Hooks for NAT */ 49/* Hooks for NAT */
50int (*set_h245_addr_hook) (struct sk_buff **pskb, 50int (*set_h245_addr_hook) (struct sk_buff *skb,
51 unsigned char **data, int dataoff, 51 unsigned char **data, int dataoff,
52 H245_TransportAddress *taddr, 52 H245_TransportAddress *taddr,
53 union nf_conntrack_address *addr, __be16 port) 53 union nf_conntrack_address *addr, __be16 port)
54 __read_mostly; 54 __read_mostly;
55int (*set_h225_addr_hook) (struct sk_buff **pskb, 55int (*set_h225_addr_hook) (struct sk_buff *skb,
56 unsigned char **data, int dataoff, 56 unsigned char **data, int dataoff,
57 TransportAddress *taddr, 57 TransportAddress *taddr,
58 union nf_conntrack_address *addr, __be16 port) 58 union nf_conntrack_address *addr, __be16 port)
59 __read_mostly; 59 __read_mostly;
60int (*set_sig_addr_hook) (struct sk_buff **pskb, 60int (*set_sig_addr_hook) (struct sk_buff *skb,
61 struct nf_conn *ct, 61 struct nf_conn *ct,
62 enum ip_conntrack_info ctinfo, 62 enum ip_conntrack_info ctinfo,
63 unsigned char **data, 63 unsigned char **data,
64 TransportAddress *taddr, int count) __read_mostly; 64 TransportAddress *taddr, int count) __read_mostly;
65int (*set_ras_addr_hook) (struct sk_buff **pskb, 65int (*set_ras_addr_hook) (struct sk_buff *skb,
66 struct nf_conn *ct, 66 struct nf_conn *ct,
67 enum ip_conntrack_info ctinfo, 67 enum ip_conntrack_info ctinfo,
68 unsigned char **data, 68 unsigned char **data,
69 TransportAddress *taddr, int count) __read_mostly; 69 TransportAddress *taddr, int count) __read_mostly;
70int (*nat_rtp_rtcp_hook) (struct sk_buff **pskb, 70int (*nat_rtp_rtcp_hook) (struct sk_buff *skb,
71 struct nf_conn *ct, 71 struct nf_conn *ct,
72 enum ip_conntrack_info ctinfo, 72 enum ip_conntrack_info ctinfo,
73 unsigned char **data, int dataoff, 73 unsigned char **data, int dataoff,
@@ -75,25 +75,25 @@ int (*nat_rtp_rtcp_hook) (struct sk_buff **pskb,
75 __be16 port, __be16 rtp_port, 75 __be16 port, __be16 rtp_port,
76 struct nf_conntrack_expect *rtp_exp, 76 struct nf_conntrack_expect *rtp_exp,
77 struct nf_conntrack_expect *rtcp_exp) __read_mostly; 77 struct nf_conntrack_expect *rtcp_exp) __read_mostly;
78int (*nat_t120_hook) (struct sk_buff **pskb, 78int (*nat_t120_hook) (struct sk_buff *skb,
79 struct nf_conn *ct, 79 struct nf_conn *ct,
80 enum ip_conntrack_info ctinfo, 80 enum ip_conntrack_info ctinfo,
81 unsigned char **data, int dataoff, 81 unsigned char **data, int dataoff,
82 H245_TransportAddress *taddr, __be16 port, 82 H245_TransportAddress *taddr, __be16 port,
83 struct nf_conntrack_expect *exp) __read_mostly; 83 struct nf_conntrack_expect *exp) __read_mostly;
84int (*nat_h245_hook) (struct sk_buff **pskb, 84int (*nat_h245_hook) (struct sk_buff *skb,
85 struct nf_conn *ct, 85 struct nf_conn *ct,
86 enum ip_conntrack_info ctinfo, 86 enum ip_conntrack_info ctinfo,
87 unsigned char **data, int dataoff, 87 unsigned char **data, int dataoff,
88 TransportAddress *taddr, __be16 port, 88 TransportAddress *taddr, __be16 port,
89 struct nf_conntrack_expect *exp) __read_mostly; 89 struct nf_conntrack_expect *exp) __read_mostly;
90int (*nat_callforwarding_hook) (struct sk_buff **pskb, 90int (*nat_callforwarding_hook) (struct sk_buff *skb,
91 struct nf_conn *ct, 91 struct nf_conn *ct,
92 enum ip_conntrack_info ctinfo, 92 enum ip_conntrack_info ctinfo,
93 unsigned char **data, int dataoff, 93 unsigned char **data, int dataoff,
94 TransportAddress *taddr, __be16 port, 94 TransportAddress *taddr, __be16 port,
95 struct nf_conntrack_expect *exp) __read_mostly; 95 struct nf_conntrack_expect *exp) __read_mostly;
96int (*nat_q931_hook) (struct sk_buff **pskb, 96int (*nat_q931_hook) (struct sk_buff *skb,
97 struct nf_conn *ct, 97 struct nf_conn *ct,
98 enum ip_conntrack_info ctinfo, 98 enum ip_conntrack_info ctinfo,
99 unsigned char **data, TransportAddress *taddr, int idx, 99 unsigned char **data, TransportAddress *taddr, int idx,
@@ -108,7 +108,7 @@ static struct nf_conntrack_helper nf_conntrack_helper_q931[];
108static struct nf_conntrack_helper nf_conntrack_helper_ras[]; 108static struct nf_conntrack_helper nf_conntrack_helper_ras[];
109 109
110/****************************************************************************/ 110/****************************************************************************/
111static int get_tpkt_data(struct sk_buff **pskb, unsigned int protoff, 111static int get_tpkt_data(struct sk_buff *skb, unsigned int protoff,
112 struct nf_conn *ct, enum ip_conntrack_info ctinfo, 112 struct nf_conn *ct, enum ip_conntrack_info ctinfo,
113 unsigned char **data, int *datalen, int *dataoff) 113 unsigned char **data, int *datalen, int *dataoff)
114{ 114{
@@ -122,7 +122,7 @@ static int get_tpkt_data(struct sk_buff **pskb, unsigned int protoff,
122 int tpktoff; 122 int tpktoff;
123 123
124 /* Get TCP header */ 124 /* Get TCP header */
125 th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); 125 th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
126 if (th == NULL) 126 if (th == NULL)
127 return 0; 127 return 0;
128 128
@@ -130,13 +130,13 @@ static int get_tpkt_data(struct sk_buff **pskb, unsigned int protoff,
130 tcpdataoff = protoff + th->doff * 4; 130 tcpdataoff = protoff + th->doff * 4;
131 131
132 /* Get TCP data length */ 132 /* Get TCP data length */
133 tcpdatalen = (*pskb)->len - tcpdataoff; 133 tcpdatalen = skb->len - tcpdataoff;
134 if (tcpdatalen <= 0) /* No TCP data */ 134 if (tcpdatalen <= 0) /* No TCP data */
135 goto clear_out; 135 goto clear_out;
136 136
137 if (*data == NULL) { /* first TPKT */ 137 if (*data == NULL) { /* first TPKT */
138 /* Get first TPKT pointer */ 138 /* Get first TPKT pointer */
139 tpkt = skb_header_pointer(*pskb, tcpdataoff, tcpdatalen, 139 tpkt = skb_header_pointer(skb, tcpdataoff, tcpdatalen,
140 h323_buffer); 140 h323_buffer);
141 BUG_ON(tpkt == NULL); 141 BUG_ON(tpkt == NULL);
142 142
@@ -248,7 +248,7 @@ static int get_h245_addr(struct nf_conn *ct, unsigned char *data,
248} 248}
249 249
250/****************************************************************************/ 250/****************************************************************************/
251static int expect_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, 251static int expect_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
252 enum ip_conntrack_info ctinfo, 252 enum ip_conntrack_info ctinfo,
253 unsigned char **data, int dataoff, 253 unsigned char **data, int dataoff,
254 H245_TransportAddress *taddr) 254 H245_TransportAddress *taddr)
@@ -297,7 +297,7 @@ static int expect_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct,
297 (nat_rtp_rtcp = rcu_dereference(nat_rtp_rtcp_hook)) && 297 (nat_rtp_rtcp = rcu_dereference(nat_rtp_rtcp_hook)) &&
298 ct->status & IPS_NAT_MASK) { 298 ct->status & IPS_NAT_MASK) {
299 /* NAT needed */ 299 /* NAT needed */
300 ret = nat_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, 300 ret = nat_rtp_rtcp(skb, ct, ctinfo, data, dataoff,
301 taddr, port, rtp_port, rtp_exp, rtcp_exp); 301 taddr, port, rtp_port, rtp_exp, rtcp_exp);
302 } else { /* Conntrack only */ 302 } else { /* Conntrack only */
303 if (nf_ct_expect_related(rtp_exp) == 0) { 303 if (nf_ct_expect_related(rtp_exp) == 0) {
@@ -321,7 +321,7 @@ static int expect_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct,
321} 321}
322 322
323/****************************************************************************/ 323/****************************************************************************/
324static int expect_t120(struct sk_buff **pskb, 324static int expect_t120(struct sk_buff *skb,
325 struct nf_conn *ct, 325 struct nf_conn *ct,
326 enum ip_conntrack_info ctinfo, 326 enum ip_conntrack_info ctinfo,
327 unsigned char **data, int dataoff, 327 unsigned char **data, int dataoff,
@@ -355,7 +355,7 @@ static int expect_t120(struct sk_buff **pskb,
355 (nat_t120 = rcu_dereference(nat_t120_hook)) && 355 (nat_t120 = rcu_dereference(nat_t120_hook)) &&
356 ct->status & IPS_NAT_MASK) { 356 ct->status & IPS_NAT_MASK) {
357 /* NAT needed */ 357 /* NAT needed */
358 ret = nat_t120(pskb, ct, ctinfo, data, dataoff, taddr, 358 ret = nat_t120(skb, ct, ctinfo, data, dataoff, taddr,
359 port, exp); 359 port, exp);
360 } else { /* Conntrack only */ 360 } else { /* Conntrack only */
361 if (nf_ct_expect_related(exp) == 0) { 361 if (nf_ct_expect_related(exp) == 0) {
@@ -371,7 +371,7 @@ static int expect_t120(struct sk_buff **pskb,
371} 371}
372 372
373/****************************************************************************/ 373/****************************************************************************/
374static int process_h245_channel(struct sk_buff **pskb, 374static int process_h245_channel(struct sk_buff *skb,
375 struct nf_conn *ct, 375 struct nf_conn *ct,
376 enum ip_conntrack_info ctinfo, 376 enum ip_conntrack_info ctinfo,
377 unsigned char **data, int dataoff, 377 unsigned char **data, int dataoff,
@@ -381,7 +381,7 @@ static int process_h245_channel(struct sk_buff **pskb,
381 381
382 if (channel->options & eH2250LogicalChannelParameters_mediaChannel) { 382 if (channel->options & eH2250LogicalChannelParameters_mediaChannel) {
383 /* RTP */ 383 /* RTP */
384 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, 384 ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff,
385 &channel->mediaChannel); 385 &channel->mediaChannel);
386 if (ret < 0) 386 if (ret < 0)
387 return -1; 387 return -1;
@@ -390,7 +390,7 @@ static int process_h245_channel(struct sk_buff **pskb,
390 if (channel-> 390 if (channel->
391 options & eH2250LogicalChannelParameters_mediaControlChannel) { 391 options & eH2250LogicalChannelParameters_mediaControlChannel) {
392 /* RTCP */ 392 /* RTCP */
393 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, 393 ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff,
394 &channel->mediaControlChannel); 394 &channel->mediaControlChannel);
395 if (ret < 0) 395 if (ret < 0)
396 return -1; 396 return -1;
@@ -400,7 +400,7 @@ static int process_h245_channel(struct sk_buff **pskb,
400} 400}
401 401
402/****************************************************************************/ 402/****************************************************************************/
403static int process_olc(struct sk_buff **pskb, struct nf_conn *ct, 403static int process_olc(struct sk_buff *skb, struct nf_conn *ct,
404 enum ip_conntrack_info ctinfo, 404 enum ip_conntrack_info ctinfo,
405 unsigned char **data, int dataoff, 405 unsigned char **data, int dataoff,
406 OpenLogicalChannel *olc) 406 OpenLogicalChannel *olc)
@@ -412,7 +412,7 @@ static int process_olc(struct sk_buff **pskb, struct nf_conn *ct,
412 if (olc->forwardLogicalChannelParameters.multiplexParameters.choice == 412 if (olc->forwardLogicalChannelParameters.multiplexParameters.choice ==
413 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters) 413 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)
414 { 414 {
415 ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff, 415 ret = process_h245_channel(skb, ct, ctinfo, data, dataoff,
416 &olc-> 416 &olc->
417 forwardLogicalChannelParameters. 417 forwardLogicalChannelParameters.
418 multiplexParameters. 418 multiplexParameters.
@@ -430,7 +430,7 @@ static int process_olc(struct sk_buff **pskb, struct nf_conn *ct,
430 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) 430 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
431 { 431 {
432 ret = 432 ret =
433 process_h245_channel(pskb, ct, ctinfo, data, dataoff, 433 process_h245_channel(skb, ct, ctinfo, data, dataoff,
434 &olc-> 434 &olc->
435 reverseLogicalChannelParameters. 435 reverseLogicalChannelParameters.
436 multiplexParameters. 436 multiplexParameters.
@@ -448,7 +448,7 @@ static int process_olc(struct sk_buff **pskb, struct nf_conn *ct,
448 t120.choice == eDataProtocolCapability_separateLANStack && 448 t120.choice == eDataProtocolCapability_separateLANStack &&
449 olc->separateStack.networkAddress.choice == 449 olc->separateStack.networkAddress.choice ==
450 eNetworkAccessParameters_networkAddress_localAreaAddress) { 450 eNetworkAccessParameters_networkAddress_localAreaAddress) {
451 ret = expect_t120(pskb, ct, ctinfo, data, dataoff, 451 ret = expect_t120(skb, ct, ctinfo, data, dataoff,
452 &olc->separateStack.networkAddress. 452 &olc->separateStack.networkAddress.
453 localAreaAddress); 453 localAreaAddress);
454 if (ret < 0) 454 if (ret < 0)
@@ -459,7 +459,7 @@ static int process_olc(struct sk_buff **pskb, struct nf_conn *ct,
459} 459}
460 460
461/****************************************************************************/ 461/****************************************************************************/
462static int process_olca(struct sk_buff **pskb, struct nf_conn *ct, 462static int process_olca(struct sk_buff *skb, struct nf_conn *ct,
463 enum ip_conntrack_info ctinfo, 463 enum ip_conntrack_info ctinfo,
464 unsigned char **data, int dataoff, 464 unsigned char **data, int dataoff,
465 OpenLogicalChannelAck *olca) 465 OpenLogicalChannelAck *olca)
@@ -477,7 +477,7 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct,
477 choice == 477 choice ==
478 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) 478 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
479 { 479 {
480 ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff, 480 ret = process_h245_channel(skb, ct, ctinfo, data, dataoff,
481 &olca-> 481 &olca->
482 reverseLogicalChannelParameters. 482 reverseLogicalChannelParameters.
483 multiplexParameters. 483 multiplexParameters.
