tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (42 commits)
[IPV6]: Consolidate the ip6_pol_route_(input|output) pair
[TCP]: Make snd_cwnd_cnt 32-bit
[TCP]: Update the /proc/net/tcp documentation
[NETNS]: Don't panic on creating the namespace's loopback
[NEIGH]: Ensure that pneigh_lookup is protected with RTNL
[INET]: kmalloc+memset -> kzalloc in frag_alloc_queue
[ISDN]: Fix compile with CONFIG_ISDN_X25 disabled.
[IPV6]: Replace sk_buff ** with sk_buff * in input handlers
[SELINUX]: Update for netfilter ->hook() arg changes.
[INET]: Consolidate the xxx_put
[INET]: Small cleanup for xxx_put after evictor consolidation
[INET]: Consolidate the xxx_evictor
[INET]: Consolidate the xxx_frag_destroy
[INET]: Consolidate xxx_the secret_rebuild
[INET]: Consolidate the xxx_frag_kill
[INET]: Collect common frag sysctl variables together
[INET]: Collect frag queues management objects together
[INET]: Move common fields from frag_queues in one place.
[TG3]: Fix performance regression on 5705.
[ISDN]: Remove local copy of device name to make sure renames work.
...
+2018
-2254
+3
-2
Documentation/networking/proc_net_tcp.txt
+3
-2
Documentation/networking/proc_net_tcp.txt
···
1
1
This document describes the interfaces /proc/net/tcp and /proc/net/tcp6.
2
+
Note that these interfaces are deprecated in favor of tcp_diag.
2
3
3
4
These /proc interfaces provide information about currently active TCP
4
-
connections, and are implemented by tcp_get_info() in net/ipv4/tcp_ipv4.c and
5
-
tcp6_get_info() in net/ipv6/tcp_ipv6.c, respectively.
5
+
connections, and are implemented by tcp4_seq_show() in net/ipv4/tcp_ipv4.c
6
+
and tcp6_seq_show() in net/ipv6/tcp_ipv6.c, respectively.
6
7
7
8
It will first list all listening TCP sockets, and next list all established
8
9
TCP connections. A typical entry of /proc/net/tcp would look like this (split
+80
-66
drivers/isdn/i4l/isdn_net.c
+80
-66
drivers/isdn/i4l/isdn_net.c
···
328
328
l->cps = (l->transcount * HZ) / (jiffies - last_jiffies);
329
329
l->transcount = 0;
330
330
if (dev->net_verbose > 3)
331
-
printk(KERN_DEBUG "%s: %d bogocps\n", l->name, l->cps);
331
+
printk(KERN_DEBUG "%s: %d bogocps\n", p->dev->name, l->cps);
332
332
if ((l->flags & ISDN_NET_CONNECTED) && (!l->dialstate)) {
333
333
anymore = 1;
334
334
l->huptimer++;
···
350
350
if (l->hupflags & ISDN_CHARGEHUP) {
351
351
if (l->hupflags & ISDN_WAITCHARGE) {
352
352
printk(KERN_DEBUG "isdn_net: Hupflags of %s are %X\n",
353
-
l->name, l->hupflags);
353
+
p->dev->name, l->hupflags);
354
354
isdn_net_hangup(p->dev);
355
355
} else if (time_after(jiffies, l->chargetime + l->chargeint)) {
356
356
printk(KERN_DEBUG
357
357
"isdn_net: %s: chtime = %lu, chint = %d\n",
358
-
l->name, l->chargetime, l->chargeint);
358
+
p->dev->name, l->chargetime, l->chargeint);
359
359
isdn_net_hangup(p->dev);
360
360
}
361
361
} else
···
442
442
#endif
443
443
isdn_net_lp_disconnected(lp);
444
444
isdn_all_eaz(lp->isdn_device, lp->isdn_channel);
445
-
printk(KERN_INFO "%s: remote hangup\n", lp->name);
446
-
printk(KERN_INFO "%s: Chargesum is %d\n", lp->name,
445
+
printk(KERN_INFO "%s: remote hangup\n", p->dev->name);
446
+
printk(KERN_INFO "%s: Chargesum is %d\n", p->dev->name,
447
447
lp->charge);
448
448
isdn_net_unbind_channel(lp);
449
449
return 1;
···
487
487
isdn_net_add_to_bundle(nd, lp);
488
488
}
489
489
}
490
-
printk(KERN_INFO "isdn_net: %s connected\n", lp->name);
490
+
printk(KERN_INFO "isdn_net: %s connected\n", p->dev->name);
491
491
/* If first Chargeinfo comes before B-Channel connect,
492
492
* we correct the timestamp here.
493
493
*/
···
534
534
lp->hupflags |= ISDN_HAVECHARGE;
535
535
lp->chargetime = jiffies;
536
536
printk(KERN_DEBUG "isdn_net: Got CINF chargetime of %s now %lu\n",
537
-
lp->name, lp->chargetime);
537
+
p->dev->name, lp->chargetime);
538
538
return 1;
539
539
}
540
540
}
···
565
565
566
566
#ifdef ISDN_DEBUG_NET_DIAL
567
567
if (lp->dialstate)
568
-
printk(KERN_DEBUG "%s: dialstate=%d\n", lp->name, lp->dialstate);
568
+
printk(KERN_DEBUG "%s: dialstate=%d\n", p->dev->name, lp->dialstate);
569
569
#endif
570
570
switch (lp->dialstate) {
571
571
case 0:
···
578
578
lp->dial = lp->phone[1];
579
579
if (!lp->dial) {
580
580
printk(KERN_WARNING "%s: phone number deleted?\n",
581
-
lp->name);
581
+
p->dev->name);
582
582
isdn_net_hangup(p->dev);
583
583
break;
584
584
}
···
632
632
cmd.arg = lp->isdn_channel;
633
633
if (!lp->dial) {
634
634
printk(KERN_WARNING "%s: phone number deleted?\n",
635
-
lp->name);
635
+
p->dev->name);
636
636
isdn_net_hangup(p->dev);
637
637
break;
638
638
}
639
639
if (!strncmp(lp->dial->num, "LEASED", strlen("LEASED"))) {
640
640
lp->dialstate = 4;
641
-
printk(KERN_INFO "%s: Open leased line ...\n", lp->name);
641
+
printk(KERN_INFO "%s: Open leased line ...\n", p->dev->name);
642
642
} else {
643
643
if(lp->dialtimeout > 0)
644
644
if (time_after(jiffies, lp->dialstarted + lp->dialtimeout)) {
···
688
688
dev->usage[i] |= ISDN_USAGE_OUTGOING;
689
689
isdn_info_update();
690
690
}
691
-
printk(KERN_INFO "%s: dialing %d %s... %s\n", lp->name,
691
+
printk(KERN_INFO "%s: dialing %d %s... %s\n", p->dev->name,
692
692
lp->dialretry, cmd.parm.setup.phone,
693
693
(cmd.parm.setup.si1 == 1) ? "DOV" : "");
694
694
lp->dtimer = 0;
···
797
797
*/
798
798
if (lp->dtimer++ > lp->cbdelay)
799
799
{
800
-
printk(KERN_INFO "%s: hangup waiting for callback ...\n", lp->name);
800
+
printk(KERN_INFO "%s: hangup waiting for callback ...\n", p->dev->name);
801
801
lp->dtimer = 0;
802
802
lp->dialstate = 4;
803
803
cmd.driver = lp->isdn_device;
···
810
810
break;
811
811
default:
812
812
printk(KERN_WARNING "isdn_net: Illegal dialstate %d for device %s\n",
813
-
lp->dialstate, lp->name);
813
+
lp->dialstate, p->dev->name);
814
814
}
815
815
p = (isdn_net_dev *) p->next;
816
816
}
···
836
836
if (slp->flags & ISDN_NET_CONNECTED) {
837
837
printk(KERN_INFO
838
838
"isdn_net: hang up slave %s before %s\n",
839
-
slp->name, lp->name);
839
+
lp->slave->name, d->name);
840
840
isdn_net_hangup(lp->slave);
841
841
}
842
842
}
843
-
printk(KERN_INFO "isdn_net: local hangup %s\n", lp->name);
843
+
printk(KERN_INFO "isdn_net: local hangup %s\n", d->name);
844
844
#ifdef CONFIG_ISDN_PPP
845
845
if (lp->p_encap == ISDN_NET_ENCAP_SYNCPPP)
846
846
isdn_ppp_free(lp);
···
858
858
cmd.command = ISDN_CMD_HANGUP;
859
859
cmd.arg = lp->isdn_channel;
860
860
isdn_command(&cmd);
861
-
printk(KERN_INFO "%s: Chargesum is %d\n", lp->name, lp->charge);
861
+
printk(KERN_INFO "%s: Chargesum is %d\n", d->name, lp->charge);
862
862
isdn_all_eaz(lp->isdn_device, lp->isdn_channel);
863
863
}
864
864
isdn_net_unbind_channel(lp);
···
885
885
/* fall back to old isdn_net_log_packet method() */
886
886
char * buf = skb->data;
887
887
888
-
printk(KERN_DEBUG "isdn_net: protocol %04x is buggy, dev %s\n", skb->protocol, lp->name);
888
+
printk(KERN_DEBUG "isdn_net: protocol %04x is buggy, dev %s\n", skb->protocol, lp->netdev->dev->name);
889
889
p = buf;
890
890
proto = ETH_P_IP;
891
891
switch (lp->p_encap) {
···
1023
1023
ret = isdn_writebuf_skb_stub(lp->isdn_device, lp->isdn_channel, 1, skb);
1024
1024
if (ret != len) {
1025
1025
/* we should never get here */
1026
-
printk(KERN_WARNING "%s: HL driver queue full\n", lp->name);
1026
+
printk(KERN_WARNING "%s: HL driver queue full\n", lp->netdev->dev->name);
1027
1027
goto error;
1028
1028
}
1029
1029
···
1461
1461
mod_timer(&lp->cisco_timer, expires);
1462
1462
printk(KERN_INFO "%s: Keepalive period set "
1463
1463
"to %d seconds.\n",
1464
-
lp->name, lp->cisco_keepalive_period);
1464
+
dev->name, lp->cisco_keepalive_period);
1465
1465
}
1466
1466
break;
1467
1467
···
1512
1512
lp->cisco_line_state = 0;
1513
1513
printk (KERN_WARNING
1514
1514
"UPDOWN: Line protocol on Interface %s,"
1515
-
" changed state to down\n", lp->name);
1515
+
" changed state to down\n", lp->netdev->dev->name);
1516
1516
/* should stop routing higher-level data accross */
1517
1517
} else if ((!lp->cisco_line_state) &&
1518
1518
(myseq_diff >= 0) && (myseq_diff <= 2)) {
···
1520
1520
lp->cisco_line_state = 1;
1521
1521
printk (KERN_WARNING
1522
1522
"UPDOWN: Line protocol on Interface %s,"
1523
-
" changed state to up\n", lp->name);
1523
+
" changed state to up\n", lp->netdev->dev->name);
1524
1524
/* restart routing higher-level data accross */
1525
1525
}
1526
1526
1527
1527
if (lp->cisco_debserint)
1528
1528
printk (KERN_DEBUG "%s: HDLC "
1529
1529
"myseq %lu, mineseen %lu%c, yourseen %lu, %s\n",
1530
-
lp->name, last_cisco_myseq, lp->cisco_mineseen,
1530
+
lp->netdev->dev->name, last_cisco_myseq, lp->cisco_mineseen,
1531
1531
((last_cisco_myseq == lp->cisco_mineseen) ? '*' : 040),
1532
1532
lp->cisco_yourseq,
1533
1533
((lp->cisco_line_state) ? "line up" : "line down"));
···
1682
1682
"remote ip: %d.%d.%d.%d, "
1683
1683
"local ip: %d.%d.%d.%d "
1684
1684
"mask: %d.%d.%d.%d\n",
1685
-
lp->name,
1685
+
lp->netdev->dev->name,
1686
1686
HIPQUAD(addr),
1687
1687
HIPQUAD(local),
1688
1688
HIPQUAD(mask));
···
1690
1690
slarp_reply_out:
1691
1691
printk(KERN_INFO "%s: got invalid slarp "
1692
1692
"reply (%d.%d.%d.%d/%d.%d.%d.%d) "
1693
-
"- ignored\n", lp->name,
1693
+
"- ignored\n", lp->netdev->dev->name,
1694
1694
HIPQUAD(addr), HIPQUAD(mask));
1695
1695
break;
1696
1696
case CISCO_SLARP_KEEPALIVE:
···
1701
1701
lp->cisco_last_slarp_in) {
1702
1702
printk(KERN_DEBUG "%s: Keepalive period mismatch - "
1703
1703
"is %d but should be %d.\n",
1704
-
lp->name, period, lp->cisco_keepalive_period);
1704
+
lp->netdev->dev->name, period,
1705
+
lp->cisco_keepalive_period);
1705
1706
}
1706
1707
lp->cisco_last_slarp_in = jiffies;
1707
1708
p += get_u32(p, &my_seq);
···
1733
1732
1734
1733
if (addr != CISCO_ADDR_UNICAST && addr != CISCO_ADDR_BROADCAST) {
1735
1734
printk(KERN_WARNING "%s: Unknown Cisco addr 0x%02x\n",
1736
-
lp->name, addr);
1735
+
lp->netdev->dev->name, addr);
1737
1736
goto out_free;
1738
1737
}
1739
1738
if (ctrl != CISCO_CTRL) {
1740
1739
printk(KERN_WARNING "%s: Unknown Cisco ctrl 0x%02x\n",
1741
-
lp->name, ctrl);
1740
+
lp->netdev->dev->name, ctrl);
1742
1741
goto out_free;
1743
1742
}
1744
1743
···
1749
1748
case CISCO_TYPE_CDP:
1750
1749
if (lp->cisco_debserint)
1751
1750
printk(KERN_DEBUG "%s: Received CDP packet. use "
1752
-
"\"no cdp enable\" on cisco.\n", lp->name);
1751
+
"\"no cdp enable\" on cisco.\n",
1752
+
lp->netdev->dev->name);
1753
1753
goto out_free;
1754
1754
default:
1755
1755
/* no special cisco protocol */
···
1845
1843
};
1846
1844
#endif /* CONFIG_ISDN_X25 */
1847
1845
printk(KERN_WARNING "%s: unknown encapsulation, dropping\n",
1848
-
lp->name);
1846
+
lp->netdev->dev->name);
1849
1847
kfree_skb(skb);
1850
1848
return;
1851
1849
}
···
2176
2174
wret = matchret;
2177
2175
#ifdef ISDN_DEBUG_NET_ICALL
2178
2176
printk(KERN_DEBUG "n_fi: if='%s', l.msn=%s, l.flags=%d, l.dstate=%d\n",
2179
-
lp->name, lp->msn, lp->flags, lp->dialstate);
2177
+
p->dev->name, lp->msn, lp->flags, lp->dialstate);
2180
2178
#endif
2181
2179
if ((!matchret) && /* EAZ is matching */
2182
2180
(((!(lp->flags & ISDN_NET_CONNECTED)) && /* but not connected */
···
2279
2277
* */
2280
2278
if (ISDN_NET_DIALMODE(*lp) == ISDN_NET_DM_OFF) {
2281
2279
printk(KERN_INFO "incoming call, interface %s `stopped' -> rejected\n",
2282
-
lp->name);
2280
+
p->dev->name);
2283
2281
return 3;
2284
2282
}
2285
2283
/*
···
2288
2286
*/
2289
2287
if (!isdn_net_device_started(p)) {
2290
2288
printk(KERN_INFO "%s: incoming call, interface down -> rejected\n",
2291
-
lp->name);
2289
+
p->dev->name);
2292
2290
return 3;
2293
2291
}
2294
2292
/* Interface is up, now see if it's a slave. If so, see if
···
2296
2294
*/
2297
2295
if (lp->master) {
2298
2296
isdn_net_local *mlp = (isdn_net_local *) lp->master->priv;
2299
-
printk(KERN_DEBUG "ICALLslv: %s\n", lp->name);
2300
-
printk(KERN_DEBUG "master=%s\n", mlp->name);
2297
+
printk(KERN_DEBUG "ICALLslv: %s\n", p->dev->name);
2298
+
printk(KERN_DEBUG "master=%s\n", lp->master->name);
2301
2299
if (mlp->flags & ISDN_NET_CONNECTED) {
2302
2300
printk(KERN_DEBUG "master online\n");
2303
2301
/* Master is online, find parent-slave (master if first slave) */
···
2324
2322
* */
2325
2323
if (ISDN_NET_DIALMODE(*lp) == ISDN_NET_DM_OFF) {
2326
2324
printk(KERN_INFO "incoming call for callback, interface %s `off' -> rejected\n",
2327
-
lp->name);
2325
+
p->dev->name);
2328
2326
return 3;
2329
2327
}
2330
2328
printk(KERN_DEBUG "%s: call from %s -> %s, start callback\n",
2331
-
lp->name, nr, eaz);
2329
+
p->dev->name, nr, eaz);
2332
2330
if (lp->phone[1]) {
2333
2331
/* Grab a free ISDN-Channel */
2334
2332
spin_lock_irqsave(&dev->lock, flags);
···
2342
2340
lp->msn)
2343
2341
) < 0) {
2344
2342
2345
-
printk(KERN_WARNING "isdn_net_find_icall: No channel for %s\n", lp->name);
2343
+
printk(KERN_WARNING "isdn_net_find_icall: No channel for %s\n",
2344
+
p->dev->name);
2346
2345
spin_unlock_irqrestore(&dev->lock, flags);
2347
2346
return 0;
2348
2347
}
···
2364
2361
/* Initiate dialing by returning 2 or 4 */
2365
2362
return (lp->flags & ISDN_NET_CBHUP) ? 2 : 4;
2366
2363
} else
2367
-
printk(KERN_WARNING "isdn_net: %s: No phone number\n", lp->name);
2364
+
printk(KERN_WARNING "isdn_net: %s: No phone number\n",
2365
+
p->dev->name);
2368
2366
return 0;
2369
2367
} else {
2370
-
printk(KERN_DEBUG "%s: call from %s -> %s accepted\n", lp->name, nr,
2371
-
eaz);
2368
+
printk(KERN_DEBUG "%s: call from %s -> %s accepted\n",
2369
+
p->dev->name, nr, eaz);
2372
2370
/* if this interface is dialing, it does it probably on a different
2373
2371
device, so free this device */
2374
2372
if ((lp->dialstate == 4) || (lp->dialstate == 12)) {
···
2428
2424
isdn_net_dev *p = dev->netdev;
2429
2425
2430
2426
while (p) {
2431
-
if (!strcmp(p->local->name, name))
2427
+
if (!strcmp(p->dev->name, name))
2432
2428
return p;
2433
2429
p = (isdn_net_dev *) p->next;
2434
2430
}
···
2457
2453
lp->pre_device,
2458
2454
lp->pre_channel,
2459
2455
lp->msn)) < 0) {
2460
-
printk(KERN_WARNING "isdn_net_force_dial: No channel for %s\n", lp->name);
2456
+
printk(KERN_WARNING "isdn_net_force_dial: No channel for %s\n",
2457
+
lp->netdev->dev->name);
2461
2458
spin_unlock_irqrestore(&dev->lock, flags);
2462
2459
return -EAGAIN;
2463
2460
}
···
2561
2556
return NULL;
2562
2557
}
2563
2558
if (name == NULL)
2564
-
name = " ";
2559
+
return NULL;
2565
2560
if (!(netdev = kzalloc(sizeof(isdn_net_dev), GFP_KERNEL))) {
2566
2561
printk(KERN_WARNING "isdn_net: Could not allocate net-device\n");
2567
2562
return NULL;
···
2573
2568
return NULL;
2574
2569
}
2575
2570
netdev->local = netdev->dev->priv;
2576
-
strcpy(netdev->local->name, netdev->dev->name);
2577
2571
netdev->dev->init = isdn_net_init;
2578
2572
if (master) {
2579
2573
/* Device shall be a slave */
···
2677
2673
#endif
2678
2674
if (isdn_net_device_started(p)) {
2679
2675
printk(KERN_WARNING "%s: cannot change encap when if is up\n",
2680
-
lp->name);
2676
+
p->dev->name);
2681
2677
return -EBUSY;
2682
2678
}
2683
2679
#ifdef CONFIG_ISDN_X25
···
2702
2698
case ISDN_NET_ENCAP_SYNCPPP:
2703
2699
#ifndef CONFIG_ISDN_PPP
2704
2700
printk(KERN_WARNING "%s: SyncPPP support not configured\n",
2705
-
lp->name);
2701
+
p->dev->name);
2706
2702
return -EINVAL;
2707
2703
#else
2708
2704
p->dev->type = ARPHRD_PPP; /* change ARP type */
···
2713
2709
case ISDN_NET_ENCAP_X25IFACE:
2714
2710
#ifndef CONFIG_ISDN_X25
2715
2711
printk(KERN_WARNING "%s: isdn-x25 support not configured\n",
2716
-
p->local->name);
2712
+
p->dev->name);
2717
2713
return -EINVAL;
2718
2714
#else
2719
2715
p->dev->type = ARPHRD_X25; /* change ARP type */
···
2729
2725
break;
2730
2726
printk(KERN_WARNING
2731
2727
"%s: encapsulation protocol %d not supported\n",
2732
-
p->local->name, cfg->p_encap);
2728
+
p->dev->name, cfg->p_encap);
2733
2729
return -EINVAL;
2734
2730
}
2735
2731
if (strlen(cfg->drvid)) {
···
2906
2902
cfg->pppbind = lp->pppbind;
2907
2903
cfg->dialtimeout = lp->dialtimeout >= 0 ? lp->dialtimeout / HZ : -1;
2908
2904
cfg->dialwait = lp->dialwait / HZ;
2909
-
if (lp->slave)
2910
-
strcpy(cfg->slave, ((isdn_net_local *) lp->slave->priv)->name);
2911
-
else
2905
+
if (lp->slave) {
2906
+
if (strlen(lp->slave->name) > 8)
2907
+
strcpy(cfg->slave, "too-long");
2908
+
else
2909
+
strcpy(cfg->slave, lp->slave->name);
2910
+
} else
2912
2911
cfg->slave[0] = '\0';
2913
-
if (lp->master)
2914
-
strcpy(cfg->master, ((isdn_net_local *) lp->master->priv)->name);
2915
-
else
2912
+
if (lp->master) {
2913
+
if (strlen(lp->master->name) > 8)
2914
+
strcpy(cfg->master, "too-long");
2915
+
strcpy(cfg->master, lp->master->name);
2916
+
} else
2916
2917
cfg->master[0] = '\0';
2917
2918
return 0;
2918
2919
}
···
2987
2978
isdn_net_dev *p = isdn_net_findif(phone->name);
2988
2979
int ch, dv, idx;
2989
2980
2990
-
if (!p) return -ENODEV;
2981
+
if (!p)
2982
+
return -ENODEV;
2991
2983
/*
2992
2984
* Theoretical race: while this executes, the remote number might
2993
2985
* become invalid (hang up) or change (new connection), resulting
···
2997
2987
*/
2998
2988
ch = p->local->isdn_channel;
2999
2989
dv = p->local->isdn_device;
3000
-
if(ch<0 && dv<0) return -ENOTCONN;
2990
+
if(ch < 0 && dv < 0)
2991
+
return -ENOTCONN;
3001
2992
idx = isdn_dc2minor(dv, ch);
3002
-
if (idx<0) return -ENODEV;
2993
+
if (idx <0 )
2994
+
return -ENODEV;
3003
2995
/* for pre-bound channels, we need this extra check */
3004
-
if ( strncmp(dev->num[idx],"???",3) == 0 ) return -ENOTCONN;
3005
-
strncpy(phone->phone,dev->num[idx],ISDN_MSNLEN);
3006
-
phone->outgoing=USG_OUTGOING(dev->usage[idx]);
3007
-
if ( copy_to_user(peer,phone,sizeof(*peer)) ) return -EFAULT;
2996
+
if (strncmp(dev->num[idx], "???", 3) == 0)
2997
+
return -ENOTCONN;
2998
+
strncpy(phone->phone, dev->num[idx], ISDN_MSNLEN);
2999
+
phone->outgoing = USG_OUTGOING(dev->usage[idx]);
3000
+
if (copy_to_user(peer, phone, sizeof(*peer)))
3001
+
return -EFAULT;
3008
3002
return 0;
3009
3003
}
3010
3004
/*
···
3127
3113
dev->netdev = p->next;
3128
3114
if (p->local->slave) {
3129
3115
/* If this interface has a slave, remove it also */
3130
-
char *slavename = ((isdn_net_local *) (p->local->slave->priv))->name;
3116
+
char *slavename = p->local->slave->name;
3131
3117
isdn_net_dev *n = dev->netdev;
3132
3118
q = NULL;
3133
3119
while (n) {
3134
-
if (!strcmp(n->local->name, slavename)) {
3120
+
if (!strcmp(n->dev->name, slavename)) {
3135
3121
spin_unlock_irqrestore(&dev->lock, flags);
3136
3122
isdn_net_realrm(n, q);
3137
3123
spin_lock_irqsave(&dev->lock, flags);
3138
3124
break;
3139
3125
}
3140
3126
q = n;
3141
-
n = (isdn_net_dev *) n->next;
3127
+
n = (isdn_net_dev *)n->next;
3142
3128
}
3143
3129
}
3144
3130
spin_unlock_irqrestore(&dev->lock, flags);
···
3166
3152
p = dev->netdev;
3167
3153
q = NULL;
3168
3154
while (p) {
3169
-
if (!strcmp(p->local->name, name)) {
3155
+
if (!strcmp(p->dev->name, name)) {
3170
3156
spin_unlock_irqrestore(&dev->lock, flags);
3171
3157
return (isdn_net_realrm(p, q));
3172
3158
}
+6
-3
drivers/isdn/i4l/isdn_ppp.c
+6
-3
drivers/isdn/i4l/isdn_ppp.c
···
190
190
retval = -1;
191
191
goto out;
192
192
}
193
-
unit = isdn_ppp_if_get_unit(lp->name); /* get unit number from interface name .. ugly! */
193
+
/* get unit number from interface name .. ugly! */
194
+
unit = isdn_ppp_if_get_unit(lp->netdev->dev->name);
194
195
if (unit < 0) {
195
-
printk(KERN_ERR "isdn_ppp_bind: illegal interface name %s.\n", lp->name);
196
+
printk(KERN_ERR "isdn_ppp_bind: illegal interface name %s.\n",
197
+
lp->netdev->dev->name);
196
198
retval = -1;
197
199
goto out;
198
200
}
···
509
507
case PPPIOCGIFNAME:
510
508
if(!lp)
511
509
return -EINVAL;
512
-
if ((r = set_arg(argp, lp->name, strlen(lp->name))))
510
+
if ((r = set_arg(argp, lp->netdev->dev->name,
511
+
strlen(lp->netdev->dev->name))))
513
512
return r;
514
513
break;
515
514
case PPPIOCGMPFLAGS: /* get configuration flags */
+5
-6
drivers/net/loopback.c
+5
-6
drivers/net/loopback.c
···
265
265
if (err)
266
266
goto out_free_netdev;
267
267
268
-
err = 0;
269
268
net->loopback_dev = dev;
269
+
return 0;
270
270
271
-
out:
272
-
if (err)
273
-
panic("loopback: Failed to register netdevice: %d\n", err);
274
-
return err;
275
271
276
272
out_free_netdev:
277
273
free_netdev(dev);
278
-
goto out;
274
+
out:
275
+
if (net == &init_net)
276
+
panic("loopback: Failed to register netdevice: %d\n", err);
277
+
return err;
279
278
}
280
279
281
280
static __net_exit void loopback_net_exit(struct net *net)
+9
-10
drivers/net/niu.c
+9
-10
drivers/net/niu.c
···
6123
6123
val = nr64(ESPC_PHY_TYPE);
6124
6124
switch (np->port) {
6125
6125
case 0:
6126
-
val = (val & ESPC_PHY_TYPE_PORT0) >>
6126
+
val8 = (val & ESPC_PHY_TYPE_PORT0) >>
6127
6127
ESPC_PHY_TYPE_PORT0_SHIFT;
6128
6128
break;
6129
6129
case 1:
6130
-
val = (val & ESPC_PHY_TYPE_PORT1) >>
6130
+
val8 = (val & ESPC_PHY_TYPE_PORT1) >>
6131
6131
ESPC_PHY_TYPE_PORT1_SHIFT;
6132
6132
break;
6133
6133
case 2:
6134
-
val = (val & ESPC_PHY_TYPE_PORT2) >>
6134
+
val8 = (val & ESPC_PHY_TYPE_PORT2) >>
6135
6135
ESPC_PHY_TYPE_PORT2_SHIFT;
6136
6136
break;
6137
6137
case 3:
6138
-
val = (val & ESPC_PHY_TYPE_PORT3) >>
6138
+
val8 = (val & ESPC_PHY_TYPE_PORT3) >>
6139
6139
ESPC_PHY_TYPE_PORT3_SHIFT;
6140
6140
break;
6141
6141
default:
···
6143
6143
np->port);
6144
6144
return -EINVAL;
6145
6145
}
6146
-
niudbg(PROBE, "SPROM: PHY type %llx\n", (unsigned long long) val);
6146
+
niudbg(PROBE, "SPROM: PHY type %x\n", val8);
6147
6147
6148
-
switch (val) {
6148
+
switch (val8) {
6149
6149
case ESPC_PHY_TYPE_1G_COPPER:
6150
6150
/* 1G copper, MII */
6151
6151
np->flags &= ~(NIU_FLAGS_FIBER |
···
6175
6175
break;
6176
6176
6177
6177
default:
6178
-
dev_err(np->device, PFX "Bogus SPROM phy type %llu\n",
6179
-
(unsigned long long) val);
6178
+
dev_err(np->device, PFX "Bogus SPROM phy type %u\n", val8);
6180
6179
return -EINVAL;
6181
6180
}
6182
6181
···
6212
6213
val = nr64(ESPC_MOD_STR_LEN);
6213
6214
niudbg(PROBE, "SPROM: MOD_STR_LEN[%llu]\n",
6214
6215
(unsigned long long) val);
6215
-
if (val > 8 * 4)
6216
+
if (val >= 8 * 4)
6216
6217
return -EINVAL;
6217
6218
6218
6219
for (i = 0; i < val; i += 4) {
···
6228
6229
val = nr64(ESPC_BD_MOD_STR_LEN);
6229
6230
niudbg(PROBE, "SPROM: BD_MOD_STR_LEN[%llu]\n",
6230
6231
(unsigned long long) val);
6231
-
if (val > 4 * 4)
6232
+
if (val >= 4 * 4)
6232
6233
return -EINVAL;
6233
6234
6234
6235
for (i = 0; i < val; i += 4) {
+8
-2
drivers/net/tg3.c
+8
-2
drivers/net/tg3.c
···
64
64
65
65
#define DRV_MODULE_NAME "tg3"
66
66
#define PFX DRV_MODULE_NAME ": "
67
-
#define DRV_MODULE_VERSION "3.83"
68
-
#define DRV_MODULE_RELDATE "October 10, 2007"
67
+
#define DRV_MODULE_VERSION "3.84"
68
+
#define DRV_MODULE_RELDATE "October 12, 2007"
69
69
70
70
#define TG3_DEF_MAC_MODE 0
71
71
#define TG3_DEF_RX_MODE 0
···
5056
5056
5057
5057
pci_write_config_dword(tp->pdev, TG3PCI_COMMAND, tp->pci_cmd);
5058
5058
5059
+
if (!(tp->tg3_flags2 & TG3_FLG2_PCI_EXPRESS)) {
5060
+
pci_write_config_byte(tp->pdev, PCI_CACHE_LINE_SIZE,
5061
+
tp->pci_cacheline_sz);
5062
+
pci_write_config_byte(tp->pdev, PCI_LATENCY_TIMER,
5063
+
tp->pci_lat_timer);
5064
+
}
5059
5065
/* Make sure PCI-X relaxed ordering bit is clear. */
5060
5066
if (tp->pcix_cap) {
5061
5067
u16 pcix_cmd;
+1
-1
include/linux/if_bridge.h
+1
-1
include/linux/if_bridge.h
···
107
107
extern void brioctl_set(int (*ioctl_hook)(struct net *, unsigned int, void __user *));
108
108
extern struct sk_buff *(*br_handle_frame_hook)(struct net_bridge_port *p,
109
109
struct sk_buff *skb);
110
-
extern int (*br_should_route_hook)(struct sk_buff **pskb);
110
+
extern int (*br_should_route_hook)(struct sk_buff *skb);
111
111
112
112
#endif
113
113
-1
include/linux/isdn.h
-1
include/linux/isdn.h
···
286
286
/* Local interface-data */
287
287
typedef struct isdn_net_local_s {
288
288
ulong magic;
289
-
char name[10]; /* Name of device */
290
289
struct net_device_stats stats; /* Ethernet Statistics */
291
290
int isdn_device; /* Index to isdn-device */
292
291
int isdn_channel; /* Index to isdn-channel */
+13
-13
include/linux/netfilter.h
+13
-13
include/linux/netfilter.h
···
51
51
struct net_device;
52
52
53
53
typedef unsigned int nf_hookfn(unsigned int hooknum,
54
-
struct sk_buff **skb,
54
+
struct sk_buff *skb,
55
55
const struct net_device *in,
56
56
const struct net_device *out,
57
57
int (*okfn)(struct sk_buff *));
···
183
183
struct nf_loginfo *li,
184
184
const char *fmt, ...);
185
185
186
-
int nf_hook_slow(int pf, unsigned int hook, struct sk_buff **pskb,
186
+
int nf_hook_slow(int pf, unsigned int hook, struct sk_buff *skb,
187
187
struct net_device *indev, struct net_device *outdev,
188
188
int (*okfn)(struct sk_buff *), int thresh);
189
189
···
195
195
* value indicates the packet has been consumed by the hook.
196
196
*/
197
197
static inline int nf_hook_thresh(int pf, unsigned int hook,
198
-
struct sk_buff **pskb,
198
+
struct sk_buff *skb,
199
199
struct net_device *indev,
200
200
struct net_device *outdev,
201
201
int (*okfn)(struct sk_buff *), int thresh,
···
207
207
if (list_empty(&nf_hooks[pf][hook]))
208
208
return 1;
209
209
#endif
210
-
return nf_hook_slow(pf, hook, pskb, indev, outdev, okfn, thresh);
210
+
return nf_hook_slow(pf, hook, skb, indev, outdev, okfn, thresh);
211
211
}
212
212
213
-
static inline int nf_hook(int pf, unsigned int hook, struct sk_buff **pskb,
213
+
static inline int nf_hook(int pf, unsigned int hook, struct sk_buff *skb,
214
214
struct net_device *indev, struct net_device *outdev,
215
215
int (*okfn)(struct sk_buff *))
216
216
{
217
-
return nf_hook_thresh(pf, hook, pskb, indev, outdev, okfn, INT_MIN, 1);
217
+
return nf_hook_thresh(pf, hook, skb, indev, outdev, okfn, INT_MIN, 1);
218
218
}
219
219
220
220
/* Activate hook; either okfn or kfree_skb called, unless a hook
···
241
241
242
242
#define NF_HOOK_THRESH(pf, hook, skb, indev, outdev, okfn, thresh) \
243
243
({int __ret; \
244
-
if ((__ret=nf_hook_thresh(pf, hook, &(skb), indev, outdev, okfn, thresh, 1)) == 1)\
244
+
if ((__ret=nf_hook_thresh(pf, hook, (skb), indev, outdev, okfn, thresh, 1)) == 1)\
245
245
__ret = (okfn)(skb); \
246
246
__ret;})
247
247
248
248
#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) \
249
249
({int __ret; \
250
-
if ((__ret=nf_hook_thresh(pf, hook, &(skb), indev, outdev, okfn, INT_MIN, cond)) == 1)\
250
+
if ((__ret=nf_hook_thresh(pf, hook, (skb), indev, outdev, okfn, INT_MIN, cond)) == 1)\
251
251
__ret = (okfn)(skb); \
252
252
__ret;})
253
253
···
287
287
/* Call this before modifying an existing packet: ensures it is
288
288
modifiable and linear to the point you care about (writable_len).
289
289
Returns true or false. */
290
-
extern int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len);
290
+
extern int skb_make_writable(struct sk_buff *skb, unsigned int writable_len);
291
291
292
292
static inline void nf_csum_replace4(__sum16 *sum, __be32 from, __be32 to)
293
293
{
···
317
317
unsigned int dataoff, u_int8_t protocol);
318
318
void (*saveroute)(const struct sk_buff *skb,
319
319
struct nf_info *info);
320
-
int (*reroute)(struct sk_buff **skb,
320
+
int (*reroute)(struct sk_buff *skb,
321
321
const struct nf_info *info);
322
322
int route_key_size;
323
323
};
···
371
371
#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) (okfn)(skb)
372
372
#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) (okfn)(skb)
373
373
static inline int nf_hook_thresh(int pf, unsigned int hook,
374
-
struct sk_buff **pskb,
374
+
struct sk_buff *skb,
375
375
struct net_device *indev,
376
376
struct net_device *outdev,
377
377
int (*okfn)(struct sk_buff *), int thresh,
378
378
int cond)
379
379
{
380
-
return okfn(*pskb);
380
+
return okfn(skb);
381
381
}
382
-
static inline int nf_hook(int pf, unsigned int hook, struct sk_buff **pskb,
382
+
static inline int nf_hook(int pf, unsigned int hook, struct sk_buff *skb,
383
383
struct net_device *indev, struct net_device *outdev,
384
384
int (*okfn)(struct sk_buff *))
385
385
{
+1
-1
include/linux/netfilter/nf_conntrack_amanda.h
+1
-1
include/linux/netfilter/nf_conntrack_amanda.h
+1
-1
include/linux/netfilter/nf_conntrack_ftp.h
+1
-1
include/linux/netfilter/nf_conntrack_ftp.h
···
32
32
33
33
/* For NAT to hook in when we find a packet which describes what other
34
34
* connection we should expect. */
35
-
extern unsigned int (*nf_nat_ftp_hook)(struct sk_buff **pskb,
35
+
extern unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb,
36
36
enum ip_conntrack_info ctinfo,
37
37
enum nf_ct_ftp_type type,
38
38
unsigned int matchoff,
+9
-9
include/linux/netfilter/nf_conntrack_h323.h
+9
-9
include/linux/netfilter/nf_conntrack_h323.h
···
36
36
struct nf_conntrack_expect *this);
37
37
extern void nf_conntrack_q931_expect(struct nf_conn *new,
38
38
struct nf_conntrack_expect *this);
39
-
extern int (*set_h245_addr_hook) (struct sk_buff **pskb,
39
+
extern int (*set_h245_addr_hook) (struct sk_buff *skb,
40
40
unsigned char **data, int dataoff,
41
41
H245_TransportAddress *taddr,
42
42
union nf_conntrack_address *addr,
43
43
__be16 port);
44
-
extern int (*set_h225_addr_hook) (struct sk_buff **pskb,
44
+
extern int (*set_h225_addr_hook) (struct sk_buff *skb,
45
45
unsigned char **data, int dataoff,
46
46
TransportAddress *taddr,
47
47
union nf_conntrack_address *addr,
48
48
__be16 port);
49
-
extern int (*set_sig_addr_hook) (struct sk_buff **pskb,
49
+
extern int (*set_sig_addr_hook) (struct sk_buff *skb,
50
50
struct nf_conn *ct,
51
51
enum ip_conntrack_info ctinfo,
52
52
unsigned char **data,
53
53
TransportAddress *taddr, int count);
54
-
extern int (*set_ras_addr_hook) (struct sk_buff **pskb,
54
+
extern int (*set_ras_addr_hook) (struct sk_buff *skb,
55
55
struct nf_conn *ct,
56
56
enum ip_conntrack_info ctinfo,
57
57
unsigned char **data,
58
58
TransportAddress *taddr, int count);
59
-
extern int (*nat_rtp_rtcp_hook) (struct sk_buff **pskb,
59
+
extern int (*nat_rtp_rtcp_hook) (struct sk_buff *skb,
60
60
struct nf_conn *ct,
61
61
enum ip_conntrack_info ctinfo,
62
62
unsigned char **data, int dataoff,
···
64
64
__be16 port, __be16 rtp_port,
65
65
struct nf_conntrack_expect *rtp_exp,
66
66
struct nf_conntrack_expect *rtcp_exp);
67
-
extern int (*nat_t120_hook) (struct sk_buff **pskb, struct nf_conn *ct,
67
+
extern int (*nat_t120_hook) (struct sk_buff *skb, struct nf_conn *ct,
68
68
enum ip_conntrack_info ctinfo,
69
69
unsigned char **data, int dataoff,
70
70
H245_TransportAddress *taddr, __be16 port,
71
71
struct nf_conntrack_expect *exp);
72
-
extern int (*nat_h245_hook) (struct sk_buff **pskb, struct nf_conn *ct,
72
+
extern int (*nat_h245_hook) (struct sk_buff *skb, struct nf_conn *ct,
73
73
enum ip_conntrack_info ctinfo,
74
74
unsigned char **data, int dataoff,
75
75
TransportAddress *taddr, __be16 port,
76
76
struct nf_conntrack_expect *exp);
77
-
extern int (*nat_callforwarding_hook) (struct sk_buff **pskb,
77
+
extern int (*nat_callforwarding_hook) (struct sk_buff *skb,
78
78
struct nf_conn *ct,
79
79
enum ip_conntrack_info ctinfo,
80
80
unsigned char **data, int dataoff,
81
81
TransportAddress *taddr,
82
82
__be16 port,
83
83
struct nf_conntrack_expect *exp);
84
-
extern int (*nat_q931_hook) (struct sk_buff **pskb, struct nf_conn *ct,
84
+
extern int (*nat_q931_hook) (struct sk_buff *skb, struct nf_conn *ct,
85
85
enum ip_conntrack_info ctinfo,
86
86
unsigned char **data, TransportAddress *taddr,
87
87
int idx, __be16 port,
+1
-1
include/linux/netfilter/nf_conntrack_irc.h
+1
-1
include/linux/netfilter/nf_conntrack_irc.h
+2
-2
include/linux/netfilter/nf_conntrack_pptp.h
+2
-2
include/linux/netfilter/nf_conntrack_pptp.h
···
301
301
struct nf_conntrack_expect;
302
302
303
303
extern int
304
-
(*nf_nat_pptp_hook_outbound)(struct sk_buff **pskb,
304
+
(*nf_nat_pptp_hook_outbound)(struct sk_buff *skb,
305
305
struct nf_conn *ct, enum ip_conntrack_info ctinfo,
306
306
struct PptpControlHeader *ctlh,
307
307
union pptp_ctrl_union *pptpReq);
308
308
309
309
extern int
310
-
(*nf_nat_pptp_hook_inbound)(struct sk_buff **pskb,
310
+
(*nf_nat_pptp_hook_inbound)(struct sk_buff *skb,
311
311
struct nf_conn *ct, enum ip_conntrack_info ctinfo,
312
312
struct PptpControlHeader *ctlh,
313
313
union pptp_ctrl_union *pptpReq);
+2
-2
include/linux/netfilter/nf_conntrack_sip.h
+2
-2
include/linux/netfilter/nf_conntrack_sip.h
···
21
21
POS_SDP_HEADER,
22
22
};
23
23
24
-
extern unsigned int (*nf_nat_sip_hook)(struct sk_buff **pskb,
24
+
extern unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb,
25
25
enum ip_conntrack_info ctinfo,
26
26
struct nf_conn *ct,
27
27
const char **dptr);
28
-
extern unsigned int (*nf_nat_sdp_hook)(struct sk_buff **pskb,
28
+
extern unsigned int (*nf_nat_sdp_hook)(struct sk_buff *skb,
29
29
enum ip_conntrack_info ctinfo,
30
30
struct nf_conntrack_expect *exp,
31
31
const char *dptr);
+1
-1
include/linux/netfilter/nf_conntrack_tftp.h
+1
-1
include/linux/netfilter/nf_conntrack_tftp.h
+1
-1
include/linux/netfilter/x_tables.h
+1
-1
include/linux/netfilter/x_tables.h
···
191
191
/* Returns verdict. Argument order changed since 2.6.9, as this
192
192
must now handle non-linear skbs, using skb_copy_bits and
193
193
skb_ip_make_writable. */
194
-
unsigned int (*target)(struct sk_buff **pskb,
194
+
unsigned int (*target)(struct sk_buff *skb,
195
195
const struct net_device *in,
196
196
const struct net_device *out,
197
197
unsigned int hooknum,
+1
-1
include/linux/netfilter_arp/arp_tables.h
+1
-1
include/linux/netfilter_arp/arp_tables.h
···
287
287
extern int arpt_register_table(struct arpt_table *table,
288
288
const struct arpt_replace *repl);
289
289
extern void arpt_unregister_table(struct arpt_table *table);
290
-
extern unsigned int arpt_do_table(struct sk_buff **pskb,
290
+
extern unsigned int arpt_do_table(struct sk_buff *skb,
291
291
unsigned int hook,
292
292
const struct net_device *in,
293
293
const struct net_device *out,
+2
-2
include/linux/netfilter_bridge/ebtables.h
+2
-2
include/linux/netfilter_bridge/ebtables.h
···
237
237
struct list_head list;
238
238
const char name[EBT_FUNCTION_MAXNAMELEN];
239
239
/* returns one of the standard verdicts */
240
-
int (*target)(struct sk_buff **pskb, unsigned int hooknr,
240
+
int (*target)(struct sk_buff *skb, unsigned int hooknr,
241
241
const struct net_device *in, const struct net_device *out,
242
242
const void *targetdata, unsigned int datalen);
243
243
/* 0 == let it in */
···
294
294
extern void ebt_unregister_watcher(struct ebt_watcher *watcher);
295
295
extern int ebt_register_target(struct ebt_target *target);
296
296
extern void ebt_unregister_target(struct ebt_target *target);
297
-
extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff **pskb,
297
+
extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb,
298
298
const struct net_device *in, const struct net_device *out,
299
299
struct ebt_table *table);
300
300
+2
-2
include/linux/netfilter_ipv4.h
+2
-2
include/linux/netfilter_ipv4.h
···
75
75
#define SO_ORIGINAL_DST 80
76
76
77
77
#ifdef __KERNEL__
78
-
extern int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type);
79
-
extern int ip_xfrm_me_harder(struct sk_buff **pskb);
78
+
extern int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type);
79
+
extern int ip_xfrm_me_harder(struct sk_buff *skb);
80
80
extern __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
81
81
unsigned int dataoff, u_int8_t protocol);
82
82
#endif /*__KERNEL__*/
+1
-1
include/linux/netfilter_ipv4/ip_tables.h
+1
-1
include/linux/netfilter_ipv4/ip_tables.h
+1
-1
include/linux/netfilter_ipv6/ip6_tables.h
+1
-1
include/linux/netfilter_ipv6/ip6_tables.h
···
336
336
extern int ip6t_register_table(struct xt_table *table,
337
337
const struct ip6t_replace *repl);
338
338
extern void ip6t_unregister_table(struct xt_table *table);
339
-
extern unsigned int ip6t_do_table(struct sk_buff **pskb,
339
+
extern unsigned int ip6t_do_table(struct sk_buff *skb,
340
340
unsigned int hook,
341
341
const struct net_device *in,
342
342
const struct net_device *out,
+1
include/linux/skbuff.h
+1
include/linux/skbuff.h
···
357
357
}
358
358
359
359
extern void kfree_skbmem(struct sk_buff *skb);
360
+
extern struct sk_buff *skb_morph(struct sk_buff *dst, struct sk_buff *src);
360
361
extern struct sk_buff *skb_clone(struct sk_buff *skb,
361
362
gfp_t priority);
362
363
extern struct sk_buff *skb_copy(const struct sk_buff *skb,
+1
-1
include/linux/tcp.h
+1
-1
include/linux/tcp.h
···
315
315
*/
316
316
u32 snd_ssthresh; /* Slow start size threshold */
317
317
u32 snd_cwnd; /* Sending congestion window */
318
-
u16 snd_cwnd_cnt; /* Linear increase counter */
318
+
u32 snd_cwnd_cnt; /* Linear increase counter */
319
319
u32 snd_cwnd_clamp; /* Do not allow snd_cwnd to grow above this */
320
320
u32 snd_cwnd_used;
321
321
u32 snd_cwnd_stamp;
+60
include/net/inet_frag.h
+60
include/net/inet_frag.h
···
1
+
#ifndef __NET_FRAG_H__
2
+
#define __NET_FRAG_H__
3
+
4
+
struct inet_frag_queue {
5
+
struct hlist_node list;
6
+
struct list_head lru_list; /* lru list member */
7
+
spinlock_t lock;
8
+
atomic_t refcnt;
9
+
struct timer_list timer; /* when will this queue expire? */
10
+
struct sk_buff *fragments; /* list of received fragments */
11
+
ktime_t stamp;
12
+
int len; /* total length of orig datagram */
13
+
int meat;
14
+
__u8 last_in; /* first/last segment arrived? */
15
+
16
+
#define COMPLETE 4
17
+
#define FIRST_IN 2
18
+
#define LAST_IN 1
19
+
};
20
+
21
+
#define INETFRAGS_HASHSZ 64
22
+
23
+
struct inet_frags_ctl {
24
+
int high_thresh;
25
+
int low_thresh;
26
+
int timeout;
27
+
int secret_interval;
28
+
};
29
+
30
+
struct inet_frags {
31
+
struct list_head lru_list;
32
+
struct hlist_head hash[INETFRAGS_HASHSZ];
33
+
rwlock_t lock;
34
+
u32 rnd;
35
+
int nqueues;
36
+
int qsize;
37
+
atomic_t mem;
38
+
struct timer_list secret_timer;
39
+
struct inet_frags_ctl *ctl;
40
+
41
+
unsigned int (*hashfn)(struct inet_frag_queue *);
42
+
void (*destructor)(struct inet_frag_queue *);
43
+
void (*skb_free)(struct sk_buff *);
44
+
};
45
+
46
+
void inet_frags_init(struct inet_frags *);
47
+
void inet_frags_fini(struct inet_frags *);
48
+
49
+
void inet_frag_kill(struct inet_frag_queue *q, struct inet_frags *f);
50
+
void inet_frag_destroy(struct inet_frag_queue *q,
51
+
struct inet_frags *f, int *work);
52
+
int inet_frag_evictor(struct inet_frags *f);
53
+
54
+
static inline void inet_frag_put(struct inet_frag_queue *q, struct inet_frags *f)
55
+
{
56
+
if (atomic_dec_and_test(&q->refcnt))
57
+
inet_frag_destroy(q, f, NULL);
58
+
}
59
+
60
+
#endif
+6
-7
include/net/ip.h
+6
-7
include/net/ip.h
···
160
160
#define IP_INC_STATS(field) SNMP_INC_STATS(ip_statistics, field)
161
161
#define IP_INC_STATS_BH(field) SNMP_INC_STATS_BH(ip_statistics, field)
162
162
#define IP_INC_STATS_USER(field) SNMP_INC_STATS_USER(ip_statistics, field)
163
+
#define IP_ADD_STATS_BH(field, val) SNMP_ADD_STATS_BH(ip_statistics, field, val)
163
164
DECLARE_SNMP_STAT(struct linux_mib, net_statistics);
164
165
#define NET_INC_STATS(field) SNMP_INC_STATS(net_statistics, field)
165
166
#define NET_INC_STATS_BH(field) SNMP_INC_STATS_BH(net_statistics, field)
···
178
177
extern int sysctl_ip_nonlocal_bind;
179
178
180
179
/* From ip_fragment.c */
181
-
extern int sysctl_ipfrag_high_thresh;
182
-
extern int sysctl_ipfrag_low_thresh;
183
-
extern int sysctl_ipfrag_time;
184
-
extern int sysctl_ipfrag_secret_interval;
180
+
struct inet_frags_ctl;
181
+
extern struct inet_frags_ctl ip4_frags_ctl;
185
182
extern int sysctl_ipfrag_max_dist;
186
183
187
184
/* From inetpeer.c */
···
331
332
IP_DEFRAG_VS_FWD
332
333
};
333
334
334
-
struct sk_buff *ip_defrag(struct sk_buff *skb, u32 user);
335
-
extern int ip_frag_nqueues;
336
-
extern atomic_t ip_frag_mem;
335
+
int ip_defrag(struct sk_buff *skb, u32 user);
336
+
int ip_frag_mem(void);
337
+
int ip_frag_nqueues(void);
337
338
338
339
/*
339
340
* Functions provided by ip_forward.c
+6
-7
include/net/ip_vs.h
+6
-7
include/net/ip_vs.h
···
464
464
unsigned int proto_off,
465
465
int inverse);
466
466
467
-
int (*snat_handler)(struct sk_buff **pskb,
467
+
int (*snat_handler)(struct sk_buff *skb,
468
468
struct ip_vs_protocol *pp, struct ip_vs_conn *cp);
469
469
470
-
int (*dnat_handler)(struct sk_buff **pskb,
470
+
int (*dnat_handler)(struct sk_buff *skb,
471
471
struct ip_vs_protocol *pp, struct ip_vs_conn *cp);
472
472
473
473
int (*csum_check)(struct sk_buff *skb, struct ip_vs_protocol *pp);
···
654
654
655
655
/* output hook: return false if can't linearize. diff set for TCP. */
656
656
int (*pkt_out)(struct ip_vs_app *, struct ip_vs_conn *,
657
-
struct sk_buff **, int *diff);
657
+
struct sk_buff *, int *diff);
658
658
659
659
/* input hook: return false if can't linearize. diff set for TCP. */
660
660
int (*pkt_in)(struct ip_vs_app *, struct ip_vs_conn *,
661
-
struct sk_buff **, int *diff);
661
+
struct sk_buff *, int *diff);
662
662
663
663
/* ip_vs_app initializer */
664
664
int (*init_conn)(struct ip_vs_app *, struct ip_vs_conn *);
···
832
832
extern int ip_vs_app_inc_get(struct ip_vs_app *inc);
833
833
extern void ip_vs_app_inc_put(struct ip_vs_app *inc);
834
834
835
-
extern int ip_vs_app_pkt_out(struct ip_vs_conn *, struct sk_buff **pskb);
836
-
extern int ip_vs_app_pkt_in(struct ip_vs_conn *, struct sk_buff **pskb);
835
+
extern int ip_vs_app_pkt_out(struct ip_vs_conn *, struct sk_buff *skb);
836
+
extern int ip_vs_app_pkt_in(struct ip_vs_conn *, struct sk_buff *skb);
837
837
extern int ip_vs_skb_replace(struct sk_buff *skb, gfp_t pri,
838
838
char *o_buf, int o_len, char *n_buf, int n_len);
839
839
extern int ip_vs_app_init(void);
···
984
984
return fwd;
985
985
}
986
986
987
-
extern int ip_vs_make_skb_writable(struct sk_buff **pskb, int len);
988
987
extern void ip_vs_nat_icmp(struct sk_buff *skb, struct ip_vs_protocol *pp,
989
988
struct ip_vs_conn *cp, int dir);
990
989
+14
-7
include/net/ipv6.h
+14
-7
include/net/ipv6.h
···
120
120
SNMP_INC_STATS##modifier(statname##_statistics, (field)); \
121
121
})
122
122
123
+
#define _DEVADD(statname, modifier, idev, field, val) \
124
+
({ \
125
+
struct inet6_dev *_idev = (idev); \
126
+
if (likely(_idev != NULL)) \
127
+
SNMP_ADD_STATS##modifier((_idev)->stats.statname, (field), (val)); \
128
+
SNMP_ADD_STATS##modifier(statname##_statistics, (field), (val));\
129
+
})
130
+
123
131
/* MIBs */
124
132
DECLARE_SNMP_STAT(struct ipstats_mib, ipv6_statistics);
125
133
126
134
#define IP6_INC_STATS(idev,field) _DEVINC(ipv6, , idev, field)
127
135
#define IP6_INC_STATS_BH(idev,field) _DEVINC(ipv6, _BH, idev, field)
128
136
#define IP6_INC_STATS_USER(idev,field) _DEVINC(ipv6, _USER, idev, field)
137
+
#define IP6_ADD_STATS_BH(idev,field,val) _DEVADD(ipv6, _BH, idev, field, val)
129
138
130
139
DECLARE_SNMP_STAT(struct icmpv6_mib, icmpv6_statistics);
131
140
DECLARE_SNMP_STAT(struct icmpv6msg_mib, icmpv6msg_statistics);
···
249
240
void (*destructor)(struct sock *));
250
241
251
242
252
-
extern int ipv6_parse_hopopts(struct sk_buff **skbp);
243
+
extern int ipv6_parse_hopopts(struct sk_buff *skb);
253
244
254
245
extern struct ipv6_txoptions * ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt);
255
246
extern struct ipv6_txoptions * ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt,
···
261
252
262
253
extern int ipv6_opt_accepted(struct sock *sk, struct sk_buff *skb);
263
254
264
-
extern int ip6_frag_nqueues;
265
-
extern atomic_t ip6_frag_mem;
255
+
int ip6_frag_nqueues(void);
256
+
int ip6_frag_mem(void);
266
257
267
258
#define IPV6_FRAG_TIMEOUT (60*HZ) /* 60 seconds */
268
259
···
574
565
/*
575
566
* reassembly.c
576
567
*/
577
-
extern int sysctl_ip6frag_high_thresh;
578
-
extern int sysctl_ip6frag_low_thresh;
579
-
extern int sysctl_ip6frag_time;
580
-
extern int sysctl_ip6frag_secret_interval;
568
+
struct inet_frags_ctl;
569
+
extern struct inet_frags_ctl ip6_frags_ctl;
581
570
582
571
extern const struct proto_ops inet6_stream_ops;
583
572
extern const struct proto_ops inet6_dgram_ops;
+2
-3
include/net/netfilter/ipv6/nf_conntrack_ipv6.h
+2
-3
include/net/netfilter/ipv6/nf_conntrack_ipv6.h
···
15
15
struct net_device *out,
16
16
int (*okfn)(struct sk_buff *));
17
17
18
-
extern unsigned int nf_ct_frag6_timeout;
19
-
extern unsigned int nf_ct_frag6_low_thresh;
20
-
extern unsigned int nf_ct_frag6_high_thresh;
18
+
struct inet_frags_ctl;
19
+
extern struct inet_frags_ctl nf_frags_ctl;
21
20
22
21
#endif /* _NF_CONNTRACK_IPV6_H*/
+5
-5
include/net/netfilter/nf_conntrack_core.h
+5
-5
include/net/netfilter/nf_conntrack_core.h
···
22
22
of connection tracking. */
23
23
extern unsigned int nf_conntrack_in(int pf,
24
24
unsigned int hooknum,
25
-
struct sk_buff **pskb);
25
+
struct sk_buff *skb);
26
26
27
27
extern int nf_conntrack_init(void);
28
28
extern void nf_conntrack_cleanup(void);
···
60
60
extern struct nf_conntrack_tuple_hash *
61
61
nf_conntrack_find_get(const struct nf_conntrack_tuple *tuple);
62
62
63
-
extern int __nf_conntrack_confirm(struct sk_buff **pskb);
63
+
extern int __nf_conntrack_confirm(struct sk_buff *skb);
64
64
65
65
/* Confirm a connection: returns NF_DROP if packet must be dropped. */
66
-
static inline int nf_conntrack_confirm(struct sk_buff **pskb)
66
+
static inline int nf_conntrack_confirm(struct sk_buff *skb)
67
67
{
68
-
struct nf_conn *ct = (struct nf_conn *)(*pskb)->nfct;
68
+
struct nf_conn *ct = (struct nf_conn *)skb->nfct;
69
69
int ret = NF_ACCEPT;
70
70
71
71
if (ct) {
72
72
if (!nf_ct_is_confirmed(ct) && !nf_ct_is_dying(ct))
73
-
ret = __nf_conntrack_confirm(pskb);
73
+
ret = __nf_conntrack_confirm(skb);
74
74
nf_ct_deliver_cached_events(ct);
75
75
}
76
76
return ret;
+1
-1
include/net/netfilter/nf_conntrack_helper.h
+1
-1
include/net/netfilter/nf_conntrack_helper.h
+2
-2
include/net/netfilter/nf_nat_core.h
+2
-2
include/net/netfilter/nf_nat_core.h
···
10
10
extern unsigned int nf_nat_packet(struct nf_conn *ct,
11
11
enum ip_conntrack_info ctinfo,
12
12
unsigned int hooknum,
13
-
struct sk_buff **pskb);
13
+
struct sk_buff *skb);
14
14
15
15
extern int nf_nat_icmp_reply_translation(struct nf_conn *ct,
16
16
enum ip_conntrack_info ctinfo,
17
17
unsigned int hooknum,
18
-
struct sk_buff **pskb);
18
+
struct sk_buff *skb);
19
19
20
20
static inline int nf_nat_initialized(struct nf_conn *ct,
21
21
enum nf_nat_manip_type manip)
+3
-3
include/net/netfilter/nf_nat_helper.h
+3
-3
include/net/netfilter/nf_nat_helper.h
···
7
7
struct sk_buff;
8
8
9
9
/* These return true or false. */
10
-
extern int nf_nat_mangle_tcp_packet(struct sk_buff **skb,
10
+
extern int nf_nat_mangle_tcp_packet(struct sk_buff *skb,
11
11
struct nf_conn *ct,
12
12
enum ip_conntrack_info ctinfo,
13
13
unsigned int match_offset,
14
14
unsigned int match_len,
15
15
const char *rep_buffer,
16
16
unsigned int rep_len);
17
-
extern int nf_nat_mangle_udp_packet(struct sk_buff **skb,
17
+
extern int nf_nat_mangle_udp_packet(struct sk_buff *skb,
18
18
struct nf_conn *ct,
19
19
enum ip_conntrack_info ctinfo,
20
20
unsigned int match_offset,
21
21
unsigned int match_len,
22
22
const char *rep_buffer,
23
23
unsigned int rep_len);
24
-
extern int nf_nat_seq_adjust(struct sk_buff **pskb,
24
+
extern int nf_nat_seq_adjust(struct sk_buff *skb,
25
25
struct nf_conn *ct,
26
26
enum ip_conntrack_info ctinfo);
27
27
+1
-1
include/net/netfilter/nf_nat_protocol.h
+1
-1
include/net/netfilter/nf_nat_protocol.h
···
18
18
19
19
/* Translate a packet to the target according to manip type.
