forked from Minki/linux
[IP]: Introduce ip_hdrlen()
For the common sequence "skb->nh.iph->ihl * 4", removing a good number of open coded skb->nh.iph uses, now to go after the rest... Just out of curiosity, here are the idioms found to get the same result: skb->nh.iph->ihl << 2 skb->nh.iph->ihl<<2 skb->nh.iph->ihl * 4 skb->nh.iph->ihl*4 (skb->nh.iph)->ihl * sizeof(u32) Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
0272ffc46f
commit
c9bdd4b525
@ -4527,7 +4527,7 @@ bnx2_start_xmit(struct sk_buff *skb, struct net_device *dev)
|
||||
if (skb->h.th->doff > 5) {
|
||||
tcp_opt_len = (skb->h.th->doff - 5) << 2;
|
||||
}
|
||||
ip_tcp_len = (skb->nh.iph->ihl << 2) + sizeof(struct tcphdr);
|
||||
ip_tcp_len = ip_hdrlen(skb) + sizeof(struct tcphdr);
|
||||
|
||||
skb->nh.iph->check = 0;
|
||||
skb->nh.iph->tot_len = htons(mss + ip_tcp_len + tcp_opt_len);
|
||||
|
@ -1263,7 +1263,7 @@ static inline void write_ip_start_end(struct ehea_swqe *swqe,
|
||||
const struct sk_buff *skb)
|
||||
{
|
||||
swqe->ip_start = (u8)(((u64)skb->nh.iph) - ((u64)skb->data));
|
||||
swqe->ip_end = (u8)(swqe->ip_start + skb->nh.iph->ihl * 4 - 1);
|
||||
swqe->ip_end = (u8)(swqe->ip_start + ip_hdrlen(skb) - 1);
|
||||
}
|
||||
|
||||
static inline void write_tcp_offset_end(struct ehea_swqe *swqe,
|
||||
@ -1300,7 +1300,7 @@ static void write_swqe2_TSO(struct sk_buff *skb,
|
||||
/* copy only eth/ip/tcp headers to immediate data and
|
||||
* the rest of skb->data to sg1entry
|
||||
*/
|
||||
headersize = ETH_HLEN + (skb->nh.iph->ihl * 4) + (skb->h.th->doff * 4);
|
||||
headersize = ETH_HLEN + ip_hdrlen(skb) + (skb->h.th->doff * 4);
|
||||
|
||||
skb_data_size = skb->len - skb->data_len;
|
||||
|
||||
|
@ -35,6 +35,8 @@
|
||||
#include "netxen_nic_hw.h"
|
||||
#include "netxen_nic_phan_reg.h"
|
||||
|
||||
#include <net/ip.h>
|
||||
|
||||
/* PCI Windowing for DDR regions. */
|
||||
|
||||
#define ADDR_IN_RANGE(addr, low, high) \
|
||||
@ -371,9 +373,9 @@ void netxen_tso_check(struct netxen_adapter *adapter,
|
||||
struct cmd_desc_type0 *desc, struct sk_buff *skb)
|
||||
{
|
||||
if (desc->mss) {
|
||||
desc->total_hdr_length = sizeof(struct ethhdr) +
|
||||
((skb->nh.iph)->ihl * sizeof(u32)) +
|
||||
((skb->h.th)->doff * sizeof(u32));
|
||||
desc->total_hdr_length = (sizeof(struct ethhdr) +
|
||||
ip_hdrlen(skb) +
|
||||
skb->h.th->doff * 4);
|
||||
netxen_set_cmd_desc_opcode(desc, TX_TCP_LSO);
|
||||
} else if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
if (skb->nh.iph->protocol == IPPROTO_TCP) {
|
||||
|
@ -41,6 +41,7 @@
|
||||
|
||||
#include <linux/dma-mapping.h>
|
||||
#include <linux/vmalloc.h>
|
||||
#include <net/ip.h>
|
||||
|
||||
MODULE_DESCRIPTION("NetXen Multi port (1/10) Gigabit Network Driver");
|
||||
MODULE_LICENSE("GPL");
|
||||
@ -778,9 +779,8 @@ static int netxen_nic_xmit_frame(struct sk_buff *skb, struct net_device *netdev)