@@ -496,7 +496,7 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct,
496 if (ack->options & 496 if (ack->options &
497 eH2250LogicalChannelAckParameters_mediaChannel) { 497 eH2250LogicalChannelAckParameters_mediaChannel) {
498 /* RTP */ 498 /* RTP */
499 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, 499 ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff,
500 &ack->mediaChannel); 500 &ack->mediaChannel);
501 if (ret < 0) 501 if (ret < 0)
502 return -1; 502 return -1;
@@ -505,7 +505,7 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct,
505 if (ack->options & 505 if (ack->options &
506 eH2250LogicalChannelAckParameters_mediaControlChannel) { 506 eH2250LogicalChannelAckParameters_mediaControlChannel) {
507 /* RTCP */ 507 /* RTCP */
508 ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, 508 ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff,
509 &ack->mediaControlChannel); 509 &ack->mediaControlChannel);
510 if (ret < 0) 510 if (ret < 0)
511 return -1; 511 return -1;
@@ -515,7 +515,7 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct,
515 if ((olca->options & eOpenLogicalChannelAck_separateStack) && 515 if ((olca->options & eOpenLogicalChannelAck_separateStack) &&
516 olca->separateStack.networkAddress.choice == 516 olca->separateStack.networkAddress.choice ==
517 eNetworkAccessParameters_networkAddress_localAreaAddress) { 517 eNetworkAccessParameters_networkAddress_localAreaAddress) {
518 ret = expect_t120(pskb, ct, ctinfo, data, dataoff, 518 ret = expect_t120(skb, ct, ctinfo, data, dataoff,
519 &olca->separateStack.networkAddress. 519 &olca->separateStack.networkAddress.
520 localAreaAddress); 520 localAreaAddress);
521 if (ret < 0) 521 if (ret < 0)
@@ -526,7 +526,7 @@ static int process_olca(struct sk_buff **pskb, struct nf_conn *ct,
526} 526}
527 527
528/****************************************************************************/ 528/****************************************************************************/
529static int process_h245(struct sk_buff **pskb, struct nf_conn *ct, 529static int process_h245(struct sk_buff *skb, struct nf_conn *ct,
530 enum ip_conntrack_info ctinfo, 530 enum ip_conntrack_info ctinfo,
531 unsigned char **data, int dataoff, 531 unsigned char **data, int dataoff,
532 MultimediaSystemControlMessage *mscm) 532 MultimediaSystemControlMessage *mscm)
@@ -535,7 +535,7 @@ static int process_h245(struct sk_buff **pskb, struct nf_conn *ct,
535 case eMultimediaSystemControlMessage_request: 535 case eMultimediaSystemControlMessage_request:
536 if (mscm->request.choice == 536 if (mscm->request.choice ==
537 eRequestMessage_openLogicalChannel) { 537 eRequestMessage_openLogicalChannel) {
538 return process_olc(pskb, ct, ctinfo, data, dataoff, 538 return process_olc(skb, ct, ctinfo, data, dataoff,
539 &mscm->request.openLogicalChannel); 539 &mscm->request.openLogicalChannel);
540 } 540 }
541 pr_debug("nf_ct_h323: H.245 Request %d\n", 541 pr_debug("nf_ct_h323: H.245 Request %d\n",
@@ -544,7 +544,7 @@ static int process_h245(struct sk_buff **pskb, struct nf_conn *ct,
544 case eMultimediaSystemControlMessage_response: 544 case eMultimediaSystemControlMessage_response:
545 if (mscm->response.choice == 545 if (mscm->response.choice ==
546 eResponseMessage_openLogicalChannelAck) { 546 eResponseMessage_openLogicalChannelAck) {
547 return process_olca(pskb, ct, ctinfo, data, dataoff, 547 return process_olca(skb, ct, ctinfo, data, dataoff,
548 &mscm->response. 548 &mscm->response.
549 openLogicalChannelAck); 549 openLogicalChannelAck);
550 } 550 }
@@ -560,7 +560,7 @@ static int process_h245(struct sk_buff **pskb, struct nf_conn *ct,
560} 560}
561 561
562/****************************************************************************/ 562/****************************************************************************/
563static int h245_help(struct sk_buff **pskb, unsigned int protoff, 563static int h245_help(struct sk_buff *skb, unsigned int protoff,
564 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 564 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
565{ 565{
566 static MultimediaSystemControlMessage mscm; 566 static MultimediaSystemControlMessage mscm;
@@ -574,12 +574,12 @@ static int h245_help(struct sk_buff **pskb, unsigned int protoff,
574 ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) { 574 ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
575 return NF_ACCEPT; 575 return NF_ACCEPT;
576 } 576 }
577 pr_debug("nf_ct_h245: skblen = %u\n", (*pskb)->len); 577 pr_debug("nf_ct_h245: skblen = %u\n", skb->len);
578 578
579 spin_lock_bh(&nf_h323_lock); 579 spin_lock_bh(&nf_h323_lock);
580 580
581 /* Process each TPKT */ 581 /* Process each TPKT */
582 while (get_tpkt_data(pskb, protoff, ct, ctinfo, 582 while (get_tpkt_data(skb, protoff, ct, ctinfo,
583 &data, &datalen, &dataoff)) { 583 &data, &datalen, &dataoff)) {
584 pr_debug("nf_ct_h245: TPKT len=%d ", datalen); 584 pr_debug("nf_ct_h245: TPKT len=%d ", datalen);
585 NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); 585 NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple);
@@ -596,7 +596,7 @@ static int h245_help(struct sk_buff **pskb, unsigned int protoff,
596 } 596 }
597 597
598 /* Process H.245 signal */ 598 /* Process H.245 signal */
599 if (process_h245(pskb, ct, ctinfo, &data, dataoff, &mscm) < 0) 599 if (process_h245(skb, ct, ctinfo, &data, dataoff, &mscm) < 0)
600 goto drop; 600 goto drop;
601 } 601 }
602 602
@@ -654,7 +654,7 @@ int get_h225_addr(struct nf_conn *ct, unsigned char *data,
654} 654}
655 655
656/****************************************************************************/ 656/****************************************************************************/
657static int expect_h245(struct sk_buff **pskb, struct nf_conn *ct, 657static int expect_h245(struct sk_buff *skb, struct nf_conn *ct,
658 enum ip_conntrack_info ctinfo, 658 enum ip_conntrack_info ctinfo,
659 unsigned char **data, int dataoff, 659 unsigned char **data, int dataoff,
660 TransportAddress *taddr) 660 TransportAddress *taddr)
@@ -687,7 +687,7 @@ static int expect_h245(struct sk_buff **pskb, struct nf_conn *ct,
687 (nat_h245 = rcu_dereference(nat_h245_hook)) && 687 (nat_h245 = rcu_dereference(nat_h245_hook)) &&
688 ct->status & IPS_NAT_MASK) { 688 ct->status & IPS_NAT_MASK) {
689 /* NAT needed */ 689 /* NAT needed */
690 ret = nat_h245(pskb, ct, ctinfo, data, dataoff, taddr, 690 ret = nat_h245(skb, ct, ctinfo, data, dataoff, taddr,
691 port, exp); 691 port, exp);
692 } else { /* Conntrack only */ 692 } else { /* Conntrack only */
693 if (nf_ct_expect_related(exp) == 0) { 693 if (nf_ct_expect_related(exp) == 0) {
@@ -758,7 +758,7 @@ static int callforward_do_filter(union nf_conntrack_address *src,
758} 758}
759 759
760/****************************************************************************/ 760/****************************************************************************/
761static int expect_callforwarding(struct sk_buff **pskb, 761static int expect_callforwarding(struct sk_buff *skb,
762 struct nf_conn *ct, 762 struct nf_conn *ct,
763 enum ip_conntrack_info ctinfo, 763 enum ip_conntrack_info ctinfo,
764 unsigned char **data, int dataoff, 764 unsigned char **data, int dataoff,
@@ -798,7 +798,7 @@ static int expect_callforwarding(struct sk_buff **pskb,
798 (nat_callforwarding = rcu_dereference(nat_callforwarding_hook)) && 798 (nat_callforwarding = rcu_dereference(nat_callforwarding_hook)) &&
799 ct->status & IPS_NAT_MASK) { 799 ct->status & IPS_NAT_MASK) {
800 /* Need NAT */ 800 /* Need NAT */
801 ret = nat_callforwarding(pskb, ct, ctinfo, data, dataoff, 801 ret = nat_callforwarding(skb, ct, ctinfo, data, dataoff,
802 taddr, port, exp); 802 taddr, port, exp);
803 } else { /* Conntrack only */ 803 } else { /* Conntrack only */
804 if (nf_ct_expect_related(exp) == 0) { 804 if (nf_ct_expect_related(exp) == 0) {
@@ -814,7 +814,7 @@ static int expect_callforwarding(struct sk_buff **pskb,
814} 814}
815 815
816/****************************************************************************/ 816/****************************************************************************/
817static int process_setup(struct sk_buff **pskb, struct nf_conn *ct, 817static int process_setup(struct sk_buff *skb, struct nf_conn *ct,
818 enum ip_conntrack_info ctinfo, 818 enum ip_conntrack_info ctinfo,
819 unsigned char **data, int dataoff, 819 unsigned char **data, int dataoff,
820 Setup_UUIE *setup) 820 Setup_UUIE *setup)
@@ -829,7 +829,7 @@ static int process_setup(struct sk_buff **pskb, struct nf_conn *ct,
829 pr_debug("nf_ct_q931: Setup\n"); 829 pr_debug("nf_ct_q931: Setup\n");
830 830
831 if (setup->options & eSetup_UUIE_h245Address) { 831 if (setup->options & eSetup_UUIE_h245Address) {
832 ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 832 ret = expect_h245(skb, ct, ctinfo, data, dataoff,
833 &setup->h245Address); 833 &setup->h245Address);
834 if (ret < 0) 834 if (ret < 0)
835 return -1; 835 return -1;
@@ -846,7 +846,7 @@ static int process_setup(struct sk_buff **pskb, struct nf_conn *ct,
846 NIP6(*(struct in6_addr *)&addr), ntohs(port), 846 NIP6(*(struct in6_addr *)&addr), ntohs(port),
847 NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.src.u3), 847 NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.src.u3),
848 ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port)); 848 ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port));
849 ret = set_h225_addr(pskb, data, dataoff, 849 ret = set_h225_addr(skb, data, dataoff,
850 &setup->destCallSignalAddress, 850 &setup->destCallSignalAddress,
851 &ct->tuplehash[!dir].tuple.src.u3, 851 &ct->tuplehash[!dir].tuple.src.u3,
852 ct->tuplehash[!dir].tuple.src.u.tcp.port); 852 ct->tuplehash[!dir].tuple.src.u.tcp.port);
@@ -864,7 +864,7 @@ static int process_setup(struct sk_buff **pskb, struct nf_conn *ct,
864 NIP6(*(struct in6_addr *)&addr), ntohs(port), 864 NIP6(*(struct in6_addr *)&addr), ntohs(port),
865 NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.dst.u3), 865 NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.dst.u3),
866 ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port)); 866 ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port));
867 ret = set_h225_addr(pskb, data, dataoff, 867 ret = set_h225_addr(skb, data, dataoff,
868 &setup->sourceCallSignalAddress, 868 &setup->sourceCallSignalAddress,
869 &ct->tuplehash[!dir].tuple.dst.u3, 869 &ct->tuplehash[!dir].tuple.dst.u3,
870 ct->tuplehash[!dir].tuple.dst.u.tcp.port); 870 ct->tuplehash[!dir].tuple.dst.u.tcp.port);
@@ -874,7 +874,7 @@ static int process_setup(struct sk_buff **pskb, struct nf_conn *ct,
874 874
875 if (setup->options & eSetup_UUIE_fastStart) { 875 if (setup->options & eSetup_UUIE_fastStart) {
876 for (i = 0; i < setup->fastStart.count; i++) { 876 for (i = 0; i < setup->fastStart.count; i++) {
877 ret = process_olc(pskb, ct, ctinfo, data, dataoff, 877 ret = process_olc(skb, ct, ctinfo, data, dataoff,
878 &setup->fastStart.item[i]); 878 &setup->fastStart.item[i]);
879 if (ret < 0) 879 if (ret < 0)
880 return -1; 880 return -1;
@@ -885,7 +885,7 @@ static int process_setup(struct sk_buff **pskb, struct nf_conn *ct,
885} 885}
886 886
887/****************************************************************************/ 887/****************************************************************************/
888static int process_callproceeding(struct sk_buff **pskb, 888static int process_callproceeding(struct sk_buff *skb,
889 struct nf_conn *ct, 889 struct nf_conn *ct,
890 enum ip_conntrack_info ctinfo, 890 enum ip_conntrack_info ctinfo,
891 unsigned char **data, int dataoff, 891 unsigned char **data, int dataoff,
@@ -897,7 +897,7 @@ static int process_callproceeding(struct sk_buff **pskb,
897 pr_debug("nf_ct_q931: CallProceeding\n"); 897 pr_debug("nf_ct_q931: CallProceeding\n");
898 898
899 if (callproc->options & eCallProceeding_UUIE_h245Address) { 899 if (callproc->options & eCallProceeding_UUIE_h245Address) {
900 ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 900 ret = expect_h245(skb, ct, ctinfo, data, dataoff,
901 &callproc->h245Address); 901 &callproc->h245Address);
902 if (ret < 0) 902 if (ret < 0)
903 return -1; 903 return -1;
@@ -905,7 +905,7 @@ static int process_callproceeding(struct sk_buff **pskb,
905 905
906 if (callproc->options & eCallProceeding_UUIE_fastStart) { 906 if (callproc->options & eCallProceeding_UUIE_fastStart) {
907 for (i = 0; i < callproc->fastStart.count; i++) { 907 for (i = 0; i < callproc->fastStart.count; i++) {
908 ret = process_olc(pskb, ct, ctinfo, data, dataoff, 908 ret = process_olc(skb, ct, ctinfo, data, dataoff,
909 &callproc->fastStart.item[i]); 909 &callproc->fastStart.item[i]);
910 if (ret < 0) 910 if (ret < 0)
911 return -1; 911 return -1;
@@ -916,7 +916,7 @@ static int process_callproceeding(struct sk_buff **pskb,
916} 916}
917 917
918/****************************************************************************/ 918/****************************************************************************/