20
20
Return true if succeeded. */
21
-
int (*manip_pkt)(struct sk_buff **pskb,
21
+
int (*manip_pkt)(struct sk_buff *skb,
22
22
unsigned int iphdroff,
23
23
const struct nf_conntrack_tuple *tuple,
24
24
enum nf_nat_manip_type maniptype);
+1
-1
include/net/netfilter/nf_nat_rule.h
+1
-1
include/net/netfilter/nf_nat_rule.h
···
6
6
7
7
extern int nf_nat_rule_init(void) __init;
8
8
extern void nf_nat_rule_cleanup(void);
9
-
extern int nf_nat_rule_find(struct sk_buff **pskb,
9
+
extern int nf_nat_rule_find(struct sk_buff *skb,
10
10
unsigned int hooknum,
11
11
const struct net_device *in,
12
12
const struct net_device *out,
+1
-1
include/net/protocol.h
+1
-1
include/net/protocol.h
+1
-1
include/net/xfrm.h
+1
-1
include/net/xfrm.h
···
1051
1051
extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler, unsigned short family);
1052
1052
extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler, unsigned short family);
1053
1053
extern int xfrm6_rcv_spi(struct sk_buff *skb, __be32 spi);
1054
-
extern int xfrm6_rcv(struct sk_buff **pskb);
1054
+
extern int xfrm6_rcv(struct sk_buff *skb);
1055
1055
extern int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
1056
1056
xfrm_address_t *saddr, u8 proto);
1057
1057
extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler, unsigned short family);
+1
-1
net/bridge/br.c
+1
-1
net/bridge/br.c
+5
-1
net/bridge/br_input.c
+5
-1
net/bridge/br_input.c
···
126
126
if (!is_valid_ether_addr(eth_hdr(skb)->h_source))
127
127
goto drop;
128
128
129
+
skb = skb_share_check(skb, GFP_ATOMIC);
130
+
if (!skb)
131
+
return NULL;
132
+
129
133
if (unlikely(is_link_local(dest))) {
130
134
/* Pause frames shouldn't be passed up by driver anyway */
131
135
if (skb->protocol == htons(ETH_P_PAUSE))
···
149
145
case BR_STATE_FORWARDING:
150
146
151
147
if (br_should_route_hook) {
152
-
if (br_should_route_hook(&skb))
148
+
if (br_should_route_hook(skb))
153
149
return skb;
154
150
dest = eth_hdr(skb)->h_dest;
155
151
}
+13
-23
net/bridge/br_netfilter.c
+13
-23
net/bridge/br_netfilter.c
···
503
503
* receiving device) to make netfilter happy, the REDIRECT
504
504
* target in particular. Save the original destination IP
505
505
* address to be able to detect DNAT afterwards. */
506
-
static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
506
+
static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb,
507
507
const struct net_device *in,
508
508
const struct net_device *out,
509
509
int (*okfn)(struct sk_buff *))
510
510
{
511
511
struct iphdr *iph;
512
-
struct sk_buff *skb = *pskb;
513
512
__u32 len = nf_bridge_encap_header_len(skb);
514
-
515
-
if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
516
-
return NF_STOLEN;
517
513
518
514
if (unlikely(!pskb_may_pull(skb, len)))
519
515
goto out;
···
580
584
* took place when the packet entered the bridge), but we
581
585
* register an IPv4 PRE_ROUTING 'sabotage' hook that will
582
586
* prevent this from happening. */
583
-
static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff **pskb,
587
+
static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff *skb,
584
588
const struct net_device *in,
585
589
const struct net_device *out,
586
590
int (*okfn)(struct sk_buff *))
587
591
{
588
-
struct sk_buff *skb = *pskb;
589
-
590
592
if (skb->dst == (struct dst_entry *)&__fake_rtable) {
591
593
dst_release(skb->dst);
592
594
skb->dst = NULL;
···
619
625
* but we are still able to filter on the 'real' indev/outdev
620
626
* because of the physdev module. For ARP, indev and outdev are the
621
627
* bridge ports. */
622
-
static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb,
628
+
static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff *skb,
623
629
const struct net_device *in,
624
630
const struct net_device *out,
625
631
int (*okfn)(struct sk_buff *))
626
632
{
627
-
struct sk_buff *skb = *pskb;
628
633
struct nf_bridge_info *nf_bridge;
629
634
struct net_device *parent;
630
635
int pf;
···
641
648
else
642
649
pf = PF_INET6;
643
650
644
-
nf_bridge_pull_encap_header(*pskb);
651
+
nf_bridge_pull_encap_header(skb);
645
652
646
653
nf_bridge = skb->nf_bridge;
647
654
if (skb->pkt_type == PACKET_OTHERHOST) {
···
659
666
return NF_STOLEN;
660
667
}
661
668
662
-
static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb,
669
+
static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff *skb,
663
670
const struct net_device *in,
664
671
const struct net_device *out,
665
672
int (*okfn)(struct sk_buff *))
666
673
{
667
-
struct sk_buff *skb = *pskb;
668
674
struct net_device **d = (struct net_device **)(skb->cb);
669
675
670
676
#ifdef CONFIG_SYSCTL
···
674
682
if (skb->protocol != htons(ETH_P_ARP)) {
675
683
if (!IS_VLAN_ARP(skb))
676
684
return NF_ACCEPT;
677
-
nf_bridge_pull_encap_header(*pskb);
685
+
nf_bridge_pull_encap_header(skb);
678
686
}
679
687
680
688
if (arp_hdr(skb)->ar_pln != 4) {
681
689
if (IS_VLAN_ARP(skb))
682
-
nf_bridge_push_encap_header(*pskb);
690
+
nf_bridge_push_encap_header(skb);
683
691
return NF_ACCEPT;
684
692
}
685
693
*d = (struct net_device *)in;
···
701
709
* NF_BR_PRI_FIRST, so no relevant PF_BRIDGE/INPUT functions have been nor
702
710
* will be executed.
703
711
*/
704
-
static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff **pskb,
712
+
static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff *skb,
705
713
const struct net_device *in,
706
714
const struct net_device *out,
707
715
int (*okfn)(struct sk_buff *))
708
716
{
709
717
struct net_device *realindev;
710
-
struct sk_buff *skb = *pskb;
711
718
struct nf_bridge_info *nf_bridge;
712
719
713
720
if (!skb->nf_bridge)
···
743
752
}
744
753
745
754
/* PF_BRIDGE/POST_ROUTING ********************************************/
746
-
static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb,
755
+
static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,
747
756
const struct net_device *in,
748
757
const struct net_device *out,
749
758
int (*okfn)(struct sk_buff *))
750
759
{
751
-
struct sk_buff *skb = *pskb;
752
-
struct nf_bridge_info *nf_bridge = (*pskb)->nf_bridge;
760
+
struct nf_bridge_info *nf_bridge = skb->nf_bridge;
753
761
struct net_device *realoutdev = bridge_parent(skb->dev);
754
762
int pf;
755
763
···
818
828
/* IP/SABOTAGE *****************************************************/
819
829
/* Don't hand locally destined packets to PF_INET(6)/PRE_ROUTING
820
830
* for the second time. */
821
-
static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff **pskb,
831
+
static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff *skb,
822
832
const struct net_device *in,
823
833
const struct net_device *out,
824
834
int (*okfn)(struct sk_buff *))
825
835
{
826
-
if ((*pskb)->nf_bridge &&
827
-
!((*pskb)->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)) {
836
+
if (skb->nf_bridge &&
837
+
!(skb->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)) {
828
838
return NF_STOP;
829
839
}
830
840
+1
-2
net/bridge/netfilter/ebt_arpreply.c
+1
-2
net/bridge/netfilter/ebt_arpreply.c
···
15
15
#include <net/arp.h>
16
16
#include <linux/module.h>
17
17
18
-
static int ebt_target_reply(struct sk_buff **pskb, unsigned int hooknr,
18
+
static int ebt_target_reply(struct sk_buff *skb, unsigned int hooknr,
19
19
const struct net_device *in, const struct net_device *out,
20
20
const void *data, unsigned int datalen)
21
21
{
···
23
23
__be32 _sip, *siptr, _dip, *diptr;
24
24
struct arphdr _ah, *ap;
25
25
unsigned char _sha[ETH_ALEN], *shp;
26
-
struct sk_buff *skb = *pskb;
27
26
28
27
ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah);
29
28
if (ap == NULL)
+5
-12
net/bridge/netfilter/ebt_dnat.c
+5
-12
net/bridge/netfilter/ebt_dnat.c
···
8
8
*
9
9
*/
10
10
11
+
#include <linux/netfilter.h>
11
12
#include <linux/netfilter_bridge/ebtables.h>
12
13
#include <linux/netfilter_bridge/ebt_nat.h>
13
14
#include <linux/module.h>
14
15
#include <net/sock.h>
15
16
16
-
static int ebt_target_dnat(struct sk_buff **pskb, unsigned int hooknr,
17
+
static int ebt_target_dnat(struct sk_buff *skb, unsigned int hooknr,
17
18
const struct net_device *in, const struct net_device *out,
18
19
const void *data, unsigned int datalen)
19
20
{
20
21
struct ebt_nat_info *info = (struct ebt_nat_info *)data;
21
22
22
-
if (skb_shared(*pskb) || skb_cloned(*pskb)) {
23
-
struct sk_buff *nskb;
23
+
if (skb_make_writable(skb, 0))
24
+
return NF_DROP;
24
25
25
-
nskb = skb_copy(*pskb, GFP_ATOMIC);
26
-
if (!nskb)
27
-
return NF_DROP;
28
-
if ((*pskb)->sk)
29
-
skb_set_owner_w(nskb, (*pskb)->sk);
30
-
kfree_skb(*pskb);
31
-
*pskb = nskb;
32
-
}
33
-
memcpy(eth_hdr(*pskb)->h_dest, info->mac, ETH_ALEN);
26
+
memcpy(eth_hdr(skb)->h_dest, info->mac, ETH_ALEN);
34
27
return info->target;
35
28
}
36
29
+5
-5
net/bridge/netfilter/ebt_mark.c
+5
-5
net/bridge/netfilter/ebt_mark.c
···
17
17
#include <linux/netfilter_bridge/ebt_mark_t.h>
18
18
#include <linux/module.h>
19
19
20
-
static int ebt_target_mark(struct sk_buff **pskb, unsigned int hooknr,
20
+
static int ebt_target_mark(struct sk_buff *skb, unsigned int hooknr,
21
21
const struct net_device *in, const struct net_device *out,
22
22
const void *data, unsigned int datalen)
23
23
{
···
25
25
int action = info->target & -16;
26
26
27
27
if (action == MARK_SET_VALUE)
28
-
(*pskb)->mark = info->mark;
28
+
skb->mark = info->mark;
29
29
else if (action == MARK_OR_VALUE)
30
-
(*pskb)->mark |= info->mark;
30
+
skb->mark |= info->mark;
31
31
else if (action == MARK_AND_VALUE)
32
-
(*pskb)->mark &= info->mark;
32
+
skb->mark &= info->mark;
33
33
else
34
-
(*pskb)->mark ^= info->mark;
34
+
skb->mark ^= info->mark;
35
35
36
36
return info->target | ~EBT_VERDICT_BITS;
37
37
}
+7
-14
net/bridge/netfilter/ebt_redirect.c
+7
-14
net/bridge/netfilter/ebt_redirect.c
···
8
8
*
9
9
*/
10
10
11
+
#include <linux/netfilter.h>
11
12
#include <linux/netfilter_bridge/ebtables.h>
12
13
#include <linux/netfilter_bridge/ebt_redirect.h>
13
14
#include <linux/module.h>
14
15
#include <net/sock.h>
15
16
#include "../br_private.h"
16
17
17
-
static int ebt_target_redirect(struct sk_buff **pskb, unsigned int hooknr,
18
+
static int ebt_target_redirect(struct sk_buff *skb, unsigned int hooknr,
18
19
const struct net_device *in, const struct net_device *out,
19
20
const void *data, unsigned int datalen)
20
21
{
21
22
struct ebt_redirect_info *info = (struct ebt_redirect_info *)data;
22
23
23
-
if (skb_shared(*pskb) || skb_cloned(*pskb)) {
24
-
struct sk_buff *nskb;
24
+
if (skb_make_writable(skb, 0))
25
+
return NF_DROP;
25
26
26
-
nskb = skb_copy(*pskb, GFP_ATOMIC);
27
-
if (!nskb)
28
-
return NF_DROP;
29
-
if ((*pskb)->sk)
30
-
skb_set_owner_w(nskb, (*pskb)->sk);
31
-
kfree_skb(*pskb);
32
-
*pskb = nskb;
33
-
}
34
27
if (hooknr != NF_BR_BROUTING)
35
-
memcpy(eth_hdr(*pskb)->h_dest,
28
+
memcpy(eth_hdr(skb)->h_dest,
36
29
in->br_port->br->dev->dev_addr, ETH_ALEN);
37
30
else
38
-
memcpy(eth_hdr(*pskb)->h_dest, in->dev_addr, ETH_ALEN);
39
-
(*pskb)->pkt_type = PACKET_HOST;
31
+
memcpy(eth_hdr(skb)->h_dest, in->dev_addr, ETH_ALEN);
32
+
skb->pkt_type = PACKET_HOST;
40
33
return info->target;
41
34
}
42
35
+8
-15
net/bridge/netfilter/ebt_snat.c
+8
-15
net/bridge/netfilter/ebt_snat.c
···
8
8
*
9
9
*/
10
10
11
+
#include <linux/netfilter.h>
11
12
#include <linux/netfilter_bridge/ebtables.h>
12
13
#include <linux/netfilter_bridge/ebt_nat.h>
13
14
#include <linux/module.h>
···
16
15
#include <linux/if_arp.h>
17
16
#include <net/arp.h>
18
17
19
-
static int ebt_target_snat(struct sk_buff **pskb, unsigned int hooknr,
18
+
static int ebt_target_snat(struct sk_buff *skb, unsigned int hooknr,
20
19
const struct net_device *in, const struct net_device *out,
21
20
const void *data, unsigned int datalen)
22
21
{
23
22
struct ebt_nat_info *info = (struct ebt_nat_info *) data;
24
23
25
-
if (skb_shared(*pskb) || skb_cloned(*pskb)) {
26
-
struct sk_buff *nskb;
24
+
if (skb_make_writable(skb, 0))
25
+
return NF_DROP;
27
26
28
-
nskb = skb_copy(*pskb, GFP_ATOMIC);
29
-
if (!nskb)
30
-
return NF_DROP;
31
-
if ((*pskb)->sk)
32
-
skb_set_owner_w(nskb, (*pskb)->sk);
33
-
kfree_skb(*pskb);
34
-
*pskb = nskb;
35
-
}
36
-
memcpy(eth_hdr(*pskb)->h_source, info->mac, ETH_ALEN);
27
+
memcpy(eth_hdr(skb)->h_source, info->mac, ETH_ALEN);
37
28
if (!(info->target & NAT_ARP_BIT) &&
38
-
eth_hdr(*pskb)->h_proto == htons(ETH_P_ARP)) {
29
+
eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) {
39
30
struct arphdr _ah, *ap;
40
31
41
-
ap = skb_header_pointer(*pskb, 0, sizeof(_ah), &_ah);
32
+
ap = skb_header_pointer(skb, 0, sizeof(_ah), &_ah);
42
33
if (ap == NULL)
43
34
return EBT_DROP;
44
35
if (ap->ar_hln != ETH_ALEN)
45
36
goto out;
46
-
if (skb_store_bits(*pskb, sizeof(_ah), info->mac,ETH_ALEN))
37
+
if (skb_store_bits(skb, sizeof(_ah), info->mac,ETH_ALEN))
47
38
return EBT_DROP;
48
39
}
49
40
out:
+2
-2
net/bridge/netfilter/ebtable_broute.c
+2
-2
net/bridge/netfilter/ebtable_broute.c
···
51
51
.me = THIS_MODULE,
52
52
};
53
53
54
-
static int ebt_broute(struct sk_buff **pskb)
54
+
static int ebt_broute(struct sk_buff *skb)
55
55
{
56
56
int ret;
57
57
58
-
ret = ebt_do_table(NF_BR_BROUTING, pskb, (*pskb)->dev, NULL,
58
+
ret = ebt_do_table(NF_BR_BROUTING, skb, skb->dev, NULL,
59
59
&broute_table);
60
60
if (ret == NF_DROP)
61
61
return 1; /* route it */
+2
-2
net/bridge/netfilter/ebtable_filter.c
+2
-2
net/bridge/netfilter/ebtable_filter.c
···
61
61
};
62
62
63
63
static unsigned int
64
-
ebt_hook (unsigned int hook, struct sk_buff **pskb, const struct net_device *in,
64
+
ebt_hook(unsigned int hook, struct sk_buff *skb, const struct net_device *in,
65
65
const struct net_device *out, int (*okfn)(struct sk_buff *))
66
66
{
67
-
return ebt_do_table(hook, pskb, in, out, &frame_filter);
67
+
return ebt_do_table(hook, skb, in, out, &frame_filter);
68
68
}
69
69
70
70
static struct nf_hook_ops ebt_ops_filter[] = {
+4
-4
net/bridge/netfilter/ebtable_nat.c
+4
-4
net/bridge/netfilter/ebtable_nat.c
···
61
61
};
62
62
63
63
static unsigned int
64
-
ebt_nat_dst(unsigned int hook, struct sk_buff **pskb, const struct net_device *in
64
+
ebt_nat_dst(unsigned int hook, struct sk_buff *skb, const struct net_device *in
65
65
, const struct net_device *out, int (*okfn)(struct sk_buff *))
66
66
{
67
-
return ebt_do_table(hook, pskb, in, out, &frame_nat);
67
+
return ebt_do_table(hook, skb, in, out, &frame_nat);
68
68
}
69
69
70
70
static unsigned int
71
-
ebt_nat_src(unsigned int hook, struct sk_buff **pskb, const struct net_device *in
71
+
ebt_nat_src(unsigned int hook, struct sk_buff *skb, const struct net_device *in
72
72
, const struct net_device *out, int (*okfn)(struct sk_buff *))
73
73
{
74
-
return ebt_do_table(hook, pskb, in, out, &frame_nat);
74
+
return ebt_do_table(hook, skb, in, out, &frame_nat);
75
75
}
76
76
77
77
static struct nf_hook_ops ebt_ops_nat[] = {
+6
-6
net/bridge/netfilter/ebtables.c
+6
-6
net/bridge/netfilter/ebtables.c
···
142
142
}
143
143
144
144
/* Do some firewalling */
145
-
unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb,
145
+
unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
146
146
const struct net_device *in, const struct net_device *out,
147
147
struct ebt_table *table)
148
148
{
···
172
172
base = private->entries;
173
173
i = 0;
174
174
while (i < nentries) {
175
-
if (ebt_basic_match(point, eth_hdr(*pskb), in, out))
175
+
if (ebt_basic_match(point, eth_hdr(skb), in, out))
176
176
goto letscontinue;
177
177
178
-
if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0)
178
+
if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, in, out) != 0)
179
179
goto letscontinue;
180
180
181
181
/* increase counter */
182
182
(*(counter_base + i)).pcnt++;
183
-
(*(counter_base + i)).bcnt+=(**pskb).len;
183
+
(*(counter_base + i)).bcnt += skb->len;
184
184
185
185
/* these should only watch: not modify, nor tell us
186
186
what to do with the packet */
187
-
EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, hook, in,
187
+
EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, hook, in,
188
188
out);
189
189
190
190
t = (struct ebt_entry_target *)
···
193
193
if (!t->u.target->target)
194
194
verdict = ((struct ebt_standard_target *)t)->verdict;
195
195
else
196
-
verdict = t->u.target->target(pskb, hook,
196
+
verdict = t->u.target->target(skb, hook,
197
197
in, out, t->data, t->target_size);
198
198
if (verdict == EBT_ACCEPT) {
199
199
read_unlock_bh(&table->lock);
+53
-42
net/core/dev.c
+53
-42
net/core/dev.c
···
1362
1362
goto out_set_summed;
1363
1363
}
1364
1364
1365
-
if (skb_cloned(skb)) {
1365
+
offset = skb->csum_start - skb_headroom(skb);
1366
+
BUG_ON(offset >= skb_headlen(skb));
1367
+
csum = skb_checksum(skb, offset, skb->len - offset, 0);
1368
+
1369
+
offset += skb->csum_offset;
1370
+
BUG_ON(offset + sizeof(__sum16) > skb_headlen(skb));
1371
+
1372
+
if (skb_cloned(skb) &&
1373
+
!skb_clone_writable(skb, offset + sizeof(__sum16))) {
1366
1374
ret = pskb_expand_head(skb, 0, 0, GFP_ATOMIC);
1367
1375
if (ret)
1368
1376
goto out;
1369
1377
}
1370
1378
1371
-
offset = skb->csum_start - skb_headroom(skb);
1372
-
BUG_ON(offset > (int)skb->len);
1373
-
csum = skb_checksum(skb, offset, skb->len-offset, 0);
1374
-
1375
-
offset = skb_headlen(skb) - offset;
1376
-
BUG_ON(offset <= 0);
1377
-
BUG_ON(skb->csum_offset + 2 > offset);
1378
-
1379
-
*(__sum16 *)(skb->head + skb->csum_start + skb->csum_offset) =
1380
-
csum_fold(csum);
1379
+
*(__sum16 *)(skb->data + offset) = csum_fold(csum);
1381
1380
out_set_summed:
1382
1381
skb->ip_summed = CHECKSUM_NONE;
1383
1382
out:
···
1948
1949
struct Qdisc *q;
1949
1950
struct net_device *dev = skb->dev;
1950
1951
int result = TC_ACT_OK;
1952
+
u32 ttl = G_TC_RTTL(skb->tc_verd);
1951
1953
1952
-
if (dev->qdisc_ingress) {
1953
-
__u32 ttl = (__u32) G_TC_RTTL(skb->tc_verd);
1954
-
if (MAX_RED_LOOP < ttl++) {
1955
-
printk(KERN_WARNING "Redir loop detected Dropping packet (%d->%d)\n",
1956
-
skb->iif, skb->dev->ifindex);
1957
-
return TC_ACT_SHOT;
1958
-
}
1959
-
1960
-
skb->tc_verd = SET_TC_RTTL(skb->tc_verd,ttl);
1961
-
1962
-
skb->tc_verd = SET_TC_AT(skb->tc_verd,AT_INGRESS);
1963
-
1964
-
spin_lock(&dev->ingress_lock);
1965
-
if ((q = dev->qdisc_ingress) != NULL)
1966
-
result = q->enqueue(skb, q);
1967
-
spin_unlock(&dev->ingress_lock);
1968
-
1954
+
if (MAX_RED_LOOP < ttl++) {
1955
+
printk(KERN_WARNING
1956
+
"Redir loop detected Dropping packet (%d->%d)\n",
1957
+
skb->iif, dev->ifindex);
1958
+
return TC_ACT_SHOT;
1969
1959
}
1970
1960
1961
+
skb->tc_verd = SET_TC_RTTL(skb->tc_verd, ttl);
1962
+
skb->tc_verd = SET_TC_AT(skb->tc_verd, AT_INGRESS);
1963
+
1964
+
spin_lock(&dev->ingress_lock);
1965
+
if ((q = dev->qdisc_ingress) != NULL)
1966
+
result = q->enqueue(skb, q);
1967
+
spin_unlock(&dev->ingress_lock);
1968
+
1971
1969
return result;
1970
+
}
1971
+
1972
+
static inline struct sk_buff *handle_ing(struct sk_buff *skb,
1973
+
struct packet_type **pt_prev,
1974
+
int *ret, struct net_device *orig_dev)
1975
+
{
1976
+
if (!skb->dev->qdisc_ingress)
1977
+
goto out;
1978
+
1979
+
if (*pt_prev) {
1980
+
*ret = deliver_skb(skb, *pt_prev, orig_dev);
1981
+
*pt_prev = NULL;
1982
+
} else {
1983
+
/* Huh? Why does turning on AF_PACKET affect this? */
1984
+
skb->tc_verd = SET_TC_OK2MUNGE(skb->tc_verd);
1985
+
}
1986
+
1987
+
switch (ing_filter(skb)) {
1988
+
case TC_ACT_SHOT:
1989
+
case TC_ACT_STOLEN:
1990
+
kfree_skb(skb);
1991
+
return NULL;
1992
+
}
1993
+
1994
+
out:
1995
+
skb->tc_verd = 0;
1996
+
return skb;
1972
1997
}
1973
1998
#endif
1974
1999
···
2044
2021
}
2045
2022
2046
2023
#ifdef CONFIG_NET_CLS_ACT
2047
-
if (pt_prev) {
2048
-
ret = deliver_skb(skb, pt_prev, orig_dev);
2049
-
pt_prev = NULL; /* noone else should process this after*/
2050
-
} else {
2051
-
skb->tc_verd = SET_TC_OK2MUNGE(skb->tc_verd);
2052
-
}
2053
-
2054
-
ret = ing_filter(skb);
2055
-
2056
-
if (ret == TC_ACT_SHOT || (ret == TC_ACT_STOLEN)) {
2057
-
kfree_skb(skb);
2024
+
skb = handle_ing(skb, &pt_prev, &ret, orig_dev);
2025
+
if (!skb)
2058
2026
goto out;
2059
-
}
2060
-
2061
-
skb->tc_verd = 0;
2062
2027
ncls:
2063
2028
#endif
2064
2029
+2
net/core/neighbour.c
+2
net/core/neighbour.c
+96
-99
net/core/skbuff.c
+96
-99
net/core/skbuff.c
···
362
362
__kfree_skb(skb);
363
363
}
364
364
365
+
static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
366
+
{
367
+
new->tstamp = old->tstamp;
368
+
new->dev = old->dev;
369
+
new->transport_header = old->transport_header;
370
+
new->network_header = old->network_header;
371
+
new->mac_header = old->mac_header;
372
+
new->dst = dst_clone(old->dst);
373
+
#ifdef CONFIG_INET
374
+
new->sp = secpath_get(old->sp);
375
+
#endif
376
+
memcpy(new->cb, old->cb, sizeof(old->cb));
377
+
new->csum_start = old->csum_start;
378
+
new->csum_offset = old->csum_offset;
379
+
new->local_df = old->local_df;
380
+
new->pkt_type = old->pkt_type;
381
+
new->ip_summed = old->ip_summed;
382
+
skb_copy_queue_mapping(new, old);
383
+
new->priority = old->priority;
384
+
#if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
385
+
new->ipvs_property = old->ipvs_property;
386
+
#endif
387
+
new->protocol = old->protocol;
388
+
new->mark = old->mark;
389
+
__nf_copy(new, old);
390
+
#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
391
+
defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
392
+
new->nf_trace = old->nf_trace;
393
+
#endif
394
+
#ifdef CONFIG_NET_SCHED
395
+
new->tc_index = old->tc_index;
396
+
#ifdef CONFIG_NET_CLS_ACT
397
+
new->tc_verd = old->tc_verd;
398
+
#endif
399
+
#endif
400
+
skb_copy_secmark(new, old);
401
+
}
402
+
403
+
static struct sk_buff *__skb_clone(struct sk_buff *n, struct sk_buff *skb)
404
+
{
405
+
#define C(x) n->x = skb->x
406
+
407
+
n->next = n->prev = NULL;
408
+
n->sk = NULL;
409
+
__copy_skb_header(n, skb);
410
+
411
+
C(len);
412
+
C(data_len);
413
+
C(mac_len);
414
+
n->cloned = 1;
415
+
n->hdr_len = skb->nohdr ? skb_headroom(skb) : skb->hdr_len;
416
+
n->nohdr = 0;
417
+
n->destructor = NULL;
418
+
#ifdef CONFIG_NET_CLS_ACT
419
+
/* FIXME What is this and why don't we do it in copy_skb_header? */
420
+
n->tc_verd = SET_TC_VERD(n->tc_verd,0);
421
+
n->tc_verd = CLR_TC_OK2MUNGE(n->tc_verd);
422
+
n->tc_verd = CLR_TC_MUNGED(n->tc_verd);
423
+
C(iif);
424
+
#endif
425
+
C(truesize);
426
+
atomic_set(&n->users, 1);
427
+
C(head);
428
+
C(data);
429
+
C(tail);
430
+
C(end);
431
+
432
+
atomic_inc(&(skb_shinfo(skb)->dataref));
433
+
skb->cloned = 1;
434
+
435
+
return n;
436
+
#undef C
437
+
}
438
+
439
+
/**
440
+
* skb_morph - morph one skb into another
441
+
* @dst: the skb to receive the contents
442
+
* @src: the skb to supply the contents
443
+
*
444
+
* This is identical to skb_clone except that the target skb is
445
+
* supplied by the user.
446
+
*
447
+
* The target skb is returned upon exit.
448
+
*/
449
+
struct sk_buff *skb_morph(struct sk_buff *dst, struct sk_buff *src)
450
+
{
451
+
skb_release_data(dst);
452
+
return __skb_clone(dst, src);
453
+
}
454
+
EXPORT_SYMBOL_GPL(skb_morph);
455
+
365
456
/**
366
457
* skb_clone - duplicate an sk_buff
367
458
* @skb: buffer to clone
···
484
393
n->fclone = SKB_FCLONE_UNAVAILABLE;
485
394
}
486
395
487
-
#define C(x) n->x = skb->x
488
-
489
-
n->next = n->prev = NULL;
490
-
n->sk = NULL;
491
-
C(tstamp);
492
-
C(dev);
493
-
C(transport_header);
494
-
C(network_header);
495
-
C(mac_header);
496
-
C(dst);
497
-
dst_clone(skb->dst);
498
-
C(sp);
499
-
#ifdef CONFIG_INET
500
-
secpath_get(skb->sp);
501
-
#endif
502
-
memcpy(n->cb, skb->cb, sizeof(skb->cb));
503
-
C(len);
504
-
C(data_len);
505
-
C(mac_len);
506
-
C(csum);
507
-
C(local_df);
508
-
n->cloned = 1;
509
-
n->hdr_len = skb->nohdr ? skb_headroom(skb) : skb->hdr_len;
510
-
n->nohdr = 0;
511
-
C(pkt_type);
512
-
C(ip_summed);
513
-
skb_copy_queue_mapping(n, skb);
514
-
C(priority);
515
-
#if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
516
-
C(ipvs_property);
517
-
#endif
518
-
C(protocol);
519
-
n->destructor = NULL;
520
-
C(mark);
521
-
__nf_copy(n, skb);
522
-
#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
523
-
defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
524
-
C(nf_trace);
525
-
#endif
526
-
#ifdef CONFIG_NET_SCHED
527
-
C(tc_index);
528
-
#ifdef CONFIG_NET_CLS_ACT
529
-
n->tc_verd = SET_TC_VERD(skb->tc_verd,0);
530
-
n->tc_verd = CLR_TC_OK2MUNGE(n->tc_verd);
531
-
n->tc_verd = CLR_TC_MUNGED(n->tc_verd);
532
-
C(iif);
533
-
#endif
534
-
#endif
535
-
skb_copy_secmark(n, skb);
536
-
C(truesize);
537
-
atomic_set(&n->users, 1);
538
-
C(head);
539
-
C(data);
540
-
C(tail);
541
-
C(end);
542
-
543
-
atomic_inc(&(skb_shinfo(skb)->dataref));
544
-
skb->cloned = 1;
545
-
546
-
return n;
396
+
return __skb_clone(n, skb);
547
397
}
548
398
549
399
static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
···
495
463
*/
496
464
unsigned long offset = new->data - old->data;
497
465
#endif
498
-
new->sk = NULL;
499
-
new->dev = old->dev;
500
-
skb_copy_queue_mapping(new, old);
501
-
new->priority = old->priority;
502
-
new->protocol = old->protocol;
503
-
new->dst = dst_clone(old->dst);
504
-
#ifdef CONFIG_INET
505
-
new->sp = secpath_get(old->sp);
506
-
#endif
507
-
new->csum_start = old->csum_start;
508
-
new->csum_offset = old->csum_offset;
509
-
new->ip_summed = old->ip_summed;
510
-
new->transport_header = old->transport_header;
511
-
new->network_header = old->network_header;
512
-
new->mac_header = old->mac_header;
466
+
467
+
__copy_skb_header(new, old);
468
+
513
469
#ifndef NET_SKBUFF_DATA_USES_OFFSET
514
470
/* {transport,network,mac}_header are relative to skb->head */
515
471
new->transport_header += offset;
516
472
new->network_header += offset;
517
473
new->mac_header += offset;
518
474
#endif
519
-
memcpy(new->cb, old->cb, sizeof(old->cb));
520
-
new->local_df = old->local_df;
521
-
new->fclone = SKB_FCLONE_UNAVAILABLE;
522
-
new->pkt_type = old->pkt_type;
523
-
new->tstamp = old->tstamp;
524
-
new->destructor = NULL;
525
-
new->mark = old->mark;
526
-
__nf_copy(new, old);
527
-
#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
528
-
defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
529
-
new->nf_trace = old->nf_trace;
530
-
#endif
531
-
#if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
532
-
new->ipvs_property = old->ipvs_property;
533
-
#endif
534
-
#ifdef CONFIG_NET_SCHED
535
-
#ifdef CONFIG_NET_CLS_ACT
536
-
new->tc_verd = old->tc_verd;
537
-
#endif
538
-
new->tc_index = old->tc_index;
539
-
#endif
540
-
skb_copy_secmark(new, old);
541
-
atomic_set(&new->users, 1);
542
475
skb_shinfo(new)->gso_size = skb_shinfo(old)->gso_size;
543
476
skb_shinfo(new)->gso_segs = skb_shinfo(old)->gso_segs;
544
477
skb_shinfo(new)->gso_type = skb_shinfo(old)->gso_type;
···
682
685
skb->transport_header += off;
683
686
skb->network_header += off;
684
687
skb->mac_header += off;
685
-
skb->csum_start += off;
688
+
skb->csum_start += nhead;
686
689
skb->cloned = 0;
687
690
skb->hdr_len = 0;
688
691
skb->nohdr = 0;
+1
-2
net/dccp/ipv6.c
+1
-2
net/dccp/ipv6.c
+2
-2
net/decnet/netfilter/dn_rtmsg.c
+2
-2
net/decnet/netfilter/dn_rtmsg.c
···
88
88
89
89
90
90
static unsigned int dnrmg_hook(unsigned int hook,
91
-
struct sk_buff **pskb,
91
+
struct sk_buff *skb,
92
92
const struct net_device *in,
93
93
const struct net_device *out,
94
94
int (*okfn)(struct sk_buff *))
95
95
{
96
-
dnrmg_send_peer(*pskb);
96
+
dnrmg_send_peer(skb);
97
97
return NF_ACCEPT;
98
98
}
99
99
+2
-1
net/ipv4/Makefile
+2
-1
net/ipv4/Makefile
···
10
10
tcp_minisocks.o tcp_cong.o \
11
11
datagram.o raw.o udp.o udplite.o \
12
12
arp.o icmp.o devinet.o af_inet.o igmp.o \
13
-
sysctl_net_ipv4.o fib_frontend.o fib_semantics.o
13
+
sysctl_net_ipv4.o fib_frontend.o fib_semantics.o \
14
+
inet_fragment.o
14
15
15
16
obj-$(CONFIG_IP_FIB_HASH) += fib_hash.o
16
17
obj-$(CONFIG_IP_FIB_TRIE) += fib_trie.o
+174
net/ipv4/inet_fragment.c
+174
net/ipv4/inet_fragment.c
···
1
+
/*
2
+
* inet fragments management
3
+
*
4
+
* This program is free software; you can redistribute it and/or
5
+
* modify it under the terms of the GNU General Public License
6
+
* as published by the Free Software Foundation; either version
7
+
* 2 of the License, or (at your option) any later version.
8
+
*
9
+
* Authors: Pavel Emelyanov <xemul@openvz.org>
10
+
* Started as consolidation of ipv4/ip_fragment.c,
11
+
* ipv6/reassembly. and ipv6 nf conntrack reassembly
12
+
*/
13
+
14
+
#include <linux/list.h>
15
+
#include <linux/spinlock.h>
16
+
#include <linux/module.h>
17
+
#include <linux/timer.h>
18
+
#include <linux/mm.h>
19
+
#include <linux/random.h>
20
+
#include <linux/skbuff.h>
21
+
#include <linux/rtnetlink.h>
22
+
23
+
#include <net/inet_frag.h>
24
+
25
+
static void inet_frag_secret_rebuild(unsigned long dummy)
26
+
{
27
+
struct inet_frags *f = (struct inet_frags *)dummy;
28
+
unsigned long now = jiffies;
29
+
int i;
30
+
31
+
write_lock(&f->lock);
32
+
get_random_bytes(&f->rnd, sizeof(u32));
33
+
for (i = 0; i < INETFRAGS_HASHSZ; i++) {
34
+
struct inet_frag_queue *q;
35
+
struct hlist_node *p, *n;
36
+
37
+
hlist_for_each_entry_safe(q, p, n, &f->hash[i], list) {
38
+
unsigned int hval = f->hashfn(q);
39
+
40
+
if (hval != i) {
41
+
hlist_del(&q->list);
42
+
43
+
/* Relink to new hash chain. */
44
+
hlist_add_head(&q->list, &f->hash[hval]);
45
+
}
46
+
}
47
+
}
48
+
write_unlock(&f->lock);
49
+
50
+
mod_timer(&f->secret_timer, now + f->ctl->secret_interval);
51
+
}
52
+
53
+
void inet_frags_init(struct inet_frags *f)
54
+
{
55
+
int i;
56
+
57
+
for (i = 0; i < INETFRAGS_HASHSZ; i++)
58
+
INIT_HLIST_HEAD(&f->hash[i]);
59
+
60
+
INIT_LIST_HEAD(&f->lru_list);
61
+
rwlock_init(&f->lock);
62
+
63
+
f->rnd = (u32) ((num_physpages ^ (num_physpages>>7)) ^
64
+
(jiffies ^ (jiffies >> 6)));
65
+
66
+
f->nqueues = 0;
67
+
atomic_set(&f->mem, 0);
68
+
69
+
init_timer(&f->secret_timer);
70
+
f->secret_timer.function = inet_frag_secret_rebuild;
71
+
f->secret_timer.data = (unsigned long)f;
72
+
f->secret_timer.expires = jiffies + f->ctl->secret_interval;
73
+
add_timer(&f->secret_timer);
74
+
}
75
+
EXPORT_SYMBOL(inet_frags_init);
76
+
77
+
void inet_frags_fini(struct inet_frags *f)
78
+
{
79
+
del_timer(&f->secret_timer);
80
+
}
81
+
EXPORT_SYMBOL(inet_frags_fini);
82
+
83
+
static inline void fq_unlink(struct inet_frag_queue *fq, struct inet_frags *f)
84
+
{
85
+
write_lock(&f->lock);
86
+
hlist_del(&fq->list);
87
+
list_del(&fq->lru_list);
88
+
f->nqueues--;
89
+
write_unlock(&f->lock);
90
+
}
91
+
92
+
void inet_frag_kill(struct inet_frag_queue *fq, struct inet_frags *f)
93
+
{
94
+
if (del_timer(&fq->timer))
95
+
atomic_dec(&fq->refcnt);
96
+
97
+
if (!(fq->last_in & COMPLETE)) {
98
+
fq_unlink(fq, f);
99
+
atomic_dec(&fq->refcnt);
100
+
fq->last_in |= COMPLETE;
101
+
}
102
+
}
103
+
104
+
EXPORT_SYMBOL(inet_frag_kill);
105
+
106
+
static inline void frag_kfree_skb(struct inet_frags *f, struct sk_buff *skb,
107
+
int *work)
108
+
{
109
+
if (work)
110
+
*work -= skb->truesize;
111
+
112
+
atomic_sub(skb->truesize, &f->mem);
113
+
if (f->skb_free)
114
+
f->skb_free(skb);
115
+
kfree_skb(skb);
116
+
}
117
+
118
+
void inet_frag_destroy(struct inet_frag_queue *q, struct inet_frags *f,
119
+
int *work)
120
+
{
121
+
struct sk_buff *fp;
122
+
123
+
BUG_TRAP(q->last_in & COMPLETE);
124
+
BUG_TRAP(del_timer(&q->timer) == 0);
125
+
126
+
/* Release all fragment data. */
127
+
fp = q->fragments;
128
+
while (fp) {
129
+
struct sk_buff *xp = fp->next;
130
+
131
+
frag_kfree_skb(f, fp, work);
132
+
fp = xp;
133
+
}
134
+
135
+
if (work)
136
+
*work -= f->qsize;
137
+
atomic_sub(f->qsize, &f->mem);
138
+
139
+
f->destructor(q);
140
+
141
+
}
142
+
EXPORT_SYMBOL(inet_frag_destroy);
143
+
144
+
int inet_frag_evictor(struct inet_frags *f)
145
+
{
146
+
struct inet_frag_queue *q;
147
+
int work, evicted = 0;
148
+
149
+
work = atomic_read(&f->mem) - f->ctl->low_thresh;
150
+
while (work > 0) {
151
+
read_lock(&f->lock);
152
+
if (list_empty(&f->lru_list)) {
153
+
read_unlock(&f->lock);
154
+
break;
155
+
}
156
+
157
+
q = list_first_entry(&f->lru_list,
158
+
struct inet_frag_queue, lru_list);
159
+
atomic_inc(&q->refcnt);
160
+
read_unlock(&f->lock);
161
+
162
+
spin_lock(&q->lock);
163
+
if (!(q->last_in & COMPLETE))
164
+
inet_frag_kill(q, f);
165
+
spin_unlock(&q->lock);
166
+
167
+
if (atomic_dec_and_test(&q->refcnt))
168
+
inet_frag_destroy(q, f, &work);
169
+
evicted++;
170
+
}
171
+
172
+
return evicted;
173
+
}
174
+
EXPORT_SYMBOL(inet_frag_evictor);
+1
-1
net/ipv4/ip_forward.c
+1
-1
net/ipv4/ip_forward.c
+176
-243
net/ipv4/ip_fragment.c
+176
-243
net/ipv4/ip_fragment.c
···
39
39
#include <net/icmp.h>
40
40
#include <net/checksum.h>
41
41
#include <net/inetpeer.h>
42
+
#include <net/inet_frag.h>
42
43
#include <linux/tcp.h>
43
44
#include <linux/udp.h>
44
45
#include <linux/inet.h>
···
50
49
* as well. Or notify me, at least. --ANK
51
50
*/
52
51
53
-
/* Fragment cache limits. We will commit 256K at one time. Should we
54
-
* cross that limit we will prune down to 192K. This should cope with
55
-
* even the most extreme cases without allowing an attacker to measurably
56
-
* harm machine performance.
57
-
*/
58
-
int sysctl_ipfrag_high_thresh __read_mostly = 256*1024;
59
-
int sysctl_ipfrag_low_thresh __read_mostly = 192*1024;
60
-
61
52
int sysctl_ipfrag_max_dist __read_mostly = 64;
62
-
63
-
/* Important NOTE! Fragment queue must be destroyed before MSL expires.
64
-
* RFC791 is wrong proposing to prolongate timer each fragment arrival by TTL.
65
-
*/
66
-
int sysctl_ipfrag_time __read_mostly = IP_FRAG_TIME;
67
53
68
54
struct ipfrag_skb_cb
69
55
{
···
62
74
63
75
/* Describe an entry in the "incomplete datagrams" queue. */
64
76
struct ipq {
65
-
struct hlist_node list;
66
-
struct list_head lru_list; /* lru list member */
77
+
struct inet_frag_queue q;
78
+
67
79
u32 user;
68
80
__be32 saddr;
69
81
__be32 daddr;
70
82
__be16 id;
71
83
u8 protocol;
72
-
u8 last_in;
73
-
#define COMPLETE 4
74
-
#define FIRST_IN 2
75
-
#define LAST_IN 1
76
-
77
-
struct sk_buff *fragments; /* linked list of received fragments */
78
-
int len; /* total length of original datagram */
79
-
int meat;
80
-
spinlock_t lock;
81
-
atomic_t refcnt;
82
-
struct timer_list timer; /* when will this queue expire? */
83
-
ktime_t stamp;
84
84
int iif;
85
85
unsigned int rid;
86
86
struct inet_peer *peer;
87
87
};
88
88
89
-
/* Hash table. */
89
+
struct inet_frags_ctl ip4_frags_ctl __read_mostly = {
90
+
/*
91
+
* Fragment cache limits. We will commit 256K at one time. Should we
92
+
* cross that limit we will prune down to 192K. This should cope with
93
+
* even the most extreme cases without allowing an attacker to
94
+
* measurably harm machine performance.
95
+
*/
96
+
.high_thresh = 256 * 1024,
97
+
.low_thresh = 192 * 1024,
90
98
91
-
#define IPQ_HASHSZ 64
99
+
/*
100
+
* Important NOTE! Fragment queue must be destroyed before MSL expires.
101
+
* RFC791 is wrong proposing to prolongate timer each fragment arrival
102
+
* by TTL.
103
+
*/
104
+
.timeout = IP_FRAG_TIME,
105
+
.secret_interval = 10 * 60 * HZ,
106
+
};
92
107
93
-
/* Per-bucket lock is easy to add now. */
94
-
static struct hlist_head ipq_hash[IPQ_HASHSZ];
95
-
static DEFINE_RWLOCK(ipfrag_lock);
96
-
static u32 ipfrag_hash_rnd;
97
-
static LIST_HEAD(ipq_lru_list);
98
-
int ip_frag_nqueues = 0;
108
+
static struct inet_frags ip4_frags;
99
109
100
-
static __inline__ void __ipq_unlink(struct ipq *qp)
110
+
int ip_frag_nqueues(void)
101
111
{
102
-
hlist_del(&qp->list);
103
-
list_del(&qp->lru_list);
104
-
ip_frag_nqueues--;
112
+
return ip4_frags.nqueues;
105
113
}
106
114
107
-
static __inline__ void ipq_unlink(struct ipq *ipq)
115
+
int ip_frag_mem(void)
108
116
{
109
-
write_lock(&ipfrag_lock);
110
-
__ipq_unlink(ipq);
111
-
write_unlock(&ipfrag_lock);
117
+
return atomic_read(&ip4_frags.mem);
112
118
}
119
+
120
+
static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev,
121
+
struct net_device *dev);
113
122
114
123
static unsigned int ipqhashfn(__be16 id, __be32 saddr, __be32 daddr, u8 prot)
115
124
{
116
125
return jhash_3words((__force u32)id << 16 | prot,
117
126
(__force u32)saddr, (__force u32)daddr,
118
-
ipfrag_hash_rnd) & (IPQ_HASHSZ - 1);
127
+
ip4_frags.rnd) & (INETFRAGS_HASHSZ - 1);
119
128
}
120
129
121
-
static struct timer_list ipfrag_secret_timer;
122
-
int sysctl_ipfrag_secret_interval __read_mostly = 10 * 60 * HZ;
123
-
124
-
static void ipfrag_secret_rebuild(unsigned long dummy)
130
+
static unsigned int ip4_hashfn(struct inet_frag_queue *q)
125
131
{
126
-
unsigned long now = jiffies;
127
-
int i;
132
+
struct ipq *ipq;
128
133
129
-
write_lock(&ipfrag_lock);
130
-
get_random_bytes(&ipfrag_hash_rnd, sizeof(u32));
131
-
for (i = 0; i < IPQ_HASHSZ; i++) {
132
-
struct ipq *q;
133
-
struct hlist_node *p, *n;
134
-
135
-
hlist_for_each_entry_safe(q, p, n, &ipq_hash[i], list) {
136
-
unsigned int hval = ipqhashfn(q->id, q->saddr,
137
-
q->daddr, q->protocol);
138
-
139
-
if (hval != i) {
140
-
hlist_del(&q->list);
141
-
142
-
/* Relink to new hash chain. */
143
-
hlist_add_head(&q->list, &ipq_hash[hval]);
144
-
}
145
-
}
146
-
}
147
-
write_unlock(&ipfrag_lock);
148
-
149
-
mod_timer(&ipfrag_secret_timer, now + sysctl_ipfrag_secret_interval);
134
+
ipq = container_of(q, struct ipq, q);
135
+
return ipqhashfn(ipq->id, ipq->saddr, ipq->daddr, ipq->protocol);
150
136
}
151
-
152
-
atomic_t ip_frag_mem = ATOMIC_INIT(0); /* Memory used for fragments */
153
137
154
138
/* Memory Tracking Functions. */
155
139
static __inline__ void frag_kfree_skb(struct sk_buff *skb, int *work)
156
140
{
157
141
if (work)
158
142
*work -= skb->truesize;
159
-
atomic_sub(skb->truesize, &ip_frag_mem);
143
+
atomic_sub(skb->truesize, &ip4_frags.mem);
160
144
kfree_skb(skb);
161
145
}
162
146
163
-
static __inline__ void frag_free_queue(struct ipq *qp, int *work)
147
+
static __inline__ void ip4_frag_free(struct inet_frag_queue *q)
164
148
{
165
-
if (work)
166
-
*work -= sizeof(struct ipq);
167
-
atomic_sub(sizeof(struct ipq), &ip_frag_mem);
149
+
struct ipq *qp;
150
+
151
+
qp = container_of(q, struct ipq, q);
152
+
if (qp->peer)
153
+
inet_putpeer(qp->peer);
168
154
kfree(qp);
169
155
}
170
156
171
157
static __inline__ struct ipq *frag_alloc_queue(void)
172
158
{
173
-
struct ipq *qp = kmalloc(sizeof(struct ipq), GFP_ATOMIC);
159
+
struct ipq *qp = kzalloc(sizeof(struct ipq), GFP_ATOMIC);
174
160
175
161
if (!qp)
176
162
return NULL;
177
-
atomic_add(sizeof(struct ipq), &ip_frag_mem);
163
+
atomic_add(sizeof(struct ipq), &ip4_frags.mem);
178
164
return qp;
179
165
}
180
166
181
167
182
168
/* Destruction primitives. */
183
169
184
-
/* Complete destruction of ipq. */
185
-
static void ip_frag_destroy(struct ipq *qp, int *work)
170
+
static __inline__ void ipq_put(struct ipq *ipq)
186
171
{
187
-
struct sk_buff *fp;
188
-
189
-
BUG_TRAP(qp->last_in&COMPLETE);
190
-
BUG_TRAP(del_timer(&qp->timer) == 0);
191
-
192
-
if (qp->peer)
193
-
inet_putpeer(qp->peer);
194
-
195
-
/* Release all fragment data. */
196
-
fp = qp->fragments;
197
-
while (fp) {
198
-
struct sk_buff *xp = fp->next;
199
-
200
-
frag_kfree_skb(fp, work);
201
-
fp = xp;
202
-
}
203
-
204
-
/* Finally, release the queue descriptor itself. */
205
-
frag_free_queue(qp, work);
206
-
}
207
-
208
-
static __inline__ void ipq_put(struct ipq *ipq, int *work)
209
-
{
210
-
if (atomic_dec_and_test(&ipq->refcnt))
211
-
ip_frag_destroy(ipq, work);
172
+
inet_frag_put(&ipq->q, &ip4_frags);
212
173
}
213
174
214
175
/* Kill ipq entry. It is not destroyed immediately,
···
165
228
*/
166
229
static void ipq_kill(struct ipq *ipq)
167
230
{
168
-
if (del_timer(&ipq->timer))
169
-
atomic_dec(&ipq->refcnt);
170
-
171
-
if (!(ipq->last_in & COMPLETE)) {
172
-
ipq_unlink(ipq);
173
-
atomic_dec(&ipq->refcnt);
174
-
ipq->last_in |= COMPLETE;
175
-
}
231
+
inet_frag_kill(&ipq->q, &ip4_frags);
176
232
}
177
233
178
234
/* Memory limiting on fragments. Evictor trashes the oldest
···
173
243
*/
174
244
static void ip_evictor(void)
175
245
{
176
-
struct ipq *qp;
177
-
struct list_head *tmp;
178
-
int work;
246
+
int evicted;
179
247
180
-
work = atomic_read(&ip_frag_mem) - sysctl_ipfrag_low_thresh;
181
-
if (work <= 0)
182
-
return;
183
-
184
-
while (work > 0) {
185
-
read_lock(&ipfrag_lock);
186
-
if (list_empty(&ipq_lru_list)) {
187
-
read_unlock(&ipfrag_lock);
188
-
return;
189
-
}
190
-
tmp = ipq_lru_list.next;
191
-
qp = list_entry(tmp, struct ipq, lru_list);
192
-
atomic_inc(&qp->refcnt);
193
-
read_unlock(&ipfrag_lock);
194
-
195
-
spin_lock(&qp->lock);
196
-
if (!(qp->last_in&COMPLETE))
197
-
ipq_kill(qp);
198
-
spin_unlock(&qp->lock);
199
-
200
-
ipq_put(qp, &work);
201
-
IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS);
202
-
}
248
+
evicted = inet_frag_evictor(&ip4_frags);
249
+
if (evicted)
250
+
IP_ADD_STATS_BH(IPSTATS_MIB_REASMFAILS, evicted);
203
251
}
204
252
205
253
/*
···
187
279
{
188
280
struct ipq *qp = (struct ipq *) arg;
189
281
190
-
spin_lock(&qp->lock);
282
+
spin_lock(&qp->q.lock);
191
283
192
-
if (qp->last_in & COMPLETE)
284
+
if (qp->q.last_in & COMPLETE)
193
285
goto out;
194
286
195
287
ipq_kill(qp);
···
197
289
IP_INC_STATS_BH(IPSTATS_MIB_REASMTIMEOUT);
198
290
IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS);
199
291
200
-
if ((qp->last_in&FIRST_IN) && qp->fragments != NULL) {
201
-
struct sk_buff *head = qp->fragments;
292
+
if ((qp->q.last_in&FIRST_IN) && qp->q.fragments != NULL) {
293
+
struct sk_buff *head = qp->q.fragments;
202
294
/* Send an ICMP "Fragment Reassembly Timeout" message. */
203
295
if ((head->dev = dev_get_by_index(&init_net, qp->iif)) != NULL) {
204
296
icmp_send(head, ICMP_TIME_EXCEEDED, ICMP_EXC_FRAGTIME, 0);
···
206
298
}
207
299
}
208
300
out:
209
-
spin_unlock(&qp->lock);
210
-
ipq_put(qp, NULL);
301
+
spin_unlock(&qp->q.lock);
302
+
ipq_put(qp);
211
303
}
212
304
213
305
/* Creation primitives. */
···
220
312
#endif
221
313
unsigned int hash;
222
314
223
-
write_lock(&ipfrag_lock);
315
+
write_lock(&ip4_frags.lock);
224
316
hash = ipqhashfn(qp_in->id, qp_in->saddr, qp_in->daddr,
225
317
qp_in->protocol);
226
318
#ifdef CONFIG_SMP
···
228
320
* such entry could be created on other cpu, while we
229
321
* promoted read lock to write lock.
