[NETFILTER]: Replace sk_buff ** with sk_buff *

+1 -1

include/linux/if_bridge.h

··· 107 107 extern void brioctl_set(int (*ioctl_hook)(struct net *, unsigned int, void __user *)); 108 108 extern struct sk_buff *(*br_handle_frame_hook)(struct net_bridge_port *p, 109 109 struct sk_buff *skb); 110 - extern int (*br_should_route_hook)(struct sk_buff **pskb); 110 + extern int (*br_should_route_hook)(struct sk_buff *skb); 111 111 112 112 #endif 113 113

+12 -12

include/linux/netfilter.h

··· 51 51 struct net_device; 52 52 53 53 typedef unsigned int nf_hookfn(unsigned int hooknum, 54 - struct sk_buff **skb, 54 + struct sk_buff *skb, 55 55 const struct net_device *in, 56 56 const struct net_device *out, 57 57 int (*okfn)(struct sk_buff *)); ··· 183 183 struct nf_loginfo *li, 184 184 const char *fmt, ...); 185 185 186 - int nf_hook_slow(int pf, unsigned int hook, struct sk_buff **pskb, 186 + int nf_hook_slow(int pf, unsigned int hook, struct sk_buff *skb, 187 187 struct net_device *indev, struct net_device *outdev, 188 188 int (*okfn)(struct sk_buff *), int thresh); 189 189 ··· 195 195 * value indicates the packet has been consumed by the hook. 196 196 */ 197 197 static inline int nf_hook_thresh(int pf, unsigned int hook, 198 - struct sk_buff **pskb, 198 + struct sk_buff *skb, 199 199 struct net_device *indev, 200 200 struct net_device *outdev, 201 201 int (*okfn)(struct sk_buff *), int thresh, ··· 207 207 if (list_empty(&nf_hooks[pf][hook])) 208 208 return 1; 209 209 #endif 210 - return nf_hook_slow(pf, hook, pskb, indev, outdev, okfn, thresh); 210 + return nf_hook_slow(pf, hook, skb, indev, outdev, okfn, thresh); 211 211 } 212 212 213 - static inline int nf_hook(int pf, unsigned int hook, struct sk_buff **pskb, 213 + static inline int nf_hook(int pf, unsigned int hook, struct sk_buff *skb, 214 214 struct net_device *indev, struct net_device *outdev, 215 215 int (*okfn)(struct sk_buff *)) 216 216 { 217 - return nf_hook_thresh(pf, hook, pskb, indev, outdev, okfn, INT_MIN, 1); 217 + return nf_hook_thresh(pf, hook, skb, indev, outdev, okfn, INT_MIN, 1); 218 218 } 219 219 220 220 /* Activate hook; either okfn or kfree_skb called, unless a hook ··· 241 241 242 242 #define NF_HOOK_THRESH(pf, hook, skb, indev, outdev, okfn, thresh) \ 243 243 ({int __ret; \ 244 - if ((__ret=nf_hook_thresh(pf, hook, &(skb), indev, outdev, okfn, thresh, 1)) == 1)\ 244 + if ((__ret=nf_hook_thresh(pf, hook, (skb), indev, outdev, okfn, thresh, 1)) == 1)\ 245 245 __ret = (okfn)(skb); \ 246 246 __ret;}) 247 247 248 248 #define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) \ 249 249 ({int __ret; \ 250 - if ((__ret=nf_hook_thresh(pf, hook, &(skb), indev, outdev, okfn, INT_MIN, cond)) == 1)\ 250 + if ((__ret=nf_hook_thresh(pf, hook, (skb), indev, outdev, okfn, INT_MIN, cond)) == 1)\ 251 251 __ret = (okfn)(skb); \ 252 252 __ret;}) 253 253 ··· 317 317 unsigned int dataoff, u_int8_t protocol); 318 318 void (*saveroute)(const struct sk_buff *skb, 319 319 struct nf_info *info); 320 - int (*reroute)(struct sk_buff **skb, 320 + int (*reroute)(struct sk_buff *skb, 321 321 const struct nf_info *info); 322 322 int route_key_size; 323 323 }; ··· 371 371 #define NF_HOOK(pf, hook, skb, indev, outdev, okfn) (okfn)(skb) 372 372 #define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) (okfn)(skb) 373 373 static inline int nf_hook_thresh(int pf, unsigned int hook, 374 - struct sk_buff **pskb, 374 + struct sk_buff *skb, 375 375 struct net_device *indev, 376 376 struct net_device *outdev, 377 377 int (*okfn)(struct sk_buff *), int thresh, 378 378 int cond) 379 379 { 380 - return okfn(*pskb); 380 + return okfn(skb); 381 381 } 382 - static inline int nf_hook(int pf, unsigned int hook, struct sk_buff **pskb, 382 + static inline int nf_hook(int pf, unsigned int hook, struct sk_buff *skb, 383 383 struct net_device *indev, struct net_device *outdev, 384 384 int (*okfn)(struct sk_buff *)) 385 385 {

+1 -1

include/linux/netfilter/nf_conntrack_amanda.h

··· 2 2 #define _NF_CONNTRACK_AMANDA_H 3 3 /* AMANDA tracking. */ 4 4 5 - extern unsigned int (*nf_nat_amanda_hook)(struct sk_buff **pskb, 5 + extern unsigned int (*nf_nat_amanda_hook)(struct sk_buff *skb, 6 6 enum ip_conntrack_info ctinfo, 7 7 unsigned int matchoff, 8 8 unsigned int matchlen,

+1 -1

include/linux/netfilter/nf_conntrack_ftp.h

··· 32 32 33 33 /* For NAT to hook in when we find a packet which describes what other 34 34 * connection we should expect. */ 35 - extern unsigned int (*nf_nat_ftp_hook)(struct sk_buff **pskb, 35 + extern unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb, 36 36 enum ip_conntrack_info ctinfo, 37 37 enum nf_ct_ftp_type type, 38 38 unsigned int matchoff,

+9 -9

include/linux/netfilter/nf_conntrack_h323.h

··· 36 36 struct nf_conntrack_expect *this); 37 37 extern void nf_conntrack_q931_expect(struct nf_conn *new, 38 38 struct nf_conntrack_expect *this); 39 - extern int (*set_h245_addr_hook) (struct sk_buff **pskb, 39 + extern int (*set_h245_addr_hook) (struct sk_buff *skb, 40 40 unsigned char **data, int dataoff, 41 41 H245_TransportAddress *taddr, 42 42 union nf_conntrack_address *addr, 43 43 __be16 port); 44 - extern int (*set_h225_addr_hook) (struct sk_buff **pskb, 44 + extern int (*set_h225_addr_hook) (struct sk_buff *skb, 45 45 unsigned char **data, int dataoff, 46 46 TransportAddress *taddr, 47 47 union nf_conntrack_address *addr, 48 48 __be16 port); 49 - extern int (*set_sig_addr_hook) (struct sk_buff **pskb, 49 + extern int (*set_sig_addr_hook) (struct sk_buff *skb, 50 50 struct nf_conn *ct, 51 51 enum ip_conntrack_info ctinfo, 52 52 unsigned char **data, 53 53 TransportAddress *taddr, int count); 54 - extern int (*set_ras_addr_hook) (struct sk_buff **pskb, 54 + extern int (*set_ras_addr_hook) (struct sk_buff *skb, 55 55 struct nf_conn *ct, 56 56 enum ip_conntrack_info ctinfo, 57 57 unsigned char **data, 58 58 TransportAddress *taddr, int count); 59 - extern int (*nat_rtp_rtcp_hook) (struct sk_buff **pskb, 59 + extern int (*nat_rtp_rtcp_hook) (struct sk_buff *skb, 60 60 struct nf_conn *ct, 61 61 enum ip_conntrack_info ctinfo, 62 62 unsigned char **data, int dataoff, ··· 64 64 __be16 port, __be16 rtp_port, 65 65 struct nf_conntrack_expect *rtp_exp, 66 66 struct nf_conntrack_expect *rtcp_exp); 67 - extern int (*nat_t120_hook) (struct sk_buff **pskb, struct nf_conn *ct, 67 + extern int (*nat_t120_hook) (struct sk_buff *skb, struct nf_conn *ct, 68 68 enum ip_conntrack_info ctinfo, 69 69 unsigned char **data, int dataoff, 70 70 H245_TransportAddress *taddr, __be16 port, 71 71 struct nf_conntrack_expect *exp); 72 - extern int (*nat_h245_hook) (struct sk_buff **pskb, struct nf_conn *ct, 72 + extern int (*nat_h245_hook) (struct sk_buff *skb, struct nf_conn *ct, 73 73 enum ip_conntrack_info ctinfo, 74 74 unsigned char **data, int dataoff, 75 75 TransportAddress *taddr, __be16 port, 76 76 struct nf_conntrack_expect *exp); 77 - extern int (*nat_callforwarding_hook) (struct sk_buff **pskb, 77 + extern int (*nat_callforwarding_hook) (struct sk_buff *skb, 78 78 struct nf_conn *ct, 79 79 enum ip_conntrack_info ctinfo, 80 80 unsigned char **data, int dataoff, 81 81 TransportAddress *taddr, 82 82 __be16 port, 83 83 struct nf_conntrack_expect *exp); 84 - extern int (*nat_q931_hook) (struct sk_buff **pskb, struct nf_conn *ct, 84 + extern int (*nat_q931_hook) (struct sk_buff *skb, struct nf_conn *ct, 85 85 enum ip_conntrack_info ctinfo, 86 86 unsigned char **data, TransportAddress *taddr, 87 87 int idx, __be16 port,

+1 -1

include/linux/netfilter/nf_conntrack_irc.h

··· 5 5 6 6 #define IRC_PORT 6667 7 7 8 - extern unsigned int (*nf_nat_irc_hook)(struct sk_buff **pskb, 8 + extern unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb, 9 9 enum ip_conntrack_info ctinfo, 10 10 unsigned int matchoff, 11 11 unsigned int matchlen,

+2 -2

include/linux/netfilter/nf_conntrack_pptp.h

··· 301 301 struct nf_conntrack_expect; 302 302 303 303 extern int 304 - (*nf_nat_pptp_hook_outbound)(struct sk_buff **pskb, 304 + (*nf_nat_pptp_hook_outbound)(struct sk_buff *skb, 305 305 struct nf_conn *ct, enum ip_conntrack_info ctinfo, 306 306 struct PptpControlHeader *ctlh, 307 307 union pptp_ctrl_union *pptpReq); 308 308 309 309 extern int 310 - (*nf_nat_pptp_hook_inbound)(struct sk_buff **pskb, 310 + (*nf_nat_pptp_hook_inbound)(struct sk_buff *skb, 311 311 struct nf_conn *ct, enum ip_conntrack_info ctinfo, 312 312 struct PptpControlHeader *ctlh, 313 313 union pptp_ctrl_union *pptpReq);

+2 -2

include/linux/netfilter/nf_conntrack_sip.h

··· 21 21 POS_SDP_HEADER, 22 22 }; 23 23 24 - extern unsigned int (*nf_nat_sip_hook)(struct sk_buff **pskb, 24 + extern unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb, 25 25 enum ip_conntrack_info ctinfo, 26 26 struct nf_conn *ct, 27 27 const char **dptr); 28 - extern unsigned int (*nf_nat_sdp_hook)(struct sk_buff **pskb, 28 + extern unsigned int (*nf_nat_sdp_hook)(struct sk_buff *skb, 29 29 enum ip_conntrack_info ctinfo, 30 30 struct nf_conntrack_expect *exp, 31 31 const char *dptr);

+1 -1

include/linux/netfilter/nf_conntrack_tftp.h

··· 13 13 #define TFTP_OPCODE_ACK 4 14 14 #define TFTP_OPCODE_ERROR 5 15 15 16 - extern unsigned int (*nf_nat_tftp_hook)(struct sk_buff **pskb, 16 + extern unsigned int (*nf_nat_tftp_hook)(struct sk_buff *skb, 17 17 enum ip_conntrack_info ctinfo, 18 18 struct nf_conntrack_expect *exp); 19 19

+1 -1

include/linux/netfilter/x_tables.h

··· 191 191 /* Returns verdict. Argument order changed since 2.6.9, as this 192 192 must now handle non-linear skbs, using skb_copy_bits and 193 193 skb_ip_make_writable. */ 194 - unsigned int (*target)(struct sk_buff **pskb, 194 + unsigned int (*target)(struct sk_buff *skb, 195 195 const struct net_device *in, 196 196 const struct net_device *out, 197 197 unsigned int hooknum,

+1 -1

include/linux/netfilter_arp/arp_tables.h

··· 287 287 extern int arpt_register_table(struct arpt_table *table, 288 288 const struct arpt_replace *repl); 289 289 extern void arpt_unregister_table(struct arpt_table *table); 290 - extern unsigned int arpt_do_table(struct sk_buff **pskb, 290 + extern unsigned int arpt_do_table(struct sk_buff *skb, 291 291 unsigned int hook, 292 292 const struct net_device *in, 293 293 const struct net_device *out,

+2 -2

include/linux/netfilter_bridge/ebtables.h

··· 237 237 struct list_head list; 238 238 const char name[EBT_FUNCTION_MAXNAMELEN]; 239 239 /* returns one of the standard verdicts */ 240 - int (*target)(struct sk_buff **pskb, unsigned int hooknr, 240 + int (*target)(struct sk_buff *skb, unsigned int hooknr, 241 241 const struct net_device *in, const struct net_device *out, 242 242 const void *targetdata, unsigned int datalen); 243 243 /* 0 == let it in */ ··· 294 294 extern void ebt_unregister_watcher(struct ebt_watcher *watcher); 295 295 extern int ebt_register_target(struct ebt_target *target); 296 296 extern void ebt_unregister_target(struct ebt_target *target); 297 - extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff **pskb, 297 + extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb, 298 298 const struct net_device *in, const struct net_device *out, 299 299 struct ebt_table *table); 300 300

+2 -2

include/linux/netfilter_ipv4.h

··· 75 75 #define SO_ORIGINAL_DST 80 76 76 77 77 #ifdef __KERNEL__ 78 - extern int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type); 79 - extern int ip_xfrm_me_harder(struct sk_buff **pskb); 78 + extern int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type); 79 + extern int ip_xfrm_me_harder(struct sk_buff *skb); 80 80 extern __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook, 81 81 unsigned int dataoff, u_int8_t protocol); 82 82 #endif /*__KERNEL__*/

+1 -1

include/linux/netfilter_ipv4/ip_tables.h

··· 337 337 .target.errorname = "ERROR", \ 338 338 } 339 339 340 - extern unsigned int ipt_do_table(struct sk_buff **pskb, 340 + extern unsigned int ipt_do_table(struct sk_buff *skb, 341 341 unsigned int hook, 342 342 const struct net_device *in, 343 343 const struct net_device *out,

+1 -1

include/linux/netfilter_ipv6/ip6_tables.h

··· 336 336 extern int ip6t_register_table(struct xt_table *table, 337 337 const struct ip6t_replace *repl); 338 338 extern void ip6t_unregister_table(struct xt_table *table); 339 - extern unsigned int ip6t_do_table(struct sk_buff **pskb, 339 + extern unsigned int ip6t_do_table(struct sk_buff *skb, 340 340 unsigned int hook, 341 341 const struct net_device *in, 342 342 const struct net_device *out,

+6 -6

include/net/ip_vs.h

··· 464 464 unsigned int proto_off, 465 465 int inverse); 466 466 467 - int (*snat_handler)(struct sk_buff **pskb, 467 + int (*snat_handler)(struct sk_buff *skb, 468 468 struct ip_vs_protocol *pp, struct ip_vs_conn *cp); 469 469 470 - int (*dnat_handler)(struct sk_buff **pskb, 470 + int (*dnat_handler)(struct sk_buff *skb, 471 471 struct ip_vs_protocol *pp, struct ip_vs_conn *cp); 472 472 473 473 int (*csum_check)(struct sk_buff *skb, struct ip_vs_protocol *pp); ··· 654 654 655 655 /* output hook: return false if can't linearize. diff set for TCP. */ 656 656 int (*pkt_out)(struct ip_vs_app *, struct ip_vs_conn *, 657 - struct sk_buff **, int *diff); 657 + struct sk_buff *, int *diff); 658 658 659 659 /* input hook: return false if can't linearize. diff set for TCP. */ 660 660 int (*pkt_in)(struct ip_vs_app *, struct ip_vs_conn *, 661 - struct sk_buff **, int *diff); 661 + struct sk_buff *, int *diff); 662 662 663 663 /* ip_vs_app initializer */ 664 664 int (*init_conn)(struct ip_vs_app *, struct ip_vs_conn *); ··· 832 832 extern int ip_vs_app_inc_get(struct ip_vs_app *inc); 833 833 extern void ip_vs_app_inc_put(struct ip_vs_app *inc); 834 834 835 - extern int ip_vs_app_pkt_out(struct ip_vs_conn *, struct sk_buff **pskb); 836 - extern int ip_vs_app_pkt_in(struct ip_vs_conn *, struct sk_buff **pskb); 835 + extern int ip_vs_app_pkt_out(struct ip_vs_conn *, struct sk_buff *skb); 836 + extern int ip_vs_app_pkt_in(struct ip_vs_conn *, struct sk_buff *skb); 837 837 extern int ip_vs_skb_replace(struct sk_buff *skb, gfp_t pri, 838 838 char *o_buf, int o_len, char *n_buf, int n_len); 839 839 extern int ip_vs_app_init(void);

+5 -5

include/net/netfilter/nf_conntrack_core.h

··· 22 22 of connection tracking. */ 23 23 extern unsigned int nf_conntrack_in(int pf, 24 24 unsigned int hooknum, 25 - struct sk_buff **pskb); 25 + struct sk_buff *skb); 26 26 27 27 extern int nf_conntrack_init(void); 28 28 extern void nf_conntrack_cleanup(void); ··· 60 60 extern struct nf_conntrack_tuple_hash * 61 61 nf_conntrack_find_get(const struct nf_conntrack_tuple *tuple); 62 62 63 - extern int __nf_conntrack_confirm(struct sk_buff **pskb); 63 + extern int __nf_conntrack_confirm(struct sk_buff *skb); 64 64 65 65 /* Confirm a connection: returns NF_DROP if packet must be dropped. */ 66 - static inline int nf_conntrack_confirm(struct sk_buff **pskb) 66 + static inline int nf_conntrack_confirm(struct sk_buff *skb) 67 67 { 68 - struct nf_conn *ct = (struct nf_conn *)(*pskb)->nfct; 68 + struct nf_conn *ct = (struct nf_conn *)skb->nfct; 69 69 int ret = NF_ACCEPT; 70 70 71 71 if (ct) { 72 72 if (!nf_ct_is_confirmed(ct) && !nf_ct_is_dying(ct)) 73 - ret = __nf_conntrack_confirm(pskb); 73 + ret = __nf_conntrack_confirm(skb); 74 74 nf_ct_deliver_cached_events(ct); 75 75 } 76 76 return ret;

+1 -1

include/net/netfilter/nf_conntrack_helper.h

··· 29 29 30 30 /* Function to call when data passes; return verdict, or -1 to 31 31 invalidate. */ 32 - int (*help)(struct sk_buff **pskb, 32 + int (*help)(struct sk_buff *skb, 33 33 unsigned int protoff, 34 34 struct nf_conn *ct, 35 35 enum ip_conntrack_info conntrackinfo);

+2 -2

include/net/netfilter/nf_nat_core.h

··· 10 10 extern unsigned int nf_nat_packet(struct nf_conn *ct, 11 11 enum ip_conntrack_info ctinfo, 12 12 unsigned int hooknum, 13 - struct sk_buff **pskb); 13 + struct sk_buff *skb); 14 14 15 15 extern int nf_nat_icmp_reply_translation(struct nf_conn *ct, 16 16 enum ip_conntrack_info ctinfo, 17 17 unsigned int hooknum, 18 - struct sk_buff **pskb); 18 + struct sk_buff *skb); 19 19 20 20 static inline int nf_nat_initialized(struct nf_conn *ct, 21 21 enum nf_nat_manip_type manip)

+3 -3

include/net/netfilter/nf_nat_helper.h

··· 7 7 struct sk_buff; 8 8 9 9 /* These return true or false. */ 10 - extern int nf_nat_mangle_tcp_packet(struct sk_buff **skb, 10 + extern int nf_nat_mangle_tcp_packet(struct sk_buff *skb, 11 11 struct nf_conn *ct, 12 12 enum ip_conntrack_info ctinfo, 13 13 unsigned int match_offset, 14 14 unsigned int match_len, 15 15 const char *rep_buffer, 16 16 unsigned int rep_len); 17 - extern int nf_nat_mangle_udp_packet(struct sk_buff **skb, 17 + extern int nf_nat_mangle_udp_packet(struct sk_buff *skb, 18 18 struct nf_conn *ct, 19 19 enum ip_conntrack_info ctinfo, 20 20 unsigned int match_offset, 21 21 unsigned int match_len, 22 22 const char *rep_buffer, 23 23 unsigned int rep_len); 24 - extern int nf_nat_seq_adjust(struct sk_buff **pskb, 24 + extern int nf_nat_seq_adjust(struct sk_buff *skb, 25 25 struct nf_conn *ct, 26 26 enum ip_conntrack_info ctinfo); 27 27

+1 -1

include/net/netfilter/nf_nat_protocol.h

··· 18 18 19 19 /* Translate a packet to the target according to manip type. 20 20 Return true if succeeded. */ 21 - int (*manip_pkt)(struct sk_buff **pskb, 21 + int (*manip_pkt)(struct sk_buff *skb, 22 22 unsigned int iphdroff, 23 23 const struct nf_conntrack_tuple *tuple, 24 24 enum nf_nat_manip_type maniptype);

+1 -1

include/net/netfilter/nf_nat_rule.h

··· 6 6 7 7 extern int nf_nat_rule_init(void) __init; 8 8 extern void nf_nat_rule_cleanup(void); 9 - extern int nf_nat_rule_find(struct sk_buff **pskb, 9 + extern int nf_nat_rule_find(struct sk_buff *skb, 10 10 unsigned int hooknum, 11 11 const struct net_device *in, 12 12 const struct net_device *out,

+1 -1

net/bridge/br.c

··· 23 23 24 24 #include "br_private.h" 25 25 26 - int (*br_should_route_hook) (struct sk_buff **pskb) = NULL; 26 + int (*br_should_route_hook)(struct sk_buff *skb); 27 27 28 28 static struct llc_sap *br_stp_sap; 29 29

+1 -1

net/bridge/br_input.c

··· 149 149 case BR_STATE_FORWARDING: 150 150 151 151 if (br_should_route_hook) { 152 - if (br_should_route_hook(&skb)) 152 + if (br_should_route_hook(skb)) 153 153 return skb; 154 154 dest = eth_hdr(skb)->h_dest; 155 155 }

+13 -20

net/bridge/br_netfilter.c

··· 503 503 * receiving device) to make netfilter happy, the REDIRECT 504 504 * target in particular. Save the original destination IP 505 505 * address to be able to detect DNAT afterwards. */ 506 - static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb, 506 + static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb, 507 507 const struct net_device *in, 508 508 const struct net_device *out, 509 509 int (*okfn)(struct sk_buff *)) 510 510 { 511 511 struct iphdr *iph; 512 - struct sk_buff *skb = *pskb; 513 512 __u32 len = nf_bridge_encap_header_len(skb); 514 513 515 514 if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) ··· 583 584 * took place when the packet entered the bridge), but we 584 585 * register an IPv4 PRE_ROUTING 'sabotage' hook that will 585 586 * prevent this from happening. */ 586 - static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff **pskb, 587 + static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff *skb, 587 588 const struct net_device *in, 588 589 const struct net_device *out, 589 590 int (*okfn)(struct sk_buff *)) 590 591 { 591 - struct sk_buff *skb = *pskb; 592 - 593 592 if (skb->dst == (struct dst_entry *)&__fake_rtable) { 594 593 dst_release(skb->dst); 595 594 skb->dst = NULL; ··· 622 625 * but we are still able to filter on the 'real' indev/outdev 623 626 * because of the physdev module. For ARP, indev and outdev are the 624 627 * bridge ports. */ 625 - static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb, 628 + static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff *skb, 626 629 const struct net_device *in, 627 630 const struct net_device *out, 628 631 int (*okfn)(struct sk_buff *)) 629 632 { 630 - struct sk_buff *skb = *pskb; 631 633 struct nf_bridge_info *nf_bridge; 632 634 struct net_device *parent; 633 635 int pf; ··· 644 648 else 645 649 pf = PF_INET6; 646 650 647 - nf_bridge_pull_encap_header(*pskb); 651 + nf_bridge_pull_encap_header(skb); 648 652 649 653 nf_bridge = skb->nf_bridge; 650 654 if (skb->pkt_type == PACKET_OTHERHOST) { ··· 662 666 return NF_STOLEN; 663 667 } 664 668 665 - static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb, 669 + static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff *skb, 666 670 const struct net_device *in, 667 671 const struct net_device *out, 668 672 int (*okfn)(struct sk_buff *)) 669 673 { 670 - struct sk_buff *skb = *pskb; 671 674 struct net_device **d = (struct net_device **)(skb->cb); 672 675 673 676 #ifdef CONFIG_SYSCTL ··· 677 682 if (skb->protocol != htons(ETH_P_ARP)) { 678 683 if (!IS_VLAN_ARP(skb)) 679 684 return NF_ACCEPT; 680 - nf_bridge_pull_encap_header(*pskb); 685 + nf_bridge_pull_encap_header(skb); 681 686 } 682 687 683 688 if (arp_hdr(skb)->ar_pln != 4) { 684 689 if (IS_VLAN_ARP(skb)) 685 - nf_bridge_push_encap_header(*pskb); 690 + nf_bridge_push_encap_header(skb); 686 691 return NF_ACCEPT; 687 692 } 688 693 *d = (struct net_device *)in; ··· 704 709 * NF_BR_PRI_FIRST, so no relevant PF_BRIDGE/INPUT functions have been nor 705 710 * will be executed. 706 711 */ 707 - static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff **pskb, 712 + static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff *skb, 708 713 const struct net_device *in, 709 714 const struct net_device *out, 710 715 int (*okfn)(struct sk_buff *)) 711 716 { 712 717 struct net_device *realindev; 713 - struct sk_buff *skb = *pskb; 714 718 struct nf_bridge_info *nf_bridge; 715 719 716 720 if (!skb->nf_bridge) ··· 746 752 } 747 753 748 754 /* PF_BRIDGE/POST_ROUTING ********************************************/ 749 - static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb, 755 + static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb, 750 756 const struct net_device *in, 751 757 const struct net_device *out, 752 758 int (*okfn)(struct sk_buff *)) 753 759 { 754 - struct sk_buff *skb = *pskb; 755 - struct nf_bridge_info *nf_bridge = (*pskb)->nf_bridge; 760 + struct nf_bridge_info *nf_bridge = skb->nf_bridge; 756 761 struct net_device *realoutdev = bridge_parent(skb->dev); 757 762 int pf; 758 763 ··· 821 828 /* IP/SABOTAGE *****************************************************/ 822 829 /* Don't hand locally destined packets to PF_INET(6)/PRE_ROUTING 823 830 * for the second time. */ 824 - static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff **pskb, 831 + static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff *skb, 825 832 const struct net_device *in, 826 833 const struct net_device *out, 827 834 int (*okfn)(struct sk_buff *)) 828 835 { 829 - if ((*pskb)->nf_bridge && 830 - !((*pskb)->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)) { 836 + if (skb->nf_bridge && 837 + !(skb->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)) { 831 838 return NF_STOP; 832 839 } 833 840

+1 -2

net/bridge/netfilter/ebt_arpreply.c

··· 15 15 #include <net/arp.h> 16 16 #include <linux/module.h> 17 17 18 - static int ebt_target_reply(struct sk_buff **pskb, unsigned int hooknr, 18 + static int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr, 19 19 const struct net_device *in, const struct net_device *out, 20 20 const void *data, unsigned int datalen) 21 21 { ··· 23 23 __be32 _sip, *siptr, _dip, *diptr; 24 24 struct arphdr _ah, *ap; 25 25 unsigned char _sha[ETH_ALEN], *shp; 26 - struct sk_buff *skb = *pskb; 27 26 28 27 ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah); 29 28 if (ap == NULL)

+3 -3

net/bridge/netfilter/ebt_dnat.c

··· 14 14 #include <linux/module.h> 15 15 #include <net/sock.h> 16 16 17 - static int ebt_target_dnat(struct sk_buff **pskb, unsigned int hooknr, 17 + static int ebt_target_dnat(struct sk_buff *skb, unsigned int hooknr, 18 18 const struct net_device *in, const struct net_device *out, 19 19 const void *data, unsigned int datalen) 20 20 { 21 21 struct ebt_nat_info *info = (struct ebt_nat_info *)data; 22 22 23 - if (skb_make_writable(*pskb, 0)) 23 + if (skb_make_writable(skb, 0)) 24 24 return NF_DROP; 25 25 26 - memcpy(eth_hdr(*pskb)->h_dest, info->mac, ETH_ALEN); 26 + memcpy(eth_hdr(skb)->h_dest, info->mac, ETH_ALEN); 27 27 return info->target; 28 28 } 29 29

+5 -5

net/bridge/netfilter/ebt_mark.c

··· 17 17 #include <linux/netfilter_bridge/ebt_mark_t.h> 18 18 #include <linux/module.h> 19 19 20 - static int ebt_target_mark(struct sk_buff **pskb, unsigned int hooknr, 20 + static int ebt_target_mark(struct sk_buff *skb, unsigned int hooknr, 21 21 const struct net_device *in, const struct net_device *out, 22 22 const void *data, unsigned int datalen) 23 23 { ··· 25 25 int action = info->target & -16; 26 26 27 27 if (action == MARK_SET_VALUE) 28 - (*pskb)->mark = info->mark; 28 + skb->mark = info->mark; 29 29 else if (action == MARK_OR_VALUE) 30 - (*pskb)->mark |= info->mark; 30 + skb->mark |= info->mark; 31 31 else if (action == MARK_AND_VALUE) 32 - (*pskb)->mark &= info->mark; 32 + skb->mark &= info->mark; 33 33 else 34 - (*pskb)->mark ^= info->mark; 34 + skb->mark ^= info->mark; 35 35 36 36 return info->target | ~EBT_VERDICT_BITS; 37 37 }

+5 -5

net/bridge/netfilter/ebt_redirect.c

··· 15 15 #include <net/sock.h> 16 16 #include "../br_private.h" 17 17 18 - static int ebt_target_redirect(struct sk_buff **pskb, unsigned int hooknr, 18 + static int ebt_target_redirect(struct sk_buff *skb, unsigned int hooknr, 19 19 const struct net_device *in, const struct net_device *out, 20 20 const void *data, unsigned int datalen) 21 21 { 22 22 struct ebt_redirect_info *info = (struct ebt_redirect_info *)data; 23 23 24 - if (skb_make_writable(*pskb, 0)) 24 + if (skb_make_writable(skb, 0)) 25 25 return NF_DROP; 26 26 27 27 if (hooknr != NF_BR_BROUTING) 28 - memcpy(eth_hdr(*pskb)->h_dest, 28 + memcpy(eth_hdr(skb)->h_dest, 29 29 in->br_port->br->dev->dev_addr, ETH_ALEN); 30 30 else 31 - memcpy(eth_hdr(*pskb)->h_dest, in->dev_addr, ETH_ALEN); 32 - (*pskb)->pkt_type = PACKET_HOST; 31 + memcpy(eth_hdr(skb)->h_dest, in->dev_addr, ETH_ALEN); 32 + skb->pkt_type = PACKET_HOST; 33 33 return info->target; 34 34 } 35 35

+6 -6

net/bridge/netfilter/ebt_snat.c

··· 16 16 #include <linux/if_arp.h> 17 17 #include <net/arp.h> 18 18 19 - static int ebt_target_snat(struct sk_buff **pskb, unsigned int hooknr, 19 + static int ebt_target_snat(struct sk_buff *skb, unsigned int hooknr, 20 20 const struct net_device *in, const struct net_device *out, 21 21 const void *data, unsigned int datalen) 22 22 { 23 23 struct ebt_nat_info *info = (struct ebt_nat_info *) data; 24 24 25 - if (skb_make_writable(*pskb, 0)) 25 + if (skb_make_writable(skb, 0)) 26 26 return NF_DROP; 27 27 28 - memcpy(eth_hdr(*pskb)->h_source, info->mac, ETH_ALEN); 28 + memcpy(eth_hdr(skb)->h_source, info->mac, ETH_ALEN); 29 29 if (!(info->target & NAT_ARP_BIT) && 30 - eth_hdr(*pskb)->h_proto == htons(ETH_P_ARP)) { 30 + eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) { 31 31 struct arphdr _ah, *ap; 32 32 33 - ap = skb_header_pointer(*pskb, 0, sizeof(_ah), &_ah); 33 + ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah); 34 34 if (ap == NULL) 35 35 return EBT_DROP; 36 36 if (ap->ar_hln != ETH_ALEN) 37 37 goto out; 38 - if (skb_store_bits(*pskb, sizeof(_ah), info->mac,ETH_ALEN)) 38 + if (skb_store_bits(skb, sizeof(_ah), info->mac,ETH_ALEN)) 39 39 return EBT_DROP; 40 40 } 41 41 out:

+2 -2

net/bridge/netfilter/ebtable_broute.c

··· 51 51 .me = THIS_MODULE, 52 52 }; 53 53 54 - static int ebt_broute(struct sk_buff **pskb) 54 + static int ebt_broute(struct sk_buff *skb) 55 55 { 56 56 int ret; 57 57 58 - ret = ebt_do_table(NF_BR_BROUTING, pskb, (*pskb)->dev, NULL, 58 + ret = ebt_do_table(NF_BR_BROUTING, skb, skb->dev, NULL, 59 59 &broute_table); 60 60 if (ret == NF_DROP) 61 61 return 1; /* route it */

+2 -2

net/bridge/netfilter/ebtable_filter.c

··· 61 61 }; 62 62 63 63 static unsigned int 64 - ebt_hook (unsigned int hook, struct sk_buff **pskb, const struct net_device *in, 64 + ebt_hook(unsigned int hook, struct sk_buff *skb, const struct net_device *in, 65 65 const struct net_device *out, int (*okfn)(struct sk_buff *)) 66 66 { 67 - return ebt_do_table(hook, pskb, in, out, &frame_filter); 67 + return ebt_do_table(hook, skb, in, out, &frame_filter); 68 68 } 69 69 70 70 static struct nf_hook_ops ebt_ops_filter[] = {