919static int process_connect(struct sk_buff **pskb, struct nf_conn *ct, 919static int process_connect(struct sk_buff *skb, struct nf_conn *ct,
920 enum ip_conntrack_info ctinfo, 920 enum ip_conntrack_info ctinfo,
921 unsigned char **data, int dataoff, 921 unsigned char **data, int dataoff,
922 Connect_UUIE *connect) 922 Connect_UUIE *connect)
@@ -927,7 +927,7 @@ static int process_connect(struct sk_buff **pskb, struct nf_conn *ct,
927 pr_debug("nf_ct_q931: Connect\n"); 927 pr_debug("nf_ct_q931: Connect\n");
928 928
929 if (connect->options & eConnect_UUIE_h245Address) { 929 if (connect->options & eConnect_UUIE_h245Address) {
930 ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 930 ret = expect_h245(skb, ct, ctinfo, data, dataoff,
931 &connect->h245Address); 931 &connect->h245Address);
932 if (ret < 0) 932 if (ret < 0)
933 return -1; 933 return -1;
@@ -935,7 +935,7 @@ static int process_connect(struct sk_buff **pskb, struct nf_conn *ct,
935 935
936 if (connect->options & eConnect_UUIE_fastStart) { 936 if (connect->options & eConnect_UUIE_fastStart) {
937 for (i = 0; i < connect->fastStart.count; i++) { 937 for (i = 0; i < connect->fastStart.count; i++) {
938 ret = process_olc(pskb, ct, ctinfo, data, dataoff, 938 ret = process_olc(skb, ct, ctinfo, data, dataoff,
939 &connect->fastStart.item[i]); 939 &connect->fastStart.item[i]);
940 if (ret < 0) 940 if (ret < 0)
941 return -1; 941 return -1;
@@ -946,7 +946,7 @@ static int process_connect(struct sk_buff **pskb, struct nf_conn *ct,
946} 946}
947 947
948/****************************************************************************/ 948/****************************************************************************/
949static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct, 949static int process_alerting(struct sk_buff *skb, struct nf_conn *ct,
950 enum ip_conntrack_info ctinfo, 950 enum ip_conntrack_info ctinfo,
951 unsigned char **data, int dataoff, 951 unsigned char **data, int dataoff,
952 Alerting_UUIE *alert) 952 Alerting_UUIE *alert)
@@ -957,7 +957,7 @@ static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct,
957 pr_debug("nf_ct_q931: Alerting\n"); 957 pr_debug("nf_ct_q931: Alerting\n");
958 958
959 if (alert->options & eAlerting_UUIE_h245Address) { 959 if (alert->options & eAlerting_UUIE_h245Address) {
960 ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 960 ret = expect_h245(skb, ct, ctinfo, data, dataoff,
961 &alert->h245Address); 961 &alert->h245Address);
962 if (ret < 0) 962 if (ret < 0)
963 return -1; 963 return -1;
@@ -965,7 +965,7 @@ static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct,
965 965
966 if (alert->options & eAlerting_UUIE_fastStart) { 966 if (alert->options & eAlerting_UUIE_fastStart) {
967 for (i = 0; i < alert->fastStart.count; i++) { 967 for (i = 0; i < alert->fastStart.count; i++) {
968 ret = process_olc(pskb, ct, ctinfo, data, dataoff, 968 ret = process_olc(skb, ct, ctinfo, data, dataoff,
969 &alert->fastStart.item[i]); 969 &alert->fastStart.item[i]);
970 if (ret < 0) 970 if (ret < 0)
971 return -1; 971 return -1;
@@ -976,7 +976,7 @@ static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct,
976} 976}
977 977
978/****************************************************************************/ 978/****************************************************************************/
979static int process_facility(struct sk_buff **pskb, struct nf_conn *ct, 979static int process_facility(struct sk_buff *skb, struct nf_conn *ct,
980 enum ip_conntrack_info ctinfo, 980 enum ip_conntrack_info ctinfo,
981 unsigned char **data, int dataoff, 981 unsigned char **data, int dataoff,
982 Facility_UUIE *facility) 982 Facility_UUIE *facility)
@@ -988,7 +988,7 @@ static int process_facility(struct sk_buff **pskb, struct nf_conn *ct,
988 988
989 if (facility->reason.choice == eFacilityReason_callForwarded) { 989 if (facility->reason.choice == eFacilityReason_callForwarded) {
990 if (facility->options & eFacility_UUIE_alternativeAddress) 990 if (facility->options & eFacility_UUIE_alternativeAddress)
991 return expect_callforwarding(pskb, ct, ctinfo, data, 991 return expect_callforwarding(skb, ct, ctinfo, data,
992 dataoff, 992 dataoff,
993 &facility-> 993 &facility->
994 alternativeAddress); 994 alternativeAddress);
@@ -996,7 +996,7 @@ static int process_facility(struct sk_buff **pskb, struct nf_conn *ct,
996 } 996 }
997 997
998 if (facility->options & eFacility_UUIE_h245Address) { 998 if (facility->options & eFacility_UUIE_h245Address) {
999 ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 999 ret = expect_h245(skb, ct, ctinfo, data, dataoff,
1000 &facility->h245Address); 1000 &facility->h245Address);
1001 if (ret < 0) 1001 if (ret < 0)
1002 return -1; 1002 return -1;
@@ -1004,7 +1004,7 @@ static int process_facility(struct sk_buff **pskb, struct nf_conn *ct,
1004 1004
1005 if (facility->options & eFacility_UUIE_fastStart) { 1005 if (facility->options & eFacility_UUIE_fastStart) {
1006 for (i = 0; i < facility->fastStart.count; i++) { 1006 for (i = 0; i < facility->fastStart.count; i++) {
1007 ret = process_olc(pskb, ct, ctinfo, data, dataoff, 1007 ret = process_olc(skb, ct, ctinfo, data, dataoff,
1008 &facility->fastStart.item[i]); 1008 &facility->fastStart.item[i]);
1009 if (ret < 0) 1009 if (ret < 0)
1010 return -1; 1010 return -1;
@@ -1015,7 +1015,7 @@ static int process_facility(struct sk_buff **pskb, struct nf_conn *ct,
1015} 1015}
1016 1016
1017/****************************************************************************/ 1017/****************************************************************************/
1018static int process_progress(struct sk_buff **pskb, struct nf_conn *ct, 1018static int process_progress(struct sk_buff *skb, struct nf_conn *ct,
1019 enum ip_conntrack_info ctinfo, 1019 enum ip_conntrack_info ctinfo,
1020 unsigned char **data, int dataoff, 1020 unsigned char **data, int dataoff,
1021 Progress_UUIE *progress) 1021 Progress_UUIE *progress)
@@ -1026,7 +1026,7 @@ static int process_progress(struct sk_buff **pskb, struct nf_conn *ct,
1026 pr_debug("nf_ct_q931: Progress\n"); 1026 pr_debug("nf_ct_q931: Progress\n");
1027 1027
1028 if (progress->options & eProgress_UUIE_h245Address) { 1028 if (progress->options & eProgress_UUIE_h245Address) {
1029 ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 1029 ret = expect_h245(skb, ct, ctinfo, data, dataoff,
1030 &progress->h245Address); 1030 &progress->h245Address);
1031 if (ret < 0) 1031 if (ret < 0)
1032 return -1; 1032 return -1;
@@ -1034,7 +1034,7 @@ static int process_progress(struct sk_buff **pskb, struct nf_conn *ct,
1034 1034
1035 if (progress->options & eProgress_UUIE_fastStart) { 1035 if (progress->options & eProgress_UUIE_fastStart) {
1036 for (i = 0; i < progress->fastStart.count; i++) { 1036 for (i = 0; i < progress->fastStart.count; i++) {
1037 ret = process_olc(pskb, ct, ctinfo, data, dataoff, 1037 ret = process_olc(skb, ct, ctinfo, data, dataoff,
1038 &progress->fastStart.item[i]); 1038 &progress->fastStart.item[i]);
1039 if (ret < 0) 1039 if (ret < 0)
1040 return -1; 1040 return -1;
@@ -1045,7 +1045,7 @@ static int process_progress(struct sk_buff **pskb, struct nf_conn *ct,
1045} 1045}
1046 1046
1047/****************************************************************************/ 1047/****************************************************************************/
1048static int process_q931(struct sk_buff **pskb, struct nf_conn *ct, 1048static int process_q931(struct sk_buff *skb, struct nf_conn *ct,
1049 enum ip_conntrack_info ctinfo, 1049 enum ip_conntrack_info ctinfo,
1050 unsigned char **data, int dataoff, Q931 *q931) 1050 unsigned char **data, int dataoff, Q931 *q931)
1051{ 1051{
@@ -1055,28 +1055,28 @@ static int process_q931(struct sk_buff **pskb, struct nf_conn *ct,
1055 1055
1056 switch (pdu->h323_message_body.choice) { 1056 switch (pdu->h323_message_body.choice) {
1057 case eH323_UU_PDU_h323_message_body_setup: 1057 case eH323_UU_PDU_h323_message_body_setup:
1058 ret = process_setup(pskb, ct, ctinfo, data, dataoff, 1058 ret = process_setup(skb, ct, ctinfo, data, dataoff,
1059 &pdu->h323_message_body.setup); 1059 &pdu->h323_message_body.setup);
1060 break; 1060 break;
1061 case eH323_UU_PDU_h323_message_body_callProceeding: 1061 case eH323_UU_PDU_h323_message_body_callProceeding:
1062 ret = process_callproceeding(pskb, ct, ctinfo, data, dataoff, 1062 ret = process_callproceeding(skb, ct, ctinfo, data, dataoff,
1063 &pdu->h323_message_body. 1063 &pdu->h323_message_body.
1064 callProceeding); 1064 callProceeding);
1065 break; 1065 break;
1066 case eH323_UU_PDU_h323_message_body_connect: 1066 case eH323_UU_PDU_h323_message_body_connect:
1067 ret = process_connect(pskb, ct, ctinfo, data, dataoff, 1067 ret = process_connect(skb, ct, ctinfo, data, dataoff,
1068 &pdu->h323_message_body.connect); 1068 &pdu->h323_message_body.connect);
1069 break; 1069 break;
1070 case eH323_UU_PDU_h323_message_body_alerting: 1070 case eH323_UU_PDU_h323_message_body_alerting:
1071 ret = process_alerting(pskb, ct, ctinfo, data, dataoff, 1071 ret = process_alerting(skb, ct, ctinfo, data, dataoff,
1072 &pdu->h323_message_body.alerting); 1072 &pdu->h323_message_body.alerting);
1073 break; 1073 break;
1074 case eH323_UU_PDU_h323_message_body_facility: 1074 case eH323_UU_PDU_h323_message_body_facility:
1075 ret = process_facility(pskb, ct, ctinfo, data, dataoff, 1075 ret = process_facility(skb, ct, ctinfo, data, dataoff,
1076 &pdu->h323_message_body.facility); 1076 &pdu->h323_message_body.facility);
1077 break; 1077 break;
1078 case eH323_UU_PDU_h323_message_body_progress: 1078 case eH323_UU_PDU_h323_message_body_progress:
1079 ret = process_progress(pskb, ct, ctinfo, data, dataoff, 1079 ret = process_progress(skb, ct, ctinfo, data, dataoff,
1080 &pdu->h323_message_body.progress); 1080 &pdu->h323_message_body.progress);
1081 break; 1081 break;
1082 default: 1082 default:
@@ -1090,7 +1090,7 @@ static int process_q931(struct sk_buff **pskb, struct nf_conn *ct,
1090 1090
1091 if (pdu->options & eH323_UU_PDU_h245Control) { 1091 if (pdu->options & eH323_UU_PDU_h245Control) {
1092 for (i = 0; i < pdu->h245Control.count; i++) { 1092 for (i = 0; i < pdu->h245Control.count; i++) {
1093 ret = process_h245(pskb, ct, ctinfo, data, dataoff, 1093 ret = process_h245(skb, ct, ctinfo, data, dataoff,
1094 &pdu->h245Control.item[i]); 1094 &pdu->h245Control.item[i]);
1095 if (ret < 0) 1095 if (ret < 0)
1096 return -1; 1096 return -1;
@@ -1101,7 +1101,7 @@ static int process_q931(struct sk_buff **pskb, struct nf_conn *ct,
1101} 1101}
1102 1102
1103/****************************************************************************/ 1103/****************************************************************************/
1104static int q931_help(struct sk_buff **pskb, unsigned int protoff, 1104static int q931_help(struct sk_buff *skb, unsigned int protoff,
1105 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 1105 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1106{ 1106{
1107 static Q931 q931; 1107 static Q931 q931;
@@ -1115,12 +1115,12 @@ static int q931_help(struct sk_buff **pskb, unsigned int protoff,
1115 ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) { 1115 ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
1116 return NF_ACCEPT; 1116 return NF_ACCEPT;
1117 } 1117 }
1118 pr_debug("nf_ct_q931: skblen = %u\n", (*pskb)->len); 1118 pr_debug("nf_ct_q931: skblen = %u\n", skb->len);
1119 1119
1120 spin_lock_bh(&nf_h323_lock); 1120 spin_lock_bh(&nf_h323_lock);
1121 1121
1122 /* Process each TPKT */ 1122 /* Process each TPKT */
1123 while (get_tpkt_data(pskb, protoff, ct, ctinfo, 1123 while (get_tpkt_data(skb, protoff, ct, ctinfo,
1124 &data, &datalen, &dataoff)) { 1124 &data, &datalen, &dataoff)) {
1125 pr_debug("nf_ct_q931: TPKT len=%d ", datalen); 1125 pr_debug("nf_ct_q931: TPKT len=%d ", datalen);
1126 NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); 1126 NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple);
@@ -1136,7 +1136,7 @@ static int q931_help(struct sk_buff **pskb, unsigned int protoff,
1136 } 1136 }
1137 1137
1138 /* Process Q.931 signal */ 1138 /* Process Q.931 signal */
1139 if (process_q931(pskb, ct, ctinfo, &data, dataoff, &q931) < 0) 1139 if (process_q931(skb, ct, ctinfo, &data, dataoff, &q931) < 0)
1140 goto drop; 1140 goto drop;
1141 } 1141 }
1142 1142
@@ -1177,20 +1177,20 @@ static struct nf_conntrack_helper nf_conntrack_helper_q931[] __read_mostly = {
1177}; 1177};
1178 1178
1179/****************************************************************************/ 1179/****************************************************************************/
1180static unsigned char *get_udp_data(struct sk_buff **pskb, unsigned int protoff, 1180static unsigned char *get_udp_data(struct sk_buff *skb, unsigned int protoff,
1181 int *datalen) 1181 int *datalen)
1182{ 1182{
1183 struct udphdr _uh, *uh; 1183 struct udphdr _uh, *uh;
1184 int dataoff; 1184 int dataoff;
1185 1185
1186 uh = skb_header_pointer(*pskb, protoff, sizeof(_uh), &_uh); 1186 uh = skb_header_pointer(skb, protoff, sizeof(_uh), &_uh);