230
322
*/
231
-
hlist_for_each_entry(qp, n, &ipq_hash[hash], list) {
323
+
hlist_for_each_entry(qp, n, &ip4_frags.hash[hash], q.list) {
232
324
if (qp->id == qp_in->id &&
233
325
qp->saddr == qp_in->saddr &&
234
326
qp->daddr == qp_in->daddr &&
235
327
qp->protocol == qp_in->protocol &&
236
328
qp->user == qp_in->user) {
237
-
atomic_inc(&qp->refcnt);
238
-
write_unlock(&ipfrag_lock);
239
-
qp_in->last_in |= COMPLETE;
240
-
ipq_put(qp_in, NULL);
329
+
atomic_inc(&qp->q.refcnt);
330
+
write_unlock(&ip4_frags.lock);
331
+
qp_in->q.last_in |= COMPLETE;
332
+
ipq_put(qp_in);
241
333
return qp;
242
334
}
243
335
}
244
336
#endif
245
337
qp = qp_in;
246
338
247
-
if (!mod_timer(&qp->timer, jiffies + sysctl_ipfrag_time))
248
-
atomic_inc(&qp->refcnt);
339
+
if (!mod_timer(&qp->q.timer, jiffies + ip4_frags_ctl.timeout))
340
+
atomic_inc(&qp->q.refcnt);
249
341
250
-
atomic_inc(&qp->refcnt);
251
-
hlist_add_head(&qp->list, &ipq_hash[hash]);
252
-
INIT_LIST_HEAD(&qp->lru_list);
253
-
list_add_tail(&qp->lru_list, &ipq_lru_list);
254
-
ip_frag_nqueues++;
255
-
write_unlock(&ipfrag_lock);
342
+
atomic_inc(&qp->q.refcnt);
343
+
hlist_add_head(&qp->q.list, &ip4_frags.hash[hash]);
344
+
INIT_LIST_HEAD(&qp->q.lru_list);
345
+
list_add_tail(&qp->q.lru_list, &ip4_frags.lru_list);
346
+
ip4_frags.nqueues++;
347
+
write_unlock(&ip4_frags.lock);
256
348
return qp;
257
349
}
258
350
···
265
357
goto out_nomem;
266
358
267
359
qp->protocol = iph->protocol;
268
-
qp->last_in = 0;
269
360
qp->id = iph->id;
270
361
qp->saddr = iph->saddr;
271
362
qp->daddr = iph->daddr;
272
363
qp->user = user;
273
-
qp->len = 0;
274
-
qp->meat = 0;
275
-
qp->fragments = NULL;
276
-
qp->iif = 0;
277
364
qp->peer = sysctl_ipfrag_max_dist ? inet_getpeer(iph->saddr, 1) : NULL;
278
365
279
366
/* Initialize a timer for this entry. */
280
-
init_timer(&qp->timer);
281
-
qp->timer.data = (unsigned long) qp; /* pointer to queue */
282
-
qp->timer.function = ip_expire; /* expire function */
283
-
spin_lock_init(&qp->lock);
284
-
atomic_set(&qp->refcnt, 1);
367
+
init_timer(&qp->q.timer);
368
+
qp->q.timer.data = (unsigned long) qp; /* pointer to queue */
369
+
qp->q.timer.function = ip_expire; /* expire function */
370
+
spin_lock_init(&qp->q.lock);
371
+
atomic_set(&qp->q.refcnt, 1);
285
372
286
373
return ip_frag_intern(qp);
287
374
···
298
395
struct ipq *qp;
299
396
struct hlist_node *n;
300
397
301
-
read_lock(&ipfrag_lock);
398
+
read_lock(&ip4_frags.lock);
302
399
hash = ipqhashfn(id, saddr, daddr, protocol);
303
-
hlist_for_each_entry(qp, n, &ipq_hash[hash], list) {
400
+
hlist_for_each_entry(qp, n, &ip4_frags.hash[hash], q.list) {
304
401
if (qp->id == id &&
305
402
qp->saddr == saddr &&
306
403
qp->daddr == daddr &&
307
404
qp->protocol == protocol &&
308
405
qp->user == user) {
309
-
atomic_inc(&qp->refcnt);
310
-
read_unlock(&ipfrag_lock);
406
+
atomic_inc(&qp->q.refcnt);
407
+
read_unlock(&ip4_frags.lock);
311
408
return qp;
312
409
}
313
410
}
314
-
read_unlock(&ipfrag_lock);
411
+
read_unlock(&ip4_frags.lock);
315
412
316
413
return ip_frag_create(iph, user);
317
414
}
···
332
429
end = atomic_inc_return(&peer->rid);
333
430
qp->rid = end;
334
431
335
-
rc = qp->fragments && (end - start) > max;
432
+
rc = qp->q.fragments && (end - start) > max;
336
433
337
434
if (rc) {
338
435
IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS);
···
345
442
{
346
443
struct sk_buff *fp;
347
444
348
-
if (!mod_timer(&qp->timer, jiffies + sysctl_ipfrag_time)) {
349
-
atomic_inc(&qp->refcnt);
445
+
if (!mod_timer(&qp->q.timer, jiffies + ip4_frags_ctl.timeout)) {
446
+
atomic_inc(&qp->q.refcnt);
350
447
return -ETIMEDOUT;
351
448
}
352
449
353
-
fp = qp->fragments;
450
+
fp = qp->q.fragments;
354
451
do {
355
452
struct sk_buff *xp = fp->next;
356
453
frag_kfree_skb(fp, NULL);
357
454
fp = xp;
358
455
} while (fp);
359
456
360
-
qp->last_in = 0;
361
-
qp->len = 0;
362
-
qp->meat = 0;
363
-
qp->fragments = NULL;
457
+
qp->q.last_in = 0;
458
+
qp->q.len = 0;
459
+
qp->q.meat = 0;
460
+
qp->q.fragments = NULL;
364
461
qp->iif = 0;
365
462
366
463
return 0;
367
464
}
368
465
369
466
/* Add new segment to existing queue. */
370
-
static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb)
467
+
static int ip_frag_queue(struct ipq *qp, struct sk_buff *skb)
371
468
{
372
469
struct sk_buff *prev, *next;
470
+
struct net_device *dev;
373
471
int flags, offset;
374
472
int ihl, end;
473
+
int err = -ENOENT;
375
474
376
-
if (qp->last_in & COMPLETE)
475
+
if (qp->q.last_in & COMPLETE)
377
476
goto err;
378
477
379
478
if (!(IPCB(skb)->flags & IPSKB_FRAG_COMPLETE) &&
380
-
unlikely(ip_frag_too_far(qp)) && unlikely(ip_frag_reinit(qp))) {
479
+
unlikely(ip_frag_too_far(qp)) &&
480
+
unlikely(err = ip_frag_reinit(qp))) {
381
481
ipq_kill(qp);
382
482
goto err;
383
483
}
···
393
487
394
488
/* Determine the position of this fragment. */
395
489
end = offset + skb->len - ihl;
490
+
err = -EINVAL;
396
491
397
492
/* Is this the final fragment? */
398
493
if ((flags & IP_MF) == 0) {
399
494
/* If we already have some bits beyond end
400
495
* or have different end, the segment is corrrupted.
401
496
*/
402
-
if (end < qp->len ||
403
-
((qp->last_in & LAST_IN) && end != qp->len))
497
+
if (end < qp->q.len ||
498
+
((qp->q.last_in & LAST_IN) && end != qp->q.len))
404
499
goto err;
405
-
qp->last_in |= LAST_IN;
406
-
qp->len = end;
500
+
qp->q.last_in |= LAST_IN;
501
+
qp->q.len = end;
407
502
} else {
408
503
if (end&7) {
409
504
end &= ~7;
410
505
if (skb->ip_summed != CHECKSUM_UNNECESSARY)
411
506
skb->ip_summed = CHECKSUM_NONE;
412
507
}
413
-
if (end > qp->len) {
508
+
if (end > qp->q.len) {
414
509
/* Some bits beyond end -> corruption. */
415
-
if (qp->last_in & LAST_IN)
510
+
if (qp->q.last_in & LAST_IN)
416
511
goto err;
417
-
qp->len = end;
512
+
qp->q.len = end;
418
513
}
419
514
}
420
515
if (end == offset)
421
516
goto err;
422
517
518
+
err = -ENOMEM;
423
519
if (pskb_pull(skb, ihl) == NULL)
424
520
goto err;
425
-
if (pskb_trim_rcsum(skb, end-offset))
521
+
522
+
err = pskb_trim_rcsum(skb, end - offset);
523
+
if (err)
426
524
goto err;
427
525
428
526
/* Find out which fragments are in front and at the back of us
···
434
524
* this fragment, right?
435
525
*/
436
526
prev = NULL;
437
-
for (next = qp->fragments; next != NULL; next = next->next) {
527
+
for (next = qp->q.fragments; next != NULL; next = next->next) {
438
528
if (FRAG_CB(next)->offset >= offset)
439
529
break; /* bingo! */
440
530
prev = next;
···
449
539
450
540
if (i > 0) {
451
541
offset += i;
542
+
err = -EINVAL;
452
543
if (end <= offset)
453
544
goto err;
545
+
err = -ENOMEM;
454
546
if (!pskb_pull(skb, i))
455
547
goto err;
456
548
if (skb->ip_summed != CHECKSUM_UNNECESSARY)
457
549
skb->ip_summed = CHECKSUM_NONE;
458
550
}
459
551
}
552
+
553
+
err = -ENOMEM;
460
554
461
555
while (next && FRAG_CB(next)->offset < end) {
462
556
int i = end - FRAG_CB(next)->offset; /* overlap is 'i' bytes */
···
472
558
if (!pskb_pull(next, i))
473
559
goto err;
474
560
FRAG_CB(next)->offset += i;
475
-
qp->meat -= i;
561
+
qp->q.meat -= i;
476
562
if (next->ip_summed != CHECKSUM_UNNECESSARY)
477
563
next->ip_summed = CHECKSUM_NONE;
478
564
break;
···
487
573
if (prev)
488
574
prev->next = next;
489
575
else
490
-
qp->fragments = next;
576
+
qp->q.fragments = next;
491
577
492
-
qp->meat -= free_it->len;
578
+
qp->q.meat -= free_it->len;
493
579
frag_kfree_skb(free_it, NULL);
494
580
}
495
581
}
···
501
587
if (prev)
502
588
prev->next = skb;
503
589
else
504
-
qp->fragments = skb;
590
+
qp->q.fragments = skb;
505
591
506
-
if (skb->dev)
507
-
qp->iif = skb->dev->ifindex;
508
-
skb->dev = NULL;
509
-
qp->stamp = skb->tstamp;
510
-
qp->meat += skb->len;
511
-
atomic_add(skb->truesize, &ip_frag_mem);
592
+
dev = skb->dev;
593
+
if (dev) {
594
+
qp->iif = dev->ifindex;
595
+
skb->dev = NULL;
596
+
}
597
+
qp->q.stamp = skb->tstamp;
598
+
qp->q.meat += skb->len;
599
+
atomic_add(skb->truesize, &ip4_frags.mem);
512
600
if (offset == 0)
513
-
qp->last_in |= FIRST_IN;
601
+
qp->q.last_in |= FIRST_IN;
514
602
515
-
write_lock(&ipfrag_lock);
516
-
list_move_tail(&qp->lru_list, &ipq_lru_list);
517
-
write_unlock(&ipfrag_lock);
603
+
if (qp->q.last_in == (FIRST_IN | LAST_IN) && qp->q.meat == qp->q.len)
604
+
return ip_frag_reasm(qp, prev, dev);
518
605
519
-
return;
606
+
write_lock(&ip4_frags.lock);
607
+
list_move_tail(&qp->q.lru_list, &ip4_frags.lru_list);
608
+
write_unlock(&ip4_frags.lock);
609
+
return -EINPROGRESS;
520
610
521
611
err:
522
612
kfree_skb(skb);
613
+
return err;
523
614
}
524
615
525
616
526
617
/* Build a new IP datagram from all its fragments. */
527
618
528
-
static struct sk_buff *ip_frag_reasm(struct ipq *qp, struct net_device *dev)
619
+
static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev,
620
+
struct net_device *dev)
529
621
{
530
622
struct iphdr *iph;
531
-
struct sk_buff *fp, *head = qp->fragments;
623
+
struct sk_buff *fp, *head = qp->q.fragments;
532
624
int len;
533
625
int ihlen;
626
+
int err;
534
627
535
628
ipq_kill(qp);
629
+
630
+
/* Make the one we just received the head. */
631
+
if (prev) {
632
+
head = prev->next;
633
+
fp = skb_clone(head, GFP_ATOMIC);
634
+
635
+
if (!fp)
636
+
goto out_nomem;
637
+
638
+
fp->next = head->next;
639
+
prev->next = fp;
640
+
641
+
skb_morph(head, qp->q.fragments);
642
+
head->next = qp->q.fragments->next;
643
+
644
+
kfree_skb(qp->q.fragments);
645
+
qp->q.fragments = head;
646
+
}
536
647
537
648
BUG_TRAP(head != NULL);
538
649
BUG_TRAP(FRAG_CB(head)->offset == 0);
539
650
540
651
/* Allocate a new buffer for the datagram. */
541
652
ihlen = ip_hdrlen(head);
542
-
len = ihlen + qp->len;
653
+
len = ihlen + qp->q.len;
543
654
655
+
err = -E2BIG;
544
656
if (len > 65535)
545
657
goto out_oversize;
546
658
547
659
/* Head of list must not be cloned. */
660
+
err = -ENOMEM;
548
661
if (skb_cloned(head) && pskb_expand_head(head, 0, 0, GFP_ATOMIC))
549
662
goto out_nomem;
550
663
···
595
654
head->len -= clone->len;
596
655
clone->csum = 0;
597
656
clone->ip_summed = head->ip_summed;
598
-
atomic_add(clone->truesize, &ip_frag_mem);
657
+
atomic_add(clone->truesize, &ip4_frags.mem);
599
658
}
600
659
601
660
skb_shinfo(head)->frag_list = head->next;
602
661
skb_push(head, head->data - skb_network_header(head));
603
-
atomic_sub(head->truesize, &ip_frag_mem);
662
+
atomic_sub(head->truesize, &ip4_frags.mem);
604
663
605
664
for (fp=head->next; fp; fp = fp->next) {
606
665
head->data_len += fp->len;
···
610
669
else if (head->ip_summed == CHECKSUM_COMPLETE)
611
670
head->csum = csum_add(head->csum, fp->csum);
612
671
head->truesize += fp->truesize;
613
-
atomic_sub(fp->truesize, &ip_frag_mem);
672
+
atomic_sub(fp->truesize, &ip4_frags.mem);
614
673
}
615
674
616
675
head->next = NULL;
617
676
head->dev = dev;
618
-
head->tstamp = qp->stamp;
677
+
head->tstamp = qp->q.stamp;
619
678
620
679
iph = ip_hdr(head);
621
680
iph->frag_off = 0;
622
681
iph->tot_len = htons(len);
623
682
IP_INC_STATS_BH(IPSTATS_MIB_REASMOKS);
624
-
qp->fragments = NULL;
625
-
return head;
683
+
qp->q.fragments = NULL;
684
+
return 0;
626
685
627
686
out_nomem:
628
687
LIMIT_NETDEBUG(KERN_ERR "IP: queue_glue: no memory for gluing "
···
635
694
NIPQUAD(qp->saddr));
636
695
out_fail:
637
696
IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS);
638
-
return NULL;
697
+
return err;
639
698
}
640
699
641
700
/* Process an incoming IP datagram fragment. */
642
-
struct sk_buff *ip_defrag(struct sk_buff *skb, u32 user)
701
+
int ip_defrag(struct sk_buff *skb, u32 user)
643
702
{
644
703
struct ipq *qp;
645
-
struct net_device *dev;
646
704
647
705
IP_INC_STATS_BH(IPSTATS_MIB_REASMREQDS);
648
706
649
707
/* Start by cleaning up the memory. */
650
-
if (atomic_read(&ip_frag_mem) > sysctl_ipfrag_high_thresh)
708
+
if (atomic_read(&ip4_frags.mem) > ip4_frags_ctl.high_thresh)
651
709
ip_evictor();
652
-
653
-
dev = skb->dev;
654
710
655
711
/* Lookup (or create) queue header */
656
712
if ((qp = ip_find(ip_hdr(skb), user)) != NULL) {
657
-
struct sk_buff *ret = NULL;
713
+
int ret;
658
714
659
-
spin_lock(&qp->lock);
715
+
spin_lock(&qp->q.lock);
660
716
661
-
ip_frag_queue(qp, skb);
717
+
ret = ip_frag_queue(qp, skb);
662
718
663
-
if (qp->last_in == (FIRST_IN|LAST_IN) &&
664
-
qp->meat == qp->len)
665
-
ret = ip_frag_reasm(qp, dev);
666
-
667
-
spin_unlock(&qp->lock);
668
-
ipq_put(qp, NULL);
719
+
spin_unlock(&qp->q.lock);
720
+
ipq_put(qp);
669
721
return ret;
670
722
}
671
723
672
724
IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS);
673
725
kfree_skb(skb);
674
-
return NULL;
726
+
return -ENOMEM;
675
727
}
676
728
677
729
void __init ipfrag_init(void)
678
730
{
679
-
ipfrag_hash_rnd = (u32) ((num_physpages ^ (num_physpages>>7)) ^
680
-
(jiffies ^ (jiffies >> 6)));
681
-
682
-
init_timer(&ipfrag_secret_timer);
683
-
ipfrag_secret_timer.function = ipfrag_secret_rebuild;
684
-
ipfrag_secret_timer.expires = jiffies + sysctl_ipfrag_secret_interval;
685
-
add_timer(&ipfrag_secret_timer);
731
+
ip4_frags.ctl = &ip4_frags_ctl;
732
+
ip4_frags.hashfn = ip4_hashfn;
733
+
ip4_frags.destructor = ip4_frag_free;
734
+
ip4_frags.skb_free = NULL;
735
+
ip4_frags.qsize = sizeof(struct ipq);
736
+
inet_frags_init(&ip4_frags);
686
737
}
687
738
688
739
EXPORT_SYMBOL(ip_defrag);
+4
-6
net/ipv4/ip_input.c
+4
-6
net/ipv4/ip_input.c
···
172
172
(!sk->sk_bound_dev_if ||
173
173
sk->sk_bound_dev_if == skb->dev->ifindex)) {
174
174
if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
175
-
skb = ip_defrag(skb, IP_DEFRAG_CALL_RA_CHAIN);
176
-
if (skb == NULL) {
175
+
if (ip_defrag(skb, IP_DEFRAG_CALL_RA_CHAIN)) {
177
176
read_unlock(&ip_ra_lock);
178
177
return 1;
179
178
}
···
195
196
return 0;
196
197
}
197
198
198
-
static inline int ip_local_deliver_finish(struct sk_buff *skb)
199
+
static int ip_local_deliver_finish(struct sk_buff *skb)
199
200
{
200
201
__skb_pull(skb, ip_hdrlen(skb));
201
202
···
264
265
*/
265
266
266
267
if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
267
-
skb = ip_defrag(skb, IP_DEFRAG_LOCAL_DELIVER);
268
-
if (!skb)
268
+
if (ip_defrag(skb, IP_DEFRAG_LOCAL_DELIVER))
269
269
return 0;
270
270
}
271
271
···
324
326
return -1;
325
327
}
326
328
327
-
static inline int ip_rcv_finish(struct sk_buff *skb)
329
+
static int ip_rcv_finish(struct sk_buff *skb)
328
330
{
329
331
const struct iphdr *iph = ip_hdr(skb);
330
332
struct rtable *rt;
+1
-1
net/ipv4/ip_output.c
+1
-1
net/ipv4/ip_output.c
···
202
202
skb->dst->dev->mtu : dst_mtu(skb->dst);
203
203
}
204
204
205
-
static inline int ip_finish_output(struct sk_buff *skb)
205
+
static int ip_finish_output(struct sk_buff *skb)
206
206
{
207
207
#if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM)
208
208
/* Policy lookup after SNAT yielded a new policy */
+17
-16
net/ipv4/ipvs/ip_vs_app.c
+17
-16
net/ipv4/ipvs/ip_vs_app.c
···
25
25
#include <linux/skbuff.h>
26
26
#include <linux/in.h>
27
27
#include <linux/ip.h>
28
+
#include <linux/netfilter.h>
28
29
#include <net/net_namespace.h>
29
30
#include <net/protocol.h>
30
31
#include <net/tcp.h>
···
329
328
spin_unlock(&cp->lock);
330
329
}
331
330
332
-
static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb,
331
+
static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff *skb,
333
332
struct ip_vs_app *app)
334
333
{
335
334
int diff;
336
-
const unsigned int tcp_offset = ip_hdrlen(*pskb);
335
+
const unsigned int tcp_offset = ip_hdrlen(skb);
337
336
struct tcphdr *th;
338
337
__u32 seq;
339
338
340
-
if (!ip_vs_make_skb_writable(pskb, tcp_offset + sizeof(*th)))
339
+
if (!skb_make_writable(skb, tcp_offset + sizeof(*th)))
341
340
return 0;
342
341
343
-
th = (struct tcphdr *)(skb_network_header(*pskb) + tcp_offset);
342
+
th = (struct tcphdr *)(skb_network_header(skb) + tcp_offset);
344
343
345
344
/*
346
345
* Remember seq number in case this pkt gets resized
···
361
360
if (app->pkt_out == NULL)
362
361
return 1;
363
362
364
-
if (!app->pkt_out(app, cp, pskb, &diff))
363
+
if (!app->pkt_out(app, cp, skb, &diff))
365
364
return 0;
366
365
367
366
/*
···
379
378
* called by ipvs packet handler, assumes previously checked cp!=NULL
380
379
* returns false if it can't handle packet (oom)
381
380
*/
382
-
int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb)
381
+
int ip_vs_app_pkt_out(struct ip_vs_conn *cp, struct sk_buff *skb)
383
382
{
384
383
struct ip_vs_app *app;
385
384
···
392
391
393
392
/* TCP is complicated */
394
393
if (cp->protocol == IPPROTO_TCP)
395
-
return app_tcp_pkt_out(cp, pskb, app);
394
+
return app_tcp_pkt_out(cp, skb, app);
396
395
397
396
/*
398
397
* Call private output hook function
···
400
399
if (app->pkt_out == NULL)
401
400
return 1;
402
401
403
-
return app->pkt_out(app, cp, pskb, NULL);
402
+
return app->pkt_out(app, cp, skb, NULL);
404
403
}
405
404
406
405
407
-
static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb,
406
+
static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff *skb,
408
407
struct ip_vs_app *app)
409
408
{
410
409
int diff;
411
-
const unsigned int tcp_offset = ip_hdrlen(*pskb);
410
+
const unsigned int tcp_offset = ip_hdrlen(skb);
412
411
struct tcphdr *th;
413
412
__u32 seq;
414
413
415
-
if (!ip_vs_make_skb_writable(pskb, tcp_offset + sizeof(*th)))
414
+
if (!skb_make_writable(skb, tcp_offset + sizeof(*th)))
416
415
return 0;
417
416
418
-
th = (struct tcphdr *)(skb_network_header(*pskb) + tcp_offset);
417
+
th = (struct tcphdr *)(skb_network_header(skb) + tcp_offset);
419
418
420
419
/*
421
420
* Remember seq number in case this pkt gets resized
···
436
435
if (app->pkt_in == NULL)
437
436
return 1;
438
437
439
-
if (!app->pkt_in(app, cp, pskb, &diff))
438
+
if (!app->pkt_in(app, cp, skb, &diff))
440
439
return 0;
441
440
442
441
/*
···
454
453
* called by ipvs packet handler, assumes previously checked cp!=NULL.
455
454
* returns false if can't handle packet (oom).
456
455
*/
457
-
int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb)
456
+
int ip_vs_app_pkt_in(struct ip_vs_conn *cp, struct sk_buff *skb)
458
457
{
459
458
struct ip_vs_app *app;
460
459
···
467
466
468
467
/* TCP is complicated */
469
468
if (cp->protocol == IPPROTO_TCP)
470
-
return app_tcp_pkt_in(cp, pskb, app);
469
+
return app_tcp_pkt_in(cp, skb, app);
471
470
472
471
/*
473
472
* Call private input hook function
···
475
474
if (app->pkt_in == NULL)
476
475
return 1;
477
476
478
-
return app->pkt_in(app, cp, pskb, NULL);
477
+
return app->pkt_in(app, cp, skb, NULL);
479
478
}
480
479
481
480
+26
-78
net/ipv4/ipvs/ip_vs_core.c
+26
-78
net/ipv4/ipvs/ip_vs_core.c
···
58
58
#ifdef CONFIG_IP_VS_DEBUG
59
59
EXPORT_SYMBOL(ip_vs_get_debug_level);
60
60
#endif
61
-
EXPORT_SYMBOL(ip_vs_make_skb_writable);
62
61
63
62
64
63
/* ID used in ICMP lookups */
···
161
162
return pp->state_transition(cp, direction, skb, pp);
162
163
}
163
164
164
-
165
-
int ip_vs_make_skb_writable(struct sk_buff **pskb, int writable_len)
166
-
{
167
-
struct sk_buff *skb = *pskb;
168
-
169
-
/* skb is already used, better copy skb and its payload */
170
-
if (unlikely(skb_shared(skb) || skb->sk))
171
-
goto copy_skb;
172
-
173
-
/* skb data is already used, copy it */
174
-
if (unlikely(skb_cloned(skb)))
175
-
goto copy_data;
176
-
177
-
return pskb_may_pull(skb, writable_len);
178
-
179
-
copy_data:
180
-
if (unlikely(writable_len > skb->len))
181
-
return 0;
182
-
return !pskb_expand_head(skb, 0, 0, GFP_ATOMIC);
183
-
184
-
copy_skb:
185
-
if (unlikely(writable_len > skb->len))
186
-
return 0;
187
-
skb = skb_copy(skb, GFP_ATOMIC);
188
-
if (!skb)
189
-
return 0;
190
-
BUG_ON(skb_is_nonlinear(skb));
191
-
192
-
/* Rest of kernel will get very unhappy if we pass it a
193
-
suddenly-orphaned skbuff */
194
-
if ((*pskb)->sk)
195
-
skb_set_owner_w(skb, (*pskb)->sk);
196
-
kfree_skb(*pskb);
197
-
*pskb = skb;
198
-
return 1;
199
-
}
200
165
201
166
/*
202
167
* IPVS persistent scheduling function
···
488
525
* for VS/NAT.
489
526
*/
490
527
static unsigned int ip_vs_post_routing(unsigned int hooknum,
491
-
struct sk_buff **pskb,
528
+
struct sk_buff *skb,
492
529
const struct net_device *in,
493
530
const struct net_device *out,
494
531
int (*okfn)(struct sk_buff *))
495
532
{
496
-
if (!((*pskb)->ipvs_property))
533
+
if (!skb->ipvs_property)
497
534
return NF_ACCEPT;
498
535
/* The packet was sent from IPVS, exit this chain */
499
536
return NF_STOP;
···
504
541
return csum_fold(skb_checksum(skb, offset, skb->len - offset, 0));
505
542
}
506
543
507
-
static inline struct sk_buff *
508
-
ip_vs_gather_frags(struct sk_buff *skb, u_int32_t user)
544
+
static inline int ip_vs_gather_frags(struct sk_buff *skb, u_int32_t user)
509
545
{
510
-
skb = ip_defrag(skb, user);
511
-
if (skb)
546
+
int err = ip_defrag(skb, user);
547
+
548
+
if (!err)
512
549
ip_send_check(ip_hdr(skb));
513
-
return skb;
550
+
551
+
return err;
514
552
}
515
553
516
554
/*
···
569
605
* Currently handles error types - unreachable, quench, ttl exceeded.
570
606
* (Only used in VS/NAT)
571
607
*/
572
-
static int ip_vs_out_icmp(struct sk_buff **pskb, int *related)
608
+
static int ip_vs_out_icmp(struct sk_buff *skb, int *related)
573
609
{
574
-
struct sk_buff *skb = *pskb;
575
610
struct iphdr *iph;
576
611
struct icmphdr _icmph, *ic;
577
612
struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */
···
582
619
583
620
/* reassemble IP fragments */
584
621
if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
585
-
skb = ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT);
586
-
if (!skb)
622
+
if (ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT))
587
623
return NF_STOLEN;
588
-
*pskb = skb;
589
624
}
590
625
591
626
iph = ip_hdr(skb);
···
651
690
652
691
if (IPPROTO_TCP == cih->protocol || IPPROTO_UDP == cih->protocol)
653
692
offset += 2 * sizeof(__u16);
654
-
if (!ip_vs_make_skb_writable(pskb, offset))
693
+
if (!skb_make_writable(skb, offset))
655
694
goto out;
656
-
skb = *pskb;
657
695
658
696
ip_vs_nat_icmp(skb, pp, cp, 1);
659
697
···
684
724
* rewrite addresses of the packet and send it on its way...
685
725
*/
686
726
static unsigned int
687
-
ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
727
+
ip_vs_out(unsigned int hooknum, struct sk_buff *skb,
688
728
const struct net_device *in, const struct net_device *out,
689
729
int (*okfn)(struct sk_buff *))
690
730
{
691
-
struct sk_buff *skb = *pskb;
692
731
struct iphdr *iph;
693
732
struct ip_vs_protocol *pp;
694
733
struct ip_vs_conn *cp;
···
700
741
701
742
iph = ip_hdr(skb);
702
743
if (unlikely(iph->protocol == IPPROTO_ICMP)) {
703
-
int related, verdict = ip_vs_out_icmp(pskb, &related);
744
+
int related, verdict = ip_vs_out_icmp(skb, &related);
704
745
705
746
if (related)
706
747
return verdict;
707
-
skb = *pskb;
708
748
iph = ip_hdr(skb);
709
749
}
710
750
···
714
756
/* reassemble IP fragments */
715
757
if (unlikely(iph->frag_off & htons(IP_MF|IP_OFFSET) &&
716
758
!pp->dont_defrag)) {
717
-
skb = ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT);
718
-
if (!skb)
759
+
if (ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT))
719
760
return NF_STOLEN;
720
761
iph = ip_hdr(skb);
721
-
*pskb = skb;
722
762
}
723
763
724
764
ihl = iph->ihl << 2;
···
758
802
759
803
IP_VS_DBG_PKT(11, pp, skb, 0, "Outgoing packet");
760
804
761
-
if (!ip_vs_make_skb_writable(pskb, ihl))
805
+
if (!skb_make_writable(skb, ihl))
762
806
goto drop;
763
807
764
808
/* mangle the packet */
765
-
if (pp->snat_handler && !pp->snat_handler(pskb, pp, cp))
809
+
if (pp->snat_handler && !pp->snat_handler(skb, pp, cp))
766
810
goto drop;
767
-
skb = *pskb;
768
811
ip_hdr(skb)->saddr = cp->vaddr;
769
812
ip_send_check(ip_hdr(skb));
770
813
···
773
818
* if it came from this machine itself. So re-compute
774
819
* the routing information.
775
820
*/
776
-
if (ip_route_me_harder(pskb, RTN_LOCAL) != 0)
821
+
if (ip_route_me_harder(skb, RTN_LOCAL) != 0)
777
822
goto drop;
778
-
skb = *pskb;
779
823
780
824
IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT");
781
825
···
789
835
790
836
drop:
791
837
ip_vs_conn_put(cp);
792
-
kfree_skb(*pskb);
838
+
kfree_skb(skb);
793
839
return NF_STOLEN;
794
840
}
795
841
···
801
847
* Currently handles error types - unreachable, quench, ttl exceeded.
802
848
*/
803
849
static int
804
-
ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum)
850
+
ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum)
805
851
{
806
-
struct sk_buff *skb = *pskb;
807
852
struct iphdr *iph;
808
853
struct icmphdr _icmph, *ic;
809
854
struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */
···
814
861
815
862
/* reassemble IP fragments */
816
863
if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
817
-
skb = ip_vs_gather_frags(skb,
818
-
hooknum == NF_IP_LOCAL_IN ?
819
-
IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD);
820
-
if (!skb)
864
+
if (ip_vs_gather_frags(skb, hooknum == NF_IP_LOCAL_IN ?
865
+
IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD))
821
866
return NF_STOLEN;
822
-
*pskb = skb;
823
867
}
824
868
825
869
iph = ip_hdr(skb);
···
895
945
* and send it on its way...
896
946
*/
897
947
static unsigned int
898
-
ip_vs_in(unsigned int hooknum, struct sk_buff **pskb,
948
+
ip_vs_in(unsigned int hooknum, struct sk_buff *skb,
899
949
const struct net_device *in, const struct net_device *out,
900
950
int (*okfn)(struct sk_buff *))
901
951
{
902
-
struct sk_buff *skb = *pskb;
903
952
struct iphdr *iph;
904
953
struct ip_vs_protocol *pp;
905
954
struct ip_vs_conn *cp;
···
920
971
921
972
iph = ip_hdr(skb);
922
973
if (unlikely(iph->protocol == IPPROTO_ICMP)) {
923
-
int related, verdict = ip_vs_in_icmp(pskb, &related, hooknum);
974
+
int related, verdict = ip_vs_in_icmp(skb, &related, hooknum);
924
975
925
976
if (related)
926
977
return verdict;
927
-
skb = *pskb;
928
978
iph = ip_hdr(skb);
929
979
}
930
980
···
1004
1056
* and send them to ip_vs_in_icmp.
1005
1057
*/
1006
1058
static unsigned int
1007
-
ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff **pskb,
1059
+
ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff *skb,
1008
1060
const struct net_device *in, const struct net_device *out,
1009
1061
int (*okfn)(struct sk_buff *))
1010
1062
{
1011
1063
int r;
1012
1064
1013
-
if (ip_hdr(*pskb)->protocol != IPPROTO_ICMP)
1065
+
if (ip_hdr(skb)->protocol != IPPROTO_ICMP)
1014
1066
return NF_ACCEPT;
1015
1067
1016
-
return ip_vs_in_icmp(pskb, &r, hooknum);
1068
+
return ip_vs_in_icmp(skb, &r, hooknum);
1017
1069
}
1018
1070
1019
1071
+10
-9
net/ipv4/ipvs/ip_vs_ftp.c
+10
-9
net/ipv4/ipvs/ip_vs_ftp.c
···
30
30
#include <linux/skbuff.h>
31
31
#include <linux/in.h>
32
32
#include <linux/ip.h>
33
+
#include <linux/netfilter.h>
33
34
#include <net/protocol.h>
34
35
#include <net/tcp.h>
35
36
#include <asm/unaligned.h>
···
136
135
* xxx,xxx,xxx,xxx is the server address, ppp,ppp is the server port number.
137
136
*/
138
137
static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
139
-
struct sk_buff **pskb, int *diff)
138
+
struct sk_buff *skb, int *diff)
140
139
{
141
140
struct iphdr *iph;
142
141
struct tcphdr *th;
···
156
155
return 1;
157
156
158
157
/* Linear packets are much easier to deal with. */
159
-
if (!ip_vs_make_skb_writable(pskb, (*pskb)->len))
158
+
if (!skb_make_writable(skb, skb->len))
160
159
return 0;
161
160
162
161
if (cp->app_data == &ip_vs_ftp_pasv) {
163
-
iph = ip_hdr(*pskb);
162
+
iph = ip_hdr(skb);
164
163
th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]);
165
164
data = (char *)th + (th->doff << 2);
166
-
data_limit = skb_tail_pointer(*pskb);
165
+
data_limit = skb_tail_pointer(skb);
167
166
168
167
if (ip_vs_ftp_get_addrport(data, data_limit,
169
168
SERVER_STRING,
···
214
213
memcpy(start, buf, buf_len);
215
214
ret = 1;
216
215
} else {
217
-
ret = !ip_vs_skb_replace(*pskb, GFP_ATOMIC, start,
216
+
ret = !ip_vs_skb_replace(skb, GFP_ATOMIC, start,
218
217
end-start, buf, buf_len);
219
218
}
220
219
···
239
238
* the client.
240
239
*/
241
240
static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp,
242
-
struct sk_buff **pskb, int *diff)
241
+
struct sk_buff *skb, int *diff)
243
242
{
244
243
struct iphdr *iph;
245
244
struct tcphdr *th;
···
257
256
return 1;
258
257
259
258
/* Linear packets are much easier to deal with. */
260
-
if (!ip_vs_make_skb_writable(pskb, (*pskb)->len))
259
+
if (!skb_make_writable(skb, skb->len))
261
260
return 0;
262
261
263
262
/*
264
263
* Detecting whether it is passive
265
264
*/
266
-
iph = ip_hdr(*pskb);
265
+
iph = ip_hdr(skb);
267
266
th = (struct tcphdr *)&(((char *)iph)[iph->ihl*4]);
268
267
269
268
/* Since there may be OPTIONS in the TCP packet and the HLEN is
270
269
the length of the header in 32-bit multiples, it is accurate
271
270
to calculate data address by th+HLEN*4 */
272
271
data = data_start = (char *)th + (th->doff << 2);
273
-
data_limit = skb_tail_pointer(*pskb);
272
+
data_limit = skb_tail_pointer(skb);
274
273
275
274
while (data <= data_limit - 6) {
276
275
if (strnicmp(data, "PASV\r\n", 6) == 0) {
+24
-27
net/ipv4/ipvs/ip_vs_proto_tcp.c
+24
-27
net/ipv4/ipvs/ip_vs_proto_tcp.c
···
20
20
#include <linux/tcp.h> /* for tcphdr */
21
21
#include <net/ip.h>
22
22
#include <net/tcp.h> /* for csum_tcpudp_magic */
23
+
#include <linux/netfilter.h>
23
24
#include <linux/netfilter_ipv4.h>
24
25
25
26
#include <net/ip_vs.h>
···
123
122
124
123
125
124
static int
126
-
tcp_snat_handler(struct sk_buff **pskb,
125
+
tcp_snat_handler(struct sk_buff *skb,
127
126
struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
128
127
{
129
128
struct tcphdr *tcph;
130
-
const unsigned int tcphoff = ip_hdrlen(*pskb);
129
+
const unsigned int tcphoff = ip_hdrlen(skb);
131
130
132
131
/* csum_check requires unshared skb */
133
-
if (!ip_vs_make_skb_writable(pskb, tcphoff+sizeof(*tcph)))
132
+
if (!skb_make_writable(skb, tcphoff+sizeof(*tcph)))
134
133
return 0;
135
134
136
135
if (unlikely(cp->app != NULL)) {
137
136
/* Some checks before mangling */
138
-
if (pp->csum_check && !pp->csum_check(*pskb, pp))
137
+
if (pp->csum_check && !pp->csum_check(skb, pp))
139
138
return 0;
140
139
141
140
/* Call application helper if needed */
142
-
if (!ip_vs_app_pkt_out(cp, pskb))
141
+
if (!ip_vs_app_pkt_out(cp, skb))
143
142
return 0;
144
143
}
145
144
146
-
tcph = (void *)ip_hdr(*pskb) + tcphoff;
145
+
tcph = (void *)ip_hdr(skb) + tcphoff;
147
146
tcph->source = cp->vport;
148
147
149
148
/* Adjust TCP checksums */
···
151
150
/* Only port and addr are changed, do fast csum update */
152
151
tcp_fast_csum_update(tcph, cp->daddr, cp->vaddr,
153
152
cp->dport, cp->vport);
154
-
if ((*pskb)->ip_summed == CHECKSUM_COMPLETE)
155
-
(*pskb)->ip_summed = CHECKSUM_NONE;
153
+
if (skb->ip_summed == CHECKSUM_COMPLETE)
154
+
skb->ip_summed = CHECKSUM_NONE;
156
155
} else {
157
156
/* full checksum calculation */
158
157
tcph->check = 0;
159
-
(*pskb)->csum = skb_checksum(*pskb, tcphoff,
160
-
(*pskb)->len - tcphoff, 0);
158
+
skb->csum = skb_checksum(skb, tcphoff, skb->len - tcphoff, 0);
161
159
tcph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr,
162
-
(*pskb)->len - tcphoff,
163
-
cp->protocol,
164
-
(*pskb)->csum);
160
+
skb->len - tcphoff,
161
+
cp->protocol, skb->csum);
165
162
IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n",
166
163
pp->name, tcph->check,
167
164
(char*)&(tcph->check) - (char*)tcph);
···
169
170
170
171
171
172
static int
172
-
tcp_dnat_handler(struct sk_buff **pskb,
173
+
tcp_dnat_handler(struct sk_buff *skb,
173
174
struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
174
175
{
175
176
struct tcphdr *tcph;
176
-
const unsigned int tcphoff = ip_hdrlen(*pskb);
177
+
const unsigned int tcphoff = ip_hdrlen(skb);
177
178
178
179
/* csum_check requires unshared skb */
179
-
if (!ip_vs_make_skb_writable(pskb, tcphoff+sizeof(*tcph)))
180
+
if (!skb_make_writable(skb, tcphoff+sizeof(*tcph)))
180
181
return 0;
181
182
182
183
if (unlikely(cp->app != NULL)) {
183
184
/* Some checks before mangling */
184
-
if (pp->csum_check && !pp->csum_check(*pskb, pp))
185
+
if (pp->csum_check && !pp->csum_check(skb, pp))
185
186
return 0;
186
187
187
188
/*
188
189
* Attempt ip_vs_app call.
189
190
* It will fix ip_vs_conn and iph ack_seq stuff
190
191
*/
191
-
if (!ip_vs_app_pkt_in(cp, pskb))
192
+
if (!ip_vs_app_pkt_in(cp, skb))
192
193
return 0;
193
194
}
194
195
195
-
tcph = (void *)ip_hdr(*pskb) + tcphoff;
196
+
tcph = (void *)ip_hdr(skb) + tcphoff;
196
197
tcph->dest = cp->dport;
197
198
198
199
/*
···
202
203
/* Only port and addr are changed, do fast csum update */
203
204
tcp_fast_csum_update(tcph, cp->vaddr, cp->daddr,
204
205
cp->vport, cp->dport);
205
-
if ((*pskb)->ip_summed == CHECKSUM_COMPLETE)
206
-
(*pskb)->ip_summed = CHECKSUM_NONE;
206
+
if (skb->ip_summed == CHECKSUM_COMPLETE)
207
+
skb->ip_summed = CHECKSUM_NONE;
207
208
} else {
208
209
/* full checksum calculation */
209
210
tcph->check = 0;
210
-
(*pskb)->csum = skb_checksum(*pskb, tcphoff,
211
-
(*pskb)->len - tcphoff, 0);
211
+
skb->csum = skb_checksum(skb, tcphoff, skb->len - tcphoff, 0);
212
212
tcph->check = csum_tcpudp_magic(cp->caddr, cp->daddr,
213
-
(*pskb)->len - tcphoff,
214
-
cp->protocol,
215
-
(*pskb)->csum);
216
-
(*pskb)->ip_summed = CHECKSUM_UNNECESSARY;
213
+
skb->len - tcphoff,
214
+
cp->protocol, skb->csum);
215
+
skb->ip_summed = CHECKSUM_UNNECESSARY;
217
216
}
218
217
return 1;
219
218
}
+24
-27
net/ipv4/ipvs/ip_vs_proto_udp.c
+24
-27
net/ipv4/ipvs/ip_vs_proto_udp.c
···
18
18
#include <linux/in.h>
19
19
#include <linux/ip.h>
20
20
#include <linux/kernel.h>
21
+
#include <linux/netfilter.h>
21
22
#include <linux/netfilter_ipv4.h>
22
23
#include <linux/udp.h>
23
24
···
130
129
}
131
130
132
131
static int
133
-
udp_snat_handler(struct sk_buff **pskb,
132
+
udp_snat_handler(struct sk_buff *skb,
134
133
struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
135
134
{
136
135
struct udphdr *udph;
137
-
const unsigned int udphoff = ip_hdrlen(*pskb);
136
+
const unsigned int udphoff = ip_hdrlen(skb);
138
137
139
138
/* csum_check requires unshared skb */
140
-
if (!ip_vs_make_skb_writable(pskb, udphoff+sizeof(*udph)))
139
+
if (!skb_make_writable(skb, udphoff+sizeof(*udph)))
141
140
return 0;
142
141
143
142
if (unlikely(cp->app != NULL)) {
144
143
/* Some checks before mangling */
145
-
if (pp->csum_check && !pp->csum_check(*pskb, pp))
144
+
if (pp->csum_check && !pp->csum_check(skb, pp))
146
145
return 0;
147
146
148
147
/*
149
148
* Call application helper if needed
150
149
*/
151
-
if (!ip_vs_app_pkt_out(cp, pskb))
150
+
if (!ip_vs_app_pkt_out(cp, skb))
152
151
return 0;
153
152
}
154
153
155
-
udph = (void *)ip_hdr(*pskb) + udphoff;
154
+
udph = (void *)ip_hdr(skb) + udphoff;
156
155
udph->source = cp->vport;
157
156
158
157
/*
···
162
161
/* Only port and addr are changed, do fast csum update */
163
162
udp_fast_csum_update(udph, cp->daddr, cp->vaddr,
164
163
cp->dport, cp->vport);
165
-
if ((*pskb)->ip_summed == CHECKSUM_COMPLETE)
166
-
(*pskb)->ip_summed = CHECKSUM_NONE;
164
+
if (skb->ip_summed == CHECKSUM_COMPLETE)
165
+
skb->ip_summed = CHECKSUM_NONE;
167
166
} else {
168
167
/* full checksum calculation */
169
168
udph->check = 0;
170
-
(*pskb)->csum = skb_checksum(*pskb, udphoff,
171
-
(*pskb)->len - udphoff, 0);
169
+
skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0);
172
170
udph->check = csum_tcpudp_magic(cp->vaddr, cp->caddr,
173
-
(*pskb)->len - udphoff,
174
-
cp->protocol,
175
-
(*pskb)->csum);
171
+
skb->len - udphoff,
172
+
cp->protocol, skb->csum);
176
173
if (udph->check == 0)
177
174
udph->check = CSUM_MANGLED_0;
178
175
IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n",
···
182
183
183
184
184
185
static int
185
-
udp_dnat_handler(struct sk_buff **pskb,
186
+
udp_dnat_handler(struct sk_buff *skb,
186
187
struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
187
188
{
188
189
struct udphdr *udph;
189
-
unsigned int udphoff = ip_hdrlen(*pskb);
190
+
unsigned int udphoff = ip_hdrlen(skb);
190
191
191
192
/* csum_check requires unshared skb */
192
-
if (!ip_vs_make_skb_writable(pskb, udphoff+sizeof(*udph)))
193
+
if (!skb_make_writable(skb, udphoff+sizeof(*udph)))
193
194
return 0;
194
195
195
196
if (unlikely(cp->app != NULL)) {
196
197
/* Some checks before mangling */
197
-
if (pp->csum_check && !pp->csum_check(*pskb, pp))
198
+
if (pp->csum_check && !pp->csum_check(skb, pp))
198
199
return 0;
199
200
200
201
/*
201
202
* Attempt ip_vs_app call.
202
203
* It will fix ip_vs_conn
203
204
*/
204
-
if (!ip_vs_app_pkt_in(cp, pskb))
205
+
if (!ip_vs_app_pkt_in(cp, skb))
205
206
return 0;
206
207
}
207
208
208
-
udph = (void *)ip_hdr(*pskb) + udphoff;
209
+
udph = (void *)ip_hdr(skb) + udphoff;
209
210
udph->dest = cp->dport;
210
211
211
212
/*
···
215
216
/* Only port and addr are changed, do fast csum update */
216
217
udp_fast_csum_update(udph, cp->vaddr, cp->daddr,
217
218
cp->vport, cp->dport);
218
-
if ((*pskb)->ip_summed == CHECKSUM_COMPLETE)
219
-
(*pskb)->ip_summed = CHECKSUM_NONE;
219
+
if (skb->ip_summed == CHECKSUM_COMPLETE)
220
+
skb->ip_summed = CHECKSUM_NONE;
220
221
} else {
221
222
/* full checksum calculation */
222
223
udph->check = 0;
223
-
(*pskb)->csum = skb_checksum(*pskb, udphoff,
224
-
(*pskb)->len - udphoff, 0);
224
+
skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0);
225
225
udph->check = csum_tcpudp_magic(cp->caddr, cp->daddr,
226
-
(*pskb)->len - udphoff,
227
-
cp->protocol,
228
-
(*pskb)->csum);
226
+
skb->len - udphoff,
227
+
cp->protocol, skb->csum);
229
228
if (udph->check == 0)
230
229
udph->check = CSUM_MANGLED_0;
231
-
(*pskb)->ip_summed = CHECKSUM_UNNECESSARY;
230
+
skb->ip_summed = CHECKSUM_UNNECESSARY;
232
231
}
233
232
return 1;
234
233
}
+3
-3
net/ipv4/ipvs/ip_vs_xmit.c
+3
-3
net/ipv4/ipvs/ip_vs_xmit.c
···
253
253
}
254
254
255
255
/* copy-on-write the packet before mangling it */
256
-
if (!ip_vs_make_skb_writable(&skb, sizeof(struct iphdr)))
256
+
if (!skb_make_writable(skb, sizeof(struct iphdr)))
257
257
goto tx_error_put;
258
258
259
259
if (skb_cow(skb, rt->u.dst.dev->hard_header_len))
···
264
264
skb->dst = &rt->u.dst;
265
265
266
266
/* mangle the packet */
267
-
if (pp->dnat_handler && !pp->dnat_handler(&skb, pp, cp))
267
+
if (pp->dnat_handler && !pp->dnat_handler(skb, pp, cp))
268
268
goto tx_error;
269
269
ip_hdr(skb)->daddr = cp->daddr;
270
270
ip_send_check(ip_hdr(skb));
···
529
529
}
530
530
531
531
/* copy-on-write the packet before mangling it */
532
-
if (!ip_vs_make_skb_writable(&skb, offset))
532
+
if (!skb_make_writable(skb, offset))
533
533
goto tx_error_put;
534
534
535
535
if (skb_cow(skb, rt->u.dst.dev->hard_header_len))
+31
-46
net/ipv4/netfilter.c
+31
-46
net/ipv4/netfilter.c
···
3
3
#include <linux/netfilter.h>
4
4
#include <linux/netfilter_ipv4.h>
5
5
#include <linux/ip.h>
6
+
#include <linux/skbuff.h>
6
7
#include <net/route.h>
7
8
#include <net/xfrm.h>
8
9
#include <net/ip.h>
9
10
10
11
/* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */
11
-
int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type)
12
+
int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
12
13
{
13
-
const struct iphdr *iph = ip_hdr(*pskb);
14
+
const struct iphdr *iph = ip_hdr(skb);
14
15
struct rtable *rt;
15
16
struct flowi fl = {};
16
17
struct dst_entry *odst;
···
30
29
if (type == RTN_LOCAL)
31
30
fl.nl_u.ip4_u.saddr = iph->saddr;
32
31
fl.nl_u.ip4_u.tos = RT_TOS(iph->tos);
33
-
fl.oif = (*pskb)->sk ? (*pskb)->sk->sk_bound_dev_if : 0;
34
-
fl.mark = (*pskb)->mark;
32
+
fl.oif = skb->sk ? skb->sk->sk_bound_dev_if : 0;
33
+
fl.mark = skb->mark;
35
34
if (ip_route_output_key(&rt, &fl) != 0)
36
35
return -1;
37
36
38
37
/* Drop old route. */
39
-
dst_release((*pskb)->dst);
40
-
(*pskb)->dst = &rt->u.dst;
38
+
dst_release(skb->dst);
39
+
skb->dst = &rt->u.dst;
41
40
} else {
42
41
/* non-local src, find valid iif to satisfy
43
42
* rp-filter when calling ip_route_input. */
···
45
44
if (ip_route_output_key(&rt, &fl) != 0)
46
45
return -1;
47
46
48
-
odst = (*pskb)->dst;
49
-
if (ip_route_input(*pskb, iph->daddr, iph->saddr,
47
+
odst = skb->dst;
48
+
if (ip_route_input(skb, iph->daddr, iph->saddr,
50
49
RT_TOS(iph->tos), rt->u.dst.dev) != 0) {
51
50
dst_release(&rt->u.dst);
52
51
return -1;
···
55
54
dst_release(odst);
56
55
}
57
56
58
-
if ((*pskb)->dst->error)
57
+
if (skb->dst->error)
59
58
return -1;
60
59
61
60
#ifdef CONFIG_XFRM
62
-
if (!(IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED) &&
63
-
xfrm_decode_session(*pskb, &fl, AF_INET) == 0)
64
-
if (xfrm_lookup(&(*pskb)->dst, &fl, (*pskb)->sk, 0))
61
+
if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) &&
62
+
xfrm_decode_session(skb, &fl, AF_INET) == 0)
63
+
if (xfrm_lookup(&skb->dst, &fl, skb->sk, 0))
65
64
return -1;
66
65
#endif
67
66
68
67
/* Change in oif may mean change in hh_len. */
69
-
hh_len = (*pskb)->dst->dev->hard_header_len;
70
-
if (skb_headroom(*pskb) < hh_len) {
71
-
struct sk_buff *nskb;
72
-
73
-
nskb = skb_realloc_headroom(*pskb, hh_len);
74
-
if (!nskb)
75
-
return -1;
76
-
if ((*pskb)->sk)
77
-
skb_set_owner_w(nskb, (*pskb)->sk);
78
-
kfree_skb(*pskb);
79
-
*pskb = nskb;
80
-
}
68
+
hh_len = skb->dst->dev->hard_header_len;
69
+
if (skb_headroom(skb) < hh_len &&
70
+
pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC))
71
+
return -1;
81
72
82
73
return 0;
83
74
}
84
75
EXPORT_SYMBOL(ip_route_me_harder);
85
76
86
77
#ifdef CONFIG_XFRM
87
-
int ip_xfrm_me_harder(struct sk_buff **pskb)
78
+
int ip_xfrm_me_harder(struct sk_buff *skb)
88
79
{
89
80
struct flowi fl;
90
81
unsigned int hh_len;
91
82
struct dst_entry *dst;
92
83
93
-
if (IPCB(*pskb)->flags & IPSKB_XFRM_TRANSFORMED)
84
+
if (IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED)
94
85
return 0;
95
-
if (xfrm_decode_session(*pskb, &fl, AF_INET) < 0)
86
+
if (xfrm_decode_session(skb, &fl, AF_INET) < 0)
96
87
return -1;
97
88
98
-
dst = (*pskb)->dst;
89
+
dst = skb->dst;
99
90
if (dst->xfrm)
100
91
dst = ((struct xfrm_dst *)dst)->route;
101
92
dst_hold(dst);
102
93
103
-
if (xfrm_lookup(&dst, &fl, (*pskb)->sk, 0) < 0)
94
+
if (xfrm_lookup(&dst, &fl, skb->sk, 0) < 0)
104
95
return -1;
105
96
106
-
dst_release((*pskb)->dst);
107
-
(*pskb)->dst = dst;
97
+
dst_release(skb->dst);
98
+
skb->dst = dst;
108
99
109
100
/* Change in oif may mean change in hh_len. */
110
-
hh_len = (*pskb)->dst->dev->hard_header_len;
111
-
if (skb_headroom(*pskb) < hh_len) {
112
-
struct sk_buff *nskb;
113
-
114
-
nskb = skb_realloc_headroom(*pskb, hh_len);
115
-
if (!nskb)
116
-
return -1;
117
-
if ((*pskb)->sk)
118
-
skb_set_owner_w(nskb, (*pskb)->sk);
119
-
kfree_skb(*pskb);
120
-
*pskb = nskb;
121
-
}
101
+
hh_len = skb->dst->dev->hard_header_len;
102
+
if (skb_headroom(skb) < hh_len &&
103
+
pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC))
104
+
return -1;
122
105
return 0;
123
106
}
124
107
EXPORT_SYMBOL(ip_xfrm_me_harder);
···
135
150
}
136
151
}
137
152
138
-
static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info)
153
+
static int nf_ip_reroute(struct sk_buff *skb, const struct nf_info *info)
139
154
{
140
155
const struct ip_rt_info *rt_info = nf_info_reroute(info);
141
156
142
157
if (info->hook == NF_IP_LOCAL_OUT) {
143
-
const struct iphdr *iph = ip_hdr(*pskb);
158
+
const struct iphdr *iph = ip_hdr(skb);
144
159
145
160
if (!(iph->tos == rt_info->tos
146
161
&& iph->daddr == rt_info->daddr
147
162
&& iph->saddr == rt_info->saddr))
148
-
return ip_route_me_harder(pskb, RTN_UNSPEC);
163
+
return ip_route_me_harder(skb, RTN_UNSPEC);
149
164
}
150
165
return 0;
151
166
}
+10
-10
net/ipv4/netfilter/arp_tables.c
+10
-10
net/ipv4/netfilter/arp_tables.c
···
197
197
return 1;
198
198
}
199
199
200
-
static unsigned int arpt_error(struct sk_buff **pskb,
200
+
static unsigned int arpt_error(struct sk_buff *skb,
201
201
const struct net_device *in,
202
202
const struct net_device *out,
203
203
unsigned int hooknum,
···
215
215
return (struct arpt_entry *)(base + offset);
216
216
}
217
217
218
-
unsigned int arpt_do_table(struct sk_buff **pskb,
218
+
unsigned int arpt_do_table(struct sk_buff *skb,
219
219
unsigned int hook,
220
220
const struct net_device *in,
221
221
const struct net_device *out,
···
231
231
struct xt_table_info *private;
232
232
233
233
/* ARP header, plus 2 device addresses, plus 2 IP addresses. */
234
-
if (!pskb_may_pull((*pskb), (sizeof(struct arphdr) +
235
-
(2 * (*pskb)->dev->addr_len) +
236
-
(2 * sizeof(u32)))))
234
+
if (!pskb_may_pull(skb, (sizeof(struct arphdr) +
235
+
(2 * skb->dev->addr_len) +
236
+
(2 * sizeof(u32)))))
237
237
return NF_DROP;
238
238
239
239
indev = in ? in->name : nulldevname;
···
245
245
e = get_entry(table_base, private->hook_entry[hook]);
246
246
back = get_entry(table_base, private->underflow[hook]);
247
247
248
-
arp = arp_hdr(*pskb);
248
+
arp = arp_hdr(skb);
249
249
do {
250
-
if (arp_packet_match(arp, (*pskb)->dev, indev, outdev, &e->arp)) {
250
+
if (arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) {
251
251
struct arpt_entry_target *t;
252
252
int hdr_len;
253
253
254
254
hdr_len = sizeof(*arp) + (2 * sizeof(struct in_addr)) +
255
-
(2 * (*pskb)->dev->addr_len);
255
+
(2 * skb->dev->addr_len);
256
256
ADD_COUNTER(e->counters, hdr_len, 1);
257
257
258
258
t = arpt_get_target(e);
···
290
290
/* Targets which reenter must return
291
291
* abs. verdicts
292
292
*/
293
-
verdict = t->u.kernel.target->target(pskb,
293
+
verdict = t->u.kernel.target->target(skb,
294
294
in, out,
295
295
hook,
296
296
t->u.kernel.target,
297
297
t->data);
298
298
299
299
/* Target might have changed stuff. */
300
-
arp = arp_hdr(*pskb);
300
+
arp = arp_hdr(skb);
301
301
302
302
if (verdict == ARPT_CONTINUE)
303
303
e = (void *)e + e->next_offset;
+10
-18
net/ipv4/netfilter/arpt_mangle.c
+10
-18
net/ipv4/netfilter/arpt_mangle.c
···
1
1
/* module that allows mangling of the arp payload */
2
2
#include <linux/module.h>
3
+
#include <linux/netfilter.h>
3
4
#include <linux/netfilter_arp/arpt_mangle.h>
4
5
#include <net/sock.h>
5
6
···
9
8
MODULE_DESCRIPTION("arptables arp payload mangle target");
10
9
11
10
static unsigned int
12
-
target(struct sk_buff **pskb,
11
+
target(struct sk_buff *skb,
13
12
const struct net_device *in, const struct net_device *out,
14
13
unsigned int hooknum, const struct xt_target *target,
15
14
const void *targinfo)
···
19
18
unsigned char *arpptr;
20
19
int pln, hln;
21
20
22
-
if (skb_shared(*pskb) || skb_cloned(*pskb)) {
23
-
struct sk_buff *nskb;
21
+
if (skb_make_writable(skb, skb->len))
22
+
return NF_DROP;
24
23
25
-
nskb = skb_copy(*pskb, GFP_ATOMIC);
26
-
if (!nskb)
27
-
return NF_DROP;
28
-
if ((*pskb)->sk)
29
-
skb_set_owner_w(nskb, (*pskb)->sk);
30
-
kfree_skb(*pskb);
31
-
*pskb = nskb;
32
-
}
33
-
34
-
arp = arp_hdr(*pskb);
35
-
arpptr = skb_network_header(*pskb) + sizeof(*arp);
24
+
arp = arp_hdr(skb);
25
+
arpptr = skb_network_header(skb) + sizeof(*arp);
36
26
pln = arp->ar_pln;
37
27
hln = arp->ar_hln;
38
28
/* We assume that pln and hln were checked in the match */
39
29
if (mangle->flags & ARPT_MANGLE_SDEV) {
40
30
if (ARPT_DEV_ADDR_LEN_MAX < hln ||
41
-
(arpptr + hln > skb_tail_pointer(*pskb)))
31
+
(arpptr + hln > skb_tail_pointer(skb)))
42
32
return NF_DROP;
43
33
memcpy(arpptr, mangle->src_devaddr, hln);
44
34
}
45
35
arpptr += hln;
46
36
if (mangle->flags & ARPT_MANGLE_SIP) {
47
37
if (ARPT_MANGLE_ADDR_LEN_MAX < pln ||
48
-
(arpptr + pln > skb_tail_pointer(*pskb)))
38
+
(arpptr + pln > skb_tail_pointer(skb)))
49
39
return NF_DROP;
50
40
memcpy(arpptr, &mangle->u_s.src_ip, pln);
51
41
}
52
42
arpptr += pln;
53
43
if (mangle->flags & ARPT_MANGLE_TDEV) {
54
44
if (ARPT_DEV_ADDR_LEN_MAX < hln ||
55
-
(arpptr + hln > skb_tail_pointer(*pskb)))
45
+
(arpptr + hln > skb_tail_pointer(skb)))
56
46
return NF_DROP;
57
47
memcpy(arpptr, mangle->tgt_devaddr, hln);
58
48
}
59
49
arpptr += hln;
60
50
if (mangle->flags & ARPT_MANGLE_TIP) {
61
51
if (ARPT_MANGLE_ADDR_LEN_MAX < pln ||
62
-
(arpptr + pln > skb_tail_pointer(*pskb)))
52
+
(arpptr + pln > skb_tail_pointer(skb)))
63
53
return NF_DROP;
64
54
memcpy(arpptr, &mangle->u_t.tgt_ip, pln);
65
55
}
+2
-2
net/ipv4/netfilter/arptable_filter.c
+2
-2
net/ipv4/netfilter/arptable_filter.c
···
56
56
57
57
/* The work comes in here from netfilter.c */
58
58
static unsigned int arpt_hook(unsigned int hook,
59
-
struct sk_buff **pskb,
59
+
struct sk_buff *skb,
60
60
const struct net_device *in,
61
61
const struct net_device *out,
62
62
int (*okfn)(struct sk_buff *))
63
63
{
64
-
return arpt_do_table(pskb, hook, in, out, &packet_filter);
64
+
return arpt_do_table(skb, hook, in, out, &packet_filter);
65
65
}
66
66
67
67
static struct nf_hook_ops arpt_ops[] = {
+9
-15
net/ipv4/netfilter/ip_queue.c
+9
-15
net/ipv4/netfilter/ip_queue.c
···
335
335
ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
336
336
{
337
337
int diff;
338
+
int err;
338
339
struct iphdr *user_iph = (struct iphdr *)v->payload;
339
340
340
341
if (v->data_len < sizeof(*user_iph))
···
348
347
if (v->data_len > 0xFFFF)
349
348
return -EINVAL;
350
349
if (diff > skb_tailroom(e->skb)) {
351
-
struct sk_buff *newskb;
352
-
353
-
newskb = skb_copy_expand(e->skb,
354
-
skb_headroom(e->skb),
355
-
diff,
356
-
GFP_ATOMIC);
357
-
if (newskb == NULL) {
358
-
printk(KERN_WARNING "ip_queue: OOM "
359
-
"in mangle, dropping packet\n");
360
-
return -ENOMEM;
350
+
err = pskb_expand_head(e->skb, 0,
351
+
diff - skb_tailroom(e->skb),
352
+
GFP_ATOMIC);
353
+
if (err) {
354
+
printk(KERN_WARNING "ip_queue: error "
355
+
"in mangle, dropping packet: %d\n", -err);
356
+
return err;
361
357
}
362
-
if (e->skb->sk)
363
-
skb_set_owner_w(newskb, e->skb->sk);
364
-
kfree_skb(e->skb);
365
-
e->skb = newskb;
366
358
}
367
359
skb_put(e->skb, diff);
368
360
}
369
-
if (!skb_make_writable(&e->skb, v->data_len))
361
+
if (!skb_make_writable(e->skb, v->data_len))
370
362
return -ENOMEM;
371
363
skb_copy_to_linear_data(e->skb, v->payload, v->data_len);
372
364
e->skb->ip_summed = CHECKSUM_NONE;
+10
-10
net/ipv4/netfilter/ip_tables.c
+10
-10
net/ipv4/netfilter/ip_tables.c
···
169
169
}
170
170
171
171
static unsigned int
172
-
ipt_error(struct sk_buff **pskb,
172
+
ipt_error(struct sk_buff *skb,
173
173
const struct net_device *in,
174
174
const struct net_device *out,
175
175
unsigned int hooknum,
···
312
312
313
313
/* Returns one of the generic firewall policies, like NF_ACCEPT. */
314
314
unsigned int
315
-
ipt_do_table(struct sk_buff **pskb,
315
+
ipt_do_table(struct sk_buff *skb,
316
316
unsigned int hook,
317
317
const struct net_device *in,
318
318
const struct net_device *out,
···
331
331
struct xt_table_info *private;
332
332
333
333
/* Initialization */
334
-
ip = ip_hdr(*pskb);
335
-
datalen = (*pskb)->len - ip->ihl * 4;
334
+
ip = ip_hdr(skb);
335
+
datalen = skb->len - ip->ihl * 4;
336
336
indev = in ? in->name : nulldevname;
337
337
outdev = out ? out->name : nulldevname;
338
338
/* We handle fragments by dealing with the first fragment as
···
359
359
struct ipt_entry_target *t;
360
360
361
361
if (IPT_MATCH_ITERATE(e, do_match,
362
-
*pskb, in, out,
362
+
skb, in, out,
363
363
offset, &hotdrop) != 0)
364
364
goto no_match;
365
365
···
371
371
#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
372
372
defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
373
373
/* The packet is traced: log it */
374
-
if (unlikely((*pskb)->nf_trace))
375
-
trace_packet(*pskb, hook, in, out,
374
+
if (unlikely(skb->nf_trace))
375
+
trace_packet(skb, hook, in, out,
376
376
table->name, private, e);
377
377
#endif
378
378
/* Standard target? */
···
410
410
((struct ipt_entry *)table_base)->comefrom
411
411
= 0xeeeeeeec;
412
412
#endif
413
-
verdict = t->u.kernel.target->target(pskb,
413
+
verdict = t->u.kernel.target->target(skb,
414
414
in, out,
415
415
hook,
416
416
t->u.kernel.target,
···
428
428
= 0x57acc001;
429
429
#endif
430
430
/* Target might have changed stuff. */
431
-
ip = ip_hdr(*pskb);
432
-
datalen = (*pskb)->len - ip->ihl * 4;
431
+
ip = ip_hdr(skb);
432
+
datalen = skb->len - ip->ihl * 4;
433
433
434
434
if (verdict == IPT_CONTINUE)
435
435
e = (void *)e + e->next_offset;
+7
-7
net/ipv4/netfilter/ipt_CLUSTERIP.c
+7
-7
net/ipv4/netfilter/ipt_CLUSTERIP.c
···
289
289
***********************************************************************/
290
290
291
291
static unsigned int
292
-
target(struct sk_buff **pskb,
292
+
target(struct sk_buff *skb,
293
293
const struct net_device *in,
294
294
const struct net_device *out,
295
295
unsigned int hooknum,
···
305
305
* is only decremented by destroy() - and ip_tables guarantees
306
306
* that the ->target() function isn't called after ->destroy() */
307
307
308
-
ct = nf_ct_get(*pskb, &ctinfo);
308
+
ct = nf_ct_get(skb, &ctinfo);
309
309
if (ct == NULL) {
310
310
printk(KERN_ERR "CLUSTERIP: no conntrack!\n");
311
311
/* FIXME: need to drop invalid ones, since replies
···
316
316
317
317
/* special case: ICMP error handling. conntrack distinguishes between
318
318
* error messages (RELATED) and information requests (see below) */
319
-
if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP
319
+
if (ip_hdr(skb)->protocol == IPPROTO_ICMP
320
320
&& (ctinfo == IP_CT_RELATED
321
321
|| ctinfo == IP_CT_RELATED+IP_CT_IS_REPLY))
322
322
return XT_CONTINUE;
···
325
325
* TIMESTAMP, INFO_REQUEST or ADDRESS type icmp packets from here
326
326
* on, which all have an ID field [relevant for hashing]. */
327
327
328
-
hash = clusterip_hashfn(*pskb, cipinfo->config);
328
+
hash = clusterip_hashfn(skb, cipinfo->config);
329
329
330
330
switch (ctinfo) {
331
331
case IP_CT_NEW:
···
355
355
356
356
/* despite being received via linklayer multicast, this is
357
357
* actually a unicast IP packet. TCP doesn't like PACKET_MULTICAST */
358
-
(*pskb)->pkt_type = PACKET_HOST;
358
+
skb->pkt_type = PACKET_HOST;
359
359
360
360
return XT_CONTINUE;
361
361
}
···
505
505
506
506
static unsigned int
507
507
arp_mangle(unsigned int hook,
508
-
struct sk_buff **pskb,
508
+
struct sk_buff *skb,
509
509
const struct net_device *in,
510
510
const struct net_device *out,
511
511
int (*okfn)(struct sk_buff *))
512
512
{
513
-
struct arphdr *arp = arp_hdr(*pskb);
513
+
struct arphdr *arp = arp_hdr(skb);
514
514
struct arp_payload *payload;
515
515
struct clusterip_config *c;
516
516
+13
-14
net/ipv4/netfilter/ipt_ECN.c
+13
-14
net/ipv4/netfilter/ipt_ECN.c
···
26
26
/* set ECT codepoint from IP header.