+4 -4

net/bridge/netfilter/ebtable_nat.c

··· 61 61 }; 62 62 63 63 static unsigned int 64 - ebt_nat_dst(unsigned int hook, struct sk_buff **pskb, const struct net_device *in 64 + ebt_nat_dst(unsigned int hook, struct sk_buff *skb, const struct net_device *in 65 65 , const struct net_device *out, int (*okfn)(struct sk_buff *)) 66 66 { 67 - return ebt_do_table(hook, pskb, in, out, &frame_nat); 67 + return ebt_do_table(hook, skb, in, out, &frame_nat); 68 68 } 69 69 70 70 static unsigned int 71 - ebt_nat_src(unsigned int hook, struct sk_buff **pskb, const struct net_device *in 71 + ebt_nat_src(unsigned int hook, struct sk_buff *skb, const struct net_device *in 72 72 , const struct net_device *out, int (*okfn)(struct sk_buff *)) 73 73 { 74 - return ebt_do_table(hook, pskb, in, out, &frame_nat); 74 + return ebt_do_table(hook, skb, in, out, &frame_nat); 75 75 } 76 76 77 77 static struct nf_hook_ops ebt_ops_nat[] = {

+6 -6

net/bridge/netfilter/ebtables.c

··· 142 142 } 143 143 144 144 /* Do some firewalling */ 145 - unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, 145 + unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, 146 146 const struct net_device *in, const struct net_device *out, 147 147 struct ebt_table *table) 148 148 { ··· 172 172 base = private->entries; 173 173 i = 0; 174 174 while (i < nentries) { 175 - if (ebt_basic_match(point, eth_hdr(*pskb), in, out)) 175 + if (ebt_basic_match(point, eth_hdr(skb), in, out)) 176 176 goto letscontinue; 177 177 178 - if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0) 178 + if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, in, out) != 0) 179 179 goto letscontinue; 180 180 181 181 /* increase counter */ 182 182 (*(counter_base + i)).pcnt++; 183 - (*(counter_base + i)).bcnt+=(**pskb).len; 183 + (*(counter_base + i)).bcnt += skb->len; 184 184 185 185 /* these should only watch: not modify, nor tell us 186 186 what to do with the packet */ 187 - EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in, 187 + EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, hook, in, 188 188 out); 189 189 190 190 t = (struct ebt_entry_target *) ··· 193 193 if (!t->u.target->target) 194 194 verdict = ((struct ebt_standard_target *)t)->verdict; 195 195 else 196 - verdict = t->u.target->target(pskb, hook, 196 + verdict = t->u.target->target(skb, hook, 197 197 in, out, t->data, t->target_size); 198 198 if (verdict == EBT_ACCEPT) { 199 199 read_unlock_bh(&table->lock);

+2 -2

net/decnet/netfilter/dn_rtmsg.c

··· 88 88 89 89 90 90 static unsigned int dnrmg_hook(unsigned int hook, 91 - struct sk_buff **pskb, 91 + struct sk_buff *skb, 92 92 const struct net_device *in, 93 93 const struct net_device *out, 94 94 int (*okfn)(struct sk_buff *)) 95 95 { 96 - dnrmg_send_peer(*pskb); 96 + dnrmg_send_peer(skb); 97 97 return NF_ACCEPT; 98 98 } 99 99

+16 -16

net/ipv4/ipvs/ip_vs_app.c

··· 329 329 spin_unlock(&cp->lock); 330 330 } 331 331 332 - static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb, 332 + static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff *skb, 333 333 struct ip_vs_app *app) 334 334 { 335 335 int diff; 336 - const unsigned int tcp_offset = ip_hdrlen(*pskb); 336 + const unsigned int tcp_offset = ip_hdrlen(skb); 337 337 struct tcphdr *th; 338 338 __u32 seq; 339 339 340 - if (!skb_make_writable(*pskb, tcp_offset + sizeof(*th))) 340 + if (!skb_make_writable(skb, tcp_offset + sizeof(*th))) 341 341 return 0; 342 342 343 - th = (struct tcphdr *)(skb_network_header(*pskb) + tcp_offset); 343 + th = (struct tcphdr *)(skb_network_header(skb) + tcp_offset); 344 344 345 345 /* 346 346 * Remember seq number in case this pkt gets resized ··· 361 361 if (app->pkt_out == NULL) 362 362 return 1; 363 363 364 - if (!app->pkt_out(app, cp, pskb, &diff)) 364 + if (!app->pkt_out(app, cp, skb, &diff)) 365 365 return 0; 366 366 367 367 /* ··· 379 379 * called by ipvs packet handler, assumes previously checked cp!=NULL 380 380 * returns false if it can't handle packet (oom) 381 381 */ 382 - int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb) 382 + int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff *skb) 383 383 { 384 384 struct ip_vs_app *app; 385 385 ··· 392 392 393 393 /* TCP is complicated */ 394 394 if (cp->protocol == IPPROTO_TCP) 395 - return app_tcp_pkt_out(cp, pskb, app); 395 + return app_tcp_pkt_out(cp, skb, app); 396 396 397 397 /* 398 398 * Call private output hook function ··· 400 400 if (app->pkt_out == NULL) 401 401 return 1; 402 402 403 - return app->pkt_out(app, cp, pskb, NULL); 403 + return app->pkt_out(app, cp, skb, NULL); 404 404 } 405 405 406 406 407 - static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb, 407 + static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff *skb, 408 408 struct ip_vs_app *app) 409 409 { 410 410 int diff; 411 - const unsigned int tcp_offset = ip_hdrlen(*pskb); 411 + const unsigned int tcp_offset = ip_hdrlen(skb); 412 412 struct tcphdr *th; 413 413 __u32 seq; 414 414 415 - if (!skb_make_writable(*pskb, tcp_offset + sizeof(*th))) 415 + if (!skb_make_writable(skb, tcp_offset + sizeof(*th))) 416 416 return 0; 417 417 418 - th = (struct tcphdr *)(skb_network_header(*pskb) + tcp_offset); 418 + th = (struct tcphdr *)(skb_network_header(skb) + tcp_offset); 419 419 420 420 /* 421 421 * Remember seq number in case this pkt gets resized ··· 436 436 if (app->pkt_in == NULL) 437 437 return 1; 438 438 439 - if (!app->pkt_in(app, cp, pskb, &diff)) 439 + if (!app->pkt_in(app, cp, skb, &diff)) 440 440 return 0; 441 441 442 442 /* ··· 454 454 * called by ipvs packet handler, assumes previously checked cp!=NULL. 455 455 * returns false if can't handle packet (oom). 456 456 */ 457 - int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb) 457 + int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff *skb) 458 458 { 459 459 struct ip_vs_app *app; 460 460 ··· 467 467 468 468 /* TCP is complicated */ 469 469 if (cp->protocol == IPPROTO_TCP) 470 - return app_tcp_pkt_in(cp, pskb, app); 470 + return app_tcp_pkt_in(cp, skb, app); 471 471 472 472 /* 473 473 * Call private input hook function ··· 475 475 if (app->pkt_in == NULL) 476 476 return 1; 477 477 478 - return app->pkt_in(app, cp, pskb, NULL); 478 + return app->pkt_in(app, cp, skb, NULL); 479 479 } 480 480 481 481

+14 -22

net/ipv4/ipvs/ip_vs_core.c

··· 488 488 * for VS/NAT. 489 489 */ 490 490 static unsigned int ip_vs_post_routing(unsigned int hooknum, 491 - struct sk_buff **pskb, 491 + struct sk_buff *skb, 492 492 const struct net_device *in, 493 493 const struct net_device *out, 494 494 int (*okfn)(struct sk_buff *)) 495 495 { 496 - if (!((*pskb)->ipvs_property)) 496 + if (!skb->ipvs_property) 497 497 return NF_ACCEPT; 498 498 /* The packet was sent from IPVS, exit this chain */ 499 499 return NF_STOP; ··· 569 569 * Currently handles error types - unreachable, quench, ttl exceeded. 570 570 * (Only used in VS/NAT) 571 571 */ 572 - static int ip_vs_out_icmp(struct sk_buff **pskb, int *related) 572 + static int ip_vs_out_icmp(struct sk_buff *skb, int *related) 573 573 { 574 - struct sk_buff *skb = *pskb; 575 574 struct iphdr *iph; 576 575 struct icmphdr _icmph, *ic; 577 576 struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ ··· 684 685 * rewrite addresses of the packet and send it on its way... 685 686 */ 686 687 static unsigned int 687 - ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, 688 + ip_vs_out(unsigned int hooknum, struct sk_buff *skb, 688 689 const struct net_device *in, const struct net_device *out, 689 690 int (*okfn)(struct sk_buff *)) 690 691 { 691 - struct sk_buff *skb = *pskb; 692 692 struct iphdr *iph; 693 693 struct ip_vs_protocol *pp; 694 694 struct ip_vs_conn *cp; ··· 700 702 701 703 iph = ip_hdr(skb); 702 704 if (unlikely(iph->protocol == IPPROTO_ICMP)) { 703 - int related, verdict = ip_vs_out_icmp(pskb, &related); 705 + int related, verdict = ip_vs_out_icmp(skb, &related); 704 706 705 707 if (related) 706 708 return verdict; 707 - skb = *pskb; 708 709 iph = ip_hdr(skb); 709 710 } 710 711 ··· 762 765 goto drop; 763 766 764 767 /* mangle the packet */ 765 - if (pp->snat_handler && !pp->snat_handler(pskb, pp, cp)) 768 + if (pp->snat_handler && !pp->snat_handler(skb, pp, cp)) 766 769 goto drop; 767 - skb = *pskb; 768 770 ip_hdr(skb)->saddr = cp->vaddr; 769 771 ip_send_check(ip_hdr(skb)); 770 772 ··· 773 777 * if it came from this machine itself. So re-compute 774 778 * the routing information. 775 779 */ 776 - if (ip_route_me_harder(pskb, RTN_LOCAL) != 0) 780 + if (ip_route_me_harder(skb, RTN_LOCAL) != 0) 777 781 goto drop; 778 - skb = *pskb; 779 782 780 783 IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT"); 781 784 ··· 789 794 790 795 drop: 791 796 ip_vs_conn_put(cp); 792 - kfree_skb(*pskb); 797 + kfree_skb(skb); 793 798 return NF_STOLEN; 794 799 } 795 800 ··· 801 806 * Currently handles error types - unreachable, quench, ttl exceeded. 802 807 */ 803 808 static int 804 - ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum) 809 + ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum) 805 810 { 806 - struct sk_buff *skb = *pskb; 807 811 struct iphdr *iph; 808 812 struct icmphdr _icmph, *ic; 809 813 struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ ··· 895 901 * and send it on its way... 896 902 */ 897 903 static unsigned int 898 - ip_vs_in(unsigned int hooknum, struct sk_buff **pskb, 904 + ip_vs_in(unsigned int hooknum, struct sk_buff *skb, 899 905 const struct net_device *in, const struct net_device *out, 900 906 int (*okfn)(struct sk_buff *)) 901 907 { 902 - struct sk_buff *skb = *pskb; 903 908 struct iphdr *iph; 904 909 struct ip_vs_protocol *pp; 905 910 struct ip_vs_conn *cp; ··· 920 927 921 928 iph = ip_hdr(skb); 922 929 if (unlikely(iph->protocol == IPPROTO_ICMP)) { 923 - int related, verdict = ip_vs_in_icmp(pskb, &related, hooknum); 930 + int related, verdict = ip_vs_in_icmp(skb, &related, hooknum); 924 931 925 932 if (related) 926 933 return verdict; 927 - skb = *pskb; 928 934 iph = ip_hdr(skb); 929 935 } 930 936 ··· 1004 1012 * and send them to ip_vs_in_icmp. 1005 1013 */ 1006 1014 static unsigned int 1007 - ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff **pskb, 1015 + ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff *skb, 1008 1016 const struct net_device *in, const struct net_device *out, 1009 1017 int (*okfn)(struct sk_buff *)) 1010 1018 { 1011 1019 int r; 1012 1020 1013 - if (ip_hdr(*pskb)->protocol != IPPROTO_ICMP) 1021 + if (ip_hdr(skb)->protocol != IPPROTO_ICMP) 1014 1022 return NF_ACCEPT; 1015 1023 1016 - return ip_vs_in_icmp(pskb, &r, hooknum); 1024 + return ip_vs_in_icmp(skb, &r, hooknum); 1017 1025 } 1018 1026 1019 1027

+9 -9

net/ipv4/ipvs/ip_vs_ftp.c

··· 136 136 * xxx,xxx,xxx,xxx is the server address, ppp,ppp is the server port number. 137 137 */ 138 138 static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp, 139 - struct sk_buff **pskb, int *diff) 139 + struct sk_buff *skb, int *diff) 140 140 { 141 141 struct iphdr *iph; 142 142 struct tcphdr *th; ··· 156 156 return 1; 157 157 158 158 /* Linear packets are much easier to deal with. */ 159 - if (!skb_make_writable(*pskb, (*pskb)->len)) 159 + if (!skb_make_writable(skb, skb->len)) 160 160 return 0; 161 161 162 162 if (cp->app_data == &ip_vs_ftp_pasv) { 163 - iph = ip_hdr(*pskb); 163 + iph = ip_hdr(skb); 164 164 th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); 165 165 data = (char *)th + (th->doff << 2); 166 - data_limit = skb_tail_pointer(*pskb); 166 + data_limit = skb_tail_pointer(skb); 167 167 168 168 if (ip_vs_ftp_get_addrport(data, data_limit, 169 169 SERVER_STRING, ··· 214 214 memcpy(start, buf, buf_len); 215 215 ret = 1; 216 216 } else { 217 - ret = !ip_vs_skb_replace(*pskb, GFP_ATOMIC, start, 217 + ret = !ip_vs_skb_replace(skb, GFP_ATOMIC, start, 218 218 end-start, buf, buf_len); 219 219 } 220 220 ··· 239 239 * the client. 240 240 */ 241 241 static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp, 242 - struct sk_buff **pskb, int *diff) 242 + struct sk_buff *skb, int *diff) 243 243 { 244 244 struct iphdr *iph; 245 245 struct tcphdr *th; ··· 257 257 return 1; 258 258 259 259 /* Linear packets are much easier to deal with. */ 260 - if (!skb_make_writable(*pskb, (*pskb)->len)) 260 + if (!skb_make_writable(skb, skb->len)) 261 261 return 0; 262 262 263 263 /* 264 264 * Detecting whether it is passive 265 265 */ 266 - iph = ip_hdr(*pskb); 266 + iph = ip_hdr(skb); 267 267 th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]); 268 268 269 269 /* Since there may be OPTIONS in the TCP packet and the HLEN is 270 270 the length of the header in 32-bit multiples, it is accurate 271 271 to calculate data address by th+HLEN*4 */ 272 272 data = data_start = (char *)th + (th->doff << 2); 273 - data_limit = skb_tail_pointer(*pskb); 273 + data_limit = skb_tail_pointer(skb); 274 274 275 275 while (data <= data_limit - 6) { 276 276 if (strnicmp(data, "PASV\r\n", 6) == 0) {

+23 -27

net/ipv4/ipvs/ip_vs_proto_tcp.c

··· 123 123 124 124 125 125 static int 126 - tcp_snat_handler(struct sk_buff **pskb, 126 + tcp_snat_handler(struct sk_buff *skb, 127 127 struct ip_vs_protocol *pp, struct ip_vs_conn *cp) 128 128 { 129 129 struct tcphdr *tcph; 130 - const unsigned int tcphoff = ip_hdrlen(*pskb); 130 + const unsigned int tcphoff = ip_hdrlen(skb); 131 131 132 132 /* csum_check requires unshared skb */ 133 - if (!skb_make_writable(*pskb, tcphoff+sizeof(*tcph))) 133 + if (!skb_make_writable(skb, tcphoff+sizeof(*tcph))) 134 134 return 0; 135 135 136 136 if (unlikely(cp->app != NULL)) { 137 137 /* Some checks before mangling */ 138 - if (pp->csum_check && !pp->csum_check(*pskb, pp)) 138 + if (pp->csum_check && !pp->csum_check(skb, pp)) 139 139 return 0; 140 140 141 141 /* Call application helper if needed */ 142 - if (!ip_vs_app_pkt_out(cp, pskb)) 142 + if (!ip_vs_app_pkt_out(cp, skb)) 143 143 return 0; 144 144 } 145 145 146 - tcph = (void *)ip_hdr(*pskb) + tcphoff; 146 + tcph = (void *)ip_hdr(skb) + tcphoff; 147 147 tcph->source = cp->vport; 148 148 149 149 /* Adjust TCP checksums */ ··· 151 151 /* Only port and addr are changed, do fast csum update */ 152 152 tcp_fast_csum_update(tcph, cp->daddr, cp->vaddr, 153 153 cp->dport, cp->vport); 154 - if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) 155 - (*pskb)->ip_summed = CHECKSUM_NONE; 154 + if (skb->ip_summed == CHECKSUM_COMPLETE) 155 + skb->ip_summed = CHECKSUM_NONE; 156 156 } else { 157 157 /* full checksum calculation */ 158 158 tcph->check = 0; 159 - (*pskb)->csum = skb_checksum(*pskb, tcphoff, 160 - (*pskb)->len - tcphoff, 0); 159 + skb->csum = skb_checksum(skb, tcphoff, skb->len - tcphoff, 0); 161 160 tcph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr, 162 - (*pskb)->len - tcphoff, 163 - cp->protocol, 164 - (*pskb)->csum); 161 + skb->len - tcphoff, 162 + cp->protocol, skb->csum); 165 163 IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n", 166 164 pp->name, tcph->check, 167 165 (char*)&(tcph->check) - (char*)tcph); ··· 169 171 170 172 171 173 static int 172 - tcp_dnat_handler(struct sk_buff **pskb, 174 + tcp_dnat_handler(struct sk_buff *skb, 173 175 struct ip_vs_protocol *pp, struct ip_vs_conn *cp) 174 176 { 175 177 struct tcphdr *tcph; 176 - const unsigned int tcphoff = ip_hdrlen(*pskb); 178 + const unsigned int tcphoff = ip_hdrlen(skb); 177 179 178 180 /* csum_check requires unshared skb */ 179 - if (!skb_make_writable(*pskb, tcphoff+sizeof(*tcph))) 181 + if (!skb_make_writable(skb, tcphoff+sizeof(*tcph))) 180 182 return 0; 181 183 182 184 if (unlikely(cp->app != NULL)) { 183 185 /* Some checks before mangling */ 184 - if (pp->csum_check && !pp->csum_check(*pskb, pp)) 186 + if (pp->csum_check && !pp->csum_check(skb, pp)) 185 187 return 0; 186 188 187 189 /* 188 190 * Attempt ip_vs_app call. 189 191 * It will fix ip_vs_conn and iph ack_seq stuff 190 192 */ 191 - if (!ip_vs_app_pkt_in(cp, pskb)) 193 + if (!ip_vs_app_pkt_in(cp, skb)) 192 194 return 0; 193 195 } 194 196 195 - tcph = (void *)ip_hdr(*pskb) + tcphoff; 197 + tcph = (void *)ip_hdr(skb) + tcphoff; 196 198 tcph->dest = cp->dport; 197 199 198 200 /* ··· 202 204 /* Only port and addr are changed, do fast csum update */ 203 205 tcp_fast_csum_update(tcph, cp->vaddr, cp->daddr, 204 206 cp->vport, cp->dport); 205 - if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) 206 - (*pskb)->ip_summed = CHECKSUM_NONE; 207 + if (skb->ip_summed == CHECKSUM_COMPLETE) 208 + skb->ip_summed = CHECKSUM_NONE; 207 209 } else { 208 210 /* full checksum calculation */ 209 211 tcph->check = 0; 210 - (*pskb)->csum = skb_checksum(*pskb, tcphoff, 211 - (*pskb)->len - tcphoff, 0); 212 + skb->csum = skb_checksum(skb, tcphoff, skb->len - tcphoff, 0); 212 213 tcph->check = csum_tcpudp_magic(cp->caddr, cp->daddr, 213 - (*pskb)->len - tcphoff, 214 - cp->protocol, 215 - (*pskb)->csum); 216 - (*pskb)->ip_summed = CHECKSUM_UNNECESSARY; 214 + skb->len - tcphoff, 215 + cp->protocol, skb->csum); 216 + skb->ip_summed = CHECKSUM_UNNECESSARY; 217 217 } 218 218 return 1; 219 219 }

+23 -27

net/ipv4/ipvs/ip_vs_proto_udp.c

··· 130 130 } 131 131 132 132 static int 133 - udp_snat_handler(struct sk_buff **pskb, 133 + udp_snat_handler(struct sk_buff *skb, 134 134 struct ip_vs_protocol *pp, struct ip_vs_conn *cp) 135 135 { 136 136 struct udphdr *udph; 137 - const unsigned int udphoff = ip_hdrlen(*pskb); 137 + const unsigned int udphoff = ip_hdrlen(skb); 138 138 139 139 /* csum_check requires unshared skb */ 140 - if (!skb_make_writable(*pskb, udphoff+sizeof(*udph))) 140 + if (!skb_make_writable(skb, udphoff+sizeof(*udph))) 141 141 return 0; 142 142 143 143 if (unlikely(cp->app != NULL)) { 144 144 /* Some checks before mangling */ 145 - if (pp->csum_check && !pp->csum_check(*pskb, pp)) 145 + if (pp->csum_check && !pp->csum_check(skb, pp)) 146 146 return 0; 147 147 148 148 /* 149 149 * Call application helper if needed 150 150 */ 151 - if (!ip_vs_app_pkt_out(cp, pskb)) 151 + if (!ip_vs_app_pkt_out(cp, skb)) 152 152 return 0; 153 153 } 154 154 155 - udph = (void *)ip_hdr(*pskb) + udphoff; 155 + udph = (void *)ip_hdr(skb) + udphoff; 156 156 udph->source = cp->vport; 157 157 158 158 /* ··· 162 162 /* Only port and addr are changed, do fast csum update */ 163 163 udp_fast_csum_update(udph, cp->daddr, cp->vaddr, 164 164 cp->dport, cp->vport); 165 - if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) 166 - (*pskb)->ip_summed = CHECKSUM_NONE; 165 + if (skb->ip_summed == CHECKSUM_COMPLETE) 166 + skb->ip_summed = CHECKSUM_NONE; 167 167 } else { 168 168 /* full checksum calculation */ 169 169 udph->check = 0; 170 - (*pskb)->csum = skb_checksum(*pskb, udphoff, 171 - (*pskb)->len - udphoff, 0); 170 + skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0); 172 171 udph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr, 173 - (*pskb)->len - udphoff, 174 - cp->protocol, 175 - (*pskb)->csum); 172 + skb->len - udphoff, 173 + cp->protocol, skb->csum); 176 174 if (udph->check == 0) 177 175 udph->check = CSUM_MANGLED_0; 178 176 IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n", ··· 182 184 183 185 184 186 static int 185 - udp_dnat_handler(struct sk_buff **pskb, 187 + udp_dnat_handler(struct sk_buff *skb, 186 188 struct ip_vs_protocol *pp, struct ip_vs_conn *cp) 187 189 { 188 190 struct udphdr *udph; 189 - unsigned int udphoff = ip_hdrlen(*pskb); 191 + unsigned int udphoff = ip_hdrlen(skb); 190 192 191 193 /* csum_check requires unshared skb */ 192 - if (!skb_make_writable(*pskb, udphoff+sizeof(*udph))) 194 + if (!skb_make_writable(skb, udphoff+sizeof(*udph))) 193 195 return 0; 194 196 195 197 if (unlikely(cp->app != NULL)) { 196 198 /* Some checks before mangling */ 197 - if (pp->csum_check && !pp->csum_check(*pskb, pp)) 199 + if (pp->csum_check && !pp->csum_check(skb, pp)) 198 200 return 0; 199 201 200 202 /* 201 203 * Attempt ip_vs_app call. 202 204 * It will fix ip_vs_conn 203 205 */ 204 - if (!ip_vs_app_pkt_in(cp, pskb)) 206 + if (!ip_vs_app_pkt_in(cp, skb)) 205 207 return 0; 206 208 } 207 209 208 - udph = (void *)ip_hdr(*pskb) + udphoff; 210 + udph = (void *)ip_hdr(skb) + udphoff; 209 211 udph->dest = cp->dport; 210 212 211 213 /* ··· 215 217 /* Only port and addr are changed, do fast csum update */ 216 218 udp_fast_csum_update(udph, cp->vaddr, cp->daddr, 217 219 cp->vport, cp->dport); 218 - if ((*pskb)->ip_summed == CHECKSUM_COMPLETE) 219 - (*pskb)->ip_summed = CHECKSUM_NONE; 220 + if (skb->ip_summed == CHECKSUM_COMPLETE) 221 + skb->ip_summed = CHECKSUM_NONE; 220 222 } else { 221 223 /* full checksum calculation */ 222 224 udph->check = 0; 223 - (*pskb)->csum = skb_checksum(*pskb, udphoff, 224 - (*pskb)->len - udphoff, 0); 225 + skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0); 225 226 udph->check = csum_tcpudp_magic(cp->caddr, cp->daddr, 226 - (*pskb)->len - udphoff, 227 - cp->protocol, 228 - (*pskb)->csum); 227 + skb->len - udphoff, 228 + cp->protocol, skb->csum); 229 229 if (udph->check == 0) 230 230 udph->check = CSUM_MANGLED_0; 231 - (*pskb)->ip_summed = CHECKSUM_UNNECESSARY; 231 + skb->ip_summed = CHECKSUM_UNNECESSARY; 232 232 } 233 233 return 1; 234 234 }

+1 -1

net/ipv4/ipvs/ip_vs_xmit.c

··· 264 264 skb->dst = &rt->u.dst; 265 265 266 266 /* mangle the packet */ 267 - if (pp->dnat_handler && !pp->dnat_handler(&skb, pp, cp)) 267 + if (pp->dnat_handler && !pp->dnat_handler(skb, pp, cp)) 268 268 goto tx_error; 269 269 ip_hdr(skb)->daddr = cp->daddr; 270 270 ip_send_check(ip_hdr(skb));

+28 -30

net/ipv4/netfilter.c

··· 9 9 #include <net/ip.h> 10 10 11 11 /* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */ 12 - int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type) 12 + int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type) 13 13 { 14 - const struct iphdr *iph = ip_hdr(*pskb); 14 + const struct iphdr *iph = ip_hdr(skb); 15 15 struct rtable *rt; 16 16 struct flowi fl = {}; 17 17 struct dst_entry *odst; ··· 30 30 if (type == RTN_LOCAL) 31 31 fl.nl_u.ip4_u.saddr = iph->saddr; 32 32 fl.nl_u.ip4_u.tos = RT_TOS(iph->tos); 33 - fl.oif = (*pskb)->sk ? (*pskb)->sk->sk_bound_dev_if : 0; 34 - fl.mark = (*pskb)->mark; 33 + fl.oif = skb->sk ? skb->sk->sk_bound_dev_if : 0; 34 + fl.mark = skb->mark; 35 35 if (ip_route_output_key(&rt, &fl) != 0) 36 36 return -1; 37 37 38 38 /* Drop old route. */ 39 - dst_release((*pskb)->dst); 40 - (*pskb)->dst = &rt->u.dst; 39 + dst_release(skb->dst); 40 + skb->dst = &rt->u.dst; 41 41 } else { 42 42 /* non-local src, find valid iif to satisfy 43 43 * rp-filter when calling ip_route_input. */ ··· 45 45 if (ip_route_output_key(&rt, &fl) != 0) 46 46 return -1; 47 47 48 - odst = (*pskb)->dst; 49 - if (ip_route_input(*pskb, iph->daddr, iph->saddr, 48 + odst = skb->dst; 49 + if (ip_route_input(skb, iph->daddr, iph->saddr, 50 50 RT_TOS(iph->tos), rt->u.dst.dev) != 0) { 51 51 dst_release(&rt->u.dst); 52 52 return -1; ··· 55 55 dst_release(odst); 56 56 } 57 57 58 - if ((*pskb)->dst->error) 58 + if (skb->dst->error) 59 59 return -1; 60 60 61 61 #ifdef CONFIG_XFRM 62 - if (!(IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED) && 63 - xfrm_decode_session(*pskb, &fl, AF_INET) == 0) 64 - if (xfrm_lookup(&(*pskb)->dst, &fl, (*pskb)->sk, 0)) 62 + if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) && 63 + xfrm_decode_session(skb, &fl, AF_INET) == 0) 64 + if (xfrm_lookup(&skb->dst, &fl, skb->sk, 0)) 65 65 return -1; 66 66 #endif 67 67 68 68 /* Change in oif may mean change in hh_len. */ 69 - hh_len = (*pskb)->dst->dev->hard_header_len; 70 - if (skb_headroom(*pskb) < hh_len && 71 - pskb_expand_head(*pskb, hh_len - skb_headroom(*pskb), 0, 72 - GFP_ATOMIC)) 69 + hh_len = skb->dst->dev->hard_header_len; 70 + if (skb_headroom(skb) < hh_len && 71 + pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC)) 73 72 return -1; 74 73 75 74 return 0; ··· 76 77 EXPORT_SYMBOL(ip_route_me_harder); 77 78 78 79 #ifdef CONFIG_XFRM 79 - int ip_xfrm_me_harder(struct sk_buff **pskb) 80 + int ip_xfrm_me_harder(struct sk_buff *skb) 80 81 { 81 82 struct flowi fl; 82 83 unsigned int hh_len; 83 84 struct dst_entry *dst; 84 85 85 - if (IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED) 86 + if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) 86 87 return 0; 87 - if (xfrm_decode_session(*pskb, &fl, AF_INET) < 0) 88 + if (xfrm_decode_session(skb, &fl, AF_INET) < 0) 88 89 return -1; 89 90 90 - dst = (*pskb)->dst; 91 + dst = skb->dst; 91 92 if (dst->xfrm) 92 93 dst = ((struct xfrm_dst *)dst)->route; 93 94 dst_hold(dst); 94 95 95 - if (xfrm_lookup(&dst, &fl, (*pskb)->sk, 0) < 0) 96 + if (xfrm_lookup(&dst, &fl, skb->sk, 0) < 0) 96 97 return -1; 97 98 98 - dst_release((*pskb)->dst); 99 - (*pskb)->dst = dst; 99 + dst_release(skb->dst); 100 + skb->dst = dst; 100 101 101 102 /* Change in oif may mean change in hh_len. */ 102 - hh_len = (*pskb)->dst->dev->hard_header_len; 103 - if (skb_headroom(*pskb) < hh_len && 104 - pskb_expand_head(*pskb, hh_len - skb_headroom(*pskb), 0, 105 - GFP_ATOMIC)) 103 + hh_len = skb->dst->dev->hard_header_len; 104 + if (skb_headroom(skb) < hh_len && 105 + pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC)) 106 106 return -1; 107 107 return 0; 108 108 } ··· 135 137 } 136 138 } 137 139 138 - static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info) 140 + static int nf_ip_reroute(struct sk_buff *skb, const struct nf_info *info) 139 141 { 140 142 const struct ip_rt_info *rt_info = nf_info_reroute(info); 141 143 142 144 if (info->hook == NF_IP_LOCAL_OUT) { 143 - const struct iphdr *iph = ip_hdr(*pskb); 145 + const struct iphdr *iph = ip_hdr(skb); 144 146 145 147 if (!(iph->tos == rt_info->tos 146 148 && iph->daddr == rt_info->daddr 147 149 && iph->saddr == rt_info->saddr)) 148 - return ip_route_me_harder(pskb, RTN_UNSPEC); 150 + return ip_route_me_harder(skb, RTN_UNSPEC); 149 151 } 150 152 return 0; 151 153 }

+10 -10

net/ipv4/netfilter/arp_tables.c

··· 197 197 return 1; 198 198 } 199 199 200 - static unsigned int arpt_error(struct sk_buff **pskb, 200 + static unsigned int arpt_error(struct sk_buff *skb, 201 201 const struct net_device *in, 202 202 const struct net_device *out, 203 203 unsigned int hooknum, ··· 215 215 return (struct arpt_entry *)(base + offset); 216 216 } 217 217 218 - unsigned int arpt_do_table(struct sk_buff **pskb, 218 + unsigned int arpt_do_table(struct sk_buff *skb, 219 219 unsigned int hook, 220 220 const struct net_device *in, 221 221 const struct net_device *out, ··· 231 231 struct xt_table_info *private; 232 232 233 233 /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ 234 - if (!pskb_may_pull((*pskb), (sizeof(struct arphdr) + 235 - (2 * (*pskb)->dev->addr_len) + 236 - (2 * sizeof(u32))))) 234 + if (!pskb_may_pull(skb, (sizeof(struct arphdr) + 235 + (2 * skb->dev->addr_len) + 236 + (2 * sizeof(u32))))) 237 237 return NF_DROP; 238 238 239 239 indev = in ? in->name : nulldevname; ··· 245 245 e = get_entry(table_base, private->hook_entry[hook]); 246 246 back = get_entry(table_base, private->underflow[hook]); 247 247 248 - arp = arp_hdr(*pskb); 248 + arp = arp_hdr(skb); 249 249 do { 250 - if (arp_packet_match(arp, (*pskb)->dev, indev, outdev, &e->arp)) { 250 + if (arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) { 251 251 struct arpt_entry_target *t; 252 252 int hdr_len; 253 253 254 254 hdr_len = sizeof(*arp) + (2 * sizeof(struct in_addr)) + 255 - (2 * (*pskb)->dev->addr_len); 255 + (2 * skb->dev->addr_len); 256 256 ADD_COUNTER(e->counters, hdr_len, 1); 257 257 258 258 t = arpt_get_target(e); ··· 290 290 /* Targets which reenter must return 291 291 * abs. verdicts 292 292 */ 293 - verdict = t->u.kernel.target->target(pskb, 293 + verdict = t->u.kernel.target->target(skb, 294 294 in, out, 295 295 hook, 296 296 t->u.kernel.target, 297 297 t->data); 298 298 299 299 /* Target might have changed stuff. */ 300 - arp = arp_hdr(*pskb); 300 + arp = arp_hdr(skb); 301 301 302 302 if (verdict == ARPT_CONTINUE) 303 303 e = (void *)e + e->next_offset;