1187 if (uh == NULL) 1187 if (uh == NULL)
1188 return NULL; 1188 return NULL;
1189 dataoff = protoff + sizeof(_uh); 1189 dataoff = protoff + sizeof(_uh);
1190 if (dataoff >= (*pskb)->len) 1190 if (dataoff >= skb->len)
1191 return NULL; 1191 return NULL;
1192 *datalen = (*pskb)->len - dataoff; 1192 *datalen = skb->len - dataoff;
1193 return skb_header_pointer(*pskb, dataoff, *datalen, h323_buffer); 1193 return skb_header_pointer(skb, dataoff, *datalen, h323_buffer);
1194} 1194}
1195 1195
1196/****************************************************************************/ 1196/****************************************************************************/
@@ -1227,7 +1227,7 @@ static int set_expect_timeout(struct nf_conntrack_expect *exp,
1227} 1227}
1228 1228
1229/****************************************************************************/ 1229/****************************************************************************/
1230static int expect_q931(struct sk_buff **pskb, struct nf_conn *ct, 1230static int expect_q931(struct sk_buff *skb, struct nf_conn *ct,
1231 enum ip_conntrack_info ctinfo, 1231 enum ip_conntrack_info ctinfo,
1232 unsigned char **data, 1232 unsigned char **data,
1233 TransportAddress *taddr, int count) 1233 TransportAddress *taddr, int count)
@@ -1265,7 +1265,7 @@ static int expect_q931(struct sk_buff **pskb, struct nf_conn *ct,
1265 1265
1266 nat_q931 = rcu_dereference(nat_q931_hook); 1266 nat_q931 = rcu_dereference(nat_q931_hook);
1267 if (nat_q931 && ct->status & IPS_NAT_MASK) { /* Need NAT */ 1267 if (nat_q931 && ct->status & IPS_NAT_MASK) { /* Need NAT */
1268 ret = nat_q931(pskb, ct, ctinfo, data, taddr, i, port, exp); 1268 ret = nat_q931(skb, ct, ctinfo, data, taddr, i, port, exp);
1269 } else { /* Conntrack only */ 1269 } else { /* Conntrack only */
1270 if (nf_ct_expect_related(exp) == 0) { 1270 if (nf_ct_expect_related(exp) == 0) {
1271 pr_debug("nf_ct_ras: expect Q.931 "); 1271 pr_debug("nf_ct_ras: expect Q.931 ");
@@ -1283,7 +1283,7 @@ static int expect_q931(struct sk_buff **pskb, struct nf_conn *ct,
1283} 1283}
1284 1284
1285/****************************************************************************/ 1285/****************************************************************************/
1286static int process_grq(struct sk_buff **pskb, struct nf_conn *ct, 1286static int process_grq(struct sk_buff *skb, struct nf_conn *ct,
1287 enum ip_conntrack_info ctinfo, 1287 enum ip_conntrack_info ctinfo,
1288 unsigned char **data, GatekeeperRequest *grq) 1288 unsigned char **data, GatekeeperRequest *grq)
1289{ 1289{
@@ -1293,13 +1293,13 @@ static int process_grq(struct sk_buff **pskb, struct nf_conn *ct,
1293 1293
1294 set_ras_addr = rcu_dereference(set_ras_addr_hook); 1294 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1295 if (set_ras_addr && ct->status & IPS_NAT_MASK) /* NATed */ 1295 if (set_ras_addr && ct->status & IPS_NAT_MASK) /* NATed */
1296 return set_ras_addr(pskb, ct, ctinfo, data, 1296 return set_ras_addr(skb, ct, ctinfo, data,
1297 &grq->rasAddress, 1); 1297 &grq->rasAddress, 1);
1298 return 0; 1298 return 0;
1299} 1299}
1300 1300
1301/****************************************************************************/ 1301/****************************************************************************/
1302static int process_gcf(struct sk_buff **pskb, struct nf_conn *ct, 1302static int process_gcf(struct sk_buff *skb, struct nf_conn *ct,
1303 enum ip_conntrack_info ctinfo, 1303 enum ip_conntrack_info ctinfo,
1304 unsigned char **data, GatekeeperConfirm *gcf) 1304 unsigned char **data, GatekeeperConfirm *gcf)
1305{ 1305{
@@ -1343,7 +1343,7 @@ static int process_gcf(struct sk_buff **pskb, struct nf_conn *ct,
1343} 1343}
1344 1344
1345/****************************************************************************/ 1345/****************************************************************************/
1346static int process_rrq(struct sk_buff **pskb, struct nf_conn *ct, 1346static int process_rrq(struct sk_buff *skb, struct nf_conn *ct,
1347 enum ip_conntrack_info ctinfo, 1347 enum ip_conntrack_info ctinfo,
1348 unsigned char **data, RegistrationRequest *rrq) 1348 unsigned char **data, RegistrationRequest *rrq)
1349{ 1349{
@@ -1353,7 +1353,7 @@ static int process_rrq(struct sk_buff **pskb, struct nf_conn *ct,
1353 1353
1354 pr_debug("nf_ct_ras: RRQ\n"); 1354 pr_debug("nf_ct_ras: RRQ\n");
1355 1355
1356 ret = expect_q931(pskb, ct, ctinfo, data, 1356 ret = expect_q931(skb, ct, ctinfo, data,
1357 rrq->callSignalAddress.item, 1357 rrq->callSignalAddress.item,
1358 rrq->callSignalAddress.count); 1358 rrq->callSignalAddress.count);
1359 if (ret < 0) 1359 if (ret < 0)
@@ -1361,7 +1361,7 @@ static int process_rrq(struct sk_buff **pskb, struct nf_conn *ct,
1361 1361
1362 set_ras_addr = rcu_dereference(set_ras_addr_hook); 1362 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1363 if (set_ras_addr && ct->status & IPS_NAT_MASK) { 1363 if (set_ras_addr && ct->status & IPS_NAT_MASK) {
1364 ret = set_ras_addr(pskb, ct, ctinfo, data, 1364 ret = set_ras_addr(skb, ct, ctinfo, data,
1365 rrq->rasAddress.item, 1365 rrq->rasAddress.item,
1366 rrq->rasAddress.count); 1366 rrq->rasAddress.count);
1367 if (ret < 0) 1367 if (ret < 0)
@@ -1378,7 +1378,7 @@ static int process_rrq(struct sk_buff **pskb, struct nf_conn *ct,
1378} 1378}
1379 1379
1380/****************************************************************************/ 1380/****************************************************************************/
1381static int process_rcf(struct sk_buff **pskb, struct nf_conn *ct, 1381static int process_rcf(struct sk_buff *skb, struct nf_conn *ct,
1382 enum ip_conntrack_info ctinfo, 1382 enum ip_conntrack_info ctinfo,
1383 unsigned char **data, RegistrationConfirm *rcf) 1383 unsigned char **data, RegistrationConfirm *rcf)
1384{ 1384{
@@ -1392,7 +1392,7 @@ static int process_rcf(struct sk_buff **pskb, struct nf_conn *ct,
1392 1392
1393 set_sig_addr = rcu_dereference(set_sig_addr_hook); 1393 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1394 if (set_sig_addr && ct->status & IPS_NAT_MASK) { 1394 if (set_sig_addr && ct->status & IPS_NAT_MASK) {
1395 ret = set_sig_addr(pskb, ct, ctinfo, data, 1395 ret = set_sig_addr(skb, ct, ctinfo, data,
1396 rcf->callSignalAddress.item, 1396 rcf->callSignalAddress.item,
1397 rcf->callSignalAddress.count); 1397 rcf->callSignalAddress.count);
1398 if (ret < 0) 1398 if (ret < 0)
@@ -1407,7 +1407,7 @@ static int process_rcf(struct sk_buff **pskb, struct nf_conn *ct,
1407 if (info->timeout > 0) { 1407 if (info->timeout > 0) {
1408 pr_debug("nf_ct_ras: set RAS connection timeout to " 1408 pr_debug("nf_ct_ras: set RAS connection timeout to "
1409 "%u seconds\n", info->timeout); 1409 "%u seconds\n", info->timeout);
1410 nf_ct_refresh(ct, *pskb, info->timeout * HZ); 1410 nf_ct_refresh(ct, skb, info->timeout * HZ);
1411 1411
1412 /* Set expect timeout */ 1412 /* Set expect timeout */
1413 read_lock_bh(&nf_conntrack_lock); 1413 read_lock_bh(&nf_conntrack_lock);
@@ -1427,7 +1427,7 @@ static int process_rcf(struct sk_buff **pskb, struct nf_conn *ct,
1427} 1427}
1428 1428
1429/****************************************************************************/ 1429/****************************************************************************/
1430static int process_urq(struct sk_buff **pskb, struct nf_conn *ct, 1430static int process_urq(struct sk_buff *skb, struct nf_conn *ct,
1431 enum ip_conntrack_info ctinfo, 1431 enum ip_conntrack_info ctinfo,
1432 unsigned char **data, UnregistrationRequest *urq) 1432 unsigned char **data, UnregistrationRequest *urq)
1433{ 1433{
@@ -1440,7 +1440,7 @@ static int process_urq(struct sk_buff **pskb, struct nf_conn *ct,
1440 1440
1441 set_sig_addr = rcu_dereference(set_sig_addr_hook); 1441 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1442 if (set_sig_addr && ct->status & IPS_NAT_MASK) { 1442 if (set_sig_addr && ct->status & IPS_NAT_MASK) {
1443 ret = set_sig_addr(pskb, ct, ctinfo, data, 1443 ret = set_sig_addr(skb, ct, ctinfo, data,
1444 urq->callSignalAddress.item, 1444 urq->callSignalAddress.item,
1445 urq->callSignalAddress.count); 1445 urq->callSignalAddress.count);
1446 if (ret < 0) 1446 if (ret < 0)
@@ -1453,13 +1453,13 @@ static int process_urq(struct sk_buff **pskb, struct nf_conn *ct,
1453 info->sig_port[!dir] = 0; 1453 info->sig_port[!dir] = 0;
1454 1454
1455 /* Give it 30 seconds for UCF or URJ */ 1455 /* Give it 30 seconds for UCF or URJ */
1456 nf_ct_refresh(ct, *pskb, 30 * HZ); 1456 nf_ct_refresh(ct, skb, 30 * HZ);
1457 1457
1458 return 0; 1458 return 0;
1459} 1459}
1460 1460
1461/****************************************************************************/ 1461/****************************************************************************/
1462static int process_arq(struct sk_buff **pskb, struct nf_conn *ct, 1462static int process_arq(struct sk_buff *skb, struct nf_conn *ct,
1463 enum ip_conntrack_info ctinfo, 1463 enum ip_conntrack_info ctinfo,
1464 unsigned char **data, AdmissionRequest *arq) 1464 unsigned char **data, AdmissionRequest *arq)
1465{ 1465{
@@ -1479,7 +1479,7 @@ static int process_arq(struct sk_buff **pskb, struct nf_conn *ct,
1479 port == info->sig_port[dir] && 1479 port == info->sig_port[dir] &&
1480 set_h225_addr && ct->status & IPS_NAT_MASK) { 1480 set_h225_addr && ct->status & IPS_NAT_MASK) {
1481 /* Answering ARQ */ 1481 /* Answering ARQ */
1482 return set_h225_addr(pskb, data, 0, 1482 return set_h225_addr(skb, data, 0,
1483 &arq->destCallSignalAddress, 1483 &arq->destCallSignalAddress,
1484 &ct->tuplehash[!dir].tuple.dst.u3, 1484 &ct->tuplehash[!dir].tuple.dst.u3,
1485 info->sig_port[!dir]); 1485 info->sig_port[!dir]);
@@ -1491,7 +1491,7 @@ static int process_arq(struct sk_buff **pskb, struct nf_conn *ct,
1491 !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) && 1491 !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) &&
1492 set_h225_addr && ct->status & IPS_NAT_MASK) { 1492 set_h225_addr && ct->status & IPS_NAT_MASK) {
1493 /* Calling ARQ */ 1493 /* Calling ARQ */
1494 return set_h225_addr(pskb, data, 0, 1494 return set_h225_addr(skb, data, 0,
1495 &arq->srcCallSignalAddress, 1495 &arq->srcCallSignalAddress,
1496 &ct->tuplehash[!dir].tuple.dst.u3, 1496 &ct->tuplehash[!dir].tuple.dst.u3,
1497 port); 1497 port);
@@ -1501,7 +1501,7 @@ static int process_arq(struct sk_buff **pskb, struct nf_conn *ct,
1501} 1501}
1502 1502
1503/****************************************************************************/ 1503/****************************************************************************/
1504static int process_acf(struct sk_buff **pskb, struct nf_conn *ct, 1504static int process_acf(struct sk_buff *skb, struct nf_conn *ct,
1505 enum ip_conntrack_info ctinfo, 1505 enum ip_conntrack_info ctinfo,
1506 unsigned char **data, AdmissionConfirm *acf) 1506 unsigned char **data, AdmissionConfirm *acf)
1507{ 1507{
@@ -1522,7 +1522,7 @@ static int process_acf(struct sk_buff **pskb, struct nf_conn *ct,
1522 /* Answering ACF */ 1522 /* Answering ACF */
1523 set_sig_addr = rcu_dereference(set_sig_addr_hook); 1523 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1524 if (set_sig_addr && ct->status & IPS_NAT_MASK) 1524 if (set_sig_addr && ct->status & IPS_NAT_MASK)
1525 return set_sig_addr(pskb, ct, ctinfo, data, 1525 return set_sig_addr(skb, ct, ctinfo, data,
1526 &acf->destCallSignalAddress, 1); 1526 &acf->destCallSignalAddress, 1);
1527 return 0; 1527 return 0;
1528 } 1528 }
@@ -1548,7 +1548,7 @@ static int process_acf(struct sk_buff **pskb, struct nf_conn *ct,
1548} 1548}
1549 1549
1550/****************************************************************************/ 1550/****************************************************************************/
1551static int process_lrq(struct sk_buff **pskb, struct nf_conn *ct, 1551static int process_lrq(struct sk_buff *skb, struct nf_conn *ct,
1552 enum ip_conntrack_info ctinfo, 1552 enum ip_conntrack_info ctinfo,
1553 unsigned char **data, LocationRequest *lrq) 1553 unsigned char **data, LocationRequest *lrq)
1554{ 1554{
@@ -1558,13 +1558,13 @@ static int process_lrq(struct sk_buff **pskb, struct nf_conn *ct,
1558 1558
1559 set_ras_addr = rcu_dereference(set_ras_addr_hook); 1559 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1560 if (set_ras_addr && ct->status & IPS_NAT_MASK) 1560 if (set_ras_addr && ct->status & IPS_NAT_MASK)
1561 return set_ras_addr(pskb, ct, ctinfo, data, 1561 return set_ras_addr(skb, ct, ctinfo, data,
1562 &lrq->replyAddress, 1); 1562 &lrq->replyAddress, 1);
1563 return 0; 1563 return 0;
1564} 1564}
1565 1565
1566/****************************************************************************/ 1566/****************************************************************************/
1567static int process_lcf(struct sk_buff **pskb, struct nf_conn *ct, 1567static int process_lcf(struct sk_buff *skb, struct nf_conn *ct,
1568 enum ip_conntrack_info ctinfo, 1568 enum ip_conntrack_info ctinfo,