27
27
* return false if there was an error. */
28
28
static inline bool
29
-
set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
29
+
set_ect_ip(struct sk_buff *skb, const struct ipt_ECN_info *einfo)
30
30
{
31
-
struct iphdr *iph = ip_hdr(*pskb);
31
+
struct iphdr *iph = ip_hdr(skb);
32
32
33
33
if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) {
34
34
__u8 oldtos;
35
-
if (!skb_make_writable(pskb, sizeof(struct iphdr)))
35
+
if (!skb_make_writable(skb, sizeof(struct iphdr)))
36
36
return false;
37
-
iph = ip_hdr(*pskb);
37
+
iph = ip_hdr(skb);
38
38
oldtos = iph->tos;
39
39
iph->tos &= ~IPT_ECN_IP_MASK;
40
40
iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK);
···
45
45
46
46
/* Return false if there was an error. */
47
47
static inline bool
48
-
set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
48
+
set_ect_tcp(struct sk_buff *skb, const struct ipt_ECN_info *einfo)
49
49
{
50
50
struct tcphdr _tcph, *tcph;
51
51
__be16 oldval;
52
52
53
53
/* Not enought header? */
54
-
tcph = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
55
-
sizeof(_tcph), &_tcph);
54
+
tcph = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph);
56
55
if (!tcph)
57
56
return false;
58
57
···
61
62
tcph->cwr == einfo->proto.tcp.cwr))
62
63
return true;
63
64
64
-
if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph)))
65
+
if (!skb_make_writable(skb, ip_hdrlen(skb) + sizeof(*tcph)))
65
66
return false;
66
-
tcph = (void *)ip_hdr(*pskb) + ip_hdrlen(*pskb);
67
+
tcph = (void *)ip_hdr(skb) + ip_hdrlen(skb);
67
68
68
69
oldval = ((__be16 *)tcph)[6];
69
70
if (einfo->operation & IPT_ECN_OP_SET_ECE)
···
71
72
if (einfo->operation & IPT_ECN_OP_SET_CWR)
72
73
tcph->cwr = einfo->proto.tcp.cwr;
73
74
74
-
nf_proto_csum_replace2(&tcph->check, *pskb,
75
+
nf_proto_csum_replace2(&tcph->check, skb,
75
76
oldval, ((__be16 *)tcph)[6], 0);
76
77
return true;
77
78
}
78
79
79
80
static unsigned int
80
-
target(struct sk_buff **pskb,
81
+
target(struct sk_buff *skb,
81
82
const struct net_device *in,
82
83
const struct net_device *out,
83
84
unsigned int hooknum,
···
87
88
const struct ipt_ECN_info *einfo = targinfo;
88
89
89
90
if (einfo->operation & IPT_ECN_OP_SET_IP)
90
-
if (!set_ect_ip(pskb, einfo))
91
+
if (!set_ect_ip(skb, einfo))
91
92
return NF_DROP;
92
93
93
94
if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR)
94
-
&& ip_hdr(*pskb)->protocol == IPPROTO_TCP)
95
-
if (!set_ect_tcp(pskb, einfo))
95
+
&& ip_hdr(skb)->protocol == IPPROTO_TCP)
96
+
if (!set_ect_tcp(skb, einfo))
96
97
return NF_DROP;
97
98
98
99
return XT_CONTINUE;
+2
-2
net/ipv4/netfilter/ipt_LOG.c
+2
-2
net/ipv4/netfilter/ipt_LOG.c
···
418
418
}
419
419
420
420
static unsigned int
421
-
ipt_log_target(struct sk_buff **pskb,
421
+
ipt_log_target(struct sk_buff *skb,
422
422
const struct net_device *in,
423
423
const struct net_device *out,
424
424
unsigned int hooknum,
···
432
432
li.u.log.level = loginfo->level;
433
433
li.u.log.logflags = loginfo->logflags;
434
434
435
-
ipt_log_packet(PF_INET, hooknum, *pskb, in, out, &li,
435
+
ipt_log_packet(PF_INET, hooknum, skb, in, out, &li,
436
436
loginfo->prefix);
437
437
return XT_CONTINUE;
438
438
}
+3
-3
net/ipv4/netfilter/ipt_MASQUERADE.c
+3
-3
net/ipv4/netfilter/ipt_MASQUERADE.c
···
52
52
}
53
53
54
54
static unsigned int
55
-
masquerade_target(struct sk_buff **pskb,
55
+
masquerade_target(struct sk_buff *skb,
56
56
const struct net_device *in,
57
57
const struct net_device *out,
58
58
unsigned int hooknum,
···
69
69
70
70
NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING);
71
71
72
-
ct = nf_ct_get(*pskb, &ctinfo);
72
+
ct = nf_ct_get(skb, &ctinfo);
73
73
nat = nfct_nat(ct);
74
74
75
75
NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED
···
82
82
return NF_ACCEPT;
83
83
84
84
mr = targinfo;
85
-
rt = (struct rtable *)(*pskb)->dst;
85
+
rt = (struct rtable *)skb->dst;
86
86
newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
87
87
if (!newsrc) {
88
88
printk("MASQUERADE: %s ate my IP address\n", out->name);
+4
-4
net/ipv4/netfilter/ipt_NETMAP.c
+4
-4
net/ipv4/netfilter/ipt_NETMAP.c
···
43
43
}
44
44
45
45
static unsigned int
46
-
target(struct sk_buff **pskb,
46
+
target(struct sk_buff *skb,
47
47
const struct net_device *in,
48
48
const struct net_device *out,
49
49
unsigned int hooknum,
···
59
59
NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING
60
60
|| hooknum == NF_IP_POST_ROUTING
61
61
|| hooknum == NF_IP_LOCAL_OUT);
62
-
ct = nf_ct_get(*pskb, &ctinfo);
62
+
ct = nf_ct_get(skb, &ctinfo);
63
63
64
64
netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip);
65
65
66
66
if (hooknum == NF_IP_PRE_ROUTING || hooknum == NF_IP_LOCAL_OUT)
67
-
new_ip = ip_hdr(*pskb)->daddr & ~netmask;
67
+
new_ip = ip_hdr(skb)->daddr & ~netmask;
68
68
else
69
-
new_ip = ip_hdr(*pskb)->saddr & ~netmask;
69
+
new_ip = ip_hdr(skb)->saddr & ~netmask;
70
70
new_ip |= mr->range[0].min_ip & netmask;
71
71
72
72
newrange = ((struct nf_nat_range)
+3
-3
net/ipv4/netfilter/ipt_REDIRECT.c
+3
-3
net/ipv4/netfilter/ipt_REDIRECT.c
···
47
47
}
48
48
49
49
static unsigned int
50
-
redirect_target(struct sk_buff **pskb,
50
+
redirect_target(struct sk_buff *skb,
51
51
const struct net_device *in,
52
52
const struct net_device *out,
53
53
unsigned int hooknum,
···
63
63
NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING
64
64
|| hooknum == NF_IP_LOCAL_OUT);
65
65
66
-
ct = nf_ct_get(*pskb, &ctinfo);
66
+
ct = nf_ct_get(skb, &ctinfo);
67
67
NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
68
68
69
69
/* Local packets: make them go to loopback */
···
76
76
newdst = 0;
77
77
78
78
rcu_read_lock();
79
-
indev = __in_dev_get_rcu((*pskb)->dev);
79
+
indev = __in_dev_get_rcu(skb->dev);
80
80
if (indev && (ifa = indev->ifa_list))
81
81
newdst = ifa->ifa_local;
82
82
rcu_read_unlock();
+11
-11
net/ipv4/netfilter/ipt_REJECT.c
+11
-11
net/ipv4/netfilter/ipt_REJECT.c
···
131
131
)
132
132
addr_type = RTN_LOCAL;
133
133
134
-
if (ip_route_me_harder(&nskb, addr_type))
134
+
if (ip_route_me_harder(nskb, addr_type))
135
135
goto free_nskb;
136
136
137
137
nskb->ip_summed = CHECKSUM_NONE;
···
162
162
icmp_send(skb_in, ICMP_DEST_UNREACH, code, 0);
163
163
}
164
164
165
-
static unsigned int reject(struct sk_buff **pskb,
165
+
static unsigned int reject(struct sk_buff *skb,
166
166
const struct net_device *in,
167
167
const struct net_device *out,
168
168
unsigned int hooknum,
···
173
173
174
174
/* Our naive response construction doesn't deal with IP
175
175
options, and probably shouldn't try. */
176
-
if (ip_hdrlen(*pskb) != sizeof(struct iphdr))
176
+
if (ip_hdrlen(skb) != sizeof(struct iphdr))
177
177
return NF_DROP;
178
178
179
179
/* WARNING: This code causes reentry within iptables.
···
181
181
must return an absolute verdict. --RR */
182
182
switch (reject->with) {
183
183
case IPT_ICMP_NET_UNREACHABLE:
184
-
send_unreach(*pskb, ICMP_NET_UNREACH);
184
+
send_unreach(skb, ICMP_NET_UNREACH);
185
185
break;
186
186
case IPT_ICMP_HOST_UNREACHABLE:
187
-
send_unreach(*pskb, ICMP_HOST_UNREACH);
187
+
send_unreach(skb, ICMP_HOST_UNREACH);
188
188
break;
189
189
case IPT_ICMP_PROT_UNREACHABLE:
190
-
send_unreach(*pskb, ICMP_PROT_UNREACH);
190
+
send_unreach(skb, ICMP_PROT_UNREACH);
191
191
break;
192
192
case IPT_ICMP_PORT_UNREACHABLE:
193
-
send_unreach(*pskb, ICMP_PORT_UNREACH);
193
+
send_unreach(skb, ICMP_PORT_UNREACH);
194
194
break;
195
195
case IPT_ICMP_NET_PROHIBITED:
196
-
send_unreach(*pskb, ICMP_NET_ANO);
196
+
send_unreach(skb, ICMP_NET_ANO);
197
197
break;
198
198
case IPT_ICMP_HOST_PROHIBITED:
199
-
send_unreach(*pskb, ICMP_HOST_ANO);
199
+
send_unreach(skb, ICMP_HOST_ANO);
200
200
break;
201
201
case IPT_ICMP_ADMIN_PROHIBITED:
202
-
send_unreach(*pskb, ICMP_PKT_FILTERED);
202
+
send_unreach(skb, ICMP_PKT_FILTERED);
203
203
break;
204
204
case IPT_TCP_RESET:
205
-
send_reset(*pskb, hooknum);
205
+
send_reset(skb, hooknum);
206
206
case IPT_ICMP_ECHOREPLY:
207
207
/* Doesn't happen. */
208
208
break;
+2
-2
net/ipv4/netfilter/ipt_SAME.c
+2
-2
net/ipv4/netfilter/ipt_SAME.c
···
104
104
}
105
105
106
106
static unsigned int
107
-
same_target(struct sk_buff **pskb,
107
+
same_target(struct sk_buff *skb,
108
108
const struct net_device *in,
109
109
const struct net_device *out,
110
110
unsigned int hooknum,
···
121
121
122
122
NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING ||
123
123
hooknum == NF_IP_POST_ROUTING);
124
-
ct = nf_ct_get(*pskb, &ctinfo);
124
+
ct = nf_ct_get(skb, &ctinfo);
125
125
126
126
t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
127
127
+4
-4
net/ipv4/netfilter/ipt_TOS.c
+4
-4
net/ipv4/netfilter/ipt_TOS.c
···
21
21
MODULE_DESCRIPTION("iptables TOS mangling module");
22
22
23
23
static unsigned int
24
-
target(struct sk_buff **pskb,
24
+
target(struct sk_buff *skb,
25
25
const struct net_device *in,
26
26
const struct net_device *out,
27
27
unsigned int hooknum,
···
29
29
const void *targinfo)
30
30
{
31
31
const struct ipt_tos_target_info *tosinfo = targinfo;
32
-
struct iphdr *iph = ip_hdr(*pskb);
32
+
struct iphdr *iph = ip_hdr(skb);
33
33
34
34
if ((iph->tos & IPTOS_TOS_MASK) != tosinfo->tos) {
35
35
__u8 oldtos;
36
-
if (!skb_make_writable(pskb, sizeof(struct iphdr)))
36
+
if (!skb_make_writable(skb, sizeof(struct iphdr)))
37
37
return NF_DROP;
38
-
iph = ip_hdr(*pskb);
38
+
iph = ip_hdr(skb);
39
39
oldtos = iph->tos;
40
40
iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos;
41
41
nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos));
+3
-3
net/ipv4/netfilter/ipt_TTL.c
+3
-3
net/ipv4/netfilter/ipt_TTL.c
···
20
20
MODULE_LICENSE("GPL");
21
21
22
22
static unsigned int
23
-
ipt_ttl_target(struct sk_buff **pskb,
23
+
ipt_ttl_target(struct sk_buff *skb,
24
24
const struct net_device *in, const struct net_device *out,
25
25
unsigned int hooknum, const struct xt_target *target,
26
26
const void *targinfo)
···
29
29
const struct ipt_TTL_info *info = targinfo;
30
30
int new_ttl;
31
31
32
-
if (!skb_make_writable(pskb, (*pskb)->len))
32
+
if (!skb_make_writable(skb, skb->len))
33
33
return NF_DROP;
34
34
35
-
iph = ip_hdr(*pskb);
35
+
iph = ip_hdr(skb);
36
36
37
37
switch (info->mode) {
38
38
case IPT_TTL_SET:
+2
-2
net/ipv4/netfilter/ipt_ULOG.c
+2
-2
net/ipv4/netfilter/ipt_ULOG.c
···
279
279
spin_unlock_bh(&ulog_lock);
280
280
}
281
281
282
-
static unsigned int ipt_ulog_target(struct sk_buff **pskb,
282
+
static unsigned int ipt_ulog_target(struct sk_buff *skb,
283
283
const struct net_device *in,
284
284
const struct net_device *out,
285
285
unsigned int hooknum,
···
288
288
{
289
289
struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
290
290
291
-
ipt_ulog_packet(hooknum, *pskb, in, out, loginfo, NULL);
291
+
ipt_ulog_packet(hooknum, skb, in, out, loginfo, NULL);
292
292
293
293
return XT_CONTINUE;
294
294
}
+6
-6
net/ipv4/netfilter/iptable_filter.c
+6
-6
net/ipv4/netfilter/iptable_filter.c
···
62
62
/* The work comes in here from netfilter.c. */
63
63
static unsigned int
64
64
ipt_hook(unsigned int hook,
65
-
struct sk_buff **pskb,
65
+
struct sk_buff *skb,
66
66
const struct net_device *in,
67
67
const struct net_device *out,
68
68
int (*okfn)(struct sk_buff *))
69
69
{
70
-
return ipt_do_table(pskb, hook, in, out, &packet_filter);
70
+
return ipt_do_table(skb, hook, in, out, &packet_filter);
71
71
}
72
72
73
73
static unsigned int
74
74
ipt_local_out_hook(unsigned int hook,
75
-
struct sk_buff **pskb,
75
+
struct sk_buff *skb,
76
76
const struct net_device *in,
77
77
const struct net_device *out,
78
78
int (*okfn)(struct sk_buff *))
79
79
{
80
80
/* root is playing with raw sockets. */
81
-
if ((*pskb)->len < sizeof(struct iphdr)
82
-
|| ip_hdrlen(*pskb) < sizeof(struct iphdr)) {
81
+
if (skb->len < sizeof(struct iphdr) ||
82
+
ip_hdrlen(skb) < sizeof(struct iphdr)) {
83
83
if (net_ratelimit())
84
84
printk("iptable_filter: ignoring short SOCK_RAW "
85
85
"packet.\n");
86
86
return NF_ACCEPT;
87
87
}
88
88
89
-
return ipt_do_table(pskb, hook, in, out, &packet_filter);
89
+
return ipt_do_table(skb, hook, in, out, &packet_filter);
90
90
}
91
91
92
92
static struct nf_hook_ops ipt_ops[] = {
+11
-11
net/ipv4/netfilter/iptable_mangle.c
+11
-11
net/ipv4/netfilter/iptable_mangle.c
···
75
75
/* The work comes in here from netfilter.c. */
76
76
static unsigned int
77
77
ipt_route_hook(unsigned int hook,
78
-
struct sk_buff **pskb,
78
+
struct sk_buff *skb,
79
79
const struct net_device *in,
80
80
const struct net_device *out,
81
81
int (*okfn)(struct sk_buff *))
82
82
{
83
-
return ipt_do_table(pskb, hook, in, out, &packet_mangler);
83
+
return ipt_do_table(skb, hook, in, out, &packet_mangler);
84
84
}
85
85
86
86
static unsigned int
87
87
ipt_local_hook(unsigned int hook,
88
-
struct sk_buff **pskb,
88
+
struct sk_buff *skb,
89
89
const struct net_device *in,
90
90
const struct net_device *out,
91
91
int (*okfn)(struct sk_buff *))
···
97
97
u_int32_t mark;
98
98
99
99
/* root is playing with raw sockets. */
100
-
if ((*pskb)->len < sizeof(struct iphdr)
101
-
|| ip_hdrlen(*pskb) < sizeof(struct iphdr)) {
100
+
if (skb->len < sizeof(struct iphdr)
101
+
|| ip_hdrlen(skb) < sizeof(struct iphdr)) {
102
102
if (net_ratelimit())
103
103
printk("iptable_mangle: ignoring short SOCK_RAW "
104
104
"packet.\n");
···
106
106
}
107
107
108
108
/* Save things which could affect route */
109
-
mark = (*pskb)->mark;
110
-
iph = ip_hdr(*pskb);
109
+
mark = skb->mark;
110
+
iph = ip_hdr(skb);
111
111
saddr = iph->saddr;
112
112
daddr = iph->daddr;
113
113
tos = iph->tos;
114
114
115
-
ret = ipt_do_table(pskb, hook, in, out, &packet_mangler);
115
+
ret = ipt_do_table(skb, hook, in, out, &packet_mangler);
116
116
/* Reroute for ANY change. */
117
117
if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) {
118
-
iph = ip_hdr(*pskb);
118
+
iph = ip_hdr(skb);
119
119
120
120
if (iph->saddr != saddr ||
121
121
iph->daddr != daddr ||
122
-
(*pskb)->mark != mark ||
122
+
skb->mark != mark ||
123
123
iph->tos != tos)
124
-
if (ip_route_me_harder(pskb, RTN_UNSPEC))
124
+
if (ip_route_me_harder(skb, RTN_UNSPEC))
125
125
ret = NF_DROP;
126
126
}
127
127
+6
-6
net/ipv4/netfilter/iptable_raw.c
+6
-6
net/ipv4/netfilter/iptable_raw.c
···
47
47
/* The work comes in here from netfilter.c. */
48
48
static unsigned int
49
49
ipt_hook(unsigned int hook,
50
-
struct sk_buff **pskb,
50
+
struct sk_buff *skb,
51
51
const struct net_device *in,
52
52
const struct net_device *out,
53
53
int (*okfn)(struct sk_buff *))
54
54
{
55
-
return ipt_do_table(pskb, hook, in, out, &packet_raw);
55
+
return ipt_do_table(skb, hook, in, out, &packet_raw);
56
56
}
57
57
58
58
static unsigned int
59
59
ipt_local_hook(unsigned int hook,
60
-
struct sk_buff **pskb,
60
+
struct sk_buff *skb,
61
61
const struct net_device *in,
62
62
const struct net_device *out,
63
63
int (*okfn)(struct sk_buff *))
64
64
{
65
65
/* root is playing with raw sockets. */
66
-
if ((*pskb)->len < sizeof(struct iphdr) ||
67
-
ip_hdrlen(*pskb) < sizeof(struct iphdr)) {
66
+
if (skb->len < sizeof(struct iphdr) ||
67
+
ip_hdrlen(skb) < sizeof(struct iphdr)) {
68
68
if (net_ratelimit())
69
69
printk("iptable_raw: ignoring short SOCK_RAW"
70
70
"packet.\n");
71
71
return NF_ACCEPT;
72
72
}
73
-
return ipt_do_table(pskb, hook, in, out, &packet_raw);
73
+
return ipt_do_table(skb, hook, in, out, &packet_raw);
74
74
}
75
75
76
76
/* 'raw' is the very first table. */
+24
-24
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+24
-24
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
···
63
63
}
64
64
65
65
/* Returns new sk_buff, or NULL */
66
-
static struct sk_buff *
67
-
nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
66
+
static int nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
68
67
{
68
+
int err;
69
+
69
70
skb_orphan(skb);
70
71
71
72
local_bh_disable();
72
-
skb = ip_defrag(skb, user);
73
+
err = ip_defrag(skb, user);
73
74
local_bh_enable();
74
75
75
-
if (skb)
76
+
if (!err)
76
77
ip_send_check(ip_hdr(skb));
77
78
78
-
return skb;
79
+
return err;
79
80
}
80
81
81
82
static int ipv4_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
···
100
99
}
101
100
102
101
static unsigned int ipv4_confirm(unsigned int hooknum,
103
-
struct sk_buff **pskb,
102
+
struct sk_buff *skb,
104
103
const struct net_device *in,
105
104
const struct net_device *out,
106
105
int (*okfn)(struct sk_buff *))
107
106
{
108
107
/* We've seen it coming out the other side: confirm it */
109
-
return nf_conntrack_confirm(pskb);
108
+
return nf_conntrack_confirm(skb);
110
109
}
111
110
112
111
static unsigned int ipv4_conntrack_help(unsigned int hooknum,
113
-
struct sk_buff **pskb,
112
+
struct sk_buff *skb,
114
113
const struct net_device *in,
115
114
const struct net_device *out,
116
115
int (*okfn)(struct sk_buff *))
···
121
120
struct nf_conntrack_helper *helper;
122
121
123
122
/* This is where we call the helper: as the packet goes out. */
124
-
ct = nf_ct_get(*pskb, &ctinfo);
123
+
ct = nf_ct_get(skb, &ctinfo);
125
124
if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)
126
125
return NF_ACCEPT;
127
126
···
132
131
helper = rcu_dereference(help->helper);
133
132
if (!helper)
134
133
return NF_ACCEPT;
135
-
return helper->help(pskb, skb_network_offset(*pskb) + ip_hdrlen(*pskb),
134
+
return helper->help(skb, skb_network_offset(skb) + ip_hdrlen(skb),
136
135
ct, ctinfo);
137
136
}
138
137
139
138
static unsigned int ipv4_conntrack_defrag(unsigned int hooknum,
140
-
struct sk_buff **pskb,
139
+
struct sk_buff *skb,
141
140
const struct net_device *in,
142
141
const struct net_device *out,
143
142
int (*okfn)(struct sk_buff *))
144
143
{
145
144
/* Previously seen (loopback)? Ignore. Do this before
146
145
fragment check. */
147
-
if ((*pskb)->nfct)
146
+
if (skb->nfct)
148
147
return NF_ACCEPT;
149
148
150
149
/* Gather fragments. */
151
-
if (ip_hdr(*pskb)->frag_off & htons(IP_MF | IP_OFFSET)) {
152
-
*pskb = nf_ct_ipv4_gather_frags(*pskb,
153
-
hooknum == NF_IP_PRE_ROUTING ?
154
-
IP_DEFRAG_CONNTRACK_IN :
155
-
IP_DEFRAG_CONNTRACK_OUT);
156
-
if (!*pskb)
150
+
if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
151
+
if (nf_ct_ipv4_gather_frags(skb,
152
+
hooknum == NF_IP_PRE_ROUTING ?
153
+
IP_DEFRAG_CONNTRACK_IN :
154
+
IP_DEFRAG_CONNTRACK_OUT))
157
155
return NF_STOLEN;
158
156
}
159
157
return NF_ACCEPT;
160
158
}
161
159
162
160
static unsigned int ipv4_conntrack_in(unsigned int hooknum,
163
-
struct sk_buff **pskb,
161
+
struct sk_buff *skb,
164
162
const struct net_device *in,
165
163
const struct net_device *out,
166
164
int (*okfn)(struct sk_buff *))
167
165
{
168
-
return nf_conntrack_in(PF_INET, hooknum, pskb);
166
+
return nf_conntrack_in(PF_INET, hooknum, skb);
169
167
}
170
168
171
169
static unsigned int ipv4_conntrack_local(unsigned int hooknum,
172
-
struct sk_buff **pskb,
170
+
struct sk_buff *skb,
173
171
const struct net_device *in,
174
172
const struct net_device *out,
175
173
int (*okfn)(struct sk_buff *))
176
174
{
177
175
/* root is playing with raw sockets. */
178
-
if ((*pskb)->len < sizeof(struct iphdr)
179
-
|| ip_hdrlen(*pskb) < sizeof(struct iphdr)) {
176
+
if (skb->len < sizeof(struct iphdr) ||
177
+
ip_hdrlen(skb) < sizeof(struct iphdr)) {
180
178
if (net_ratelimit())
181
179
printk("ipt_hook: happy cracking.\n");
182
180
return NF_ACCEPT;
183
181
}
184
-
return nf_conntrack_in(PF_INET, hooknum, pskb);
182
+
return nf_conntrack_in(PF_INET, hooknum, skb);
185
183
}
186
184
187
185
/* Connection tracking may drop packets, but never alters them, so
+2
-2
net/ipv4/netfilter/nf_nat_amanda.c
+2
-2
net/ipv4/netfilter/nf_nat_amanda.c
···
24
24
MODULE_LICENSE("GPL");
25
25
MODULE_ALIAS("ip_nat_amanda");
26
26
27
-
static unsigned int help(struct sk_buff **pskb,
27
+
static unsigned int help(struct sk_buff *skb,
28
28
enum ip_conntrack_info ctinfo,
29
29
unsigned int matchoff,
30
30
unsigned int matchlen,
···
53
53
return NF_DROP;
54
54
55
55
sprintf(buffer, "%u", port);
56
-
ret = nf_nat_mangle_udp_packet(pskb, exp->master, ctinfo,
56
+
ret = nf_nat_mangle_udp_packet(skb, exp->master, ctinfo,
57
57
matchoff, matchlen,
58
58
buffer, strlen(buffer));
59
59
if (ret != NF_ACCEPT)
+25
-25
net/ipv4/netfilter/nf_nat_core.c
+25
-25
net/ipv4/netfilter/nf_nat_core.c
···
349
349
/* Returns true if succeeded. */
350
350
static int
351
351
manip_pkt(u_int16_t proto,
352
-
struct sk_buff **pskb,
352
+
struct sk_buff *skb,
353
353
unsigned int iphdroff,
354
354
const struct nf_conntrack_tuple *target,
355
355
enum nf_nat_manip_type maniptype)
···
357
357
struct iphdr *iph;
358
358
struct nf_nat_protocol *p;
359
359
360
-
if (!skb_make_writable(pskb, iphdroff + sizeof(*iph)))
360
+
if (!skb_make_writable(skb, iphdroff + sizeof(*iph)))
361
361
return 0;
362
362
363
-
iph = (void *)(*pskb)->data + iphdroff;
363
+
iph = (void *)skb->data + iphdroff;
364
364
365
365
/* Manipulate protcol part. */
366
366
367
367
/* rcu_read_lock()ed by nf_hook_slow */
368
368
p = __nf_nat_proto_find(proto);
369
-
if (!p->manip_pkt(pskb, iphdroff, target, maniptype))
369
+
if (!p->manip_pkt(skb, iphdroff, target, maniptype))
370
370
return 0;
371
371
372
-
iph = (void *)(*pskb)->data + iphdroff;
372
+
iph = (void *)skb->data + iphdroff;
373
373
374
374
if (maniptype == IP_NAT_MANIP_SRC) {
375
375
nf_csum_replace4(&iph->check, iph->saddr, target->src.u3.ip);
···
385
385
unsigned int nf_nat_packet(struct nf_conn *ct,
386
386
enum ip_conntrack_info ctinfo,
387
387
unsigned int hooknum,
388
-
struct sk_buff **pskb)
388
+
struct sk_buff *skb)
389
389
{
390
390
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
391
391
unsigned long statusbit;
···
407
407
/* We are aiming to look like inverse of other direction. */
408
408
nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple);
409
409
410
-
if (!manip_pkt(target.dst.protonum, pskb, 0, &target, mtype))
410
+
if (!manip_pkt(target.dst.protonum, skb, 0, &target, mtype))
411
411
return NF_DROP;
412
412
}
413
413
return NF_ACCEPT;
···
418
418
int nf_nat_icmp_reply_translation(struct nf_conn *ct,
419
419
enum ip_conntrack_info ctinfo,
420
420
unsigned int hooknum,
421
-
struct sk_buff **pskb)
421
+
struct sk_buff *skb)
422
422
{
423
423
struct {
424
424
struct icmphdr icmp;
···
426
426
} *inside;
427
427
struct nf_conntrack_l4proto *l4proto;
428
428
struct nf_conntrack_tuple inner, target;
429
-
int hdrlen = ip_hdrlen(*pskb);
429
+
int hdrlen = ip_hdrlen(skb);
430
430
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
431
431
unsigned long statusbit;
432
432
enum nf_nat_manip_type manip = HOOK2MANIP(hooknum);
433
433
434
-
if (!skb_make_writable(pskb, hdrlen + sizeof(*inside)))
434
+
if (!skb_make_writable(skb, hdrlen + sizeof(*inside)))
435
435
return 0;
436
436
437
-
inside = (void *)(*pskb)->data + ip_hdrlen(*pskb);
437
+
inside = (void *)skb->data + ip_hdrlen(skb);
438
438
439
439
/* We're actually going to mangle it beyond trivial checksum
440
440
adjustment, so make sure the current checksum is correct. */
441
-
if (nf_ip_checksum(*pskb, hooknum, hdrlen, 0))
441
+
if (nf_ip_checksum(skb, hooknum, hdrlen, 0))
442
442
return 0;
443
443
444
444
/* Must be RELATED */
445
-
NF_CT_ASSERT((*pskb)->nfctinfo == IP_CT_RELATED ||
446
-
(*pskb)->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY);
445
+
NF_CT_ASSERT(skb->nfctinfo == IP_CT_RELATED ||
446
+
skb->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY);
447
447
448
448
/* Redirects on non-null nats must be dropped, else they'll
449
449
start talking to each other without our translation, and be
···
458
458
}
459
459
460
460
pr_debug("icmp_reply_translation: translating error %p manip %u "
461
-
"dir %s\n", *pskb, manip,
461
+
"dir %s\n", skb, manip,
462
462
dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY");
463
463
464
464
/* rcu_read_lock()ed by nf_hook_slow */
465
465
l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol);
466
466
467
-
if (!nf_ct_get_tuple(*pskb,
468
-
ip_hdrlen(*pskb) + sizeof(struct icmphdr),
469
-
(ip_hdrlen(*pskb) +
467
+
if (!nf_ct_get_tuple(skb,
468
+
ip_hdrlen(skb) + sizeof(struct icmphdr),
469
+
(ip_hdrlen(skb) +
470
470
sizeof(struct icmphdr) + inside->ip.ihl * 4),
471
471
(u_int16_t)AF_INET,
472
472
inside->ip.protocol,
···
478
478
pass all hooks (locally-generated ICMP). Consider incoming
479
479
packet: PREROUTING (DST manip), routing produces ICMP, goes
480
480
through POSTROUTING (which must correct the DST manip). */
481
-
if (!manip_pkt(inside->ip.protocol, pskb,
482
-
ip_hdrlen(*pskb) + sizeof(inside->icmp),
481
+
if (!manip_pkt(inside->ip.protocol, skb,
482
+
ip_hdrlen(skb) + sizeof(inside->icmp),
483
483
&ct->tuplehash[!dir].tuple,
484
484
!manip))
485
485
return 0;
486
486
487
-
if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) {
487
+
if (skb->ip_summed != CHECKSUM_PARTIAL) {
488
488
/* Reloading "inside" here since manip_pkt inner. */
489
-
inside = (void *)(*pskb)->data + ip_hdrlen(*pskb);
489
+
inside = (void *)skb->data + ip_hdrlen(skb);
490
490
inside->icmp.checksum = 0;
491
491
inside->icmp.checksum =
492
-
csum_fold(skb_checksum(*pskb, hdrlen,
493
-
(*pskb)->len - hdrlen, 0));
492
+
csum_fold(skb_checksum(skb, hdrlen,
493
+
skb->len - hdrlen, 0));
494
494
}
495
495
496
496
/* Change outer to look the reply to an incoming packet
···
506
506
507
507
if (ct->status & statusbit) {
508
508
nf_ct_invert_tuplepr(&target, &ct->tuplehash[!dir].tuple);
509
-
if (!manip_pkt(0, pskb, 0, &target, manip))
509
+
if (!manip_pkt(0, skb, 0, &target, manip))
510
510
return 0;
511
511
}
512
512
+9
-9
net/ipv4/netfilter/nf_nat_ftp.c
+9
-9
net/ipv4/netfilter/nf_nat_ftp.c
···
28
28
/* FIXME: Time out? --RR */
29
29
30
30
static int
31
-
mangle_rfc959_packet(struct sk_buff **pskb,
31
+
mangle_rfc959_packet(struct sk_buff *skb,
32
32
__be32 newip,
33
33
u_int16_t port,
34
34
unsigned int matchoff,
···
43
43
44
44
pr_debug("calling nf_nat_mangle_tcp_packet\n");
45
45
46
-
return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff,
46
+
return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
47
47
matchlen, buffer, strlen(buffer));
48
48
}
49
49
50
50
/* |1|132.235.1.2|6275| */
51
51
static int
52
-
mangle_eprt_packet(struct sk_buff **pskb,
52
+
mangle_eprt_packet(struct sk_buff *skb,
53
53
__be32 newip,
54
54
u_int16_t port,
55
55
unsigned int matchoff,
···
63
63
64
64
pr_debug("calling nf_nat_mangle_tcp_packet\n");
65
65
66
-
return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff,
66
+
return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
67
67
matchlen, buffer, strlen(buffer));
68
68
}
69
69
70
70
/* |1|132.235.1.2|6275| */
71
71
static int
72
-
mangle_epsv_packet(struct sk_buff **pskb,
72
+
mangle_epsv_packet(struct sk_buff *skb,
73
73
__be32 newip,
74
74
u_int16_t port,
75
75
unsigned int matchoff,
···
83
83
84
84
pr_debug("calling nf_nat_mangle_tcp_packet\n");
85
85
86
-
return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff,
86
+
return nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff,
87
87
matchlen, buffer, strlen(buffer));
88
88
}
89
89
90
-
static int (*mangle[])(struct sk_buff **, __be32, u_int16_t,
90
+
static int (*mangle[])(struct sk_buff *, __be32, u_int16_t,
91
91
unsigned int, unsigned int, struct nf_conn *,
92
92
enum ip_conntrack_info)
93
93
= {
···
99
99
100
100
/* So, this packet has hit the connection tracking matching code.
101
101
Mangle it, and change the expectation to match the new version. */
102
-
static unsigned int nf_nat_ftp(struct sk_buff **pskb,
102
+
static unsigned int nf_nat_ftp(struct sk_buff *skb,
103
103
enum ip_conntrack_info ctinfo,
104
104
enum nf_ct_ftp_type type,
105
105
unsigned int matchoff,
···
132
132
if (port == 0)
133
133
return NF_DROP;
134
134
135
-
if (!mangle[type](pskb, newip, port, matchoff, matchlen, ct, ctinfo)) {
135
+
if (!mangle[type](skb, newip, port, matchoff, matchlen, ct, ctinfo)) {
136
136
nf_ct_unexpect_related(exp);
137
137
return NF_DROP;
138
138
}
+28
-30
net/ipv4/netfilter/nf_nat_h323.c
+28
-30
net/ipv4/netfilter/nf_nat_h323.c
···
22
22
#include <linux/netfilter/nf_conntrack_h323.h>
23
23
24
24
/****************************************************************************/
25
-
static int set_addr(struct sk_buff **pskb,
25
+
static int set_addr(struct sk_buff *skb,
26
26
unsigned char **data, int dataoff,
27
27
unsigned int addroff, __be32 ip, __be16 port)
28
28
{
29
29
enum ip_conntrack_info ctinfo;
30
-
struct nf_conn *ct = nf_ct_get(*pskb, &ctinfo);
30
+
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
31
31
struct {
32
32
__be32 ip;
33
33
__be16 port;
···
38
38
buf.port = port;
39
39
addroff += dataoff;
40
40
41
-
if (ip_hdr(*pskb)->protocol == IPPROTO_TCP) {
42
-
if (!nf_nat_mangle_tcp_packet(pskb, ct, ctinfo,
41
+
if (ip_hdr(skb)->protocol == IPPROTO_TCP) {
42
+
if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
43
43
addroff, sizeof(buf),
44
44
(char *) &buf, sizeof(buf))) {
45
45
if (net_ratelimit())
···
49
49
}
50
50
51
51
/* Relocate data pointer */
52
-
th = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
52
+
th = skb_header_pointer(skb, ip_hdrlen(skb),
53
53
sizeof(_tcph), &_tcph);
54
54
if (th == NULL)
55
55
return -1;
56
-
*data = (*pskb)->data + ip_hdrlen(*pskb) +
57
-
th->doff * 4 + dataoff;
56
+
*data = skb->data + ip_hdrlen(skb) + th->doff * 4 + dataoff;
58
57
} else {
59
-
if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo,
58
+
if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
60
59
addroff, sizeof(buf),
61
60
(char *) &buf, sizeof(buf))) {
62
61
if (net_ratelimit())
···
66
67
/* nf_nat_mangle_udp_packet uses skb_make_writable() to copy
67
68
* or pull everything in a linear buffer, so we can safely
68
69
* use the skb pointers now */
69
-
*data = ((*pskb)->data + ip_hdrlen(*pskb) +
70
-
sizeof(struct udphdr));
70
+
*data = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
71
71
}
72
72
73
73
return 0;
74
74
}
75
75
76
76
/****************************************************************************/
77
-
static int set_h225_addr(struct sk_buff **pskb,
77
+
static int set_h225_addr(struct sk_buff *skb,
78
78
unsigned char **data, int dataoff,
79
79
TransportAddress *taddr,
80
80
union nf_conntrack_address *addr, __be16 port)
81
81
{
82
-
return set_addr(pskb, data, dataoff, taddr->ipAddress.ip,
82
+
return set_addr(skb, data, dataoff, taddr->ipAddress.ip,
83
83
addr->ip, port);
84
84
}
85
85
86
86
/****************************************************************************/
87
-
static int set_h245_addr(struct sk_buff **pskb,
87
+
static int set_h245_addr(struct sk_buff *skb,
88
88
unsigned char **data, int dataoff,
89
89
H245_TransportAddress *taddr,
90
90
union nf_conntrack_address *addr, __be16 port)
91
91
{
92
-
return set_addr(pskb, data, dataoff,
92
+
return set_addr(skb, data, dataoff,
93
93
taddr->unicastAddress.iPAddress.network,
94
94
addr->ip, port);
95
95
}
96
96
97
97
/****************************************************************************/
98
-
static int set_sig_addr(struct sk_buff **pskb, struct nf_conn *ct,
98
+
static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct,
99
99
enum ip_conntrack_info ctinfo,
100
100
unsigned char **data,
101
101
TransportAddress *taddr, int count)
···
123
125
NIPQUAD(addr.ip), port,
124
126
NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip),
125
127
info->sig_port[!dir]);
126
-
return set_h225_addr(pskb, data, 0, &taddr[i],
128
+
return set_h225_addr(skb, data, 0, &taddr[i],
127
129
&ct->tuplehash[!dir].
128
130
tuple.dst.u3,
129
131
info->sig_port[!dir]);
···
135
137
NIPQUAD(addr.ip), port,
136
138
NIPQUAD(ct->tuplehash[!dir].tuple.src.u3.ip),
137
139
info->sig_port[!dir]);
138
-
return set_h225_addr(pskb, data, 0, &taddr[i],
140
+
return set_h225_addr(skb, data, 0, &taddr[i],
139
141
&ct->tuplehash[!dir].
140
142
tuple.src.u3,
141
143
info->sig_port[!dir]);
···
147
149
}
148
150
149
151
/****************************************************************************/
150
-
static int set_ras_addr(struct sk_buff **pskb, struct nf_conn *ct,
152
+
static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct,
151
153
enum ip_conntrack_info ctinfo,
152
154
unsigned char **data,
153
155
TransportAddress *taddr, int count)
···
166
168
NIPQUAD(addr.ip), ntohs(port),
167
169
NIPQUAD(ct->tuplehash[!dir].tuple.dst.u3.ip),
168
170
ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port));
169
-
return set_h225_addr(pskb, data, 0, &taddr[i],
171
+
return set_h225_addr(skb, data, 0, &taddr[i],
170
172
&ct->tuplehash[!dir].tuple.dst.u3,
171
173
ct->tuplehash[!dir].tuple.
172
174
dst.u.udp.port);
···
177
179
}
178
180
179
181
/****************************************************************************/
180
-
static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct,
182
+
static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
181
183
enum ip_conntrack_info ctinfo,
182
184
unsigned char **data, int dataoff,
183
185
H245_TransportAddress *taddr,
···
242
244
}
243
245
244
246
/* Modify signal */
245
-
if (set_h245_addr(pskb, data, dataoff, taddr,
247
+
if (set_h245_addr(skb, data, dataoff, taddr,
246
248
&ct->tuplehash[!dir].tuple.dst.u3,
247
249
htons((port & htons(1)) ? nated_port + 1 :
248
250
nated_port)) == 0) {
···
271
273
}
272
274
273
275
/****************************************************************************/
274
-
static int nat_t120(struct sk_buff **pskb, struct nf_conn *ct,
276
+
static int nat_t120(struct sk_buff *skb, struct nf_conn *ct,
275
277
enum ip_conntrack_info ctinfo,
276
278
unsigned char **data, int dataoff,
277
279
H245_TransportAddress *taddr, __be16 port,
···
299
301
}
300
302
301
303
/* Modify signal */
302
-
if (set_h245_addr(pskb, data, dataoff, taddr,
304
+
if (set_h245_addr(skb, data, dataoff, taddr,
303
305
&ct->tuplehash[!dir].tuple.dst.u3,
304
306
htons(nated_port)) < 0) {
305
307
nf_ct_unexpect_related(exp);
···
316
318
}
317
319
318
320
/****************************************************************************/
319
-
static int nat_h245(struct sk_buff **pskb, struct nf_conn *ct,
321
+
static int nat_h245(struct sk_buff *skb, struct nf_conn *ct,
320
322
enum ip_conntrack_info ctinfo,
321
323
unsigned char **data, int dataoff,
322
324
TransportAddress *taddr, __be16 port,
···
349
351
}
350
352
351
353
/* Modify signal */
352
-
if (set_h225_addr(pskb, data, dataoff, taddr,
354
+
if (set_h225_addr(skb, data, dataoff, taddr,
353
355
&ct->tuplehash[!dir].tuple.dst.u3,
354
356
htons(nated_port)) == 0) {
355
357
/* Save ports */
···
404
406
}
405
407
406
408
/****************************************************************************/
407
-
static int nat_q931(struct sk_buff **pskb, struct nf_conn *ct,
409
+
static int nat_q931(struct sk_buff *skb, struct nf_conn *ct,
408
410
enum ip_conntrack_info ctinfo,
409
411
unsigned char **data, TransportAddress *taddr, int idx,
410
412
__be16 port, struct nf_conntrack_expect *exp)
···
437
439
}
438
440
439
441
/* Modify signal */
440
-
if (set_h225_addr(pskb, data, 0, &taddr[idx],
442
+
if (set_h225_addr(skb, data, 0, &taddr[idx],
441
443
&ct->tuplehash[!dir].tuple.dst.u3,
442
444
htons(nated_port)) == 0) {
443
445
/* Save ports */
···
448
450
if (idx > 0 &&
449
451
get_h225_addr(ct, *data, &taddr[0], &addr, &port) &&
450
452
(ntohl(addr.ip) & 0xff000000) == 0x7f000000) {
451
-
set_h225_addr(pskb, data, 0, &taddr[0],
453
+
set_h225_addr(skb, data, 0, &taddr[0],
452
454
&ct->tuplehash[!dir].tuple.dst.u3,
453
455
info->sig_port[!dir]);
454
456
}
···
493
495
}
494
496
495
497
/****************************************************************************/
496
-
static int nat_callforwarding(struct sk_buff **pskb, struct nf_conn *ct,
498
+
static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct,
497
499
enum ip_conntrack_info ctinfo,
498
500
unsigned char **data, int dataoff,
499
501
TransportAddress *taddr, __be16 port,
···
523
525
}
524
526
525
527
/* Modify signal */
526
-
if (!set_h225_addr(pskb, data, dataoff, taddr,
528
+
if (!set_h225_addr(skb, data, dataoff, taddr,
527
529
&ct->tuplehash[!dir].tuple.dst.u3,
528
530
htons(nated_port)) == 0) {
529
531
nf_ct_unexpect_related(exp);
+55
-63
net/ipv4/netfilter/nf_nat_helper.c
+55
-63
net/ipv4/netfilter/nf_nat_helper.c
···
111
111
}
112
112
113
113
/* Unusual, but possible case. */
114
-
static int enlarge_skb(struct sk_buff **pskb, unsigned int extra)
114
+
static int enlarge_skb(struct sk_buff *skb, unsigned int extra)
115
115
{
116
-
struct sk_buff *nskb;
117
-
118
-
if ((*pskb)->len + extra > 65535)
116
+
if (skb->len + extra > 65535)
119
117
return 0;
120
118
121
-
nskb = skb_copy_expand(*pskb, skb_headroom(*pskb), extra, GFP_ATOMIC);
122
-
if (!nskb)
119
+
if (pskb_expand_head(skb, 0, extra - skb_tailroom(skb), GFP_ATOMIC))
123
120
return 0;
124
121
125
-
/* Transfer socket to new skb. */
126
-
if ((*pskb)->sk)
127
-
skb_set_owner_w(nskb, (*pskb)->sk);
128
-
kfree_skb(*pskb);
129
-
*pskb = nskb;
130
122
return 1;
131
123
}
132
124
···
131
139
*
132
140
* */
133
141
int
134
-
nf_nat_mangle_tcp_packet(struct sk_buff **pskb,
142
+
nf_nat_mangle_tcp_packet(struct sk_buff *skb,
135
143
struct nf_conn *ct,
136
144
enum ip_conntrack_info ctinfo,
137
145
unsigned int match_offset,
···
139
147
const char *rep_buffer,
140
148
unsigned int rep_len)
141
149
{
142
-
struct rtable *rt = (struct rtable *)(*pskb)->dst;
150
+
struct rtable *rt = (struct rtable *)skb->dst;
143
151
struct iphdr *iph;
144
152
struct tcphdr *tcph;
145
153
int oldlen, datalen;
146
154
147
-
if (!skb_make_writable(pskb, (*pskb)->len))
155
+
if (!skb_make_writable(skb, skb->len))
148
156
return 0;
149
157
150
158
if (rep_len > match_len &&
151
-
rep_len - match_len > skb_tailroom(*pskb) &&
152
-
!enlarge_skb(pskb, rep_len - match_len))
159
+
rep_len - match_len > skb_tailroom(skb) &&
160
+
!enlarge_skb(skb, rep_len - match_len))
153
161
return 0;
154
162
155
-
SKB_LINEAR_ASSERT(*pskb);
163
+
SKB_LINEAR_ASSERT(skb);
156
164
157
-
iph = ip_hdr(*pskb);
165
+
iph = ip_hdr(skb);
158
166
tcph = (void *)iph + iph->ihl*4;
159
167
160
-
oldlen = (*pskb)->len - iph->ihl*4;
161
-
mangle_contents(*pskb, iph->ihl*4 + tcph->doff*4,
168
+
oldlen = skb->len - iph->ihl*4;
169
+
mangle_contents(skb, iph->ihl*4 + tcph->doff*4,
162
170
match_offset, match_len, rep_buffer, rep_len);
163
171
164
-
datalen = (*pskb)->len - iph->ihl*4;
165
-
if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) {
172
+
datalen = skb->len - iph->ihl*4;
173
+
if (skb->ip_summed != CHECKSUM_PARTIAL) {
166
174
if (!(rt->rt_flags & RTCF_LOCAL) &&
167
-
(*pskb)->dev->features & NETIF_F_V4_CSUM) {
168
-
(*pskb)->ip_summed = CHECKSUM_PARTIAL;
169
-
(*pskb)->csum_start = skb_headroom(*pskb) +
170
-
skb_network_offset(*pskb) +
171
-
iph->ihl * 4;
172
-
(*pskb)->csum_offset = offsetof(struct tcphdr, check);
175
+
skb->dev->features & NETIF_F_V4_CSUM) {
176
+
skb->ip_summed = CHECKSUM_PARTIAL;
177
+
skb->csum_start = skb_headroom(skb) +
178
+
skb_network_offset(skb) +
179
+
iph->ihl * 4;
180
+
skb->csum_offset = offsetof(struct tcphdr, check);
173
181
tcph->check = ~tcp_v4_check(datalen,
174
182
iph->saddr, iph->daddr, 0);
175
183
} else {
···
180
188
datalen, 0));
181
189
}
182
190
} else
183
-
nf_proto_csum_replace2(&tcph->check, *pskb,
191
+
nf_proto_csum_replace2(&tcph->check, skb,
184
192
htons(oldlen), htons(datalen), 1);
185
193
186
194
if (rep_len != match_len) {
···
189
197
(int)rep_len - (int)match_len,
190
198
ct, ctinfo);
191
199
/* Tell TCP window tracking about seq change */
192
-
nf_conntrack_tcp_update(*pskb, ip_hdrlen(*pskb),
200
+
nf_conntrack_tcp_update(skb, ip_hdrlen(skb),
193
201
ct, CTINFO2DIR(ctinfo));
194
202
}
195
203
return 1;
···
207
215
* should be fairly easy to do.