+8 -8

net/ipv4/netfilter/arpt_mangle.c

··· 9 9 MODULE_DESCRIPTION("arptables arp payload mangle target"); 10 10 11 11 static unsigned int 12 - target(struct sk_buff **pskb, 12 + target(struct sk_buff *skb, 13 13 const struct net_device *in, const struct net_device *out, 14 14 unsigned int hooknum, const struct xt_target *target, 15 15 const void *targinfo) ··· 19 19 unsigned char *arpptr; 20 20 int pln, hln; 21 21 22 - if (skb_make_writable(*pskb, (*pskb)->len)) 22 + if (skb_make_writable(skb, skb->len)) 23 23 return NF_DROP; 24 24 25 - arp = arp_hdr(*pskb); 26 - arpptr = skb_network_header(*pskb) + sizeof(*arp); 25 + arp = arp_hdr(skb); 26 + arpptr = skb_network_header(skb) + sizeof(*arp); 27 27 pln = arp->ar_pln; 28 28 hln = arp->ar_hln; 29 29 /* We assume that pln and hln were checked in the match */ 30 30 if (mangle->flags & ARPT_MANGLE_SDEV) { 31 31 if (ARPT_DEV_ADDR_LEN_MAX < hln || 32 - (arpptr + hln > skb_tail_pointer(*pskb))) 32 + (arpptr + hln > skb_tail_pointer(skb))) 33 33 return NF_DROP; 34 34 memcpy(arpptr, mangle->src_devaddr, hln); 35 35 } 36 36 arpptr += hln; 37 37 if (mangle->flags & ARPT_MANGLE_SIP) { 38 38 if (ARPT_MANGLE_ADDR_LEN_MAX < pln || 39 - (arpptr + pln > skb_tail_pointer(*pskb))) 39 + (arpptr + pln > skb_tail_pointer(skb))) 40 40 return NF_DROP; 41 41 memcpy(arpptr, &mangle->u_s.src_ip, pln); 42 42 } 43 43 arpptr += pln; 44 44 if (mangle->flags & ARPT_MANGLE_TDEV) { 45 45 if (ARPT_DEV_ADDR_LEN_MAX < hln || 46 - (arpptr + hln > skb_tail_pointer(*pskb))) 46 + (arpptr + hln > skb_tail_pointer(skb))) 47 47 return NF_DROP; 48 48 memcpy(arpptr, mangle->tgt_devaddr, hln); 49 49 } 50 50 arpptr += hln; 51 51 if (mangle->flags & ARPT_MANGLE_TIP) { 52 52 if (ARPT_MANGLE_ADDR_LEN_MAX < pln || 53 - (arpptr + pln > skb_tail_pointer(*pskb))) 53 + (arpptr + pln > skb_tail_pointer(skb))) 54 54 return NF_DROP; 55 55 memcpy(arpptr, &mangle->u_t.tgt_ip, pln); 56 56 }

+2 -2

net/ipv4/netfilter/arptable_filter.c

··· 56 56 57 57 /* The work comes in here from netfilter.c */ 58 58 static unsigned int arpt_hook(unsigned int hook, 59 - struct sk_buff **pskb, 59 + struct sk_buff *skb, 60 60 const struct net_device *in, 61 61 const struct net_device *out, 62 62 int (*okfn)(struct sk_buff *)) 63 63 { 64 - return arpt_do_table(pskb, hook, in, out, &packet_filter); 64 + return arpt_do_table(skb, hook, in, out, &packet_filter); 65 65 } 66 66 67 67 static struct nf_hook_ops arpt_ops[] = {

+10 -10

net/ipv4/netfilter/ip_tables.c

··· 169 169 } 170 170 171 171 static unsigned int 172 - ipt_error(struct sk_buff **pskb, 172 + ipt_error(struct sk_buff *skb, 173 173 const struct net_device *in, 174 174 const struct net_device *out, 175 175 unsigned int hooknum, ··· 312 312 313 313 /* Returns one of the generic firewall policies, like NF_ACCEPT. */ 314 314 unsigned int 315 - ipt_do_table(struct sk_buff **pskb, 315 + ipt_do_table(struct sk_buff *skb, 316 316 unsigned int hook, 317 317 const struct net_device *in, 318 318 const struct net_device *out, ··· 331 331 struct xt_table_info *private; 332 332 333 333 /* Initialization */ 334 - ip = ip_hdr(*pskb); 335 - datalen = (*pskb)->len - ip->ihl * 4; 334 + ip = ip_hdr(skb); 335 + datalen = skb->len - ip->ihl * 4; 336 336 indev = in ? in->name : nulldevname; 337 337 outdev = out ? out->name : nulldevname; 338 338 /* We handle fragments by dealing with the first fragment as ··· 359 359 struct ipt_entry_target *t; 360 360 361 361 if (IPT_MATCH_ITERATE(e, do_match, 362 - *pskb, in, out, 362 + skb, in, out, 363 363 offset, &hotdrop) != 0) 364 364 goto no_match; 365 365 ··· 371 371 #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ 372 372 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) 373 373 /* The packet is traced: log it */ 374 - if (unlikely((*pskb)->nf_trace)) 375 - trace_packet(*pskb, hook, in, out, 374 + if (unlikely(skb->nf_trace)) 375 + trace_packet(skb, hook, in, out, 376 376 table->name, private, e); 377 377 #endif 378 378 /* Standard target? */ ··· 410 410 ((struct ipt_entry *)table_base)->comefrom 411 411 = 0xeeeeeeec; 412 412 #endif 413 - verdict = t->u.kernel.target->target(pskb, 413 + verdict = t->u.kernel.target->target(skb, 414 414 in, out, 415 415 hook, 416 416 t->u.kernel.target, ··· 428 428 = 0x57acc001; 429 429 #endif 430 430 /* Target might have changed stuff. */ 431 - ip = ip_hdr(*pskb); 432 - datalen = (*pskb)->len - ip->ihl * 4; 431 + ip = ip_hdr(skb); 432 + datalen = skb->len - ip->ihl * 4; 433 433 434 434 if (verdict == IPT_CONTINUE) 435 435 e = (void *)e + e->next_offset;

+7 -7

net/ipv4/netfilter/ipt_CLUSTERIP.c

··· 289 289 ***********************************************************************/ 290 290 291 291 static unsigned int 292 - target(struct sk_buff **pskb, 292 + target(struct sk_buff *skb, 293 293 const struct net_device *in, 294 294 const struct net_device *out, 295 295 unsigned int hooknum, ··· 305 305 * is only decremented by destroy() - and ip_tables guarantees 306 306 * that the ->target() function isn't called after ->destroy() */ 307 307 308 - ct = nf_ct_get(*pskb, &ctinfo); 308 + ct = nf_ct_get(skb, &ctinfo); 309 309 if (ct == NULL) { 310 310 printk(KERN_ERR "CLUSTERIP: no conntrack!\n"); 311 311 /* FIXME: need to drop invalid ones, since replies ··· 316 316 317 317 /* special case: ICMP error handling. conntrack distinguishes between 318 318 * error messages (RELATED) and information requests (see below) */ 319 - if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP 319 + if (ip_hdr(skb)->protocol == IPPROTO_ICMP 320 320 && (ctinfo == IP_CT_RELATED 321 321 || ctinfo == IP_CT_RELATED+IP_CT_IS_REPLY)) 322 322 return XT_CONTINUE; ··· 325 325 * TIMESTAMP, INFO_REQUEST or ADDRESS type icmp packets from here 326 326 * on, which all have an ID field [relevant for hashing]. */ 327 327 328 - hash = clusterip_hashfn(*pskb, cipinfo->config); 328 + hash = clusterip_hashfn(skb, cipinfo->config); 329 329 330 330 switch (ctinfo) { 331 331 case IP_CT_NEW: ··· 355 355 356 356 /* despite being received via linklayer multicast, this is 357 357 * actually a unicast IP packet. TCP doesn't like PACKET_MULTICAST */ 358 - (*pskb)->pkt_type = PACKET_HOST; 358 + skb->pkt_type = PACKET_HOST; 359 359 360 360 return XT_CONTINUE; 361 361 } ··· 505 505 506 506 static unsigned int 507 507 arp_mangle(unsigned int hook, 508 - struct sk_buff **pskb, 508 + struct sk_buff *skb, 509 509 const struct net_device *in, 510 510 const struct net_device *out, 511 511 int (*okfn)(struct sk_buff *)) 512 512 { 513 - struct arphdr *arp = arp_hdr(*pskb); 513 + struct arphdr *arp = arp_hdr(skb); 514 514 struct arp_payload *payload; 515 515 struct clusterip_config *c; 516 516

+13 -14

net/ipv4/netfilter/ipt_ECN.c

··· 26 26 /* set ECT codepoint from IP header. 27 27 * return false if there was an error. */ 28 28 static inline bool 29 - set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) 29 + set_ect_ip(struct sk_buff *skb, const struct ipt_ECN_info *einfo) 30 30 { 31 - struct iphdr *iph = ip_hdr(*pskb); 31 + struct iphdr *iph = ip_hdr(skb); 32 32 33 33 if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) { 34 34 __u8 oldtos; 35 - if (!skb_make_writable(*pskb, sizeof(struct iphdr))) 35 + if (!skb_make_writable(skb, sizeof(struct iphdr))) 36 36 return false; 37 - iph = ip_hdr(*pskb); 37 + iph = ip_hdr(skb); 38 38 oldtos = iph->tos; 39 39 iph->tos &= ~IPT_ECN_IP_MASK; 40 40 iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK); ··· 45 45 46 46 /* Return false if there was an error. */ 47 47 static inline bool 48 - set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) 48 + set_ect_tcp(struct sk_buff *skb, const struct ipt_ECN_info *einfo) 49 49 { 50 50 struct tcphdr _tcph, *tcph; 51 51 __be16 oldval; 52 52 53 53 /* Not enought header? */ 54 - tcph = skb_header_pointer(*pskb, ip_hdrlen(*pskb), 55 - sizeof(_tcph), &_tcph); 54 + tcph = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph); 56 55 if (!tcph) 57 56 return false; 58 57 ··· 61 62 tcph->cwr == einfo->proto.tcp.cwr)) 62 63 return true; 63 64 64 - if (!skb_make_writable(*pskb, ip_hdrlen(*pskb) + sizeof(*tcph))) 65 + if (!skb_make_writable(skb, ip_hdrlen(skb) + sizeof(*tcph))) 65 66 return false; 66 - tcph = (void *)ip_hdr(*pskb) + ip_hdrlen(*pskb); 67 + tcph = (void *)ip_hdr(skb) + ip_hdrlen(skb); 67 68 68 69 oldval = ((__be16 *)tcph)[6]; 69 70 if (einfo->operation & IPT_ECN_OP_SET_ECE) ··· 71 72 if (einfo->operation & IPT_ECN_OP_SET_CWR) 72 73 tcph->cwr = einfo->proto.tcp.cwr; 73 74 74 - nf_proto_csum_replace2(&tcph->check, *pskb, 75 + nf_proto_csum_replace2(&tcph->check, skb, 75 76 oldval, ((__be16 *)tcph)[6], 0); 76 77 return true; 77 78 } 78 79 79 80 static unsigned int 80 - target(struct sk_buff **pskb, 81 + target(struct sk_buff *skb, 81 82 const struct net_device *in, 82 83 const struct net_device *out, 83 84 unsigned int hooknum, ··· 87 88 const struct ipt_ECN_info *einfo = targinfo; 88 89 89 90 if (einfo->operation & IPT_ECN_OP_SET_IP) 90 - if (!set_ect_ip(pskb, einfo)) 91 + if (!set_ect_ip(skb, einfo)) 91 92 return NF_DROP; 92 93 93 94 if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR) 94 - && ip_hdr(*pskb)->protocol == IPPROTO_TCP) 95 - if (!set_ect_tcp(pskb, einfo)) 95 + && ip_hdr(skb)->protocol == IPPROTO_TCP) 96 + if (!set_ect_tcp(skb, einfo)) 96 97 return NF_DROP; 97 98 98 99 return XT_CONTINUE;

+2 -2

net/ipv4/netfilter/ipt_LOG.c

··· 418 418 } 419 419 420 420 static unsigned int 421 - ipt_log_target(struct sk_buff **pskb, 421 + ipt_log_target(struct sk_buff *skb, 422 422 const struct net_device *in, 423 423 const struct net_device *out, 424 424 unsigned int hooknum, ··· 432 432 li.u.log.level = loginfo->level; 433 433 li.u.log.logflags = loginfo->logflags; 434 434 435 - ipt_log_packet(PF_INET, hooknum, *pskb, in, out, &li, 435 + ipt_log_packet(PF_INET, hooknum, skb, in, out, &li, 436 436 loginfo->prefix); 437 437 return XT_CONTINUE; 438 438 }

+3 -3

net/ipv4/netfilter/ipt_MASQUERADE.c

··· 52 52 } 53 53 54 54 static unsigned int 55 - masquerade_target(struct sk_buff **pskb, 55 + masquerade_target(struct sk_buff *skb, 56 56 const struct net_device *in, 57 57 const struct net_device *out, 58 58 unsigned int hooknum, ··· 69 69 70 70 NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); 71 71 72 - ct = nf_ct_get(*pskb, &ctinfo); 72 + ct = nf_ct_get(skb, &ctinfo); 73 73 nat = nfct_nat(ct); 74 74 75 75 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ··· 82 82 return NF_ACCEPT; 83 83 84 84 mr = targinfo; 85 - rt = (struct rtable *)(*pskb)->dst; 85 + rt = (struct rtable *)skb->dst; 86 86 newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE); 87 87 if (!newsrc) { 88 88 printk("MASQUERADE: %s ate my IP address\n", out->name);

+4 -4

net/ipv4/netfilter/ipt_NETMAP.c

··· 43 43 } 44 44 45 45 static unsigned int 46 - target(struct sk_buff **pskb, 46 + target(struct sk_buff *skb, 47 47 const struct net_device *in, 48 48 const struct net_device *out, 49 49 unsigned int hooknum, ··· 59 59 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING 60 60 || hooknum == NF_IP_POST_ROUTING 61 61 || hooknum == NF_IP_LOCAL_OUT); 62 - ct = nf_ct_get(*pskb, &ctinfo); 62 + ct = nf_ct_get(skb, &ctinfo); 63 63 64 64 netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip); 65 65 66 66 if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT) 67 - new_ip = ip_hdr(*pskb)->daddr & ~netmask; 67 + new_ip = ip_hdr(skb)->daddr & ~netmask; 68 68 else 69 - new_ip = ip_hdr(*pskb)->saddr & ~netmask; 69 + new_ip = ip_hdr(skb)->saddr & ~netmask; 70 70 new_ip |= mr->range[0].min_ip & netmask; 71 71 72 72 newrange = ((struct nf_nat_range)

+3 -3

net/ipv4/netfilter/ipt_REDIRECT.c

··· 47 47 } 48 48 49 49 static unsigned int 50 - redirect_target(struct sk_buff **pskb, 50 + redirect_target(struct sk_buff *skb, 51 51 const struct net_device *in, 52 52 const struct net_device *out, 53 53 unsigned int hooknum, ··· 63 63 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING 64 64 || hooknum == NF_IP_LOCAL_OUT); 65 65 66 - ct = nf_ct_get(*pskb, &ctinfo); 66 + ct = nf_ct_get(skb, &ctinfo); 67 67 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); 68 68 69 69 /* Local packets: make them go to loopback */ ··· 76 76 newdst = 0; 77 77 78 78 rcu_read_lock(); 79 - indev = __in_dev_get_rcu((*pskb)->dev); 79 + indev = __in_dev_get_rcu(skb->dev); 80 80 if (indev && (ifa = indev->ifa_list)) 81 81 newdst = ifa->ifa_local; 82 82 rcu_read_unlock();

+11 -11

net/ipv4/netfilter/ipt_REJECT.c

··· 131 131 ) 132 132 addr_type = RTN_LOCAL; 133 133 134 - if (ip_route_me_harder(&nskb, addr_type)) 134 + if (ip_route_me_harder(nskb, addr_type)) 135 135 goto free_nskb; 136 136 137 137 nskb->ip_summed = CHECKSUM_NONE; ··· 162 162 icmp_send(skb_in, ICMP_DEST_UNREACH, code, 0); 163 163 } 164 164 165 - static unsigned int reject(struct sk_buff **pskb, 165 + static unsigned int reject(struct sk_buff *skb, 166 166 const struct net_device *in, 167 167 const struct net_device *out, 168 168 unsigned int hooknum, ··· 173 173 174 174 /* Our naive response construction doesn't deal with IP 175 175 options, and probably shouldn't try. */ 176 - if (ip_hdrlen(*pskb) != sizeof(struct iphdr)) 176 + if (ip_hdrlen(skb) != sizeof(struct iphdr)) 177 177 return NF_DROP; 178 178 179 179 /* WARNING: This code causes reentry within iptables. ··· 181 181 must return an absolute verdict. --RR */ 182 182 switch (reject->with) { 183 183 case IPT_ICMP_NET_UNREACHABLE: 184 - send_unreach(*pskb, ICMP_NET_UNREACH); 184 + send_unreach(skb, ICMP_NET_UNREACH); 185 185 break; 186 186 case IPT_ICMP_HOST_UNREACHABLE: 187 - send_unreach(*pskb, ICMP_HOST_UNREACH); 187 + send_unreach(skb, ICMP_HOST_UNREACH); 188 188 break; 189 189 case IPT_ICMP_PROT_UNREACHABLE: 190 - send_unreach(*pskb, ICMP_PROT_UNREACH); 190 + send_unreach(skb, ICMP_PROT_UNREACH); 191 191 break; 192 192 case IPT_ICMP_PORT_UNREACHABLE: 193 - send_unreach(*pskb, ICMP_PORT_UNREACH); 193 + send_unreach(skb, ICMP_PORT_UNREACH); 194 194 break; 195 195 case IPT_ICMP_NET_PROHIBITED: 196 - send_unreach(*pskb, ICMP_NET_ANO); 196 + send_unreach(skb, ICMP_NET_ANO); 197 197 break; 198 198 case IPT_ICMP_HOST_PROHIBITED: 199 - send_unreach(*pskb, ICMP_HOST_ANO); 199 + send_unreach(skb, ICMP_HOST_ANO); 200 200 break; 201 201 case IPT_ICMP_ADMIN_PROHIBITED: 202 - send_unreach(*pskb, ICMP_PKT_FILTERED); 202 + send_unreach(skb, ICMP_PKT_FILTERED); 203 203 break; 204 204 case IPT_TCP_RESET: 205 - send_reset(*pskb, hooknum); 205 + send_reset(skb, hooknum); 206 206 case IPT_ICMP_ECHOREPLY: 207 207 /* Doesn't happen. */ 208 208 break;

+2 -2

net/ipv4/netfilter/ipt_SAME.c

··· 104 104 } 105 105 106 106 static unsigned int 107 - same_target(struct sk_buff **pskb, 107 + same_target(struct sk_buff *skb, 108 108 const struct net_device *in, 109 109 const struct net_device *out, 110 110 unsigned int hooknum, ··· 121 121 122 122 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || 123 123 hooknum == NF_IP_POST_ROUTING); 124 - ct = nf_ct_get(*pskb, &ctinfo); 124 + ct = nf_ct_get(skb, &ctinfo); 125 125 126 126 t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; 127 127

+4 -4

net/ipv4/netfilter/ipt_TOS.c

··· 21 21 MODULE_DESCRIPTION("iptables TOS mangling module"); 22 22 23 23 static unsigned int 24 - target(struct sk_buff **pskb, 24 + target(struct sk_buff *skb, 25 25 const struct net_device *in, 26 26 const struct net_device *out, 27 27 unsigned int hooknum, ··· 29 29 const void *targinfo) 30 30 { 31 31 const struct ipt_tos_target_info *tosinfo = targinfo; 32 - struct iphdr *iph = ip_hdr(*pskb); 32 + struct iphdr *iph = ip_hdr(skb); 33 33 34 34 if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) { 35 35 __u8 oldtos; 36 - if (!skb_make_writable(*pskb, sizeof(struct iphdr))) 36 + if (!skb_make_writable(skb, sizeof(struct iphdr))) 37 37 return NF_DROP; 38 - iph = ip_hdr(*pskb); 38 + iph = ip_hdr(skb); 39 39 oldtos = iph->tos; 40 40 iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos; 41 41 nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos));

+3 -3

net/ipv4/netfilter/ipt_TTL.c

··· 20 20 MODULE_LICENSE("GPL"); 21 21 22 22 static unsigned int 23 - ipt_ttl_target(struct sk_buff **pskb, 23 + ipt_ttl_target(struct sk_buff *skb, 24 24 const struct net_device *in, const struct net_device *out, 25 25 unsigned int hooknum, const struct xt_target *target, 26 26 const void *targinfo) ··· 29 29 const struct ipt_TTL_info *info = targinfo; 30 30 int new_ttl; 31 31 32 - if (!skb_make_writable(*pskb, (*pskb)->len)) 32 + if (!skb_make_writable(skb, skb->len)) 33 33 return NF_DROP; 34 34 35 - iph = ip_hdr(*pskb); 35 + iph = ip_hdr(skb); 36 36 37 37 switch (info->mode) { 38 38 case IPT_TTL_SET:

+2 -2

net/ipv4/netfilter/ipt_ULOG.c

··· 279 279 spin_unlock_bh(&ulog_lock); 280 280 } 281 281 282 - static unsigned int ipt_ulog_target(struct sk_buff **pskb, 282 + static unsigned int ipt_ulog_target(struct sk_buff *skb, 283 283 const struct net_device *in, 284 284 const struct net_device *out, 285 285 unsigned int hooknum, ··· 288 288 { 289 289 struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; 290 290 291 - ipt_ulog_packet(hooknum, *pskb, in, out, loginfo, NULL); 291 + ipt_ulog_packet(hooknum, skb, in, out, loginfo, NULL); 292 292 293 293 return XT_CONTINUE; 294 294 }

+6 -6

net/ipv4/netfilter/iptable_filter.c

··· 62 62 /* The work comes in here from netfilter.c. */ 63 63 static unsigned int 64 64 ipt_hook(unsigned int hook, 65 - struct sk_buff **pskb, 65 + struct sk_buff *skb, 66 66 const struct net_device *in, 67 67 const struct net_device *out, 68 68 int (*okfn)(struct sk_buff *)) 69 69 { 70 - return ipt_do_table(pskb, hook, in, out, &packet_filter); 70 + return ipt_do_table(skb, hook, in, out, &packet_filter); 71 71 } 72 72 73 73 static unsigned int 74 74 ipt_local_out_hook(unsigned int hook, 75 - struct sk_buff **pskb, 75 + struct sk_buff *skb, 76 76 const struct net_device *in, 77 77 const struct net_device *out, 78 78 int (*okfn)(struct sk_buff *)) 79 79 { 80 80 /* root is playing with raw sockets. */ 81 - if ((*pskb)->len < sizeof(struct iphdr) 82 - || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 81 + if (skb->len < sizeof(struct iphdr) || 82 + ip_hdrlen(skb) < sizeof(struct iphdr)) { 83 83 if (net_ratelimit()) 84 84 printk("iptable_filter: ignoring short SOCK_RAW " 85 85 "packet.\n"); 86 86 return NF_ACCEPT; 87 87 } 88 88 89 - return ipt_do_table(pskb, hook, in, out, &packet_filter); 89 + return ipt_do_table(skb, hook, in, out, &packet_filter); 90 90 } 91 91 92 92 static struct nf_hook_ops ipt_ops[] = {

+11 -11

net/ipv4/netfilter/iptable_mangle.c

··· 75 75 /* The work comes in here from netfilter.c. */ 76 76 static unsigned int 77 77 ipt_route_hook(unsigned int hook, 78 - struct sk_buff **pskb, 78 + struct sk_buff *skb, 79 79 const struct net_device *in, 80 80 const struct net_device *out, 81 81 int (*okfn)(struct sk_buff *)) 82 82 { 83 - return ipt_do_table(pskb, hook, in, out, &packet_mangler); 83 + return ipt_do_table(skb, hook, in, out, &packet_mangler); 84 84 } 85 85 86 86 static unsigned int 87 87 ipt_local_hook(unsigned int hook, 88 - struct sk_buff **pskb, 88 + struct sk_buff *skb, 89 89 const struct net_device *in, 90 90 const struct net_device *out, 91 91 int (*okfn)(struct sk_buff *)) ··· 97 97 u_int32_t mark; 98 98 99 99 /* root is playing with raw sockets. */ 100 - if ((*pskb)->len < sizeof(struct iphdr) 101 - || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 100 + if (skb->len < sizeof(struct iphdr) 101 + || ip_hdrlen(skb) < sizeof(struct iphdr)) { 102 102 if (net_ratelimit()) 103 103 printk("iptable_mangle: ignoring short SOCK_RAW " 104 104 "packet.\n"); ··· 106 106 } 107 107 108 108 /* Save things which could affect route */ 109 - mark = (*pskb)->mark; 110 - iph = ip_hdr(*pskb); 109 + mark = skb->mark; 110 + iph = ip_hdr(skb); 111 111 saddr = iph->saddr; 112 112 daddr = iph->daddr; 113 113 tos = iph->tos; 114 114 115 - ret = ipt_do_table(pskb, hook, in, out, &packet_mangler); 115 + ret = ipt_do_table(skb, hook, in, out, &packet_mangler); 116 116 /* Reroute for ANY change. */ 117 117 if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) { 118 - iph = ip_hdr(*pskb); 118 + iph = ip_hdr(skb); 119 119 120 120 if (iph->saddr != saddr || 121 121 iph->daddr != daddr || 122 - (*pskb)->mark != mark || 122 + skb->mark != mark || 123 123 iph->tos != tos) 124 - if (ip_route_me_harder(pskb, RTN_UNSPEC)) 124 + if (ip_route_me_harder(skb, RTN_UNSPEC)) 125 125 ret = NF_DROP; 126 126 } 127 127

+6 -6

net/ipv4/netfilter/iptable_raw.c

··· 47 47 /* The work comes in here from netfilter.c. */ 48 48 static unsigned int 49 49 ipt_hook(unsigned int hook, 50 - struct sk_buff **pskb, 50 + struct sk_buff *skb, 51 51 const struct net_device *in, 52 52 const struct net_device *out, 53 53 int (*okfn)(struct sk_buff *)) 54 54 { 55 - return ipt_do_table(pskb, hook, in, out, &packet_raw); 55 + return ipt_do_table(skb, hook, in, out, &packet_raw); 56 56 } 57 57 58 58 static unsigned int 59 59 ipt_local_hook(unsigned int hook, 60 - struct sk_buff **pskb, 60 + struct sk_buff *skb, 61 61 const struct net_device *in, 62 62 const struct net_device *out, 63 63 int (*okfn)(struct sk_buff *)) 64 64 { 65 65 /* root is playing with raw sockets. */ 66 - if ((*pskb)->len < sizeof(struct iphdr) || 67 - ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 66 + if (skb->len < sizeof(struct iphdr) || 67 + ip_hdrlen(skb) < sizeof(struct iphdr)) { 68 68 if (net_ratelimit()) 69 69 printk("iptable_raw: ignoring short SOCK_RAW" 70 70 "packet.\n"); 71 71 return NF_ACCEPT; 72 72 } 73 - return ipt_do_table(pskb, hook, in, out, &packet_raw); 73 + return ipt_do_table(skb, hook, in, out, &packet_raw); 74 74 } 75 75 76 76 /* 'raw' is the very first table. */

+15 -15

net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c

··· 100 100 } 101 101 102 102 static unsigned int ipv4_confirm(unsigned int hooknum, 103 - struct sk_buff **pskb, 103 + struct sk_buff *skb, 104 104 const struct net_device *in, 105 105 const struct net_device *out, 106 106 int (*okfn)(struct sk_buff *)) 107 107 { 108 108 /* We've seen it coming out the other side: confirm it */ 109 - return nf_conntrack_confirm(pskb); 109 + return nf_conntrack_confirm(skb); 110 110 } 111 111 112 112 static unsigned int ipv4_conntrack_help(unsigned int hooknum, 113 - struct sk_buff **pskb, 113 + struct sk_buff *skb, 114 114 const struct net_device *in, 115 115 const struct net_device *out, 116 116 int (*okfn)(struct sk_buff *)) ··· 121 121 struct nf_conntrack_helper *helper; 122 122 123 123 /* This is where we call the helper: as the packet goes out. */ 124 - ct = nf_ct_get(*pskb, &ctinfo); 124 + ct = nf_ct_get(skb, &ctinfo); 125 125 if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY) 126 126 return NF_ACCEPT; 127 127 ··· 132 132 helper = rcu_dereference(help->helper); 133 133 if (!helper) 134 134 return NF_ACCEPT; 135 - return helper->help(pskb, skb_network_offset(*pskb) + ip_hdrlen(*pskb), 135 + return helper->help(skb, skb_network_offset(skb) + ip_hdrlen(skb), 136 136 ct, ctinfo); 137 137 } 138 138 139 139 static unsigned int ipv4_conntrack_defrag(unsigned int hooknum, 140 - struct sk_buff **pskb, 140 + struct sk_buff *skb, 141 141 const struct net_device *in, 142 142 const struct net_device *out, 143 143 int (*okfn)(struct sk_buff *)) 144 144 { 145 145 /* Previously seen (loopback)? Ignore. Do this before 146 146 fragment check. */ 147 - if ((*pskb)->nfct) 147 + if (skb->nfct) 148 148 return NF_ACCEPT; 149 149 150 150 /* Gather fragments. */ 151 - if (ip_hdr(*pskb)->frag_off & htons(IP_MF | IP_OFFSET)) { 152 - if (nf_ct_ipv4_gather_frags(*pskb, 151 + if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { 152 + if (nf_ct_ipv4_gather_frags(skb, 153 153 hooknum == NF_IP_PRE_ROUTING ? 154 154 IP_DEFRAG_CONNTRACK_IN : 155 155 IP_DEFRAG_CONNTRACK_OUT)) ··· 159 159 } 160 160 161 161 static unsigned int ipv4_conntrack_in(unsigned int hooknum, 162 - struct sk_buff **pskb, 162 + struct sk_buff *skb, 163 163 const struct net_device *in, 164 164 const struct net_device *out, 165 165 int (*okfn)(struct sk_buff *)) 166 166 { 167 - return nf_conntrack_in(PF_INET, hooknum, pskb); 167 + return nf_conntrack_in(PF_INET, hooknum, skb); 168 168 } 169 169 170 170 static unsigned int ipv4_conntrack_local(unsigned int hooknum, 171 - struct sk_buff **pskb, 171 + struct sk_buff *skb, 172 172 const struct net_device *in, 173 173 const struct net_device *out, 174 174 int (*okfn)(struct sk_buff *)) 175 175 { 176 176 /* root is playing with raw sockets. */ 177 - if ((*pskb)->len < sizeof(struct iphdr) 178 - || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 177 + if (skb->len < sizeof(struct iphdr) || 178 + ip_hdrlen(skb) < sizeof(struct iphdr)) { 179 179 if (net_ratelimit()) 180 180 printk("ipt_hook: happy cracking.\n"); 181 181 return NF_ACCEPT; 182 182 } 183 - return nf_conntrack_in(PF_INET, hooknum, pskb); 183 + return nf_conntrack_in(PF_INET, hooknum, skb); 184 184 } 185 185 186 186 /* Connection tracking may drop packets, but never alters them, so

+2 -2

net/ipv4/netfilter/nf_nat_amanda.c

··· 24 24 MODULE_LICENSE("GPL"); 25 25 MODULE_ALIAS("ip_nat_amanda"); 26 26 27 - static unsigned int help(struct sk_buff **pskb, 27 + static unsigned int help(struct sk_buff *skb, 28 28 enum ip_conntrack_info ctinfo, 29 29 unsigned int matchoff, 30 30 unsigned int matchlen, ··· 53 53 return NF_DROP; 54 54 55 55 sprintf(buffer, "%u", port); 56 - ret = nf_nat_mangle_udp_packet(pskb, exp->master, ctinfo, 56 + ret = nf_nat_mangle_udp_packet(skb, exp->master, ctinfo, 57 57 matchoff, matchlen, 58 58 buffer, strlen(buffer)); 59 59 if (ret != NF_ACCEPT)

