netfilter: conntrack, nat: prefer skb_ensure_writable

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

like previous patches -- convert conntrack to use the core helper.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by

Pablo Neira Ayuso 6 years ago 86f04538 ec0974df

+17 -17

4 changed files

expand all

net

netfilter

nf_conntrack_proto_sctp.c

nf_conntrack_seqadj.c

nf_nat_helper.c

nf_nat_proto.c

+1 -1

net/netfilter/nf_conntrack_proto_sctp.c

··· 339 339 if (state->hook == NF_INET_PRE_ROUTING && 340 340 state->net->ct.sysctl_checksum && 341 341 skb->ip_summed == CHECKSUM_NONE) { 342 - if (!skb_make_writable(skb, dataoff + sizeof(struct sctphdr))) { 342 + if (skb_ensure_writable(skb, dataoff + sizeof(*sh))) { 343 343 logmsg = "nf_ct_sctp: failed to read header "; 344 344 goto out_invalid; 345 345 }

+2 -2

net/netfilter/nf_conntrack_seqadj.c

··· 126 126 optoff = protoff + sizeof(struct tcphdr); 127 127 optend = protoff + tcph->doff * 4; 128 128 129 - if (!skb_make_writable(skb, optend)) 129 + if (skb_ensure_writable(skb, optend)) 130 130 return 0; 131 131 132 132 tcph = (void *)skb->data + protoff; ··· 176 176 this_way = &seqadj->seq[dir]; 177 177 other_way = &seqadj->seq[!dir]; 178 178 179 - if (!skb_make_writable(skb, protoff + sizeof(*tcph))) 179 + if (skb_ensure_writable(skb, protoff + sizeof(*tcph))) 180 180 return 0; 181 181 182 182 tcph = (void *)skb->data + protoff;

+2 -2

net/netfilter/nf_nat_helper.c

··· 98 98 struct tcphdr *tcph; 99 99 int oldlen, datalen; 100 100 101 - if (!skb_make_writable(skb, skb->len)) 101 + if (skb_ensure_writable(skb, skb->len)) 102 102 return false; 103 103 104 104 if (rep_len > match_len && ··· 148 148 struct udphdr *udph; 149 149 int datalen, oldlen; 150 150 151 - if (!skb_make_writable(skb, skb->len)) 151 + if (skb_ensure_writable(skb, skb->len)) 152 152 return false; 153 153 154 154 if (rep_len > match_len &&

+12 -12

net/netfilter/nf_nat_proto.c

··· 73 73 struct udphdr *hdr; 74 74 bool do_csum; 75 75 76 - if (!skb_make_writable(skb, hdroff + sizeof(*hdr))) 76 + if (skb_ensure_writable(skb, hdroff + sizeof(*hdr))) 77 77 return false; 78 78 79 79 hdr = (struct udphdr *)(skb->data + hdroff); ··· 91 91 #ifdef CONFIG_NF_CT_PROTO_UDPLITE 92 92 struct udphdr *hdr; 93 93 94 - if (!skb_make_writable(skb, hdroff + sizeof(*hdr))) 94 + if (skb_ensure_writable(skb, hdroff + sizeof(*hdr))) 95 95 return false; 96 96 97 97 hdr = (struct udphdr *)(skb->data + hdroff); ··· 117 117 if (skb->len >= hdroff + sizeof(*hdr)) 118 118 hdrsize = sizeof(*hdr); 119 119 120 - if (!skb_make_writable(skb, hdroff + hdrsize)) 120 + if (skb_ensure_writable(skb, hdroff + hdrsize)) 121 121 return false; 122 122 123 123 hdr = (struct sctphdr *)(skb->data + hdroff); ··· 158 158 if (skb->len >= hdroff + sizeof(struct tcphdr)) 159 159 hdrsize = sizeof(struct tcphdr); 160 160 161 - if (!skb_make_writable(skb, hdroff + hdrsize)) 161 + if (skb_ensure_writable(skb, hdroff + hdrsize)) 162 162 return false; 163 163 164 164 hdr = (struct tcphdr *)(skb->data + hdroff); ··· 198 198 if (skb->len >= hdroff + sizeof(struct dccp_hdr)) 199 199 hdrsize = sizeof(struct dccp_hdr); 200 200 201 - if (!skb_make_writable(skb, hdroff + hdrsize)) 201 + if (skb_ensure_writable(skb, hdroff + hdrsize)) 202 202 return false; 203 203 204 204 hdr = (struct dccp_hdr *)(skb->data + hdroff); ··· 232 232 { 233 233 struct icmphdr *hdr; 234 234 235 - if (!skb_make_writable(skb, hdroff + sizeof(*hdr))) 235 + if (skb_ensure_writable(skb, hdroff + sizeof(*hdr))) 236 236 return false; 237 237 238 238 hdr = (struct icmphdr *)(skb->data + hdroff); ··· 250 250 { 251 251 struct icmp6hdr *hdr; 252 252 253 - if (!skb_make_writable(skb, hdroff + sizeof(*hdr))) 253 + if (skb_ensure_writable(skb, hdroff + sizeof(*hdr))) 254 254 return false; 255 255 256 256 hdr = (struct icmp6hdr *)(skb->data + hdroff); ··· 278 278 279 279 /* pgreh includes two optional 32bit fields which are not required 280 280 * to be there. That's where the magic '8' comes from */ 281 - if (!skb_make_writable(skb, hdroff + sizeof(*pgreh) - 8)) 281 + if (skb_ensure_writable(skb, hdroff + sizeof(*pgreh) - 8)) 282 282 return false; 283 283 284 284 greh = (void *)skb->data + hdroff; ··· 350 350 struct iphdr *iph; 351 351 unsigned int hdroff; 352 352 353 - if (!skb_make_writable(skb, iphdroff + sizeof(*iph))) 353 + if (skb_ensure_writable(skb, iphdroff + sizeof(*iph))) 354 354 return false; 355 355 356 356 iph = (void *)skb->data + iphdroff; ··· 381 381 int hdroff; 382 382 u8 nexthdr; 383 383 384 - if (!skb_make_writable(skb, iphdroff + sizeof(*ipv6h))) 384 + if (skb_ensure_writable(skb, iphdroff + sizeof(*ipv6h))) 385 385 return false; 386 386 387 387 ipv6h = (void *)skb->data + iphdroff; ··· 565 565 566 566 WARN_ON(ctinfo != IP_CT_RELATED && ctinfo != IP_CT_RELATED_REPLY); 567 567 568 - if (!skb_make_writable(skb, hdrlen + sizeof(*inside))) 568 + if (skb_ensure_writable(skb, hdrlen + sizeof(*inside))) 569 569 return 0; 570 570 if (nf_ip_checksum(skb, hooknum, hdrlen, 0)) 571 571 return 0; ··· 787 787 788 788 WARN_ON(ctinfo != IP_CT_RELATED && ctinfo != IP_CT_RELATED_REPLY); 789 789 790 - if (!skb_make_writable(skb, hdrlen + sizeof(*inside))) 790 + if (skb_ensure_writable(skb, hdrlen + sizeof(*inside))) 791 791 return 0; 792 792 if (nf_ip6_checksum(skb, hooknum, hdrlen, IPPROTO_ICMPV6)) 793 793 return 0;