208
216
*/
209
217
int
210
-
nf_nat_mangle_udp_packet(struct sk_buff **pskb,
218
+
nf_nat_mangle_udp_packet(struct sk_buff *skb,
211
219
struct nf_conn *ct,
212
220
enum ip_conntrack_info ctinfo,
213
221
unsigned int match_offset,
···
215
223
const char *rep_buffer,
216
224
unsigned int rep_len)
217
225
{
218
-
struct rtable *rt = (struct rtable *)(*pskb)->dst;
226
+
struct rtable *rt = (struct rtable *)skb->dst;
219
227
struct iphdr *iph;
220
228
struct udphdr *udph;
221
229
int datalen, oldlen;
222
230
223
231
/* UDP helpers might accidentally mangle the wrong packet */
224
-
iph = ip_hdr(*pskb);
225
-
if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) +
232
+
iph = ip_hdr(skb);
233
+
if (skb->len < iph->ihl*4 + sizeof(*udph) +
226
234
match_offset + match_len)
227
235
return 0;
228
236
229
-
if (!skb_make_writable(pskb, (*pskb)->len))
237
+
if (!skb_make_writable(skb, skb->len))
230
238
return 0;
231
239
232
240
if (rep_len > match_len &&
233
-
rep_len - match_len > skb_tailroom(*pskb) &&
234
-
!enlarge_skb(pskb, rep_len - match_len))
241
+
rep_len - match_len > skb_tailroom(skb) &&
242
+
!enlarge_skb(skb, rep_len - match_len))
235
243
return 0;
236
244
237
-
iph = ip_hdr(*pskb);
245
+
iph = ip_hdr(skb);
238
246
udph = (void *)iph + iph->ihl*4;
239
247
240
-
oldlen = (*pskb)->len - iph->ihl*4;
241
-
mangle_contents(*pskb, iph->ihl*4 + sizeof(*udph),
248
+
oldlen = skb->len - iph->ihl*4;
249
+
mangle_contents(skb, iph->ihl*4 + sizeof(*udph),
242
250
match_offset, match_len, rep_buffer, rep_len);
243
251
244
252
/* update the length of the UDP packet */
245
-
datalen = (*pskb)->len - iph->ihl*4;
253
+
datalen = skb->len - iph->ihl*4;
246
254
udph->len = htons(datalen);
247
255
248
256
/* fix udp checksum if udp checksum was previously calculated */
249
-
if (!udph->check && (*pskb)->ip_summed != CHECKSUM_PARTIAL)
257
+
if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL)
250
258
return 1;
251
259
252
-
if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) {
260
+
if (skb->ip_summed != CHECKSUM_PARTIAL) {
253
261
if (!(rt->rt_flags & RTCF_LOCAL) &&
254
-
(*pskb)->dev->features & NETIF_F_V4_CSUM) {
255
-
(*pskb)->ip_summed = CHECKSUM_PARTIAL;
256
-
(*pskb)->csum_start = skb_headroom(*pskb) +
257
-
skb_network_offset(*pskb) +
258
-
iph->ihl * 4;
259
-
(*pskb)->csum_offset = offsetof(struct udphdr, check);
262
+
skb->dev->features & NETIF_F_V4_CSUM) {
263
+
skb->ip_summed = CHECKSUM_PARTIAL;
264
+
skb->csum_start = skb_headroom(skb) +
265
+
skb_network_offset(skb) +
266
+
iph->ihl * 4;
267
+
skb->csum_offset = offsetof(struct udphdr, check);
260
268
udph->check = ~csum_tcpudp_magic(iph->saddr, iph->daddr,
261
269
datalen, IPPROTO_UDP,
262
270
0);
···
270
278
udph->check = CSUM_MANGLED_0;
271
279
}
272
280
} else
273
-
nf_proto_csum_replace2(&udph->check, *pskb,
281
+
nf_proto_csum_replace2(&udph->check, skb,
274
282
htons(oldlen), htons(datalen), 1);
275
283
276
284
return 1;
···
322
330
323
331
/* TCP SACK sequence number adjustment */
324
332
static inline unsigned int
325
-
nf_nat_sack_adjust(struct sk_buff **pskb,
333
+
nf_nat_sack_adjust(struct sk_buff *skb,
326
334
struct tcphdr *tcph,
327
335
struct nf_conn *ct,
328
336
enum ip_conntrack_info ctinfo)
···
330
338
unsigned int dir, optoff, optend;
331
339
struct nf_conn_nat *nat = nfct_nat(ct);
332
340
333
-
optoff = ip_hdrlen(*pskb) + sizeof(struct tcphdr);
334
-
optend = ip_hdrlen(*pskb) + tcph->doff * 4;
341
+
optoff = ip_hdrlen(skb) + sizeof(struct tcphdr);
342
+
optend = ip_hdrlen(skb) + tcph->doff * 4;
335
343
336
-
if (!skb_make_writable(pskb, optend))
344
+
if (!skb_make_writable(skb, optend))
337
345
return 0;
338
346
339
347
dir = CTINFO2DIR(ctinfo);
340
348
341
349
while (optoff < optend) {
342
350
/* Usually: option, length. */
343
-
unsigned char *op = (*pskb)->data + optoff;
351
+
unsigned char *op = skb->data + optoff;
344
352
345
353
switch (op[0]) {
346
354
case TCPOPT_EOL:
···
357
365
if (op[0] == TCPOPT_SACK &&
358
366
op[1] >= 2+TCPOLEN_SACK_PERBLOCK &&
359
367
((op[1] - 2) % TCPOLEN_SACK_PERBLOCK) == 0)
360
-
sack_adjust(*pskb, tcph, optoff+2,
368
+
sack_adjust(skb, tcph, optoff+2,
361
369
optoff+op[1], &nat->seq[!dir]);
362
370
optoff += op[1];
363
371
}
···
367
375
368
376
/* TCP sequence number adjustment. Returns 1 on success, 0 on failure */
369
377
int
370
-
nf_nat_seq_adjust(struct sk_buff **pskb,
378
+
nf_nat_seq_adjust(struct sk_buff *skb,
371
379
struct nf_conn *ct,
372
380
enum ip_conntrack_info ctinfo)
373
381
{
···
382
390
this_way = &nat->seq[dir];
383
391
other_way = &nat->seq[!dir];
384
392
385
-
if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph)))
393
+
if (!skb_make_writable(skb, ip_hdrlen(skb) + sizeof(*tcph)))
386
394
return 0;
387
395
388
-
tcph = (void *)(*pskb)->data + ip_hdrlen(*pskb);
396
+
tcph = (void *)skb->data + ip_hdrlen(skb);
389
397
if (after(ntohl(tcph->seq), this_way->correction_pos))
390
398
newseq = htonl(ntohl(tcph->seq) + this_way->offset_after);
391
399
else
···
397
405
else
398
406
newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before);
399
407
400
-
nf_proto_csum_replace4(&tcph->check, *pskb, tcph->seq, newseq, 0);
401
-
nf_proto_csum_replace4(&tcph->check, *pskb, tcph->ack_seq, newack, 0);
408
+
nf_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, 0);
409
+
nf_proto_csum_replace4(&tcph->check, skb, tcph->ack_seq, newack, 0);
402
410
403
411
pr_debug("Adjusting sequence number from %u->%u, ack from %u->%u\n",
404
412
ntohl(tcph->seq), ntohl(newseq), ntohl(tcph->ack_seq),
···
407
415
tcph->seq = newseq;
408
416
tcph->ack_seq = newack;
409
417
410
-
if (!nf_nat_sack_adjust(pskb, tcph, ct, ctinfo))
418
+
if (!nf_nat_sack_adjust(skb, tcph, ct, ctinfo))
411
419
return 0;
412
420
413
-
nf_conntrack_tcp_update(*pskb, ip_hdrlen(*pskb), ct, dir);
421
+
nf_conntrack_tcp_update(skb, ip_hdrlen(skb), ct, dir);
414
422
415
423
return 1;
416
424
}
+2
-2
net/ipv4/netfilter/nf_nat_irc.c
+2
-2
net/ipv4/netfilter/nf_nat_irc.c
···
27
27
MODULE_LICENSE("GPL");
28
28
MODULE_ALIAS("ip_nat_irc");
29
29
30
-
static unsigned int help(struct sk_buff **pskb,
30
+
static unsigned int help(struct sk_buff *skb,
31
31
enum ip_conntrack_info ctinfo,
32
32
unsigned int matchoff,
33
33
unsigned int matchlen,
···
58
58
pr_debug("nf_nat_irc: inserting '%s' == %u.%u.%u.%u, port %u\n",
59
59
buffer, NIPQUAD(ip), port);
60
60
61
-
ret = nf_nat_mangle_tcp_packet(pskb, exp->master, ctinfo,
61
+
ret = nf_nat_mangle_tcp_packet(skb, exp->master, ctinfo,
62
62
matchoff, matchlen, buffer,
63
63
strlen(buffer));
64
64
if (ret != NF_ACCEPT)
+4
-4
net/ipv4/netfilter/nf_nat_pptp.c
+4
-4
net/ipv4/netfilter/nf_nat_pptp.c
···
110
110
111
111
/* outbound packets == from PNS to PAC */
112
112
static int
113
-
pptp_outbound_pkt(struct sk_buff **pskb,
113
+
pptp_outbound_pkt(struct sk_buff *skb,
114
114
struct nf_conn *ct,
115
115
enum ip_conntrack_info ctinfo,
116
116
struct PptpControlHeader *ctlh,
···
175
175
ntohs(REQ_CID(pptpReq, cid_off)), ntohs(new_callid));
176
176
177
177
/* mangle packet */
178
-
if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo,
178
+
if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
179
179
cid_off + sizeof(struct pptp_pkt_hdr) +
180
180
sizeof(struct PptpControlHeader),
181
181
sizeof(new_callid), (char *)&new_callid,
···
213
213
214
214
/* inbound packets == from PAC to PNS */
215
215
static int
216
-
pptp_inbound_pkt(struct sk_buff **pskb,
216
+
pptp_inbound_pkt(struct sk_buff *skb,
217
217
struct nf_conn *ct,
218
218
enum ip_conntrack_info ctinfo,
219
219
struct PptpControlHeader *ctlh,
···
268
268
pr_debug("altering peer call id from 0x%04x to 0x%04x\n",
269
269
ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid));
270
270
271
-
if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo,
271
+
if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
272
272
pcid_off + sizeof(struct pptp_pkt_hdr) +
273
273
sizeof(struct PptpControlHeader),
274
274
sizeof(new_pcid), (char *)&new_pcid,
+4
-4
net/ipv4/netfilter/nf_nat_proto_gre.c
+4
-4
net/ipv4/netfilter/nf_nat_proto_gre.c
···
98
98
99
99
/* manipulate a GRE packet according to maniptype */
100
100
static int
101
-
gre_manip_pkt(struct sk_buff **pskb, unsigned int iphdroff,
101
+
gre_manip_pkt(struct sk_buff *skb, unsigned int iphdroff,
102
102
const struct nf_conntrack_tuple *tuple,
103
103
enum nf_nat_manip_type maniptype)
104
104
{
105
105
struct gre_hdr *greh;
106
106
struct gre_hdr_pptp *pgreh;
107
-
struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff);
107
+
struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff);
108
108
unsigned int hdroff = iphdroff + iph->ihl * 4;
109
109
110
110
/* pgreh includes two optional 32bit fields which are not required
111
111
* to be there. That's where the magic '8' comes from */
112
-
if (!skb_make_writable(pskb, hdroff + sizeof(*pgreh) - 8))
112
+
if (!skb_make_writable(skb, hdroff + sizeof(*pgreh) - 8))
113
113
return 0;
114
114
115
-
greh = (void *)(*pskb)->data + hdroff;
115
+
greh = (void *)skb->data + hdroff;
116
116
pgreh = (struct gre_hdr_pptp *)greh;
117
117
118
118
/* we only have destination manip of a packet, since 'source key'
+5
-5
net/ipv4/netfilter/nf_nat_proto_icmp.c
+5
-5
net/ipv4/netfilter/nf_nat_proto_icmp.c
···
52
52
}
53
53
54
54
static int
55
-
icmp_manip_pkt(struct sk_buff **pskb,
55
+
icmp_manip_pkt(struct sk_buff *skb,
56
56
unsigned int iphdroff,
57
57
const struct nf_conntrack_tuple *tuple,
58
58
enum nf_nat_manip_type maniptype)
59
59
{
60
-
struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff);
60
+
struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff);
61
61
struct icmphdr *hdr;
62
62
unsigned int hdroff = iphdroff + iph->ihl*4;
63
63
64
-
if (!skb_make_writable(pskb, hdroff + sizeof(*hdr)))
64
+
if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
65
65
return 0;
66
66
67
-
hdr = (struct icmphdr *)((*pskb)->data + hdroff);
68
-
nf_proto_csum_replace2(&hdr->checksum, *pskb,
67
+
hdr = (struct icmphdr *)(skb->data + hdroff);
68
+
nf_proto_csum_replace2(&hdr->checksum, skb,
69
69
hdr->un.echo.id, tuple->src.u.icmp.id, 0);
70
70
hdr->un.echo.id = tuple->src.u.icmp.id;
71
71
return 1;
+8
-8
net/ipv4/netfilter/nf_nat_proto_tcp.c
+8
-8
net/ipv4/netfilter/nf_nat_proto_tcp.c
···
88
88
}
89
89
90
90
static int
91
-
tcp_manip_pkt(struct sk_buff **pskb,
91
+
tcp_manip_pkt(struct sk_buff *skb,
92
92
unsigned int iphdroff,
93
93
const struct nf_conntrack_tuple *tuple,
94
94
enum nf_nat_manip_type maniptype)
95
95
{
96
-
struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff);
96
+
struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff);
97
97
struct tcphdr *hdr;
98
98
unsigned int hdroff = iphdroff + iph->ihl*4;
99
99
__be32 oldip, newip;
···
103
103
/* this could be a inner header returned in icmp packet; in such
104
104
cases we cannot update the checksum field since it is outside of
105
105
the 8 bytes of transport layer headers we are guaranteed */
106
-
if ((*pskb)->len >= hdroff + sizeof(struct tcphdr))
106
+
if (skb->len >= hdroff + sizeof(struct tcphdr))
107
107
hdrsize = sizeof(struct tcphdr);
108
108
109
-
if (!skb_make_writable(pskb, hdroff + hdrsize))
109
+
if (!skb_make_writable(skb, hdroff + hdrsize))
110
110
return 0;
111
111
112
-
iph = (struct iphdr *)((*pskb)->data + iphdroff);
113
-
hdr = (struct tcphdr *)((*pskb)->data + hdroff);
112
+
iph = (struct iphdr *)(skb->data + iphdroff);
113
+
hdr = (struct tcphdr *)(skb->data + hdroff);
114
114
115
115
if (maniptype == IP_NAT_MANIP_SRC) {
116
116
/* Get rid of src ip and src pt */
···
132
132
if (hdrsize < sizeof(*hdr))
133
133
return 1;
134
134
135
-
nf_proto_csum_replace4(&hdr->check, *pskb, oldip, newip, 1);
136
-
nf_proto_csum_replace2(&hdr->check, *pskb, oldport, newport, 0);
135
+
nf_proto_csum_replace4(&hdr->check, skb, oldip, newip, 1);
136
+
nf_proto_csum_replace2(&hdr->check, skb, oldport, newport, 0);
137
137
return 1;
138
138
}
139
139
+8
-8
net/ipv4/netfilter/nf_nat_proto_udp.c
+8
-8
net/ipv4/netfilter/nf_nat_proto_udp.c
···
86
86
}
87
87
88
88
static int
89
-
udp_manip_pkt(struct sk_buff **pskb,
89
+
udp_manip_pkt(struct sk_buff *skb,
90
90
unsigned int iphdroff,
91
91
const struct nf_conntrack_tuple *tuple,
92
92
enum nf_nat_manip_type maniptype)
93
93
{
94
-
struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff);
94
+
struct iphdr *iph = (struct iphdr *)(skb->data + iphdroff);
95
95
struct udphdr *hdr;
96
96
unsigned int hdroff = iphdroff + iph->ihl*4;
97
97
__be32 oldip, newip;
98
98
__be16 *portptr, newport;
99
99
100
-
if (!skb_make_writable(pskb, hdroff + sizeof(*hdr)))
100
+
if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
101
101
return 0;
102
102
103
-
iph = (struct iphdr *)((*pskb)->data + iphdroff);
104
-
hdr = (struct udphdr *)((*pskb)->data + hdroff);
103
+
iph = (struct iphdr *)(skb->data + iphdroff);
104
+
hdr = (struct udphdr *)(skb->data + hdroff);
105
105
106
106
if (maniptype == IP_NAT_MANIP_SRC) {
107
107
/* Get rid of src ip and src pt */
···
116
116
newport = tuple->dst.u.udp.port;
117
117
portptr = &hdr->dest;
118
118
}
119
-
if (hdr->check || (*pskb)->ip_summed == CHECKSUM_PARTIAL) {
120
-
nf_proto_csum_replace4(&hdr->check, *pskb, oldip, newip, 1);
121
-
nf_proto_csum_replace2(&hdr->check, *pskb, *portptr, newport,
119
+
if (hdr->check || skb->ip_summed == CHECKSUM_PARTIAL) {
120
+
nf_proto_csum_replace4(&hdr->check, skb, oldip, newip, 1);
121
+
nf_proto_csum_replace2(&hdr->check, skb, *portptr, newport,
122
122
0);
123
123
if (!hdr->check)
124
124
hdr->check = CSUM_MANGLED_0;
+1
-1
net/ipv4/netfilter/nf_nat_proto_unknown.c
+1
-1
net/ipv4/netfilter/nf_nat_proto_unknown.c
+7
-7
net/ipv4/netfilter/nf_nat_rule.c
+7
-7
net/ipv4/netfilter/nf_nat_rule.c
···
65
65
};
66
66
67
67
/* Source NAT */
68
-
static unsigned int ipt_snat_target(struct sk_buff **pskb,
68
+
static unsigned int ipt_snat_target(struct sk_buff *skb,
69
69
const struct net_device *in,
70
70
const struct net_device *out,
71
71
unsigned int hooknum,
···
78
78
79
79
NF_CT_ASSERT(hooknum == NF_IP_POST_ROUTING);
80
80
81
-
ct = nf_ct_get(*pskb, &ctinfo);
81
+
ct = nf_ct_get(skb, &ctinfo);
82
82
83
83
/* Connection must be valid and new. */
84
84
NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
···
107
107
ip_rt_put(rt);
108
108
}
109
109
110
-
static unsigned int ipt_dnat_target(struct sk_buff **pskb,
110
+
static unsigned int ipt_dnat_target(struct sk_buff *skb,
111
111
const struct net_device *in,
112
112
const struct net_device *out,
113
113
unsigned int hooknum,
···
121
121
NF_CT_ASSERT(hooknum == NF_IP_PRE_ROUTING ||
122
122
hooknum == NF_IP_LOCAL_OUT);
123
123
124
-
ct = nf_ct_get(*pskb, &ctinfo);
124
+
ct = nf_ct_get(skb, &ctinfo);
125
125
126
126
/* Connection must be valid and new. */
127
127
NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
128
128
129
129
if (hooknum == NF_IP_LOCAL_OUT &&
130
130
mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)
131
-
warn_if_extra_mangle(ip_hdr(*pskb)->daddr,
131
+
warn_if_extra_mangle(ip_hdr(skb)->daddr,
132
132
mr->range[0].min_ip);
133
133
134
134
return nf_nat_setup_info(ct, &mr->range[0], hooknum);
···
204
204
return nf_nat_setup_info(ct, &range, hooknum);
205
205
}
206
206
207
-
int nf_nat_rule_find(struct sk_buff **pskb,
207
+
int nf_nat_rule_find(struct sk_buff *skb,
208
208
unsigned int hooknum,
209
209
const struct net_device *in,
210
210
const struct net_device *out,
···
212
212
{
213
213
int ret;
214
214
215
-
ret = ipt_do_table(pskb, hooknum, in, out, &nat_table);
215
+
ret = ipt_do_table(skb, hooknum, in, out, &nat_table);
216
216
217
217
if (ret == NF_ACCEPT) {
218
218
if (!nf_nat_initialized(ct, HOOK2MANIP(hooknum)))
+28
-28
net/ipv4/netfilter/nf_nat_sip.c
+28
-28
net/ipv4/netfilter/nf_nat_sip.c
···
60
60
}
61
61
}
62
62
63
-
static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo,
63
+
static int map_sip_addr(struct sk_buff *skb, enum ip_conntrack_info ctinfo,
64
64
struct nf_conn *ct, const char **dptr, size_t dlen,
65
65
enum sip_header_pos pos, struct addr_map *map)
66
66
{
···
84
84
} else
85
85
return 1;
86
86
87
-
if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo,
87
+
if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
88
88
matchoff, matchlen, addr, addrlen))
89
89
return 0;
90
-
*dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr);
90
+
*dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
91
91
return 1;
92
92
93
93
}
94
94
95
-
static unsigned int ip_nat_sip(struct sk_buff **pskb,
95
+
static unsigned int ip_nat_sip(struct sk_buff *skb,
96
96
enum ip_conntrack_info ctinfo,
97
97
struct nf_conn *ct,
98
98
const char **dptr)
···
101
101
struct addr_map map;
102
102
int dataoff, datalen;
103
103
104
-
dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
105
-
datalen = (*pskb)->len - dataoff;
104
+
dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);
105
+
datalen = skb->len - dataoff;
106
106
if (datalen < sizeof("SIP/2.0") - 1)
107
107
return NF_ACCEPT;
108
108
···
121
121
else
122
122
pos = POS_REQ_URI;
123
123
124
-
if (!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, pos, &map))
124
+
if (!map_sip_addr(skb, ctinfo, ct, dptr, datalen, pos, &map))
125
125
return NF_DROP;
126
126
}
127
127
128
-
if (!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_FROM, &map) ||
129
-
!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_TO, &map) ||
130
-
!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_VIA, &map) ||
131
-
!map_sip_addr(pskb, ctinfo, ct, dptr, datalen, POS_CONTACT, &map))
128
+
if (!map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_FROM, &map) ||
129
+
!map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_TO, &map) ||
130
+
!map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_VIA, &map) ||
131
+
!map_sip_addr(skb, ctinfo, ct, dptr, datalen, POS_CONTACT, &map))
132
132
return NF_DROP;
133
133
return NF_ACCEPT;
134
134
}
135
135
136
-
static unsigned int mangle_sip_packet(struct sk_buff **pskb,
136
+
static unsigned int mangle_sip_packet(struct sk_buff *skb,
137
137
enum ip_conntrack_info ctinfo,
138
138
struct nf_conn *ct,
139
139
const char **dptr, size_t dlen,
···
145
145
if (ct_sip_get_info(ct, *dptr, dlen, &matchoff, &matchlen, pos) <= 0)
146
146
return 0;
147
147
148
-
if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo,
148
+
if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
149
149
matchoff, matchlen, buffer, bufflen))
150
150
return 0;
151
151
152
152
/* We need to reload this. Thanks Patrick. */
153
-
*dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr);
153
+
*dptr = skb->data + ip_hdrlen(skb) + sizeof(struct udphdr);
154
154
return 1;
155
155
}
156
156
157
-
static int mangle_content_len(struct sk_buff **pskb,
157
+
static int mangle_content_len(struct sk_buff *skb,
158
158
enum ip_conntrack_info ctinfo,
159
159
struct nf_conn *ct,
160
160
const char *dptr)
···
163
163
char buffer[sizeof("65536")];
164
164
int bufflen;
165
165
166
-
dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
166
+
dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);
167
167
168
168
/* Get actual SDP lenght */
169
-
if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff,
169
+
if (ct_sip_get_info(ct, dptr, skb->len - dataoff, &matchoff,
170
170
&matchlen, POS_SDP_HEADER) > 0) {
171
171
172
172
/* since ct_sip_get_info() give us a pointer passing 'v='
173
173
we need to add 2 bytes in this count. */
174
-
int c_len = (*pskb)->len - dataoff - matchoff + 2;
174
+
int c_len = skb->len - dataoff - matchoff + 2;
175
175
176
176
/* Now, update SDP length */
177
-
if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff,
177
+
if (ct_sip_get_info(ct, dptr, skb->len - dataoff, &matchoff,
178
178
&matchlen, POS_CONTENT) > 0) {
179
179
180
180
bufflen = sprintf(buffer, "%u", c_len);
181
-
return nf_nat_mangle_udp_packet(pskb, ct, ctinfo,
181
+
return nf_nat_mangle_udp_packet(skb, ct, ctinfo,
182
182
matchoff, matchlen,
183
183
buffer, bufflen);
184
184
}
···
186
186
return 0;
187
187
}
188
188
189
-
static unsigned int mangle_sdp(struct sk_buff **pskb,
189
+
static unsigned int mangle_sdp(struct sk_buff *skb,
190
190
enum ip_conntrack_info ctinfo,
191
191
struct nf_conn *ct,
192
192
__be32 newip, u_int16_t port,
···
195
195
char buffer[sizeof("nnn.nnn.nnn.nnn")];
196
196
unsigned int dataoff, bufflen;
197
197
198
-
dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
198
+
dataoff = ip_hdrlen(skb) + sizeof(struct udphdr);
199
199
200
200
/* Mangle owner and contact info. */
201
201
bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip));
202
-
if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
202
+
if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,
203
203
buffer, bufflen, POS_OWNER_IP4))
204
204
return 0;
205
205
206
-
if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
206
+
if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,
207
207
buffer, bufflen, POS_CONNECTION_IP4))
208
208
return 0;
209
209
210
210
/* Mangle media port. */
211
211
bufflen = sprintf(buffer, "%u", port);
212
-
if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
212
+
if (!mangle_sip_packet(skb, ctinfo, ct, &dptr, skb->len - dataoff,
213
213
buffer, bufflen, POS_MEDIA))
214
214
return 0;
215
215
216
-
return mangle_content_len(pskb, ctinfo, ct, dptr);
216
+
return mangle_content_len(skb, ctinfo, ct, dptr);
217
217
}
218
218
219
219
static void ip_nat_sdp_expect(struct nf_conn *ct,
···
241
241
242
242
/* So, this packet has hit the connection tracking matching code.
243
243
Mangle it, and change the expectation to match the new version. */
244
-
static unsigned int ip_nat_sdp(struct sk_buff **pskb,
244
+
static unsigned int ip_nat_sdp(struct sk_buff *skb,
245
245
enum ip_conntrack_info ctinfo,
246
246
struct nf_conntrack_expect *exp,
247
247
const char *dptr)
···
277
277
if (port == 0)
278
278
return NF_DROP;
279
279
280
-
if (!mangle_sdp(pskb, ctinfo, ct, newip, port, dptr)) {
280
+
if (!mangle_sdp(skb, ctinfo, ct, newip, port, dptr)) {
281
281
nf_ct_unexpect_related(exp);
282
282
return NF_DROP;
283
283
}
+7
-7
net/ipv4/netfilter/nf_nat_snmp_basic.c
+7
-7
net/ipv4/netfilter/nf_nat_snmp_basic.c
···
1188
1188
*/
1189
1189
static int snmp_translate(struct nf_conn *ct,
1190
1190
enum ip_conntrack_info ctinfo,
1191
-
struct sk_buff **pskb)
1191
+
struct sk_buff *skb)
1192
1192
{
1193
-
struct iphdr *iph = ip_hdr(*pskb);
1193
+
struct iphdr *iph = ip_hdr(skb);
1194
1194
struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl);
1195
1195
u_int16_t udplen = ntohs(udph->len);
1196
1196
u_int16_t paylen = udplen - sizeof(struct udphdr);
···
1225
1225
1226
1226
/* We don't actually set up expectations, just adjust internal IP
1227
1227
* addresses if this is being NATted */
1228
-
static int help(struct sk_buff **pskb, unsigned int protoff,
1228
+
static int help(struct sk_buff *skb, unsigned int protoff,
1229
1229
struct nf_conn *ct,
1230
1230
enum ip_conntrack_info ctinfo)
1231
1231
{
1232
1232
int dir = CTINFO2DIR(ctinfo);
1233
1233
unsigned int ret;
1234
-
struct iphdr *iph = ip_hdr(*pskb);
1234
+
struct iphdr *iph = ip_hdr(skb);
1235
1235
struct udphdr *udph = (struct udphdr *)((u_int32_t *)iph + iph->ihl);
1236
1236
1237
1237
/* SNMP replies and originating SNMP traps get mangled */
···
1250
1250
* enough room for a UDP header. Just verify the UDP length field so we
1251
1251
* can mess around with the payload.
1252
1252
*/
1253
-
if (ntohs(udph->len) != (*pskb)->len - (iph->ihl << 2)) {
1253
+
if (ntohs(udph->len) != skb->len - (iph->ihl << 2)) {
1254
1254
if (net_ratelimit())
1255
1255
printk(KERN_WARNING "SNMP: dropping malformed packet "
1256
1256
"src=%u.%u.%u.%u dst=%u.%u.%u.%u\n",
···
1258
1258
return NF_DROP;
1259
1259
}
1260
1260
1261
-
if (!skb_make_writable(pskb, (*pskb)->len))
1261
+
if (!skb_make_writable(skb, skb->len))
1262
1262
return NF_DROP;
1263
1263
1264
1264
spin_lock_bh(&snmp_lock);
1265
-
ret = snmp_translate(ct, ctinfo, pskb);
1265
+
ret = snmp_translate(ct, ctinfo, skb);
1266
1266
spin_unlock_bh(&snmp_lock);
1267
1267
return ret;
1268
1268
}
+31
-31
net/ipv4/netfilter/nf_nat_standalone.c
+31
-31
net/ipv4/netfilter/nf_nat_standalone.c
···
67
67
68
68
static unsigned int
69
69
nf_nat_fn(unsigned int hooknum,
70
-
struct sk_buff **pskb,
70
+
struct sk_buff *skb,
71
71
const struct net_device *in,
72
72
const struct net_device *out,
73
73
int (*okfn)(struct sk_buff *))
···
80
80
81
81
/* We never see fragments: conntrack defrags on pre-routing
82
82
and local-out, and nf_nat_out protects post-routing. */
83
-
NF_CT_ASSERT(!(ip_hdr(*pskb)->frag_off & htons(IP_MF | IP_OFFSET)));
83
+
NF_CT_ASSERT(!(ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)));
84
84
85
-
ct = nf_ct_get(*pskb, &ctinfo);
85
+
ct = nf_ct_get(skb, &ctinfo);
86
86
/* Can't track? It's not due to stress, or conntrack would
87
87
have dropped it. Hence it's the user's responsibilty to
88
88
packet filter it out, or implement conntrack/NAT for that
···
91
91
/* Exception: ICMP redirect to new connection (not in
92
92
hash table yet). We must not let this through, in
93
93
case we're doing NAT to the same network. */
94
-
if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP) {
94
+
if (ip_hdr(skb)->protocol == IPPROTO_ICMP) {
95
95
struct icmphdr _hdr, *hp;
96
96
97
-
hp = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
97
+
hp = skb_header_pointer(skb, ip_hdrlen(skb),
98
98
sizeof(_hdr), &_hdr);
99
99
if (hp != NULL &&
100
100
hp->type == ICMP_REDIRECT)
···
119
119
switch (ctinfo) {
120
120
case IP_CT_RELATED:
121
121
case IP_CT_RELATED+IP_CT_IS_REPLY:
122
-
if (ip_hdr(*pskb)->protocol == IPPROTO_ICMP) {
122
+
if (ip_hdr(skb)->protocol == IPPROTO_ICMP) {
123
123
if (!nf_nat_icmp_reply_translation(ct, ctinfo,
124
-
hooknum, pskb))
124
+
hooknum, skb))
125
125
return NF_DROP;
126
126
else
127
127
return NF_ACCEPT;
···
141
141
/* LOCAL_IN hook doesn't have a chain! */
142
142
ret = alloc_null_binding(ct, hooknum);
143
143
else
144
-
ret = nf_nat_rule_find(pskb, hooknum, in, out,
144
+
ret = nf_nat_rule_find(skb, hooknum, in, out,
145
145
ct);
146
146
147
147
if (ret != NF_ACCEPT) {
···
159
159
ctinfo == (IP_CT_ESTABLISHED+IP_CT_IS_REPLY));
160
160
}
161
161
162
-
return nf_nat_packet(ct, ctinfo, hooknum, pskb);
162
+
return nf_nat_packet(ct, ctinfo, hooknum, skb);
163
163
}
164
164
165
165
static unsigned int
166
166
nf_nat_in(unsigned int hooknum,
167
-
struct sk_buff **pskb,
167
+
struct sk_buff *skb,
168
168
const struct net_device *in,
169
169
const struct net_device *out,
170
170
int (*okfn)(struct sk_buff *))
171
171
{
172
172
unsigned int ret;
173
-
__be32 daddr = ip_hdr(*pskb)->daddr;
173
+
__be32 daddr = ip_hdr(skb)->daddr;
174
174
175
-
ret = nf_nat_fn(hooknum, pskb, in, out, okfn);
175
+
ret = nf_nat_fn(hooknum, skb, in, out, okfn);
176
176
if (ret != NF_DROP && ret != NF_STOLEN &&
177
-
daddr != ip_hdr(*pskb)->daddr) {
178
-
dst_release((*pskb)->dst);
179
-
(*pskb)->dst = NULL;
177
+
daddr != ip_hdr(skb)->daddr) {
178
+
dst_release(skb->dst);
179
+
skb->dst = NULL;
180
180
}
181
181
return ret;
182
182
}
183
183
184
184
static unsigned int
185
185
nf_nat_out(unsigned int hooknum,
186
-
struct sk_buff **pskb,
186
+
struct sk_buff *skb,
187
187
const struct net_device *in,
188
188
const struct net_device *out,
189
189
int (*okfn)(struct sk_buff *))
···
195
195
unsigned int ret;
196
196
197
197
/* root is playing with raw sockets. */
198
-
if ((*pskb)->len < sizeof(struct iphdr) ||
199
-
ip_hdrlen(*pskb) < sizeof(struct iphdr))
198
+
if (skb->len < sizeof(struct iphdr) ||
199
+
ip_hdrlen(skb) < sizeof(struct iphdr))
200
200
return NF_ACCEPT;
201
201
202
-
ret = nf_nat_fn(hooknum, pskb, in, out, okfn);
202
+
ret = nf_nat_fn(hooknum, skb, in, out, okfn);
203
203
#ifdef CONFIG_XFRM
204
204
if (ret != NF_DROP && ret != NF_STOLEN &&
205
-
(ct = nf_ct_get(*pskb, &ctinfo)) != NULL) {
205
+
(ct = nf_ct_get(skb, &ctinfo)) != NULL) {
206
206
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
207
207
208
208
if (ct->tuplehash[dir].tuple.src.u3.ip !=
···
210
210
|| ct->tuplehash[dir].tuple.src.u.all !=
211
211
ct->tuplehash[!dir].tuple.dst.u.all
212
212
)
213
-
return ip_xfrm_me_harder(pskb) == 0 ? ret : NF_DROP;
213
+
return ip_xfrm_me_harder(skb) == 0 ? ret : NF_DROP;
214
214
}
215
215
#endif
216
216
return ret;
···
218
218
219
219
static unsigned int
220
220
nf_nat_local_fn(unsigned int hooknum,
221
-
struct sk_buff **pskb,
221
+
struct sk_buff *skb,
222
222
const struct net_device *in,
223
223
const struct net_device *out,
224
224
int (*okfn)(struct sk_buff *))
···
228
228
unsigned int ret;
229
229
230
230
/* root is playing with raw sockets. */
231
-
if ((*pskb)->len < sizeof(struct iphdr) ||
232
-
ip_hdrlen(*pskb) < sizeof(struct iphdr))
231
+
if (skb->len < sizeof(struct iphdr) ||
232
+
ip_hdrlen(skb) < sizeof(struct iphdr))
233
233
return NF_ACCEPT;
234
234
235
-
ret = nf_nat_fn(hooknum, pskb, in, out, okfn);
235
+
ret = nf_nat_fn(hooknum, skb, in, out, okfn);
236
236
if (ret != NF_DROP && ret != NF_STOLEN &&
237
-
(ct = nf_ct_get(*pskb, &ctinfo)) != NULL) {
237
+
(ct = nf_ct_get(skb, &ctinfo)) != NULL) {
238
238
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
239
239
240
240
if (ct->tuplehash[dir].tuple.dst.u3.ip !=
241
241
ct->tuplehash[!dir].tuple.src.u3.ip) {
242
-
if (ip_route_me_harder(pskb, RTN_UNSPEC))
242
+
if (ip_route_me_harder(skb, RTN_UNSPEC))
243
243
ret = NF_DROP;
244
244
}
245
245
#ifdef CONFIG_XFRM
246
246
else if (ct->tuplehash[dir].tuple.dst.u.all !=
247
247
ct->tuplehash[!dir].tuple.src.u.all)
248
-
if (ip_xfrm_me_harder(pskb))
248
+
if (ip_xfrm_me_harder(skb))
249
249
ret = NF_DROP;
250
250
#endif
251
251
}
···
254
254
255
255
static unsigned int
256
256
nf_nat_adjust(unsigned int hooknum,
257
-
struct sk_buff **pskb,
257
+
struct sk_buff *skb,
258
258
const struct net_device *in,
259
259
const struct net_device *out,
260
260
int (*okfn)(struct sk_buff *))
···
262
262
struct nf_conn *ct;
263
263
enum ip_conntrack_info ctinfo;
264
264
265
-
ct = nf_ct_get(*pskb, &ctinfo);
265
+
ct = nf_ct_get(skb, &ctinfo);
266
266
if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) {
267
267
pr_debug("nf_nat_standalone: adjusting sequence number\n");
268
-
if (!nf_nat_seq_adjust(pskb, ct, ctinfo))
268
+
if (!nf_nat_seq_adjust(skb, ct, ctinfo))
269
269
return NF_DROP;
270
270
}
271
271
return NF_ACCEPT;
+1
-1
net/ipv4/netfilter/nf_nat_tftp.c
+1
-1
net/ipv4/netfilter/nf_nat_tftp.c
+2
-2
net/ipv4/proc.c
+2
-2
net/ipv4/proc.c
···
70
70
seq_printf(seq, "UDP: inuse %d\n", fold_prot_inuse(&udp_prot));
71
71
seq_printf(seq, "UDPLITE: inuse %d\n", fold_prot_inuse(&udplite_prot));
72
72
seq_printf(seq, "RAW: inuse %d\n", fold_prot_inuse(&raw_prot));
73
-
seq_printf(seq, "FRAG: inuse %d memory %d\n", ip_frag_nqueues,
74
-
atomic_read(&ip_frag_mem));
73
+
seq_printf(seq, "FRAG: inuse %d memory %d\n",
74
+
ip_frag_nqueues(), ip_frag_mem());
75
75
return 0;
76
76
}
77
77
+5
-4
net/ipv4/sysctl_net_ipv4.c
+5
-4
net/ipv4/sysctl_net_ipv4.c
···
19
19
#include <net/route.h>
20
20
#include <net/tcp.h>
21
21
#include <net/cipso_ipv4.h>
22
+
#include <net/inet_frag.h>
22
23
23
24
/* From af_inet.c */
24
25
extern int sysctl_ip_nonlocal_bind;
···
358
357
{
359
358
.ctl_name = NET_IPV4_IPFRAG_HIGH_THRESH,
360
359
.procname = "ipfrag_high_thresh",
361
-
.data = &sysctl_ipfrag_high_thresh,
360
+
.data = &ip4_frags_ctl.high_thresh,
362
361
.maxlen = sizeof(int),
363
362
.mode = 0644,
364
363
.proc_handler = &proc_dointvec
···
366
365
{
367
366
.ctl_name = NET_IPV4_IPFRAG_LOW_THRESH,
368
367
.procname = "ipfrag_low_thresh",
369
-
.data = &sysctl_ipfrag_low_thresh,
368
+
.data = &ip4_frags_ctl.low_thresh,
370
369
.maxlen = sizeof(int),
371
370
.mode = 0644,
372
371
.proc_handler = &proc_dointvec
···
382
381
{
383
382
.ctl_name = NET_IPV4_IPFRAG_TIME,
384
383
.procname = "ipfrag_time",
385
-
.data = &sysctl_ipfrag_time,
384
+
.data = &ip4_frags_ctl.timeout,
386
385
.maxlen = sizeof(int),
387
386
.mode = 0644,
388
387
.proc_handler = &proc_dointvec_jiffies,
···
733
732
{
734
733
.ctl_name = NET_IPV4_IPFRAG_SECRET_INTERVAL,
735
734
.procname = "ipfrag_secret_interval",
736
-
.data = &sysctl_ipfrag_secret_interval,
735
+
.data = &ip4_frags_ctl.secret_interval,
737
736
.maxlen = sizeof(int),
738
737
.mode = 0644,
739
738
.proc_handler = &proc_dointvec_jiffies,
+5
-6
net/ipv4/tcp_input.c
+5
-6
net/ipv4/tcp_input.c
···
1995
1995
}
1996
1996
1997
1997
/* Mark head of queue up as lost. */
1998
-
static void tcp_mark_head_lost(struct sock *sk,
1999
-
int packets, u32 high_seq)
1998
+
static void tcp_mark_head_lost(struct sock *sk, int packets)
2000
1999
{
2001
2000
struct tcp_sock *tp = tcp_sk(sk);
2002
2001
struct sk_buff *skb;
···
2018
2019
tp->lost_skb_hint = skb;
2019
2020
tp->lost_cnt_hint = cnt;
2020
2021
cnt += tcp_skb_pcount(skb);
2021
-
if (cnt > packets || after(TCP_SKB_CB(skb)->end_seq, high_seq))
2022
+
if (cnt > packets || after(TCP_SKB_CB(skb)->end_seq, tp->high_seq))
2022
2023
break;
2023
2024
if (!(TCP_SKB_CB(skb)->sacked & (TCPCB_SACKED_ACKED|TCPCB_LOST))) {
2024
2025
TCP_SKB_CB(skb)->sacked |= TCPCB_LOST;
···
2039
2040
int lost = tp->fackets_out - tp->reordering;
2040
2041
if (lost <= 0)
2041
2042
lost = 1;
2042
-
tcp_mark_head_lost(sk, lost, tp->high_seq);
2043
+
tcp_mark_head_lost(sk, lost);
2043
2044
} else {
2044
-
tcp_mark_head_lost(sk, 1, tp->high_seq);
2045
+
tcp_mark_head_lost(sk, 1);
2045
2046
}
2046
2047
2047
2048
/* New heuristics: it is possible only after we switched
···
2380
2381
before(tp->snd_una, tp->high_seq) &&
2381
2382
icsk->icsk_ca_state != TCP_CA_Open &&
2382
2383
tp->fackets_out > tp->reordering) {
2383
-
tcp_mark_head_lost(sk, tp->fackets_out-tp->reordering, tp->high_seq);
2384
+
tcp_mark_head_lost(sk, tp->fackets_out - tp->reordering);
2384
2385
NET_INC_STATS_BH(LINUX_MIB_TCPLOSS);
2385
2386
}
2386
2387
+2
-2
net/ipv4/xfrm4_output.c
+2
-2
net/ipv4/xfrm4_output.c
···
78
78
while (likely((err = xfrm4_output_one(skb)) == 0)) {
79
79
nf_reset(skb);
80
80
81
-
err = nf_hook(PF_INET, NF_IP_LOCAL_OUT, &skb, NULL,
81
+
err = nf_hook(PF_INET, NF_IP_LOCAL_OUT, skb, NULL,
82
82
skb->dst->dev, dst_output);
83
83
if (unlikely(err != 1))
84
84
break;
···
86
86
if (!skb->dst->xfrm)
87
87
return dst_output(skb);
88
88
89
-
err = nf_hook(PF_INET, NF_IP_POST_ROUTING, &skb, NULL,
89
+
err = nf_hook(PF_INET, NF_IP_POST_ROUTING, skb, NULL,
90
90
skb->dst->dev, xfrm4_output_finish2);
91
91
if (unlikely(err != 1))
92
92
break;
+19
-45
net/ipv6/exthdrs.c
+19
-45
net/ipv6/exthdrs.c
···
102
102
103
103
struct tlvtype_proc {
104
104
int type;
105
-
int (*func)(struct sk_buff **skbp, int offset);
105
+
int (*func)(struct sk_buff *skb, int offset);
106
106
};
107
107
108
108
/*********************
···
111
111
112
112
/* An unknown option is detected, decide what to do */
113
113
114
-
static int ip6_tlvopt_unknown(struct sk_buff **skbp, int optoff)
114
+
static int ip6_tlvopt_unknown(struct sk_buff *skb, int optoff)
115
115
{
116
-
struct sk_buff *skb = *skbp;
117
-
118
116
switch ((skb_network_header(skb)[optoff] & 0xC0) >> 6) {
119
117
case 0: /* ignore */
120
118
return 1;
···
137
139
138
140
/* Parse tlv encoded option header (hop-by-hop or destination) */
139
141
140
-
static int ip6_parse_tlv(struct tlvtype_proc *procs, struct sk_buff **skbp)
142
+
static int ip6_parse_tlv(struct tlvtype_proc *procs, struct sk_buff *skb)
141
143
{
142
-
struct sk_buff *skb = *skbp;
143
144
struct tlvtype_proc *curr;
144
145
const unsigned char *nh = skb_network_header(skb);
145
146
int off = skb_network_header_len(skb);
···
169
172
/* type specific length/alignment
170
173
checks will be performed in the
171
174
func(). */
172
-
if (curr->func(skbp, off) == 0)
175
+
if (curr->func(skb, off) == 0)
173
176
return 0;
174
177
break;
175
178
}
176
179
}
177
180
if (curr->type < 0) {
178
-
if (ip6_tlvopt_unknown(skbp, off) == 0)
181
+
if (ip6_tlvopt_unknown(skb, off) == 0)
179
182
return 0;
180
183
}
181
184
break;
···
195
198
*****************************/
196
199
197
200
#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
198
-
static int ipv6_dest_hao(struct sk_buff **skbp, int optoff)
201
+
static int ipv6_dest_hao(struct sk_buff *skb, int optoff)
199
202
{
200
-
struct sk_buff *skb = *skbp;
201
203
struct ipv6_destopt_hao *hao;
202
204
struct inet6_skb_parm *opt = IP6CB(skb);
203
205
struct ipv6hdr *ipv6h = ipv6_hdr(skb);
···
230
234
goto discard;
231
235
232
236
if (skb_cloned(skb)) {
233
-
struct sk_buff *skb2 = skb_copy(skb, GFP_ATOMIC);
234
-
struct inet6_skb_parm *opt2;
235
-
236
-
if (skb2 == NULL)
237
+
if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
237
238
goto discard;
238
239
239
-
opt2 = IP6CB(skb2);
240
-
memcpy(opt2, opt, sizeof(*opt2));
241
-
242
-
kfree_skb(skb);
243
-
244
240
/* update all variable using below by copied skbuff */
245
-
*skbp = skb = skb2;
246
-
hao = (struct ipv6_destopt_hao *)(skb_network_header(skb2) +
241
+
hao = (struct ipv6_destopt_hao *)(skb_network_header(skb) +
247
242
optoff);
248
-
ipv6h = ipv6_hdr(skb2);
243
+
ipv6h = ipv6_hdr(skb);
249
244
}
250
245
251
246
if (skb->ip_summed == CHECKSUM_COMPLETE)
···
267
280
{-1, NULL}
268
281
};
269
282
270
-
static int ipv6_destopt_rcv(struct sk_buff **skbp)
283
+
static int ipv6_destopt_rcv(struct sk_buff *skb)
271
284
{
272
-
struct sk_buff *skb = *skbp;
273
285
struct inet6_skb_parm *opt = IP6CB(skb);
274
286
#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
275
287
__u16 dstbuf;
···
290
304
#endif
291
305
292
306
dst = dst_clone(skb->dst);
293
-
if (ip6_parse_tlv(tlvprocdestopt_lst, skbp)) {
307
+
if (ip6_parse_tlv(tlvprocdestopt_lst, skb)) {
294
308
dst_release(dst);
295
-
skb = *skbp;
296
309
skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3;
297
310
opt = IP6CB(skb);
298
311
#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
···
322
337
NONE header. No data in packet.
323
338
********************************/
324
339
325
-
static int ipv6_nodata_rcv(struct sk_buff **skbp)
340
+
static int ipv6_nodata_rcv(struct sk_buff *skb)
326
341
{
327
-
struct sk_buff *skb = *skbp;
328
-
329
342
kfree_skb(skb);
330
343
return 0;
331
344
}
···
343
360
Routing header.
344
361
********************************/
345
362
346
-
static int ipv6_rthdr_rcv(struct sk_buff **skbp)
363
+
static int ipv6_rthdr_rcv(struct sk_buff *skb)
347
364
{
348
-
struct sk_buff *skb = *skbp;
349
365
struct inet6_skb_parm *opt = IP6CB(skb);
350
366
struct in6_addr *addr = NULL;
351
367
struct in6_addr daddr;
···
446
464
Do not damage packets queued somewhere.