+25 -25

net/ipv4/netfilter/nf_nat_core.c

··· 349 349 /* Returns true if succeeded. */ 350 350 static int 351 351 manip_pkt(u_int16_t proto, 352 - struct sk_buff **pskb, 352 + struct sk_buff *skb, 353 353 unsigned int iphdroff, 354 354 const struct nf_conntrack_tuple *target, 355 355 enum nf_nat_manip_type maniptype) ··· 357 357 struct iphdr *iph; 358 358 struct nf_nat_protocol *p; 359 359 360 - if (!skb_make_writable(*pskb, iphdroff + sizeof(*iph))) 360 + if (!skb_make_writable(skb, iphdroff + sizeof(*iph))) 361 361 return 0; 362 362 363 - iph = (void *)(*pskb)->data + iphdroff; 363 + iph = (void *)skb->data + iphdroff; 364 364 365 365 /* Manipulate protcol part. */ 366 366 367 367 /* rcu_read_lock()ed by nf_hook_slow */ 368 368 p = __nf_nat_proto_find(proto); 369 - if (!p->manip_pkt(pskb, iphdroff, target, maniptype)) 369 + if (!p->manip_pkt(skb, iphdroff, target, maniptype)) 370 370 return 0; 371 371 372 - iph = (void *)(*pskb)->data + iphdroff; 372 + iph = (void *)skb->data + iphdroff; 373 373 374 374 if (maniptype == IP_NAT_MANIP_SRC) { 375 375 nf_csum_replace4(&iph->check, iph->saddr, target->src.u3.ip); ··· 385 385 unsigned int nf_nat_packet(struct nf_conn *ct, 386 386 enum ip_conntrack_info ctinfo, 387 387 unsigned int hooknum, 388 - struct sk_buff **pskb) 388 + struct sk_buff *skb) 389 389 { 390 390 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 391 391 unsigned long statusbit; ··· 407 407 /* We are aiming to look like inverse of other direction. */ 408 408 nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple); 409 409 410 - if (!manip_pkt(target.dst.protonum, pskb, 0, &target, mtype)) 410 + if (!manip_pkt(target.dst.protonum, skb, 0, &target, mtype)) 411 411 return NF_DROP; 412 412 } 413 413 return NF_ACCEPT; ··· 418 418 int nf_nat_icmp_reply_translation(struct nf_conn *ct, 419 419 enum ip_conntrack_info ctinfo, 420 420 unsigned int hooknum, 421 - struct sk_buff **pskb) 421 + struct sk_buff *skb) 422 422 { 423 423 struct { 424 424 struct icmphdr icmp; ··· 426 426 } *inside; 427 427 struct nf_conntrack_l4proto *l4proto; 428 428 struct nf_conntrack_tuple inner, target; 429 - int hdrlen = ip_hdrlen(*pskb); 429 + int hdrlen = ip_hdrlen(skb); 430 430 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 431 431 unsigned long statusbit; 432 432 enum nf_nat_manip_type manip = HOOK2MANIP(hooknum); 433 433 434 - if (!skb_make_writable(*pskb, hdrlen + sizeof(*inside))) 434 + if (!skb_make_writable(skb, hdrlen + sizeof(*inside))) 435 435 return 0; 436 436 437 - inside = (void *)(*pskb)->data + ip_hdrlen(*pskb); 437 + inside = (void *)skb->data + ip_hdrlen(skb); 438 438 439 439 /* We're actually going to mangle it beyond trivial checksum 440 440 adjustment, so make sure the current checksum is correct. */ 441 - if (nf_ip_checksum(*pskb, hooknum, hdrlen, 0)) 441 + if (nf_ip_checksum(skb, hooknum, hdrlen, 0)) 442 442 return 0; 443 443 444 444 /* Must be RELATED */ 445 - NF_CT_ASSERT((*pskb)->nfctinfo == IP_CT_RELATED || 446 - (*pskb)->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY); 445 + NF_CT_ASSERT(skb->nfctinfo == IP_CT_RELATED || 446 + skb->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY); 447 447 448 448 /* Redirects on non-null nats must be dropped, else they'll 449 449 start talking to each other without our translation, and be ··· 458 458 } 459 459 460 460 pr_debug("icmp_reply_translation: translating error %p manip %u " 461 - "dir %s\n", *pskb, manip, 461 + "dir %s\n", skb, manip, 462 462 dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY"); 463 463 464 464 /* rcu_read_lock()ed by nf_hook_slow */ 465 465 l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol); 466 466 467 - if (!nf_ct_get_tuple(*pskb, 468 - ip_hdrlen(*pskb) + sizeof(struct icmphdr), 469 - (ip_hdrlen(*pskb) + 467 + if (!nf_ct_get_tuple(skb, 468 + ip_hdrlen(skb) + sizeof(struct icmphdr), 469 + (ip_hdrlen(skb) + 470 470 sizeof(struct icmphdr) + inside->ip.ihl * 4), 471 471 (u_int16_t)AF_INET, 472 472 inside->ip.protocol, ··· 478 478 pass all hooks (locally-generated ICMP). Consider incoming 479 479 packet: PREROUTING (DST manip), routing produces ICMP, goes 480 480 through POSTROUTING (which must correct the DST manip). */ 481 - if (!manip_pkt(inside->ip.protocol, pskb, 482 - ip_hdrlen(*pskb) + sizeof(inside->icmp), 481 + if (!manip_pkt(inside->ip.protocol, skb, 482 + ip_hdrlen(skb) + sizeof(inside->icmp), 483 483 &ct->tuplehash[!dir].tuple, 484 484 !manip)) 485 485 return 0; 486 486 487 - if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { 487 + if (skb->ip_summed != CHECKSUM_PARTIAL) { 488 488 /* Reloading "inside" here since manip_pkt inner. */ 489 - inside = (void *)(*pskb)->data + ip_hdrlen(*pskb); 489 + inside = (void *)skb->data + ip_hdrlen(skb); 490 490 inside->icmp.checksum = 0; 491 491 inside->icmp.checksum = 492 - csum_fold(skb_checksum(*pskb, hdrlen, 493 - (*pskb)->len - hdrlen, 0)); 492 + csum_fold(skb_checksum(skb, hdrlen, 493 + skb->len - hdrlen, 0)); 494 494 } 495 495 496 496 /* Change outer to look the reply to an incoming packet ··· 506 506 507 507 if (ct->status & statusbit) { 508 508 nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple); 509 - if (!manip_pkt(0, pskb, 0, &target, manip)) 509 + if (!manip_pkt(0, skb, 0, &target, manip)) 510 510 return 0; 511 511 } 512 512

+9 -9

net/ipv4/netfilter/nf_nat_ftp.c

··· 28 28 /* FIXME: Time out? --RR */ 29 29 30 30 static int 31 - mangle_rfc959_packet(struct sk_buff **pskb, 31 + mangle_rfc959_packet(struct sk_buff *skb, 32 32 __be32 newip, 33 33 u_int16_t port, 34 34 unsigned int matchoff, ··· 43 43 44 44 pr_debug("calling nf_nat_mangle_tcp_packet\n"); 45 45 46 - return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, 46 + return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff, 47 47 matchlen, buffer, strlen(buffer)); 48 48 } 49 49 50 50 /* |1|132.235.1.2|6275| */ 51 51 static int 52 - mangle_eprt_packet(struct sk_buff **pskb, 52 + mangle_eprt_packet(struct sk_buff *skb, 53 53 __be32 newip, 54 54 u_int16_t port, 55 55 unsigned int matchoff, ··· 63 63 64 64 pr_debug("calling nf_nat_mangle_tcp_packet\n"); 65 65 66 - return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, 66 + return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff, 67 67 matchlen, buffer, strlen(buffer)); 68 68 } 69 69 70 70 /* |1|132.235.1.2|6275| */ 71 71 static int 72 - mangle_epsv_packet(struct sk_buff **pskb, 72 + mangle_epsv_packet(struct sk_buff *skb, 73 73 __be32 newip, 74 74 u_int16_t port, 75 75 unsigned int matchoff, ··· 83 83 84 84 pr_debug("calling nf_nat_mangle_tcp_packet\n"); 85 85 86 - return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, 86 + return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff, 87 87 matchlen, buffer, strlen(buffer)); 88 88 } 89 89 90 - static int (*mangle[])(struct sk_buff **, __be32, u_int16_t, 90 + static int (*mangle[])(struct sk_buff *, __be32, u_int16_t, 91 91 unsigned int, unsigned int, struct nf_conn *, 92 92 enum ip_conntrack_info) 93 93 = { ··· 99 99 100 100 /* So, this packet has hit the connection tracking matching code. 101 101 Mangle it, and change the expectation to match the new version. */ 102 - static unsigned int nf_nat_ftp(struct sk_buff **pskb, 102 + static unsigned int nf_nat_ftp(struct sk_buff *skb, 103 103 enum ip_conntrack_info ctinfo, 104 104 enum nf_ct_ftp_type type, 105 105 unsigned int matchoff, ··· 132 132 if (port == 0) 133 133 return NF_DROP; 134 134 135 - if (!mangle[type](pskb, newip, port, matchoff, matchlen, ct, ctinfo)) { 135 + if (!mangle[type](skb, newip, port, matchoff, matchlen, ct, ctinfo)) { 136 136 nf_ct_unexpect_related(exp); 137 137 return NF_DROP; 138 138 }

+28 -30

net/ipv4/netfilter/nf_nat_h323.c

··· 22 22 #include <linux/netfilter/nf_conntrack_h323.h> 23 23 24 24 /****************************************************************************/ 25 - static int set_addr(struct sk_buff **pskb, 25 + static int set_addr(struct sk_buff *skb, 26 26 unsigned char **data, int dataoff, 27 27 unsigned int addroff, __be32 ip, __be16 port) 28 28 { 29 29 enum ip_conntrack_info ctinfo; 30 - struct nf_conn *ct = nf_ct_get(*pskb, &ctinfo); 30 + struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 31 31 struct { 32 32 __be32 ip; 33 33 __be16 port; ··· 38 38 buf.port = port; 39 39 addroff += dataoff; 40 40 41 - if (ip_hdr(*pskb)->protocol == IPPROTO_TCP) { 42 - if (!nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, 41 + if (ip_hdr(skb)->protocol == IPPROTO_TCP) { 42 + if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, 43 43 addroff, sizeof(buf), 44 44 (char *) &buf, sizeof(buf))) { 45 45 if (net_ratelimit()) ··· 49 49 } 50 50 51 51 /* Relocate data pointer */ 52 - th = skb_header_pointer(*pskb, ip_hdrlen(*pskb), 52 + th = skb_header_pointer(skb, ip_hdrlen(skb), 53 53 sizeof(_tcph), &_tcph); 54 54 if (th == NULL) 55 55 return -1; 56 - *data = (*pskb)->data + ip_hdrlen(*pskb) + 57 - th->doff * 4 + dataoff; 56 + *data = skb->data + ip_hdrlen(skb) + th->doff * 4 + dataoff; 58 57 } else { 59 - if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, 58 + if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo, 60 59 addroff, sizeof(buf), 61 60 (char *) &buf, sizeof(buf))) { 62 61 if (net_ratelimit()) ··· 66 67 /* nf_nat_mangle_udp_packet uses skb_make_writable() to copy 67 68 * or pull everything in a linear buffer, so we can safely 68 69 * use the skb pointers now */ 69 - *data = ((*pskb)->data + ip_hdrlen(*pskb) + 70 - sizeof(struct udphdr)); 70 + *data = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr); 71 71 } 72 72 73 73 return 0; 74 74 } 75 75 76 76 /****************************************************************************/ 77 - static int set_h225_addr(struct sk_buff **pskb, 77 + static int set_h225_addr(struct sk_buff *skb, 78 78 unsigned char **data, int dataoff, 79 79 TransportAddress *taddr, 80 80 union nf_conntrack_address *addr, __be16 port) 81 81 { 82 - return set_addr(pskb, data, dataoff, taddr->ipAddress.ip, 82 + return set_addr(skb, data, dataoff, taddr->ipAddress.ip, 83 83 addr->ip, port); 84 84 } 85 85 86 86 /****************************************************************************/ 87 - static int set_h245_addr(struct sk_buff **pskb, 87 + static int set_h245_addr(struct sk_buff *skb, 88 88 unsigned char **data, int dataoff, 89 89 H245_TransportAddress *taddr, 90 90 union nf_conntrack_address *addr, __be16 port) 91 91 { 92 - return set_addr(pskb, data, dataoff, 92 + return set_addr(skb, data, dataoff, 93 93 taddr->unicastAddress.iPAddress.network, 94 94 addr->ip, port); 95 95 } 96 96 97 97 /****************************************************************************/ 98 - static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct, 98 + static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct, 99 99 enum ip_conntrack_info ctinfo, 100 100 unsigned char **data, 101 101 TransportAddress *taddr, int count) ··· 123 125 NIPQUAD(addr.ip), port, 124 126 NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip), 125 127 info->sig_port[!dir]); 126 - return set_h225_addr(pskb, data, 0, &taddr[i], 128 + return set_h225_addr(skb, data, 0, &taddr[i], 127 129 &ct->tuplehash[!dir]. 128 130 tuple.dst.u3, 129 131 info->sig_port[!dir]); ··· 135 137 NIPQUAD(addr.ip), port, 136 138 NIPQUAD(ct->tuplehash[!dir].tuple.src.u3.ip), 137 139 info->sig_port[!dir]); 138 - return set_h225_addr(pskb, data, 0, &taddr[i], 140 + return set_h225_addr(skb, data, 0, &taddr[i], 139 141 &ct->tuplehash[!dir]. 140 142 tuple.src.u3, 141 143 info->sig_port[!dir]); ··· 147 149 } 148 150 149 151 /****************************************************************************/ 150 - static int set_ras_addr(struct sk_buff **pskb, struct nf_conn *ct, 152 + static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct, 151 153 enum ip_conntrack_info ctinfo, 152 154 unsigned char **data, 153 155 TransportAddress *taddr, int count) ··· 166 168 NIPQUAD(addr.ip), ntohs(port), 167 169 NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip), 168 170 ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port)); 169 - return set_h225_addr(pskb, data, 0, &taddr[i], 171 + return set_h225_addr(skb, data, 0, &taddr[i], 170 172 &ct->tuplehash[!dir].tuple.dst.u3, 171 173 ct->tuplehash[!dir].tuple. 172 174 dst.u.udp.port); ··· 177 179 } 178 180 179 181 /****************************************************************************/ 180 - static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, 182 + static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct, 181 183 enum ip_conntrack_info ctinfo, 182 184 unsigned char **data, int dataoff, 183 185 H245_TransportAddress *taddr, ··· 242 244 } 243 245 244 246 /* Modify signal */ 245 - if (set_h245_addr(pskb, data, dataoff, taddr, 247 + if (set_h245_addr(skb, data, dataoff, taddr, 246 248 &ct->tuplehash[!dir].tuple.dst.u3, 247 249 htons((port & htons(1)) ? nated_port + 1 : 248 250 nated_port)) == 0) { ··· 271 273 } 272 274 273 275 /****************************************************************************/ 274 - static int nat_t120(struct sk_buff **pskb, struct nf_conn *ct, 276 + static int nat_t120(struct sk_buff *skb, struct nf_conn *ct, 275 277 enum ip_conntrack_info ctinfo, 276 278 unsigned char **data, int dataoff, 277 279 H245_TransportAddress *taddr, __be16 port, ··· 299 301 } 300 302 301 303 /* Modify signal */ 302 - if (set_h245_addr(pskb, data, dataoff, taddr, 304 + if (set_h245_addr(skb, data, dataoff, taddr, 303 305 &ct->tuplehash[!dir].tuple.dst.u3, 304 306 htons(nated_port)) < 0) { 305 307 nf_ct_unexpect_related(exp); ··· 316 318 } 317 319 318 320 /****************************************************************************/ 319 - static int nat_h245(struct sk_buff **pskb, struct nf_conn *ct, 321 + static int nat_h245(struct sk_buff *skb, struct nf_conn *ct, 320 322 enum ip_conntrack_info ctinfo, 321 323 unsigned char **data, int dataoff, 322 324 TransportAddress *taddr, __be16 port, ··· 349 351 } 350 352 351 353 /* Modify signal */ 352 - if (set_h225_addr(pskb, data, dataoff, taddr, 354 + if (set_h225_addr(skb, data, dataoff, taddr, 353 355 &ct->tuplehash[!dir].tuple.dst.u3, 354 356 htons(nated_port)) == 0) { 355 357 /* Save ports */ ··· 404 406 } 405 407 406 408 /****************************************************************************/ 407 - static int nat_q931(struct sk_buff **pskb, struct nf_conn *ct, 409 + static int nat_q931(struct sk_buff *skb, struct nf_conn *ct, 408 410 enum ip_conntrack_info ctinfo, 409 411 unsigned char **data, TransportAddress *taddr, int idx, 410 412 __be16 port, struct nf_conntrack_expect *exp) ··· 437 439 } 438 440 439 441 /* Modify signal */ 440 - if (set_h225_addr(pskb, data, 0, &taddr[idx], 442 + if (set_h225_addr(skb, data, 0, &taddr[idx], 441 443 &ct->tuplehash[!dir].tuple.dst.u3, 442 444 htons(nated_port)) == 0) { 443 445 /* Save ports */ ··· 448 450 if (idx > 0 && 449 451 get_h225_addr(ct, *data, &taddr[0], &addr, &port) && 450 452 (ntohl(addr.ip) & 0xff000000) == 0x7f000000) { 451 - set_h225_addr(pskb, data, 0, &taddr[0], 453 + set_h225_addr(skb, data, 0, &taddr[0], 452 454 &ct->tuplehash[!dir].tuple.dst.u3, 453 455 info->sig_port[!dir]); 454 456 } ··· 493 495 } 494 496 495 497 /****************************************************************************/ 496 - static int nat_callforwarding(struct sk_buff **pskb, struct nf_conn *ct, 498 + static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct, 497 499 enum ip_conntrack_info ctinfo, 498 500 unsigned char **data, int dataoff, 499 501 TransportAddress *taddr, __be16 port, ··· 523 525 } 524 526 525 527 /* Modify signal */ 526 - if (!set_h225_addr(pskb, data, dataoff, taddr, 528 + if (!set_h225_addr(skb, data, dataoff, taddr, 527 529 &ct->tuplehash[!dir].tuple.dst.u3, 528 530 htons(nated_port)) == 0) { 529 531 nf_ct_unexpect_related(exp);

+55 -55

net/ipv4/netfilter/nf_nat_helper.c

··· 111 111 } 112 112 113 113 /* Unusual, but possible case. */ 114 - static int enlarge_skb(struct sk_buff **pskb, unsigned int extra) 114 + static int enlarge_skb(struct sk_buff *skb, unsigned int extra) 115 115 { 116 - if ((*pskb)->len + extra > 65535) 116 + if (skb->len + extra > 65535) 117 117 return 0; 118 118 119 - if (pskb_expand_head(*pskb, 0, extra - skb_tailroom(*pskb), GFP_ATOMIC)) 119 + if (pskb_expand_head(skb, 0, extra - skb_tailroom(skb), GFP_ATOMIC)) 120 120 return 0; 121 121 122 122 return 1; ··· 131 131 * 132 132 * */ 133 133 int 134 - nf_nat_mangle_tcp_packet(struct sk_buff **pskb, 134 + nf_nat_mangle_tcp_packet(struct sk_buff *skb, 135 135 struct nf_conn *ct, 136 136 enum ip_conntrack_info ctinfo, 137 137 unsigned int match_offset, ··· 139 139 const char *rep_buffer, 140 140 unsigned int rep_len) 141 141 { 142 - struct rtable *rt = (struct rtable *)(*pskb)->dst; 142 + struct rtable *rt = (struct rtable *)skb->dst; 143 143 struct iphdr *iph; 144 144 struct tcphdr *tcph; 145 145 int oldlen, datalen; 146 146 147 - if (!skb_make_writable(*pskb, (*pskb)->len)) 147 + if (!skb_make_writable(skb, skb->len)) 148 148 return 0; 149 149 150 150 if (rep_len > match_len && 151 - rep_len - match_len > skb_tailroom(*pskb) && 152 - !enlarge_skb(pskb, rep_len - match_len)) 151 + rep_len - match_len > skb_tailroom(skb) && 152 + !enlarge_skb(skb, rep_len - match_len)) 153 153 return 0; 154 154 155 - SKB_LINEAR_ASSERT(*pskb); 155 + SKB_LINEAR_ASSERT(skb); 156 156 157 - iph = ip_hdr(*pskb); 157 + iph = ip_hdr(skb); 158 158 tcph = (void *)iph + iph->ihl*4; 159 159 160 - oldlen = (*pskb)->len - iph->ihl*4; 161 - mangle_contents(*pskb, iph->ihl*4 + tcph->doff*4, 160 + oldlen = skb->len - iph->ihl*4; 161 + mangle_contents(skb, iph->ihl*4 + tcph->doff*4, 162 162 match_offset, match_len, rep_buffer, rep_len); 163 163 164 - datalen = (*pskb)->len - iph->ihl*4; 165 - if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { 164 + datalen = skb->len - iph->ihl*4; 165 + if (skb->ip_summed != CHECKSUM_PARTIAL) { 166 166 if (!(rt->rt_flags & RTCF_LOCAL) && 167 - (*pskb)->dev->features & NETIF_F_V4_CSUM) { 168 - (*pskb)->ip_summed = CHECKSUM_PARTIAL; 169 - (*pskb)->csum_start = skb_headroom(*pskb) + 170 - skb_network_offset(*pskb) + 171 - iph->ihl * 4; 172 - (*pskb)->csum_offset = offsetof(struct tcphdr, check); 167 + skb->dev->features & NETIF_F_V4_CSUM) { 168 + skb->ip_summed = CHECKSUM_PARTIAL; 169 + skb->csum_start = skb_headroom(skb) + 170 + skb_network_offset(skb) + 171 + iph->ihl * 4; 172 + skb->csum_offset = offsetof(struct tcphdr, check); 173 173 tcph->check = ~tcp_v4_check(datalen, 174 174 iph->saddr, iph->daddr, 0); 175 175 } else { ··· 180 180 datalen, 0)); 181 181 } 182 182 } else 183 - nf_proto_csum_replace2(&tcph->check, *pskb, 183 + nf_proto_csum_replace2(&tcph->check, skb, 184 184 htons(oldlen), htons(datalen), 1); 185 185 186 186 if (rep_len != match_len) { ··· 189 189 (int)rep_len - (int)match_len, 190 190 ct, ctinfo); 191 191 /* Tell TCP window tracking about seq change */ 192 - nf_conntrack_tcp_update(*pskb, ip_hdrlen(*pskb), 192 + nf_conntrack_tcp_update(skb, ip_hdrlen(skb), 193 193 ct, CTINFO2DIR(ctinfo)); 194 194 } 195 195 return 1; ··· 207 207 * should be fairly easy to do. 208 208 */ 209 209 int 210 - nf_nat_mangle_udp_packet(struct sk_buff **pskb, 210 + nf_nat_mangle_udp_packet(struct sk_buff *skb, 211 211 struct nf_conn *ct, 212 212 enum ip_conntrack_info ctinfo, 213 213 unsigned int match_offset, ··· 215 215 const char *rep_buffer, 216 216 unsigned int rep_len) 217 217 { 218 - struct rtable *rt = (struct rtable *)(*pskb)->dst; 218 + struct rtable *rt = (struct rtable *)skb->dst; 219 219 struct iphdr *iph; 220 220 struct udphdr *udph; 221 221 int datalen, oldlen; 222 222 223 223 /* UDP helpers might accidentally mangle the wrong packet */ 224 - iph = ip_hdr(*pskb); 225 - if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) + 224 + iph = ip_hdr(skb); 225 + if (skb->len < iph->ihl*4 + sizeof(*udph) + 226 226 match_offset + match_len) 227 227 return 0; 228 228 229 - if (!skb_make_writable(*pskb, (*pskb)->len)) 229 + if (!skb_make_writable(skb, skb->len)) 230 230 return 0; 231 231 232 232 if (rep_len > match_len && 233 - rep_len - match_len > skb_tailroom(*pskb) && 234 - !enlarge_skb(pskb, rep_len - match_len)) 233 + rep_len - match_len > skb_tailroom(skb) && 234 + !enlarge_skb(skb, rep_len - match_len)) 235 235 return 0; 236 236 237 - iph = ip_hdr(*pskb); 237 + iph = ip_hdr(skb); 238 238 udph = (void *)iph + iph->ihl*4; 239 239 240 - oldlen = (*pskb)->len - iph->ihl*4; 241 - mangle_contents(*pskb, iph->ihl*4 + sizeof(*udph), 240 + oldlen = skb->len - iph->ihl*4; 241 + mangle_contents(skb, iph->ihl*4 + sizeof(*udph), 242 242 match_offset, match_len, rep_buffer, rep_len); 243 243 244 244 /* update the length of the UDP packet */ 245 - datalen = (*pskb)->len - iph->ihl*4; 245 + datalen = skb->len - iph->ihl*4; 246 246 udph->len = htons(datalen); 247 247 248 248 /* fix udp checksum if udp checksum was previously calculated */ 249 - if (!udph->check && (*pskb)->ip_summed != CHECKSUM_PARTIAL) 249 + if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL) 250 250 return 1; 251 251 252 - if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { 252 + if (skb->ip_summed != CHECKSUM_PARTIAL) { 253 253 if (!(rt->rt_flags & RTCF_LOCAL) && 254 - (*pskb)->dev->features & NETIF_F_V4_CSUM) { 255 - (*pskb)->ip_summed = CHECKSUM_PARTIAL; 256 - (*pskb)->csum_start = skb_headroom(*pskb) + 257 - skb_network_offset(*pskb) + 258 - iph->ihl * 4; 259 - (*pskb)->csum_offset = offsetof(struct udphdr, check); 254 + skb->dev->features & NETIF_F_V4_CSUM) { 255 + skb->ip_summed = CHECKSUM_PARTIAL; 256 + skb->csum_start = skb_headroom(skb) + 257 + skb_network_offset(skb) + 258 + iph->ihl * 4; 259 + skb->csum_offset = offsetof(struct udphdr, check); 260 260 udph->check = ~csum_tcpudp_magic(iph->saddr, iph->daddr, 261 261 datalen, IPPROTO_UDP, 262 262 0); ··· 270 270 udph->check = CSUM_MANGLED_0; 271 271 } 272 272 } else 273 - nf_proto_csum_replace2(&udph->check, *pskb, 273 + nf_proto_csum_replace2(&udph->check, skb, 274 274 htons(oldlen), htons(datalen), 1); 275 275 276 276 return 1; ··· 322 322 323 323 /* TCP SACK sequence number adjustment */ 324 324 static inline unsigned int 325 - nf_nat_sack_adjust(struct sk_buff **pskb, 325 + nf_nat_sack_adjust(struct sk_buff *skb, 326 326 struct tcphdr *tcph, 327 327 struct nf_conn *ct, 328 328 enum ip_conntrack_info ctinfo) ··· 330 330 unsigned int dir, optoff, optend; 331 331 struct nf_conn_nat *nat = nfct_nat(ct); 332 332 333 - optoff = ip_hdrlen(*pskb) + sizeof(struct tcphdr); 334 - optend = ip_hdrlen(*pskb) + tcph->doff * 4; 333 + optoff = ip_hdrlen(skb) + sizeof(struct tcphdr); 334 + optend = ip_hdrlen(skb) + tcph->doff * 4; 335 335 336 - if (!skb_make_writable(*pskb, optend)) 336 + if (!skb_make_writable(skb, optend)) 337 337 return 0; 338 338 339 339 dir = CTINFO2DIR(ctinfo); 340 340 341 341 while (optoff < optend) { 342 342 /* Usually: option, length. */ 343 - unsigned char *op = (*pskb)->data + optoff; 343 + unsigned char *op = skb->data + optoff; 344 344 345 345 switch (op[0]) { 346 346 case TCPOPT_EOL: ··· 357 357 if (op[0] == TCPOPT_SACK && 358 358 op[1] >= 2+TCPOLEN_SACK_PERBLOCK && 359 359 ((op[1] - 2) % TCPOLEN_SACK_PERBLOCK) == 0) 360 - sack_adjust(*pskb, tcph, optoff+2, 360 + sack_adjust(skb, tcph, optoff+2, 361 361 optoff+op[1], &nat->seq[!dir]); 362 362 optoff += op[1]; 363 363 } ··· 367 367 368 368 /* TCP sequence number adjustment. Returns 1 on success, 0 on failure */ 369 369 int 370 - nf_nat_seq_adjust(struct sk_buff **pskb, 370 + nf_nat_seq_adjust(struct sk_buff *skb, 371 371 struct nf_conn *ct, 372 372 enum ip_conntrack_info ctinfo) 373 373 { ··· 382 382 this_way = &nat->seq[dir]; 383 383 other_way = &nat->seq[!dir]; 384 384 385 - if (!skb_make_writable(*pskb, ip_hdrlen(*pskb) + sizeof(*tcph))) 385 + if (!skb_make_writable(skb, ip_hdrlen(skb) + sizeof(*tcph))) 386 386 return 0; 387 387 388 - tcph = (void *)(*pskb)->data + ip_hdrlen(*pskb); 388 + tcph = (void *)skb->data + ip_hdrlen(skb); 389 389 if (after(ntohl(tcph->seq), this_way->correction_pos)) 390 390 newseq = htonl(ntohl(tcph->seq) + this_way->offset_after); 391 391 else ··· 397 397 else 398 398 newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before); 399 399 400 - nf_proto_csum_replace4(&tcph->check, *pskb, tcph->seq, newseq, 0); 401 - nf_proto_csum_replace4(&tcph->check, *pskb, tcph->ack_seq, newack, 0); 400 + nf_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, 0); 401 + nf_proto_csum_replace4(&tcph->check, skb, tcph->ack_seq, newack, 0); 402 402 403 403 pr_debug("Adjusting sequence number from %u->%u, ack from %u->%u\n", 404 404 ntohl(tcph->seq), ntohl(newseq), ntohl(tcph->ack_seq), ··· 407 407 tcph->seq = newseq; 408 408 tcph->ack_seq = newack; 409 409 410 - if (!nf_nat_sack_adjust(pskb, tcph, ct, ctinfo)) 410 + if (!nf_nat_sack_adjust(skb, tcph, ct, ctinfo)) 411 411 return 0; 412 412 413 - nf_conntrack_tcp_update(*pskb, ip_hdrlen(*pskb), ct, dir); 413 + nf_conntrack_tcp_update(skb, ip_hdrlen(skb), ct, dir); 414 414 415 415 return 1; 416 416 }

+2 -2

net/ipv4/netfilter/nf_nat_irc.c

··· 27 27 MODULE_LICENSE("GPL"); 28 28 MODULE_ALIAS("ip_nat_irc"); 29 29 30 - static unsigned int help(struct sk_buff **pskb, 30 + static unsigned int help(struct sk_buff *skb, 31 31 enum ip_conntrack_info ctinfo, 32 32 unsigned int matchoff, 33 33 unsigned int matchlen, ··· 58 58 pr_debug("nf_nat_irc: inserting '%s' == %u.%u.%u.%u, port %u\n", 59 59 buffer, NIPQUAD(ip), port); 60 60 61 - ret = nf_nat_mangle_tcp_packet(pskb, exp->master, ctinfo, 61 + ret = nf_nat_mangle_tcp_packet(skb, exp->master, ctinfo, 62 62 matchoff, matchlen, buffer, 63 63 strlen(buffer)); 64 64 if (ret != NF_ACCEPT)

+4 -4

net/ipv4/netfilter/nf_nat_pptp.c

··· 110 110 111 111 /* outbound packets == from PNS to PAC */ 112 112 static int 113 - pptp_outbound_pkt(struct sk_buff **pskb, 113 + pptp_outbound_pkt(struct sk_buff *skb, 114 114 struct nf_conn *ct, 115 115 enum ip_conntrack_info ctinfo, 116 116 struct PptpControlHeader *ctlh, ··· 175 175 ntohs(REQ_CID(pptpReq, cid_off)), ntohs(new_callid)); 176 176 177 177 /* mangle packet */ 178 - if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, 178 + if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo, 179 179 cid_off + sizeof(struct pptp_pkt_hdr) + 180 180 sizeof(struct PptpControlHeader), 181 181 sizeof(new_callid), (char *)&new_callid, ··· 213 213 214 214 /* inbound packets == from PAC to PNS */ 215 215 static int 216 - pptp_inbound_pkt(struct sk_buff **pskb, 216 + pptp_inbound_pkt(struct sk_buff *skb, 217 217 struct nf_conn *ct, 218 218 enum ip_conntrack_info ctinfo, 219 219 struct PptpControlHeader *ctlh, ··· 268 268 pr_debug("altering peer call id from 0x%04x to 0x%04x\n", 269 269 ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid)); 270 270 271 - if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, 271 + if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo, 272 272 pcid_off + sizeof(struct pptp_pkt_hdr) + 273 273 sizeof(struct PptpControlHeader), 274 274 sizeof(new_pcid), (char *)&new_pcid,

+4 -4

net/ipv4/netfilter/nf_nat_proto_gre.c

··· 98 98 99 99 /* manipulate a GRE packet according to maniptype */ 100 100 static int 101 - gre_manip_pkt(struct sk_buff **pskb, unsigned int iphdroff, 101 + gre_manip_pkt(struct sk_buff *skb, unsigned int iphdroff, 102 102 const struct nf_conntrack_tuple *tuple, 103 103 enum nf_nat_manip_type maniptype) 104 104 { 105 105 struct gre_hdr *greh; 106 106 struct gre_hdr_pptp *pgreh; 107 - struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); 107 + struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff); 108 108 unsigned int hdroff = iphdroff + iph->ihl * 4; 109 109 110 110 /* pgreh includes two optional 32bit fields which are not required 111 111 * to be there. That's where the magic '8' comes from */ 112 - if (!skb_make_writable(*pskb, hdroff + sizeof(*pgreh) - 8)) 112 + if (!skb_make_writable(skb, hdroff + sizeof(*pgreh) - 8)) 113 113 return 0; 114 114 115 - greh = (void *)(*pskb)->data + hdroff; 115 + greh = (void *)skb->data + hdroff; 116 116 pgreh = (struct gre_hdr_pptp *)greh; 117 117 118 118 /* we only have destination manip of a packet, since 'source key'

+5 -5

net/ipv4/netfilter/nf_nat_proto_icmp.c

··· 52 52 } 53 53 54 54 static int 55 - icmp_manip_pkt(struct sk_buff **pskb, 55 + icmp_manip_pkt(struct sk_buff *skb, 56 56 unsigned int iphdroff, 57 57 const struct nf_conntrack_tuple *tuple, 58 58 enum nf_nat_manip_type maniptype) 59 59 { 60 - struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); 60 + struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff); 61 61 struct icmphdr *hdr; 62 62 unsigned int hdroff = iphdroff + iph->ihl*4; 63 63 64 - if (!skb_make_writable(*pskb, hdroff + sizeof(*hdr))) 64 + if (!skb_make_writable(skb, hdroff + sizeof(*hdr))) 65 65 return 0; 66 66 67 - hdr = (struct icmphdr *)((*pskb)->data + hdroff); 68 - nf_proto_csum_replace2(&hdr->checksum, *pskb, 67 + hdr = (struct icmphdr *)(skb->data + hdroff); 68 + nf_proto_csum_replace2(&hdr->checksum, skb, 69 69 hdr->un.echo.id, tuple->src.u.icmp.id, 0); 70 70 hdr->un.echo.id = tuple->src.u.icmp.id; 71 71 return 1;