1569 unsigned char **data, LocationConfirm *lcf) 1569 unsigned char **data, LocationConfirm *lcf)
1570{ 1570{
@@ -1603,7 +1603,7 @@ static int process_lcf(struct sk_buff **pskb, struct nf_conn *ct,
1603} 1603}
1604 1604
1605/****************************************************************************/ 1605/****************************************************************************/
1606static int process_irr(struct sk_buff **pskb, struct nf_conn *ct, 1606static int process_irr(struct sk_buff *skb, struct nf_conn *ct,
1607 enum ip_conntrack_info ctinfo, 1607 enum ip_conntrack_info ctinfo,
1608 unsigned char **data, InfoRequestResponse *irr) 1608 unsigned char **data, InfoRequestResponse *irr)
1609{ 1609{
@@ -1615,7 +1615,7 @@ static int process_irr(struct sk_buff **pskb, struct nf_conn *ct,
1615 1615
1616 set_ras_addr = rcu_dereference(set_ras_addr_hook); 1616 set_ras_addr = rcu_dereference(set_ras_addr_hook);
1617 if (set_ras_addr && ct->status & IPS_NAT_MASK) { 1617 if (set_ras_addr && ct->status & IPS_NAT_MASK) {
1618 ret = set_ras_addr(pskb, ct, ctinfo, data, 1618 ret = set_ras_addr(skb, ct, ctinfo, data,
1619 &irr->rasAddress, 1); 1619 &irr->rasAddress, 1);
1620 if (ret < 0) 1620 if (ret < 0)
1621 return -1; 1621 return -1;
@@ -1623,7 +1623,7 @@ static int process_irr(struct sk_buff **pskb, struct nf_conn *ct,
1623 1623
1624 set_sig_addr = rcu_dereference(set_sig_addr_hook); 1624 set_sig_addr = rcu_dereference(set_sig_addr_hook);
1625 if (set_sig_addr && ct->status & IPS_NAT_MASK) { 1625 if (set_sig_addr && ct->status & IPS_NAT_MASK) {
1626 ret = set_sig_addr(pskb, ct, ctinfo, data, 1626 ret = set_sig_addr(skb, ct, ctinfo, data,
1627 irr->callSignalAddress.item, 1627 irr->callSignalAddress.item,
1628 irr->callSignalAddress.count); 1628 irr->callSignalAddress.count);
1629 if (ret < 0) 1629 if (ret < 0)
@@ -1634,40 +1634,40 @@ static int process_irr(struct sk_buff **pskb, struct nf_conn *ct,
1634} 1634}
1635 1635
1636/****************************************************************************/ 1636/****************************************************************************/
1637static int process_ras(struct sk_buff **pskb, struct nf_conn *ct, 1637static int process_ras(struct sk_buff *skb, struct nf_conn *ct,
1638 enum ip_conntrack_info ctinfo, 1638 enum ip_conntrack_info ctinfo,
1639 unsigned char **data, RasMessage *ras) 1639 unsigned char **data, RasMessage *ras)
1640{ 1640{
1641 switch (ras->choice) { 1641 switch (ras->choice) {
1642 case eRasMessage_gatekeeperRequest: 1642 case eRasMessage_gatekeeperRequest:
1643 return process_grq(pskb, ct, ctinfo, data, 1643 return process_grq(skb, ct, ctinfo, data,
1644 &ras->gatekeeperRequest); 1644 &ras->gatekeeperRequest);
1645 case eRasMessage_gatekeeperConfirm: 1645 case eRasMessage_gatekeeperConfirm:
1646 return process_gcf(pskb, ct, ctinfo, data, 1646 return process_gcf(skb, ct, ctinfo, data,
1647 &ras->gatekeeperConfirm); 1647 &ras->gatekeeperConfirm);
1648 case eRasMessage_registrationRequest: 1648 case eRasMessage_registrationRequest:
1649 return process_rrq(pskb, ct, ctinfo, data, 1649 return process_rrq(skb, ct, ctinfo, data,
1650 &ras->registrationRequest); 1650 &ras->registrationRequest);
1651 case eRasMessage_registrationConfirm: 1651 case eRasMessage_registrationConfirm:
1652 return process_rcf(pskb, ct, ctinfo, data, 1652 return process_rcf(skb, ct, ctinfo, data,
1653 &ras->registrationConfirm); 1653 &ras->registrationConfirm);
1654 case eRasMessage_unregistrationRequest: 1654 case eRasMessage_unregistrationRequest:
1655 return process_urq(pskb, ct, ctinfo, data, 1655 return process_urq(skb, ct, ctinfo, data,
1656 &ras->unregistrationRequest); 1656 &ras->unregistrationRequest);
1657 case eRasMessage_admissionRequest: 1657 case eRasMessage_admissionRequest:
1658 return process_arq(pskb, ct, ctinfo, data, 1658 return process_arq(skb, ct, ctinfo, data,
1659 &ras->admissionRequest); 1659 &ras->admissionRequest);
1660 case eRasMessage_admissionConfirm: 1660 case eRasMessage_admissionConfirm:
1661 return process_acf(pskb, ct, ctinfo, data, 1661 return process_acf(skb, ct, ctinfo, data,
1662 &ras->admissionConfirm); 1662 &ras->admissionConfirm);
1663 case eRasMessage_locationRequest: 1663 case eRasMessage_locationRequest:
1664 return process_lrq(pskb, ct, ctinfo, data, 1664 return process_lrq(skb, ct, ctinfo, data,
1665 &ras->locationRequest); 1665 &ras->locationRequest);
1666 case eRasMessage_locationConfirm: 1666 case eRasMessage_locationConfirm:
1667 return process_lcf(pskb, ct, ctinfo, data, 1667 return process_lcf(skb, ct, ctinfo, data,
1668 &ras->locationConfirm); 1668 &ras->locationConfirm);
1669 case eRasMessage_infoRequestResponse: 1669 case eRasMessage_infoRequestResponse:
1670 return process_irr(pskb, ct, ctinfo, data, 1670 return process_irr(skb, ct, ctinfo, data,
1671 &ras->infoRequestResponse); 1671 &ras->infoRequestResponse);
1672 default: 1672 default:
1673 pr_debug("nf_ct_ras: RAS message %d\n", ras->choice); 1673 pr_debug("nf_ct_ras: RAS message %d\n", ras->choice);
@@ -1678,7 +1678,7 @@ static int process_ras(struct sk_buff **pskb, struct nf_conn *ct,
1678} 1678}
1679 1679
1680/****************************************************************************/ 1680/****************************************************************************/
1681static int ras_help(struct sk_buff **pskb, unsigned int protoff, 1681static int ras_help(struct sk_buff *skb, unsigned int protoff,
1682 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 1682 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1683{ 1683{
1684 static RasMessage ras; 1684 static RasMessage ras;
@@ -1686,12 +1686,12 @@ static int ras_help(struct sk_buff **pskb, unsigned int protoff,
1686 int datalen = 0; 1686 int datalen = 0;
1687 int ret; 1687 int ret;
1688 1688
1689 pr_debug("nf_ct_ras: skblen = %u\n", (*pskb)->len); 1689 pr_debug("nf_ct_ras: skblen = %u\n", skb->len);
1690 1690
1691 spin_lock_bh(&nf_h323_lock); 1691 spin_lock_bh(&nf_h323_lock);
1692 1692
1693 /* Get UDP data */ 1693 /* Get UDP data */
1694 data = get_udp_data(pskb, protoff, &datalen); 1694 data = get_udp_data(skb, protoff, &datalen);
1695 if (data == NULL) 1695 if (data == NULL)
1696 goto accept; 1696 goto accept;
1697 pr_debug("nf_ct_ras: RAS message len=%d ", datalen); 1697 pr_debug("nf_ct_ras: RAS message len=%d ", datalen);
@@ -1707,7 +1707,7 @@ static int ras_help(struct sk_buff **pskb, unsigned int protoff,
1707 } 1707 }
1708 1708
1709 /* Process RAS message */ 1709 /* Process RAS message */
1710 if (process_ras(pskb, ct, ctinfo, &data, &ras) < 0) 1710 if (process_ras(skb, ct, ctinfo, &data, &ras) < 0)
1711 goto drop; 1711 goto drop;
1712 1712
1713 accept: 1713 accept:
diff --git a/net/netfilter/nf_conntrack_irc.c b/net/netfilter/nf_conntrack_irc.c
index 1562ca97a349..dfaed4ba83cd 100644
--- a/net/netfilter/nf_conntrack_irc.c
+++ b/net/netfilter/nf_conntrack_irc.c
@@ -30,7 +30,7 @@ static unsigned int dcc_timeout __read_mostly = 300;
30static char *irc_buffer; 30static char *irc_buffer;
31static DEFINE_SPINLOCK(irc_buffer_lock); 31static DEFINE_SPINLOCK(irc_buffer_lock);
32 32
33unsigned int (*nf_nat_irc_hook)(struct sk_buff **pskb, 33unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb,
34 enum ip_conntrack_info ctinfo, 34 enum ip_conntrack_info ctinfo,
35 unsigned int matchoff, 35 unsigned int matchoff,
36 unsigned int matchlen, 36 unsigned int matchlen,
@@ -89,7 +89,7 @@ static int parse_dcc(char *data, char *data_end, u_int32_t *ip,
89 return 0; 89 return 0;
90} 90}
91 91
92static int help(struct sk_buff **pskb, unsigned int protoff, 92static int help(struct sk_buff *skb, unsigned int protoff,
93 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 93 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
94{ 94{
95 unsigned int dataoff; 95 unsigned int dataoff;
@@ -116,22 +116,22 @@ static int help(struct sk_buff **pskb, unsigned int protoff,
116 return NF_ACCEPT; 116 return NF_ACCEPT;
117 117
118 /* Not a full tcp header? */ 118 /* Not a full tcp header? */
119 th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); 119 th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
120 if (th == NULL) 120 if (th == NULL)
121 return NF_ACCEPT; 121 return NF_ACCEPT;
122 122
123 /* No data? */ 123 /* No data? */
124 dataoff = protoff + th->doff*4; 124 dataoff = protoff + th->doff*4;
125 if (dataoff >= (*pskb)->len) 125 if (dataoff >= skb->len)
126 return NF_ACCEPT; 126 return NF_ACCEPT;
127 127
128 spin_lock_bh(&irc_buffer_lock); 128 spin_lock_bh(&irc_buffer_lock);
129 ib_ptr = skb_header_pointer(*pskb, dataoff, (*pskb)->len - dataoff, 129 ib_ptr = skb_header_pointer(skb, dataoff, skb->len - dataoff,
130 irc_buffer); 130 irc_buffer);
131 BUG_ON(ib_ptr == NULL); 131 BUG_ON(ib_ptr == NULL);
132 132
133 data = ib_ptr; 133 data = ib_ptr;
134 data_limit = ib_ptr + (*pskb)->len - dataoff; 134 data_limit = ib_ptr + skb->len - dataoff;
135 135
136 /* strlen("\1DCC SENT t AAAAAAAA P\1\n")=24 136 /* strlen("\1DCC SENT t AAAAAAAA P\1\n")=24
137 * 5+MINMATCHLEN+strlen("t AAAAAAAA P\1\n")=14 */ 137 * 5+MINMATCHLEN+strlen("t AAAAAAAA P\1\n")=14 */
@@ -143,7 +143,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff,
143 data += 5; 143 data += 5;
144 /* we have at least (19+MINMATCHLEN)-5 bytes valid data left */ 144 /* we have at least (19+MINMATCHLEN)-5 bytes valid data left */
145 145
146 iph = ip_hdr(*pskb); 146 iph = ip_hdr(skb);
147 pr_debug("DCC found in master %u.%u.%u.%u:%u %u.%u.%u.%u:%u\n", 147 pr_debug("DCC found in master %u.%u.%u.%u:%u %u.%u.%u.%u:%u\n",
148 NIPQUAD(iph->saddr), ntohs(th->source), 148 NIPQUAD(iph->saddr), ntohs(th->source),
149 NIPQUAD(iph->daddr), ntohs(th->dest)); 149 NIPQUAD(iph->daddr), ntohs(th->dest));
@@ -193,7 +193,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff,
193 193
194 nf_nat_irc = rcu_dereference(nf_nat_irc_hook); 194 nf_nat_irc = rcu_dereference(nf_nat_irc_hook);
195 if (nf_nat_irc && ct->status & IPS_NAT_MASK) 195 if (nf_nat_irc && ct->status & IPS_NAT_MASK)
196 ret = nf_nat_irc(pskb, ctinfo, 196 ret = nf_nat_irc(skb, ctinfo,
197 addr_beg_p - ib_ptr, 197 addr_beg_p - ib_ptr,
198 addr_end_p - addr_beg_p, 198 addr_end_p - addr_beg_p,
199 exp); 199 exp);
diff --git a/net/netfilter/nf_conntrack_netbios_ns.c b/net/netfilter/nf_conntrack_netbios_ns.c
index 1d59fabeb5f7..9810d81e2a06 100644
--- a/net/netfilter/nf_conntrack_netbios_ns.c
+++ b/net/netfilter/nf_conntrack_netbios_ns.c
@@ -42,17 +42,17 @@ static unsigned int timeout __read_mostly = 3;
42module_param(timeout, uint, 0400); 42module_param(timeout, uint, 0400);
43MODULE_PARM_DESC(timeout, "timeout for master connection/replies in seconds"); 43MODULE_PARM_DESC(timeout, "timeout for master connection/replies in seconds");
44 44
45static int help(struct sk_buff **pskb, unsigned int protoff, 45static int help(struct sk_buff *skb, unsigned int protoff,
46 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 46 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
47{ 47{
48 struct nf_conntrack_expect *exp; 48 struct nf_conntrack_expect *exp;
49 struct iphdr *iph = ip_hdr(*pskb); 49 struct iphdr *iph = ip_hdr(skb);
50 struct rtable *rt = (struct rtable *)(*pskb)->dst; 50 struct rtable *rt = (struct rtable *)skb->dst;
51 struct in_device *in_dev; 51 struct in_device *in_dev;
52 __be32 mask = 0; 52 __be32 mask = 0;
53 53
54 /* we're only interested in locally generated packets */ 54 /* we're only interested in locally generated packets */
55 if ((*pskb)->sk == NULL) 55 if (skb->sk == NULL)
56 goto out; 56 goto out;
57 if (rt == NULL || !(rt->rt_flags & RTCF_BROADCAST)) 57 if (rt == NULL || !(rt->rt_flags & RTCF_BROADCAST))
58 goto out; 58 goto out;
@@ -91,7 +91,7 @@ static int help(struct sk_buff **pskb, unsigned int protoff,
91 nf_ct_expect_related(exp); 91 nf_ct_expect_related(exp);
92 nf_ct_expect_put(exp); 92 nf_ct_expect_put(exp);
93 93
94 nf_ct_refresh(ct, *pskb, timeout * HZ); 94 nf_ct_refresh(ct, skb, timeout * HZ);
95out: 95out:
96 return NF_ACCEPT; 96 return NF_ACCEPT;
97} 97}
diff --git a/net/netfilter/nf_conntrack_pptp.c b/net/netfilter/nf_conntrack_pptp.c
index b0804199ab59..099b6df3e2b5 100644
--- a/net/netfilter/nf_conntrack_pptp.c
+++ b/net/netfilter/nf_conntrack_pptp.c
@@ -41,14 +41,14 @@ MODULE_ALIAS("ip_conntrack_pptp");
41static DEFINE_SPINLOCK(nf_pptp_lock); 41static DEFINE_SPINLOCK(nf_pptp_lock);
42 42
43int 43int
44(*nf_nat_pptp_hook_outbound)(struct sk_buff **pskb, 44(*nf_nat_pptp_hook_outbound)(struct sk_buff *skb,
45 struct nf_conn *ct, enum ip_conntrack_info ctinfo, 45 struct nf_conn *ct, enum ip_conntrack_info ctinfo,
46 struct PptpControlHeader *ctlh, 46 struct PptpControlHeader *ctlh,
47 union pptp_ctrl_union *pptpReq) __read_mostly; 47 union pptp_ctrl_union *pptpReq) __read_mostly;
48EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_outbound); 48EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_outbound);
49 49
50int 50int
51(*nf_nat_pptp_hook_inbound)(struct sk_buff **pskb, 51(*nf_nat_pptp_hook_inbound)(struct sk_buff *skb,