447
465
*/
448
466
if (skb_cloned(skb)) {
449
-
struct sk_buff *skb2 = skb_copy(skb, GFP_ATOMIC);
450
467
/* the copy is a forwarded packet */
451
-
if (skb2 == NULL) {
468
+
if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) {
452
469
IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
453
470
IPSTATS_MIB_OUTDISCARDS);
454
471
kfree_skb(skb);
455
472
return -1;
456
473
}
457
-
kfree_skb(skb);
458
-
*skbp = skb = skb2;
459
-
opt = IP6CB(skb2);
460
-
hdr = (struct ipv6_rt_hdr *)skb_transport_header(skb2);
474
+
hdr = (struct ipv6_rt_hdr *)skb_transport_header(skb);
461
475
}
462
476
463
477
if (skb->ip_summed == CHECKSUM_COMPLETE)
···
556
578
557
579
/* Router Alert as of RFC 2711 */
558
580
559
-
static int ipv6_hop_ra(struct sk_buff **skbp, int optoff)
581
+
static int ipv6_hop_ra(struct sk_buff *skb, int optoff)
560
582
{
561
-
struct sk_buff *skb = *skbp;
562
583
const unsigned char *nh = skb_network_header(skb);
563
584
564
585
if (nh[optoff + 1] == 2) {
···
572
595
573
596
/* Jumbo payload */
574
597
575
-
static int ipv6_hop_jumbo(struct sk_buff **skbp, int optoff)
598
+
static int ipv6_hop_jumbo(struct sk_buff *skb, int optoff)
576
599
{
577
-
struct sk_buff *skb = *skbp;
578
600
const unsigned char *nh = skb_network_header(skb);
579
601
u32 pkt_len;
580
602
···
624
648
{ -1, }
625
649
};
626
650
627
-
int ipv6_parse_hopopts(struct sk_buff **skbp)
651
+
int ipv6_parse_hopopts(struct sk_buff *skb)
628
652
{
629
-
struct sk_buff *skb = *skbp;
630
653
struct inet6_skb_parm *opt = IP6CB(skb);
631
654
632
655
/*
···
642
667
}
643
668
644
669
opt->hop = sizeof(struct ipv6hdr);
645
-
if (ip6_parse_tlv(tlvprochopopt_lst, skbp)) {
646
-
skb = *skbp;
670
+
if (ip6_parse_tlv(tlvprochopopt_lst, skb)) {
647
671
skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3;
648
672
opt = IP6CB(skb);
649
673
opt->nhoff = sizeof(struct ipv6hdr);
+2
-3
net/ipv6/icmp.c
+2
-3
net/ipv6/icmp.c
···
82
82
static DEFINE_PER_CPU(struct socket *, __icmpv6_socket) = NULL;
83
83
#define icmpv6_socket __get_cpu_var(__icmpv6_socket)
84
84
85
-
static int icmpv6_rcv(struct sk_buff **pskb);
85
+
static int icmpv6_rcv(struct sk_buff *skb);
86
86
87
87
static struct inet6_protocol icmpv6_protocol = {
88
88
.handler = icmpv6_rcv,
···
614
614
* Handle icmp messages
615
615
*/
616
616
617
-
static int icmpv6_rcv(struct sk_buff **pskb)
617
+
static int icmpv6_rcv(struct sk_buff *skb)
618
618
{
619
-
struct sk_buff *skb = *pskb;
620
619
struct net_device *dev = skb->dev;
621
620
struct inet6_dev *idev = __in6_dev_get(dev);
622
621
struct in6_addr *saddr, *daddr;
+1
-1
net/ipv6/inet6_connection_sock.c
+1
-1
net/ipv6/inet6_connection_sock.c
+3
-3
net/ipv6/ip6_input.c
+3
-3
net/ipv6/ip6_input.c
···
125
125
}
126
126
127
127
if (hdr->nexthdr == NEXTHDR_HOP) {
128
-
if (ipv6_parse_hopopts(&skb) < 0) {
128
+
if (ipv6_parse_hopopts(skb) < 0) {
129
129
IP6_INC_STATS_BH(idev, IPSTATS_MIB_INHDRERRORS);
130
130
rcu_read_unlock();
131
131
return 0;
···
149
149
*/
150
150
151
151
152
-
static inline int ip6_input_finish(struct sk_buff *skb)
152
+
static int ip6_input_finish(struct sk_buff *skb)
153
153
{
154
154
struct inet6_protocol *ipprot;
155
155
struct sock *raw_sk;
···
199
199
!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
200
200
goto discard;
201
201
202
-
ret = ipprot->handler(&skb);
202
+
ret = ipprot->handler(skb);
203
203
if (ret > 0)
204
204
goto resubmit;
205
205
else if (ret == 0)
+1
-1
net/ipv6/ip6_output.c
+1
-1
net/ipv6/ip6_output.c
+3
-3
net/ipv6/netfilter.c
+3
-3
net/ipv6/netfilter.c
···
68
68
}
69
69
}
70
70
71
-
static int nf_ip6_reroute(struct sk_buff **pskb, const struct nf_info *info)
71
+
static int nf_ip6_reroute(struct sk_buff *skb, const struct nf_info *info)
72
72
{
73
73
struct ip6_rt_info *rt_info = nf_info_reroute(info);
74
74
75
75
if (info->hook == NF_IP6_LOCAL_OUT) {
76
-
struct ipv6hdr *iph = ipv6_hdr(*pskb);
76
+
struct ipv6hdr *iph = ipv6_hdr(skb);
77
77
if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) ||
78
78
!ipv6_addr_equal(&iph->saddr, &rt_info->saddr))
79
-
return ip6_route_me_harder(*pskb);
79
+
return ip6_route_me_harder(skb);
80
80
}
81
81
return 0;
82
82
}
+7
-13
net/ipv6/netfilter/ip6_queue.c
+7
-13
net/ipv6/netfilter/ip6_queue.c
···
332
332
ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
333
333
{
334
334
int diff;
335
+
int err;
335
336
struct ipv6hdr *user_iph = (struct ipv6hdr *)v->payload;
336
337
337
338
if (v->data_len < sizeof(*user_iph))
···
345
344
if (v->data_len > 0xFFFF)
346
345
return -EINVAL;
347
346
if (diff > skb_tailroom(e->skb)) {
348
-
struct sk_buff *newskb;
349
-
350
-
newskb = skb_copy_expand(e->skb,
351
-
skb_headroom(e->skb),
352
-
diff,
353
-
GFP_ATOMIC);
354
-
if (newskb == NULL) {
347
+
err = pskb_expand_head(e->skb, 0,
348
+
diff - skb_tailroom(e->skb),
349
+
GFP_ATOMIC);
350
+
if (err) {
355
351
printk(KERN_WARNING "ip6_queue: OOM "
356
352
"in mangle, dropping packet\n");
357
-
return -ENOMEM;
353
+
return err;
358
354
}
359
-
if (e->skb->sk)
360
-
skb_set_owner_w(newskb, e->skb->sk);
361
-
kfree_skb(e->skb);
362
-
e->skb = newskb;
363
355
}
364
356
skb_put(e->skb, diff);
365
357
}
366
-
if (!skb_make_writable(&e->skb, v->data_len))
358
+
if (!skb_make_writable(e->skb, v->data_len))
367
359
return -ENOMEM;
368
360
skb_copy_to_linear_data(e->skb, v->payload, v->data_len);
369
361
e->skb->ip_summed = CHECKSUM_NONE;
+8
-8
net/ipv6/netfilter/ip6_tables.c
+8
-8
net/ipv6/netfilter/ip6_tables.c
···
205
205
}
206
206
207
207
static unsigned int
208
-
ip6t_error(struct sk_buff **pskb,
208
+
ip6t_error(struct sk_buff *skb,
209
209
const struct net_device *in,
210
210
const struct net_device *out,
211
211
unsigned int hooknum,
···
350
350
351
351
/* Returns one of the generic firewall policies, like NF_ACCEPT. */
352
352
unsigned int
353
-
ip6t_do_table(struct sk_buff **pskb,
353
+
ip6t_do_table(struct sk_buff *skb,
354
354
unsigned int hook,
355
355
const struct net_device *in,
356
356
const struct net_device *out,
···
389
389
do {
390
390
IP_NF_ASSERT(e);
391
391
IP_NF_ASSERT(back);
392
-
if (ip6_packet_match(*pskb, indev, outdev, &e->ipv6,
392
+
if (ip6_packet_match(skb, indev, outdev, &e->ipv6,
393
393
&protoff, &offset, &hotdrop)) {
394
394
struct ip6t_entry_target *t;
395
395
396
396
if (IP6T_MATCH_ITERATE(e, do_match,
397
-
*pskb, in, out,
397
+
skb, in, out,
398
398
offset, protoff, &hotdrop) != 0)
399
399
goto no_match;
400
400
401
401
ADD_COUNTER(e->counters,
402
-
ntohs(ipv6_hdr(*pskb)->payload_len)
402
+
ntohs(ipv6_hdr(skb)->payload_len)
403
403
+ IPV6_HDR_LEN,
404
404
1);
405
405
···
409
409
#if defined(CONFIG_NETFILTER_XT_TARGET_TRACE) || \
410
410
defined(CONFIG_NETFILTER_XT_TARGET_TRACE_MODULE)
411
411
/* The packet is traced: log it */
412
-
if (unlikely((*pskb)->nf_trace))
413
-
trace_packet(*pskb, hook, in, out,
412
+
if (unlikely(skb->nf_trace))
413
+
trace_packet(skb, hook, in, out,
414
414
table->name, private, e);
415
415
#endif
416
416
/* Standard target? */
···
448
448
((struct ip6t_entry *)table_base)->comefrom
449
449
= 0xeeeeeeec;
450
450
#endif
451
-
verdict = t->u.kernel.target->target(pskb,
451
+
verdict = t->u.kernel.target->target(skb,
452
452
in, out,
453
453
hook,
454
454
t->u.kernel.target,
+3
-3
net/ipv6/netfilter/ip6t_HL.c
+3
-3
net/ipv6/netfilter/ip6t_HL.c
···
18
18
MODULE_DESCRIPTION("IP6 tables Hop Limit modification module");
19
19
MODULE_LICENSE("GPL");
20
20
21
-
static unsigned int ip6t_hl_target(struct sk_buff **pskb,
21
+
static unsigned int ip6t_hl_target(struct sk_buff *skb,
22
22
const struct net_device *in,
23
23
const struct net_device *out,
24
24
unsigned int hooknum,
···
29
29
const struct ip6t_HL_info *info = targinfo;
30
30
int new_hl;
31
31
32
-
if (!skb_make_writable(pskb, (*pskb)->len))
32
+
if (!skb_make_writable(skb, skb->len))
33
33
return NF_DROP;
34
34
35
-
ip6h = ipv6_hdr(*pskb);
35
+
ip6h = ipv6_hdr(skb);
36
36
37
37
switch (info->mode) {
38
38
case IP6T_HL_SET:
+2
-3
net/ipv6/netfilter/ip6t_LOG.c
+2
-3
net/ipv6/netfilter/ip6t_LOG.c
···
431
431
}
432
432
433
433
static unsigned int
434
-
ip6t_log_target(struct sk_buff **pskb,
434
+
ip6t_log_target(struct sk_buff *skb,
435
435
const struct net_device *in,
436
436
const struct net_device *out,
437
437
unsigned int hooknum,
···
445
445
li.u.log.level = loginfo->level;
446
446
li.u.log.logflags = loginfo->logflags;
447
447
448
-
ip6t_log_packet(PF_INET6, hooknum, *pskb, in, out, &li,
449
-
loginfo->prefix);
448
+
ip6t_log_packet(PF_INET6, hooknum, skb, in, out, &li, loginfo->prefix);
450
449
return XT_CONTINUE;
451
450
}
452
451
+7
-7
net/ipv6/netfilter/ip6t_REJECT.c
+7
-7
net/ipv6/netfilter/ip6t_REJECT.c
···
172
172
icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0, NULL);
173
173
}
174
174
175
-
static unsigned int reject6_target(struct sk_buff **pskb,
175
+
static unsigned int reject6_target(struct sk_buff *skb,
176
176
const struct net_device *in,
177
177
const struct net_device *out,
178
178
unsigned int hooknum,
···
187
187
must return an absolute verdict. --RR */
188
188
switch (reject->with) {
189
189
case IP6T_ICMP6_NO_ROUTE:
190
-
send_unreach(*pskb, ICMPV6_NOROUTE, hooknum);
190
+
send_unreach(skb, ICMPV6_NOROUTE, hooknum);
191
191
break;
192
192
case IP6T_ICMP6_ADM_PROHIBITED:
193
-
send_unreach(*pskb, ICMPV6_ADM_PROHIBITED, hooknum);
193
+
send_unreach(skb, ICMPV6_ADM_PROHIBITED, hooknum);
194
194
break;
195
195
case IP6T_ICMP6_NOT_NEIGHBOUR:
196
-
send_unreach(*pskb, ICMPV6_NOT_NEIGHBOUR, hooknum);
196
+
send_unreach(skb, ICMPV6_NOT_NEIGHBOUR, hooknum);
197
197
break;
198
198
case IP6T_ICMP6_ADDR_UNREACH:
199
-
send_unreach(*pskb, ICMPV6_ADDR_UNREACH, hooknum);
199
+
send_unreach(skb, ICMPV6_ADDR_UNREACH, hooknum);
200
200
break;
201
201
case IP6T_ICMP6_PORT_UNREACH:
202
-
send_unreach(*pskb, ICMPV6_PORT_UNREACH, hooknum);
202
+
send_unreach(skb, ICMPV6_PORT_UNREACH, hooknum);
203
203
break;
204
204
case IP6T_ICMP6_ECHOREPLY:
205
205
/* Do nothing */
206
206
break;
207
207
case IP6T_TCP_RESET:
208
-
send_reset(*pskb);
208
+
send_reset(skb);
209
209
break;
210
210
default:
211
211
if (net_ratelimit())
+6
-6
net/ipv6/netfilter/ip6table_filter.c
+6
-6
net/ipv6/netfilter/ip6table_filter.c
···
60
60
/* The work comes in here from netfilter.c. */
61
61
static unsigned int
62
62
ip6t_hook(unsigned int hook,
63
-
struct sk_buff **pskb,
63
+
struct sk_buff *skb,
64
64
const struct net_device *in,
65
65
const struct net_device *out,
66
66
int (*okfn)(struct sk_buff *))
67
67
{
68
-
return ip6t_do_table(pskb, hook, in, out, &packet_filter);
68
+
return ip6t_do_table(skb, hook, in, out, &packet_filter);
69
69
}
70
70
71
71
static unsigned int
72
72
ip6t_local_out_hook(unsigned int hook,
73
-
struct sk_buff **pskb,
73
+
struct sk_buff *skb,
74
74
const struct net_device *in,
75
75
const struct net_device *out,
76
76
int (*okfn)(struct sk_buff *))
77
77
{
78
78
#if 0
79
79
/* root is playing with raw sockets. */
80
-
if ((*pskb)->len < sizeof(struct iphdr)
81
-
|| ip_hdrlen(*pskb) < sizeof(struct iphdr)) {
80
+
if (skb->len < sizeof(struct iphdr)
81
+
|| ip_hdrlen(skb) < sizeof(struct iphdr)) {
82
82
if (net_ratelimit())
83
83
printk("ip6t_hook: happy cracking.\n");
84
84
return NF_ACCEPT;
85
85
}
86
86
#endif
87
87
88
-
return ip6t_do_table(pskb, hook, in, out, &packet_filter);
88
+
return ip6t_do_table(skb, hook, in, out, &packet_filter);
89
89
}
90
90
91
91
static struct nf_hook_ops ip6t_ops[] = {
+16
-16
net/ipv6/netfilter/ip6table_mangle.c
+16
-16
net/ipv6/netfilter/ip6table_mangle.c
···
68
68
/* The work comes in here from netfilter.c. */
69
69
static unsigned int
70
70
ip6t_route_hook(unsigned int hook,
71
-
struct sk_buff **pskb,
71
+
struct sk_buff *skb,
72
72
const struct net_device *in,
73
73
const struct net_device *out,
74
74
int (*okfn)(struct sk_buff *))
75
75
{
76
-
return ip6t_do_table(pskb, hook, in, out, &packet_mangler);
76
+
return ip6t_do_table(skb, hook, in, out, &packet_mangler);
77
77
}
78
78
79
79
static unsigned int
80
80
ip6t_local_hook(unsigned int hook,
81
-
struct sk_buff **pskb,
81
+
struct sk_buff *skb,
82
82
const struct net_device *in,
83
83
const struct net_device *out,
84
84
int (*okfn)(struct sk_buff *))
···
91
91
92
92
#if 0
93
93
/* root is playing with raw sockets. */
94
-
if ((*pskb)->len < sizeof(struct iphdr)
95
-
|| ip_hdrlen(*pskb) < sizeof(struct iphdr)) {
94
+
if (skb->len < sizeof(struct iphdr)
95
+
|| ip_hdrlen(skb) < sizeof(struct iphdr)) {
96
96
if (net_ratelimit())
97
97
printk("ip6t_hook: happy cracking.\n");
98
98
return NF_ACCEPT;
···
100
100
#endif
101
101
102
102
/* save source/dest address, mark, hoplimit, flowlabel, priority, */
103
-
memcpy(&saddr, &ipv6_hdr(*pskb)->saddr, sizeof(saddr));
104
-
memcpy(&daddr, &ipv6_hdr(*pskb)->daddr, sizeof(daddr));
105
-
mark = (*pskb)->mark;
106
-
hop_limit = ipv6_hdr(*pskb)->hop_limit;
103
+
memcpy(&saddr, &ipv6_hdr(skb)->saddr, sizeof(saddr));
104
+
memcpy(&daddr, &ipv6_hdr(skb)->daddr, sizeof(daddr));
105
+
mark = skb->mark;
106
+
hop_limit = ipv6_hdr(skb)->hop_limit;
107
107
108
108
/* flowlabel and prio (includes version, which shouldn't change either */
109
-
flowlabel = *((u_int32_t *)ipv6_hdr(*pskb));
109
+
flowlabel = *((u_int32_t *)ipv6_hdr(skb));
110
110
111
-
ret = ip6t_do_table(pskb, hook, in, out, &packet_mangler);
111
+
ret = ip6t_do_table(skb, hook, in, out, &packet_mangler);
112
112
113
113
if (ret != NF_DROP && ret != NF_STOLEN
114
-
&& (memcmp(&ipv6_hdr(*pskb)->saddr, &saddr, sizeof(saddr))
115
-
|| memcmp(&ipv6_hdr(*pskb)->daddr, &daddr, sizeof(daddr))
116
-
|| (*pskb)->mark != mark
117
-
|| ipv6_hdr(*pskb)->hop_limit != hop_limit))
118
-
return ip6_route_me_harder(*pskb) == 0 ? ret : NF_DROP;
114
+
&& (memcmp(&ipv6_hdr(skb)->saddr, &saddr, sizeof(saddr))
115
+
|| memcmp(&ipv6_hdr(skb)->daddr, &daddr, sizeof(daddr))
116
+
|| skb->mark != mark
117
+
|| ipv6_hdr(skb)->hop_limit != hop_limit))
118
+
return ip6_route_me_harder(skb) == 0 ? ret : NF_DROP;
119
119
120
120
return ret;
121
121
}
+2
-2
net/ipv6/netfilter/ip6table_raw.c
+2
-2
net/ipv6/netfilter/ip6table_raw.c
···
46
46
/* The work comes in here from netfilter.c. */
47
47
static unsigned int
48
48
ip6t_hook(unsigned int hook,
49
-
struct sk_buff **pskb,
49
+
struct sk_buff *skb,
50
50
const struct net_device *in,
51
51
const struct net_device *out,
52
52
int (*okfn)(struct sk_buff *))
53
53
{
54
-
return ip6t_do_table(pskb, hook, in, out, &packet_raw);
54
+
return ip6t_do_table(skb, hook, in, out, &packet_raw);
55
55
}
56
56
57
57
static struct nf_hook_ops ip6t_ops[] = {
+26
-25
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+26
-25
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
···
18
18
#include <linux/icmp.h>
19
19
#include <linux/sysctl.h>
20
20
#include <net/ipv6.h>
21
+
#include <net/inet_frag.h>
21
22
22
23
#include <linux/netfilter_ipv6.h>
23
24
#include <net/netfilter/nf_conntrack.h>
···
146
145
}
147
146
148
147
static unsigned int ipv6_confirm(unsigned int hooknum,
149
-
struct sk_buff **pskb,
148
+
struct sk_buff *skb,
150
149
const struct net_device *in,
151
150
const struct net_device *out,
152
151
int (*okfn)(struct sk_buff *))
···
156
155
struct nf_conntrack_helper *helper;
157
156
enum ip_conntrack_info ctinfo;
158
157
unsigned int ret, protoff;
159
-
unsigned int extoff = (u8 *)(ipv6_hdr(*pskb) + 1) - (*pskb)->data;
160
-
unsigned char pnum = ipv6_hdr(*pskb)->nexthdr;
158
+
unsigned int extoff = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
159
+
unsigned char pnum = ipv6_hdr(skb)->nexthdr;
161
160
162
161
163
162
/* This is where we call the helper: as the packet goes out. */
164
-
ct = nf_ct_get(*pskb, &ctinfo);
163
+
ct = nf_ct_get(skb, &ctinfo);
165
164
if (!ct || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)
166
165
goto out;
167
166
···
173
172
if (!helper)
174
173
goto out;
175
174
176
-
protoff = nf_ct_ipv6_skip_exthdr(*pskb, extoff, &pnum,
177
-
(*pskb)->len - extoff);
178
-
if (protoff > (*pskb)->len || pnum == NEXTHDR_FRAGMENT) {
175
+
protoff = nf_ct_ipv6_skip_exthdr(skb, extoff, &pnum,
176
+
skb->len - extoff);
177
+
if (protoff > skb->len || pnum == NEXTHDR_FRAGMENT) {
179
178
pr_debug("proto header not found\n");
180
179
return NF_ACCEPT;
181
180
}
182
181
183
-
ret = helper->help(pskb, protoff, ct, ctinfo);
182
+
ret = helper->help(skb, protoff, ct, ctinfo);
184
183
if (ret != NF_ACCEPT)
185
184
return ret;
186
185
out:
187
186
/* We've seen it coming out the other side: confirm it */
188
-
return nf_conntrack_confirm(pskb);
187
+
return nf_conntrack_confirm(skb);
189
188
}
190
189
191
190
static unsigned int ipv6_defrag(unsigned int hooknum,
192
-
struct sk_buff **pskb,
191
+
struct sk_buff *skb,
193
192
const struct net_device *in,
194
193
const struct net_device *out,
195
194
int (*okfn)(struct sk_buff *))
···
197
196
struct sk_buff *reasm;
198
197
199
198
/* Previously seen (loopback)? */
200
-
if ((*pskb)->nfct)
199
+
if (skb->nfct)
201
200
return NF_ACCEPT;
202
201
203
-
reasm = nf_ct_frag6_gather(*pskb);
202
+
reasm = nf_ct_frag6_gather(skb);
204
203
205
204
/* queued */
206
205
if (reasm == NULL)
207
206
return NF_STOLEN;
208
207
209
208
/* error occured or not fragmented */
210
-
if (reasm == *pskb)
209
+
if (reasm == skb)
211
210
return NF_ACCEPT;
212
211
213
212
nf_ct_frag6_output(hooknum, reasm, (struct net_device *)in,
···
217
216
}
218
217
219
218
static unsigned int ipv6_conntrack_in(unsigned int hooknum,
220
-
struct sk_buff **pskb,
219
+
struct sk_buff *skb,
221
220
const struct net_device *in,
222
221
const struct net_device *out,
223
222
int (*okfn)(struct sk_buff *))
224
223
{
225
-
struct sk_buff *reasm = (*pskb)->nfct_reasm;
224
+
struct sk_buff *reasm = skb->nfct_reasm;
226
225
227
226
/* This packet is fragmented and has reassembled packet. */
228
227
if (reasm) {
···
230
229
if (!reasm->nfct) {
231
230
unsigned int ret;
232
231
233
-
ret = nf_conntrack_in(PF_INET6, hooknum, &reasm);
232
+
ret = nf_conntrack_in(PF_INET6, hooknum, reasm);
234
233
if (ret != NF_ACCEPT)
235
234
return ret;
236
235
}
237
236
nf_conntrack_get(reasm->nfct);
238
-
(*pskb)->nfct = reasm->nfct;
239
-
(*pskb)->nfctinfo = reasm->nfctinfo;
237
+
skb->nfct = reasm->nfct;
238
+
skb->nfctinfo = reasm->nfctinfo;
240
239
return NF_ACCEPT;
241
240
}
242
241
243
-
return nf_conntrack_in(PF_INET6, hooknum, pskb);
242
+
return nf_conntrack_in(PF_INET6, hooknum, skb);
244
243
}
245
244
246
245
static unsigned int ipv6_conntrack_local(unsigned int hooknum,
247
-
struct sk_buff **pskb,
246
+
struct sk_buff *skb,
248
247
const struct net_device *in,
249
248
const struct net_device *out,
250
249
int (*okfn)(struct sk_buff *))
251
250
{
252
251
/* root is playing with raw sockets. */
253
-
if ((*pskb)->len < sizeof(struct ipv6hdr)) {
252
+
if (skb->len < sizeof(struct ipv6hdr)) {
254
253
if (net_ratelimit())
255
254
printk("ipv6_conntrack_local: packet too short\n");
256
255
return NF_ACCEPT;
257
256
}
258
-
return ipv6_conntrack_in(hooknum, pskb, in, out, okfn);
257
+
return ipv6_conntrack_in(hooknum, skb, in, out, okfn);
259
258
}
260
259
261
260
static struct nf_hook_ops ipv6_conntrack_ops[] = {
···
308
307
{
309
308
.ctl_name = NET_NF_CONNTRACK_FRAG6_TIMEOUT,
310
309
.procname = "nf_conntrack_frag6_timeout",
311
-
.data = &nf_ct_frag6_timeout,
310
+
.data = &nf_frags_ctl.timeout,
312
311
.maxlen = sizeof(unsigned int),
313
312
.mode = 0644,
314
313
.proc_handler = &proc_dointvec_jiffies,
···
316
315
{
317
316
.ctl_name = NET_NF_CONNTRACK_FRAG6_LOW_THRESH,
318
317
.procname = "nf_conntrack_frag6_low_thresh",
319
-
.data = &nf_ct_frag6_low_thresh,
318
+
.data = &nf_frags_ctl.low_thresh,
320
319
.maxlen = sizeof(unsigned int),
321
320
.mode = 0644,
322
321
.proc_handler = &proc_dointvec,
···
324
323
{
325
324
.ctl_name = NET_NF_CONNTRACK_FRAG6_HIGH_THRESH,
326
325
.procname = "nf_conntrack_frag6_high_thresh",
327
-
.data = &nf_ct_frag6_high_thresh,
326
+
.data = &nf_frags_ctl.high_thresh,
328
327
.maxlen = sizeof(unsigned int),
329
328
.mode = 0644,
330
329
.proc_handler = &proc_dointvec,
+101
-213
net/ipv6/netfilter/nf_conntrack_reasm.c
+101
-213
net/ipv6/netfilter/nf_conntrack_reasm.c
···
31
31
32
32
#include <net/sock.h>
33
33
#include <net/snmp.h>
34
+
#include <net/inet_frag.h>
34
35
35
36
#include <net/ipv6.h>
36
37
#include <net/protocol.h>
···
49
48
#define NF_CT_FRAG6_LOW_THRESH 196608 /* == 192*1024 */
50
49
#define NF_CT_FRAG6_TIMEOUT IPV6_FRAG_TIMEOUT
51
50
52
-
unsigned int nf_ct_frag6_high_thresh __read_mostly = 256*1024;
53
-
unsigned int nf_ct_frag6_low_thresh __read_mostly = 192*1024;
54
-
unsigned long nf_ct_frag6_timeout __read_mostly = IPV6_FRAG_TIMEOUT;
55
-
56
51
struct nf_ct_frag6_skb_cb
57
52
{
58
53
struct inet6_skb_parm h;
···
60
63
61
64
struct nf_ct_frag6_queue
62
65
{
63
-
struct hlist_node list;
64
-
struct list_head lru_list; /* lru list member */
66
+
struct inet_frag_queue q;
65
67
66
68
__be32 id; /* fragment id */
67
69
struct in6_addr saddr;
68
70
struct in6_addr daddr;
69
71
70
-
spinlock_t lock;
71
-
atomic_t refcnt;
72
-
struct timer_list timer; /* expire timer */
73
-
struct sk_buff *fragments;
74
-
int len;
75
-
int meat;
76
-
ktime_t stamp;
77
72
unsigned int csum;
78
-
__u8 last_in; /* has first/last segment arrived? */
79
-
#define COMPLETE 4
80
-
#define FIRST_IN 2
81
-
#define LAST_IN 1
82
73
__u16 nhoffset;
83
74
};
84
75
85
-
/* Hash table. */
76
+
struct inet_frags_ctl nf_frags_ctl __read_mostly = {
77
+
.high_thresh = 256 * 1024,
78
+
.low_thresh = 192 * 1024,
79
+
.timeout = IPV6_FRAG_TIMEOUT,
80
+
.secret_interval = 10 * 60 * HZ,
81
+
};
86
82
87
-
#define FRAG6Q_HASHSZ 64
88
-
89
-
static struct hlist_head nf_ct_frag6_hash[FRAG6Q_HASHSZ];
90
-
static DEFINE_RWLOCK(nf_ct_frag6_lock);
91
-
static u32 nf_ct_frag6_hash_rnd;
92
-
static LIST_HEAD(nf_ct_frag6_lru_list);
93
-
int nf_ct_frag6_nqueues = 0;
94
-
95
-
static __inline__ void __fq_unlink(struct nf_ct_frag6_queue *fq)
96
-
{
97
-
hlist_del(&fq->list);
98
-
list_del(&fq->lru_list);
99
-
nf_ct_frag6_nqueues--;
100
-
}
101
-
102
-
static __inline__ void fq_unlink(struct nf_ct_frag6_queue *fq)
103
-
{
104
-
write_lock(&nf_ct_frag6_lock);
105
-
__fq_unlink(fq);
106
-
write_unlock(&nf_ct_frag6_lock);
107
-
}
83
+
static struct inet_frags nf_frags;
108
84
109
85
static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr,
110
86
struct in6_addr *daddr)
···
90
120
91
121
a += JHASH_GOLDEN_RATIO;
92
122
b += JHASH_GOLDEN_RATIO;
93
-
c += nf_ct_frag6_hash_rnd;
123
+
c += nf_frags.rnd;
94
124
__jhash_mix(a, b, c);
95
125
96
126
a += (__force u32)saddr->s6_addr32[3];
···
103
133
c += (__force u32)id;
104
134
__jhash_mix(a, b, c);
105
135
106
-
return c & (FRAG6Q_HASHSZ - 1);
136
+
return c & (INETFRAGS_HASHSZ - 1);
107
137
}
108
138
109
-
static struct timer_list nf_ct_frag6_secret_timer;
110
-
int nf_ct_frag6_secret_interval = 10 * 60 * HZ;
111
-
112
-
static void nf_ct_frag6_secret_rebuild(unsigned long dummy)
139
+
static unsigned int nf_hashfn(struct inet_frag_queue *q)
113
140
{
114
-
unsigned long now = jiffies;
115
-
int i;
141
+
struct nf_ct_frag6_queue *nq;
116
142
117
-
write_lock(&nf_ct_frag6_lock);
118
-
get_random_bytes(&nf_ct_frag6_hash_rnd, sizeof(u32));
119
-
for (i = 0; i < FRAG6Q_HASHSZ; i++) {
120
-
struct nf_ct_frag6_queue *q;
121
-
struct hlist_node *p, *n;
122
-
123
-
hlist_for_each_entry_safe(q, p, n, &nf_ct_frag6_hash[i], list) {
124
-
unsigned int hval = ip6qhashfn(q->id,
125
-
&q->saddr,
126
-
&q->daddr);
127
-
if (hval != i) {
128
-
hlist_del(&q->list);
129
-
/* Relink to new hash chain. */
130
-
hlist_add_head(&q->list,
131
-
&nf_ct_frag6_hash[hval]);
132
-
}
133
-
}
134
-
}
135
-
write_unlock(&nf_ct_frag6_lock);
136
-
137
-
mod_timer(&nf_ct_frag6_secret_timer, now + nf_ct_frag6_secret_interval);
143
+
nq = container_of(q, struct nf_ct_frag6_queue, q);
144
+
return ip6qhashfn(nq->id, &nq->saddr, &nq->daddr);
138
145
}
139
146
140
-
atomic_t nf_ct_frag6_mem = ATOMIC_INIT(0);
147
+
static void nf_skb_free(struct sk_buff *skb)
148
+
{
149
+
if (NFCT_FRAG6_CB(skb)->orig)
150
+
kfree_skb(NFCT_FRAG6_CB(skb)->orig);
151
+
}
141
152
142
153
/* Memory Tracking Functions. */
143
154
static inline void frag_kfree_skb(struct sk_buff *skb, unsigned int *work)
144
155
{
145
156
if (work)
146
157
*work -= skb->truesize;
147
-
atomic_sub(skb->truesize, &nf_ct_frag6_mem);
148
-
if (NFCT_FRAG6_CB(skb)->orig)
149
-
kfree_skb(NFCT_FRAG6_CB(skb)->orig);
150
-
158
+
atomic_sub(skb->truesize, &nf_frags.mem);
159
+
nf_skb_free(skb);
151
160
kfree_skb(skb);
152
161
}
153
162
154
-
static inline void frag_free_queue(struct nf_ct_frag6_queue *fq,
155
-
unsigned int *work)
163
+
static void nf_frag_free(struct inet_frag_queue *q)
156
164
{
157
-
if (work)
158
-
*work -= sizeof(struct nf_ct_frag6_queue);
159
-
atomic_sub(sizeof(struct nf_ct_frag6_queue), &nf_ct_frag6_mem);
160
-
kfree(fq);
165
+
kfree(container_of(q, struct nf_ct_frag6_queue, q));
161
166
}
162
167
163
168
static inline struct nf_ct_frag6_queue *frag_alloc_queue(void)
164
169
{
165
-
struct nf_ct_frag6_queue *fq = kmalloc(sizeof(struct nf_ct_frag6_queue), GFP_ATOMIC);
170
+
struct nf_ct_frag6_queue *fq;
166
171
167
-
if (!fq)
172
+
fq = kzalloc(sizeof(struct nf_ct_frag6_queue), GFP_ATOMIC);
173
+
if (fq == NULL)
168
174
return NULL;
169
-
atomic_add(sizeof(struct nf_ct_frag6_queue), &nf_ct_frag6_mem);
175
+
atomic_add(sizeof(struct nf_ct_frag6_queue), &nf_frags.mem);
170
176
return fq;
171
177
}
172
178
173
179
/* Destruction primitives. */
174
180
175
-
/* Complete destruction of fq. */
176
-
static void nf_ct_frag6_destroy(struct nf_ct_frag6_queue *fq,
177
-
unsigned int *work)
181
+
static __inline__ void fq_put(struct nf_ct_frag6_queue *fq)
178
182
{
179
-
struct sk_buff *fp;
180
-
181
-
BUG_TRAP(fq->last_in&COMPLETE);
182
-
BUG_TRAP(del_timer(&fq->timer) == 0);
183
-
184
-
/* Release all fragment data. */
185
-
fp = fq->fragments;
186
-
while (fp) {
187
-
struct sk_buff *xp = fp->next;
188
-
189
-
frag_kfree_skb(fp, work);
190
-
fp = xp;
191
-
}
192
-
193
-
frag_free_queue(fq, work);
194
-
}
195
-
196
-
static __inline__ void fq_put(struct nf_ct_frag6_queue *fq, unsigned int *work)
197
-
{
198
-
if (atomic_dec_and_test(&fq->refcnt))
199
-
nf_ct_frag6_destroy(fq, work);
183
+
inet_frag_put(&fq->q, &nf_frags);
200
184
}
201
185
202
186
/* Kill fq entry. It is not destroyed immediately,
···
158
234
*/
159
235
static __inline__ void fq_kill(struct nf_ct_frag6_queue *fq)
160
236
{
161
-
if (del_timer(&fq->timer))
162
-
atomic_dec(&fq->refcnt);
163
-
164
-
if (!(fq->last_in & COMPLETE)) {
165
-
fq_unlink(fq);
166
-
atomic_dec(&fq->refcnt);
167
-
fq->last_in |= COMPLETE;
168
-
}
237
+
inet_frag_kill(&fq->q, &nf_frags);
169
238
}
170
239
171
240
static void nf_ct_frag6_evictor(void)
172
241
{
173
-
struct nf_ct_frag6_queue *fq;
174
-
struct list_head *tmp;
175
-
unsigned int work;
176
-
177
-
work = atomic_read(&nf_ct_frag6_mem);
178
-
if (work <= nf_ct_frag6_low_thresh)
179
-
return;
180
-
181
-
work -= nf_ct_frag6_low_thresh;
182
-
while (work > 0) {
183
-
read_lock(&nf_ct_frag6_lock);
184
-
if (list_empty(&nf_ct_frag6_lru_list)) {
185
-
read_unlock(&nf_ct_frag6_lock);
186
-
return;
187
-
}
188
-
tmp = nf_ct_frag6_lru_list.next;
189
-
BUG_ON(tmp == NULL);
190
-
fq = list_entry(tmp, struct nf_ct_frag6_queue, lru_list);
191
-
atomic_inc(&fq->refcnt);
192
-
read_unlock(&nf_ct_frag6_lock);
193
-
194
-
spin_lock(&fq->lock);
195
-
if (!(fq->last_in&COMPLETE))
196
-
fq_kill(fq);
197
-
spin_unlock(&fq->lock);
198
-
199
-
fq_put(fq, &work);
200
-
}
242
+
inet_frag_evictor(&nf_frags);
201
243
}
202
244
203
245
static void nf_ct_frag6_expire(unsigned long data)
204
246
{
205
247
struct nf_ct_frag6_queue *fq = (struct nf_ct_frag6_queue *) data;
206
248
207
-
spin_lock(&fq->lock);
249
+
spin_lock(&fq->q.lock);
208
250
209
-
if (fq->last_in & COMPLETE)
251
+
if (fq->q.last_in & COMPLETE)
210
252
goto out;
211
253
212
254
fq_kill(fq);
213
255
214
256
out:
215
-
spin_unlock(&fq->lock);
216
-
fq_put(fq, NULL);
257
+
spin_unlock(&fq->q.lock);
258
+
fq_put(fq);
217
259
}
218
260
219
261
/* Creation primitives. */
···
192
302
struct hlist_node *n;
193
303
#endif
194
304
195
-
write_lock(&nf_ct_frag6_lock);
305
+
write_lock(&nf_frags.lock);
196
306
#ifdef CONFIG_SMP
197
-
hlist_for_each_entry(fq, n, &nf_ct_frag6_hash[hash], list) {
307
+
hlist_for_each_entry(fq, n, &nf_frags.hash[hash], q.list) {
198
308
if (fq->id == fq_in->id &&
199
309
ipv6_addr_equal(&fq_in->saddr, &fq->saddr) &&
200
310
ipv6_addr_equal(&fq_in->daddr, &fq->daddr)) {
201
-
atomic_inc(&fq->refcnt);
202
-
write_unlock(&nf_ct_frag6_lock);
203
-
fq_in->last_in |= COMPLETE;
204
-
fq_put(fq_in, NULL);
311
+
atomic_inc(&fq->q.refcnt);
312
+
write_unlock(&nf_frags.lock);
313
+
fq_in->q.last_in |= COMPLETE;
314
+
fq_put(fq_in);
205
315
return fq;
206
316
}
207
317
}
208
318
#endif
209
319
fq = fq_in;
210
320
211
-
if (!mod_timer(&fq->timer, jiffies + nf_ct_frag6_timeout))
212
-
atomic_inc(&fq->refcnt);
321
+
if (!mod_timer(&fq->q.timer, jiffies + nf_frags_ctl.timeout))
322
+
atomic_inc(&fq->q.refcnt);
213
323
214
-
atomic_inc(&fq->refcnt);
215
-
hlist_add_head(&fq->list, &nf_ct_frag6_hash[hash]);
216
-
INIT_LIST_HEAD(&fq->lru_list);
217
-
list_add_tail(&fq->lru_list, &nf_ct_frag6_lru_list);
218
-
nf_ct_frag6_nqueues++;
219
-
write_unlock(&nf_ct_frag6_lock);
324
+
atomic_inc(&fq->q.refcnt);
325
+
hlist_add_head(&fq->q.list, &nf_frags.hash[hash]);
326
+
INIT_LIST_HEAD(&fq->q.lru_list);
327
+
list_add_tail(&fq->q.lru_list, &nf_frags.lru_list);
328
+
nf_frags.nqueues++;
329
+
write_unlock(&nf_frags.lock);
220
330
return fq;
221
331
}
222
332
···
231
341
goto oom;
232
342
}
233
343
234
-
memset(fq, 0, sizeof(struct nf_ct_frag6_queue));
235
-
236
344
fq->id = id;
237
345
ipv6_addr_copy(&fq->saddr, src);
238
346
ipv6_addr_copy(&fq->daddr, dst);
239
347
240
-
setup_timer(&fq->timer, nf_ct_frag6_expire, (unsigned long)fq);
241
-
spin_lock_init(&fq->lock);
242
-
atomic_set(&fq->refcnt, 1);
348
+
setup_timer(&fq->q.timer, nf_ct_frag6_expire, (unsigned long)fq);
349
+
spin_lock_init(&fq->q.lock);
350
+
atomic_set(&fq->q.refcnt, 1);
243
351
244
352
return nf_ct_frag6_intern(hash, fq);
245
353
···
252
364
struct hlist_node *n;
253
365
unsigned int hash = ip6qhashfn(id, src, dst);
254
366
255
-
read_lock(&nf_ct_frag6_lock);
256
-
hlist_for_each_entry(fq, n, &nf_ct_frag6_hash[hash], list) {
367
+
read_lock(&nf_frags.lock);
368
+
hlist_for_each_entry(fq, n, &nf_frags.hash[hash], q.list) {
257
369
if (fq->id == id &&
258
370
ipv6_addr_equal(src, &fq->saddr) &&
259
371
ipv6_addr_equal(dst, &fq->daddr)) {
260
-
atomic_inc(&fq->refcnt);
261
-
read_unlock(&nf_ct_frag6_lock);
372
+
atomic_inc(&fq->q.refcnt);
373
+
read_unlock(&nf_frags.lock);
262
374
return fq;
263
375
}
264
376
}
265
-
read_unlock(&nf_ct_frag6_lock);
377
+
read_unlock(&nf_frags.lock);
266
378
267
379
return nf_ct_frag6_create(hash, id, src, dst);
268
380
}
···
274
386
struct sk_buff *prev, *next;
275
387
int offset, end;
276
388
277
-
if (fq->last_in & COMPLETE) {
389
+
if (fq->q.last_in & COMPLETE) {
278
390
pr_debug("Allready completed\n");
279
391
goto err;
280
392
}
···
300
412
/* If we already have some bits beyond end
301
413
* or have different end, the segment is corrupted.
302
414
*/
303
-
if (end < fq->len ||
304
-
((fq->last_in & LAST_IN) && end != fq->len)) {
415
+
if (end < fq->q.len ||
416
+
((fq->q.last_in & LAST_IN) && end != fq->q.len)) {
305
417
pr_debug("already received last fragment\n");
306
418
goto err;
307
419
}
308
-
fq->last_in |= LAST_IN;
309
-
fq->len = end;
420
+
fq->q.last_in |= LAST_IN;
421
+
fq->q.len = end;
310
422
} else {
311
423
/* Check if the fragment is rounded to 8 bytes.
312
424
* Required by the RFC.
···
318
430
pr_debug("end of fragment not rounded to 8 bytes.\n");
319
431
return -1;
320
432
}
321
-
if (end > fq->len) {
433
+
if (end > fq->q.len) {
322
434
/* Some bits beyond end -> corruption. */
323
-
if (fq->last_in & LAST_IN) {
435
+
if (fq->q.last_in & LAST_IN) {
324
436
pr_debug("last packet already reached.\n");
325
437
goto err;
326
438
}
327
-
fq->len = end;
439
+
fq->q.len = end;
328
440
}
329
441
}
330
442
···
346
458
* this fragment, right?
347
459
*/
348
460
prev = NULL;
349
-
for (next = fq->fragments; next != NULL; next = next->next) {
461
+
for (next = fq->q.fragments; next != NULL; next = next->next) {
350
462
if (NFCT_FRAG6_CB(next)->offset >= offset)
351
463
break; /* bingo! */
352
464
prev = next;
···
391
503
392
504
/* next fragment */
393
505
NFCT_FRAG6_CB(next)->offset += i;
394
-
fq->meat -= i;
506
+
fq->q.meat -= i;
395
507
if (next->ip_summed != CHECKSUM_UNNECESSARY)
396
508
next->ip_summed = CHECKSUM_NONE;
397
509
break;
···
406
518
if (prev)
407
519
prev->next = next;
408
520
else
409
-
fq->fragments = next;
521
+
fq->q.fragments = next;
410
522
411
-
fq->meat -= free_it->len;
523
+
fq->q.meat -= free_it->len;
412
524
frag_kfree_skb(free_it, NULL);
413
525
}
414
526
}
···
420
532
if (prev)
421
533
prev->next = skb;
422
534
else
423
-
fq->fragments = skb;
535
+
fq->q.fragments = skb;
424
536
425
537
skb->dev = NULL;
426
-
fq->stamp = skb->tstamp;
427
-
fq->meat += skb->len;
428
-
atomic_add(skb->truesize, &nf_ct_frag6_mem);
538
+
fq->q.stamp = skb->tstamp;
539
+
fq->q.meat += skb->len;
540
+
atomic_add(skb->truesize, &nf_frags.mem);
429
541
430
542
/* The first fragment.
431
543
* nhoffset is obtained from the first fragment, of course.
432
544
*/
433
545
if (offset == 0) {
434
546
fq->nhoffset = nhoff;
435
-
fq->last_in |= FIRST_IN;
547
+
fq->q.last_in |= FIRST_IN;
436
548
}
437
-
write_lock(&nf_ct_frag6_lock);
438
-
list_move_tail(&fq->lru_list, &nf_ct_frag6_lru_list);
439
-
write_unlock(&nf_ct_frag6_lock);
549
+
write_lock(&nf_frags.lock);
550
+
list_move_tail(&fq->q.lru_list, &nf_frags.lru_list);
551
+
write_unlock(&nf_frags.lock);
440
552
return 0;
441
553
442
554
err:
···
455
567
static struct sk_buff *
456
568
nf_ct_frag6_reasm(struct nf_ct_frag6_queue *fq, struct net_device *dev)
457
569
{
458
-
struct sk_buff *fp, *op, *head = fq->fragments;
570
+
struct sk_buff *fp, *op, *head = fq->q.fragments;
459
571
int payload_len;
460
572
461
573
fq_kill(fq);
···
465
577
466
578
/* Unfragmented part is taken from the first segment. */
467
579
payload_len = ((head->data - skb_network_header(head)) -
468
-
sizeof(struct ipv6hdr) + fq->len -
580
+
sizeof(struct ipv6hdr) + fq->q.len -
469
581
sizeof(struct frag_hdr));
470
582
if (payload_len > IPV6_MAXPLEN) {
471
583
pr_debug("payload len is too large.\n");
···
502
614
clone->ip_summed = head->ip_summed;
503
615
504
616
NFCT_FRAG6_CB(clone)->orig = NULL;
505
-
atomic_add(clone->truesize, &nf_ct_frag6_mem);
617
+
atomic_add(clone->truesize, &nf_frags.mem);
506
618
}
507
619
508
620
/* We have to remove fragment header from datagram and to relocate
···
516
628
skb_shinfo(head)->frag_list = head->next;
517
629
skb_reset_transport_header(head);
518
630
skb_push(head, head->data - skb_network_header(head));
519
-
atomic_sub(head->truesize, &nf_ct_frag6_mem);
631
+
atomic_sub(head->truesize, &nf_frags.mem);
520
632
521
633
for (fp=head->next; fp; fp = fp->next) {
522
634
head->data_len += fp->len;
···
526
638
else if (head->ip_summed == CHECKSUM_COMPLETE)
527
639
head->csum = csum_add(head->csum, fp->csum);
528
640
head->truesize += fp->truesize;
529
-
atomic_sub(fp->truesize, &nf_ct_frag6_mem);
641
+
atomic_sub(fp->truesize, &nf_frags.mem);
530
642
}
531
643
532
644
head->next = NULL;
533
645
head->dev = dev;
534
-
head->tstamp = fq->stamp;
646
+
head->tstamp = fq->q.stamp;
535
647
ipv6_hdr(head)->payload_len = htons(payload_len);
536
648
537
649
/* Yes, and fold redundant checksum back. 8) */
···
540
652
skb_network_header_len(head),
541
653
head->csum);
542
654
543
-
fq->fragments = NULL;
655
+
fq->q.fragments = NULL;
544
656
545
657
/* all original skbs are linked into the NFCT_FRAG6_CB(head).orig */
546
658
fp = skb_shinfo(head)->frag_list;
···
676
788
goto ret_orig;
677
789
}
678
790
679
-
if (atomic_read(&nf_ct_frag6_mem) > nf_ct_frag6_high_thresh)
791
+
if (atomic_read(&nf_frags.mem) > nf_frags_ctl.high_thresh)
680
792
nf_ct_frag6_evictor();
681
793
682
794
fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr);
···
685
797
goto ret_orig;
686
798
}
687
799
688
-
spin_lock(&fq->lock);
800
+
spin_lock(&fq->q.lock);
689
801
690
802
if (nf_ct_frag6_queue(fq, clone, fhdr, nhoff) < 0) {
691
-
spin_unlock(&fq->lock);
803
+
spin_unlock(&fq->q.lock);
692
804
pr_debug("Can't insert skb to queue\n");
693
-
fq_put(fq, NULL);
805
+
fq_put(fq);
694
806
goto ret_orig;
695
807
}
696
808
697
-
if (fq->last_in == (FIRST_IN|LAST_IN) && fq->meat == fq->len) {
809
+
if (fq->q.last_in == (FIRST_IN|LAST_IN) && fq->q.meat == fq->q.len) {
698
810
ret_skb = nf_ct_frag6_reasm(fq, dev);
699
811
if (ret_skb == NULL)
700
812
pr_debug("Can't reassemble fragmented packets\n");
701
813
}
702
-
spin_unlock(&fq->lock);
814
+
spin_unlock(&fq->q.lock);
703
815
704
-
fq_put(fq, NULL);
816
+
fq_put(fq);
705
817
return ret_skb;
706
818
707
819
ret_orig:
···
747
859
748
860
int nf_ct_frag6_init(void)
749
861
{
750
-
nf_ct_frag6_hash_rnd = (u32) ((num_physpages ^ (num_physpages>>7)) ^
751
-
(jiffies ^ (jiffies >> 6)));
752
-
753
-
setup_timer(&nf_ct_frag6_secret_timer, nf_ct_frag6_secret_rebuild, 0);
754
-
nf_ct_frag6_secret_timer.expires = jiffies
755
-
+ nf_ct_frag6_secret_interval;
756
-
add_timer(&nf_ct_frag6_secret_timer);
862
+
nf_frags.ctl = &nf_frags_ctl;
863
+
nf_frags.hashfn = nf_hashfn;
864
+
nf_frags.destructor = nf_frag_free;
865
+
nf_frags.skb_free = nf_skb_free;
866
+
nf_frags.qsize = sizeof(struct nf_ct_frag6_queue);
867
+
inet_frags_init(&nf_frags);
757
868
758
869
return 0;
759
870
}
760
871
761
872
void nf_ct_frag6_cleanup(void)
762
873
{
763
-
del_timer(&nf_ct_frag6_secret_timer);
764
-
nf_ct_frag6_low_thresh = 0;
874
+
inet_frags_fini(&nf_frags);
875
+
876
+
nf_frags_ctl.low_thresh = 0;
765
877
nf_ct_frag6_evictor();
766
878
}
+1
-1
net/ipv6/proc.c
+1
-1
net/ipv6/proc.c
+139
-220
net/ipv6/reassembly.c
+139
-220
net/ipv6/reassembly.c
···
42
42
#include <linux/icmpv6.h>
43
43
#include <linux/random.h>
44
44
#include <linux/jhash.h>
45
+
#include <linux/skbuff.h>
45
46
46
47
#include <net/sock.h>
47
48
#include <net/snmp.h>
···
54
53
#include <net/rawv6.h>
55
54
#include <net/ndisc.h>
56
55
#include <net/addrconf.h>
57
-
58
-
int sysctl_ip6frag_high_thresh __read_mostly = 256*1024;
59
-
int sysctl_ip6frag_low_thresh __read_mostly = 192*1024;
60
-
61
-
int sysctl_ip6frag_time __read_mostly = IPV6_FRAG_TIMEOUT;
56
+
#include <net/inet_frag.h>
62
57
63
58
struct ip6frag_skb_cb
64
59
{
···
71
74
72
75
struct frag_queue
73
76
{
74
-
struct hlist_node list;
75
-
struct list_head lru_list; /* lru list member */
77
+
struct inet_frag_queue q;
76
78
77
79
__be32 id; /* fragment id */
78
80
struct in6_addr saddr;
79
81
struct in6_addr daddr;
80
82
81
-
spinlock_t lock;
82
-
atomic_t refcnt;
83
-
struct timer_list timer; /* expire timer */
84
-
struct sk_buff *fragments;
85
-
int len;
86
-
int meat;
87
83
int iif;
88
-
ktime_t stamp;
89
84
unsigned int csum;
90
-
__u8 last_in; /* has first/last segment arrived? */
91
-
#define COMPLETE 4
92
-
#define FIRST_IN 2
93
-
#define LAST_IN 1
94
85
__u16 nhoffset;
95
86
};
96
87
97
-
/* Hash table. */
88
+
struct inet_frags_ctl ip6_frags_ctl __read_mostly = {
89
+
.high_thresh = 256 * 1024,
90
+
.low_thresh = 192 * 1024,
91
+
.timeout = IPV6_FRAG_TIMEOUT,
92
+
.secret_interval = 10 * 60 * HZ,
93
+
};
98
94
99
-
#define IP6Q_HASHSZ 64
95
+
static struct inet_frags ip6_frags;
100
96
101
-
static struct hlist_head ip6_frag_hash[IP6Q_HASHSZ];
102
-
static DEFINE_RWLOCK(ip6_frag_lock);
103
-
static u32 ip6_frag_hash_rnd;
104
-
static LIST_HEAD(ip6_frag_lru_list);
105
-
int ip6_frag_nqueues = 0;
106
-
107
-
static __inline__ void __fq_unlink(struct frag_queue *fq)
97
+
int ip6_frag_nqueues(void)
108
98
{
109
-
hlist_del(&fq->list);
110
-
list_del(&fq->lru_list);
111
-
ip6_frag_nqueues--;
99
+
return ip6_frags.nqueues;
112
100
}
113
101
114
-
static __inline__ void fq_unlink(struct frag_queue *fq)
102
+
int ip6_frag_mem(void)
115
103
{
116
-
write_lock(&ip6_frag_lock);
117
-
__fq_unlink(fq);
118
-
write_unlock(&ip6_frag_lock);
104
+
return atomic_read(&ip6_frags.mem);
119
105
}
106
+
107
+
static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *prev,
108
+
struct net_device *dev);
120
109
121
110
/*
122
111
* callers should be careful not to use the hash value outside the ipfrag_lock
···
119
136
120
137
a += JHASH_GOLDEN_RATIO;
121
138
b += JHASH_GOLDEN_RATIO;
122
-
c += ip6_frag_hash_rnd;
139
+
c += ip6_frags.rnd;
123
140
__jhash_mix(a, b, c);
124
141
125
142
a += (__force u32)saddr->s6_addr32[3];
···
132
149
c += (__force u32)id;
133
150
__jhash_mix(a, b, c);
134
151
135
-
return c & (IP6Q_HASHSZ - 1);
152
+
return c & (INETFRAGS_HASHSZ - 1);
136
153
}
137
154
138
-
static struct timer_list ip6_frag_secret_timer;
139
-
int sysctl_ip6frag_secret_interval __read_mostly = 10 * 60 * HZ;
140
-
141
-
static void ip6_frag_secret_rebuild(unsigned long dummy)
155
+
static unsigned int ip6_hashfn(struct inet_frag_queue *q)
142
156
{
143
-
unsigned long now = jiffies;
144
-
int i;
157
+
struct frag_queue *fq;
145
158
146
-
write_lock(&ip6_frag_lock);
147
-
get_random_bytes(&ip6_frag_hash_rnd, sizeof(u32));
148
-
for (i = 0; i < IP6Q_HASHSZ; i++) {
149
-
struct frag_queue *q;
150
-
struct hlist_node *p, *n;
151
-
152
-
hlist_for_each_entry_safe(q, p, n, &ip6_frag_hash[i], list) {
153
-
unsigned int hval = ip6qhashfn(q->id,
154
-
&q->saddr,
155
-
&q->daddr);
156
-
157
-
if (hval != i) {
158
-
hlist_del(&q->list);
159
-
160
-
/* Relink to new hash chain. */
161
-
hlist_add_head(&q->list,
162
-
&ip6_frag_hash[hval]);
163
-
164
-
}
165
-
}
166
-
}
167
-
write_unlock(&ip6_frag_lock);
168
-
169
-
mod_timer(&ip6_frag_secret_timer, now + sysctl_ip6frag_secret_interval);
159
+
fq = container_of(q, struct frag_queue, q);
160
+
return ip6qhashfn(fq->id, &fq->saddr, &fq->daddr);
170
161
}
171
-
172
-
atomic_t ip6_frag_mem = ATOMIC_INIT(0);
173
162
174
163
/* Memory Tracking Functions. */
175
164
static inline void frag_kfree_skb(struct sk_buff *skb, int *work)
176
165
{
177
166
if (work)
178
167
*work -= skb->truesize;
179
-
atomic_sub(skb->truesize, &ip6_frag_mem);
168
+
atomic_sub(skb->truesize, &ip6_frags.mem);
180
169
kfree_skb(skb);
181
170
}
182
171
183
-
static inline void frag_free_queue(struct frag_queue *fq, int *work)
172
+
static void ip6_frag_free(struct inet_frag_queue *fq)
184
173
{
185
-
if (work)
186
-
*work -= sizeof(struct frag_queue);
187
-
atomic_sub(sizeof(struct frag_queue), &ip6_frag_mem);
188
-
kfree(fq);
174
+
kfree(container_of(fq, struct frag_queue, q));
189
175
}
190
176
191
177
static inline struct frag_queue *frag_alloc_queue(void)
···
163
211
164
212
if(!fq)
165
213
return NULL;
166
-
atomic_add(sizeof(struct frag_queue), &ip6_frag_mem);
214
+
atomic_add(sizeof(struct frag_queue), &ip6_frags.mem);
167
215
return fq;
168
216
}
169
217
170
218
/* Destruction primitives. */
171
219
172
-
/* Complete destruction of fq. */
173
-
static void ip6_frag_destroy(struct frag_queue *fq, int *work)
220
+
static __inline__ void fq_put(struct frag_queue *fq)
174
221
{
175
-
struct sk_buff *fp;
176
-
177
-
BUG_TRAP(fq->last_in&COMPLETE);
178
-
BUG_TRAP(del_timer(&fq->timer) == 0);
179
-
180
-
/* Release all fragment data. */
181
-
fp = fq->fragments;
182
-
while (fp) {
183
-
struct sk_buff *xp = fp->next;
184
-
185
-
frag_kfree_skb(fp, work);
186
-
fp = xp;
187
-
}
188
-
189
-
frag_free_queue(fq, work);
190
-
}
191
-
192
-
static __inline__ void fq_put(struct frag_queue *fq, int *work)
193
-
{
194
-
if (atomic_dec_and_test(&fq->refcnt))
195
-
ip6_frag_destroy(fq, work);
222
+
inet_frag_put(&fq->q, &ip6_frags);
196
223
}
197
224
198
225
/* Kill fq entry. It is not destroyed immediately,
···
179
248
*/
180
249
static __inline__ void fq_kill(struct frag_queue *fq)
181
250
{
182
-
if (del_timer(&fq->timer))
183
-
atomic_dec(&fq->refcnt);
184
-
185
-
if (!(fq->last_in & COMPLETE)) {
186
-
fq_unlink(fq);
187
-
atomic_dec(&fq->refcnt);
188
-
fq->last_in |= COMPLETE;
189
-
}
251
+
inet_frag_kill(&fq->q, &ip6_frags);
190
252
}
191
253
192
254
static void ip6_evictor(struct inet6_dev *idev)
193
255
{
194
-
struct frag_queue *fq;
195
-
struct list_head *tmp;
196
-
int work;
256
+
int evicted;
197
257
198
-
work = atomic_read(&ip6_frag_mem) - sysctl_ip6frag_low_thresh;
199
-
if (work <= 0)
200
-
return;
201
-
202
-
while(work > 0) {
203
-
read_lock(&ip6_frag_lock);
204
-
if (list_empty(&ip6_frag_lru_list)) {
205
-
read_unlock(&ip6_frag_lock);
206
-
return;
207
-
}
208
-
tmp = ip6_frag_lru_list.next;
209
-
fq = list_entry(tmp, struct frag_queue, lru_list);
210
-
atomic_inc(&fq->refcnt);
211
-
read_unlock(&ip6_frag_lock);
212
-
213
-
spin_lock(&fq->lock);
214
-
if (!(fq->last_in&COMPLETE))
215
-
fq_kill(fq);
216
-
spin_unlock(&fq->lock);
217
-
218
-
fq_put(fq, &work);
219
-
IP6_INC_STATS_BH(idev, IPSTATS_MIB_REASMFAILS);
220
-
}
258
+
evicted = inet_frag_evictor(&ip6_frags);
259
+
if (evicted)
260
+
IP6_ADD_STATS_BH(idev, IPSTATS_MIB_REASMFAILS, evicted);
221
261
}
222
262
223
263
static void ip6_frag_expire(unsigned long data)
···
196
294
struct frag_queue *fq = (struct frag_queue *) data;
197
295
struct net_device *dev = NULL;
198
296
199
-
spin_lock(&fq->lock);
297
+
spin_lock(&fq->q.lock);
200
298
201
-
if (fq->last_in & COMPLETE)
299
+
if (fq->q.last_in & COMPLETE)
202
300
goto out;
203
301
204
302
fq_kill(fq);
···
213
311
rcu_read_unlock();
214
312
215
313
/* Don't send error if the first segment did not arrive. */
216
-
if (!(fq->last_in&FIRST_IN) || !fq->fragments)
314
+
if (!(fq->q.last_in&FIRST_IN) || !fq->q.fragments)
217
315
goto out;
218
316
219
317
/*
···
221
319
segment was received. And do not use fq->dev
222
320
pointer directly, device might already disappeared.
223
321
*/
224
-
fq->fragments->dev = dev;
225
-
icmpv6_send(fq->fragments, ICMPV6_TIME_EXCEED, ICMPV6_EXC_FRAGTIME, 0, dev);
322
+
fq->q.fragments->dev = dev;
323
+
icmpv6_send(fq->q.fragments, ICMPV6_TIME_EXCEED, ICMPV6_EXC_FRAGTIME, 0, dev);
226
324
out:
227
325
if (dev)
228
326
dev_put(dev);
229
-
spin_unlock(&fq->lock);
230
-
fq_put(fq, NULL);
327
+
spin_unlock(&fq->q.lock);
328
+
fq_put(fq);
231
329
}
232
330
233
331
/* Creation primitives. */
···
241
339
struct hlist_node *n;
242
340
#endif
243
341
244
-
write_lock(&ip6_frag_lock);
342
+
write_lock(&ip6_frags.lock);
245
343
hash = ip6qhashfn(fq_in->id, &fq_in->saddr, &fq_in->daddr);
246
344
#ifdef CONFIG_SMP
247
-
hlist_for_each_entry(fq, n, &ip6_frag_hash[hash], list) {
345
+
hlist_for_each_entry(fq, n, &ip6_frags.hash[hash], q.list) {
248
346
if (fq->id == fq_in->id &&
249
347
ipv6_addr_equal(&fq_in->saddr, &fq->saddr) &&
250
348
ipv6_addr_equal(&fq_in->daddr, &fq->daddr)) {
251
-
atomic_inc(&fq->refcnt);
252
-
write_unlock(&ip6_frag_lock);
253
-
fq_in->last_in |= COMPLETE;
254
-
fq_put(fq_in, NULL);
349
+
atomic_inc(&fq->q.refcnt);
350
+
write_unlock(&ip6_frags.lock);
351
+
fq_in->q.last_in |= COMPLETE;
352
+
fq_put(fq_in);
255
353
return fq;
256
354
}
257
355
}
258
356
#endif
259
357
fq = fq_in;
260
358
261
-
if (!mod_timer(&fq->timer, jiffies + sysctl_ip6frag_time))
262
-
atomic_inc(&fq->refcnt);
359
+
if (!mod_timer(&fq->q.timer, jiffies + ip6_frags_ctl.timeout))
360
+
atomic_inc(&fq->q.refcnt);
263
361
264
-
atomic_inc(&fq->refcnt);
265
-
hlist_add_head(&fq->list, &ip6_frag_hash[hash]);
266
-
INIT_LIST_HEAD(&fq->lru_list);
267
-
list_add_tail(&fq->lru_list, &ip6_frag_lru_list);
268
-
ip6_frag_nqueues++;
269
-
write_unlock(&ip6_frag_lock);
362
+
atomic_inc(&fq->q.refcnt);
363
+
hlist_add_head(&fq->q.list, &ip6_frags.hash[hash]);
364
+
INIT_LIST_HEAD(&fq->q.lru_list);
365
+
list_add_tail(&fq->q.lru_list, &ip6_frags.lru_list);
366
+
ip6_frags.nqueues++;
367
+
write_unlock(&ip6_frags.lock);
270
368
return fq;
271
369
}
272
370
···
284
382
ipv6_addr_copy(&fq->saddr, src);
285
383
ipv6_addr_copy(&fq->daddr, dst);
286
384
287
-
init_timer(&fq->timer);
288
-
fq->timer.function = ip6_frag_expire;
289
-
fq->timer.data = (long) fq;
290
-
spin_lock_init(&fq->lock);
291
-
atomic_set(&fq->refcnt, 1);
385
+
init_timer(&fq->q.timer);
386
+
fq->q.timer.function = ip6_frag_expire;
387
+
fq->q.timer.data = (long) fq;
388
+
spin_lock_init(&fq->q.lock);
389
+
atomic_set(&fq->q.refcnt, 1);
292
390
293
391
return ip6_frag_intern(fq);
294
392
···
305
403
struct hlist_node *n;
306
404
unsigned int hash;
307
405
308
-
read_lock(&ip6_frag_lock);
406
+
read_lock(&ip6_frags.lock);
309
407
hash = ip6qhashfn(id, src, dst);
310
-
hlist_for_each_entry(fq, n, &ip6_frag_hash[hash], list) {
408
+
hlist_for_each_entry(fq, n, &ip6_frags.hash[hash], q.list) {
311
409
if (fq->id == id &&
312
410
ipv6_addr_equal(src, &fq->saddr) &&
313
411
ipv6_addr_equal(dst, &fq->daddr)) {
314
-
atomic_inc(&fq->refcnt);
315
-
read_unlock(&ip6_frag_lock);
412
+
atomic_inc(&fq->q.refcnt);
413
+
read_unlock(&ip6_frags.lock);
316
414
return fq;
317
415
}
318
416
}
319
-
read_unlock(&ip6_frag_lock);
417
+
read_unlock(&ip6_frags.lock);
320
418
321
419
return ip6_frag_create(id, src, dst, idev);
322
420
}
323
421
324
422
325
-
static void ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb,
423
+
static int ip6_frag_queue(struct frag_queue *fq, struct sk_buff *skb,
326
424
struct frag_hdr *fhdr, int nhoff)
327
425
{
328
426
struct sk_buff *prev, *next;
427
+
struct net_device *dev;
329
428
int offset, end;
330
429
331
-
if (fq->last_in & COMPLETE)
430
+
if (fq->q.last_in & COMPLETE)
332
431
goto err;
333
432
334
433
offset = ntohs(fhdr->frag_off) & ~0x7;
···
342
439
icmpv6_param_prob(skb, ICMPV6_HDR_FIELD,
343
440
((u8 *)&fhdr->frag_off -
344
441
skb_network_header(skb)));
345
-
return;
442
+
return -1;
346
443
}
347
444
348
445
if (skb->ip_summed == CHECKSUM_COMPLETE) {
···
357
454
/* If we already have some bits beyond end
358
455
* or have different end, the segment is corrupted.
359
456
*/
360
-
if (end < fq->len ||
361
-
((fq->last_in & LAST_IN) && end != fq->len))
457
+
if (end < fq->q.len ||
458
+
((fq->q.last_in & LAST_IN) && end != fq->q.len))
362
459
goto err;
363
-
fq->last_in |= LAST_IN;
364
-
fq->len = end;
460
+
fq->q.last_in |= LAST_IN;
461
+
fq->q.len = end;
365
462
} else {
366
463
/* Check if the fragment is rounded to 8 bytes.
367
464
* Required by the RFC.
···
374
471
IPSTATS_MIB_INHDRERRORS);
375
472
icmpv6_param_prob(skb, ICMPV6_HDR_FIELD,
376
473
offsetof(struct ipv6hdr, payload_len));
377
-
return;
474
+
return -1;
378
475
}
379
-
if (end > fq->len) {
476
+
if (end > fq->q.len) {
380
477
/* Some bits beyond end -> corruption. */
381
-
if (fq->last_in & LAST_IN)
478
+
if (fq->q.last_in & LAST_IN)
382
479
goto err;
383
-
fq->len = end;
480
+
fq->q.len = end;
384
481
}
385
482
}
386
483
···
399
496
* this fragment, right?
400
497
*/
401
498
prev = NULL;
402
-
for(next = fq->fragments; next != NULL; next = next->next) {
499
+
for(next = fq->q.fragments; next != NULL; next = next->next) {
403
500
if (FRAG6_CB(next)->offset >= offset)
404
501
break; /* bingo! */
405
502
prev = next;
···
436
533
if (!pskb_pull(next, i))
437
534
goto err;
438
535
FRAG6_CB(next)->offset += i; /* next fragment */
439
-
fq->meat -= i;
536
+
fq->q.meat -= i;
440
537
if (next->ip_summed != CHECKSUM_UNNECESSARY)
441
538
next->ip_summed = CHECKSUM_NONE;
442
539
break;
···
451
548
if (prev)
452
549
prev->next = next;
453
550
else
454
-
fq->fragments = next;
551
+
fq->q.fragments = next;
455
552
456
-
fq->meat -= free_it->len;
553
+
fq->q.meat -= free_it->len;
457
554
frag_kfree_skb(free_it, NULL);
458
555
}
459
556
}
···
465
562
if (prev)
466
563
prev->next = skb;
467
564
else
468
-
fq->fragments = skb;
565
+
fq->q.fragments = skb;
469
566
470
-
if (skb->dev)
471
-
fq->iif = skb->dev->ifindex;
472
-
skb->dev = NULL;
473
-
fq->stamp = skb->tstamp;
474
-
fq->meat += skb->len;
475
-
atomic_add(skb->truesize, &ip6_frag_mem);
567
+
dev = skb->dev;
568
+
if (dev) {
569
+
fq->iif = dev->ifindex;
570
+
skb->dev = NULL;
571
+
}
572
+
fq->q.stamp = skb->tstamp;
573
+
fq->q.meat += skb->len;
574
+
atomic_add(skb->truesize, &ip6_frags.mem);
476
575
477
576
/* The first fragment.