+8 -8

net/ipv4/netfilter/nf_nat_proto_tcp.c

··· 88 88 } 89 89 90 90 static int 91 - tcp_manip_pkt(struct sk_buff **pskb, 91 + tcp_manip_pkt(struct sk_buff *skb, 92 92 unsigned int iphdroff, 93 93 const struct nf_conntrack_tuple *tuple, 94 94 enum nf_nat_manip_type maniptype) 95 95 { 96 - struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); 96 + struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff); 97 97 struct tcphdr *hdr; 98 98 unsigned int hdroff = iphdroff + iph->ihl*4; 99 99 __be32 oldip, newip; ··· 103 103 /* this could be a inner header returned in icmp packet; in such 104 104 cases we cannot update the checksum field since it is outside of 105 105 the 8 bytes of transport layer headers we are guaranteed */ 106 - if ((*pskb)->len >= hdroff + sizeof(struct tcphdr)) 106 + if (skb->len >= hdroff + sizeof(struct tcphdr)) 107 107 hdrsize = sizeof(struct tcphdr); 108 108 109 - if (!skb_make_writable(*pskb, hdroff + hdrsize)) 109 + if (!skb_make_writable(skb, hdroff + hdrsize)) 110 110 return 0; 111 111 112 - iph = (struct iphdr *)((*pskb)->data + iphdroff); 113 - hdr = (struct tcphdr *)((*pskb)->data + hdroff); 112 + iph = (struct iphdr *)(skb->data + iphdroff); 113 + hdr = (struct tcphdr *)(skb->data + hdroff); 114 114 115 115 if (maniptype == IP_NAT_MANIP_SRC) { 116 116 /* Get rid of src ip and src pt */ ··· 132 132 if (hdrsize < sizeof(*hdr)) 133 133 return 1; 134 134 135 - nf_proto_csum_replace4(&hdr->check, *pskb, oldip, newip, 1); 136 - nf_proto_csum_replace2(&hdr->check, *pskb, oldport, newport, 0); 135 + nf_proto_csum_replace4(&hdr->check, skb, oldip, newip, 1); 136 + nf_proto_csum_replace2(&hdr->check, skb, oldport, newport, 0); 137 137 return 1; 138 138 } 139 139

+8 -8

net/ipv4/netfilter/nf_nat_proto_udp.c

··· 86 86 } 87 87 88 88 static int 89 - udp_manip_pkt(struct sk_buff **pskb, 89 + udp_manip_pkt(struct sk_buff *skb, 90 90 unsigned int iphdroff, 91 91 const struct nf_conntrack_tuple *tuple, 92 92 enum nf_nat_manip_type maniptype) 93 93 { 94 - struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); 94 + struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff); 95 95 struct udphdr *hdr; 96 96 unsigned int hdroff = iphdroff + iph->ihl*4; 97 97 __be32 oldip, newip; 98 98 __be16 *portptr, newport; 99 99 100 - if (!skb_make_writable(*pskb, hdroff + sizeof(*hdr))) 100 + if (!skb_make_writable(skb, hdroff + sizeof(*hdr))) 101 101 return 0; 102 102 103 - iph = (struct iphdr *)((*pskb)->data + iphdroff); 104 - hdr = (struct udphdr *)((*pskb)->data + hdroff); 103 + iph = (struct iphdr *)(skb->data + iphdroff); 104 + hdr = (struct udphdr *)(skb->data + hdroff); 105 105 106 106 if (maniptype == IP_NAT_MANIP_SRC) { 107 107 /* Get rid of src ip and src pt */ ··· 116 116 newport = tuple->dst.u.udp.port; 117 117 portptr = &hdr->dest; 118 118 } 119 - if (hdr->check || (*pskb)->ip_summed == CHECKSUM_PARTIAL) { 120 - nf_proto_csum_replace4(&hdr->check, *pskb, oldip, newip, 1); 121 - nf_proto_csum_replace2(&hdr->check, *pskb, *portptr, newport, 119 + if (hdr->check || skb->ip_summed == CHECKSUM_PARTIAL) { 120 + nf_proto_csum_replace4(&hdr->check, skb, oldip, newip, 1); 121 + nf_proto_csum_replace2(&hdr->check, skb, *portptr, newport, 122 122 0); 123 123 if (!hdr->check) 124 124 hdr->check = CSUM_MANGLED_0;

+1 -1

net/ipv4/netfilter/nf_nat_proto_unknown.c

··· 37 37 } 38 38 39 39 static int 40 - unknown_manip_pkt(struct sk_buff **pskb, 40 + unknown_manip_pkt(struct sk_buff *skb, 41 41 unsigned int iphdroff, 42 42 const struct nf_conntrack_tuple *tuple, 43 43 enum nf_nat_manip_type maniptype)

+7 -7

net/ipv4/netfilter/nf_nat_rule.c

··· 65 65 }; 66 66 67 67 /* Source NAT */ 68 - static unsigned int ipt_snat_target(struct sk_buff **pskb, 68 + static unsigned int ipt_snat_target(struct sk_buff *skb, 69 69 const struct net_device *in, 70 70 const struct net_device *out, 71 71 unsigned int hooknum, ··· 78 78 79 79 NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING); 80 80 81 - ct = nf_ct_get(*pskb, &ctinfo); 81 + ct = nf_ct_get(skb, &ctinfo); 82 82 83 83 /* Connection must be valid and new. */ 84 84 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED || ··· 107 107 ip_rt_put(rt); 108 108 } 109 109 110 - static unsigned int ipt_dnat_target(struct sk_buff **pskb, 110 + static unsigned int ipt_dnat_target(struct sk_buff *skb, 111 111 const struct net_device *in, 112 112 const struct net_device *out, 113 113 unsigned int hooknum, ··· 121 121 NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING || 122 122 hooknum == NF_IP_LOCAL_OUT); 123 123 124 - ct = nf_ct_get(*pskb, &ctinfo); 124 + ct = nf_ct_get(skb, &ctinfo); 125 125 126 126 /* Connection must be valid and new. */ 127 127 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); 128 128 129 129 if (hooknum == NF_IP_LOCAL_OUT && 130 130 mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) 131 - warn_if_extra_mangle(ip_hdr(*pskb)->daddr, 131 + warn_if_extra_mangle(ip_hdr(skb)->daddr, 132 132 mr->range[0].min_ip); 133 133 134 134 return nf_nat_setup_info(ct, &mr->range[0], hooknum); ··· 204 204 return nf_nat_setup_info(ct, &range, hooknum); 205 205 } 206 206 207 - int nf_nat_rule_find(struct sk_buff **pskb, 207 + int nf_nat_rule_find(struct sk_buff *skb, 208 208 unsigned int hooknum, 209 209 const struct net_device *in, 210 210 const struct net_device *out, ··· 212 212 { 213 213 int ret; 214 214 215 - ret = ipt_do_table(pskb, hooknum, in, out, &nat_table); 215 + ret = ipt_do_table(skb, hooknum, in, out, &nat_table); 216 216 217 217 if (ret == NF_ACCEPT) { 218 218 if (!nf_nat_initialized(ct, HOOK2MANIP(hooknum)))

+28 -28

net/ipv4/netfilter/nf_nat_sip.c

··· 60 60 } 61 61 } 62 62 63 - static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo, 63 + static int map_sip_addr(struct sk_buff *skb, enum ip_conntrack_info ctinfo, 64 64 struct nf_conn *ct, const char **dptr, size_t dlen, 65 65 enum sip_header_pos pos, struct addr_map *map) 66 66 { ··· 84 84 } else 85 85 return 1; 86 86 87 - if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, 87 + if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo, 88 88 matchoff, matchlen, addr, addrlen)) 89 89 return 0; 90 - *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr); 90 + *dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr); 91 91 return 1; 92 92 93 93 } 94 94 95 - static unsigned int ip_nat_sip(struct sk_buff **pskb, 95 + static unsigned int ip_nat_sip(struct sk_buff *skb, 96 96 enum ip_conntrack_info ctinfo, 97 97 struct nf_conn *ct, 98 98 const char **dptr) ··· 101 101 struct addr_map map; 102 102 int dataoff, datalen; 103 103 104 - dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); 105 - datalen = (*pskb)->len - dataoff; 104 + dataoff = ip_hdrlen(skb) + sizeof(struct udphdr); 105 + datalen = skb->len - dataoff; 106 106 if (datalen < sizeof("SIP/2.0") - 1) 107 107 return NF_ACCEPT; 108 108 ··· 121 121 else 122 122 pos = POS_REQ_URI; 123 123 124 - if (!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, pos, &map)) 124 + if (!map_sip_addr(skb, ctinfo, ct, dptr, datalen, pos, &map)) 125 125 return NF_DROP; 126 126 } 127 127 128 - if (!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_FROM, &map) || 129 - !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_TO, &map) || 130 - !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_VIA, &map) || 131 - !map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_CONTACT, &map)) 128 + if (!map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_FROM, &map) || 129 + !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_TO, &map) || 130 + !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_VIA, &map) || 131 + !map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_CONTACT, &map)) 132 132 return NF_DROP; 133 133 return NF_ACCEPT; 134 134 } 135 135 136 - static unsigned int mangle_sip_packet(struct sk_buff **pskb, 136 + static unsigned int mangle_sip_packet(struct sk_buff *skb, 137 137 enum ip_conntrack_info ctinfo, 138 138 struct nf_conn *ct, 139 139 const char **dptr, size_t dlen, ··· 145 145 if (ct_sip_get_info(ct, *dptr, dlen, &matchoff, &matchlen, pos) <= 0) 146 146 return 0; 147 147 148 - if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo, 148 + if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo, 149 149 matchoff, matchlen, buffer, bufflen)) 150 150 return 0; 151 151 152 152 /* We need to reload this. Thanks Patrick. */ 153 - *dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr); 153 + *dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr); 154 154 return 1; 155 155 } 156 156 157 - static int mangle_content_len(struct sk_buff **pskb, 157 + static int mangle_content_len(struct sk_buff *skb, 158 158 enum ip_conntrack_info ctinfo, 159 159 struct nf_conn *ct, 160 160 const char *dptr) ··· 163 163 char buffer[sizeof("65536")]; 164 164 int bufflen; 165 165 166 - dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); 166 + dataoff = ip_hdrlen(skb) + sizeof(struct udphdr); 167 167 168 168 /* Get actual SDP lenght */ 169 - if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff, 169 + if (ct_sip_get_info(ct, dptr, skb->len - dataoff, &matchoff, 170 170 &matchlen, POS_SDP_HEADER) > 0) { 171 171 172 172 /* since ct_sip_get_info() give us a pointer passing 'v=' 173 173 we need to add 2 bytes in this count. */ 174 - int c_len = (*pskb)->len - dataoff - matchoff + 2; 174 + int c_len = skb->len - dataoff - matchoff + 2; 175 175 176 176 /* Now, update SDP length */ 177 - if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff, 177 + if (ct_sip_get_info(ct, dptr, skb->len - dataoff, &matchoff, 178 178 &matchlen, POS_CONTENT) > 0) { 179 179 180 180 bufflen = sprintf(buffer, "%u", c_len); 181 - return nf_nat_mangle_udp_packet(pskb, ct, ctinfo, 181 + return nf_nat_mangle_udp_packet(skb, ct, ctinfo, 182 182 matchoff, matchlen, 183 183 buffer, bufflen); 184 184 } ··· 186 186 return 0; 187 187 } 188 188 189 - static unsigned int mangle_sdp(struct sk_buff **pskb, 189 + static unsigned int mangle_sdp(struct sk_buff *skb, 190 190 enum ip_conntrack_info ctinfo, 191 191 struct nf_conn *ct, 192 192 __be32 newip, u_int16_t port, ··· 195 195 char buffer[sizeof("nnn.nnn.nnn.nnn")]; 196 196 unsigned int dataoff, bufflen; 197 197 198 - dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr); 198 + dataoff = ip_hdrlen(skb) + sizeof(struct udphdr); 199 199 200 200 /* Mangle owner and contact info. */ 201 201 bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip)); 202 - if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, 202 + if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff, 203 203 buffer, bufflen, POS_OWNER_IP4)) 204 204 return 0; 205 205 206 - if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, 206 + if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff, 207 207 buffer, bufflen, POS_CONNECTION_IP4)) 208 208 return 0; 209 209 210 210 /* Mangle media port. */ 211 211 bufflen = sprintf(buffer, "%u", port); 212 - if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff, 212 + if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff, 213 213 buffer, bufflen, POS_MEDIA)) 214 214 return 0; 215 215 216 - return mangle_content_len(pskb, ctinfo, ct, dptr); 216 + return mangle_content_len(skb, ctinfo, ct, dptr); 217 217 } 218 218 219 219 static void ip_nat_sdp_expect(struct nf_conn *ct, ··· 241 241 242 242 /* So, this packet has hit the connection tracking matching code. 243 243 Mangle it, and change the expectation to match the new version. */ 244 - static unsigned int ip_nat_sdp(struct sk_buff **pskb, 244 + static unsigned int ip_nat_sdp(struct sk_buff *skb, 245 245 enum ip_conntrack_info ctinfo, 246 246 struct nf_conntrack_expect *exp, 247 247 const char *dptr) ··· 277 277 if (port == 0) 278 278 return NF_DROP; 279 279 280 - if (!mangle_sdp(pskb, ctinfo, ct, newip, port, dptr)) { 280 + if (!mangle_sdp(skb, ctinfo, ct, newip, port, dptr)) { 281 281 nf_ct_unexpect_related(exp); 282 282 return NF_DROP; 283 283 }

+7 -7

net/ipv4/netfilter/nf_nat_snmp_basic.c

··· 1188 1188 */ 1189 1189 static int snmp_translate(struct nf_conn *ct, 1190 1190 enum ip_conntrack_info ctinfo, 1191 - struct sk_buff **pskb) 1191 + struct sk_buff *skb) 1192 1192 { 1193 - struct iphdr *iph = ip_hdr(*pskb); 1193 + struct iphdr *iph = ip_hdr(skb); 1194 1194 struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl); 1195 1195 u_int16_t udplen = ntohs(udph->len); 1196 1196 u_int16_t paylen = udplen - sizeof(struct udphdr); ··· 1225 1225 1226 1226 /* We don't actually set up expectations, just adjust internal IP 1227 1227 * addresses if this is being NATted */ 1228 - static int help(struct sk_buff **pskb, unsigned int protoff, 1228 + static int help(struct sk_buff *skb, unsigned int protoff, 1229 1229 struct nf_conn *ct, 1230 1230 enum ip_conntrack_info ctinfo) 1231 1231 { 1232 1232 int dir = CTINFO2DIR(ctinfo); 1233 1233 unsigned int ret; 1234 - struct iphdr *iph = ip_hdr(*pskb); 1234 + struct iphdr *iph = ip_hdr(skb); 1235 1235 struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl); 1236 1236 1237 1237 /* SNMP replies and originating SNMP traps get mangled */ ··· 1250 1250 * enough room for a UDP header. Just verify the UDP length field so we 1251 1251 * can mess around with the payload. 1252 1252 */ 1253 - if (ntohs(udph->len) != (*pskb)->len - (iph->ihl << 2)) { 1253 + if (ntohs(udph->len) != skb->len - (iph->ihl << 2)) { 1254 1254 if (net_ratelimit()) 1255 1255 printk(KERN_WARNING "SNMP: dropping malformed packet " 1256 1256 "src=%u.%u.%u.%u dst=%u.%u.%u.%u\n", ··· 1258 1258 return NF_DROP; 1259 1259 } 1260 1260 1261 - if (!skb_make_writable(*pskb, (*pskb)->len)) 1261 + if (!skb_make_writable(skb, skb->len)) 1262 1262 return NF_DROP; 1263 1263 1264 1264 spin_lock_bh(&snmp_lock); 1265 - ret = snmp_translate(ct, ctinfo, pskb); 1265 + ret = snmp_translate(ct, ctinfo, skb); 1266 1266 spin_unlock_bh(&snmp_lock); 1267 1267 return ret; 1268 1268 }

+31 -31

net/ipv4/netfilter/nf_nat_standalone.c

··· 67 67 68 68 static unsigned int 69 69 nf_nat_fn(unsigned int hooknum, 70 - struct sk_buff **pskb, 70 + struct sk_buff *skb, 71 71 const struct net_device *in, 72 72 const struct net_device *out, 73 73 int (*okfn)(struct sk_buff *)) ··· 80 80 81 81 /* We never see fragments: conntrack defrags on pre-routing 82 82 and local-out, and nf_nat_out protects post-routing. */ 83 - NF_CT_ASSERT(!(ip_hdr(*pskb)->frag_off & htons(IP_MF | IP_OFFSET))); 83 + NF_CT_ASSERT(!(ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET))); 84 84 85 - ct = nf_ct_get(*pskb, &ctinfo); 85 + ct = nf_ct_get(skb, &ctinfo); 86 86 /* Can't track? It's not due to stress, or conntrack would 87 87 have dropped it. Hence it's the user's responsibilty to 88 88 packet filter it out, or implement conntrack/NAT for that ··· 91 91 /* Exception: ICMP redirect to new connection (not in 92 92 hash table yet). We must not let this through, in 93 93 case we're doing NAT to the same network. */ 94 - if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP) { 94 + if (ip_hdr(skb)->protocol == IPPROTO_ICMP) { 95 95 struct icmphdr _hdr, *hp; 96 96 97 - hp = skb_header_pointer(*pskb, ip_hdrlen(*pskb), 97 + hp = skb_header_pointer(skb, ip_hdrlen(skb), 98 98 sizeof(_hdr), &_hdr); 99 99 if (hp != NULL && 100 100 hp->type == ICMP_REDIRECT) ··· 119 119 switch (ctinfo) { 120 120 case IP_CT_RELATED: 121 121 case IP_CT_RELATED+IP_CT_IS_REPLY: 122 - if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP) { 122 + if (ip_hdr(skb)->protocol == IPPROTO_ICMP) { 123 123 if (!nf_nat_icmp_reply_translation(ct, ctinfo, 124 - hooknum, pskb)) 124 + hooknum, skb)) 125 125 return NF_DROP; 126 126 else 127 127 return NF_ACCEPT; ··· 141 141 /* LOCAL_IN hook doesn't have a chain! */ 142 142 ret = alloc_null_binding(ct, hooknum); 143 143 else 144 - ret = nf_nat_rule_find(pskb, hooknum, in, out, 144 + ret = nf_nat_rule_find(skb, hooknum, in, out, 145 145 ct); 146 146 147 147 if (ret != NF_ACCEPT) { ··· 159 159 ctinfo == (IP_CT_ESTABLISHED+IP_CT_IS_REPLY)); 160 160 } 161 161 162 - return nf_nat_packet(ct, ctinfo, hooknum, pskb); 162 + return nf_nat_packet(ct, ctinfo, hooknum, skb); 163 163 } 164 164 165 165 static unsigned int 166 166 nf_nat_in(unsigned int hooknum, 167 - struct sk_buff **pskb, 167 + struct sk_buff *skb, 168 168 const struct net_device *in, 169 169 const struct net_device *out, 170 170 int (*okfn)(struct sk_buff *)) 171 171 { 172 172 unsigned int ret; 173 - __be32 daddr = ip_hdr(*pskb)->daddr; 173 + __be32 daddr = ip_hdr(skb)->daddr; 174 174 175 - ret = nf_nat_fn(hooknum, pskb, in, out, okfn); 175 + ret = nf_nat_fn(hooknum, skb, in, out, okfn); 176 176 if (ret != NF_DROP && ret != NF_STOLEN && 177 - daddr != ip_hdr(*pskb)->daddr) { 178 - dst_release((*pskb)->dst); 179 - (*pskb)->dst = NULL; 177 + daddr != ip_hdr(skb)->daddr) { 178 + dst_release(skb->dst); 179 + skb->dst = NULL; 180 180 } 181 181 return ret; 182 182 } 183 183 184 184 static unsigned int 185 185 nf_nat_out(unsigned int hooknum, 186 - struct sk_buff **pskb, 186 + struct sk_buff *skb, 187 187 const struct net_device *in, 188 188 const struct net_device *out, 189 189 int (*okfn)(struct sk_buff *)) ··· 195 195 unsigned int ret; 196 196 197 197 /* root is playing with raw sockets. */ 198 - if ((*pskb)->len < sizeof(struct iphdr) || 199 - ip_hdrlen(*pskb) < sizeof(struct iphdr)) 198 + if (skb->len < sizeof(struct iphdr) || 199 + ip_hdrlen(skb) < sizeof(struct iphdr)) 200 200 return NF_ACCEPT; 201 201 202 - ret = nf_nat_fn(hooknum, pskb, in, out, okfn); 202 + ret = nf_nat_fn(hooknum, skb, in, out, okfn); 203 203 #ifdef CONFIG_XFRM 204 204 if (ret != NF_DROP && ret != NF_STOLEN && 205 - (ct = nf_ct_get(*pskb, &ctinfo)) != NULL) { 205 + (ct = nf_ct_get(skb, &ctinfo)) != NULL) { 206 206 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 207 207 208 208 if (ct->tuplehash[dir].tuple.src.u3.ip != ··· 210 210 || ct->tuplehash[dir].tuple.src.u.all != 211 211 ct->tuplehash[!dir].tuple.dst.u.all 212 212 ) 213 - return ip_xfrm_me_harder(pskb) == 0 ? ret : NF_DROP; 213 + return ip_xfrm_me_harder(skb) == 0 ? ret : NF_DROP; 214 214 } 215 215 #endif 216 216 return ret; ··· 218 218 219 219 static unsigned int 220 220 nf_nat_local_fn(unsigned int hooknum, 221 - struct sk_buff **pskb, 221 + struct sk_buff *skb, 222 222 const struct net_device *in, 223 223 const struct net_device *out, 224 224 int (*okfn)(struct sk_buff *)) ··· 228 228 unsigned int ret; 229 229 230 230 /* root is playing with raw sockets. */ 231 - if ((*pskb)->len < sizeof(struct iphdr) || 232 - ip_hdrlen(*pskb) < sizeof(struct iphdr)) 231 + if (skb->len < sizeof(struct iphdr) || 232 + ip_hdrlen(skb) < sizeof(struct iphdr)) 233 233 return NF_ACCEPT; 234 234 235 - ret = nf_nat_fn(hooknum, pskb, in, out, okfn); 235 + ret = nf_nat_fn(hooknum, skb, in, out, okfn); 236 236 if (ret != NF_DROP && ret != NF_STOLEN && 237 - (ct = nf_ct_get(*pskb, &ctinfo)) != NULL) { 237 + (ct = nf_ct_get(skb, &ctinfo)) != NULL) { 238 238 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 239 239 240 240 if (ct->tuplehash[dir].tuple.dst.u3.ip != 241 241 ct->tuplehash[!dir].tuple.src.u3.ip) { 242 - if (ip_route_me_harder(pskb, RTN_UNSPEC)) 242 + if (ip_route_me_harder(skb, RTN_UNSPEC)) 243 243 ret = NF_DROP; 244 244 } 245 245 #ifdef CONFIG_XFRM 246 246 else if (ct->tuplehash[dir].tuple.dst.u.all != 247 247 ct->tuplehash[!dir].tuple.src.u.all) 248 - if (ip_xfrm_me_harder(pskb)) 248 + if (ip_xfrm_me_harder(skb)) 249 249 ret = NF_DROP; 250 250 #endif 251 251 } ··· 254 254 255 255 static unsigned int 256 256 nf_nat_adjust(unsigned int hooknum, 257 - struct sk_buff **pskb, 257 + struct sk_buff *skb, 258 258 const struct net_device *in, 259 259 const struct net_device *out, 260 260 int (*okfn)(struct sk_buff *)) ··· 262 262 struct nf_conn *ct; 263 263 enum ip_conntrack_info ctinfo; 264 264 265 - ct = nf_ct_get(*pskb, &ctinfo); 265 + ct = nf_ct_get(skb, &ctinfo); 266 266 if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) { 267 267 pr_debug("nf_nat_standalone: adjusting sequence number\n"); 268 - if (!nf_nat_seq_adjust(pskb, ct, ctinfo)) 268 + if (!nf_nat_seq_adjust(skb, ct, ctinfo)) 269 269 return NF_DROP; 270 270 } 271 271 return NF_ACCEPT;

+1 -1

net/ipv4/netfilter/nf_nat_tftp.c

··· 20 20 MODULE_LICENSE("GPL"); 21 21 MODULE_ALIAS("ip_nat_tftp"); 22 22 23 - static unsigned int help(struct sk_buff **pskb, 23 + static unsigned int help(struct sk_buff *skb, 24 24 enum ip_conntrack_info ctinfo, 25 25 struct nf_conntrack_expect *exp) 26 26 {

+2 -2

net/ipv4/xfrm4_output.c

··· 78 78 while (likely((err = xfrm4_output_one(skb)) == 0)) { 79 79 nf_reset(skb); 80 80 81 - err = nf_hook(PF_INET, NF_IP_LOCAL_OUT, &skb, NULL, 81 + err = nf_hook(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, 82 82 skb->dst->dev, dst_output); 83 83 if (unlikely(err != 1)) 84 84 break; ··· 86 86 if (!skb->dst->xfrm) 87 87 return dst_output(skb); 88 88 89 - err = nf_hook(PF_INET, NF_IP_POST_ROUTING, &skb, NULL, 89 + err = nf_hook(PF_INET, NF_IP_POST_ROUTING, skb, NULL, 90 90 skb->dst->dev, xfrm4_output_finish2); 91 91 if (unlikely(err != 1)) 92 92 break;

+3 -3

net/ipv6/netfilter.c

··· 68 68 } 69 69 } 70 70 71 - static int nf_ip6_reroute(struct sk_buff **pskb, const struct nf_info *info) 71 + static int nf_ip6_reroute(struct sk_buff *skb, const struct nf_info *info) 72 72 { 73 73 struct ip6_rt_info *rt_info = nf_info_reroute(info); 74 74 75 75 if (info->hook == NF_IP6_LOCAL_OUT) { 76 - struct ipv6hdr *iph = ipv6_hdr(*pskb); 76 + struct ipv6hdr *iph = ipv6_hdr(skb); 77 77 if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) || 78 78 !ipv6_addr_equal(&iph->saddr, &rt_info->saddr)) 79 - return ip6_route_me_harder(*pskb); 79 + return ip6_route_me_harder(skb); 80 80 } 81 81 return 0; 82 82 }

+8 -8

net/ipv6/netfilter/ip6_tables.c

··· 205 205 } 206 206 207 207 static unsigned int 208 - ip6t_error(struct sk_buff **pskb, 208 + ip6t_error(struct sk_buff *skb, 209 209 const struct net_device *in, 210 210 const struct net_device *out, 211 211 unsigned int hooknum, ··· 350 350 351 351 /* Returns one of the generic firewall policies, like NF_ACCEPT. */ 352 352 unsigned int 353 - ip6t_do_table(struct sk_buff **pskb, 353 + ip6t_do_table(struct sk_buff *skb, 354 354 unsigned int hook, 355 355 const struct net_device *in, 356 356 const struct net_device *out, ··· 389 389 do { 390 390 IP_NF_ASSERT(e); 391 391 IP_NF_ASSERT(back); 392 - if (ip6_packet_match(*pskb, indev, outdev, &e->ipv6, 392 + if (ip6_packet_match(skb, indev, outdev, &e->ipv6, 393 393 &protoff, &offset, &hotdrop)) { 394 394 struct ip6t_entry_target *t; 395 395 396 396 if (IP6T_MATCH_ITERATE(e, do_match, 397 - *pskb, in, out, 397 + skb, in, out, 398 398 offset, protoff, &hotdrop) != 0) 399 399 goto no_match; 400 400 401 401 ADD_COUNTER(e->counters, 402 - ntohs(ipv6_hdr(*pskb)->payload_len) 402 + ntohs(ipv6_hdr(skb)->payload_len) 403 403 + IPV6_HDR_LEN, 404 404 1); 405 405 ··· 409 409 #if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \ 410 410 defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE) 411 411 /* The packet is traced: log it */ 412 - if (unlikely((*pskb)->nf_trace)) 413 - trace_packet(*pskb, hook, in, out, 412 + if (unlikely(skb->nf_trace)) 413 + trace_packet(skb, hook, in, out, 414 414 table->name, private, e); 415 415 #endif 416 416 /* Standard target? */ ··· 448 448 ((struct ip6t_entry *)table_base)->comefrom 449 449 = 0xeeeeeeec; 450 450 #endif 451 - verdict = t->u.kernel.target->target(pskb, 451 + verdict = t->u.kernel.target->target(skb, 452 452 in, out, 453 453 hook, 454 454 t->u.kernel.target,

+3 -3

net/ipv6/netfilter/ip6t_HL.c

··· 18 18 MODULE_DESCRIPTION("IP6 tables Hop Limit modification module"); 19 19 MODULE_LICENSE("GPL"); 20 20 21 - static unsigned int ip6t_hl_target(struct sk_buff **pskb, 21 + static unsigned int ip6t_hl_target(struct sk_buff *skb, 22 22 const struct net_device *in, 23 23 const struct net_device *out, 24 24 unsigned int hooknum, ··· 29 29 const struct ip6t_HL_info *info = targinfo; 30 30 int new_hl; 31 31 32 - if (!skb_make_writable(*pskb, (*pskb)->len)) 32 + if (!skb_make_writable(skb, skb->len)) 33 33 return NF_DROP; 34 34 35 - ip6h = ipv6_hdr(*pskb); 35 + ip6h = ipv6_hdr(skb); 36 36 37 37 switch (info->mode) { 38 38 case IP6T_HL_SET:

+2 -3

net/ipv6/netfilter/ip6t_LOG.c

··· 431 431 } 432 432 433 433 static unsigned int 434 - ip6t_log_target(struct sk_buff **pskb, 434 + ip6t_log_target(struct sk_buff *skb, 435 435 const struct net_device *in, 436 436 const struct net_device *out, 437 437 unsigned int hooknum, ··· 445 445 li.u.log.level = loginfo->level; 446 446 li.u.log.logflags = loginfo->logflags; 447 447 448 - ip6t_log_packet(PF_INET6, hooknum, *pskb, in, out, &li, 449 - loginfo->prefix); 448 + ip6t_log_packet(PF_INET6, hooknum, skb, in, out, &li, loginfo->prefix); 450 449 return XT_CONTINUE; 451 450 } 452 451

+7 -7

net/ipv6/netfilter/ip6t_REJECT.c

··· 172 172 icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0, NULL); 173 173 } 174 174 175 - static unsigned int reject6_target(struct sk_buff **pskb, 175 + static unsigned int reject6_target(struct sk_buff *skb, 176 176 const struct net_device *in, 177 177 const struct net_device *out, 178 178 unsigned int hooknum, ··· 187 187 must return an absolute verdict. --RR */ 188 188 switch (reject->with) { 189 189 case IP6T_ICMP6_NO_ROUTE: 190 - send_unreach(*pskb, ICMPV6_NOROUTE, hooknum); 190 + send_unreach(skb, ICMPV6_NOROUTE, hooknum); 191 191 break; 192 192 case IP6T_ICMP6_ADM_PROHIBITED: 193 - send_unreach(*pskb, ICMPV6_ADM_PROHIBITED, hooknum); 193 + send_unreach(skb, ICMPV6_ADM_PROHIBITED, hooknum); 194 194 break; 195 195 case IP6T_ICMP6_NOT_NEIGHBOUR: 196 - send_unreach(*pskb, ICMPV6_NOT_NEIGHBOUR, hooknum); 196 + send_unreach(skb, ICMPV6_NOT_NEIGHBOUR, hooknum); 197 197 break; 198 198 case IP6T_ICMP6_ADDR_UNREACH: 199 - send_unreach(*pskb, ICMPV6_ADDR_UNREACH, hooknum); 199 + send_unreach(skb, ICMPV6_ADDR_UNREACH, hooknum); 200 200 break; 201 201 case IP6T_ICMP6_PORT_UNREACH: 202 - send_unreach(*pskb, ICMPV6_PORT_UNREACH, hooknum); 202 + send_unreach(skb, ICMPV6_PORT_UNREACH, hooknum); 203 203 break; 204 204 case IP6T_ICMP6_ECHOREPLY: 205 205 /* Do nothing */ 206 206 break; 207 207 case IP6T_TCP_RESET: 208 - send_reset(*pskb); 208 + send_reset(skb); 209 209 break; 210 210 default: 211 211 if (net_ratelimit())

+6 -6

net/ipv6/netfilter/ip6table_filter.c

··· 60 60 /* The work comes in here from netfilter.c. */ 61 61 static unsigned int 62 62 ip6t_hook(unsigned int hook, 63 - struct sk_buff **pskb, 63 + struct sk_buff *skb, 64 64 const struct net_device *in, 65 65 const struct net_device *out, 66 66 int (*okfn)(struct sk_buff *)) 67 67 { 68 - return ip6t_do_table(pskb, hook, in, out, &packet_filter); 68 + return ip6t_do_table(skb, hook, in, out, &packet_filter); 69 69 } 70 70 71 71 static unsigned int 72 72 ip6t_local_out_hook(unsigned int hook, 73 - struct sk_buff **pskb, 73 + struct sk_buff *skb, 74 74 const struct net_device *in, 75 75 const struct net_device *out, 76 76 int (*okfn)(struct sk_buff *)) 77 77 { 78 78 #if 0 79 79 /* root is playing with raw sockets. */ 80 - if ((*pskb)->len < sizeof(struct iphdr) 81 - || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 80 + if (skb->len < sizeof(struct iphdr) 81 + || ip_hdrlen(skb) < sizeof(struct iphdr)) { 82 82 if (net_ratelimit()) 83 83 printk("ip6t_hook: happy cracking.\n"); 84 84 return NF_ACCEPT; 85 85 } 86 86 #endif 87 87 88 - return ip6t_do_table(pskb, hook, in, out, &packet_filter); 88 + return ip6t_do_table(skb, hook, in, out, &packet_filter); 89 89 } 90 90 91 91 static struct nf_hook_ops ip6t_ops[] = {