52 struct nf_conn *ct, enum ip_conntrack_info ctinfo, 52 struct nf_conn *ct, enum ip_conntrack_info ctinfo,
53 struct PptpControlHeader *ctlh, 53 struct PptpControlHeader *ctlh,
54 union pptp_ctrl_union *pptpReq) __read_mostly; 54 union pptp_ctrl_union *pptpReq) __read_mostly;
@@ -254,7 +254,7 @@ out_unexpect_orig:
254} 254}
255 255
256static inline int 256static inline int
257pptp_inbound_pkt(struct sk_buff **pskb, 257pptp_inbound_pkt(struct sk_buff *skb,
258 struct PptpControlHeader *ctlh, 258 struct PptpControlHeader *ctlh,
259 union pptp_ctrl_union *pptpReq, 259 union pptp_ctrl_union *pptpReq,
260 unsigned int reqlen, 260 unsigned int reqlen,
@@ -367,7 +367,7 @@ pptp_inbound_pkt(struct sk_buff **pskb,
367 367
368 nf_nat_pptp_inbound = rcu_dereference(nf_nat_pptp_hook_inbound); 368 nf_nat_pptp_inbound = rcu_dereference(nf_nat_pptp_hook_inbound);
369 if (nf_nat_pptp_inbound && ct->status & IPS_NAT_MASK) 369 if (nf_nat_pptp_inbound && ct->status & IPS_NAT_MASK)
370 return nf_nat_pptp_inbound(pskb, ct, ctinfo, ctlh, pptpReq); 370 return nf_nat_pptp_inbound(skb, ct, ctinfo, ctlh, pptpReq);
371 return NF_ACCEPT; 371 return NF_ACCEPT;
372 372
373invalid: 373invalid:
@@ -380,7 +380,7 @@ invalid:
380} 380}
381 381
382static inline int 382static inline int
383pptp_outbound_pkt(struct sk_buff **pskb, 383pptp_outbound_pkt(struct sk_buff *skb,
384 struct PptpControlHeader *ctlh, 384 struct PptpControlHeader *ctlh,
385 union pptp_ctrl_union *pptpReq, 385 union pptp_ctrl_union *pptpReq,
386 unsigned int reqlen, 386 unsigned int reqlen,
@@ -462,7 +462,7 @@ pptp_outbound_pkt(struct sk_buff **pskb,
462 462
463 nf_nat_pptp_outbound = rcu_dereference(nf_nat_pptp_hook_outbound); 463 nf_nat_pptp_outbound = rcu_dereference(nf_nat_pptp_hook_outbound);
464 if (nf_nat_pptp_outbound && ct->status & IPS_NAT_MASK) 464 if (nf_nat_pptp_outbound && ct->status & IPS_NAT_MASK)
465 return nf_nat_pptp_outbound(pskb, ct, ctinfo, ctlh, pptpReq); 465 return nf_nat_pptp_outbound(skb, ct, ctinfo, ctlh, pptpReq);
466 return NF_ACCEPT; 466 return NF_ACCEPT;
467 467
468invalid: 468invalid:
@@ -492,7 +492,7 @@ static const unsigned int pptp_msg_size[] = {
492 492
493/* track caller id inside control connection, call expect_related */ 493/* track caller id inside control connection, call expect_related */
494static int 494static int
495conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff, 495conntrack_pptp_help(struct sk_buff *skb, unsigned int protoff,
496 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 496 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
497 497
498{ 498{
@@ -502,7 +502,7 @@ conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff,
502 struct pptp_pkt_hdr _pptph, *pptph; 502 struct pptp_pkt_hdr _pptph, *pptph;
503 struct PptpControlHeader _ctlh, *ctlh; 503 struct PptpControlHeader _ctlh, *ctlh;
504 union pptp_ctrl_union _pptpReq, *pptpReq; 504 union pptp_ctrl_union _pptpReq, *pptpReq;
505 unsigned int tcplen = (*pskb)->len - protoff; 505 unsigned int tcplen = skb->len - protoff;
506 unsigned int datalen, reqlen, nexthdr_off; 506 unsigned int datalen, reqlen, nexthdr_off;
507 int oldsstate, oldcstate; 507 int oldsstate, oldcstate;
508 int ret; 508 int ret;
@@ -514,12 +514,12 @@ conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff,
514 return NF_ACCEPT; 514 return NF_ACCEPT;
515 515
516 nexthdr_off = protoff; 516 nexthdr_off = protoff;
517 tcph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_tcph), &_tcph); 517 tcph = skb_header_pointer(skb, nexthdr_off, sizeof(_tcph), &_tcph);
518 BUG_ON(!tcph); 518 BUG_ON(!tcph);
519 nexthdr_off += tcph->doff * 4; 519 nexthdr_off += tcph->doff * 4;
520 datalen = tcplen - tcph->doff * 4; 520 datalen = tcplen - tcph->doff * 4;
521 521
522 pptph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_pptph), &_pptph); 522 pptph = skb_header_pointer(skb, nexthdr_off, sizeof(_pptph), &_pptph);
523 if (!pptph) { 523 if (!pptph) {
524 pr_debug("no full PPTP header, can't track\n"); 524 pr_debug("no full PPTP header, can't track\n");
525 return NF_ACCEPT; 525 return NF_ACCEPT;
@@ -534,7 +534,7 @@ conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff,
534 return NF_ACCEPT; 534 return NF_ACCEPT;
535 } 535 }
536 536
537 ctlh = skb_header_pointer(*pskb, nexthdr_off, sizeof(_ctlh), &_ctlh); 537 ctlh = skb_header_pointer(skb, nexthdr_off, sizeof(_ctlh), &_ctlh);
538 if (!ctlh) 538 if (!ctlh)
539 return NF_ACCEPT; 539 return NF_ACCEPT;
540 nexthdr_off += sizeof(_ctlh); 540 nexthdr_off += sizeof(_ctlh);
@@ -547,7 +547,7 @@ conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff,
547 if (reqlen > sizeof(*pptpReq)) 547 if (reqlen > sizeof(*pptpReq))
548 reqlen = sizeof(*pptpReq); 548 reqlen = sizeof(*pptpReq);
549 549
550 pptpReq = skb_header_pointer(*pskb, nexthdr_off, reqlen, &_pptpReq); 550 pptpReq = skb_header_pointer(skb, nexthdr_off, reqlen, &_pptpReq);
551 if (!pptpReq) 551 if (!pptpReq)
552 return NF_ACCEPT; 552 return NF_ACCEPT;
553 553
@@ -560,11 +560,11 @@ conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff,
560 * established from PNS->PAC. However, RFC makes no guarantee */ 560 * established from PNS->PAC. However, RFC makes no guarantee */
561 if (dir == IP_CT_DIR_ORIGINAL) 561 if (dir == IP_CT_DIR_ORIGINAL)
562 /* client -> server (PNS -> PAC) */ 562 /* client -> server (PNS -> PAC) */
563 ret = pptp_outbound_pkt(pskb, ctlh, pptpReq, reqlen, ct, 563 ret = pptp_outbound_pkt(skb, ctlh, pptpReq, reqlen, ct,
564 ctinfo); 564 ctinfo);
565 else 565 else
566 /* server -> client (PAC -> PNS) */ 566 /* server -> client (PAC -> PNS) */
567 ret = pptp_inbound_pkt(pskb, ctlh, pptpReq, reqlen, ct, 567 ret = pptp_inbound_pkt(skb, ctlh, pptpReq, reqlen, ct,
568 ctinfo); 568 ctinfo);
569 pr_debug("sstate: %d->%d, cstate: %d->%d\n", 569 pr_debug("sstate: %d->%d, cstate: %d->%d\n",
570 oldsstate, info->sstate, oldcstate, info->cstate); 570 oldsstate, info->sstate, oldcstate, info->cstate);
diff --git a/net/netfilter/nf_conntrack_sane.c b/net/netfilter/nf_conntrack_sane.c
index 355d371bac93..b5a16c6e21c2 100644
--- a/net/netfilter/nf_conntrack_sane.c
+++ b/net/netfilter/nf_conntrack_sane.c
@@ -56,7 +56,7 @@ struct sane_reply_net_start {
56 /* other fields aren't interesting for conntrack */ 56 /* other fields aren't interesting for conntrack */
57}; 57};
58 58
59static int help(struct sk_buff **pskb, 59static int help(struct sk_buff *skb,
60 unsigned int protoff, 60 unsigned int protoff,
61 struct nf_conn *ct, 61 struct nf_conn *ct,
62 enum ip_conntrack_info ctinfo) 62 enum ip_conntrack_info ctinfo)
@@ -80,19 +80,19 @@ static int help(struct sk_buff **pskb,
80 return NF_ACCEPT; 80 return NF_ACCEPT;
81 81
82 /* Not a full tcp header? */ 82 /* Not a full tcp header? */
83 th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); 83 th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
84 if (th == NULL) 84 if (th == NULL)
85 return NF_ACCEPT; 85 return NF_ACCEPT;
86 86
87 /* No data? */ 87 /* No data? */
88 dataoff = protoff + th->doff * 4; 88 dataoff = protoff + th->doff * 4;
89 if (dataoff >= (*pskb)->len) 89 if (dataoff >= skb->len)
90 return NF_ACCEPT; 90 return NF_ACCEPT;
91 91
92 datalen = (*pskb)->len - dataoff; 92 datalen = skb->len - dataoff;
93 93
94 spin_lock_bh(&nf_sane_lock); 94 spin_lock_bh(&nf_sane_lock);
95 sb_ptr = skb_header_pointer(*pskb, dataoff, datalen, sane_buffer); 95 sb_ptr = skb_header_pointer(skb, dataoff, datalen, sane_buffer);
96 BUG_ON(sb_ptr == NULL); 96 BUG_ON(sb_ptr == NULL);
97 97
98 if (dir == IP_CT_DIR_ORIGINAL) { 98 if (dir == IP_CT_DIR_ORIGINAL) {
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index d449fa47491c..8f8b5a48df38 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -36,13 +36,13 @@ static unsigned int sip_timeout __read_mostly = SIP_TIMEOUT;
36module_param(sip_timeout, uint, 0600); 36module_param(sip_timeout, uint, 0600);
37MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session"); 37MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session");
38 38
39unsigned int (*nf_nat_sip_hook)(struct sk_buff **pskb, 39unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb,
40 enum ip_conntrack_info ctinfo, 40 enum ip_conntrack_info ctinfo,
41 struct nf_conn *ct, 41 struct nf_conn *ct,
42 const char **dptr) __read_mostly; 42 const char **dptr) __read_mostly;
43EXPORT_SYMBOL_GPL(nf_nat_sip_hook); 43EXPORT_SYMBOL_GPL(nf_nat_sip_hook);
44 44
45unsigned int (*nf_nat_sdp_hook)(struct sk_buff **pskb, 45unsigned int (*nf_nat_sdp_hook)(struct sk_buff *skb,
46 enum ip_conntrack_info ctinfo, 46 enum ip_conntrack_info ctinfo,
47 struct nf_conntrack_expect *exp, 47 struct nf_conntrack_expect *exp,
48 const char *dptr) __read_mostly; 48 const char *dptr) __read_mostly;
@@ -363,7 +363,7 @@ int ct_sip_get_info(struct nf_conn *ct,
363} 363}
364EXPORT_SYMBOL_GPL(ct_sip_get_info); 364EXPORT_SYMBOL_GPL(ct_sip_get_info);
365 365
366static int set_expected_rtp(struct sk_buff **pskb, 366static int set_expected_rtp(struct sk_buff *skb,
367 struct nf_conn *ct, 367 struct nf_conn *ct,
368 enum ip_conntrack_info ctinfo, 368 enum ip_conntrack_info ctinfo,
369 union nf_conntrack_address *addr, 369 union nf_conntrack_address *addr,
@@ -385,7 +385,7 @@ static int set_expected_rtp(struct sk_buff **pskb,
385 385
386 nf_nat_sdp = rcu_dereference(nf_nat_sdp_hook); 386 nf_nat_sdp = rcu_dereference(nf_nat_sdp_hook);
387 if (nf_nat_sdp && ct->status & IPS_NAT_MASK) 387 if (nf_nat_sdp && ct->status & IPS_NAT_MASK)
388 ret = nf_nat_sdp(pskb, ctinfo, exp, dptr); 388 ret = nf_nat_sdp(skb, ctinfo, exp, dptr);
389 else { 389 else {
390 if (nf_ct_expect_related(exp) != 0) 390 if (nf_ct_expect_related(exp) != 0)
391 ret = NF_DROP; 391 ret = NF_DROP;
@@ -397,7 +397,7 @@ static int set_expected_rtp(struct sk_buff **pskb,
397 return ret; 397 return ret;
398} 398}
399 399
400static int sip_help(struct sk_buff **pskb, 400static int sip_help(struct sk_buff *skb,
401 unsigned int protoff, 401 unsigned int protoff,
402 struct nf_conn *ct, 402 struct nf_conn *ct,
403 enum ip_conntrack_info ctinfo) 403 enum ip_conntrack_info ctinfo)
@@ -414,13 +414,13 @@ static int sip_help(struct sk_buff **pskb,
414 414
415 /* No Data ? */ 415 /* No Data ? */
416 dataoff = protoff + sizeof(struct udphdr); 416 dataoff = protoff + sizeof(struct udphdr);
417 if (dataoff >= (*pskb)->len) 417 if (dataoff >= skb->len)
418 return NF_ACCEPT; 418 return NF_ACCEPT;
419 419
420 nf_ct_refresh(ct, *pskb, sip_timeout * HZ); 420 nf_ct_refresh(ct, skb, sip_timeout * HZ);
421 421
422 if (!skb_is_nonlinear(*pskb)) 422 if (!skb_is_nonlinear(skb))
423 dptr = (*pskb)->data + dataoff; 423 dptr = skb->data + dataoff;
424 else { 424 else {
425 pr_debug("Copy of skbuff not supported yet.\n"); 425 pr_debug("Copy of skbuff not supported yet.\n");
426 goto out; 426 goto out;
@@ -428,13 +428,13 @@ static int sip_help(struct sk_buff **pskb,
428 428
429 nf_nat_sip = rcu_dereference(nf_nat_sip_hook); 429 nf_nat_sip = rcu_dereference(nf_nat_sip_hook);
430 if (nf_nat_sip && ct->status & IPS_NAT_MASK) { 430 if (nf_nat_sip && ct->status & IPS_NAT_MASK) {
431 if (!nf_nat_sip(pskb, ctinfo, ct, &dptr)) { 431 if (!nf_nat_sip(skb, ctinfo, ct, &dptr)) {
432 ret = NF_DROP; 432 ret = NF_DROP;
433 goto out; 433 goto out;
434 } 434 }
435 } 435 }
436 436
437 datalen = (*pskb)->len - dataoff; 437 datalen = skb->len - dataoff;
438 if (datalen < sizeof("SIP/2.0 200") - 1) 438 if (datalen < sizeof("SIP/2.0 200") - 1)
439 goto out; 439 goto out;
440 440
@@ -464,7 +464,7 @@ static int sip_help(struct sk_buff **pskb,
464 ret = NF_DROP; 464 ret = NF_DROP;
465 goto out; 465 goto out;
466 } 466 }
467 ret = set_expected_rtp(pskb, ct, ctinfo, &addr, 467 ret = set_expected_rtp(skb, ct, ctinfo, &addr,
468 htons(port), dptr); 468 htons(port), dptr);
469 } 469 }
470 } 470 }
diff --git a/net/netfilter/nf_conntrack_tftp.c b/net/netfilter/nf_conntrack_tftp.c
index cc19506cf2f8..e894aa1ff3ad 100644
--- a/net/netfilter/nf_conntrack_tftp.c
+++ b/net/netfilter/nf_conntrack_tftp.c
@@ -29,12 +29,12 @@ static int ports_c;
29module_param_array(ports, ushort, &ports_c, 0400); 29module_param_array(ports, ushort, &ports_c, 0400);
30MODULE_PARM_DESC(ports, "Port numbers of TFTP servers"); 30MODULE_PARM_DESC(ports, "Port numbers of TFTP servers");
31 31
32unsigned int (*nf_nat_tftp_hook)(struct sk_buff **pskb, 32unsigned int (*nf_nat_tftp_hook)(struct sk_buff *skb,
33 enum ip_conntrack_info ctinfo, 33 enum ip_conntrack_info ctinfo,
34 struct nf_conntrack_expect *exp) __read_mostly; 34 struct nf_conntrack_expect *exp) __read_mostly;
35EXPORT_SYMBOL_GPL(nf_nat_tftp_hook); 35EXPORT_SYMBOL_GPL(nf_nat_tftp_hook);
36 36
37static int tftp_help(struct sk_buff **pskb, 37static int tftp_help(struct sk_buff *skb,
38 unsigned int protoff, 38 unsigned int protoff,
39 struct nf_conn *ct, 39 struct nf_conn *ct,
40 enum ip_conntrack_info ctinfo) 40 enum ip_conntrack_info ctinfo)
@@ -46,7 +46,7 @@ static int tftp_help(struct sk_buff **pskb,
46 int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num; 46 int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