478
577
* nhoffset is obtained from the first fragment, of course.
479
578
*/
480
579
if (offset == 0) {
481
580
fq->nhoffset = nhoff;
482
-
fq->last_in |= FIRST_IN;
581
+
fq->q.last_in |= FIRST_IN;
483
582
}
484
-
write_lock(&ip6_frag_lock);
485
-
list_move_tail(&fq->lru_list, &ip6_frag_lru_list);
486
-
write_unlock(&ip6_frag_lock);
487
-
return;
583
+
584
+
if (fq->q.last_in == (FIRST_IN | LAST_IN) && fq->q.meat == fq->q.len)
585
+
return ip6_frag_reasm(fq, prev, dev);
586
+
587
+
write_lock(&ip6_frags.lock);
588
+
list_move_tail(&fq->q.lru_list, &ip6_frags.lru_list);
589
+
write_unlock(&ip6_frags.lock);
590
+
return -1;
488
591
489
592
err:
490
593
IP6_INC_STATS(ip6_dst_idev(skb->dst), IPSTATS_MIB_REASMFAILS);
491
594
kfree_skb(skb);
595
+
return -1;
492
596
}
493
597
494
598
/*
···
507
597
* queue is eligible for reassembly i.e. it is not COMPLETE,
508
598
* the last and the first frames arrived and all the bits are here.
509
599
*/
510
-
static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff **skb_in,
600
+
static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *prev,
511
601
struct net_device *dev)
512
602
{
513
-
struct sk_buff *fp, *head = fq->fragments;
603
+
struct sk_buff *fp, *head = fq->q.fragments;
514
604
int payload_len;
515
605
unsigned int nhoff;
516
606
517
607
fq_kill(fq);
608
+
609
+
/* Make the one we just received the head. */
610
+
if (prev) {
611
+
head = prev->next;
612
+
fp = skb_clone(head, GFP_ATOMIC);
613
+
614
+
if (!fp)
615
+
goto out_oom;
616
+
617
+
fp->next = head->next;
618
+
prev->next = fp;
619
+
620
+
skb_morph(head, fq->q.fragments);
621
+
head->next = fq->q.fragments->next;
622
+
623
+
kfree_skb(fq->q.fragments);
624
+
fq->q.fragments = head;
625
+
}
518
626
519
627
BUG_TRAP(head != NULL);
520
628
BUG_TRAP(FRAG6_CB(head)->offset == 0);
521
629
522
630
/* Unfragmented part is taken from the first segment. */
523
631
payload_len = ((head->data - skb_network_header(head)) -
524
-
sizeof(struct ipv6hdr) + fq->len -
632
+
sizeof(struct ipv6hdr) + fq->q.len -
525
633
sizeof(struct frag_hdr));
526
634
if (payload_len > IPV6_MAXPLEN)
527
635
goto out_oversize;
···
568
640
head->len -= clone->len;
569
641
clone->csum = 0;
570
642
clone->ip_summed = head->ip_summed;
571
-
atomic_add(clone->truesize, &ip6_frag_mem);
643
+
atomic_add(clone->truesize, &ip6_frags.mem);
572
644
}
573
645
574
646
/* We have to remove fragment header from datagram and to relocate
···
583
655
skb_shinfo(head)->frag_list = head->next;
584
656
skb_reset_transport_header(head);
585
657
skb_push(head, head->data - skb_network_header(head));
586
-
atomic_sub(head->truesize, &ip6_frag_mem);
658
+
atomic_sub(head->truesize, &ip6_frags.mem);
587
659
588
660
for (fp=head->next; fp; fp = fp->next) {
589
661
head->data_len += fp->len;
···
593
665
else if (head->ip_summed == CHECKSUM_COMPLETE)
594
666
head->csum = csum_add(head->csum, fp->csum);
595
667
head->truesize += fp->truesize;
596
-
atomic_sub(fp->truesize, &ip6_frag_mem);
668
+
atomic_sub(fp->truesize, &ip6_frags.mem);
597
669
}
598
670
599
671
head->next = NULL;
600
672
head->dev = dev;
601
-
head->tstamp = fq->stamp;
673
+
head->tstamp = fq->q.stamp;
602
674
ipv6_hdr(head)->payload_len = htons(payload_len);
603
675
IP6CB(head)->nhoff = nhoff;
604
-
605
-
*skb_in = head;
606
676
607
677
/* Yes, and fold redundant checksum back. 8) */
608
678
if (head->ip_summed == CHECKSUM_COMPLETE)
···
611
685
rcu_read_lock();
612
686
IP6_INC_STATS_BH(__in6_dev_get(dev), IPSTATS_MIB_REASMOKS);
613
687
rcu_read_unlock();
614
-
fq->fragments = NULL;
688
+
fq->q.fragments = NULL;
615
689
return 1;
616
690
617
691
out_oversize:
···
628
702
return -1;
629
703
}
630
704
631
-
static int ipv6_frag_rcv(struct sk_buff **skbp)
705
+
static int ipv6_frag_rcv(struct sk_buff *skb)
632
706
{
633
-
struct sk_buff *skb = *skbp;
634
-
struct net_device *dev = skb->dev;
635
707
struct frag_hdr *fhdr;
636
708
struct frag_queue *fq;
637
709
struct ipv6hdr *hdr = ipv6_hdr(skb);
···
663
739
return 1;
664
740
}
665
741
666
-
if (atomic_read(&ip6_frag_mem) > sysctl_ip6frag_high_thresh)
742
+
if (atomic_read(&ip6_frags.mem) > ip6_frags_ctl.high_thresh)
667
743
ip6_evictor(ip6_dst_idev(skb->dst));
668
744
669
745
if ((fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr,
670
746
ip6_dst_idev(skb->dst))) != NULL) {
671
-
int ret = -1;
747
+
int ret;
672
748
673
-
spin_lock(&fq->lock);
749
+
spin_lock(&fq->q.lock);
674
750
675
-
ip6_frag_queue(fq, skb, fhdr, IP6CB(skb)->nhoff);
751
+
ret = ip6_frag_queue(fq, skb, fhdr, IP6CB(skb)->nhoff);
676
752
677
-
if (fq->last_in == (FIRST_IN|LAST_IN) &&
678
-
fq->meat == fq->len)
679
-
ret = ip6_frag_reasm(fq, skbp, dev);
680
-
681
-
spin_unlock(&fq->lock);
682
-
fq_put(fq, NULL);
753
+
spin_unlock(&fq->q.lock);
754
+
fq_put(fq);
683
755
return ret;
684
756
}
685
757
···
695
775
if (inet6_add_protocol(&frag_protocol, IPPROTO_FRAGMENT) < 0)
696
776
printk(KERN_ERR "ipv6_frag_init: Could not register protocol\n");
697
777
698
-
ip6_frag_hash_rnd = (u32) ((num_physpages ^ (num_physpages>>7)) ^
699
-
(jiffies ^ (jiffies >> 6)));
700
-
701
-
init_timer(&ip6_frag_secret_timer);
702
-
ip6_frag_secret_timer.function = ip6_frag_secret_rebuild;
703
-
ip6_frag_secret_timer.expires = jiffies + sysctl_ip6frag_secret_interval;
704
-
add_timer(&ip6_frag_secret_timer);
778
+
ip6_frags.ctl = &ip6_frags_ctl;
779
+
ip6_frags.hashfn = ip6_hashfn;
780
+
ip6_frags.destructor = ip6_frag_free;
781
+
ip6_frags.skb_free = NULL;
782
+
ip6_frags.qsize = sizeof(struct frag_queue);
783
+
inet_frags_init(&ip6_frags);
705
784
}
+9
-68
net/ipv6/route.c
+9
-68
net/ipv6/route.c
···
663
663
return rt;
664
664
}
665
665
666
-
static struct rt6_info *ip6_pol_route_input(struct fib6_table *table,
666
+
static struct rt6_info *ip6_pol_route(struct fib6_table *table, int oif,
667
667
struct flowi *fl, int flags)
668
668
{
669
669
struct fib6_node *fn;
···
682
682
fn = fib6_lookup(&table->tb6_root, &fl->fl6_dst, &fl->fl6_src);
683
683
684
684
restart:
685
-
rt = rt6_select(fn, fl->iif, strict | reachable);
685
+
rt = rt6_select(fn, oif, strict | reachable);
686
686
BACKTRACK(&fl->fl6_src);
687
687
if (rt == &ip6_null_entry ||
688
688
rt->rt6i_flags & RTF_CACHE)
···
733
733
rt->u.dst.__use++;
734
734
735
735
return rt;
736
+
}
737
+
738
+
static struct rt6_info *ip6_pol_route_input(struct fib6_table *table,
739
+
struct flowi *fl, int flags)
740
+
{
741
+
return ip6_pol_route(table, fl->iif, fl, flags);
736
742
}
737
743
738
744
void ip6_route_input(struct sk_buff *skb)
···
767
761
static struct rt6_info *ip6_pol_route_output(struct fib6_table *table,
768
762
struct flowi *fl, int flags)
769
763
{
770
-
struct fib6_node *fn;
771
-
struct rt6_info *rt, *nrt;
772
-
int strict = 0;
773
-
int attempts = 3;
774
-
int err;
775
-
int reachable = ipv6_devconf.forwarding ? 0 : RT6_LOOKUP_F_REACHABLE;
776
-
777
-
strict |= flags & RT6_LOOKUP_F_IFACE;
778
-
779
-
relookup:
780
-
read_lock_bh(&table->tb6_lock);
781
-
782
-
restart_2:
783
-
fn = fib6_lookup(&table->tb6_root, &fl->fl6_dst, &fl->fl6_src);
784
-
785
-
restart:
786
-
rt = rt6_select(fn, fl->oif, strict | reachable);
787
-
BACKTRACK(&fl->fl6_src);
788
-
if (rt == &ip6_null_entry ||
789
-
rt->rt6i_flags & RTF_CACHE)
790
-
goto out;
791
-
792
-
dst_hold(&rt->u.dst);
793
-
read_unlock_bh(&table->tb6_lock);
794
-
795
-
if (!rt->rt6i_nexthop && !(rt->rt6i_flags & RTF_NONEXTHOP))
796
-
nrt = rt6_alloc_cow(rt, &fl->fl6_dst, &fl->fl6_src);
797
-
else {
798
-
#if CLONE_OFFLINK_ROUTE
799
-
nrt = rt6_alloc_clone(rt, &fl->fl6_dst);
800
-
#else
801
-
goto out2;
802
-
#endif
803
-
}
804
-
805
-
dst_release(&rt->u.dst);
806
-
rt = nrt ? : &ip6_null_entry;
807
-
808
-
dst_hold(&rt->u.dst);
809
-
if (nrt) {
810
-
err = ip6_ins_rt(nrt);
811
-
if (!err)
812
-
goto out2;
813
-
}
814
-
815
-
if (--attempts <= 0)
816
-
goto out2;
817
-
818
-
/*
819
-
* Race condition! In the gap, when table->tb6_lock was
820
-
* released someone could insert this route. Relookup.
821
-
*/
822
-
dst_release(&rt->u.dst);
823
-
goto relookup;
824
-
825
-
out:
826
-
if (reachable) {
827
-
reachable = 0;
828
-
goto restart_2;
829
-
}
830
-
dst_hold(&rt->u.dst);
831
-
read_unlock_bh(&table->tb6_lock);
832
-
out2:
833
-
rt->u.dst.lastuse = jiffies;
834
-
rt->u.dst.__use++;
835
-
return rt;
764
+
return ip6_pol_route(table, fl->oif, fl, flags);
836
765
}
837
766
838
767
struct dst_entry * ip6_route_output(struct sock *sk, struct flowi *fl)
+5
-4
net/ipv6/sysctl_net_ipv6.c
+5
-4
net/ipv6/sysctl_net_ipv6.c
···
12
12
#include <net/ndisc.h>
13
13
#include <net/ipv6.h>
14
14
#include <net/addrconf.h>
15
+
#include <net/inet_frag.h>
15
16
16
17
#ifdef CONFIG_SYSCTL
17
18
···
42
41
{
43
42
.ctl_name = NET_IPV6_IP6FRAG_HIGH_THRESH,
44
43
.procname = "ip6frag_high_thresh",
45
-
.data = &sysctl_ip6frag_high_thresh,
44
+
.data = &ip6_frags_ctl.high_thresh,
46
45
.maxlen = sizeof(int),
47
46
.mode = 0644,
48
47
.proc_handler = &proc_dointvec
···
50
49
{
51
50
.ctl_name = NET_IPV6_IP6FRAG_LOW_THRESH,
52
51
.procname = "ip6frag_low_thresh",
53
-
.data = &sysctl_ip6frag_low_thresh,
52
+
.data = &ip6_frags_ctl.low_thresh,
54
53
.maxlen = sizeof(int),
55
54
.mode = 0644,
56
55
.proc_handler = &proc_dointvec
···
58
57
{
59
58
.ctl_name = NET_IPV6_IP6FRAG_TIME,
60
59
.procname = "ip6frag_time",
61
-
.data = &sysctl_ip6frag_time,
60
+
.data = &ip6_frags_ctl.timeout,
62
61
.maxlen = sizeof(int),
63
62
.mode = 0644,
64
63
.proc_handler = &proc_dointvec_jiffies,
···
67
66
{
68
67
.ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL,
69
68
.procname = "ip6frag_secret_interval",
70
-
.data = &sysctl_ip6frag_secret_interval,
69
+
.data = &ip6_frags_ctl.secret_interval,
71
70
.maxlen = sizeof(int),
72
71
.mode = 0644,
73
72
.proc_handler = &proc_dointvec_jiffies,
+1
-2
net/ipv6/tcp_ipv6.c
+1
-2
net/ipv6/tcp_ipv6.c
+2
-4
net/ipv6/tunnel6.c
+2
-4
net/ipv6/tunnel6.c
···
87
87
88
88
EXPORT_SYMBOL(xfrm6_tunnel_deregister);
89
89
90
-
static int tunnel6_rcv(struct sk_buff **pskb)
90
+
static int tunnel6_rcv(struct sk_buff *skb)
91
91
{
92
-
struct sk_buff *skb = *pskb;
93
92
struct xfrm6_tunnel *handler;
94
93
95
94
if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
···
105
106
return 0;
106
107
}
107
108
108
-
static int tunnel46_rcv(struct sk_buff **pskb)
109
+
static int tunnel46_rcv(struct sk_buff *skb)
109
110
{
110
-
struct sk_buff *skb = *pskb;
111
111
struct xfrm6_tunnel *handler;
112
112
113
113
if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
+3
-4
net/ipv6/udp.c
+3
-4
net/ipv6/udp.c
···
405
405
return 0;
406
406
}
407
407
408
-
int __udp6_lib_rcv(struct sk_buff **pskb, struct hlist_head udptable[],
408
+
int __udp6_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
409
409
int proto)
410
410
{
411
-
struct sk_buff *skb = *pskb;
412
411
struct sock *sk;
413
412
struct udphdr *uh;
414
413
struct net_device *dev = skb->dev;
···
493
494
return 0;
494
495
}
495
496
496
-
static __inline__ int udpv6_rcv(struct sk_buff **pskb)
497
+
static __inline__ int udpv6_rcv(struct sk_buff *skb)
497
498
{
498
-
return __udp6_lib_rcv(pskb, udp_hash, IPPROTO_UDP);
499
+
return __udp6_lib_rcv(skb, udp_hash, IPPROTO_UDP);
499
500
}
500
501
501
502
/*
+1
-1
net/ipv6/udp_impl.h
+1
-1
net/ipv6/udp_impl.h
···
6
6
#include <net/addrconf.h>
7
7
#include <net/inet_common.h>
8
8
9
-
extern int __udp6_lib_rcv(struct sk_buff **, struct hlist_head [], int );
9
+
extern int __udp6_lib_rcv(struct sk_buff *, struct hlist_head [], int );
10
10
extern void __udp6_lib_err(struct sk_buff *, struct inet6_skb_parm *,
11
11
int , int , int , __be32 , struct hlist_head []);
12
12
+2
-2
net/ipv6/udplite.c
+2
-2
net/ipv6/udplite.c
···
17
17
18
18
DEFINE_SNMP_STAT(struct udp_mib, udplite_stats_in6) __read_mostly;
19
19
20
-
static int udplitev6_rcv(struct sk_buff **pskb)
20
+
static int udplitev6_rcv(struct sk_buff *skb)
21
21
{
22
-
return __udp6_lib_rcv(pskb, udplite_hash, IPPROTO_UDPLITE);
22
+
return __udp6_lib_rcv(skb, udplite_hash, IPPROTO_UDPLITE);
23
23
}
24
24
25
25
static void udplitev6_err(struct sk_buff *skb,
+2
-2
net/ipv6/xfrm6_input.c
+2
-2
net/ipv6/xfrm6_input.c
+2
-2
net/ipv6/xfrm6_output.c
+2
-2
net/ipv6/xfrm6_output.c
···
80
80
while (likely((err = xfrm6_output_one(skb)) == 0)) {
81
81
nf_reset(skb);
82
82
83
-
err = nf_hook(PF_INET6, NF_IP6_LOCAL_OUT, &skb, NULL,
83
+
err = nf_hook(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL,
84
84
skb->dst->dev, dst_output);
85
85
if (unlikely(err != 1))
86
86
break;
···
88
88
if (!skb->dst->xfrm)
89
89
return dst_output(skb);
90
90
91
-
err = nf_hook(PF_INET6, NF_IP6_POST_ROUTING, &skb, NULL,
91
+
err = nf_hook(PF_INET6, NF_IP6_POST_ROUTING, skb, NULL,
92
92
skb->dst->dev, xfrm6_output_finish2);
93
93
if (unlikely(err != 1))
94
94
break;
+17
-27
net/netfilter/core.c
+17
-27
net/netfilter/core.c
···
117
117
EXPORT_SYMBOL(nf_unregister_hooks);
118
118
119
119
unsigned int nf_iterate(struct list_head *head,
120
-
struct sk_buff **skb,
120
+
struct sk_buff *skb,
121
121
int hook,
122
122
const struct net_device *indev,
123
123
const struct net_device *outdev,
···
160
160
161
161
/* Returns 1 if okfn() needs to be executed by the caller,
162
162
* -EPERM for NF_DROP, 0 otherwise. */
163
-
int nf_hook_slow(int pf, unsigned int hook, struct sk_buff **pskb,
163
+
int nf_hook_slow(int pf, unsigned int hook, struct sk_buff *skb,
164
164
struct net_device *indev,
165
165
struct net_device *outdev,
166
166
int (*okfn)(struct sk_buff *),
···
175
175
176
176
elem = &nf_hooks[pf][hook];
177
177
next_hook:
178
-
verdict = nf_iterate(&nf_hooks[pf][hook], pskb, hook, indev,
178
+
verdict = nf_iterate(&nf_hooks[pf][hook], skb, hook, indev,
179
179
outdev, &elem, okfn, hook_thresh);
180
180
if (verdict == NF_ACCEPT || verdict == NF_STOP) {
181
181
ret = 1;
182
182
goto unlock;
183
183
} else if (verdict == NF_DROP) {
184
-
kfree_skb(*pskb);
184
+
kfree_skb(skb);
185
185
ret = -EPERM;
186
186
} else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) {
187
187
NFDEBUG("nf_hook: Verdict = QUEUE.\n");
188
-
if (!nf_queue(*pskb, elem, pf, hook, indev, outdev, okfn,
188
+
if (!nf_queue(skb, elem, pf, hook, indev, outdev, okfn,
189
189
verdict >> NF_VERDICT_BITS))
190
190
goto next_hook;
191
191
}
···
196
196
EXPORT_SYMBOL(nf_hook_slow);
197
197
198
198
199
-
int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len)
199
+
int skb_make_writable(struct sk_buff *skb, unsigned int writable_len)
200
200
{
201
-
struct sk_buff *nskb;
202
-
203
-
if (writable_len > (*pskb)->len)
201
+
if (writable_len > skb->len)
204
202
return 0;
205
203
206
204
/* Not exclusive use of packet? Must copy. */
207
-
if (skb_cloned(*pskb) && !skb_clone_writable(*pskb, writable_len))
208
-
goto copy_skb;
209
-
if (skb_shared(*pskb))
210
-
goto copy_skb;
205
+
if (!skb_cloned(skb)) {
206
+
if (writable_len <= skb_headlen(skb))
207
+
return 1;
208
+
} else if (skb_clone_writable(skb, writable_len))
209
+
return 1;
211
210
212
-
return pskb_may_pull(*pskb, writable_len);
211
+
if (writable_len <= skb_headlen(skb))
212
+
writable_len = 0;
213
+
else
214
+
writable_len -= skb_headlen(skb);
213
215
214
-
copy_skb:
215
-
nskb = skb_copy(*pskb, GFP_ATOMIC);
216
-
if (!nskb)
217
-
return 0;
218
-
BUG_ON(skb_is_nonlinear(nskb));
219
-
220
-
/* Rest of kernel will get very unhappy if we pass it a
221
-
suddenly-orphaned skbuff */
222
-
if ((*pskb)->sk)
223
-
skb_set_owner_w(nskb, (*pskb)->sk);
224
-
kfree_skb(*pskb);
225
-
*pskb = nskb;
226
-
return 1;
216
+
return !!__pskb_pull_tail(skb, writable_len);
227
217
}
228
218
EXPORT_SYMBOL(skb_make_writable);
229
219
+10
-10
net/netfilter/nf_conntrack_amanda.c
+10
-10
net/netfilter/nf_conntrack_amanda.c
···
36
36
module_param(ts_algo, charp, 0400);
37
37
MODULE_PARM_DESC(ts_algo, "textsearch algorithm to use (default kmp)");
38
38
39
-
unsigned int (*nf_nat_amanda_hook)(struct sk_buff **pskb,
39
+
unsigned int (*nf_nat_amanda_hook)(struct sk_buff *skb,
40
40
enum ip_conntrack_info ctinfo,
41
41
unsigned int matchoff,
42
42
unsigned int matchlen,
···
79
79
},
80
80
};
81
81
82
-
static int amanda_help(struct sk_buff **pskb,
82
+
static int amanda_help(struct sk_buff *skb,
83
83
unsigned int protoff,
84
84
struct nf_conn *ct,
85
85
enum ip_conntrack_info ctinfo)
···
101
101
102
102
/* increase the UDP timeout of the master connection as replies from
103
103
* Amanda clients to the server can be quite delayed */
104
-
nf_ct_refresh(ct, *pskb, master_timeout * HZ);
104
+
nf_ct_refresh(ct, skb, master_timeout * HZ);
105
105
106
106
/* No data? */
107
107
dataoff = protoff + sizeof(struct udphdr);
108
-
if (dataoff >= (*pskb)->len) {
108
+
if (dataoff >= skb->len) {
109
109
if (net_ratelimit())
110
-
printk("amanda_help: skblen = %u\n", (*pskb)->len);
110
+
printk("amanda_help: skblen = %u\n", skb->len);
111
111
return NF_ACCEPT;
112
112
}
113
113
114
114
memset(&ts, 0, sizeof(ts));
115
-
start = skb_find_text(*pskb, dataoff, (*pskb)->len,
115
+
start = skb_find_text(skb, dataoff, skb->len,
116
116
search[SEARCH_CONNECT].ts, &ts);
117
117
if (start == UINT_MAX)
118
118
goto out;
119
119
start += dataoff + search[SEARCH_CONNECT].len;
120
120
121
121
memset(&ts, 0, sizeof(ts));
122
-
stop = skb_find_text(*pskb, start, (*pskb)->len,
122
+
stop = skb_find_text(skb, start, skb->len,
123
123
search[SEARCH_NEWLINE].ts, &ts);
124
124
if (stop == UINT_MAX)
125
125
goto out;
···
127
127
128
128
for (i = SEARCH_DATA; i <= SEARCH_INDEX; i++) {
129
129
memset(&ts, 0, sizeof(ts));
130
-
off = skb_find_text(*pskb, start, stop, search[i].ts, &ts);
130
+
off = skb_find_text(skb, start, stop, search[i].ts, &ts);
131
131
if (off == UINT_MAX)
132
132
continue;
133
133
off += start + search[i].len;
134
134
135
135
len = min_t(unsigned int, sizeof(pbuf) - 1, stop - off);
136
-
if (skb_copy_bits(*pskb, off, pbuf, len))
136
+
if (skb_copy_bits(skb, off, pbuf, len))
137
137
break;
138
138
pbuf[len] = '\0';
139
139
···
153
153
154
154
nf_nat_amanda = rcu_dereference(nf_nat_amanda_hook);
155
155
if (nf_nat_amanda && ct->status & IPS_NAT_MASK)
156
-
ret = nf_nat_amanda(pskb, ctinfo, off - dataoff,
156
+
ret = nf_nat_amanda(skb, ctinfo, off - dataoff,
157
157
len, exp);
158
158
else if (nf_ct_expect_related(exp) != 0)
159
159
ret = NF_DROP;
+15
-15
net/netfilter/nf_conntrack_core.c
+15
-15
net/netfilter/nf_conntrack_core.c
···
307
307
308
308
/* Confirm a connection given skb; places it in hash table */
309
309
int
310
-
__nf_conntrack_confirm(struct sk_buff **pskb)
310
+
__nf_conntrack_confirm(struct sk_buff *skb)
311
311
{
312
312
unsigned int hash, repl_hash;
313
313
struct nf_conntrack_tuple_hash *h;
···
316
316
struct hlist_node *n;
317
317
enum ip_conntrack_info ctinfo;
318
318
319
-
ct = nf_ct_get(*pskb, &ctinfo);
319
+
ct = nf_ct_get(skb, &ctinfo);
320
320
321
321
/* ipt_REJECT uses nf_conntrack_attach to attach related
322
322
ICMP/TCP RST packets in other direction. Actual packet
···
367
367
write_unlock_bh(&nf_conntrack_lock);
368
368
help = nfct_help(ct);
369
369
if (help && help->helper)
370
-
nf_conntrack_event_cache(IPCT_HELPER, *pskb);
370
+
nf_conntrack_event_cache(IPCT_HELPER, skb);
371
371
#ifdef CONFIG_NF_NAT_NEEDED
372
372
if (test_bit(IPS_SRC_NAT_DONE_BIT, &ct->status) ||
373
373
test_bit(IPS_DST_NAT_DONE_BIT, &ct->status))
374
-
nf_conntrack_event_cache(IPCT_NATINFO, *pskb);
374
+
nf_conntrack_event_cache(IPCT_NATINFO, skb);
375
375
#endif
376
376
nf_conntrack_event_cache(master_ct(ct) ?
377
-
IPCT_RELATED : IPCT_NEW, *pskb);
377
+
IPCT_RELATED : IPCT_NEW, skb);
378
378
return NF_ACCEPT;
379
379
380
380
out:
···
632
632
}
633
633
634
634
unsigned int
635
-
nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff **pskb)
635
+
nf_conntrack_in(int pf, unsigned int hooknum, struct sk_buff *skb)
636
636
{
637
637
struct nf_conn *ct;
638
638
enum ip_conntrack_info ctinfo;
···
644
644
int ret;
645
645
646
646
/* Previously seen (loopback or untracked)? Ignore. */
647
-
if ((*pskb)->nfct) {
647
+
if (skb->nfct) {
648
648
NF_CT_STAT_INC_ATOMIC(ignore);
649
649
return NF_ACCEPT;
650
650
}
651
651
652
652
/* rcu_read_lock()ed by nf_hook_slow */
653
653
l3proto = __nf_ct_l3proto_find((u_int16_t)pf);
654
-
ret = l3proto->get_l4proto(*pskb, skb_network_offset(*pskb),
654
+
ret = l3proto->get_l4proto(skb, skb_network_offset(skb),
655
655
&dataoff, &protonum);
656
656
if (ret <= 0) {
657
657
pr_debug("not prepared to track yet or error occured\n");
···
666
666
* inverse of the return code tells to the netfilter
667
667
* core what to do with the packet. */
668
668
if (l4proto->error != NULL &&
669
-
(ret = l4proto->error(*pskb, dataoff, &ctinfo, pf, hooknum)) <= 0) {
669
+
(ret = l4proto->error(skb, dataoff, &ctinfo, pf, hooknum)) <= 0) {
670
670
NF_CT_STAT_INC_ATOMIC(error);
671
671
NF_CT_STAT_INC_ATOMIC(invalid);
672
672
return -ret;
673
673
}
674
674
675
-
ct = resolve_normal_ct(*pskb, dataoff, pf, protonum, l3proto, l4proto,
675
+
ct = resolve_normal_ct(skb, dataoff, pf, protonum, l3proto, l4proto,
676
676
&set_reply, &ctinfo);
677
677
if (!ct) {
678
678
/* Not valid part of a connection */
···
686
686
return NF_DROP;
687
687
}
688
688
689
-
NF_CT_ASSERT((*pskb)->nfct);
689
+
NF_CT_ASSERT(skb->nfct);
690
690
691
-
ret = l4proto->packet(ct, *pskb, dataoff, ctinfo, pf, hooknum);
691
+
ret = l4proto->packet(ct, skb, dataoff, ctinfo, pf, hooknum);
692
692
if (ret < 0) {
693
693
/* Invalid: inverse of the return code tells
694
694
* the netfilter core what to do */
695
695
pr_debug("nf_conntrack_in: Can't track with proto module\n");
696
-
nf_conntrack_put((*pskb)->nfct);
697
-
(*pskb)->nfct = NULL;
696
+
nf_conntrack_put(skb->nfct);
697
+
skb->nfct = NULL;
698
698
NF_CT_STAT_INC_ATOMIC(invalid);
699
699
return -ret;
700
700
}
701
701
702
702
if (set_reply && !test_and_set_bit(IPS_SEEN_REPLY_BIT, &ct->status))
703
-
nf_conntrack_event_cache(IPCT_STATUS, *pskb);
703
+
nf_conntrack_event_cache(IPCT_STATUS, skb);
704
704
705
705
return ret;
706
706
}
+9
-9
net/netfilter/nf_conntrack_ftp.c
+9
-9
net/netfilter/nf_conntrack_ftp.c
···
43
43
static int loose;
44
44
module_param(loose, bool, 0600);
45
45
46
-
unsigned int (*nf_nat_ftp_hook)(struct sk_buff **pskb,
46
+
unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb,
47
47
enum ip_conntrack_info ctinfo,
48
48
enum nf_ct_ftp_type type,
49
49
unsigned int matchoff,
···
344
344
}
345
345
}
346
346
347
-
static int help(struct sk_buff **pskb,
347
+
static int help(struct sk_buff *skb,
348
348
unsigned int protoff,
349
349
struct nf_conn *ct,
350
350
enum ip_conntrack_info ctinfo)
···
371
371
return NF_ACCEPT;
372
372
}
373
373
374
-
th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph);
374
+
th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
375
375
if (th == NULL)
376
376
return NF_ACCEPT;
377
377
378
378
dataoff = protoff + th->doff * 4;
379
379
/* No data? */
380
-
if (dataoff >= (*pskb)->len) {
380
+
if (dataoff >= skb->len) {
381
381
pr_debug("ftp: dataoff(%u) >= skblen(%u)\n", dataoff,
382
-
(*pskb)->len);
382
+
skb->len);
383
383
return NF_ACCEPT;
384
384
}
385
-
datalen = (*pskb)->len - dataoff;
385
+
datalen = skb->len - dataoff;
386
386
387
387
spin_lock_bh(&nf_ftp_lock);
388
-
fb_ptr = skb_header_pointer(*pskb, dataoff, datalen, ftp_buffer);
388
+
fb_ptr = skb_header_pointer(skb, dataoff, datalen, ftp_buffer);
389
389
BUG_ON(fb_ptr == NULL);
390
390
391
391
ends_in_nl = (fb_ptr[datalen - 1] == '\n');
···
491
491
* (possibly changed) expectation itself. */
492
492
nf_nat_ftp = rcu_dereference(nf_nat_ftp_hook);
493
493
if (nf_nat_ftp && ct->status & IPS_NAT_MASK)
494
-
ret = nf_nat_ftp(pskb, ctinfo, search[dir][i].ftptype,
494
+
ret = nf_nat_ftp(skb, ctinfo, search[dir][i].ftptype,
495
495
matchoff, matchlen, exp);
496
496
else {
497
497
/* Can't expect this? Best to drop packet now. */
···
508
508
/* Now if this ends in \n, update ftp info. Seq may have been
509
509
* adjusted by NAT code. */
510
510
if (ends_in_nl)
511
-
update_nl_seq(seq, ct_ftp_info, dir, *pskb);
511
+
update_nl_seq(seq, ct_ftp_info, dir, skb);
512
512
out:
513
513
spin_unlock_bh(&nf_ftp_lock);
514
514
return ret;
+118
-118
net/netfilter/nf_conntrack_h323_main.c
+118
-118
net/netfilter/nf_conntrack_h323_main.c
···
47
47
"(determined by routing information)");
48
48
49
49
/* Hooks for NAT */
50
-
int (*set_h245_addr_hook) (struct sk_buff **pskb,
50
+
int (*set_h245_addr_hook) (struct sk_buff *skb,
51
51
unsigned char **data, int dataoff,
52
52
H245_TransportAddress *taddr,
53
53
union nf_conntrack_address *addr, __be16 port)
54
54
__read_mostly;
55
-
int (*set_h225_addr_hook) (struct sk_buff **pskb,
55
+
int (*set_h225_addr_hook) (struct sk_buff *skb,
56
56
unsigned char **data, int dataoff,
57
57
TransportAddress *taddr,
58
58
union nf_conntrack_address *addr, __be16 port)
59
59
__read_mostly;
60
-
int (*set_sig_addr_hook) (struct sk_buff **pskb,
60
+
int (*set_sig_addr_hook) (struct sk_buff *skb,
61
61
struct nf_conn *ct,
62
62
enum ip_conntrack_info ctinfo,
63
63
unsigned char **data,
64
64
TransportAddress *taddr, int count) __read_mostly;
65
-
int (*set_ras_addr_hook) (struct sk_buff **pskb,
65
+
int (*set_ras_addr_hook) (struct sk_buff *skb,
66
66
struct nf_conn *ct,
67
67
enum ip_conntrack_info ctinfo,
68
68
unsigned char **data,
69
69
TransportAddress *taddr, int count) __read_mostly;
70
-
int (*nat_rtp_rtcp_hook) (struct sk_buff **pskb,
70
+
int (*nat_rtp_rtcp_hook) (struct sk_buff *skb,
71
71
struct nf_conn *ct,
72
72
enum ip_conntrack_info ctinfo,
73
73
unsigned char **data, int dataoff,
···
75
75
__be16 port, __be16 rtp_port,
76
76
struct nf_conntrack_expect *rtp_exp,
77
77
struct nf_conntrack_expect *rtcp_exp) __read_mostly;
78
-
int (*nat_t120_hook) (struct sk_buff **pskb,
78
+
int (*nat_t120_hook) (struct sk_buff *skb,
79
79
struct nf_conn *ct,
80
80
enum ip_conntrack_info ctinfo,
81
81
unsigned char **data, int dataoff,
82
82
H245_TransportAddress *taddr, __be16 port,
83
83
struct nf_conntrack_expect *exp) __read_mostly;
84
-
int (*nat_h245_hook) (struct sk_buff **pskb,
84
+
int (*nat_h245_hook) (struct sk_buff *skb,
85
85
struct nf_conn *ct,
86
86
enum ip_conntrack_info ctinfo,
87
87
unsigned char **data, int dataoff,
88
88
TransportAddress *taddr, __be16 port,
89
89
struct nf_conntrack_expect *exp) __read_mostly;
90
-
int (*nat_callforwarding_hook) (struct sk_buff **pskb,
90
+
int (*nat_callforwarding_hook) (struct sk_buff *skb,
91
91
struct nf_conn *ct,
92
92
enum ip_conntrack_info ctinfo,
93
93
unsigned char **data, int dataoff,
94
94
TransportAddress *taddr, __be16 port,
95
95
struct nf_conntrack_expect *exp) __read_mostly;
96
-
int (*nat_q931_hook) (struct sk_buff **pskb,
96
+
int (*nat_q931_hook) (struct sk_buff *skb,
97
97
struct nf_conn *ct,
98
98
enum ip_conntrack_info ctinfo,
99
99
unsigned char **data, TransportAddress *taddr, int idx,
···
108
108
static struct nf_conntrack_helper nf_conntrack_helper_ras[];
109
109
110
110
/****************************************************************************/
111
-
static int get_tpkt_data(struct sk_buff **pskb, unsigned int protoff,
111
+
static int get_tpkt_data(struct sk_buff *skb, unsigned int protoff,
112
112
struct nf_conn *ct, enum ip_conntrack_info ctinfo,
113
113
unsigned char **data, int *datalen, int *dataoff)
114
114
{
···
122
122
int tpktoff;
123
123
124
124
/* Get TCP header */
125
-
th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph);
125
+
th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
126
126
if (th == NULL)
127
127
return 0;
128
128
···
130
130
tcpdataoff = protoff + th->doff * 4;
131
131
132
132
/* Get TCP data length */
133
-
tcpdatalen = (*pskb)->len - tcpdataoff;
133
+
tcpdatalen = skb->len - tcpdataoff;
134
134
if (tcpdatalen <= 0) /* No TCP data */
135
135
goto clear_out;
136
136
137
137
if (*data == NULL) { /* first TPKT */
138
138
/* Get first TPKT pointer */
139
-
tpkt = skb_header_pointer(*pskb, tcpdataoff, tcpdatalen,
139
+
tpkt = skb_header_pointer(skb, tcpdataoff, tcpdatalen,
140
140
h323_buffer);
141
141
BUG_ON(tpkt == NULL);
142
142
···
248
248
}
249
249
250
250
/****************************************************************************/
251
-
static int expect_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct,
251
+
static int expect_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
252
252
enum ip_conntrack_info ctinfo,
253
253
unsigned char **data, int dataoff,
254
254
H245_TransportAddress *taddr)
···
297
297
(nat_rtp_rtcp = rcu_dereference(nat_rtp_rtcp_hook)) &&
298
298
ct->status & IPS_NAT_MASK) {
299
299
/* NAT needed */
300
-
ret = nat_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
300
+
ret = nat_rtp_rtcp(skb, ct, ctinfo, data, dataoff,
301
301
taddr, port, rtp_port, rtp_exp, rtcp_exp);
302
302
} else { /* Conntrack only */
303
303
if (nf_ct_expect_related(rtp_exp) == 0) {
···
321
321
}
322
322
323
323
/****************************************************************************/
324
-
static int expect_t120(struct sk_buff **pskb,
324
+
static int expect_t120(struct sk_buff *skb,
325
325
struct nf_conn *ct,
326
326
enum ip_conntrack_info ctinfo,
327
327
unsigned char **data, int dataoff,
···
355
355
(nat_t120 = rcu_dereference(nat_t120_hook)) &&
356
356
ct->status & IPS_NAT_MASK) {
357
357
/* NAT needed */
358
-
ret = nat_t120(pskb, ct, ctinfo, data, dataoff, taddr,
358
+
ret = nat_t120(skb, ct, ctinfo, data, dataoff, taddr,
359
359
port, exp);
360
360
} else { /* Conntrack only */
361
361
if (nf_ct_expect_related(exp) == 0) {
···
371
371
}
372
372
373
373
/****************************************************************************/
374
-
static int process_h245_channel(struct sk_buff **pskb,
374
+
static int process_h245_channel(struct sk_buff *skb,
375
375
struct nf_conn *ct,
376
376
enum ip_conntrack_info ctinfo,
377
377
unsigned char **data, int dataoff,
···
381
381
382
382
if (channel->options & eH2250LogicalChannelParameters_mediaChannel) {
383
383
/* RTP */
384
-
ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
384
+
ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff,
385
385
&channel->mediaChannel);
386
386
if (ret < 0)
387
387
return -1;
···
390
390
if (channel->
391
391
options & eH2250LogicalChannelParameters_mediaControlChannel) {
392
392
/* RTCP */
393
-
ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
393
+
ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff,
394
394
&channel->mediaControlChannel);
395
395
if (ret < 0)
396
396
return -1;
···
400
400
}
401
401
402
402
/****************************************************************************/
403
-
static int process_olc(struct sk_buff **pskb, struct nf_conn *ct,
403
+
static int process_olc(struct sk_buff *skb, struct nf_conn *ct,
404
404
enum ip_conntrack_info ctinfo,
405
405
unsigned char **data, int dataoff,
406
406
OpenLogicalChannel *olc)
···
412
412
if (olc->forwardLogicalChannelParameters.multiplexParameters.choice ==
413
413
eOpenLogicalChannel_forwardLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters)
414
414
{
415
-
ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff,
415
+
ret = process_h245_channel(skb, ct, ctinfo, data, dataoff,
416
416
&olc->
417
417
forwardLogicalChannelParameters.
418
418
multiplexParameters.
···
430
430
eOpenLogicalChannel_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
431
431
{
432
432
ret =
433
-
process_h245_channel(pskb, ct, ctinfo, data, dataoff,
433
+
process_h245_channel(skb, ct, ctinfo, data, dataoff,
434
434
&olc->
435
435
reverseLogicalChannelParameters.
436
436
multiplexParameters.
···
448
448
t120.choice == eDataProtocolCapability_separateLANStack &&
449
449
olc->separateStack.networkAddress.choice ==
450
450
eNetworkAccessParameters_networkAddress_localAreaAddress) {
451
-
ret = expect_t120(pskb, ct, ctinfo, data, dataoff,
451
+
ret = expect_t120(skb, ct, ctinfo, data, dataoff,
452
452
&olc->separateStack.networkAddress.
453
453
localAreaAddress);
454
454
if (ret < 0)
···
459
459
}
460
460
461
461
/****************************************************************************/
462
-
static int process_olca(struct sk_buff **pskb, struct nf_conn *ct,
462
+
static int process_olca(struct sk_buff *skb, struct nf_conn *ct,
463
463
enum ip_conntrack_info ctinfo,
464
464
unsigned char **data, int dataoff,
465
465
OpenLogicalChannelAck *olca)
···
477
477
choice ==
478
478
eOpenLogicalChannelAck_reverseLogicalChannelParameters_multiplexParameters_h2250LogicalChannelParameters))
479
479
{
480
-
ret = process_h245_channel(pskb, ct, ctinfo, data, dataoff,
480
+
ret = process_h245_channel(skb, ct, ctinfo, data, dataoff,
481
481
&olca->
482
482
reverseLogicalChannelParameters.
483
483
multiplexParameters.
···
496
496
if (ack->options &
497
497
eH2250LogicalChannelAckParameters_mediaChannel) {
498
498
/* RTP */
499
-
ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
499
+
ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff,
500
500
&ack->mediaChannel);
501
501
if (ret < 0)
502
502
return -1;
···
505
505
if (ack->options &
506
506
eH2250LogicalChannelAckParameters_mediaControlChannel) {
507
507
/* RTCP */
508
-
ret = expect_rtp_rtcp(pskb, ct, ctinfo, data, dataoff,
508
+
ret = expect_rtp_rtcp(skb, ct, ctinfo, data, dataoff,
509
509
&ack->mediaControlChannel);
510
510
if (ret < 0)
511
511
return -1;
···
515
515
if ((olca->options & eOpenLogicalChannelAck_separateStack) &&
516
516
olca->separateStack.networkAddress.choice ==
517
517
eNetworkAccessParameters_networkAddress_localAreaAddress) {
518
-
ret = expect_t120(pskb, ct, ctinfo, data, dataoff,
518
+
ret = expect_t120(skb, ct, ctinfo, data, dataoff,
519
519
&olca->separateStack.networkAddress.
520
520
localAreaAddress);
521
521
if (ret < 0)
···
526
526
}
527
527
528
528
/****************************************************************************/
529
-
static int process_h245(struct sk_buff **pskb, struct nf_conn *ct,
529
+
static int process_h245(struct sk_buff *skb, struct nf_conn *ct,
530
530
enum ip_conntrack_info ctinfo,
531
531
unsigned char **data, int dataoff,
532
532
MultimediaSystemControlMessage *mscm)
···
535
535
case eMultimediaSystemControlMessage_request:
536
536
if (mscm->request.choice ==
537
537
eRequestMessage_openLogicalChannel) {
538
-
return process_olc(pskb, ct, ctinfo, data, dataoff,
538
+
return process_olc(skb, ct, ctinfo, data, dataoff,
539
539
&mscm->request.openLogicalChannel);
540
540
}
541
541
pr_debug("nf_ct_h323: H.245 Request %d\n",
···
544
544
case eMultimediaSystemControlMessage_response:
545
545
if (mscm->response.choice ==
546
546
eResponseMessage_openLogicalChannelAck) {
547
-
return process_olca(pskb, ct, ctinfo, data, dataoff,
547
+
return process_olca(skb, ct, ctinfo, data, dataoff,
548
548
&mscm->response.
549
549
openLogicalChannelAck);
550
550
}
···
560
560
}
561
561
562
562
/****************************************************************************/
563
-
static int h245_help(struct sk_buff **pskb, unsigned int protoff,
563
+
static int h245_help(struct sk_buff *skb, unsigned int protoff,
564
564
struct nf_conn *ct, enum ip_conntrack_info ctinfo)
565
565
{
566
566
static MultimediaSystemControlMessage mscm;
···
574
574
ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
575
575
return NF_ACCEPT;
576
576
}
577
-
pr_debug("nf_ct_h245: skblen = %u\n", (*pskb)->len);
577
+
pr_debug("nf_ct_h245: skblen = %u\n", skb->len);
578
578
579
579
spin_lock_bh(&nf_h323_lock);
580
580
581
581
/* Process each TPKT */
582
-
while (get_tpkt_data(pskb, protoff, ct, ctinfo,
582
+
while (get_tpkt_data(skb, protoff, ct, ctinfo,
583
583
&data, &datalen, &dataoff)) {
584
584
pr_debug("nf_ct_h245: TPKT len=%d ", datalen);
585
585
NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple);
···
596
596
}
597
597
598
598
/* Process H.245 signal */
599
-
if (process_h245(pskb, ct, ctinfo, &data, dataoff, &mscm) < 0)
599
+
if (process_h245(skb, ct, ctinfo, &data, dataoff, &mscm) < 0)
600
600
goto drop;
601
601
}
602
602
···
654
654
}
655
655
656
656
/****************************************************************************/
657
-
static int expect_h245(struct sk_buff **pskb, struct nf_conn *ct,
657
+
static int expect_h245(struct sk_buff *skb, struct nf_conn *ct,
658
658
enum ip_conntrack_info ctinfo,
659
659
unsigned char **data, int dataoff,
660
660
TransportAddress *taddr)
···
687
687
(nat_h245 = rcu_dereference(nat_h245_hook)) &&
688
688
ct->status & IPS_NAT_MASK) {
689
689
/* NAT needed */
690
-
ret = nat_h245(pskb, ct, ctinfo, data, dataoff, taddr,
690
+
ret = nat_h245(skb, ct, ctinfo, data, dataoff, taddr,
691
691
port, exp);
692
692
} else { /* Conntrack only */
693
693
if (nf_ct_expect_related(exp) == 0) {
···
758
758
}
759
759
760
760
/****************************************************************************/
761
-
static int expect_callforwarding(struct sk_buff **pskb,
761
+
static int expect_callforwarding(struct sk_buff *skb,
762
762
struct nf_conn *ct,
763
763
enum ip_conntrack_info ctinfo,
764
764
unsigned char **data, int dataoff,
···
798
798
(nat_callforwarding = rcu_dereference(nat_callforwarding_hook)) &&
799
799
ct->status & IPS_NAT_MASK) {
800
800
/* Need NAT */
801
-
ret = nat_callforwarding(pskb, ct, ctinfo, data, dataoff,
801
+
ret = nat_callforwarding(skb, ct, ctinfo, data, dataoff,
802
802
taddr, port, exp);
803
803
} else { /* Conntrack only */
804
804
if (nf_ct_expect_related(exp) == 0) {
···
814
814
}
815
815
816
816
/****************************************************************************/
817
-
static int process_setup(struct sk_buff **pskb, struct nf_conn *ct,
817
+
static int process_setup(struct sk_buff *skb, struct nf_conn *ct,
818
818
enum ip_conntrack_info ctinfo,
819
819
unsigned char **data, int dataoff,
820
820
Setup_UUIE *setup)
···
829
829
pr_debug("nf_ct_q931: Setup\n");
830
830
831
831
if (setup->options & eSetup_UUIE_h245Address) {
832
-
ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
832
+
ret = expect_h245(skb, ct, ctinfo, data, dataoff,
833
833
&setup->h245Address);
834
834
if (ret < 0)
835
835
return -1;
···
846
846
NIP6(*(struct in6_addr *)&addr), ntohs(port),
847
847
NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.src.u3),
848
848
ntohs(ct->tuplehash[!dir].tuple.src.u.tcp.port));
849
-
ret = set_h225_addr(pskb, data, dataoff,
849
+
ret = set_h225_addr(skb, data, dataoff,
850
850
&setup->destCallSignalAddress,
851
851
&ct->tuplehash[!dir].tuple.src.u3,
852
852
ct->tuplehash[!dir].tuple.src.u.tcp.port);
···
864
864
NIP6(*(struct in6_addr *)&addr), ntohs(port),
865
865
NIP6(*(struct in6_addr *)&ct->tuplehash[!dir].tuple.dst.u3),
866
866
ntohs(ct->tuplehash[!dir].tuple.dst.u.tcp.port));
867
-
ret = set_h225_addr(pskb, data, dataoff,
867
+
ret = set_h225_addr(skb, data, dataoff,
868
868
&setup->sourceCallSignalAddress,
869
869
&ct->tuplehash[!dir].tuple.dst.u3,
870
870
ct->tuplehash[!dir].tuple.dst.u.tcp.port);
···
874
874
875
875
if (setup->options & eSetup_UUIE_fastStart) {
876
876
for (i = 0; i < setup->fastStart.count; i++) {
877
-
ret = process_olc(pskb, ct, ctinfo, data, dataoff,
877
+
ret = process_olc(skb, ct, ctinfo, data, dataoff,
878
878
&setup->fastStart.item[i]);
879
879
if (ret < 0)
880
880
return -1;
···
885
885
}
886
886
887
887
/****************************************************************************/
888
-
static int process_callproceeding(struct sk_buff **pskb,
888
+
static int process_callproceeding(struct sk_buff *skb,
889
889
struct nf_conn *ct,
890
890
enum ip_conntrack_info ctinfo,
891
891
unsigned char **data, int dataoff,
···
897
897
pr_debug("nf_ct_q931: CallProceeding\n");
898
898
899
899
if (callproc->options & eCallProceeding_UUIE_h245Address) {
900
-
ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
900
+
ret = expect_h245(skb, ct, ctinfo, data, dataoff,
901
901
&callproc->h245Address);
902
902
if (ret < 0)
903
903
return -1;
···
905
905
906
906
if (callproc->options & eCallProceeding_UUIE_fastStart) {
907
907
for (i = 0; i < callproc->fastStart.count; i++) {
908
-
ret = process_olc(pskb, ct, ctinfo, data, dataoff,
908
+
ret = process_olc(skb, ct, ctinfo, data, dataoff,
909
909
&callproc->fastStart.item[i]);
910
910
if (ret < 0)
911
911
return -1;
···
916
916
}
917
917
918
918
/****************************************************************************/
919
-
static int process_connect(struct sk_buff **pskb, struct nf_conn *ct,
919
+
static int process_connect(struct sk_buff *skb, struct nf_conn *ct,
920
920
enum ip_conntrack_info ctinfo,
921
921
unsigned char **data, int dataoff,
922
922
Connect_UUIE *connect)
···
927
927
pr_debug("nf_ct_q931: Connect\n");
928
928
929
929
if (connect->options & eConnect_UUIE_h245Address) {
930
-
ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
930
+
ret = expect_h245(skb, ct, ctinfo, data, dataoff,
931
931
&connect->h245Address);
932
932
if (ret < 0)
933
933
return -1;
···
935
935
936
936
if (connect->options & eConnect_UUIE_fastStart) {
937
937
for (i = 0; i < connect->fastStart.count; i++) {
938
-
ret = process_olc(pskb, ct, ctinfo, data, dataoff,
938
+
ret = process_olc(skb, ct, ctinfo, data, dataoff,
939
939
&connect->fastStart.item[i]);
940
940
if (ret < 0)
941
941
return -1;
···
946
946
}
947
947
948
948
/****************************************************************************/
949
-
static int process_alerting(struct sk_buff **pskb, struct nf_conn *ct,
949
+
static int process_alerting(struct sk_buff *skb, struct nf_conn *ct,
950
950
enum ip_conntrack_info ctinfo,
951
951
unsigned char **data, int dataoff,
952
952
Alerting_UUIE *alert)
···
957
957
pr_debug("nf_ct_q931: Alerting\n");
958
958
959
959
if (alert->options & eAlerting_UUIE_h245Address) {
960
-
ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
960
+
ret = expect_h245(skb, ct, ctinfo, data, dataoff,
961
961
&alert->h245Address);
962
962
if (ret < 0)
963
963
return -1;
···
965
965
966
966
if (alert->options & eAlerting_UUIE_fastStart) {
967
967
for (i = 0; i < alert->fastStart.count; i++) {
968
-
ret = process_olc(pskb, ct, ctinfo, data, dataoff,
968
+
ret = process_olc(skb, ct, ctinfo, data, dataoff,
969
969
&alert->fastStart.item[i]);
970
970
if (ret < 0)
971
971
return -1;
···
976
976
}
977
977
978
978
/****************************************************************************/
979
-
static int process_facility(struct sk_buff **pskb, struct nf_conn *ct,
979
+
static int process_facility(struct sk_buff *skb, struct nf_conn *ct,
980
980
enum ip_conntrack_info ctinfo,
981
981
unsigned char **data, int dataoff,
982
982
Facility_UUIE *facility)
···
988
988
989
989
if (facility->reason.choice == eFacilityReason_callForwarded) {
990
990
if (facility->options & eFacility_UUIE_alternativeAddress)
991
-
return expect_callforwarding(pskb, ct, ctinfo, data,
991
+
return expect_callforwarding(skb, ct, ctinfo, data,
992
992
dataoff,
993
993
&facility->
994
994
alternativeAddress);
···
996
996
}
997
997
998
998
if (facility->options & eFacility_UUIE_h245Address) {
999
-
ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
999
+
ret = expect_h245(skb, ct, ctinfo, data, dataoff,
1000
1000
&facility->h245Address);
1001
1001
if (ret < 0)
1002
1002
return -1;
···
1004
1004
1005
1005
if (facility->options & eFacility_UUIE_fastStart) {
1006
1006
for (i = 0; i < facility->fastStart.count; i++) {
1007
-
ret = process_olc(pskb, ct, ctinfo, data, dataoff,
1007
+
ret = process_olc(skb, ct, ctinfo, data, dataoff,
1008
1008
&facility->fastStart.item[i]);
1009
1009
if (ret < 0)
1010
1010
return -1;
···
1015
1015
}
1016
1016
1017
1017
/****************************************************************************/
1018
-
static int process_progress(struct sk_buff **pskb, struct nf_conn *ct,
1018
+
static int process_progress(struct sk_buff *skb, struct nf_conn *ct,
1019
1019
enum ip_conntrack_info ctinfo,
1020
1020
unsigned char **data, int dataoff,
1021
1021
Progress_UUIE *progress)
···
1026
1026
pr_debug("nf_ct_q931: Progress\n");
1027
1027
1028
1028
if (progress->options & eProgress_UUIE_h245Address) {
1029
-
ret = expect_h245(pskb, ct, ctinfo, data, dataoff,
1029
+
ret = expect_h245(skb, ct, ctinfo, data, dataoff,
1030
1030
&progress->h245Address);
1031
1031
if (ret < 0)
1032
1032
return -1;
···
1034
1034
1035
1035
if (progress->options & eProgress_UUIE_fastStart) {
1036
1036
for (i = 0; i < progress->fastStart.count; i++) {
1037
-
ret = process_olc(pskb, ct, ctinfo, data, dataoff,
1037
+
ret = process_olc(skb, ct, ctinfo, data, dataoff,
1038
1038
&progress->fastStart.item[i]);
1039
1039
if (ret < 0)
1040
1040
return -1;
···
1045
1045
}
1046
1046
1047
1047
/****************************************************************************/
1048
-
static int process_q931(struct sk_buff **pskb, struct nf_conn *ct,
1048
+
static int process_q931(struct sk_buff *skb, struct nf_conn *ct,
1049
1049
enum ip_conntrack_info ctinfo,
1050
1050
unsigned char **data, int dataoff, Q931 *q931)
1051
1051
{
···
1055
1055
1056
1056
switch (pdu->h323_message_body.choice) {
1057
1057
case eH323_UU_PDU_h323_message_body_setup:
1058
-
ret = process_setup(pskb, ct, ctinfo, data, dataoff,
1058
+
ret = process_setup(skb, ct, ctinfo, data, dataoff,
1059
1059
&pdu->h323_message_body.setup);
1060
1060
break;
1061
1061
case eH323_UU_PDU_h323_message_body_callProceeding:
1062
-
ret = process_callproceeding(pskb, ct, ctinfo, data, dataoff,
1062
+
ret = process_callproceeding(skb, ct, ctinfo, data, dataoff,
1063
1063
&pdu->h323_message_body.