+16 -16

net/ipv6/netfilter/ip6table_mangle.c

··· 68 68 /* The work comes in here from netfilter.c. */ 69 69 static unsigned int 70 70 ip6t_route_hook(unsigned int hook, 71 - struct sk_buff **pskb, 71 + struct sk_buff *skb, 72 72 const struct net_device *in, 73 73 const struct net_device *out, 74 74 int (*okfn)(struct sk_buff *)) 75 75 { 76 - return ip6t_do_table(pskb, hook, in, out, &packet_mangler); 76 + return ip6t_do_table(skb, hook, in, out, &packet_mangler); 77 77 } 78 78 79 79 static unsigned int 80 80 ip6t_local_hook(unsigned int hook, 81 - struct sk_buff **pskb, 81 + struct sk_buff *skb, 82 82 const struct net_device *in, 83 83 const struct net_device *out, 84 84 int (*okfn)(struct sk_buff *)) ··· 91 91 92 92 #if 0 93 93 /* root is playing with raw sockets. */ 94 - if ((*pskb)->len < sizeof(struct iphdr) 95 - || ip_hdrlen(*pskb) < sizeof(struct iphdr)) { 94 + if (skb->len < sizeof(struct iphdr) 95 + || ip_hdrlen(skb) < sizeof(struct iphdr)) { 96 96 if (net_ratelimit()) 97 97 printk("ip6t_hook: happy cracking.\n"); 98 98 return NF_ACCEPT; ··· 100 100 #endif 101 101 102 102 /* save source/dest address, mark, hoplimit, flowlabel, priority, */ 103 - memcpy(&saddr, &ipv6_hdr(*pskb)->saddr, sizeof(saddr)); 104 - memcpy(&daddr, &ipv6_hdr(*pskb)->daddr, sizeof(daddr)); 105 - mark = (*pskb)->mark; 106 - hop_limit = ipv6_hdr(*pskb)->hop_limit; 103 + memcpy(&saddr, &ipv6_hdr(skb)->saddr, sizeof(saddr)); 104 + memcpy(&daddr, &ipv6_hdr(skb)->daddr, sizeof(daddr)); 105 + mark = skb->mark; 106 + hop_limit = ipv6_hdr(skb)->hop_limit; 107 107 108 108 /* flowlabel and prio (includes version, which shouldn't change either */ 109 - flowlabel = *((u_int32_t *)ipv6_hdr(*pskb)); 109 + flowlabel = *((u_int32_t *)ipv6_hdr(skb)); 110 110 111 - ret = ip6t_do_table(pskb, hook, in, out, &packet_mangler); 111 + ret = ip6t_do_table(skb, hook, in, out, &packet_mangler); 112 112 113 113 if (ret != NF_DROP && ret != NF_STOLEN 114 - && (memcmp(&ipv6_hdr(*pskb)->saddr, &saddr, sizeof(saddr)) 115 - || memcmp(&ipv6_hdr(*pskb)->daddr, &daddr, sizeof(daddr)) 116 - || (*pskb)->mark != mark 117 - || ipv6_hdr(*pskb)->hop_limit != hop_limit)) 118 - return ip6_route_me_harder(*pskb) == 0 ? ret : NF_DROP; 114 + && (memcmp(&ipv6_hdr(skb)->saddr, &saddr, sizeof(saddr)) 115 + || memcmp(&ipv6_hdr(skb)->daddr, &daddr, sizeof(daddr)) 116 + || skb->mark != mark 117 + || ipv6_hdr(skb)->hop_limit != hop_limit)) 118 + return ip6_route_me_harder(skb) == 0 ? ret : NF_DROP; 119 119 120 120 return ret; 121 121 }

+2 -2

net/ipv6/netfilter/ip6table_raw.c

··· 46 46 /* The work comes in here from netfilter.c. */ 47 47 static unsigned int 48 48 ip6t_hook(unsigned int hook, 49 - struct sk_buff **pskb, 49 + struct sk_buff *skb, 50 50 const struct net_device *in, 51 51 const struct net_device *out, 52 52 int (*okfn)(struct sk_buff *)) 53 53 { 54 - return ip6t_do_table(pskb, hook, in, out, &packet_raw); 54 + return ip6t_do_table(skb, hook, in, out, &packet_raw); 55 55 } 56 56 57 57 static struct nf_hook_ops ip6t_ops[] = {

+22 -22

net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c

··· 145 145 } 146 146 147 147 static unsigned int ipv6_confirm(unsigned int hooknum, 148 - struct sk_buff **pskb, 148 + struct sk_buff *skb, 149 149 const struct net_device *in, 150 150 const struct net_device *out, 151 151 int (*okfn)(struct sk_buff *)) ··· 155 155 struct nf_conntrack_helper *helper; 156 156 enum ip_conntrack_info ctinfo; 157 157 unsigned int ret, protoff; 158 - unsigned int extoff = (u8 *)(ipv6_hdr(*pskb) + 1) - (*pskb)->data; 159 - unsigned char pnum = ipv6_hdr(*pskb)->nexthdr; 158 + unsigned int extoff = (u8 *)(ipv6_hdr(skb) + 1) - skb->data; 159 + unsigned char pnum = ipv6_hdr(skb)->nexthdr; 160 160 161 161 162 162 /* This is where we call the helper: as the packet goes out. */ 163 - ct = nf_ct_get(*pskb, &ctinfo); 163 + ct = nf_ct_get(skb, &ctinfo); 164 164 if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY) 165 165 goto out; 166 166 ··· 172 172 if (!helper) 173 173 goto out; 174 174 175 - protoff = nf_ct_ipv6_skip_exthdr(*pskb, extoff, &pnum, 176 - (*pskb)->len - extoff); 177 - if (protoff > (*pskb)->len || pnum == NEXTHDR_FRAGMENT) { 175 + protoff = nf_ct_ipv6_skip_exthdr(skb, extoff, &pnum, 176 + skb->len - extoff); 177 + if (protoff > skb->len || pnum == NEXTHDR_FRAGMENT) { 178 178 pr_debug("proto header not found\n"); 179 179 return NF_ACCEPT; 180 180 } 181 181 182 - ret = helper->help(pskb, protoff, ct, ctinfo); 182 + ret = helper->help(skb, protoff, ct, ctinfo); 183 183 if (ret != NF_ACCEPT) 184 184 return ret; 185 185 out: 186 186 /* We've seen it coming out the other side: confirm it */ 187 - return nf_conntrack_confirm(pskb); 187 + return nf_conntrack_confirm(skb); 188 188 } 189 189 190 190 static unsigned int ipv6_defrag(unsigned int hooknum, 191 - struct sk_buff **pskb, 191 + struct sk_buff *skb, 192 192 const struct net_device *in, 193 193 const struct net_device *out, 194 194 int (*okfn)(struct sk_buff *)) ··· 196 196 struct sk_buff *reasm; 197 197 198 198 /* Previously seen (loopback)? */ 199 - if ((*pskb)->nfct) 199 + if (skb->nfct) 200 200 return NF_ACCEPT; 201 201 202 - reasm = nf_ct_frag6_gather(*pskb); 202 + reasm = nf_ct_frag6_gather(skb); 203 203 204 204 /* queued */ 205 205 if (reasm == NULL) 206 206 return NF_STOLEN; 207 207 208 208 /* error occured or not fragmented */ 209 - if (reasm == *pskb) 209 + if (reasm == skb) 210 210 return NF_ACCEPT; 211 211 212 212 nf_ct_frag6_output(hooknum, reasm, (struct net_device *)in, ··· 216 216 } 217 217 218 218 static unsigned int ipv6_conntrack_in(unsigned int hooknum, 219 - struct sk_buff **pskb, 219 + struct sk_buff *skb, 220 220 const struct net_device *in, 221 221 const struct net_device *out, 222 222 int (*okfn)(struct sk_buff *)) 223 223 { 224 - struct sk_buff *reasm = (*pskb)->nfct_reasm; 224 + struct sk_buff *reasm = skb->nfct_reasm; 225 225 226 226 /* This packet is fragmented and has reassembled packet. */ 227 227 if (reasm) { ··· 229 229 if (!reasm->nfct) { 230 230 unsigned int ret; 231 231 232 - ret = nf_conntrack_in(PF_INET6, hooknum, &reasm); 232 + ret = nf_conntrack_in(PF_INET6, hooknum, reasm); 233 233 if (ret != NF_ACCEPT) 234 234 return ret; 235 235 } 236 236 nf_conntrack_get(reasm->nfct); 237 - (*pskb)->nfct = reasm->nfct; 238 - (*pskb)->nfctinfo = reasm->nfctinfo; 237 + skb->nfct = reasm->nfct; 238 + skb->nfctinfo = reasm->nfctinfo; 239 239 return NF_ACCEPT; 240 240 } 241 241 242 - return nf_conntrack_in(PF_INET6, hooknum, pskb); 242 + return nf_conntrack_in(PF_INET6, hooknum, skb); 243 243 } 244 244 245 245 static unsigned int ipv6_conntrack_local(unsigned int hooknum, 246 - struct sk_buff **pskb, 246 + struct sk_buff *skb, 247 247 const struct net_device *in, 248 248 const struct net_device *out, 249 249 int (*okfn)(struct sk_buff *)) 250 250 { 251 251 /* root is playing with raw sockets. */ 252 - if ((*pskb)->len < sizeof(struct ipv6hdr)) { 252 + if (skb->len < sizeof(struct ipv6hdr)) { 253 253 if (net_ratelimit()) 254 254 printk("ipv6_conntrack_local: packet too short\n"); 255 255 return NF_ACCEPT; 256 256 } 257 - return ipv6_conntrack_in(hooknum, pskb, in, out, okfn); 257 + return ipv6_conntrack_in(hooknum, skb, in, out, okfn); 258 258 } 259 259 260 260 static struct nf_hook_ops ipv6_conntrack_ops[] = {

+2 -2

net/ipv6/xfrm6_output.c

··· 80 80 while (likely((err = xfrm6_output_one(skb)) == 0)) { 81 81 nf_reset(skb); 82 82 83 - err = nf_hook(PF_INET6, NF_IP6_LOCAL_OUT, &skb, NULL, 83 + err = nf_hook(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, 84 84 skb->dst->dev, dst_output); 85 85 if (unlikely(err != 1)) 86 86 break; ··· 88 88 if (!skb->dst->xfrm) 89 89 return dst_output(skb); 90 90 91 - err = nf_hook(PF_INET6, NF_IP6_POST_ROUTING, &skb, NULL, 91 + err = nf_hook(PF_INET6, NF_IP6_POST_ROUTING, skb, NULL, 92 92 skb->dst->dev, xfrm6_output_finish2); 93 93 if (unlikely(err != 1)) 94 94 break;

+5 -5

net/netfilter/core.c

··· 117 117 EXPORT_SYMBOL(nf_unregister_hooks); 118 118 119 119 unsigned int nf_iterate(struct list_head *head, 120 - struct sk_buff **skb, 120 + struct sk_buff *skb, 121 121 int hook, 122 122 const struct net_device *indev, 123 123 const struct net_device *outdev, ··· 160 160 161 161 /* Returns 1 if okfn() needs to be executed by the caller, 162 162 * -EPERM for NF_DROP, 0 otherwise. */ 163 - int nf_hook_slow(int pf, unsigned int hook, struct sk_buff **pskb, 163 + int nf_hook_slow(int pf, unsigned int hook, struct sk_buff *skb, 164 164 struct net_device *indev, 165 165 struct net_device *outdev, 166 166 int (*okfn)(struct sk_buff *), ··· 175 175 176 176 elem = &nf_hooks[pf][hook]; 177 177 next_hook: 178 - verdict = nf_iterate(&nf_hooks[pf][hook], pskb, hook, indev, 178 + verdict = nf_iterate(&nf_hooks[pf][hook], skb, hook, indev, 179 179 outdev, &elem, okfn, hook_thresh); 180 180 if (verdict == NF_ACCEPT || verdict == NF_STOP) { 181 181 ret = 1; 182 182 goto unlock; 183 183 } else if (verdict == NF_DROP) { 184 - kfree_skb(*pskb); 184 + kfree_skb(skb); 185 185 ret = -EPERM; 186 186 } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) { 187 187 NFDEBUG("nf_hook: Verdict = QUEUE.\n"); 188 - if (!nf_queue(*pskb, elem, pf, hook, indev, outdev, okfn, 188 + if (!nf_queue(skb, elem, pf, hook, indev, outdev, okfn, 189 189 verdict >> NF_VERDICT_BITS)) 190 190 goto next_hook; 191 191 }

+10 -10

net/netfilter/nf_conntrack_amanda.c

··· 36 36 module_param(ts_algo, charp, 0400); 37 37 MODULE_PARM_DESC(ts_algo, "textsearch algorithm to use (default kmp)"); 38 38 39 - unsigned int (*nf_nat_amanda_hook)(struct sk_buff **pskb, 39 + unsigned int (*nf_nat_amanda_hook)(struct sk_buff *skb, 40 40 enum ip_conntrack_info ctinfo, 41 41 unsigned int matchoff, 42 42 unsigned int matchlen, ··· 79 79 }, 80 80 }; 81 81 82 - static int amanda_help(struct sk_buff **pskb, 82 + static int amanda_help(struct sk_buff *skb, 83 83 unsigned int protoff, 84 84 struct nf_conn *ct, 85 85 enum ip_conntrack_info ctinfo) ··· 101 101 102 102 /* increase the UDP timeout of the master connection as replies from 103 103 * Amanda clients to the server can be quite delayed */ 104 - nf_ct_refresh(ct, *pskb, master_timeout * HZ); 104 + nf_ct_refresh(ct, skb, master_timeout * HZ); 105 105 106 106 /* No data? */ 107 107 dataoff = protoff + sizeof(struct udphdr); 108 - if (dataoff >= (*pskb)->len) { 108 + if (dataoff >= skb->len) { 109 109 if (net_ratelimit()) 110 - printk("amanda_help: skblen = %u\n", (*pskb)->len); 110 + printk("amanda_help: skblen = %u\n", skb->len); 111 111 return NF_ACCEPT; 112 112 } 113 113 114 114 memset(&ts, 0, sizeof(ts)); 115 - start = skb_find_text(*pskb, dataoff, (*pskb)->len, 115 + start = skb_find_text(skb, dataoff, skb->len, 116 116 search[SEARCH_CONNECT].ts, &ts); 117 117 if (start == UINT_MAX) 118 118 goto out; 119 119 start += dataoff + search[SEARCH_CONNECT].len; 120 120 121 121 memset(&ts, 0, sizeof(ts)); 122 - stop = skb_find_text(*pskb, start, (*pskb)->len, 122 + stop = skb_find_text(skb, start, skb->len, 123 123 search[SEARCH_NEWLINE].ts, &ts); 124 124 if (stop == UINT_MAX) 125 125 goto out; ··· 127 127 128 128 for (i = SEARCH_DATA; i <= SEARCH_INDEX; i++) { 129 129 memset(&ts, 0, sizeof(ts)); 130 - off = skb_find_text(*pskb, start, stop, search[i].ts, &ts); 130 + off = skb_find_text(skb, start, stop, search[i].ts, &ts); 131 131 if (off == UINT_MAX) 132 132 continue; 133 133 off += start + search[i].len; 134 134 135 135 len = min_t(unsigned int, sizeof(pbuf) - 1, stop - off); 136 - if (skb_copy_bits(*pskb, off, pbuf, len)) 136 + if (skb_copy_bits(skb, off, pbuf, len)) 137 137 break; 138 138 pbuf[len] = '\0'; 139 139 ··· 153 153 154 154 nf_nat_amanda = rcu_dereference(nf_nat_amanda_hook); 155 155 if (nf_nat_amanda && ct->status & IPS_NAT_MASK) 156 - ret = nf_nat_amanda(pskb, ctinfo, off - dataoff, 156 + ret = nf_nat_amanda(skb, ctinfo, off - dataoff, 157 157 len, exp); 158 158 else if (nf_ct_expect_related(exp) != 0) 159 159 ret = NF_DROP;

+15 -15

net/netfilter/nf_conntrack_core.c

··· 307 307 308 308 /* Confirm a connection given skb; places it in hash table */ 309 309 int 310 - __nf_conntrack_confirm(struct sk_buff **pskb) 310 + __nf_conntrack_confirm(struct sk_buff *skb) 311 311 { 312 312 unsigned int hash, repl_hash; 313 313 struct nf_conntrack_tuple_hash *h; ··· 316 316 struct hlist_node *n; 317 317 enum ip_conntrack_info ctinfo; 318 318 319 - ct = nf_ct_get(*pskb, &ctinfo); 319 + ct = nf_ct_get(skb, &ctinfo); 320 320 321 321 /* ipt_REJECT uses nf_conntrack_attach to attach related 322 322 ICMP/TCP RST packets in other direction. Actual packet ··· 367 367 write_unlock_bh(&nf_conntrack_lock); 368 368 help = nfct_help(ct); 369 369 if (help && help->helper) 370 - nf_conntrack_event_cache(IPCT_HELPER, *pskb); 370 + nf_conntrack_event_cache(IPCT_HELPER, skb); 371 371 #ifdef CONFIG_NF_NAT_NEEDED 372 372 if (test_bit(IPS_SRC_NAT_DONE_BIT, &ct->status) || 373 373 test_bit(IPS_DST_NAT_DONE_BIT, &ct->status)) 374 - nf_conntrack_event_cache(IPCT_NATINFO, *pskb); 374 + nf_conntrack_event_cache(IPCT_NATINFO, skb); 375 375 #endif 376 376 nf_conntrack_event_cache(master_ct(ct) ? 377 - IPCT_RELATED : IPCT_NEW, *pskb); 377 + IPCT_RELATED : IPCT_NEW, skb); 378 378 return NF_ACCEPT; 379 379 380 380 out: ··· 632 632 } 633 633 634 634 unsigned int 635 - nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff **pskb) 635 + nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff *skb) 636 636 { 637 637 struct nf_conn *ct; 638 638 enum ip_conntrack_info ctinfo; ··· 644 644 int ret; 645 645 646 646 /* Previously seen (loopback or untracked)? Ignore. */ 647 - if ((*pskb)->nfct) { 647 + if (skb->nfct) { 648 648 NF_CT_STAT_INC_ATOMIC(ignore); 649 649 return NF_ACCEPT; 650 650 } 651 651 652 652 /* rcu_read_lock()ed by nf_hook_slow */ 653 653 l3proto = __nf_ct_l3proto_find((u_int16_t)pf); 654 - ret = l3proto->get_l4proto(*pskb, skb_network_offset(*pskb), 654 + ret = l3proto->get_l4proto(skb, skb_network_offset(skb), 655 655 &dataoff, &protonum); 656 656 if (ret <= 0) { 657 657 pr_debug("not prepared to track yet or error occured\n"); ··· 666 666 * inverse of the return code tells to the netfilter 667 667 * core what to do with the packet. */ 668 668 if (l4proto->error != NULL && 669 - (ret = l4proto->error(*pskb, dataoff, &ctinfo, pf, hooknum)) <= 0) { 669 + (ret = l4proto->error(skb, dataoff, &ctinfo, pf, hooknum)) <= 0) { 670 670 NF_CT_STAT_INC_ATOMIC(error); 671 671 NF_CT_STAT_INC_ATOMIC(invalid); 672 672 return -ret; 673 673 } 674 674 675 - ct = resolve_normal_ct(*pskb, dataoff, pf, protonum, l3proto, l4proto, 675 + ct = resolve_normal_ct(skb, dataoff, pf, protonum, l3proto, l4proto, 676 676 &set_reply, &ctinfo); 677 677 if (!ct) { 678 678 /* Not valid part of a connection */ ··· 686 686 return NF_DROP; 687 687 } 688 688 689 - NF_CT_ASSERT((*pskb)->nfct); 689 + NF_CT_ASSERT(skb->nfct); 690 690 691 - ret = l4proto->packet(ct, *pskb, dataoff, ctinfo, pf, hooknum); 691 + ret = l4proto->packet(ct, skb, dataoff, ctinfo, pf, hooknum); 692 692 if (ret < 0) { 693 693 /* Invalid: inverse of the return code tells 694 694 * the netfilter core what to do */ 695 695 pr_debug("nf_conntrack_in: Can't track with proto module\n"); 696 - nf_conntrack_put((*pskb)->nfct); 697 - (*pskb)->nfct = NULL; 696 + nf_conntrack_put(skb->nfct); 697 + skb->nfct = NULL; 698 698 NF_CT_STAT_INC_ATOMIC(invalid); 699 699 return -ret; 700 700 } 701 701 702 702 if (set_reply && !test_and_set_bit(IPS_SEEN_REPLY_BIT, &ct->status)) 703 - nf_conntrack_event_cache(IPCT_STATUS, *pskb); 703 + nf_conntrack_event_cache(IPCT_STATUS, skb); 704 704 705 705 return ret; 706 706 }

+9 -9

net/netfilter/nf_conntrack_ftp.c

··· 43 43 static int loose; 44 44 module_param(loose, bool, 0600); 45 45 46 - unsigned int (*nf_nat_ftp_hook)(struct sk_buff **pskb, 46 + unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb, 47 47 enum ip_conntrack_info ctinfo, 48 48 enum nf_ct_ftp_type type, 49 49 unsigned int matchoff, ··· 344 344 } 345 345 } 346 346 347 - static int help(struct sk_buff **pskb, 347 + static int help(struct sk_buff *skb, 348 348 unsigned int protoff, 349 349 struct nf_conn *ct, 350 350 enum ip_conntrack_info ctinfo) ··· 371 371 return NF_ACCEPT; 372 372 } 373 373 374 - th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); 374 + th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); 375 375 if (th == NULL) 376 376 return NF_ACCEPT; 377 377 378 378 dataoff = protoff + th->doff * 4; 379 379 /* No data? */ 380 - if (dataoff >= (*pskb)->len) { 380 + if (dataoff >= skb->len) { 381 381 pr_debug("ftp: dataoff(%u) >= skblen(%u)\n", dataoff, 382 - (*pskb)->len); 382 + skb->len); 383 383 return NF_ACCEPT; 384 384 } 385 - datalen = (*pskb)->len - dataoff; 385 + datalen = skb->len - dataoff; 386 386 387 387 spin_lock_bh(&nf_ftp_lock); 388 - fb_ptr = skb_header_pointer(*pskb, dataoff, datalen, ftp_buffer); 388 + fb_ptr = skb_header_pointer(skb, dataoff, datalen, ftp_buffer); 389 389 BUG_ON(fb_ptr == NULL); 390 390 391 391 ends_in_nl = (fb_ptr[datalen - 1] == '\n'); ··· 491 491 * (possibly changed) expectation itself. */ 492 492 nf_nat_ftp = rcu_dereference(nf_nat_ftp_hook); 493 493 if (nf_nat_ftp && ct->status & IPS_NAT_MASK) 494 - ret = nf_nat_ftp(pskb, ctinfo, search[dir][i].ftptype, 494 + ret = nf_nat_ftp(skb, ctinfo, search[dir][i].ftptype, 495 495 matchoff, matchlen, exp); 496 496 else { 497 497 /* Can't expect this? Best to drop packet now. */ ··· 508 508 /* Now if this ends in \n, update ftp info. Seq may have been 509 509 * adjusted by NAT code. */ 510 510 if (ends_in_nl) 511 - update_nl_seq(seq, ct_ftp_info, dir, *pskb); 511 + update_nl_seq(seq, ct_ftp_info, dir, skb); 512 512 out: 513 513 spin_unlock_bh(&nf_ftp_lock); 514 514 return ret;