47 typeof(nf_nat_tftp_hook) nf_nat_tftp; 47 typeof(nf_nat_tftp_hook) nf_nat_tftp;
48 48
49 tfh = skb_header_pointer(*pskb, protoff + sizeof(struct udphdr), 49 tfh = skb_header_pointer(skb, protoff + sizeof(struct udphdr),
50 sizeof(_tftph), &_tftph); 50 sizeof(_tftph), &_tftph);
51 if (tfh == NULL) 51 if (tfh == NULL)
52 return NF_ACCEPT; 52 return NF_ACCEPT;
@@ -70,7 +70,7 @@ static int tftp_help(struct sk_buff **pskb,
70 70
71 nf_nat_tftp = rcu_dereference(nf_nat_tftp_hook); 71 nf_nat_tftp = rcu_dereference(nf_nat_tftp_hook);
72 if (nf_nat_tftp && ct->status & IPS_NAT_MASK) 72 if (nf_nat_tftp && ct->status & IPS_NAT_MASK)
73 ret = nf_nat_tftp(pskb, ctinfo, exp); 73 ret = nf_nat_tftp(skb, ctinfo, exp);
74 else if (nf_ct_expect_related(exp) != 0) 74 else if (nf_ct_expect_related(exp) != 0)
75 ret = NF_DROP; 75 ret = NF_DROP;
76 nf_ct_expect_put(exp); 76 nf_ct_expect_put(exp);
diff --git a/net/netfilter/nf_internals.h b/net/netfilter/nf_internals.h
index 0df7fff196a7..196269c1e586 100644
--- a/net/netfilter/nf_internals.h
+++ b/net/netfilter/nf_internals.h
@@ -14,7 +14,7 @@
14 14
15/* core.c */ 15/* core.c */
16extern unsigned int nf_iterate(struct list_head *head, 16extern unsigned int nf_iterate(struct list_head *head,
17 struct sk_buff **skb, 17 struct sk_buff *skb,
18 int hook, 18 int hook,
19 const struct net_device *indev, 19 const struct net_device *indev,
20 const struct net_device *outdev, 20 const struct net_device *outdev,
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index a481a349f7bf..0cef1433d660 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -256,14 +256,14 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info,
256 256
257 if (verdict == NF_ACCEPT) { 257 if (verdict == NF_ACCEPT) {
258 afinfo = nf_get_afinfo(info->pf); 258 afinfo = nf_get_afinfo(info->pf);
259 if (!afinfo || afinfo->reroute(&skb, info) < 0) 259 if (!afinfo || afinfo->reroute(skb, info) < 0)
260 verdict = NF_DROP; 260 verdict = NF_DROP;
261 } 261 }
262 262
263 if (verdict == NF_ACCEPT) { 263 if (verdict == NF_ACCEPT) {
264 next_hook: 264 next_hook:
265 verdict = nf_iterate(&nf_hooks[info->pf][info->hook], 265 verdict = nf_iterate(&nf_hooks[info->pf][info->hook],
266 &skb, info->hook, 266 skb, info->hook,
267 info->indev, info->outdev, &elem, 267 info->indev, info->outdev, &elem,
268 info->okfn, INT_MIN); 268 info->okfn, INT_MIN);
269 } 269 }
diff --git a/net/netfilter/xt_CLASSIFY.c b/net/netfilter/xt_CLASSIFY.c
index 07a1b9665005..77eeae658d42 100644
--- a/net/netfilter/xt_CLASSIFY.c
+++ b/net/netfilter/xt_CLASSIFY.c
@@ -27,7 +27,7 @@ MODULE_ALIAS("ipt_CLASSIFY");
27MODULE_ALIAS("ip6t_CLASSIFY"); 27MODULE_ALIAS("ip6t_CLASSIFY");
28 28
29static unsigned int 29static unsigned int
30target(struct sk_buff **pskb, 30target(struct sk_buff *skb,
31 const struct net_device *in, 31 const struct net_device *in,
32 const struct net_device *out, 32 const struct net_device *out,
33 unsigned int hooknum, 33 unsigned int hooknum,
@@ -36,7 +36,7 @@ target(struct sk_buff **pskb,
36{ 36{
37 const struct xt_classify_target_info *clinfo = targinfo; 37 const struct xt_classify_target_info *clinfo = targinfo;
38 38
39 (*pskb)->priority = clinfo->priority; 39 skb->priority = clinfo->priority;
40 return XT_CONTINUE; 40 return XT_CONTINUE;
41} 41}
42 42
diff --git a/net/netfilter/xt_CONNMARK.c b/net/netfilter/xt_CONNMARK.c
index 7043c2757e09..8cc324b159e9 100644
--- a/net/netfilter/xt_CONNMARK.c
+++ b/net/netfilter/xt_CONNMARK.c
@@ -34,7 +34,7 @@ MODULE_ALIAS("ip6t_CONNMARK");
34#include <net/netfilter/nf_conntrack_ecache.h> 34#include <net/netfilter/nf_conntrack_ecache.h>
35 35
36static unsigned int 36static unsigned int
37target(struct sk_buff **pskb, 37target(struct sk_buff *skb,
38 const struct net_device *in, 38 const struct net_device *in,
39 const struct net_device *out, 39 const struct net_device *out,
40 unsigned int hooknum, 40 unsigned int hooknum,
@@ -48,28 +48,28 @@ target(struct sk_buff **pskb,
48 u_int32_t mark; 48 u_int32_t mark;
49 u_int32_t newmark; 49 u_int32_t newmark;
50 50
51 ct = nf_ct_get(*pskb, &ctinfo); 51 ct = nf_ct_get(skb, &ctinfo);
52 if (ct) { 52 if (ct) {
53 switch(markinfo->mode) { 53 switch(markinfo->mode) {
54 case XT_CONNMARK_SET: 54 case XT_CONNMARK_SET:
55 newmark = (ct->mark & ~markinfo->mask) | markinfo->mark; 55 newmark = (ct->mark & ~markinfo->mask) | markinfo->mark;
56 if (newmark != ct->mark) { 56 if (newmark != ct->mark) {
57 ct->mark = newmark; 57 ct->mark = newmark;
58 nf_conntrack_event_cache(IPCT_MARK, *pskb); 58 nf_conntrack_event_cache(IPCT_MARK, skb);
59 } 59 }
60 break; 60 break;
61 case XT_CONNMARK_SAVE: 61 case XT_CONNMARK_SAVE:
62 newmark = (ct->mark & ~markinfo->mask) | 62 newmark = (ct->mark & ~markinfo->mask) |
63 ((*pskb)->mark & markinfo->mask); 63 (skb->mark & markinfo->mask);
64 if (ct->mark != newmark) { 64 if (ct->mark != newmark) {
65 ct->mark = newmark; 65 ct->mark = newmark;
66 nf_conntrack_event_cache(IPCT_MARK, *pskb); 66 nf_conntrack_event_cache(IPCT_MARK, skb);
67 } 67 }
68 break; 68 break;
69 case XT_CONNMARK_RESTORE: 69 case XT_CONNMARK_RESTORE:
70 mark = (*pskb)->mark; 70 mark = skb->mark;
71 diff = (ct->mark ^ mark) & markinfo->mask; 71 diff = (ct->mark ^ mark) & markinfo->mask;
72 (*pskb)->mark = mark ^ diff; 72 skb->mark = mark ^ diff;
73 break; 73 break;
74 } 74 }
75 } 75 }
diff --git a/net/netfilter/xt_CONNSECMARK.c b/net/netfilter/xt_CONNSECMARK.c
index 63d73138c1b9..021b5c8d20e2 100644
--- a/net/netfilter/xt_CONNSECMARK.c
+++ b/net/netfilter/xt_CONNSECMARK.c
@@ -61,12 +61,11 @@ static void secmark_restore(struct sk_buff *skb)
61 } 61 }
62} 62}
63 63
64static unsigned int target(struct sk_buff **pskb, const struct net_device *in, 64static unsigned int target(struct sk_buff *skb, const struct net_device *in,
65 const struct net_device *out, unsigned int hooknum, 65 const struct net_device *out, unsigned int hooknum,
66 const struct xt_target *target, 66 const struct xt_target *target,
67 const void *targinfo) 67 const void *targinfo)
68{ 68{
69 struct sk_buff *skb = *pskb;
70 const struct xt_connsecmark_target_info *info = targinfo; 69 const struct xt_connsecmark_target_info *info = targinfo;
71 70
72 switch (info->mode) { 71 switch (info->mode) {
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c
index 170661674388..6322a933ab71 100644
--- a/net/netfilter/xt_DSCP.c
+++ b/net/netfilter/xt_DSCP.c
@@ -25,7 +25,7 @@ MODULE_LICENSE("GPL");
25MODULE_ALIAS("ipt_DSCP"); 25MODULE_ALIAS("ipt_DSCP");
26MODULE_ALIAS("ip6t_DSCP"); 26MODULE_ALIAS("ip6t_DSCP");
27 27
28static unsigned int target(struct sk_buff **pskb, 28static unsigned int target(struct sk_buff *skb,
29 const struct net_device *in, 29 const struct net_device *in,
30 const struct net_device *out, 30 const struct net_device *out,
31 unsigned int hooknum, 31 unsigned int hooknum,
@@ -33,20 +33,20 @@ static unsigned int target(struct sk_buff **pskb,
33 const void *targinfo) 33 const void *targinfo)
34{ 34{
35 const struct xt_DSCP_info *dinfo = targinfo; 35 const struct xt_DSCP_info *dinfo = targinfo;
36 u_int8_t dscp = ipv4_get_dsfield(ip_hdr(*pskb)) >> XT_DSCP_SHIFT; 36 u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT;
37 37
38 if (dscp != dinfo->dscp) { 38 if (dscp != dinfo->dscp) {
39 if (!skb_make_writable(*pskb, sizeof(struct iphdr))) 39 if (!skb_make_writable(skb, sizeof(struct iphdr)))
40 return NF_DROP; 40 return NF_DROP;
41 41
42 ipv4_change_dsfield(ip_hdr(*pskb), (__u8)(~XT_DSCP_MASK), 42 ipv4_change_dsfield(ip_hdr(skb), (__u8)(~XT_DSCP_MASK),
43 dinfo->dscp << XT_DSCP_SHIFT); 43 dinfo->dscp << XT_DSCP_SHIFT);
44 44
45 } 45 }
46 return XT_CONTINUE; 46 return XT_CONTINUE;
47} 47}
48 48
49static unsigned int target6(struct sk_buff **pskb, 49static unsigned int target6(struct sk_buff *skb,
50 const struct net_device *in, 50 const struct net_device *in,
51 const struct net_device *out, 51 const struct net_device *out,
52 unsigned int hooknum, 52 unsigned int hooknum,
@@ -54,13 +54,13 @@ static unsigned int target6(struct sk_buff **pskb,
54 const void *targinfo) 54 const void *targinfo)
55{ 55{
56 const struct xt_DSCP_info *dinfo = targinfo; 56 const struct xt_DSCP_info *dinfo = targinfo;
57 u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(*pskb)) >> XT_DSCP_SHIFT; 57 u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT;
58 58
59 if (dscp != dinfo->dscp) { 59 if (dscp != dinfo->dscp) {
60 if (!skb_make_writable(*pskb, sizeof(struct ipv6hdr))) 60 if (!skb_make_writable(skb, sizeof(struct ipv6hdr)))
61 return NF_DROP; 61 return NF_DROP;
62 62
63 ipv6_change_dsfield(ipv6_hdr(*pskb), (__u8)(~XT_DSCP_MASK), 63 ipv6_change_dsfield(ipv6_hdr(skb), (__u8)(~XT_DSCP_MASK),
64 dinfo->dscp << XT_DSCP_SHIFT); 64 dinfo->dscp << XT_DSCP_SHIFT);
65 } 65 }
66 return XT_CONTINUE; 66 return XT_CONTINUE;
diff --git a/net/netfilter/xt_MARK.c b/net/netfilter/xt_MARK.c
index f30fe0baf7de..bc6503d77d75 100644
--- a/net/netfilter/xt_MARK.c
+++ b/net/netfilter/xt_MARK.c
@@ -22,7 +22,7 @@ MODULE_ALIAS("ipt_MARK");
22MODULE_ALIAS("ip6t_MARK"); 22MODULE_ALIAS("ip6t_MARK");
23 23
24static unsigned int 24static unsigned int
25target_v0(struct sk_buff **pskb, 25target_v0(struct sk_buff *skb,
26 const struct net_device *in, 26 const struct net_device *in,
27 const struct net_device *out, 27 const struct net_device *out,
28 unsigned int hooknum, 28 unsigned int hooknum,
@@ -31,12 +31,12 @@ target_v0(struct sk_buff **pskb,
31{ 31{
32 const struct xt_mark_target_info *markinfo = targinfo; 32 const struct xt_mark_target_info *markinfo = targinfo;
33 33
34 (*pskb)->mark = markinfo->mark; 34 skb->mark = markinfo->mark;
35 return XT_CONTINUE; 35 return XT_CONTINUE;
36} 36}
37 37
38static unsigned int 38static unsigned int
39target_v1(struct sk_buff **pskb, 39target_v1(struct sk_buff *skb,
40 const struct net_device *in, 40 const struct net_device *in,
41 const struct net_device *out, 41 const struct net_device *out,
42 unsigned int hooknum, 42 unsigned int hooknum,
@@ -52,15 +52,15 @@ target_v1(struct sk_buff **pskb,
52 break; 52 break;
53 53
54 case XT_MARK_AND: 54 case XT_MARK_AND:
55 mark = (*pskb)->mark & markinfo->mark; 55 mark = skb->mark & markinfo->mark;
56 break; 56 break;
57 57
58 case XT_MARK_OR: 58 case XT_MARK_OR:
59 mark = (*pskb)->mark | markinfo->mark; 59 mark = skb->mark | markinfo->mark;
60 break; 60 break;
61 } 61 }
62 62
63 (*pskb)->mark = mark; 63 skb->mark = mark;
64 return XT_CONTINUE; 64 return XT_CONTINUE;
65} 65}
66 66
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
index d3594c7ccb26..9fb449ffbf8b 100644
--- a/net/netfilter/xt_NFLOG.c
+++ b/net/netfilter/xt_NFLOG.c
@@ -20,7 +20,7 @@ MODULE_ALIAS("ipt_NFLOG");
20MODULE_ALIAS("ip6t_NFLOG"); 20MODULE_ALIAS("ip6t_NFLOG");
21 21
22static unsigned int 22static unsigned int
23nflog_target(struct sk_buff **pskb, 23nflog_target(struct sk_buff *skb,
24 const struct net_device *in, const struct net_device *out, 24 const struct net_device *in, const struct net_device *out,
25 unsigned int hooknum, const struct xt_target *target, 25 unsigned int hooknum, const struct xt_target *target,
26 const void *targinfo) 26 const void *targinfo)
@@ -33,7 +33,7 @@ nflog_target(struct sk_buff **pskb,
33 li.u.ulog.group = info->group; 33 li.u.ulog.group = info->group;
34 li.u.ulog.qthreshold = info->threshold; 34 li.u.ulog.qthreshold = info->threshold;
35 35
36 nf_log_packet(target->family, hooknum, *pskb, in, out, &li, 36 nf_log_packet(target->family, hooknum, skb, in, out, &li,
37 "%s", info->prefix); 37 "%s", info->prefix);
38 return XT_CONTINUE; 38 return XT_CONTINUE;
39} 39}
diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c
index 13f59f3e8c38..c3984e9f766a 100644
--- a/net/netfilter/xt_NFQUEUE.c
+++ b/net/netfilter/xt_NFQUEUE.c
@@ -24,7 +24,7 @@ MODULE_ALIAS("ip6t_NFQUEUE");
24MODULE_ALIAS("arpt_NFQUEUE"); 24MODULE_ALIAS("arpt_NFQUEUE");
25 25
26static unsigned int 26static unsigned int
27target(struct sk_buff **pskb, 27target(struct sk_buff *skb,
28 const struct net_device *in, 28 const struct net_device *in,
29 const struct net_device *out, 29 const struct net_device *out,
30 unsigned int hooknum, 30 unsigned int hooknum,
diff --git a/net/netfilter/xt_NOTRACK.c b/net/netfilter/xt_NOTRACK.c
index fec1aefb1c32..4976ce186615 100644
--- a/net/netfilter/xt_NOTRACK.c
+++ b/net/netfilter/xt_NOTRACK.c
@@ -12,7 +12,7 @@ MODULE_ALIAS("ipt_NOTRACK");
12MODULE_ALIAS("ip6t_NOTRACK"); 12MODULE_ALIAS("ip6t_NOTRACK");
13 13
14static unsigned int 14static unsigned int
15target(struct sk_buff **pskb, 15target(struct sk_buff *skb,
16 const struct net_device *in, 16 const struct net_device *in,
17 const struct net_device *out, 17 const struct net_device *out,
18 unsigned int hooknum, 18 unsigned int hooknum,
@@ -20,16 +20,16 @@ target(struct sk_buff **pskb,
20 const void *targinfo) 20 const void *targinfo)
21{ 21{
22 /* Previously seen (loopback)? Ignore. */ 22 /* Previously seen (loopback)? Ignore. */
23 if ((*pskb)->nfct != NULL) 23 if (skb->nfct != NULL)
24 return XT_CONTINUE; 24 return XT_CONTINUE;
25 25
26 /* Attach fake conntrack entry. 26 /* Attach fake conntrack entry.