1064
1064
callProceeding);
1065
1065
break;
1066
1066
case eH323_UU_PDU_h323_message_body_connect:
1067
-
ret = process_connect(pskb, ct, ctinfo, data, dataoff,
1067
+
ret = process_connect(skb, ct, ctinfo, data, dataoff,
1068
1068
&pdu->h323_message_body.connect);
1069
1069
break;
1070
1070
case eH323_UU_PDU_h323_message_body_alerting:
1071
-
ret = process_alerting(pskb, ct, ctinfo, data, dataoff,
1071
+
ret = process_alerting(skb, ct, ctinfo, data, dataoff,
1072
1072
&pdu->h323_message_body.alerting);
1073
1073
break;
1074
1074
case eH323_UU_PDU_h323_message_body_facility:
1075
-
ret = process_facility(pskb, ct, ctinfo, data, dataoff,
1075
+
ret = process_facility(skb, ct, ctinfo, data, dataoff,
1076
1076
&pdu->h323_message_body.facility);
1077
1077
break;
1078
1078
case eH323_UU_PDU_h323_message_body_progress:
1079
-
ret = process_progress(pskb, ct, ctinfo, data, dataoff,
1079
+
ret = process_progress(skb, ct, ctinfo, data, dataoff,
1080
1080
&pdu->h323_message_body.progress);
1081
1081
break;
1082
1082
default:
···
1090
1090
1091
1091
if (pdu->options & eH323_UU_PDU_h245Control) {
1092
1092
for (i = 0; i < pdu->h245Control.count; i++) {
1093
-
ret = process_h245(pskb, ct, ctinfo, data, dataoff,
1093
+
ret = process_h245(skb, ct, ctinfo, data, dataoff,
1094
1094
&pdu->h245Control.item[i]);
1095
1095
if (ret < 0)
1096
1096
return -1;
···
1101
1101
}
1102
1102
1103
1103
/****************************************************************************/
1104
-
static int q931_help(struct sk_buff **pskb, unsigned int protoff,
1104
+
static int q931_help(struct sk_buff *skb, unsigned int protoff,
1105
1105
struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1106
1106
{
1107
1107
static Q931 q931;
···
1115
1115
ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) {
1116
1116
return NF_ACCEPT;
1117
1117
}
1118
-
pr_debug("nf_ct_q931: skblen = %u\n", (*pskb)->len);
1118
+
pr_debug("nf_ct_q931: skblen = %u\n", skb->len);
1119
1119
1120
1120
spin_lock_bh(&nf_h323_lock);
1121
1121
1122
1122
/* Process each TPKT */
1123
-
while (get_tpkt_data(pskb, protoff, ct, ctinfo,
1123
+
while (get_tpkt_data(skb, protoff, ct, ctinfo,
1124
1124
&data, &datalen, &dataoff)) {
1125
1125
pr_debug("nf_ct_q931: TPKT len=%d ", datalen);
1126
1126
NF_CT_DUMP_TUPLE(&ct->tuplehash[CTINFO2DIR(ctinfo)].tuple);
···
1136
1136
}
1137
1137
1138
1138
/* Process Q.931 signal */
1139
-
if (process_q931(pskb, ct, ctinfo, &data, dataoff, &q931) < 0)
1139
+
if (process_q931(skb, ct, ctinfo, &data, dataoff, &q931) < 0)
1140
1140
goto drop;
1141
1141
}
1142
1142
···
1177
1177
};
1178
1178
1179
1179
/****************************************************************************/
1180
-
static unsigned char *get_udp_data(struct sk_buff **pskb, unsigned int protoff,
1180
+
static unsigned char *get_udp_data(struct sk_buff *skb, unsigned int protoff,
1181
1181
int *datalen)
1182
1182
{
1183
1183
struct udphdr _uh, *uh;
1184
1184
int dataoff;
1185
1185
1186
-
uh = skb_header_pointer(*pskb, protoff, sizeof(_uh), &_uh);
1186
+
uh = skb_header_pointer(skb, protoff, sizeof(_uh), &_uh);
1187
1187
if (uh == NULL)
1188
1188
return NULL;
1189
1189
dataoff = protoff + sizeof(_uh);
1190
-
if (dataoff >= (*pskb)->len)
1190
+
if (dataoff >= skb->len)
1191
1191
return NULL;
1192
-
*datalen = (*pskb)->len - dataoff;
1193
-
return skb_header_pointer(*pskb, dataoff, *datalen, h323_buffer);
1192
+
*datalen = skb->len - dataoff;
1193
+
return skb_header_pointer(skb, dataoff, *datalen, h323_buffer);
1194
1194
}
1195
1195
1196
1196
/****************************************************************************/
···
1227
1227
}
1228
1228
1229
1229
/****************************************************************************/
1230
-
static int expect_q931(struct sk_buff **pskb, struct nf_conn *ct,
1230
+
static int expect_q931(struct sk_buff *skb, struct nf_conn *ct,
1231
1231
enum ip_conntrack_info ctinfo,
1232
1232
unsigned char **data,
1233
1233
TransportAddress *taddr, int count)
···
1265
1265
1266
1266
nat_q931 = rcu_dereference(nat_q931_hook);
1267
1267
if (nat_q931 && ct->status & IPS_NAT_MASK) { /* Need NAT */
1268
-
ret = nat_q931(pskb, ct, ctinfo, data, taddr, i, port, exp);
1268
+
ret = nat_q931(skb, ct, ctinfo, data, taddr, i, port, exp);
1269
1269
} else { /* Conntrack only */
1270
1270
if (nf_ct_expect_related(exp) == 0) {
1271
1271
pr_debug("nf_ct_ras: expect Q.931 ");
···
1283
1283
}
1284
1284
1285
1285
/****************************************************************************/
1286
-
static int process_grq(struct sk_buff **pskb, struct nf_conn *ct,
1286
+
static int process_grq(struct sk_buff *skb, struct nf_conn *ct,
1287
1287
enum ip_conntrack_info ctinfo,
1288
1288
unsigned char **data, GatekeeperRequest *grq)
1289
1289
{
···
1293
1293
1294
1294
set_ras_addr = rcu_dereference(set_ras_addr_hook);
1295
1295
if (set_ras_addr && ct->status & IPS_NAT_MASK) /* NATed */
1296
-
return set_ras_addr(pskb, ct, ctinfo, data,
1296
+
return set_ras_addr(skb, ct, ctinfo, data,
1297
1297
&grq->rasAddress, 1);
1298
1298
return 0;
1299
1299
}
1300
1300
1301
1301
/****************************************************************************/
1302
-
static int process_gcf(struct sk_buff **pskb, struct nf_conn *ct,
1302
+
static int process_gcf(struct sk_buff *skb, struct nf_conn *ct,
1303
1303
enum ip_conntrack_info ctinfo,
1304
1304
unsigned char **data, GatekeeperConfirm *gcf)
1305
1305
{
···
1343
1343
}
1344
1344
1345
1345
/****************************************************************************/
1346
-
static int process_rrq(struct sk_buff **pskb, struct nf_conn *ct,
1346
+
static int process_rrq(struct sk_buff *skb, struct nf_conn *ct,
1347
1347
enum ip_conntrack_info ctinfo,
1348
1348
unsigned char **data, RegistrationRequest *rrq)
1349
1349
{
···
1353
1353
1354
1354
pr_debug("nf_ct_ras: RRQ\n");
1355
1355
1356
-
ret = expect_q931(pskb, ct, ctinfo, data,
1356
+
ret = expect_q931(skb, ct, ctinfo, data,
1357
1357
rrq->callSignalAddress.item,
1358
1358
rrq->callSignalAddress.count);
1359
1359
if (ret < 0)
···
1361
1361
1362
1362
set_ras_addr = rcu_dereference(set_ras_addr_hook);
1363
1363
if (set_ras_addr && ct->status & IPS_NAT_MASK) {
1364
-
ret = set_ras_addr(pskb, ct, ctinfo, data,
1364
+
ret = set_ras_addr(skb, ct, ctinfo, data,
1365
1365
rrq->rasAddress.item,
1366
1366
rrq->rasAddress.count);
1367
1367
if (ret < 0)
···
1378
1378
}
1379
1379
1380
1380
/****************************************************************************/
1381
-
static int process_rcf(struct sk_buff **pskb, struct nf_conn *ct,
1381
+
static int process_rcf(struct sk_buff *skb, struct nf_conn *ct,
1382
1382
enum ip_conntrack_info ctinfo,
1383
1383
unsigned char **data, RegistrationConfirm *rcf)
1384
1384
{
···
1392
1392
1393
1393
set_sig_addr = rcu_dereference(set_sig_addr_hook);
1394
1394
if (set_sig_addr && ct->status & IPS_NAT_MASK) {
1395
-
ret = set_sig_addr(pskb, ct, ctinfo, data,
1395
+
ret = set_sig_addr(skb, ct, ctinfo, data,
1396
1396
rcf->callSignalAddress.item,
1397
1397
rcf->callSignalAddress.count);
1398
1398
if (ret < 0)
···
1407
1407
if (info->timeout > 0) {
1408
1408
pr_debug("nf_ct_ras: set RAS connection timeout to "
1409
1409
"%u seconds\n", info->timeout);
1410
-
nf_ct_refresh(ct, *pskb, info->timeout * HZ);
1410
+
nf_ct_refresh(ct, skb, info->timeout * HZ);
1411
1411
1412
1412
/* Set expect timeout */
1413
1413
read_lock_bh(&nf_conntrack_lock);
···
1427
1427
}
1428
1428
1429
1429
/****************************************************************************/
1430
-
static int process_urq(struct sk_buff **pskb, struct nf_conn *ct,
1430
+
static int process_urq(struct sk_buff *skb, struct nf_conn *ct,
1431
1431
enum ip_conntrack_info ctinfo,
1432
1432
unsigned char **data, UnregistrationRequest *urq)
1433
1433
{
···
1440
1440
1441
1441
set_sig_addr = rcu_dereference(set_sig_addr_hook);
1442
1442
if (set_sig_addr && ct->status & IPS_NAT_MASK) {
1443
-
ret = set_sig_addr(pskb, ct, ctinfo, data,
1443
+
ret = set_sig_addr(skb, ct, ctinfo, data,
1444
1444
urq->callSignalAddress.item,
1445
1445
urq->callSignalAddress.count);
1446
1446
if (ret < 0)
···
1453
1453
info->sig_port[!dir] = 0;
1454
1454
1455
1455
/* Give it 30 seconds for UCF or URJ */
1456
-
nf_ct_refresh(ct, *pskb, 30 * HZ);
1456
+
nf_ct_refresh(ct, skb, 30 * HZ);
1457
1457
1458
1458
return 0;
1459
1459
}
1460
1460
1461
1461
/****************************************************************************/
1462
-
static int process_arq(struct sk_buff **pskb, struct nf_conn *ct,
1462
+
static int process_arq(struct sk_buff *skb, struct nf_conn *ct,
1463
1463
enum ip_conntrack_info ctinfo,
1464
1464
unsigned char **data, AdmissionRequest *arq)
1465
1465
{
···
1479
1479
port == info->sig_port[dir] &&
1480
1480
set_h225_addr && ct->status & IPS_NAT_MASK) {
1481
1481
/* Answering ARQ */
1482
-
return set_h225_addr(pskb, data, 0,
1482
+
return set_h225_addr(skb, data, 0,
1483
1483
&arq->destCallSignalAddress,
1484
1484
&ct->tuplehash[!dir].tuple.dst.u3,
1485
1485
info->sig_port[!dir]);
···
1491
1491
!memcmp(&addr, &ct->tuplehash[dir].tuple.src.u3, sizeof(addr)) &&
1492
1492
set_h225_addr && ct->status & IPS_NAT_MASK) {
1493
1493
/* Calling ARQ */
1494
-
return set_h225_addr(pskb, data, 0,
1494
+
return set_h225_addr(skb, data, 0,
1495
1495
&arq->srcCallSignalAddress,
1496
1496
&ct->tuplehash[!dir].tuple.dst.u3,
1497
1497
port);
···
1501
1501
}
1502
1502
1503
1503
/****************************************************************************/
1504
-
static int process_acf(struct sk_buff **pskb, struct nf_conn *ct,
1504
+
static int process_acf(struct sk_buff *skb, struct nf_conn *ct,
1505
1505
enum ip_conntrack_info ctinfo,
1506
1506
unsigned char **data, AdmissionConfirm *acf)
1507
1507
{
···
1522
1522
/* Answering ACF */
1523
1523
set_sig_addr = rcu_dereference(set_sig_addr_hook);
1524
1524
if (set_sig_addr && ct->status & IPS_NAT_MASK)
1525
-
return set_sig_addr(pskb, ct, ctinfo, data,
1525
+
return set_sig_addr(skb, ct, ctinfo, data,
1526
1526
&acf->destCallSignalAddress, 1);
1527
1527
return 0;
1528
1528
}
···
1548
1548
}
1549
1549
1550
1550
/****************************************************************************/
1551
-
static int process_lrq(struct sk_buff **pskb, struct nf_conn *ct,
1551
+
static int process_lrq(struct sk_buff *skb, struct nf_conn *ct,
1552
1552
enum ip_conntrack_info ctinfo,
1553
1553
unsigned char **data, LocationRequest *lrq)
1554
1554
{
···
1558
1558
1559
1559
set_ras_addr = rcu_dereference(set_ras_addr_hook);
1560
1560
if (set_ras_addr && ct->status & IPS_NAT_MASK)
1561
-
return set_ras_addr(pskb, ct, ctinfo, data,
1561
+
return set_ras_addr(skb, ct, ctinfo, data,
1562
1562
&lrq->replyAddress, 1);
1563
1563
return 0;
1564
1564
}
1565
1565
1566
1566
/****************************************************************************/
1567
-
static int process_lcf(struct sk_buff **pskb, struct nf_conn *ct,
1567
+
static int process_lcf(struct sk_buff *skb, struct nf_conn *ct,
1568
1568
enum ip_conntrack_info ctinfo,
1569
1569
unsigned char **data, LocationConfirm *lcf)
1570
1570
{
···
1603
1603
}
1604
1604
1605
1605
/****************************************************************************/
1606
-
static int process_irr(struct sk_buff **pskb, struct nf_conn *ct,
1606
+
static int process_irr(struct sk_buff *skb, struct nf_conn *ct,
1607
1607
enum ip_conntrack_info ctinfo,
1608
1608
unsigned char **data, InfoRequestResponse *irr)
1609
1609
{
···
1615
1615
1616
1616
set_ras_addr = rcu_dereference(set_ras_addr_hook);
1617
1617
if (set_ras_addr && ct->status & IPS_NAT_MASK) {
1618
-
ret = set_ras_addr(pskb, ct, ctinfo, data,
1618
+
ret = set_ras_addr(skb, ct, ctinfo, data,
1619
1619
&irr->rasAddress, 1);
1620
1620
if (ret < 0)
1621
1621
return -1;
···
1623
1623
1624
1624
set_sig_addr = rcu_dereference(set_sig_addr_hook);
1625
1625
if (set_sig_addr && ct->status & IPS_NAT_MASK) {
1626
-
ret = set_sig_addr(pskb, ct, ctinfo, data,
1626
+
ret = set_sig_addr(skb, ct, ctinfo, data,
1627
1627
irr->callSignalAddress.item,
1628
1628
irr->callSignalAddress.count);
1629
1629
if (ret < 0)
···
1634
1634
}
1635
1635
1636
1636
/****************************************************************************/
1637
-
static int process_ras(struct sk_buff **pskb, struct nf_conn *ct,
1637
+
static int process_ras(struct sk_buff *skb, struct nf_conn *ct,
1638
1638
enum ip_conntrack_info ctinfo,
1639
1639
unsigned char **data, RasMessage *ras)
1640
1640
{
1641
1641
switch (ras->choice) {
1642
1642
case eRasMessage_gatekeeperRequest:
1643
-
return process_grq(pskb, ct, ctinfo, data,
1643
+
return process_grq(skb, ct, ctinfo, data,
1644
1644
&ras->gatekeeperRequest);
1645
1645
case eRasMessage_gatekeeperConfirm:
1646
-
return process_gcf(pskb, ct, ctinfo, data,
1646
+
return process_gcf(skb, ct, ctinfo, data,
1647
1647
&ras->gatekeeperConfirm);
1648
1648
case eRasMessage_registrationRequest:
1649
-
return process_rrq(pskb, ct, ctinfo, data,
1649
+
return process_rrq(skb, ct, ctinfo, data,
1650
1650
&ras->registrationRequest);
1651
1651
case eRasMessage_registrationConfirm:
1652
-
return process_rcf(pskb, ct, ctinfo, data,
1652
+
return process_rcf(skb, ct, ctinfo, data,
1653
1653
&ras->registrationConfirm);
1654
1654
case eRasMessage_unregistrationRequest:
1655
-
return process_urq(pskb, ct, ctinfo, data,
1655
+
return process_urq(skb, ct, ctinfo, data,
1656
1656
&ras->unregistrationRequest);
1657
1657
case eRasMessage_admissionRequest:
1658
-
return process_arq(pskb, ct, ctinfo, data,
1658
+
return process_arq(skb, ct, ctinfo, data,
1659
1659
&ras->admissionRequest);
1660
1660
case eRasMessage_admissionConfirm:
1661
-
return process_acf(pskb, ct, ctinfo, data,
1661
+
return process_acf(skb, ct, ctinfo, data,
1662
1662
&ras->admissionConfirm);
1663
1663
case eRasMessage_locationRequest:
1664
-
return process_lrq(pskb, ct, ctinfo, data,
1664
+
return process_lrq(skb, ct, ctinfo, data,
1665
1665
&ras->locationRequest);
1666
1666
case eRasMessage_locationConfirm:
1667
-
return process_lcf(pskb, ct, ctinfo, data,
1667
+
return process_lcf(skb, ct, ctinfo, data,
1668
1668
&ras->locationConfirm);
1669
1669
case eRasMessage_infoRequestResponse:
1670
-
return process_irr(pskb, ct, ctinfo, data,
1670
+
return process_irr(skb, ct, ctinfo, data,
1671
1671
&ras->infoRequestResponse);
1672
1672
default:
1673
1673
pr_debug("nf_ct_ras: RAS message %d\n", ras->choice);
···
1678
1678
}
1679
1679
1680
1680
/****************************************************************************/
1681
-
static int ras_help(struct sk_buff **pskb, unsigned int protoff,
1681
+
static int ras_help(struct sk_buff *skb, unsigned int protoff,
1682
1682
struct nf_conn *ct, enum ip_conntrack_info ctinfo)
1683
1683
{
1684
1684
static RasMessage ras;
···
1686
1686
int datalen = 0;
1687
1687
int ret;
1688
1688
1689
-
pr_debug("nf_ct_ras: skblen = %u\n", (*pskb)->len);
1689
+
pr_debug("nf_ct_ras: skblen = %u\n", skb->len);
1690
1690
1691
1691
spin_lock_bh(&nf_h323_lock);
1692
1692
1693
1693
/* Get UDP data */
1694
-
data = get_udp_data(pskb, protoff, &datalen);
1694
+
data = get_udp_data(skb, protoff, &datalen);
1695
1695
if (data == NULL)
1696
1696
goto accept;
1697
1697
pr_debug("nf_ct_ras: RAS message len=%d ", datalen);
···
1707
1707
}
1708
1708
1709
1709
/* Process RAS message */
1710
-
if (process_ras(pskb, ct, ctinfo, &data, &ras) < 0)
1710
+
if (process_ras(skb, ct, ctinfo, &data, &ras) < 0)
1711
1711
goto drop;
1712
1712
1713
1713
accept:
+8
-8
net/netfilter/nf_conntrack_irc.c
+8
-8
net/netfilter/nf_conntrack_irc.c
···
30
30
static char *irc_buffer;
31
31
static DEFINE_SPINLOCK(irc_buffer_lock);
32
32
33
-
unsigned int (*nf_nat_irc_hook)(struct sk_buff **pskb,
33
+
unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb,
34
34
enum ip_conntrack_info ctinfo,
35
35
unsigned int matchoff,
36
36
unsigned int matchlen,
···
89
89
return 0;
90
90
}
91
91
92
-
static int help(struct sk_buff **pskb, unsigned int protoff,
92
+
static int help(struct sk_buff *skb, unsigned int protoff,
93
93
struct nf_conn *ct, enum ip_conntrack_info ctinfo)
94
94
{
95
95
unsigned int dataoff;
···
116
116
return NF_ACCEPT;
117
117
118
118
/* Not a full tcp header? */
119
-
th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph);
119
+
th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
120
120
if (th == NULL)
121
121
return NF_ACCEPT;
122
122
123
123
/* No data? */
124
124
dataoff = protoff + th->doff*4;
125
-
if (dataoff >= (*pskb)->len)
125
+
if (dataoff >= skb->len)
126
126
return NF_ACCEPT;
127
127
128
128
spin_lock_bh(&irc_buffer_lock);
129
-
ib_ptr = skb_header_pointer(*pskb, dataoff, (*pskb)->len - dataoff,
129
+
ib_ptr = skb_header_pointer(skb, dataoff, skb->len - dataoff,
130
130
irc_buffer);
131
131
BUG_ON(ib_ptr == NULL);
132
132
133
133
data = ib_ptr;
134
-
data_limit = ib_ptr + (*pskb)->len - dataoff;
134
+
data_limit = ib_ptr + skb->len - dataoff;
135
135
136
136
/* strlen("\1DCC SENT t AAAAAAAA P\1\n")=24
137
137
* 5+MINMATCHLEN+strlen("t AAAAAAAA P\1\n")=14 */
···
143
143
data += 5;
144
144
/* we have at least (19+MINMATCHLEN)-5 bytes valid data left */
145
145
146
-
iph = ip_hdr(*pskb);
146
+
iph = ip_hdr(skb);
147
147
pr_debug("DCC found in master %u.%u.%u.%u:%u %u.%u.%u.%u:%u\n",
148
148
NIPQUAD(iph->saddr), ntohs(th->source),
149
149
NIPQUAD(iph->daddr), ntohs(th->dest));
···
193
193
194
194
nf_nat_irc = rcu_dereference(nf_nat_irc_hook);
195
195
if (nf_nat_irc && ct->status & IPS_NAT_MASK)
196
-
ret = nf_nat_irc(pskb, ctinfo,
196
+
ret = nf_nat_irc(skb, ctinfo,
197
197
addr_beg_p - ib_ptr,
198
198
addr_end_p - addr_beg_p,
199
199
exp);
+5
-5
net/netfilter/nf_conntrack_netbios_ns.c
+5
-5
net/netfilter/nf_conntrack_netbios_ns.c
···
42
42
module_param(timeout, uint, 0400);
43
43
MODULE_PARM_DESC(timeout, "timeout for master connection/replies in seconds");
44
44
45
-
static int help(struct sk_buff **pskb, unsigned int protoff,
45
+
static int help(struct sk_buff *skb, unsigned int protoff,
46
46
struct nf_conn *ct, enum ip_conntrack_info ctinfo)
47
47
{
48
48
struct nf_conntrack_expect *exp;
49
-
struct iphdr *iph = ip_hdr(*pskb);
50
-
struct rtable *rt = (struct rtable *)(*pskb)->dst;
49
+
struct iphdr *iph = ip_hdr(skb);
50
+
struct rtable *rt = (struct rtable *)skb->dst;
51
51
struct in_device *in_dev;
52
52
__be32 mask = 0;
53
53
54
54
/* we're only interested in locally generated packets */
55
-
if ((*pskb)->sk == NULL)
55
+
if (skb->sk == NULL)
56
56
goto out;
57
57
if (rt == NULL || !(rt->rt_flags & RTCF_BROADCAST))
58
58
goto out;
···
91
91
nf_ct_expect_related(exp);
92
92
nf_ct_expect_put(exp);
93
93
94
-
nf_ct_refresh(ct, *pskb, timeout * HZ);
94
+
nf_ct_refresh(ct, skb, timeout * HZ);
95
95
out:
96
96
return NF_ACCEPT;
97
97
}
+14
-14
net/netfilter/nf_conntrack_pptp.c
+14
-14
net/netfilter/nf_conntrack_pptp.c
···
41
41
static DEFINE_SPINLOCK(nf_pptp_lock);
42
42
43
43
int
44
-
(*nf_nat_pptp_hook_outbound)(struct sk_buff **pskb,
44
+
(*nf_nat_pptp_hook_outbound)(struct sk_buff *skb,
45
45
struct nf_conn *ct, enum ip_conntrack_info ctinfo,
46
46
struct PptpControlHeader *ctlh,
47
47
union pptp_ctrl_union *pptpReq) __read_mostly;
48
48
EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_outbound);
49
49
50
50
int
51
-
(*nf_nat_pptp_hook_inbound)(struct sk_buff **pskb,
51
+
(*nf_nat_pptp_hook_inbound)(struct sk_buff *skb,
52
52
struct nf_conn *ct, enum ip_conntrack_info ctinfo,
53
53
struct PptpControlHeader *ctlh,
54
54
union pptp_ctrl_union *pptpReq) __read_mostly;
···
254
254
}
255
255
256
256
static inline int
257
-
pptp_inbound_pkt(struct sk_buff **pskb,
257
+
pptp_inbound_pkt(struct sk_buff *skb,
258
258
struct PptpControlHeader *ctlh,
259
259
union pptp_ctrl_union *pptpReq,
260
260
unsigned int reqlen,
···
367
367
368
368
nf_nat_pptp_inbound = rcu_dereference(nf_nat_pptp_hook_inbound);
369
369
if (nf_nat_pptp_inbound && ct->status & IPS_NAT_MASK)
370
-
return nf_nat_pptp_inbound(pskb, ct, ctinfo, ctlh, pptpReq);
370
+
return nf_nat_pptp_inbound(skb, ct, ctinfo, ctlh, pptpReq);
371
371
return NF_ACCEPT;
372
372
373
373
invalid:
···
380
380
}
381
381
382
382
static inline int
383
-
pptp_outbound_pkt(struct sk_buff **pskb,
383
+
pptp_outbound_pkt(struct sk_buff *skb,
384
384
struct PptpControlHeader *ctlh,
385
385
union pptp_ctrl_union *pptpReq,
386
386
unsigned int reqlen,
···
462
462
463
463
nf_nat_pptp_outbound = rcu_dereference(nf_nat_pptp_hook_outbound);
464
464
if (nf_nat_pptp_outbound && ct->status & IPS_NAT_MASK)
465
-
return nf_nat_pptp_outbound(pskb, ct, ctinfo, ctlh, pptpReq);
465
+
return nf_nat_pptp_outbound(skb, ct, ctinfo, ctlh, pptpReq);
466
466
return NF_ACCEPT;
467
467
468
468
invalid:
···
492
492
493
493
/* track caller id inside control connection, call expect_related */
494
494
static int
495
-
conntrack_pptp_help(struct sk_buff **pskb, unsigned int protoff,
495
+
conntrack_pptp_help(struct sk_buff *skb, unsigned int protoff,
496
496
struct nf_conn *ct, enum ip_conntrack_info ctinfo)
497
497
498
498
{
···
502
502
struct pptp_pkt_hdr _pptph, *pptph;
503
503
struct PptpControlHeader _ctlh, *ctlh;
504
504
union pptp_ctrl_union _pptpReq, *pptpReq;
505
-
unsigned int tcplen = (*pskb)->len - protoff;
505
+
unsigned int tcplen = skb->len - protoff;
506
506
unsigned int datalen, reqlen, nexthdr_off;
507
507
int oldsstate, oldcstate;
508
508
int ret;
···
514
514
return NF_ACCEPT;
515
515
516
516
nexthdr_off = protoff;
517
-
tcph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_tcph), &_tcph);
517
+
tcph = skb_header_pointer(skb, nexthdr_off, sizeof(_tcph), &_tcph);
518
518
BUG_ON(!tcph);
519
519
nexthdr_off += tcph->doff * 4;
520
520
datalen = tcplen - tcph->doff * 4;
521
521
522
-
pptph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_pptph), &_pptph);
522
+
pptph = skb_header_pointer(skb, nexthdr_off, sizeof(_pptph), &_pptph);
523
523
if (!pptph) {
524
524
pr_debug("no full PPTP header, can't track\n");
525
525
return NF_ACCEPT;
···
534
534
return NF_ACCEPT;
535
535
}
536
536
537
-
ctlh = skb_header_pointer(*pskb, nexthdr_off, sizeof(_ctlh), &_ctlh);
537
+
ctlh = skb_header_pointer(skb, nexthdr_off, sizeof(_ctlh), &_ctlh);
538
538
if (!ctlh)
539
539
return NF_ACCEPT;
540
540
nexthdr_off += sizeof(_ctlh);
···
547
547
if (reqlen > sizeof(*pptpReq))
548
548
reqlen = sizeof(*pptpReq);
549
549
550
-
pptpReq = skb_header_pointer(*pskb, nexthdr_off, reqlen, &_pptpReq);
550
+
pptpReq = skb_header_pointer(skb, nexthdr_off, reqlen, &_pptpReq);
551
551
if (!pptpReq)
552
552
return NF_ACCEPT;
553
553
···
560
560
* established from PNS->PAC. However, RFC makes no guarantee */
561
561
if (dir == IP_CT_DIR_ORIGINAL)
562
562
/* client -> server (PNS -> PAC) */
563
-
ret = pptp_outbound_pkt(pskb, ctlh, pptpReq, reqlen, ct,
563
+
ret = pptp_outbound_pkt(skb, ctlh, pptpReq, reqlen, ct,
564
564
ctinfo);
565
565
else
566
566
/* server -> client (PAC -> PNS) */
567
-
ret = pptp_inbound_pkt(pskb, ctlh, pptpReq, reqlen, ct,
567
+
ret = pptp_inbound_pkt(skb, ctlh, pptpReq, reqlen, ct,
568
568
ctinfo);
569
569
pr_debug("sstate: %d->%d, cstate: %d->%d\n",
570
570
oldsstate, info->sstate, oldcstate, info->cstate);
+5
-5
net/netfilter/nf_conntrack_sane.c
+5
-5
net/netfilter/nf_conntrack_sane.c
···
56
56
/* other fields aren't interesting for conntrack */
57
57
};
58
58
59
-
static int help(struct sk_buff **pskb,
59
+
static int help(struct sk_buff *skb,
60
60
unsigned int protoff,
61
61
struct nf_conn *ct,
62
62
enum ip_conntrack_info ctinfo)
···
80
80
return NF_ACCEPT;
81
81
82
82
/* Not a full tcp header? */
83
-
th = skb_header_pointer(*pskb, protoff, sizeof(_tcph), &_tcph);
83
+
th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
84
84
if (th == NULL)
85
85
return NF_ACCEPT;
86
86
87
87
/* No data? */
88
88
dataoff = protoff + th->doff * 4;
89
-
if (dataoff >= (*pskb)->len)
89
+
if (dataoff >= skb->len)
90
90
return NF_ACCEPT;
91
91
92
-
datalen = (*pskb)->len - dataoff;
92
+
datalen = skb->len - dataoff;
93
93
94
94
spin_lock_bh(&nf_sane_lock);
95
-
sb_ptr = skb_header_pointer(*pskb, dataoff, datalen, sane_buffer);
95
+
sb_ptr = skb_header_pointer(skb, dataoff, datalen, sane_buffer);
96
96
BUG_ON(sb_ptr == NULL);
97
97
98
98
if (dir == IP_CT_DIR_ORIGINAL) {
+12
-12
net/netfilter/nf_conntrack_sip.c
+12
-12
net/netfilter/nf_conntrack_sip.c
···
36
36
module_param(sip_timeout, uint, 0600);
37
37
MODULE_PARM_DESC(sip_timeout, "timeout for the master SIP session");
38
38
39
-
unsigned int (*nf_nat_sip_hook)(struct sk_buff **pskb,
39
+
unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb,
40
40
enum ip_conntrack_info ctinfo,
41
41
struct nf_conn *ct,
42
42
const char **dptr) __read_mostly;
43
43
EXPORT_SYMBOL_GPL(nf_nat_sip_hook);
44
44
45
-
unsigned int (*nf_nat_sdp_hook)(struct sk_buff **pskb,
45
+
unsigned int (*nf_nat_sdp_hook)(struct sk_buff *skb,
46
46
enum ip_conntrack_info ctinfo,
47
47
struct nf_conntrack_expect *exp,
48
48
const char *dptr) __read_mostly;
···
363
363
}
364
364
EXPORT_SYMBOL_GPL(ct_sip_get_info);
365
365
366
-
static int set_expected_rtp(struct sk_buff **pskb,
366
+
static int set_expected_rtp(struct sk_buff *skb,
367
367
struct nf_conn *ct,
368
368
enum ip_conntrack_info ctinfo,
369
369
union nf_conntrack_address *addr,
···
385
385
386
386
nf_nat_sdp = rcu_dereference(nf_nat_sdp_hook);
387
387
if (nf_nat_sdp && ct->status & IPS_NAT_MASK)
388
-
ret = nf_nat_sdp(pskb, ctinfo, exp, dptr);
388
+
ret = nf_nat_sdp(skb, ctinfo, exp, dptr);
389
389
else {
390
390
if (nf_ct_expect_related(exp) != 0)
391
391
ret = NF_DROP;
···
397
397
return ret;
398
398
}
399
399
400
-
static int sip_help(struct sk_buff **pskb,
400
+
static int sip_help(struct sk_buff *skb,
401
401
unsigned int protoff,
402
402
struct nf_conn *ct,
403
403
enum ip_conntrack_info ctinfo)
···
414
414
415
415
/* No Data ? */
416
416
dataoff = protoff + sizeof(struct udphdr);
417
-
if (dataoff >= (*pskb)->len)
417
+
if (dataoff >= skb->len)
418
418
return NF_ACCEPT;
419
419
420
-
nf_ct_refresh(ct, *pskb, sip_timeout * HZ);
420
+
nf_ct_refresh(ct, skb, sip_timeout * HZ);
421
421
422
-
if (!skb_is_nonlinear(*pskb))
423
-
dptr = (*pskb)->data + dataoff;
422
+
if (!skb_is_nonlinear(skb))
423
+
dptr = skb->data + dataoff;
424
424
else {
425
425
pr_debug("Copy of skbuff not supported yet.\n");
426
426
goto out;
···
428
428
429
429
nf_nat_sip = rcu_dereference(nf_nat_sip_hook);
430
430
if (nf_nat_sip && ct->status & IPS_NAT_MASK) {
431
-
if (!nf_nat_sip(pskb, ctinfo, ct, &dptr)) {
431
+
if (!nf_nat_sip(skb, ctinfo, ct, &dptr)) {
432
432
ret = NF_DROP;
433
433
goto out;
434
434
}
435
435
}
436
436
437
-
datalen = (*pskb)->len - dataoff;
437
+
datalen = skb->len - dataoff;
438
438
if (datalen < sizeof("SIP/2.0 200") - 1)
439
439
goto out;
440
440
···
464
464
ret = NF_DROP;
465
465
goto out;
466
466
}
467
-
ret = set_expected_rtp(pskb, ct, ctinfo, &addr,
467
+
ret = set_expected_rtp(skb, ct, ctinfo, &addr,
468
468
htons(port), dptr);
469
469
}
470
470
}
+4
-4
net/netfilter/nf_conntrack_tftp.c
+4
-4
net/netfilter/nf_conntrack_tftp.c
···
29
29
module_param_array(ports, ushort, &ports_c, 0400);
30
30
MODULE_PARM_DESC(ports, "Port numbers of TFTP servers");
31
31
32
-
unsigned int (*nf_nat_tftp_hook)(struct sk_buff **pskb,
32
+
unsigned int (*nf_nat_tftp_hook)(struct sk_buff *skb,
33
33
enum ip_conntrack_info ctinfo,
34
34
struct nf_conntrack_expect *exp) __read_mostly;
35
35
EXPORT_SYMBOL_GPL(nf_nat_tftp_hook);
36
36
37
-
static int tftp_help(struct sk_buff **pskb,
37
+
static int tftp_help(struct sk_buff *skb,
38
38
unsigned int protoff,
39
39
struct nf_conn *ct,
40
40
enum ip_conntrack_info ctinfo)
···
46
46
int family = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num;
47
47
typeof(nf_nat_tftp_hook) nf_nat_tftp;
48
48
49
-
tfh = skb_header_pointer(*pskb, protoff + sizeof(struct udphdr),
49
+
tfh = skb_header_pointer(skb, protoff + sizeof(struct udphdr),
50
50
sizeof(_tftph), &_tftph);
51
51
if (tfh == NULL)
52
52
return NF_ACCEPT;
···
70
70
71
71
nf_nat_tftp = rcu_dereference(nf_nat_tftp_hook);
72
72
if (nf_nat_tftp && ct->status & IPS_NAT_MASK)
73
-
ret = nf_nat_tftp(pskb, ctinfo, exp);
73
+
ret = nf_nat_tftp(skb, ctinfo, exp);
74
74
else if (nf_ct_expect_related(exp) != 0)
75
75
ret = NF_DROP;
76
76
nf_ct_expect_put(exp);
+1
-1
net/netfilter/nf_internals.h
+1
-1
net/netfilter/nf_internals.h
+2
-2
net/netfilter/nf_queue.c
+2
-2
net/netfilter/nf_queue.c
···
256
256
257
257
if (verdict == NF_ACCEPT) {
258
258
afinfo = nf_get_afinfo(info->pf);
259
-
if (!afinfo || afinfo->reroute(&skb, info) < 0)
259
+
if (!afinfo || afinfo->reroute(skb, info) < 0)
260
260
verdict = NF_DROP;
261
261
}
262
262
263
263
if (verdict == NF_ACCEPT) {
264
264
next_hook:
265
265
verdict = nf_iterate(&nf_hooks[info->pf][info->hook],
266
-
&skb, info->hook,
266
+
skb, info->hook,
267
267
info->indev, info->outdev, &elem,
268
268
info->okfn, INT_MIN);
269
269
}
+7
-13
net/netfilter/nfnetlink_queue.c
+7
-13
net/netfilter/nfnetlink_queue.c
···
617
617
nfqnl_mangle(void *data, int data_len, struct nfqnl_queue_entry *e)
618
618
{
619
619
int diff;
620
+
int err;
620
621
621
622
diff = data_len - e->skb->len;
622
623
if (diff < 0) {
···
627
626
if (data_len > 0xFFFF)
628
627
return -EINVAL;
629
628
if (diff > skb_tailroom(e->skb)) {
630
-
struct sk_buff *newskb;
631
-
632
-
newskb = skb_copy_expand(e->skb,
633
-
skb_headroom(e->skb),
634
-
diff,
635
-
GFP_ATOMIC);
636
-
if (newskb == NULL) {
629
+
err = pskb_expand_head(e->skb, 0,
630
+
diff - skb_tailroom(e->skb),
631
+
GFP_ATOMIC);
632
+
if (err) {
637
633
printk(KERN_WARNING "nf_queue: OOM "
638
634
"in mangle, dropping packet\n");
639
-
return -ENOMEM;
635
+
return err;
640
636
}
641
-
if (e->skb->sk)
642
-
skb_set_owner_w(newskb, e->skb->sk);
643
-
kfree_skb(e->skb);
644
-
e->skb = newskb;
645
637
}
646
638
skb_put(e->skb, diff);
647
639
}
648
-
if (!skb_make_writable(&e->skb, data_len))
640
+
if (!skb_make_writable(e->skb, data_len))
649
641
return -ENOMEM;
650
642
skb_copy_to_linear_data(e->skb, data, data_len);
651
643
e->skb->ip_summed = CHECKSUM_NONE;
+2
-2
net/netfilter/xt_CLASSIFY.c
+2
-2
net/netfilter/xt_CLASSIFY.c
···
27
27
MODULE_ALIAS("ip6t_CLASSIFY");
28
28
29
29
static unsigned int
30
-
target(struct sk_buff **pskb,
30
+
target(struct sk_buff *skb,
31
31
const struct net_device *in,
32
32
const struct net_device *out,
33
33
unsigned int hooknum,
···
36
36
{
37
37
const struct xt_classify_target_info *clinfo = targinfo;
38
38
39
-
(*pskb)->priority = clinfo->priority;
39
+
skb->priority = clinfo->priority;
40
40
return XT_CONTINUE;
41
41
}
42
42
+7
-7
net/netfilter/xt_CONNMARK.c
+7
-7
net/netfilter/xt_CONNMARK.c
···
34
34
#include <net/netfilter/nf_conntrack_ecache.h>
35
35
36
36
static unsigned int
37
-
target(struct sk_buff **pskb,
37
+
target(struct sk_buff *skb,
38
38
const struct net_device *in,
39
39
const struct net_device *out,
40
40
unsigned int hooknum,
···
48
48
u_int32_t mark;
49
49
u_int32_t newmark;
50
50
51
-
ct = nf_ct_get(*pskb, &ctinfo);
51
+
ct = nf_ct_get(skb, &ctinfo);
52
52
if (ct) {
53
53
switch(markinfo->mode) {
54
54
case XT_CONNMARK_SET:
55
55
newmark = (ct->mark & ~markinfo->mask) | markinfo->mark;
56
56
if (newmark != ct->mark) {
57
57
ct->mark = newmark;
58
-
nf_conntrack_event_cache(IPCT_MARK, *pskb);
58
+
nf_conntrack_event_cache(IPCT_MARK, skb);
59
59
}
60
60
break;
61
61
case XT_CONNMARK_SAVE:
62
62
newmark = (ct->mark & ~markinfo->mask) |
63
-
((*pskb)->mark & markinfo->mask);
63
+
(skb->mark & markinfo->mask);
64
64
if (ct->mark != newmark) {
65
65
ct->mark = newmark;
66
-
nf_conntrack_event_cache(IPCT_MARK, *pskb);
66
+
nf_conntrack_event_cache(IPCT_MARK, skb);
67
67
}
68
68
break;
69
69
case XT_CONNMARK_RESTORE:
70
-
mark = (*pskb)->mark;
70
+
mark = skb->mark;
71
71
diff = (ct->mark ^ mark) & markinfo->mask;
72
-
(*pskb)->mark = mark ^ diff;
72
+
skb->mark = mark ^ diff;
73
73
break;
74
74
}
75
75
}
+1
-2
net/netfilter/xt_CONNSECMARK.c
+1
-2
net/netfilter/xt_CONNSECMARK.c
···
61
61
}
62
62
}
63
63
64
-
static unsigned int target(struct sk_buff **pskb, const struct net_device *in,
64
+
static unsigned int target(struct sk_buff *skb, const struct net_device *in,
65
65
const struct net_device *out, unsigned int hooknum,
66
66
const struct xt_target *target,
67
67
const void *targinfo)
68
68
{
69
-
struct sk_buff *skb = *pskb;
70
69
const struct xt_connsecmark_target_info *info = targinfo;
71
70
72
71
switch (info->mode) {
+8
-8
net/netfilter/xt_DSCP.c
+8
-8
net/netfilter/xt_DSCP.c
···
25
25
MODULE_ALIAS("ipt_DSCP");
26
26
MODULE_ALIAS("ip6t_DSCP");
27
27
28
-
static unsigned int target(struct sk_buff **pskb,
28
+
static unsigned int target(struct sk_buff *skb,
29
29
const struct net_device *in,
30
30
const struct net_device *out,
31
31
unsigned int hooknum,
···
33
33
const void *targinfo)
34
34
{
35
35
const struct xt_DSCP_info *dinfo = targinfo;
36
-
u_int8_t dscp = ipv4_get_dsfield(ip_hdr(*pskb)) >> XT_DSCP_SHIFT;
36
+
u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT;
37
37
38
38
if (dscp != dinfo->dscp) {
39
-
if (!skb_make_writable(pskb, sizeof(struct iphdr)))
39
+
if (!skb_make_writable(skb, sizeof(struct iphdr)))
40
40
return NF_DROP;
41
41
42
-
ipv4_change_dsfield(ip_hdr(*pskb), (__u8)(~XT_DSCP_MASK),
42
+
ipv4_change_dsfield(ip_hdr(skb), (__u8)(~XT_DSCP_MASK),
43
43
dinfo->dscp << XT_DSCP_SHIFT);
44
44
45
45
}
46
46
return XT_CONTINUE;
47
47
}
48
48
49
-
static unsigned int target6(struct sk_buff **pskb,
49
+
static unsigned int target6(struct sk_buff *skb,
50
50
const struct net_device *in,
51
51
const struct net_device *out,
52
52
unsigned int hooknum,
···
54
54
const void *targinfo)
55
55
{
56
56
const struct xt_DSCP_info *dinfo = targinfo;
57
-
u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(*pskb)) >> XT_DSCP_SHIFT;
57
+
u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT;
58
58
59
59
if (dscp != dinfo->dscp) {
60
-
if (!skb_make_writable(pskb, sizeof(struct ipv6hdr)))
60
+
if (!skb_make_writable(skb, sizeof(struct ipv6hdr)))
61
61
return NF_DROP;
62
62
63
-
ipv6_change_dsfield(ipv6_hdr(*pskb), (__u8)(~XT_DSCP_MASK),
63
+
ipv6_change_dsfield(ipv6_hdr(skb), (__u8)(~XT_DSCP_MASK),
64
64
dinfo->dscp << XT_DSCP_SHIFT);
65
65
}
66
66
return XT_CONTINUE;
+6
-6
net/netfilter/xt_MARK.c
+6
-6
net/netfilter/xt_MARK.c
···
22
22
MODULE_ALIAS("ip6t_MARK");
23
23
24
24
static unsigned int
25
-
target_v0(struct sk_buff **pskb,
25
+
target_v0(struct sk_buff *skb,
26
26
const struct net_device *in,
27
27
const struct net_device *out,
28
28
unsigned int hooknum,
···
31
31
{
32
32
const struct xt_mark_target_info *markinfo = targinfo;
33
33
34
-
(*pskb)->mark = markinfo->mark;
34
+
skb->mark = markinfo->mark;
35
35
return XT_CONTINUE;
36
36
}
37
37
38
38
static unsigned int
39
-
target_v1(struct sk_buff **pskb,
39
+
target_v1(struct sk_buff *skb,
40
40
const struct net_device *in,
41
41
const struct net_device *out,
42
42
unsigned int hooknum,
···
52
52
break;
53
53
54
54
case XT_MARK_AND:
55
-
mark = (*pskb)->mark & markinfo->mark;
55
+
mark = skb->mark & markinfo->mark;
56
56
break;
57
57
58
58
case XT_MARK_OR:
59
-
mark = (*pskb)->mark | markinfo->mark;
59
+
mark = skb->mark | markinfo->mark;
60
60
break;
61
61
}
62
62
63
-
(*pskb)->mark = mark;
63
+
skb->mark = mark;
64
64
return XT_CONTINUE;
65
65
}
66
66
+2
-2
net/netfilter/xt_NFLOG.c
+2
-2
net/netfilter/xt_NFLOG.c
···
20
20
MODULE_ALIAS("ip6t_NFLOG");
21
21
22
22
static unsigned int
23
-
nflog_target(struct sk_buff **pskb,
23
+
nflog_target(struct sk_buff *skb,
24
24
const struct net_device *in, const struct net_device *out,
25
25
unsigned int hooknum, const struct xt_target *target,
26
26
const void *targinfo)
···
33
33
li.u.ulog.group = info->group;
34
34
li.u.ulog.qthreshold = info->threshold;
35
35
36
-
nf_log_packet(target->family, hooknum, *pskb, in, out, &li,
36
+
nf_log_packet(target->family, hooknum, skb, in, out, &li,
37
37
"%s", info->prefix);
38
38
return XT_CONTINUE;
39
39
}
+1
-1
net/netfilter/xt_NFQUEUE.c
+1
-1
net/netfilter/xt_NFQUEUE.c
+5
-5
net/netfilter/xt_NOTRACK.c
+5
-5
net/netfilter/xt_NOTRACK.c
···
12
12
MODULE_ALIAS("ip6t_NOTRACK");
13
13
14
14
static unsigned int
15
-
target(struct sk_buff **pskb,
15
+
target(struct sk_buff *skb,
16
16
const struct net_device *in,
17
17
const struct net_device *out,
18
18
unsigned int hooknum,
···
20
20
const void *targinfo)
21
21
{
22
22
/* Previously seen (loopback)? Ignore. */
23
-
if ((*pskb)->nfct != NULL)
23
+
if (skb->nfct != NULL)
24
24
return XT_CONTINUE;
25
25
26
26
/* Attach fake conntrack entry.
27
27
If there is a real ct entry correspondig to this packet,
28
28
it'll hang aroun till timing out. We don't deal with it
29
29
for performance reasons. JK */
30
-
(*pskb)->nfct = &nf_conntrack_untracked.ct_general;
31
-
(*pskb)->nfctinfo = IP_CT_NEW;
32
-
nf_conntrack_get((*pskb)->nfct);
30
+
skb->nfct = &nf_conntrack_untracked.ct_general;
31
+
skb->nfctinfo = IP_CT_NEW;
32
+
nf_conntrack_get(skb->nfct);
33
33
34
34
return XT_CONTINUE;
35
35
}
+2
-2
net/netfilter/xt_SECMARK.c
+2
-2
net/netfilter/xt_SECMARK.c
···
28
28
29
29
static u8 mode;
30
30
31
-
static unsigned int target(struct sk_buff **pskb, const struct net_device *in,
31
+
static unsigned int target(struct sk_buff *skb, const struct net_device *in,
32
32
const struct net_device *out, unsigned int hooknum,
33
33
const struct xt_target *target,
34
34
const void *targinfo)
···
47
47
BUG();
48
48
}
49
49
50
-
(*pskb)->secmark = secmark;
50
+
skb->secmark = secmark;
51
51
return XT_CONTINUE;
52
52
}
53
53
+27
-31
net/netfilter/xt_TCPMSS.c
+27
-31
net/netfilter/xt_TCPMSS.c
···
39
39
}
40
40
41
41
static int
42
-
tcpmss_mangle_packet(struct sk_buff **pskb,
42
+
tcpmss_mangle_packet(struct sk_buff *skb,
43
43
const struct xt_tcpmss_info *info,
44
44
unsigned int tcphoff,
45
45
unsigned int minlen)
···
50
50
u16 newmss;
51
51
u8 *opt;
52
52
53
-
if (!skb_make_writable(pskb, (*pskb)->len))
53
+
if (!skb_make_writable(skb, skb->len))
54
54
return -1;
55
55
56
-
tcplen = (*pskb)->len - tcphoff;
57
-
tcph = (struct tcphdr *)(skb_network_header(*pskb) + tcphoff);
56
+
tcplen = skb->len - tcphoff;
57
+
tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff);
58
58
59
59
/* Since it passed flags test in tcp match, we know it is is
60
60
not a fragment, and has data >= tcp header length. SYN
···
64
64
if (tcplen != tcph->doff*4) {
65
65
if (net_ratelimit())
66
66
printk(KERN_ERR "xt_TCPMSS: bad length (%u bytes)\n",
67
-
(*pskb)->len);
67
+
skb->len);
68
68
return -1;
69
69
}
70
70
71
71
if (info->mss == XT_TCPMSS_CLAMP_PMTU) {
72
-
if (dst_mtu((*pskb)->dst) <= minlen) {
72
+
if (dst_mtu(skb->dst) <= minlen) {
73
73
if (net_ratelimit())
74
74
printk(KERN_ERR "xt_TCPMSS: "
75
75
"unknown or invalid path-MTU (%u)\n",
76
-
dst_mtu((*pskb)->dst));
76
+
dst_mtu(skb->dst));
77
77
return -1;
78
78
}
79
-
newmss = dst_mtu((*pskb)->dst) - minlen;
79
+
newmss = dst_mtu(skb->dst) - minlen;
80
80
} else
81
81
newmss = info->mss;
82
82
···
95
95
opt[i+2] = (newmss & 0xff00) >> 8;
96
96
opt[i+3] = newmss & 0x00ff;
97
97
98
-
nf_proto_csum_replace2(&tcph->check, *pskb,
98
+
nf_proto_csum_replace2(&tcph->check, skb,
99
99
htons(oldmss), htons(newmss), 0);
100
100
return 0;
101
101
}
···
104
104
/*
105
105
* MSS Option not found ?! add it..
106
106
*/
107
-
if (skb_tailroom((*pskb)) < TCPOLEN_MSS) {
108
-
struct sk_buff *newskb;
109
-
110
-
newskb = skb_copy_expand(*pskb, skb_headroom(*pskb),
111
-
TCPOLEN_MSS, GFP_ATOMIC);
112
-
if (!newskb)
107
+
if (skb_tailroom(skb) < TCPOLEN_MSS) {
108
+
if (pskb_expand_head(skb, 0,
109
+
TCPOLEN_MSS - skb_tailroom(skb),
110
+
GFP_ATOMIC))
113
111
return -1;
114
-
kfree_skb(*pskb);
115
-
*pskb = newskb;
116
-
tcph = (struct tcphdr *)(skb_network_header(*pskb) + tcphoff);
112
+
tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff);
117
113
}
118
114
119
-
skb_put((*pskb), TCPOLEN_MSS);
115
+
skb_put(skb, TCPOLEN_MSS);
120
116
121
117
opt = (u_int8_t *)tcph + sizeof(struct tcphdr);
122
118
memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr));
123
119
124
-
nf_proto_csum_replace2(&tcph->check, *pskb,
120
+
nf_proto_csum_replace2(&tcph->check, skb,
125
121
htons(tcplen), htons(tcplen + TCPOLEN_MSS), 1);
126
122
opt[0] = TCPOPT_MSS;
127
123
opt[1] = TCPOLEN_MSS;
128
124
opt[2] = (newmss & 0xff00) >> 8;
129
125
opt[3] = newmss & 0x00ff;
130
126
131
-
nf_proto_csum_replace4(&tcph->check, *pskb, 0, *((__be32 *)opt), 0);
127
+
nf_proto_csum_replace4(&tcph->check, skb, 0, *((__be32 *)opt), 0);
132
128
133
129
oldval = ((__be16 *)tcph)[6];
134
130
tcph->doff += TCPOLEN_MSS/4;
135
-
nf_proto_csum_replace2(&tcph->check, *pskb,
131
+
nf_proto_csum_replace2(&tcph->check, skb,
136
132
oldval, ((__be16 *)tcph)[6], 0);
137
133
return TCPOLEN_MSS;
138
134
}
139
135
140
136
static unsigned int
141
-
xt_tcpmss_target4(struct sk_buff **pskb,
137
+
xt_tcpmss_target4(struct sk_buff *skb,
142
138
const struct net_device *in,
143
139
const struct net_device *out,
144
140
unsigned int hooknum,
145
141
const struct xt_target *target,
146
142
const void *targinfo)
147
143
{
148
-
struct iphdr *iph = ip_hdr(*pskb);
144
+
struct iphdr *iph = ip_hdr(skb);
149
145
__be16 newlen;
150
146
int ret;
151
147
152
-
ret = tcpmss_mangle_packet(pskb, targinfo, iph->ihl * 4,
148
+
ret = tcpmss_mangle_packet(skb, targinfo, iph->ihl * 4,
153
149
sizeof(*iph) + sizeof(struct tcphdr));
154
150
if (ret < 0)
155
151
return NF_DROP;
156
152
if (ret > 0) {
157
-
iph = ip_hdr(*pskb);
153
+
iph = ip_hdr(skb);
158
154
newlen = htons(ntohs(iph->tot_len) + ret);
159
155
nf_csum_replace2(&iph->check, iph->tot_len, newlen);
160
156
iph->tot_len = newlen;
···
160
164
161
165
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
162
166
static unsigned int
163
-
xt_tcpmss_target6(struct sk_buff **pskb,
167
+
xt_tcpmss_target6(struct sk_buff *skb,
164
168
const struct net_device *in,
165
169
const struct net_device *out,
166
170
unsigned int hooknum,
167
171
const struct xt_target *target,
168
172
const void *targinfo)
169
173
{
170
-
struct ipv6hdr *ipv6h = ipv6_hdr(*pskb);
174
+
struct ipv6hdr *ipv6h = ipv6_hdr(skb);
171
175
u8 nexthdr;
172
176
int tcphoff;
173
177
int ret;
174
178
175
179
nexthdr = ipv6h->nexthdr;
176
-
tcphoff = ipv6_skip_exthdr(*pskb, sizeof(*ipv6h), &nexthdr);
180
+
tcphoff = ipv6_skip_exthdr(skb, sizeof(*ipv6h), &nexthdr);
177
181
if (tcphoff < 0) {
178
182
WARN_ON(1);
179
183
return NF_DROP;
180
184
}
181
-
ret = tcpmss_mangle_packet(pskb, targinfo, tcphoff,
185
+
ret = tcpmss_mangle_packet(skb, targinfo, tcphoff,
182
186
sizeof(*ipv6h) + sizeof(struct tcphdr));
183
187
if (ret < 0)
184
188
return NF_DROP;
185
189
if (ret > 0) {
186
-
ipv6h = ipv6_hdr(*pskb);
190
+
ipv6h = ipv6_hdr(skb);
187
191
ipv6h->payload_len = htons(ntohs(ipv6h->payload_len) + ret);
188
192
}
189
193
return XT_CONTINUE;
+2
-2
net/netfilter/xt_TRACE.c
+2
-2
net/netfilter/xt_TRACE.c
···
10
10
MODULE_ALIAS("ip6t_TRACE");
11
11
12
12
static unsigned int
13
-
target(struct sk_buff **pskb,
13
+
target(struct sk_buff *skb,
14
14
const struct net_device *in,
15
15
const struct net_device *out,
16
16
unsigned int hooknum,
17
17
const struct xt_target *target,
18
18
const void *targinfo)
19
19
{
20
-
(*pskb)->nf_trace = 1;
20
+
skb->nf_trace = 1;
21
21
return XT_CONTINUE;
22
22
}
23
23
+2
net/netlink/af_netlink.c
+2
net/netlink/af_netlink.c
+1
-5
net/sched/act_ipt.c
+1
-5
net/sched/act_ipt.c
···
202
202
/* yes, we have to worry about both in and out dev
203
203
worry later - danger - this API seems to have changed
204
204
from earlier kernels */
205
-
206
-
/* iptables targets take a double skb pointer in case the skb
207
-
* needs to be replaced. We don't own the skb, so this must not
208
-
* happen. The pskb_expand_head above should make sure of this */
209
-
ret = ipt->tcfi_t->u.kernel.target->target(&skb, skb->dev, NULL,
205
+
ret = ipt->tcfi_t->u.kernel.target->target(skb, skb->dev, NULL,
210
206
ipt->tcfi_hook,
211
207
ipt->tcfi_t->u.kernel.target,
212
208
ipt->tcfi_t->data);
+2
-3
net/sched/sch_ingress.c
+2
-3
net/sched/sch_ingress.c
···
205
205
#ifndef CONFIG_NET_CLS_ACT
206
206
#ifdef CONFIG_NETFILTER
207
207
static unsigned int
208
-
ing_hook(unsigned int hook, struct sk_buff **pskb,
208
+
ing_hook(unsigned int hook, struct sk_buff *skb,
209
209
const struct net_device *indev,
210
210
const struct net_device *outdev,
211
211
int (*okfn)(struct sk_buff *))
212
212
{
213
213
214
214
struct Qdisc *q;
215
-
struct sk_buff *skb = *pskb;
216
215
struct net_device *dev = skb->dev;
217
216
int fwres=NF_ACCEPT;
218
217
219
218
DPRINTK("ing_hook: skb %s dev=%s len=%u\n",
220
219
skb->sk ? "(owned)" : "(unowned)",
221
-
skb->dev ? (*pskb)->dev->name : "(no dev)",
220
+
skb->dev ? skb->dev->name : "(no dev)",
222
221
skb->len);
223
222
224
223
if (dev->qdisc_ingress) {
+2
-2
net/sctp/ipv6.c
+2
-2
net/sctp/ipv6.c
···
954
954
.flags = SCTP_PROTOSW_FLAG,
955
955
};
956
956
957
-
static int sctp6_rcv(struct sk_buff **pskb)
957
+
static int sctp6_rcv(struct sk_buff *skb)
958
958
{
959
-
return sctp_rcv(*pskb) ? -1 : 0;
959
+
return sctp_rcv(skb) ? -1 : 0;
960
960
}
961
961
962
962
static struct inet6_protocol sctpv6_protocol = {
+5
-6
security/selinux/hooks.c
+5
-6
security/selinux/hooks.c
···
3932
3932
}
3933
3933
3934
3934
static unsigned int selinux_ip_postroute_last(unsigned int hooknum,
3935
-
struct sk_buff **pskb,
3935
+
struct sk_buff *skb,
3936
3936
const struct net_device *in,
3937
3937
const struct net_device *out,
3938
3938
int (*okfn)(struct sk_buff *),
···
3941
3941
char *addrp;
3942
3942
int len, err = 0;
3943
3943
struct sock *sk;
3944
-
struct sk_buff *skb = *pskb;
3945
3944
struct avc_audit_data ad;
3946
3945
struct net_device *dev = (struct net_device *)out;
3947
3946
struct sk_security_struct *sksec;
···
3976
3977
}
3977
3978
3978
3979
static unsigned int selinux_ipv4_postroute_last(unsigned int hooknum,
3979
-
struct sk_buff **pskb,
3980
+
struct sk_buff *skb,
3980
3981
const struct net_device *in,
3981
3982
const struct net_device *out,
3982
3983
int (*okfn)(struct sk_buff *))
3983
3984
{
3984
-
return selinux_ip_postroute_last(hooknum, pskb, in, out, okfn, PF_INET);
3985
+
return selinux_ip_postroute_last(hooknum, skb, in, out, okfn, PF_INET);
3985
3986
}
3986
3987
3987
3988
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
3988
3989
3989
3990
static unsigned int selinux_ipv6_postroute_last(unsigned int hooknum,
3990
-
struct sk_buff **pskb,
3991
+
struct sk_buff *skb,
3991
3992
const struct net_device *in,
3992
3993
const struct net_device *out,
3993
3994
int (*okfn)(struct sk_buff *))
3994
3995
{
3995
-
return selinux_ip_postroute_last(hooknum, pskb, in, out, okfn, PF_INET6);
3996
+
return selinux_ip_postroute_last(hooknum, skb, in, out, okfn, PF_INET6);
3996
3997
}
3997
3998
3998
3999
#endif /* IPV6 */