+118 -118

net/netfilter/nf_conntrack_h323_main.c

··· 47 47 "(determined by routing information)"); 48 48 49 49 /* Hooks for NAT */ 50 - int (*set_h245_addr_hook) (struct sk_buff **pskb, 50 + int (*set_h245_addr_hook) (struct sk_buff *skb, 51 51 unsigned char **data, int dataoff, 52 52 H245_TransportAddress *taddr, 53 53 union nf_conntrack_address *addr, __be16 port) 54 54 __read_mostly; 55 - int (*set_h225_addr_hook) (struct sk_buff **pskb, 55 + int (*set_h225_addr_hook) (struct sk_buff *skb, 56 56 unsigned char **data, int dataoff, 57 57 TransportAddress *taddr, 58 58 union nf_conntrack_address *addr, __be16 port) 59 59 __read_mostly; 60 - int (*set_sig_addr_hook) (struct sk_buff **pskb, 60 + int (*set_sig_addr_hook) (struct sk_buff *skb, 61 61 struct nf_conn *ct, 62 62 enum ip_conntrack_info ctinfo, 63 63 unsigned char **data, 64 64 TransportAddress *taddr, int count) __read_mostly; 65 - int (*set_ras_addr_hook) (struct sk_buff **pskb, 65 + int (*set_ras_addr_hook) (struct sk_buff *skb, 66 66 struct nf_conn *ct, 67 67 enum ip_conntrack_info ctinfo, 68 68 unsigned char **data, 69 69 TransportAddress *taddr, int count) __read_mostly; 70 - int (*nat_rtp_rtcp_hook) (struct sk_buff **pskb, 70 + int (*nat_rtp_rtcp_hook) (struct sk_buff *skb, 71 71 struct nf_conn *ct, 72 72 enum ip_conntrack_info ctinfo, 73 73 unsigned char **data, int dataoff, ··· 75 75 __be16 port, __be16 rtp_port, 76 76 struct nf_conntrack_expect *rtp_exp, 77 77 struct nf_conntrack_expect *rtcp_exp) __read_mostly; 78 - int (*nat_t120_hook) (struct sk_buff **pskb, 78 + int (*nat_t120_hook) (struct sk_buff *skb, 79 79 struct nf_conn *ct, 80 80 enum ip_conntrack_info ctinfo, 81 81 unsigned char **data, int dataoff, 82 82 H245_TransportAddress *taddr, __be16 port, 83 83 struct nf_conntrack_expect *exp) __read_mostly; 84 - int (*nat_h245_hook) (struct sk_buff **pskb, 84 + int (*nat_h245_hook) (struct sk_buff *skb, 85 85 struct nf_conn *ct, 86 86 enum ip_conntrack_info ctinfo, 87 87 unsigned char **data, int dataoff, 88 88 TransportAddress *taddr, __be16 port, 89 89 struct nf_conntrack_expect *exp) __read_mostly; 90 - int (*nat_callforwarding_hook) (struct sk_buff **pskb, 90 + int (*nat_callforwarding_hook) (struct sk_buff *skb, 91 91 struct nf_conn *ct, 92 92 enum ip_conntrack_info ctinfo, 93 93 unsigned char **data, int dataoff, 94 94 TransportAddress *taddr, __be16 port, 95 95 struct nf_conntrack_expect *exp) __read_mostly; 96 - int (*nat_q931_hook) (struct sk_buff **pskb, 96 + int (*nat_q931_hook) (struct sk_buff *skb, 97 97 struct nf_conn *ct, 98 98 enum ip_conntrack_info ctinfo, 99 99 unsigned char **data, TransportAddress *taddr, int idx, ··· 108 108 static struct nf_conntrack_helper nf_conntrack_helper_ras[]; 109 109 110 110 /****************************************************************************/ 111 - static int get_tpkt_data(struct sk_buff **pskb, unsigned int protoff, 111 + static int get_tpkt_data(struct sk_buff *skb, unsigned int protoff, 112 112 struct nf_conn *ct, enum ip_conntrack_info ctinfo, 113 113 unsigned char **data, int *datalen, int *dataoff) 114 114 { ··· 122 122 int tpktoff; 123 123 124 124 /* Get TCP header */ 125 - th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); 125 + th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); 126 126 if (th == NULL) 127 127 return 0; 128 128 ··· 130 130 tcpdataoff = protoff + th->doff * 4; 131 131 132 132 /* Get TCP data length */ 133 - tcpdatalen = (*pskb)->len - tcpdataoff; 133 + tcpdatalen = skb->len - tcpdataoff; 134 134 if (tcpdatalen <= 0) /* No TCP data */ 135 135 goto clear_out; 136 136 137 137 if (*data == NULL) { /* first TPKT */ 138 138 /* Get first TPKT pointer */ 139 - tpkt = skb_header_pointer(*pskb, tcpdataoff, tcpdatalen, 139 + tpkt = skb_header_pointer(skb, tcpdataoff, tcpdatalen, 140 140 h323_buffer); 141 141 BUG_ON(tpkt == NULL); 142 142 ··· 248 248 } 249 249 250 250 /****************************************************************************/ 251 - static int expect_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct, 251 + static int expect_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct, 252 252 enum ip_conntrack_info ctinfo, 253 253 unsigned char **data, int dataoff, 254 254 H245_TransportAddress *taddr) ··· 297 297 (nat_rtp_rtcp = rcu_dereference(nat_rtp_rtcp_hook)) && 298 298 ct->status & IPS_NAT_MASK) { 299 299 /* NAT needed */ 300 - ret = nat_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, 300 + ret = nat_rtp_rtcp(skb, ct, ctinfo, data, dataoff, 301 301 taddr, port, rtp_port, rtp_exp, rtcp_exp); 302 302 } else { /* Conntrack only */ 303 303 if (nf_ct_expect_related(rtp_exp) == 0) { ··· 321 321 } 322 322 323 323 /****************************************************************************/ 324 - static int expect_t120(struct sk_buff **pskb, 324 + static int expect_t120(struct sk_buff *skb, 325 325 struct nf_conn *ct, 326 326 enum ip_conntrack_info ctinfo, 327 327 unsigned char **data, int dataoff, ··· 355 355 (nat_t120 = rcu_dereference(nat_t120_hook)) && 356 356 ct->status & IPS_NAT_MASK) { 357 357 /* NAT needed */ 358 - ret = nat_t120(pskb, ct, ctinfo, data, dataoff, taddr, 358 + ret = nat_t120(skb, ct, ctinfo, data, dataoff, taddr, 359 359 port, exp); 360 360 } else { /* Conntrack only */ 361 361 if (nf_ct_expect_related(exp) == 0) { ··· 371 371 } 372 372 373 373 /****************************************************************************/ 374 - static int process_h245_channel(struct sk_buff **pskb, 374 + static int process_h245_channel(struct sk_buff *skb, 375 375 struct nf_conn *ct, 376 376 enum ip_conntrack_info ctinfo, 377 377 unsigned char **data, int dataoff, ··· 381 381 382 382 if (channel->options & eH2250LogicalChannelParameters_mediaChannel) { 383 383 /* RTP */ 384 - ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, 384 + ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff, 385 385 &channel->mediaChannel); 386 386 if (ret < 0) 387 387 return -1; ··· 390 390 if (channel-> 391 391 options & eH2250LogicalChannelParameters_mediaControlChannel) { 392 392 /* RTCP */ 393 - ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, 393 + ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff, 394 394 &channel->mediaControlChannel); 395 395 if (ret < 0) 396 396 return -1; ··· 400 400 } 401 401 402 402 /****************************************************************************/ 403 - static int process_olc(struct sk_buff **pskb, struct nf_conn *ct, 403 + static int process_olc(struct sk_buff *skb, struct nf_conn *ct, 404 404 enum ip_conntrack_info ctinfo, 405 405 unsigned char **data, int dataoff, 406 406 OpenLogicalChannel *olc) ··· 412 412 if (olc->forwardLogicalChannelParameters.multiplexParameters.choice == 413 413 eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters) 414 414 { 415 - ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff, 415 + ret = process_h245_channel(skb, ct, ctinfo, data, dataoff, 416 416 &olc-> 417 417 forwardLogicalChannelParameters. 418 418 multiplexParameters. ··· 430 430 eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) 431 431 { 432 432 ret = 433 - process_h245_channel(pskb, ct, ctinfo, data, dataoff, 433 + process_h245_channel(skb, ct, ctinfo, data, dataoff, 434 434 &olc-> 435 435 reverseLogicalChannelParameters. 436 436 multiplexParameters. ··· 448 448 t120.choice == eDataProtocolCapability_separateLANStack && 449 449 olc->separateStack.networkAddress.choice == 450 450 eNetworkAccessParameters_networkAddress_localAreaAddress) { 451 - ret = expect_t120(pskb, ct, ctinfo, data, dataoff, 451 + ret = expect_t120(skb, ct, ctinfo, data, dataoff, 452 452 &olc->separateStack.networkAddress. 453 453 localAreaAddress); 454 454 if (ret < 0) ··· 459 459 } 460 460 461 461 /****************************************************************************/ 462 - static int process_olca(struct sk_buff **pskb, struct nf_conn *ct, 462 + static int process_olca(struct sk_buff *skb, struct nf_conn *ct, 463 463 enum ip_conntrack_info ctinfo, 464 464 unsigned char **data, int dataoff, 465 465 OpenLogicalChannelAck *olca) ··· 477 477 choice == 478 478 eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)) 479 479 { 480 - ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff, 480 + ret = process_h245_channel(skb, ct, ctinfo, data, dataoff, 481 481 &olca-> 482 482 reverseLogicalChannelParameters. 483 483 multiplexParameters. ··· 496 496 if (ack->options & 497 497 eH2250LogicalChannelAckParameters_mediaChannel) { 498 498 /* RTP */ 499 - ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, 499 + ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff, 500 500 &ack->mediaChannel); 501 501 if (ret < 0) 502 502 return -1; ··· 505 505 if (ack->options & 506 506 eH2250LogicalChannelAckParameters_mediaControlChannel) { 507 507 /* RTCP */ 508 - ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff, 508 + ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff, 509 509 &ack->mediaControlChannel); 510 510 if (ret < 0) 511 511 return -1; ··· 515 515 if ((olca->options & eOpenLogicalChannelAck_separateStack) && 516 516 olca->separateStack.networkAddress.choice == 517 517 eNetworkAccessParameters_networkAddress_localAreaAddress) { 518 - ret = expect_t120(pskb, ct, ctinfo, data, dataoff, 518 + ret = expect_t120(skb, ct, ctinfo, data, dataoff, 519 519 &olca->separateStack.networkAddress. 520 520 localAreaAddress); 521 521 if (ret < 0) ··· 526 526 } 527 527 528 528 /****************************************************************************/ 529 - static int process_h245(struct sk_buff **pskb, struct nf_conn *ct, 529 + static int process_h245(struct sk_buff *skb, struct nf_conn *ct, 530 530 enum ip_conntrack_info ctinfo, 531 531 unsigned char **data, int dataoff, 532 532 MultimediaSystemControlMessage *mscm) ··· 535 535 case eMultimediaSystemControlMessage_request: 536 536 if (mscm->request.choice == 537 537 eRequestMessage_openLogicalChannel) { 538 - return process_olc(pskb, ct, ctinfo, data, dataoff, 538 + return process_olc(skb, ct, ctinfo, data, dataoff, 539 539 &mscm->request.openLogicalChannel); 540 540 } 541 541 pr_debug("nf_ct_h323: H.245 Request %d\n", ··· 544 544 case eMultimediaSystemControlMessage_response: 545 545 if (mscm->response.choice == 546 546 eResponseMessage_openLogicalChannelAck) { 547 - return process_olca(pskb, ct, ctinfo, data, dataoff, 547 + return process_olca(skb, ct, ctinfo, data, dataoff, 548 548 &mscm->response. 549 549 openLogicalChannelAck); 550 550 } ··· 560 560 } 561 561 562 562 /****************************************************************************/ 563 - static int h245_help(struct sk_buff **pskb, unsigned int protoff, 563 + static int h245_help(struct sk_buff *skb, unsigned int protoff, 564 564 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 565 565 { 566 566 static MultimediaSystemControlMessage mscm; ··· 574 574 ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) { 575 575 return NF_ACCEPT; 576 576 } 577 - pr_debug("nf_ct_h245: skblen = %u\n", (*pskb)->len); 577 + pr_debug("nf_ct_h245: skblen = %u\n", skb->len); 578 578 579 579 spin_lock_bh(&nf_h323_lock); 580 580 581 581 /* Process each TPKT */ 582 - while (get_tpkt_data(pskb, protoff, ct, ctinfo, 582 + while (get_tpkt_data(skb, protoff, ct, ctinfo, 583 583 &data, &datalen, &dataoff)) { 584 584 pr_debug("nf_ct_h245: TPKT len=%d ", datalen); 585 585 NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); ··· 596 596 } 597 597 598 598 /* Process H.245 signal */ 599 - if (process_h245(pskb, ct, ctinfo, &data, dataoff, &mscm) < 0) 599 + if (process_h245(skb, ct, ctinfo, &data, dataoff, &mscm) < 0) 600 600 goto drop; 601 601 } 602 602 ··· 654 654 } 655 655 656 656 /****************************************************************************/ 657 - static int expect_h245(struct sk_buff **pskb, struct nf_conn *ct, 657 + static int expect_h245(struct sk_buff *skb, struct nf_conn *ct, 658 658 enum ip_conntrack_info ctinfo, 659 659 unsigned char **data, int dataoff, 660 660 TransportAddress *taddr) ··· 687 687 (nat_h245 = rcu_dereference(nat_h245_hook)) && 688 688 ct->status & IPS_NAT_MASK) { 689 689 /* NAT needed */ 690 - ret = nat_h245(pskb, ct, ctinfo, data, dataoff, taddr, 690 + ret = nat_h245(skb, ct, ctinfo, data, dataoff, taddr, 691 691 port, exp); 692 692 } else { /* Conntrack only */ 693 693 if (nf_ct_expect_related(exp) == 0) { ··· 758 758 } 759 759 760 760 /****************************************************************************/ 761 - static int expect_callforwarding(struct sk_buff **pskb, 761 + static int expect_callforwarding(struct sk_buff *skb, 762 762 struct nf_conn *ct, 763 763 enum ip_conntrack_info ctinfo, 764 764 unsigned char **data, int dataoff, ··· 798 798 (nat_callforwarding = rcu_dereference(nat_callforwarding_hook)) && 799 799 ct->status & IPS_NAT_MASK) { 800 800 /* Need NAT */ 801 - ret = nat_callforwarding(pskb, ct, ctinfo, data, dataoff, 801 + ret = nat_callforwarding(skb, ct, ctinfo, data, dataoff, 802 802 taddr, port, exp); 803 803 } else { /* Conntrack only */ 804 804 if (nf_ct_expect_related(exp) == 0) { ··· 814 814 } 815 815 816 816 /****************************************************************************/ 817 - static int process_setup(struct sk_buff **pskb, struct nf_conn *ct, 817 + static int process_setup(struct sk_buff *skb, struct nf_conn *ct, 818 818 enum ip_conntrack_info ctinfo, 819 819 unsigned char **data, int dataoff, 820 820 Setup_UUIE *setup) ··· 829 829 pr_debug("nf_ct_q931: Setup\n"); 830 830 831 831 if (setup->options & eSetup_UUIE_h245Address) { 832 - ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 832 + ret = expect_h245(skb, ct, ctinfo, data, dataoff, 833 833 &setup->h245Address); 834 834 if (ret < 0) 835 835 return -1; ··· 846 846 NIP6(*(struct in6_addr *)&addr), ntohs(port), 847 847 NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.src.u3), 848 848 ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port)); 849 - ret = set_h225_addr(pskb, data, dataoff, 849 + ret = set_h225_addr(skb, data, dataoff, 850 850 &setup->destCallSignalAddress, 851 851 &ct->tuplehash[!dir].tuple.src.u3, 852 852 ct->tuplehash[!dir].tuple.src.u.tcp.port); ··· 864 864 NIP6(*(struct in6_addr *)&addr), ntohs(port), 865 865 NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.dst.u3), 866 866 ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port)); 867 - ret = set_h225_addr(pskb, data, dataoff, 867 + ret = set_h225_addr(skb, data, dataoff, 868 868 &setup->sourceCallSignalAddress, 869 869 &ct->tuplehash[!dir].tuple.dst.u3, 870 870 ct->tuplehash[!dir].tuple.dst.u.tcp.port); ··· 874 874 875 875 if (setup->options & eSetup_UUIE_fastStart) { 876 876 for (i = 0; i < setup->fastStart.count; i++) { 877 - ret = process_olc(pskb, ct, ctinfo, data, dataoff, 877 + ret = process_olc(skb, ct, ctinfo, data, dataoff, 878 878 &setup->fastStart.item[i]); 879 879 if (ret < 0) 880 880 return -1; ··· 885 885 } 886 886 887 887 /****************************************************************************/ 888 - static int process_callproceeding(struct sk_buff **pskb, 888 + static int process_callproceeding(struct sk_buff *skb, 889 889 struct nf_conn *ct, 890 890 enum ip_conntrack_info ctinfo, 891 891 unsigned char **data, int dataoff, ··· 897 897 pr_debug("nf_ct_q931: CallProceeding\n"); 898 898 899 899 if (callproc->options & eCallProceeding_UUIE_h245Address) { 900 - ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 900 + ret = expect_h245(skb, ct, ctinfo, data, dataoff, 901 901 &callproc->h245Address); 902 902 if (ret < 0) 903 903 return -1; ··· 905 905 906 906 if (callproc->options & eCallProceeding_UUIE_fastStart) { 907 907 for (i = 0; i < callproc->fastStart.count; i++) { 908 - ret = process_olc(pskb, ct, ctinfo, data, dataoff, 908 + ret = process_olc(skb, ct, ctinfo, data, dataoff, 909 909 &callproc->fastStart.item[i]); 910 910 if (ret < 0) 911 911 return -1; ··· 916 916 } 917 917 918 918 /****************************************************************************/ 919 - static int process_connect(struct sk_buff **pskb, struct nf_conn *ct, 919 + static int process_connect(struct sk_buff *skb, struct nf_conn *ct, 920 920 enum ip_conntrack_info ctinfo, 921 921 unsigned char **data, int dataoff, 922 922 Connect_UUIE *connect) ··· 927 927 pr_debug("nf_ct_q931: Connect\n"); 928 928 929 929 if (connect->options & eConnect_UUIE_h245Address) { 930 - ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 930 + ret = expect_h245(skb, ct, ctinfo, data, dataoff, 931 931 &connect->h245Address); 932 932 if (ret < 0) 933 933 return -1; ··· 935 935 936 936 if (connect->options & eConnect_UUIE_fastStart) { 937 937 for (i = 0; i < connect->fastStart.count; i++) { 938 - ret = process_olc(pskb, ct, ctinfo, data, dataoff, 938 + ret = process_olc(skb, ct, ctinfo, data, dataoff, 939 939 &connect->fastStart.item[i]); 940 940 if (ret < 0) 941 941 return -1; ··· 946 946 } 947 947 948 948 /****************************************************************************/ 949 - static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct, 949 + static int process_alerting(struct sk_buff *skb, struct nf_conn *ct, 950 950 enum ip_conntrack_info ctinfo, 951 951 unsigned char **data, int dataoff, 952 952 Alerting_UUIE *alert) ··· 957 957 pr_debug("nf_ct_q931: Alerting\n"); 958 958 959 959 if (alert->options & eAlerting_UUIE_h245Address) { 960 - ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 960 + ret = expect_h245(skb, ct, ctinfo, data, dataoff, 961 961 &alert->h245Address); 962 962 if (ret < 0) 963 963 return -1; ··· 965 965 966 966 if (alert->options & eAlerting_UUIE_fastStart) { 967 967 for (i = 0; i < alert->fastStart.count; i++) { 968 - ret = process_olc(pskb, ct, ctinfo, data, dataoff, 968 + ret = process_olc(skb, ct, ctinfo, data, dataoff, 969 969 &alert->fastStart.item[i]); 970 970 if (ret < 0) 971 971 return -1; ··· 976 976 } 977 977 978 978 /****************************************************************************/ 979 - static int process_facility(struct sk_buff **pskb, struct nf_conn *ct, 979 + static int process_facility(struct sk_buff *skb, struct nf_conn *ct, 980 980 enum ip_conntrack_info ctinfo, 981 981 unsigned char **data, int dataoff, 982 982 Facility_UUIE *facility) ··· 988 988 989 989 if (facility->reason.choice == eFacilityReason_callForwarded) { 990 990 if (facility->options & eFacility_UUIE_alternativeAddress) 991 - return expect_callforwarding(pskb, ct, ctinfo, data, 991 + return expect_callforwarding(skb, ct, ctinfo, data, 992 992 dataoff, 993 993 &facility-> 994 994 alternativeAddress); ··· 996 996 } 997 997 998 998 if (facility->options & eFacility_UUIE_h245Address) { 999 - ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 999 + ret = expect_h245(skb, ct, ctinfo, data, dataoff, 1000 1000 &facility->h245Address); 1001 1001 if (ret < 0) 1002 1002 return -1; ··· 1004 1004 1005 1005 if (facility->options & eFacility_UUIE_fastStart) { 1006 1006 for (i = 0; i < facility->fastStart.count; i++) { 1007 - ret = process_olc(pskb, ct, ctinfo, data, dataoff, 1007 + ret = process_olc(skb, ct, ctinfo, data, dataoff, 1008 1008 &facility->fastStart.item[i]); 1009 1009 if (ret < 0) 1010 1010 return -1; ··· 1015 1015 } 1016 1016 1017 1017 /****************************************************************************/ 1018 - static int process_progress(struct sk_buff **pskb, struct nf_conn *ct, 1018 + static int process_progress(struct sk_buff *skb, struct nf_conn *ct, 1019 1019 enum ip_conntrack_info ctinfo, 1020 1020 unsigned char **data, int dataoff, 1021 1021 Progress_UUIE *progress) ··· 1026 1026 pr_debug("nf_ct_q931: Progress\n"); 1027 1027 1028 1028 if (progress->options & eProgress_UUIE_h245Address) { 1029 - ret = expect_h245(pskb, ct, ctinfo, data, dataoff, 1029 + ret = expect_h245(skb, ct, ctinfo, data, dataoff, 1030 1030 &progress->h245Address); 1031 1031 if (ret < 0) 1032 1032 return -1; ··· 1034 1034 1035 1035 if (progress->options & eProgress_UUIE_fastStart) { 1036 1036 for (i = 0; i < progress->fastStart.count; i++) { 1037 - ret = process_olc(pskb, ct, ctinfo, data, dataoff, 1037 + ret = process_olc(skb, ct, ctinfo, data, dataoff, 1038 1038 &progress->fastStart.item[i]); 1039 1039 if (ret < 0) 1040 1040 return -1; ··· 1045 1045 } 1046 1046 1047 1047 /****************************************************************************/ 1048 - static int process_q931(struct sk_buff **pskb, struct nf_conn *ct, 1048 + static int process_q931(struct sk_buff *skb, struct nf_conn *ct, 1049 1049 enum ip_conntrack_info ctinfo, 1050 1050 unsigned char **data, int dataoff, Q931 *q931) 1051 1051 { ··· 1055 1055 1056 1056 switch (pdu->h323_message_body.choice) { 1057 1057 case eH323_UU_PDU_h323_message_body_setup: 1058 - ret = process_setup(pskb, ct, ctinfo, data, dataoff, 1058 + ret = process_setup(skb, ct, ctinfo, data, dataoff, 1059 1059 &pdu->h323_message_body.setup); 1060 1060 break; 1061 1061 case eH323_UU_PDU_h323_message_body_callProceeding: 1062 - ret = process_callproceeding(pskb, ct, ctinfo, data, dataoff, 1062 + ret = process_callproceeding(skb, ct, ctinfo, data, dataoff, 1063 1063 &pdu->h323_message_body. 1064 1064 callProceeding); 1065 1065 break; 1066 1066 case eH323_UU_PDU_h323_message_body_connect: 1067 - ret = process_connect(pskb, ct, ctinfo, data, dataoff, 1067 + ret = process_connect(skb, ct, ctinfo, data, dataoff, 1068 1068 &pdu->h323_message_body.connect); 1069 1069 break; 1070 1070 case eH323_UU_PDU_h323_message_body_alerting: 1071 - ret = process_alerting(pskb, ct, ctinfo, data, dataoff, 1071 + ret = process_alerting(skb, ct, ctinfo, data, dataoff, 1072 1072 &pdu->h323_message_body.alerting); 1073 1073 break; 1074 1074 case eH323_UU_PDU_h323_message_body_facility: 1075 - ret = process_facility(pskb, ct, ctinfo, data, dataoff, 1075 + ret = process_facility(skb, ct, ctinfo, data, dataoff, 1076 1076 &pdu->h323_message_body.facility); 1077 1077 break; 1078 1078 case eH323_UU_PDU_h323_message_body_progress: 1079 - ret = process_progress(pskb, ct, ctinfo, data, dataoff, 1079 + ret = process_progress(skb, ct, ctinfo, data, dataoff, 1080 1080 &pdu->h323_message_body.progress); 1081 1081 break; 1082 1082 default: ··· 1090 1090 1091 1091 if (pdu->options & eH323_UU_PDU_h245Control) { 1092 1092 for (i = 0; i < pdu->h245Control.count; i++) { 1093 - ret = process_h245(pskb, ct, ctinfo, data, dataoff, 1093 + ret = process_h245(skb, ct, ctinfo, data, dataoff, 1094 1094 &pdu->h245Control.item[i]); 1095 1095 if (ret < 0) 1096 1096 return -1; ··· 1101 1101 } 1102 1102 1103 1103 /****************************************************************************/ 1104 - static int q931_help(struct sk_buff **pskb, unsigned int protoff, 1104 + static int q931_help(struct sk_buff *skb, unsigned int protoff, 1105 1105 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 1106 1106 { 1107 1107 static Q931 q931; ··· 1115 1115 ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) { 1116 1116 return NF_ACCEPT; 1117 1117 } 1118 - pr_debug("nf_ct_q931: skblen = %u\n", (*pskb)->len); 1118 + pr_debug("nf_ct_q931: skblen = %u\n", skb->len); 1119 1119 1120 1120 spin_lock_bh(&nf_h323_lock); 1121 1121 1122 1122 /* Process each TPKT */ 1123 - while (get_tpkt_data(pskb, protoff, ct, ctinfo, 1123 + while (get_tpkt_data(skb, protoff, ct, ctinfo, 1124 1124 &data, &datalen, &dataoff)) { 1125 1125 pr_debug("nf_ct_q931: TPKT len=%d ", datalen); 1126 1126 NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple); ··· 1136 1136 } 1137 1137 1138 1138 /* Process Q.931 signal */ 1139 - if (process_q931(pskb, ct, ctinfo, &data, dataoff, &q931) < 0) 1139 + if (process_q931(skb, ct, ctinfo, &data, dataoff, &q931) < 0) 1140 1140 goto drop; 1141 1141 } 1142 1142 ··· 1177 1177 }; 1178 1178 1179 1179 /****************************************************************************/ 1180 - static unsigned char *get_udp_data(struct sk_buff **pskb, unsigned int protoff, 1180 + static unsigned char *get_udp_data(struct sk_buff *skb, unsigned int protoff, 1181 1181 int *datalen) 1182 1182 { 1183 1183 struct udphdr _uh, *uh; 1184 1184 int dataoff; 1185 1185 1186 - uh = skb_header_pointer(*pskb, protoff, sizeof(_uh), &_uh); 1186 + uh = skb_header_pointer(skb, protoff, sizeof(_uh), &_uh); 1187 1187 if (uh == NULL) 1188 1188 return NULL; 1189 1189 dataoff = protoff + sizeof(_uh); 1190 - if (dataoff >= (*pskb)->len) 1190 + if (dataoff >= skb->len) 1191 1191 return NULL; 1192 - *datalen = (*pskb)->len - dataoff; 1193 - return skb_header_pointer(*pskb, dataoff, *datalen, h323_buffer); 1192 + *datalen = skb->len - dataoff; 1193 + return skb_header_pointer(skb, dataoff, *datalen, h323_buffer); 1194 1194 } 1195 1195 1196 1196 /****************************************************************************/ ··· 1227 1227 } 1228 1228 1229 1229 /****************************************************************************/ 1230 - static int expect_q931(struct sk_buff **pskb, struct nf_conn *ct, 1230 + static int expect_q931(struct sk_buff *skb, struct nf_conn *ct, 1231 1231 enum ip_conntrack_info ctinfo, 1232 1232 unsigned char **data, 1233 1233 TransportAddress *taddr, int count) ··· 1265 1265 1266 1266 nat_q931 = rcu_dereference(nat_q931_hook); 1267 1267 if (nat_q931 && ct->status & IPS_NAT_MASK) { /* Need NAT */ 1268 - ret = nat_q931(pskb, ct, ctinfo, data, taddr, i, port, exp); 1268 + ret = nat_q931(skb, ct, ctinfo, data, taddr, i, port, exp); 1269 1269 } else { /* Conntrack only */ 1270 1270 if (nf_ct_expect_related(exp) == 0) { 1271 1271 pr_debug("nf_ct_ras: expect Q.931 "); ··· 1283 1283 } 1284 1284 1285 1285 /****************************************************************************/ 1286 - static int process_grq(struct sk_buff **pskb, struct nf_conn *ct, 1286 + static int process_grq(struct sk_buff *skb, struct nf_conn *ct, 1287 1287 enum ip_conntrack_info ctinfo, 1288 1288 unsigned char **data, GatekeeperRequest *grq) 1289 1289 { ··· 1293 1293 1294 1294 set_ras_addr = rcu_dereference(set_ras_addr_hook); 1295 1295 if (set_ras_addr && ct->status & IPS_NAT_MASK) /* NATed */ 1296 - return set_ras_addr(pskb, ct, ctinfo, data, 1296 + return set_ras_addr(skb, ct, ctinfo, data, 1297 1297 &grq->rasAddress, 1); 1298 1298 return 0; 1299 1299 } 1300 1300 1301 1301 /****************************************************************************/ 1302 - static int process_gcf(struct sk_buff **pskb, struct nf_conn *ct, 1302 + static int process_gcf(struct sk_buff *skb, struct nf_conn *ct, 1303 1303 enum ip_conntrack_info ctinfo, 1304 1304 unsigned char **data, GatekeeperConfirm *gcf) 1305 1305 { ··· 1343 1343 } 1344 1344 1345 1345 /****************************************************************************/ 1346 - static int process_rrq(struct sk_buff **pskb, struct nf_conn *ct, 1346 + static int process_rrq(struct sk_buff *skb, struct nf_conn *ct, 1347 1347 enum ip_conntrack_info ctinfo, 1348 1348 unsigned char **data, RegistrationRequest *rrq) 1349 1349 { ··· 1353 1353 1354 1354 pr_debug("nf_ct_ras: RRQ\n"); 1355 1355 1356 - ret = expect_q931(pskb, ct, ctinfo, data, 1356 + ret = expect_q931(skb, ct, ctinfo, data, 1357 1357 rrq->callSignalAddress.item, 1358 1358 rrq->callSignalAddress.count); 1359 1359 if (ret < 0) ··· 1361 1361 1362 1362 set_ras_addr = rcu_dereference(set_ras_addr_hook); 1363 1363 if (set_ras_addr && ct->status & IPS_NAT_MASK) { 1364 - ret = set_ras_addr(pskb, ct, ctinfo, data, 1364 + ret = set_ras_addr(skb, ct, ctinfo, data, 1365 1365 rrq->rasAddress.item, 1366 1366 rrq->rasAddress.count); 1367 1367 if (ret < 0) ··· 1378 1378 } 1379 1379 1380 1380 /****************************************************************************/ 1381 - static int process_rcf(struct sk_buff **pskb, struct nf_conn *ct, 1381 + static int process_rcf(struct sk_buff *skb, struct nf_conn *ct, 1382 1382 enum ip_conntrack_info ctinfo, 1383 1383 unsigned char **data, RegistrationConfirm *rcf) 1384 1384 { ··· 1392 1392 1393 1393 set_sig_addr = rcu_dereference(set_sig_addr_hook); 1394 1394 if (set_sig_addr && ct->status & IPS_NAT_MASK) { 1395 - ret = set_sig_addr(pskb, ct, ctinfo, data, 1395 + ret = set_sig_addr(skb, ct, ctinfo, data, 1396 1396 rcf->callSignalAddress.item, 1397 1397 rcf->callSignalAddress.count); 1398 1398 if (ret < 0) ··· 1407 1407 if (info->timeout > 0) { 1408 1408 pr_debug("nf_ct_ras: set RAS connection timeout to " 1409 1409 "%u seconds\n", info->timeout); 1410 - nf_ct_refresh(ct, *pskb, info->timeout * HZ); 1410 + nf_ct_refresh(ct, skb, info->timeout * HZ); 1411 1411 1412 1412 /* Set expect timeout */ 1413 1413 read_lock_bh(&nf_conntrack_lock); ··· 1427 1427 } 1428 1428 1429 1429 /****************************************************************************/ 1430 - static int process_urq(struct sk_buff **pskb, struct nf_conn *ct, 1430 + static int process_urq(struct sk_buff *skb, struct nf_conn *ct, 1431 1431 enum ip_conntrack_info ctinfo, 1432 1432 unsigned char **data, UnregistrationRequest *urq) 1433 1433 { ··· 1440 1440 1441 1441 set_sig_addr = rcu_dereference(set_sig_addr_hook); 1442 1442 if (set_sig_addr && ct->status & IPS_NAT_MASK) { 1443 - ret = set_sig_addr(pskb, ct, ctinfo, data, 1443 + ret = set_sig_addr(skb, ct, ctinfo, data, 1444 1444 urq->callSignalAddress.item, 1445 1445 urq->callSignalAddress.count); 1446 1446 if (ret < 0) ··· 1453 1453 info->sig_port[!dir] = 0; 1454 1454 1455 1455 /* Give it 30 seconds for UCF or URJ */ 1456 - nf_ct_refresh(ct, *pskb, 30 * HZ); 1456 + nf_ct_refresh(ct, skb, 30 * HZ); 1457 1457 1458 1458 return 0; 1459 1459 } 1460 1460 1461 1461 /****************************************************************************/ 1462 - static int process_arq(struct sk_buff **pskb, struct nf_conn *ct, 1462 + static int process_arq(struct sk_buff *skb, struct nf_conn *ct, 1463 1463 enum ip_conntrack_info ctinfo, 1464 1464 unsigned char **data, AdmissionRequest *arq) 1465 1465 { ··· 1479 1479 port == info->sig_port[dir] && 1480 1480 set_h225_addr && ct->status & IPS_NAT_MASK) { 1481 1481 /* Answering ARQ */ 1482 - return set_h225_addr(pskb, data, 0, 1482 + return set_h225_addr(skb, data, 0, 1483 1483 &arq->destCallSignalAddress, 1484 1484 &ct->tuplehash[!dir].tuple.dst.u3, 1485 1485 info->sig_port[!dir]); ··· 1491 1491 !memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) && 1492 1492 set_h225_addr && ct->status & IPS_NAT_MASK) { 1493 1493 /* Calling ARQ */ 1494 - return set_h225_addr(pskb, data, 0, 1494 + return set_h225_addr(skb, data, 0, 1495 1495 &arq->srcCallSignalAddress, 1496 1496 &ct->tuplehash[!dir].tuple.dst.u3, 1497 1497 port); ··· 1501 1501 } 1502 1502 1503 1503 /****************************************************************************/ 1504 - static int process_acf(struct sk_buff **pskb, struct nf_conn *ct, 1504 + static int process_acf(struct sk_buff *skb, struct nf_conn *ct, 1505 1505 enum ip_conntrack_info ctinfo, 1506 1506 unsigned char **data, AdmissionConfirm *acf) 1507 1507 { ··· 1522 1522 /* Answering ACF */ 1523 1523 set_sig_addr = rcu_dereference(set_sig_addr_hook); 1524 1524 if (set_sig_addr && ct->status & IPS_NAT_MASK) 1525 - return set_sig_addr(pskb, ct, ctinfo, data, 1525 + return set_sig_addr(skb, ct, ctinfo, data, 1526 1526 &acf->destCallSignalAddress, 1); 1527 1527 return 0; 1528 1528 } ··· 1548 1548 } 1549 1549 1550 1550 /****************************************************************************/ 1551 - static int process_lrq(struct sk_buff **pskb, struct nf_conn *ct, 1551 + static int process_lrq(struct sk_buff *skb, struct nf_conn *ct, 1552 1552 enum ip_conntrack_info ctinfo, 1553 1553 unsigned char **data, LocationRequest *lrq) 1554 1554 { ··· 1558 1558 1559 1559 set_ras_addr = rcu_dereference(set_ras_addr_hook); 1560 1560 if (set_ras_addr && ct->status & IPS_NAT_MASK) 1561 - return set_ras_addr(pskb, ct, ctinfo, data, 1561 + return set_ras_addr(skb, ct, ctinfo, data, 1562 1562 &lrq->replyAddress, 1); 1563 1563 return 0; 1564 1564 } 1565 1565 1566 1566 /****************************************************************************/ 1567 - static int process_lcf(struct sk_buff **pskb, struct nf_conn *ct, 1567 + static int process_lcf(struct sk_buff *skb, struct nf_conn *ct, 1568 1568 enum ip_conntrack_info ctinfo, 1569 1569 unsigned char **data, LocationConfirm *lcf) 1570 1570 { ··· 1603 1603 } 1604 1604 1605 1605 /****************************************************************************/ 1606 - static int process_irr(struct sk_buff **pskb, struct nf_conn *ct, 1606 + static int process_irr(struct sk_buff *skb, struct nf_conn *ct, 1607 1607 enum ip_conntrack_info ctinfo, 1608 1608 unsigned char **data, InfoRequestResponse *irr) 1609 1609 { ··· 1615 1615 1616 1616 set_ras_addr = rcu_dereference(set_ras_addr_hook); 1617 1617 if (set_ras_addr && ct->status & IPS_NAT_MASK) { 1618 - ret = set_ras_addr(pskb, ct, ctinfo, data, 1618 + ret = set_ras_addr(skb, ct, ctinfo, data, 1619 1619 &irr->rasAddress, 1); 1620 1620 if (ret < 0) 1621 1621 return -1; ··· 1623 1623 1624 1624 set_sig_addr = rcu_dereference(set_sig_addr_hook); 1625 1625 if (set_sig_addr && ct->status & IPS_NAT_MASK) { 1626 - ret = set_sig_addr(pskb, ct, ctinfo, data, 1626 + ret = set_sig_addr(skb, ct, ctinfo, data, 1627 1627 irr->callSignalAddress.item, 1628 1628 irr->callSignalAddress.count); 1629 1629 if (ret < 0) ··· 1634 1634 } 1635 1635 1636 1636 /****************************************************************************/ 1637 - static int process_ras(struct sk_buff **pskb, struct nf_conn *ct, 1637 + static int process_ras(struct sk_buff *skb, struct nf_conn *ct, 1638 1638 enum ip_conntrack_info ctinfo, 1639 1639 unsigned char **data, RasMessage *ras) 1640 1640 { 1641 1641 switch (ras->choice) { 1642 1642 case eRasMessage_gatekeeperRequest: 1643 - return process_grq(pskb, ct, ctinfo, data, 1643 + return process_grq(skb, ct, ctinfo, data, 1644 1644 &ras->gatekeeperRequest); 1645 1645 case eRasMessage_gatekeeperConfirm: 1646 - return process_gcf(pskb, ct, ctinfo, data, 1646 + return process_gcf(skb, ct, ctinfo, data, 1647 1647 &ras->gatekeeperConfirm); 1648 1648 case eRasMessage_registrationRequest: 1649 - return process_rrq(pskb, ct, ctinfo, data, 1649 + return process_rrq(skb, ct, ctinfo, data, 1650 1650 &ras->registrationRequest); 1651 1651 case eRasMessage_registrationConfirm: 1652 - return process_rcf(pskb, ct, ctinfo, data, 1652 + return process_rcf(skb, ct, ctinfo, data, 1653 1653 &ras->registrationConfirm); 1654 1654 case eRasMessage_unregistrationRequest: 1655 - return process_urq(pskb, ct, ctinfo, data, 1655 + return process_urq(skb, ct, ctinfo, data, 1656 1656 &ras->unregistrationRequest); 1657 1657 case eRasMessage_admissionRequest: 1658 - return process_arq(pskb, ct, ctinfo, data, 1658 + return process_arq(skb, ct, ctinfo, data, 1659 1659 &ras->admissionRequest); 1660 1660 case eRasMessage_admissionConfirm: 1661 - return process_acf(pskb, ct, ctinfo, data, 1661 + return process_acf(skb, ct, ctinfo, data, 1662 1662 &ras->admissionConfirm); 1663 1663 case eRasMessage_locationRequest: 1664 - return process_lrq(pskb, ct, ctinfo, data, 1664 + return process_lrq(skb, ct, ctinfo, data, 1665 1665 &ras->locationRequest); 1666 1666 case eRasMessage_locationConfirm: 1667 - return process_lcf(pskb, ct, ctinfo, data, 1667 + return process_lcf(skb, ct, ctinfo, data, 1668 1668 &ras->locationConfirm); 1669 1669 case eRasMessage_infoRequestResponse: 1670 - return process_irr(pskb, ct, ctinfo, data, 1670 + return process_irr(skb, ct, ctinfo, data, 1671 1671 &ras->infoRequestResponse); 1672 1672 default: 1673 1673 pr_debug("nf_ct_ras: RAS message %d\n", ras->choice); ··· 1678 1678 } 1679 1679 1680 1680 /****************************************************************************/ 1681 - static int ras_help(struct sk_buff **pskb, unsigned int protoff, 1681 + static int ras_help(struct sk_buff *skb, unsigned int protoff, 1682 1682 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 1683 1683 { 1684 1684 static RasMessage ras; ··· 1686 1686 int datalen = 0; 1687 1687 int ret; 1688 1688 1689 - pr_debug("nf_ct_ras: skblen = %u\n", (*pskb)->len); 1689 + pr_debug("nf_ct_ras: skblen = %u\n", skb->len); 1690 1690 1691 1691 spin_lock_bh(&nf_h323_lock); 1692 1692 1693 1693 /* Get UDP data */ 1694 - data = get_udp_data(pskb, protoff, &datalen); 1694 + data = get_udp_data(skb, protoff, &datalen); 1695 1695 if (data == NULL) 1696 1696 goto accept; 1697 1697 pr_debug("nf_ct_ras: RAS message len=%d ", datalen); ··· 1707 1707 } 1708 1708 1709 1709 /* Process RAS message */ 1710 - if (process_ras(pskb, ct, ctinfo, &data, &ras) < 0) 1710 + if (process_ras(skb, ct, ctinfo, &data, &ras) < 0) 1711 1711 goto drop; 1712 1712 1713 1713 accept:

+8 -8

net/netfilter/nf_conntrack_irc.c

··· 30 30 static char *irc_buffer; 31 31 static DEFINE_SPINLOCK(irc_buffer_lock); 32 32 33 - unsigned int (*nf_nat_irc_hook)(struct sk_buff **pskb, 33 + unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb, 34 34 enum ip_conntrack_info ctinfo, 35 35 unsigned int matchoff, 36 36 unsigned int matchlen, ··· 89 89 return 0; 90 90 } 91 91 92 - static int help(struct sk_buff **pskb, unsigned int protoff, 92 + static int help(struct sk_buff *skb, unsigned int protoff, 93 93 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 94 94 { 95 95 unsigned int dataoff; ··· 116 116 return NF_ACCEPT; 117 117 118 118 /* Not a full tcp header? */ 119 - th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); 119 + th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); 120 120 if (th == NULL) 121 121 return NF_ACCEPT; 122 122 123 123 /* No data? */ 124 124 dataoff = protoff + th->doff*4; 125 - if (dataoff >= (*pskb)->len) 125 + if (dataoff >= skb->len) 126 126 return NF_ACCEPT; 127 127 128 128 spin_lock_bh(&irc_buffer_lock); 129 - ib_ptr = skb_header_pointer(*pskb, dataoff, (*pskb)->len - dataoff, 129 + ib_ptr = skb_header_pointer(skb, dataoff, skb->len - dataoff, 130 130 irc_buffer); 131 131 BUG_ON(ib_ptr == NULL); 132 132 133 133 data = ib_ptr; 134 - data_limit = ib_ptr + (*pskb)->len - dataoff; 134 + data_limit = ib_ptr + skb->len - dataoff; 135 135 136 136 /* strlen("\1DCC SENT t AAAAAAAA P\1\n")=24 137 137 * 5+MINMATCHLEN+strlen("t AAAAAAAA P\1\n")=14 */ ··· 143 143 data += 5; 144 144 /* we have at least (19+MINMATCHLEN)-5 bytes valid data left */ 145 145 146 - iph = ip_hdr(*pskb); 146 + iph = ip_hdr(skb); 147 147 pr_debug("DCC found in master %u.%u.%u.%u:%u %u.%u.%u.%u:%u\n", 148 148 NIPQUAD(iph->saddr), ntohs(th->source), 149 149 NIPQUAD(iph->daddr), ntohs(th->dest)); ··· 193 193 194 194 nf_nat_irc = rcu_dereference(nf_nat_irc_hook); 195 195 if (nf_nat_irc && ct->status & IPS_NAT_MASK) 196 - ret = nf_nat_irc(pskb, ctinfo, 196 + ret = nf_nat_irc(skb, ctinfo, 197 197 addr_beg_p - ib_ptr, 198 198 addr_end_p - addr_beg_p, 199 199 exp);