27 If there is a real ct entry correspondig to this packet, 27 If there is a real ct entry correspondig to this packet,
28 it'll hang aroun till timing out. We don't deal with it 28 it'll hang aroun till timing out. We don't deal with it
29 for performance reasons. JK */ 29 for performance reasons. JK */
30 (*pskb)->nfct = &nf_conntrack_untracked.ct_general; 30 skb->nfct = &nf_conntrack_untracked.ct_general;
31 (*pskb)->nfctinfo = IP_CT_NEW; 31 skb->nfctinfo = IP_CT_NEW;
32 nf_conntrack_get((*pskb)->nfct); 32 nf_conntrack_get(skb->nfct);
33 33
34 return XT_CONTINUE; 34 return XT_CONTINUE;
35} 35}
diff --git a/net/netfilter/xt_SECMARK.c b/net/netfilter/xt_SECMARK.c
index c83779a941a1..235806eb6ecd 100644
--- a/net/netfilter/xt_SECMARK.c
+++ b/net/netfilter/xt_SECMARK.c
@@ -28,7 +28,7 @@ MODULE_ALIAS("ip6t_SECMARK");
28 28
29static u8 mode; 29static u8 mode;
30 30
31static unsigned int target(struct sk_buff **pskb, const struct net_device *in, 31static unsigned int target(struct sk_buff *skb, const struct net_device *in,
32 const struct net_device *out, unsigned int hooknum, 32 const struct net_device *out, unsigned int hooknum,
33 const struct xt_target *target, 33 const struct xt_target *target,
34 const void *targinfo) 34 const void *targinfo)
@@ -47,7 +47,7 @@ static unsigned int target(struct sk_buff **pskb, const struct net_device *in,
47 BUG(); 47 BUG();
48 } 48 }
49 49
50 (*pskb)->secmark = secmark; 50 skb->secmark = secmark;
51 return XT_CONTINUE; 51 return XT_CONTINUE;
52} 52}
53 53
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
index f111edf5f775..07435a602b11 100644
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -39,7 +39,7 @@ optlen(const u_int8_t *opt, unsigned int offset)
39} 39}
40 40
41static int 41static int
42tcpmss_mangle_packet(struct sk_buff **pskb, 42tcpmss_mangle_packet(struct sk_buff *skb,
43 const struct xt_tcpmss_info *info, 43 const struct xt_tcpmss_info *info,
44 unsigned int tcphoff, 44 unsigned int tcphoff,
45 unsigned int minlen) 45 unsigned int minlen)
@@ -50,11 +50,11 @@ tcpmss_mangle_packet(struct sk_buff **pskb,
50 u16 newmss; 50 u16 newmss;
51 u8 *opt; 51 u8 *opt;
52 52
53 if (!skb_make_writable(*pskb, (*pskb)->len)) 53 if (!skb_make_writable(skb, skb->len))
54 return -1; 54 return -1;
55 55
56 tcplen = (*pskb)->len - tcphoff; 56 tcplen = skb->len - tcphoff;
57 tcph = (struct tcphdr *)(skb_network_header(*pskb) + tcphoff); 57 tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff);
58 58
59 /* Since it passed flags test in tcp match, we know it is is 59 /* Since it passed flags test in tcp match, we know it is is
60 not a fragment, and has data >= tcp header length. SYN 60 not a fragment, and has data >= tcp header length. SYN
@@ -64,19 +64,19 @@ tcpmss_mangle_packet(struct sk_buff **pskb,
64 if (tcplen != tcph->doff*4) { 64 if (tcplen != tcph->doff*4) {
65 if (net_ratelimit()) 65 if (net_ratelimit())
66 printk(KERN_ERR "xt_TCPMSS: bad length (%u bytes)\n", 66 printk(KERN_ERR "xt_TCPMSS: bad length (%u bytes)\n",
67 (*pskb)->len); 67 skb->len);
68 return -1; 68 return -1;
69 } 69 }
70 70
71 if (info->mss == XT_TCPMSS_CLAMP_PMTU) { 71 if (info->mss == XT_TCPMSS_CLAMP_PMTU) {
72 if (dst_mtu((*pskb)->dst) <= minlen) { 72 if (dst_mtu(skb->dst) <= minlen) {
73 if (net_ratelimit()) 73 if (net_ratelimit())
74 printk(KERN_ERR "xt_TCPMSS: " 74 printk(KERN_ERR "xt_TCPMSS: "
75 "unknown or invalid path-MTU (%u)\n", 75 "unknown or invalid path-MTU (%u)\n",
76 dst_mtu((*pskb)->dst)); 76 dst_mtu(skb->dst));
77 return -1; 77 return -1;
78 } 78 }
79 newmss = dst_mtu((*pskb)->dst) - minlen; 79 newmss = dst_mtu(skb->dst) - minlen;
80 } else 80 } else
81 newmss = info->mss; 81 newmss = info->mss;
82 82
@@ -95,7 +95,7 @@ tcpmss_mangle_packet(struct sk_buff **pskb,
95 opt[i+2] = (newmss & 0xff00) >> 8; 95 opt[i+2] = (newmss & 0xff00) >> 8;
96 opt[i+3] = newmss & 0x00ff; 96 opt[i+3] = newmss & 0x00ff;
97 97
98 nf_proto_csum_replace2(&tcph->check, *pskb, 98 nf_proto_csum_replace2(&tcph->check, skb,
99 htons(oldmss), htons(newmss), 0); 99 htons(oldmss), htons(newmss), 0);
100 return 0; 100 return 0;
101 } 101 }
@@ -104,53 +104,53 @@ tcpmss_mangle_packet(struct sk_buff **pskb,
104 /* 104 /*
105 * MSS Option not found ?! add it.. 105 * MSS Option not found ?! add it..
106 */ 106 */
107 if (skb_tailroom((*pskb)) < TCPOLEN_MSS) { 107 if (skb_tailroom(skb) < TCPOLEN_MSS) {
108 if (pskb_expand_head(*pskb, 0, 108 if (pskb_expand_head(skb, 0,
109 TCPOLEN_MSS - skb_tailroom(*pskb), 109 TCPOLEN_MSS - skb_tailroom(skb),
110 GFP_ATOMIC)) 110 GFP_ATOMIC))
111 return -1; 111 return -1;
112 tcph = (struct tcphdr *)(skb_network_header(*pskb) + tcphoff); 112 tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff);
113 } 113 }
114 114
115 skb_put((*pskb), TCPOLEN_MSS); 115 skb_put(skb, TCPOLEN_MSS);
116 116
117 opt = (u_int8_t *)tcph + sizeof(struct tcphdr); 117 opt = (u_int8_t *)tcph + sizeof(struct tcphdr);
118 memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr)); 118 memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr));
119 119
120 nf_proto_csum_replace2(&tcph->check, *pskb, 120 nf_proto_csum_replace2(&tcph->check, skb,
121 htons(tcplen), htons(tcplen + TCPOLEN_MSS), 1); 121 htons(tcplen), htons(tcplen + TCPOLEN_MSS), 1);
122 opt[0] = TCPOPT_MSS; 122 opt[0] = TCPOPT_MSS;
123 opt[1] = TCPOLEN_MSS; 123 opt[1] = TCPOLEN_MSS;
124 opt[2] = (newmss & 0xff00) >> 8; 124 opt[2] = (newmss & 0xff00) >> 8;
125 opt[3] = newmss & 0x00ff; 125 opt[3] = newmss & 0x00ff;
126 126
127 nf_proto_csum_replace4(&tcph->check, *pskb, 0, *((__be32 *)opt), 0); 127 nf_proto_csum_replace4(&tcph->check, skb, 0, *((__be32 *)opt), 0);
128 128
129 oldval = ((__be16 *)tcph)[6]; 129 oldval = ((__be16 *)tcph)[6];
130 tcph->doff += TCPOLEN_MSS/4; 130 tcph->doff += TCPOLEN_MSS/4;
131 nf_proto_csum_replace2(&tcph->check, *pskb, 131 nf_proto_csum_replace2(&tcph->check, skb,
132 oldval, ((__be16 *)tcph)[6], 0); 132 oldval, ((__be16 *)tcph)[6], 0);
133 return TCPOLEN_MSS; 133 return TCPOLEN_MSS;
134} 134}
135 135
136static unsigned int 136static unsigned int
137xt_tcpmss_target4(struct sk_buff **pskb, 137xt_tcpmss_target4(struct sk_buff *skb,
138 const struct net_device *in, 138 const struct net_device *in,
139 const struct net_device *out, 139 const struct net_device *out,
140 unsigned int hooknum, 140 unsigned int hooknum,
141 const struct xt_target *target, 141 const struct xt_target *target,
142 const void *targinfo) 142 const void *targinfo)
143{ 143{
144 struct iphdr *iph = ip_hdr(*pskb); 144 struct iphdr *iph = ip_hdr(skb);
145 __be16 newlen; 145 __be16 newlen;
146 int ret; 146 int ret;
147 147
148 ret = tcpmss_mangle_packet(pskb, targinfo, iph->ihl * 4, 148 ret = tcpmss_mangle_packet(skb, targinfo, iph->ihl * 4,
149 sizeof(*iph) + sizeof(struct tcphdr)); 149 sizeof(*iph) + sizeof(struct tcphdr));
150 if (ret < 0) 150 if (ret < 0)
151 return NF_DROP; 151 return NF_DROP;
152 if (ret > 0) { 152 if (ret > 0) {
153 iph = ip_hdr(*pskb); 153 iph = ip_hdr(skb);
154 newlen = htons(ntohs(iph->tot_len) + ret); 154 newlen = htons(ntohs(iph->tot_len) + ret);
155 nf_csum_replace2(&iph->check, iph->tot_len, newlen); 155 nf_csum_replace2(&iph->check, iph->tot_len, newlen);
156 iph->tot_len = newlen; 156 iph->tot_len = newlen;
@@ -160,30 +160,30 @@ xt_tcpmss_target4(struct sk_buff **pskb,
160 160
161#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) 161#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
162static unsigned int 162static unsigned int
163xt_tcpmss_target6(struct sk_buff **pskb, 163xt_tcpmss_target6(struct sk_buff *skb,
164 const struct net_device *in, 164 const struct net_device *in,
165 const struct net_device *out, 165 const struct net_device *out,
166 unsigned int hooknum, 166 unsigned int hooknum,
167 const struct xt_target *target, 167 const struct xt_target *target,
168 const void *targinfo) 168 const void *targinfo)
169{ 169{
170 struct ipv6hdr *ipv6h = ipv6_hdr(*pskb); 170 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
171 u8 nexthdr; 171 u8 nexthdr;
172 int tcphoff; 172 int tcphoff;
173 int ret; 173 int ret;
174 174
175 nexthdr = ipv6h->nexthdr; 175 nexthdr = ipv6h->nexthdr;
176 tcphoff = ipv6_skip_exthdr(*pskb, sizeof(*ipv6h), &nexthdr); 176 tcphoff = ipv6_skip_exthdr(skb, sizeof(*ipv6h), &nexthdr);
177 if (tcphoff < 0) { 177 if (tcphoff < 0) {
178 WARN_ON(1); 178 WARN_ON(1);
179 return NF_DROP; 179 return NF_DROP;
180 } 180 }
181 ret = tcpmss_mangle_packet(pskb, targinfo, tcphoff, 181 ret = tcpmss_mangle_packet(skb, targinfo, tcphoff,
182 sizeof(*ipv6h) + sizeof(struct tcphdr)); 182 sizeof(*ipv6h) + sizeof(struct tcphdr));
183 if (ret < 0) 183 if (ret < 0)
184 return NF_DROP; 184 return NF_DROP;
185 if (ret > 0) { 185 if (ret > 0) {
186 ipv6h = ipv6_hdr(*pskb); 186 ipv6h = ipv6_hdr(skb);
187 ipv6h->payload_len = htons(ntohs(ipv6h->payload_len) + ret); 187 ipv6h->payload_len = htons(ntohs(ipv6h->payload_len) + ret);
188 } 188 }
189 return XT_CONTINUE; 189 return XT_CONTINUE;
diff --git a/net/netfilter/xt_TRACE.c b/net/netfilter/xt_TRACE.c
index 4df2dedcc0b5..26c5d08ab2c2 100644
--- a/net/netfilter/xt_TRACE.c
+++ b/net/netfilter/xt_TRACE.c
@@ -10,14 +10,14 @@ MODULE_ALIAS("ipt_TRACE");
10MODULE_ALIAS("ip6t_TRACE"); 10MODULE_ALIAS("ip6t_TRACE");
11 11
12static unsigned int 12static unsigned int
13target(struct sk_buff **pskb, 13target(struct sk_buff *skb,
14 const struct net_device *in, 14 const struct net_device *in,
15 const struct net_device *out, 15 const struct net_device *out,
16 unsigned int hooknum, 16 unsigned int hooknum,
17 const struct xt_target *target, 17 const struct xt_target *target,
18 const void *targinfo) 18 const void *targinfo)
19{ 19{
20 (*pskb)->nf_trace = 1; 20 skb->nf_trace = 1;
21 return XT_CONTINUE; 21 return XT_CONTINUE;
22} 22}
23 23
diff --git a/net/sched/act_ipt.c b/net/sched/act_ipt.c
index 6b407ece953c..fa006e06ce33 100644
--- a/net/sched/act_ipt.c
+++ b/net/sched/act_ipt.c
@@ -202,11 +202,7 @@ static int tcf_ipt(struct sk_buff *skb, struct tc_action *a,
202 /* yes, we have to worry about both in and out dev 202 /* yes, we have to worry about both in and out dev
203 worry later - danger - this API seems to have changed 203 worry later - danger - this API seems to have changed
204 from earlier kernels */ 204 from earlier kernels */
205 205 ret = ipt->tcfi_t->u.kernel.target->target(skb, skb->dev, NULL,
206 /* iptables targets take a double skb pointer in case the skb
207 * needs to be replaced. We don't own the skb, so this must not
208 * happen. The pskb_expand_head above should make sure of this */
209 ret = ipt->tcfi_t->u.kernel.target->target(&skb, skb->dev, NULL,
210 ipt->tcfi_hook, 206 ipt->tcfi_hook,
211 ipt->tcfi_t->u.kernel.target, 207 ipt->tcfi_t->u.kernel.target,
212 ipt->tcfi_t->data); 208 ipt->tcfi_t->data);
diff --git a/net/sched/sch_ingress.c b/net/sched/sch_ingress.c
index 2d32fd27496e..3f8335e6ea2e 100644
--- a/net/sched/sch_ingress.c
+++ b/net/sched/sch_ingress.c
@@ -205,20 +205,19 @@ static unsigned int ingress_drop(struct Qdisc *sch)
205#ifndef CONFIG_NET_CLS_ACT 205#ifndef CONFIG_NET_CLS_ACT
206#ifdef CONFIG_NETFILTER 206#ifdef CONFIG_NETFILTER
207static unsigned int 207static unsigned int
208ing_hook(unsigned int hook, struct sk_buff **pskb, 208ing_hook(unsigned int hook, struct sk_buff *skb,
209 const struct net_device *indev, 209 const struct net_device *indev,
210 const struct net_device *outdev, 210 const struct net_device *outdev,
211 int (*okfn)(struct sk_buff *)) 211 int (*okfn)(struct sk_buff *))
212{ 212{
213 213
214 struct Qdisc *q; 214 struct Qdisc *q;
215 struct sk_buff *skb = *pskb;
216 struct net_device *dev = skb->dev; 215 struct net_device *dev = skb->dev;
217 int fwres=NF_ACCEPT; 216 int fwres=NF_ACCEPT;
218 217
219 DPRINTK("ing_hook: skb %s dev=%s len=%u\n", 218 DPRINTK("ing_hook: skb %s dev=%s len=%u\n",
220 skb->sk ? "(owned)" : "(unowned)", 219 skb->sk ? "(owned)" : "(unowned)",
221 skb->dev ? (*pskb)->dev->name : "(no dev)", 220 skb->dev ? skb->dev->name : "(no dev)",
222 skb->len); 221 skb->len);
223 222
224 if (dev->qdisc_ingress) { 223 if (dev->qdisc_ingress) {
generated by cgit v1.2.2 (git 2.25.0) at 2024-09-20 15:28:24 -0400