+5 -5

net/netfilter/nf_conntrack_netbios_ns.c

··· 42 42 module_param(timeout, uint, 0400); 43 43 MODULE_PARM_DESC(timeout, "timeout for master connection/replies in seconds"); 44 44 45 - static int help(struct sk_buff **pskb, unsigned int protoff, 45 + static int help(struct sk_buff *skb, unsigned int protoff, 46 46 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 47 47 { 48 48 struct nf_conntrack_expect *exp; 49 - struct iphdr *iph = ip_hdr(*pskb); 50 - struct rtable *rt = (struct rtable *)(*pskb)->dst; 49 + struct iphdr *iph = ip_hdr(skb); 50 + struct rtable *rt = (struct rtable *)skb->dst; 51 51 struct in_device *in_dev; 52 52 __be32 mask = 0; 53 53 54 54 /* we're only interested in locally generated packets */ 55 - if ((*pskb)->sk == NULL) 55 + if (skb->sk == NULL) 56 56 goto out; 57 57 if (rt == NULL || !(rt->rt_flags & RTCF_BROADCAST)) 58 58 goto out; ··· 91 91 nf_ct_expect_related(exp); 92 92 nf_ct_expect_put(exp); 93 93 94 - nf_ct_refresh(ct, *pskb, timeout * HZ); 94 + nf_ct_refresh(ct, skb, timeout * HZ); 95 95 out: 96 96 return NF_ACCEPT; 97 97 }

+14 -14

net/netfilter/nf_conntrack_pptp.c

··· 41 41 static DEFINE_SPINLOCK(nf_pptp_lock); 42 42 43 43 int 44 - (*nf_nat_pptp_hook_outbound)(struct sk_buff **pskb, 44 + (*nf_nat_pptp_hook_outbound)(struct sk_buff *skb, 45 45 struct nf_conn *ct, enum ip_conntrack_info ctinfo, 46 46 struct PptpControlHeader *ctlh, 47 47 union pptp_ctrl_union *pptpReq) __read_mostly; 48 48 EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_outbound); 49 49 50 50 int 51 - (*nf_nat_pptp_hook_inbound)(struct sk_buff **pskb, 51 + (*nf_nat_pptp_hook_inbound)(struct sk_buff *skb, 52 52 struct nf_conn *ct, enum ip_conntrack_info ctinfo, 53 53 struct PptpControlHeader *ctlh, 54 54 union pptp_ctrl_union *pptpReq) __read_mostly; ··· 254 254 } 255 255 256 256 static inline int 257 - pptp_inbound_pkt(struct sk_buff **pskb, 257 + pptp_inbound_pkt(struct sk_buff *skb, 258 258 struct PptpControlHeader *ctlh, 259 259 union pptp_ctrl_union *pptpReq, 260 260 unsigned int reqlen, ··· 367 367 368 368 nf_nat_pptp_inbound = rcu_dereference(nf_nat_pptp_hook_inbound); 369 369 if (nf_nat_pptp_inbound && ct->status & IPS_NAT_MASK) 370 - return nf_nat_pptp_inbound(pskb, ct, ctinfo, ctlh, pptpReq); 370 + return nf_nat_pptp_inbound(skb, ct, ctinfo, ctlh, pptpReq); 371 371 return NF_ACCEPT; 372 372 373 373 invalid: ··· 380 380 } 381 381 382 382 static inline int 383 - pptp_outbound_pkt(struct sk_buff **pskb, 383 + pptp_outbound_pkt(struct sk_buff *skb, 384 384 struct PptpControlHeader *ctlh, 385 385 union pptp_ctrl_union *pptpReq, 386 386 unsigned int reqlen, ··· 462 462 463 463 nf_nat_pptp_outbound = rcu_dereference(nf_nat_pptp_hook_outbound); 464 464 if (nf_nat_pptp_outbound && ct->status & IPS_NAT_MASK) 465 - return nf_nat_pptp_outbound(pskb, ct, ctinfo, ctlh, pptpReq); 465 + return nf_nat_pptp_outbound(skb, ct, ctinfo, ctlh, pptpReq); 466 466 return NF_ACCEPT; 467 467 468 468 invalid: ··· 492 492 493 493 /* track caller id inside control connection, call expect_related */ 494 494 static int 495 - conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff, 495 + conntrack_pptp_help(struct sk_buff *skb, unsigned int protoff, 496 496 struct nf_conn *ct, enum ip_conntrack_info ctinfo) 497 497 498 498 { ··· 502 502 struct pptp_pkt_hdr _pptph, *pptph; 503 503 struct PptpControlHeader _ctlh, *ctlh; 504 504 union pptp_ctrl_union _pptpReq, *pptpReq; 505 - unsigned int tcplen = (*pskb)->len - protoff; 505 + unsigned int tcplen = skb->len - protoff; 506 506 unsigned int datalen, reqlen, nexthdr_off; 507 507 int oldsstate, oldcstate; 508 508 int ret; ··· 514 514 return NF_ACCEPT; 515 515 516 516 nexthdr_off = protoff; 517 - tcph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_tcph), &_tcph); 517 + tcph = skb_header_pointer(skb, nexthdr_off, sizeof(_tcph), &_tcph); 518 518 BUG_ON(!tcph); 519 519 nexthdr_off += tcph->doff * 4; 520 520 datalen = tcplen - tcph->doff * 4; 521 521 522 - pptph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_pptph), &_pptph); 522 + pptph = skb_header_pointer(skb, nexthdr_off, sizeof(_pptph), &_pptph); 523 523 if (!pptph) { 524 524 pr_debug("no full PPTP header, can't track\n"); 525 525 return NF_ACCEPT; ··· 534 534 return NF_ACCEPT; 535 535 } 536 536 537 - ctlh = skb_header_pointer(*pskb, nexthdr_off, sizeof(_ctlh), &_ctlh); 537 + ctlh = skb_header_pointer(skb, nexthdr_off, sizeof(_ctlh), &_ctlh); 538 538 if (!ctlh) 539 539 return NF_ACCEPT; 540 540 nexthdr_off += sizeof(_ctlh); ··· 547 547 if (reqlen > sizeof(*pptpReq)) 548 548 reqlen = sizeof(*pptpReq); 549 549 550 - pptpReq = skb_header_pointer(*pskb, nexthdr_off, reqlen, &_pptpReq); 550 + pptpReq = skb_header_pointer(skb, nexthdr_off, reqlen, &_pptpReq); 551 551 if (!pptpReq) 552 552 return NF_ACCEPT; 553 553 ··· 560 560 * established from PNS->PAC. However, RFC makes no guarantee */ 561 561 if (dir == IP_CT_DIR_ORIGINAL) 562 562 /* client -> server (PNS -> PAC) */ 563 - ret = pptp_outbound_pkt(pskb, ctlh, pptpReq, reqlen, ct, 563 + ret = pptp_outbound_pkt(skb, ctlh, pptpReq, reqlen, ct, 564 564 ctinfo); 565 565 else 566 566 /* server -> client (PAC -> PNS) */ 567 - ret = pptp_inbound_pkt(pskb, ctlh, pptpReq, reqlen, ct, 567 + ret = pptp_inbound_pkt(skb, ctlh, pptpReq, reqlen, ct, 568 568 ctinfo); 569 569 pr_debug("sstate: %d->%d, cstate: %d->%d\n", 570 570 oldsstate, info->sstate, oldcstate, info->cstate);

+5 -5

net/netfilter/nf_conntrack_sane.c

··· 56 56 /* other fields aren't interesting for conntrack */ 57 57 }; 58 58 59 - static int help(struct sk_buff **pskb, 59 + static int help(struct sk_buff *skb, 60 60 unsigned int protoff, 61 61 struct nf_conn *ct, 62 62 enum ip_conntrack_info ctinfo) ··· 80 80 return NF_ACCEPT; 81 81 82 82 /* Not a full tcp header? */ 83 - th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph); 83 + th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); 84 84 if (th == NULL) 85 85 return NF_ACCEPT; 86 86 87 87 /* No data? */ 88 88 dataoff = protoff + th->doff * 4; 89 - if (dataoff >= (*pskb)->len) 89 + if (dataoff >= skb->len) 90 90 return NF_ACCEPT; 91 91 92 - datalen = (*pskb)->len - dataoff; 92 + datalen = skb->len - dataoff; 93 93 94 94 spin_lock_bh(&nf_sane_lock); 95 - sb_ptr = skb_header_pointer(*pskb, dataoff, datalen, sane_buffer); 95 + sb_ptr = skb_header_pointer(skb, dataoff, datalen, sane_buffer); 96 96 BUG_ON(sb_ptr == NULL); 97 97 98 98 if (dir == IP_CT_DIR_ORIGINAL) {

+12 -12

net/netfilter/nf_conntrack_sip.c

··· 36 36 module_param(sip_timeout, uint, 0600); 37 37 MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session"); 38 38 39 - unsigned int (*nf_nat_sip_hook)(struct sk_buff **pskb, 39 + unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb, 40 40 enum ip_conntrack_info ctinfo, 41 41 struct nf_conn *ct, 42 42 const char **dptr) __read_mostly; 43 43 EXPORT_SYMBOL_GPL(nf_nat_sip_hook); 44 44 45 - unsigned int (*nf_nat_sdp_hook)(struct sk_buff **pskb, 45 + unsigned int (*nf_nat_sdp_hook)(struct sk_buff *skb, 46 46 enum ip_conntrack_info ctinfo, 47 47 struct nf_conntrack_expect *exp, 48 48 const char *dptr) __read_mostly; ··· 363 363 } 364 364 EXPORT_SYMBOL_GPL(ct_sip_get_info); 365 365 366 - static int set_expected_rtp(struct sk_buff **pskb, 366 + static int set_expected_rtp(struct sk_buff *skb, 367 367 struct nf_conn *ct, 368 368 enum ip_conntrack_info ctinfo, 369 369 union nf_conntrack_address *addr, ··· 385 385 386 386 nf_nat_sdp = rcu_dereference(nf_nat_sdp_hook); 387 387 if (nf_nat_sdp && ct->status & IPS_NAT_MASK) 388 - ret = nf_nat_sdp(pskb, ctinfo, exp, dptr); 388 + ret = nf_nat_sdp(skb, ctinfo, exp, dptr); 389 389 else { 390 390 if (nf_ct_expect_related(exp) != 0) 391 391 ret = NF_DROP; ··· 397 397 return ret; 398 398 } 399 399 400 - static int sip_help(struct sk_buff **pskb, 400 + static int sip_help(struct sk_buff *skb, 401 401 unsigned int protoff, 402 402 struct nf_conn *ct, 403 403 enum ip_conntrack_info ctinfo) ··· 414 414 415 415 /* No Data ? */ 416 416 dataoff = protoff + sizeof(struct udphdr); 417 - if (dataoff >= (*pskb)->len) 417 + if (dataoff >= skb->len) 418 418 return NF_ACCEPT; 419 419 420 - nf_ct_refresh(ct, *pskb, sip_timeout * HZ); 420 + nf_ct_refresh(ct, skb, sip_timeout * HZ); 421 421 422 - if (!skb_is_nonlinear(*pskb)) 423 - dptr = (*pskb)->data + dataoff; 422 + if (!skb_is_nonlinear(skb)) 423 + dptr = skb->data + dataoff; 424 424 else { 425 425 pr_debug("Copy of skbuff not supported yet.\n"); 426 426 goto out; ··· 428 428 429 429 nf_nat_sip = rcu_dereference(nf_nat_sip_hook); 430 430 if (nf_nat_sip && ct->status & IPS_NAT_MASK) { 431 - if (!nf_nat_sip(pskb, ctinfo, ct, &dptr)) { 431 + if (!nf_nat_sip(skb, ctinfo, ct, &dptr)) { 432 432 ret = NF_DROP; 433 433 goto out; 434 434 } 435 435 } 436 436 437 - datalen = (*pskb)->len - dataoff; 437 + datalen = skb->len - dataoff; 438 438 if (datalen < sizeof("SIP/2.0 200") - 1) 439 439 goto out; 440 440 ··· 464 464 ret = NF_DROP; 465 465 goto out; 466 466 } 467 - ret = set_expected_rtp(pskb, ct, ctinfo, &addr, 467 + ret = set_expected_rtp(skb, ct, ctinfo, &addr, 468 468 htons(port), dptr); 469 469 } 470 470 }

+4 -4

net/netfilter/nf_conntrack_tftp.c

··· 29 29 module_param_array(ports, ushort, &ports_c, 0400); 30 30 MODULE_PARM_DESC(ports, "Port numbers of TFTP servers"); 31 31 32 - unsigned int (*nf_nat_tftp_hook)(struct sk_buff **pskb, 32 + unsigned int (*nf_nat_tftp_hook)(struct sk_buff *skb, 33 33 enum ip_conntrack_info ctinfo, 34 34 struct nf_conntrack_expect *exp) __read_mostly; 35 35 EXPORT_SYMBOL_GPL(nf_nat_tftp_hook); 36 36 37 - static int tftp_help(struct sk_buff **pskb, 37 + static int tftp_help(struct sk_buff *skb, 38 38 unsigned int protoff, 39 39 struct nf_conn *ct, 40 40 enum ip_conntrack_info ctinfo) ··· 46 46 int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num; 47 47 typeof(nf_nat_tftp_hook) nf_nat_tftp; 48 48 49 - tfh = skb_header_pointer(*pskb, protoff + sizeof(struct udphdr), 49 + tfh = skb_header_pointer(skb, protoff + sizeof(struct udphdr), 50 50 sizeof(_tftph), &_tftph); 51 51 if (tfh == NULL) 52 52 return NF_ACCEPT; ··· 70 70 71 71 nf_nat_tftp = rcu_dereference(nf_nat_tftp_hook); 72 72 if (nf_nat_tftp && ct->status & IPS_NAT_MASK) 73 - ret = nf_nat_tftp(pskb, ctinfo, exp); 73 + ret = nf_nat_tftp(skb, ctinfo, exp); 74 74 else if (nf_ct_expect_related(exp) != 0) 75 75 ret = NF_DROP; 76 76 nf_ct_expect_put(exp);

+1 -1

net/netfilter/nf_internals.h

··· 14 14 15 15 /* core.c */ 16 16 extern unsigned int nf_iterate(struct list_head *head, 17 - struct sk_buff **skb, 17 + struct sk_buff *skb, 18 18 int hook, 19 19 const struct net_device *indev, 20 20 const struct net_device *outdev,

+2 -2

net/netfilter/nf_queue.c

··· 256 256 257 257 if (verdict == NF_ACCEPT) { 258 258 afinfo = nf_get_afinfo(info->pf); 259 - if (!afinfo || afinfo->reroute(&skb, info) < 0) 259 + if (!afinfo || afinfo->reroute(skb, info) < 0) 260 260 verdict = NF_DROP; 261 261 } 262 262 263 263 if (verdict == NF_ACCEPT) { 264 264 next_hook: 265 265 verdict = nf_iterate(&nf_hooks[info->pf][info->hook], 266 - &skb, info->hook, 266 + skb, info->hook, 267 267 info->indev, info->outdev, &elem, 268 268 info->okfn, INT_MIN); 269 269 }

+2 -2

net/netfilter/xt_CLASSIFY.c

··· 27 27 MODULE_ALIAS("ip6t_CLASSIFY"); 28 28 29 29 static unsigned int 30 - target(struct sk_buff **pskb, 30 + target(struct sk_buff *skb, 31 31 const struct net_device *in, 32 32 const struct net_device *out, 33 33 unsigned int hooknum, ··· 36 36 { 37 37 const struct xt_classify_target_info *clinfo = targinfo; 38 38 39 - (*pskb)->priority = clinfo->priority; 39 + skb->priority = clinfo->priority; 40 40 return XT_CONTINUE; 41 41 } 42 42

+7 -7

net/netfilter/xt_CONNMARK.c

··· 34 34 #include <net/netfilter/nf_conntrack_ecache.h> 35 35 36 36 static unsigned int 37 - target(struct sk_buff **pskb, 37 + target(struct sk_buff *skb, 38 38 const struct net_device *in, 39 39 const struct net_device *out, 40 40 unsigned int hooknum, ··· 48 48 u_int32_t mark; 49 49 u_int32_t newmark; 50 50 51 - ct = nf_ct_get(*pskb, &ctinfo); 51 + ct = nf_ct_get(skb, &ctinfo); 52 52 if (ct) { 53 53 switch(markinfo->mode) { 54 54 case XT_CONNMARK_SET: 55 55 newmark = (ct->mark & ~markinfo->mask) | markinfo->mark; 56 56 if (newmark != ct->mark) { 57 57 ct->mark = newmark; 58 - nf_conntrack_event_cache(IPCT_MARK, *pskb); 58 + nf_conntrack_event_cache(IPCT_MARK, skb); 59 59 } 60 60 break; 61 61 case XT_CONNMARK_SAVE: 62 62 newmark = (ct->mark & ~markinfo->mask) | 63 - ((*pskb)->mark & markinfo->mask); 63 + (skb->mark & markinfo->mask); 64 64 if (ct->mark != newmark) { 65 65 ct->mark = newmark; 66 - nf_conntrack_event_cache(IPCT_MARK, *pskb); 66 + nf_conntrack_event_cache(IPCT_MARK, skb); 67 67 } 68 68 break; 69 69 case XT_CONNMARK_RESTORE: 70 - mark = (*pskb)->mark; 70 + mark = skb->mark; 71 71 diff = (ct->mark ^ mark) & markinfo->mask; 72 - (*pskb)->mark = mark ^ diff; 72 + skb->mark = mark ^ diff; 73 73 break; 74 74 } 75 75 }

+1 -2

net/netfilter/xt_CONNSECMARK.c

··· 61 61 } 62 62 } 63 63 64 - static unsigned int target(struct sk_buff **pskb, const struct net_device *in, 64 + static unsigned int target(struct sk_buff *skb, const struct net_device *in, 65 65 const struct net_device *out, unsigned int hooknum, 66 66 const struct xt_target *target, 67 67 const void *targinfo) 68 68 { 69 - struct sk_buff *skb = *pskb; 70 69 const struct xt_connsecmark_target_info *info = targinfo; 71 70 72 71 switch (info->mode) {

+8 -8

net/netfilter/xt_DSCP.c

··· 25 25 MODULE_ALIAS("ipt_DSCP"); 26 26 MODULE_ALIAS("ip6t_DSCP"); 27 27 28 - static unsigned int target(struct sk_buff **pskb, 28 + static unsigned int target(struct sk_buff *skb, 29 29 const struct net_device *in, 30 30 const struct net_device *out, 31 31 unsigned int hooknum, ··· 33 33 const void *targinfo) 34 34 { 35 35 const struct xt_DSCP_info *dinfo = targinfo; 36 - u_int8_t dscp = ipv4_get_dsfield(ip_hdr(*pskb)) >> XT_DSCP_SHIFT; 36 + u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT; 37 37 38 38 if (dscp != dinfo->dscp) { 39 - if (!skb_make_writable(*pskb, sizeof(struct iphdr))) 39 + if (!skb_make_writable(skb, sizeof(struct iphdr))) 40 40 return NF_DROP; 41 41 42 - ipv4_change_dsfield(ip_hdr(*pskb), (__u8)(~XT_DSCP_MASK), 42 + ipv4_change_dsfield(ip_hdr(skb), (__u8)(~XT_DSCP_MASK), 43 43 dinfo->dscp << XT_DSCP_SHIFT); 44 44 45 45 } 46 46 return XT_CONTINUE; 47 47 } 48 48 49 - static unsigned int target6(struct sk_buff **pskb, 49 + static unsigned int target6(struct sk_buff *skb, 50 50 const struct net_device *in, 51 51 const struct net_device *out, 52 52 unsigned int hooknum, ··· 54 54 const void *targinfo) 55 55 { 56 56 const struct xt_DSCP_info *dinfo = targinfo; 57 - u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(*pskb)) >> XT_DSCP_SHIFT; 57 + u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT; 58 58 59 59 if (dscp != dinfo->dscp) { 60 - if (!skb_make_writable(*pskb, sizeof(struct ipv6hdr))) 60 + if (!skb_make_writable(skb, sizeof(struct ipv6hdr))) 61 61 return NF_DROP; 62 62 63 - ipv6_change_dsfield(ipv6_hdr(*pskb), (__u8)(~XT_DSCP_MASK), 63 + ipv6_change_dsfield(ipv6_hdr(skb), (__u8)(~XT_DSCP_MASK), 64 64 dinfo->dscp << XT_DSCP_SHIFT); 65 65 } 66 66 return XT_CONTINUE;

+6 -6

net/netfilter/xt_MARK.c

··· 22 22 MODULE_ALIAS("ip6t_MARK"); 23 23 24 24 static unsigned int 25 - target_v0(struct sk_buff **pskb, 25 + target_v0(struct sk_buff *skb, 26 26 const struct net_device *in, 27 27 const struct net_device *out, 28 28 unsigned int hooknum, ··· 31 31 { 32 32 const struct xt_mark_target_info *markinfo = targinfo; 33 33 34 - (*pskb)->mark = markinfo->mark; 34 + skb->mark = markinfo->mark; 35 35 return XT_CONTINUE; 36 36 } 37 37 38 38 static unsigned int 39 - target_v1(struct sk_buff **pskb, 39 + target_v1(struct sk_buff *skb, 40 40 const struct net_device *in, 41 41 const struct net_device *out, 42 42 unsigned int hooknum, ··· 52 52 break; 53 53 54 54 case XT_MARK_AND: 55 - mark = (*pskb)->mark & markinfo->mark; 55 + mark = skb->mark & markinfo->mark; 56 56 break; 57 57 58 58 case XT_MARK_OR: 59 - mark = (*pskb)->mark | markinfo->mark; 59 + mark = skb->mark | markinfo->mark; 60 60 break; 61 61 } 62 62 63 - (*pskb)->mark = mark; 63 + skb->mark = mark; 64 64 return XT_CONTINUE; 65 65 } 66 66

+2 -2

net/netfilter/xt_NFLOG.c

··· 20 20 MODULE_ALIAS("ip6t_NFLOG"); 21 21 22 22 static unsigned int 23 - nflog_target(struct sk_buff **pskb, 23 + nflog_target(struct sk_buff *skb, 24 24 const struct net_device *in, const struct net_device *out, 25 25 unsigned int hooknum, const struct xt_target *target, 26 26 const void *targinfo) ··· 33 33 li.u.ulog.group = info->group; 34 34 li.u.ulog.qthreshold = info->threshold; 35 35 36 - nf_log_packet(target->family, hooknum, *pskb, in, out, &li, 36 + nf_log_packet(target->family, hooknum, skb, in, out, &li, 37 37 "%s", info->prefix); 38 38 return XT_CONTINUE; 39 39 }

+1 -1

net/netfilter/xt_NFQUEUE.c

··· 24 24 MODULE_ALIAS("arpt_NFQUEUE"); 25 25 26 26 static unsigned int 27 - target(struct sk_buff **pskb, 27 + target(struct sk_buff *skb, 28 28 const struct net_device *in, 29 29 const struct net_device *out, 30 30 unsigned int hooknum,

+5 -5

net/netfilter/xt_NOTRACK.c

··· 12 12 MODULE_ALIAS("ip6t_NOTRACK"); 13 13 14 14 static unsigned int 15 - target(struct sk_buff **pskb, 15 + target(struct sk_buff *skb, 16 16 const struct net_device *in, 17 17 const struct net_device *out, 18 18 unsigned int hooknum, ··· 20 20 const void *targinfo) 21 21 { 22 22 /* Previously seen (loopback)? Ignore. */ 23 - if ((*pskb)->nfct != NULL) 23 + if (skb->nfct != NULL) 24 24 return XT_CONTINUE; 25 25 26 26 /* Attach fake conntrack entry. 27 27 If there is a real ct entry correspondig to this packet, 28 28 it'll hang aroun till timing out. We don't deal with it 29 29 for performance reasons. JK */ 30 - (*pskb)->nfct = &nf_conntrack_untracked.ct_general; 31 - (*pskb)->nfctinfo = IP_CT_NEW; 32 - nf_conntrack_get((*pskb)->nfct); 30 + skb->nfct = &nf_conntrack_untracked.ct_general; 31 + skb->nfctinfo = IP_CT_NEW; 32 + nf_conntrack_get(skb->nfct); 33 33 34 34 return XT_CONTINUE; 35 35 }

+2 -2

net/netfilter/xt_SECMARK.c

··· 28 28 29 29 static u8 mode; 30 30 31 - static unsigned int target(struct sk_buff **pskb, const struct net_device *in, 31 + static unsigned int target(struct sk_buff *skb, const struct net_device *in, 32 32 const struct net_device *out, unsigned int hooknum, 33 33 const struct xt_target *target, 34 34 const void *targinfo) ··· 47 47 BUG(); 48 48 } 49 49 50 - (*pskb)->secmark = secmark; 50 + skb->secmark = secmark; 51 51 return XT_CONTINUE; 52 52 } 53 53

+26 -26

net/netfilter/xt_TCPMSS.c

··· 39 39 } 40 40 41 41 static int 42 - tcpmss_mangle_packet(struct sk_buff **pskb, 42 + tcpmss_mangle_packet(struct sk_buff *skb, 43 43 const struct xt_tcpmss_info *info, 44 44 unsigned int tcphoff, 45 45 unsigned int minlen) ··· 50 50 u16 newmss; 51 51 u8 *opt; 52 52 53 - if (!skb_make_writable(*pskb, (*pskb)->len)) 53 + if (!skb_make_writable(skb, skb->len)) 54 54 return -1; 55 55 56 - tcplen = (*pskb)->len - tcphoff; 57 - tcph = (struct tcphdr *)(skb_network_header(*pskb) + tcphoff); 56 + tcplen = skb->len - tcphoff; 57 + tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff); 58 58 59 59 /* Since it passed flags test in tcp match, we know it is is 60 60 not a fragment, and has data >= tcp header length. SYN ··· 64 64 if (tcplen != tcph->doff*4) { 65 65 if (net_ratelimit()) 66 66 printk(KERN_ERR "xt_TCPMSS: bad length (%u bytes)\n", 67 - (*pskb)->len); 67 + skb->len); 68 68 return -1; 69 69 } 70 70 71 71 if (info->mss == XT_TCPMSS_CLAMP_PMTU) { 72 - if (dst_mtu((*pskb)->dst) <= minlen) { 72 + if (dst_mtu(skb->dst) <= minlen) { 73 73 if (net_ratelimit()) 74 74 printk(KERN_ERR "xt_TCPMSS: " 75 75 "unknown or invalid path-MTU (%u)\n", 76 - dst_mtu((*pskb)->dst)); 76 + dst_mtu(skb->dst)); 77 77 return -1; 78 78 } 79 - newmss = dst_mtu((*pskb)->dst) - minlen; 79 + newmss = dst_mtu(skb->dst) - minlen; 80 80 } else 81 81 newmss = info->mss; 82 82 ··· 95 95 opt[i+2] = (newmss & 0xff00) >> 8; 96 96 opt[i+3] = newmss & 0x00ff; 97 97 98 - nf_proto_csum_replace2(&tcph->check, *pskb, 98 + nf_proto_csum_replace2(&tcph->check, skb, 99 99 htons(oldmss), htons(newmss), 0); 100 100 return 0; 101 101 } ··· 104 104 /* 105 105 * MSS Option not found ?! add it.. 106 106 */ 107 - if (skb_tailroom((*pskb)) < TCPOLEN_MSS) { 108 - if (pskb_expand_head(*pskb, 0, 109 - TCPOLEN_MSS - skb_tailroom(*pskb), 107 + if (skb_tailroom(skb) < TCPOLEN_MSS) { 108 + if (pskb_expand_head(skb, 0, 109 + TCPOLEN_MSS - skb_tailroom(skb), 110 110 GFP_ATOMIC)) 111 111 return -1; 112 - tcph = (struct tcphdr *)(skb_network_header(*pskb) + tcphoff); 112 + tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff); 113 113 } 114 114 115 - skb_put((*pskb), TCPOLEN_MSS); 115 + skb_put(skb, TCPOLEN_MSS); 116 116 117 117 opt = (u_int8_t *)tcph + sizeof(struct tcphdr); 118 118 memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr)); 119 119 120 - nf_proto_csum_replace2(&tcph->check, *pskb, 120 + nf_proto_csum_replace2(&tcph->check, skb, 121 121 htons(tcplen), htons(tcplen + TCPOLEN_MSS), 1); 122 122 opt[0] = TCPOPT_MSS; 123 123 opt[1] = TCPOLEN_MSS; 124 124 opt[2] = (newmss & 0xff00) >> 8; 125 125 opt[3] = newmss & 0x00ff; 126 126 127 - nf_proto_csum_replace4(&tcph->check, *pskb, 0, *((__be32 *)opt), 0); 127 + nf_proto_csum_replace4(&tcph->check, skb, 0, *((__be32 *)opt), 0); 128 128 129 129 oldval = ((__be16 *)tcph)[6]; 130 130 tcph->doff += TCPOLEN_MSS/4; 131 - nf_proto_csum_replace2(&tcph->check, *pskb, 131 + nf_proto_csum_replace2(&tcph->check, skb, 132 132 oldval, ((__be16 *)tcph)[6], 0); 133 133 return TCPOLEN_MSS; 134 134 } 135 135 136 136 static unsigned int 137 - xt_tcpmss_target4(struct sk_buff **pskb, 137 + xt_tcpmss_target4(struct sk_buff *skb, 138 138 const struct net_device *in, 139 139 const struct net_device *out, 140 140 unsigned int hooknum, 141 141 const struct xt_target *target, 142 142 const void *targinfo) 143 143 { 144 - struct iphdr *iph = ip_hdr(*pskb); 144 + struct iphdr *iph = ip_hdr(skb); 145 145 __be16 newlen; 146 146 int ret; 147 147 148 - ret = tcpmss_mangle_packet(pskb, targinfo, iph->ihl * 4, 148 + ret = tcpmss_mangle_packet(skb, targinfo, iph->ihl * 4, 149 149 sizeof(*iph) + sizeof(struct tcphdr)); 150 150 if (ret < 0) 151 151 return NF_DROP; 152 152 if (ret > 0) { 153 - iph = ip_hdr(*pskb); 153 + iph = ip_hdr(skb); 154 154 newlen = htons(ntohs(iph->tot_len) + ret); 155 155 nf_csum_replace2(&iph->check, iph->tot_len, newlen); 156 156 iph->tot_len = newlen; ··· 160 160 161 161 #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) 162 162 static unsigned int 163 - xt_tcpmss_target6(struct sk_buff **pskb, 163 + xt_tcpmss_target6(struct sk_buff *skb, 164 164 const struct net_device *in, 165 165 const struct net_device *out, 166 166 unsigned int hooknum, 167 167 const struct xt_target *target, 168 168 const void *targinfo) 169 169 { 170 - struct ipv6hdr *ipv6h = ipv6_hdr(*pskb); 170 + struct ipv6hdr *ipv6h = ipv6_hdr(skb); 171 171 u8 nexthdr; 172 172 int tcphoff; 173 173 int ret; 174 174 175 175 nexthdr = ipv6h->nexthdr; 176 - tcphoff = ipv6_skip_exthdr(*pskb, sizeof(*ipv6h), &nexthdr); 176 + tcphoff = ipv6_skip_exthdr(skb, sizeof(*ipv6h), &nexthdr); 177 177 if (tcphoff < 0) { 178 178 WARN_ON(1); 179 179 return NF_DROP; 180 180 } 181 - ret = tcpmss_mangle_packet(pskb, targinfo, tcphoff, 181 + ret = tcpmss_mangle_packet(skb, targinfo, tcphoff, 182 182 sizeof(*ipv6h) + sizeof(struct tcphdr)); 183 183 if (ret < 0) 184 184 return NF_DROP; 185 185 if (ret > 0) { 186 - ipv6h = ipv6_hdr(*pskb); 186 + ipv6h = ipv6_hdr(skb); 187 187 ipv6h->payload_len = htons(ntohs(ipv6h->payload_len) + ret); 188 188 } 189 189 return XT_CONTINUE;

+2 -2

net/netfilter/xt_TRACE.c

··· 10 10 MODULE_ALIAS("ip6t_TRACE"); 11 11 12 12 static unsigned int 13 - target(struct sk_buff **pskb, 13 + target(struct sk_buff *skb, 14 14 const struct net_device *in, 15 15 const struct net_device *out, 16 16 unsigned int hooknum, 17 17 const struct xt_target *target, 18 18 const void *targinfo) 19 19 { 20 - (*pskb)->nf_trace = 1; 20 + skb->nf_trace = 1; 21 21 return XT_CONTINUE; 22 22 } 23 23

+1 -5

net/sched/act_ipt.c

··· 202 202 /* yes, we have to worry about both in and out dev 203 203 worry later - danger - this API seems to have changed 204 204 from earlier kernels */ 205 - 206 - /* iptables targets take a double skb pointer in case the skb 207 - * needs to be replaced. We don't own the skb, so this must not 208 - * happen. The pskb_expand_head above should make sure of this */ 209 - ret = ipt->tcfi_t->u.kernel.target->target(&skb, skb->dev, NULL, 205 + ret = ipt->tcfi_t->u.kernel.target->target(skb, skb->dev, NULL, 210 206 ipt->tcfi_hook, 211 207 ipt->tcfi_t->u.kernel.target, 212 208 ipt->tcfi_t->data);

+2 -3

net/sched/sch_ingress.c

··· 205 205 #ifndef CONFIG_NET_CLS_ACT 206 206 #ifdef CONFIG_NETFILTER 207 207 static unsigned int 208 - ing_hook(unsigned int hook, struct sk_buff **pskb, 208 + ing_hook(unsigned int hook, struct sk_buff *skb, 209 209 const struct net_device *indev, 210 210 const struct net_device *outdev, 211 211 int (*okfn)(struct sk_buff *)) 212 212 { 213 213 214 214 struct Qdisc *q; 215 - struct sk_buff *skb = *pskb; 216 215 struct net_device *dev = skb->dev; 217 216 int fwres=NF_ACCEPT; 218 217 219 218 DPRINTK("ing_hook: skb %s dev=%s len=%u\n", 220 219 skb->sk ? "(owned)" : "(unowned)", 221 - skb->dev ? (*pskb)->dev->name : "(no dev)", 220 + skb->dev ? skb->dev->name : "(no dev)", 222 221 skb->len); 223 222 224 223 if (dev->qdisc_ingress) {