|
||||
if (skb_shinfo(skb)->gso_size > 0) {
|
||||
|
||||
no_of_desc++;
|
||||
if (((skb->nh.iph)->ihl * sizeof(u32)) +
|
||||
((skb->h.th)->doff * sizeof(u32)) +
|
||||
sizeof(struct ethhdr) >
|
||||
if ((ip_hdrlen(skb) + skb->h.th->doff * 4 +
|
||||
sizeof(struct ethhdr)) >
|
||||
(sizeof(struct cmd_desc_type0) - 2)) {
|
||||
no_of_desc++;
|
||||
}
|
||||
|
@ -32,6 +32,7 @@
|
||||
#include <linux/ethtool.h>
|
||||
#include <linux/pci.h>
|
||||
#include <linux/ip.h>
|
||||
#include <net/ip.h>
|
||||
#include <linux/tcp.h>
|
||||
#include <linux/in.h>
|
||||
#include <linux/delay.h>
|
||||
@ -1392,7 +1393,7 @@ static int sky2_xmit_frame(struct sk_buff *skb, struct net_device *dev)
|
||||
mss = skb_shinfo(skb)->gso_size;
|
||||
if (mss != 0) {
|
||||
mss += ((skb->h.th->doff - 5) * 4); /* TCP options */
|
||||
mss += (skb->nh.iph->ihl * 4) + sizeof(struct tcphdr);
|
||||
mss += ip_hdrlen(skb) + sizeof(struct tcphdr);
|
||||
mss += ETH_HLEN;
|
||||
|
||||
if (mss != sky2->tx_last_mss) {
|
||||
|
@ -40,6 +40,7 @@
|
||||
#include <linux/dma-mapping.h>
|
||||
|
||||
#include <net/checksum.h>
|
||||
#include <net/ip.h>
|
||||
|
||||
#include <asm/system.h>
|
||||
#include <asm/io.h>
|
||||
@ -3909,8 +3910,7 @@ static int tg3_start_xmit(struct sk_buff *skb, struct net_device *dev)
|
||||
mss |= (skb_headlen(skb) - ETH_HLEN) << 9;
|
||||
else {
|
||||
tcp_opt_len = ((skb->h.th->doff - 5) * 4);
|
||||
ip_tcp_len = (skb->nh.iph->ihl * 4) +
|
||||
sizeof(struct tcphdr);
|
||||
ip_tcp_len = ip_hdrlen(skb) + sizeof(struct tcphdr);
|
||||
|
||||
skb->nh.iph->check = 0;
|
||||
skb->nh.iph->tot_len = htons(mss + ip_tcp_len +
|
||||
@ -4064,7 +4064,7 @@ static int tg3_start_xmit_dma_bug(struct sk_buff *skb, struct net_device *dev)
|
||||
}
|
||||
|
||||
tcp_opt_len = ((skb->h.th->doff - 5) * 4);
|
||||
ip_tcp_len = (skb->nh.iph->ihl * 4) + sizeof(struct tcphdr);
|
||||
ip_tcp_len = ip_hdrlen(skb) + sizeof(struct tcphdr);
|
||||
|
||||
hdr_len = ip_tcp_len + tcp_opt_len;
|
||||
if (unlikely((ETH_HLEN + hdr_len) > 80) &&
|
||||
|
@ -473,9 +473,11 @@ qeth_eddp_fill_context_tcp(struct qeth_eddp_context *ctx,
|
||||
QETH_DBF_TEXT(trace, 5, "eddpficx");
|
||||
/* create our segmentation headers and copy original headers */
|
||||
if (skb->protocol == htons(ETH_P_IP))
|
||||
eddp = qeth_eddp_create_eddp_data(qhdr, (u8 *)skb->nh.iph,
|
||||
skb->nh.iph->ihl*4,
|
||||
(u8 *)skb->h.th, skb->h.th->doff*4);
|
||||
eddp = qeth_eddp_create_eddp_data(qhdr,
|
||||
skb_network_header(skb),
|
||||
ip_hdrlen(skb),
|
||||
skb->h.raw,
|
||||
skb->h.th->doff * 4);
|
||||
else
|
||||
eddp = qeth_eddp_create_eddp_data(qhdr, (u8 *)skb->nh.ipv6h,
|
||||
sizeof(struct ipv6hdr),
|
||||
@ -590,8 +592,9 @@ qeth_eddp_create_context_tcp(struct qeth_card *card, struct sk_buff *skb,
|
||||
QETH_DBF_TEXT(trace, 5, "creddpct");
|
||||
if (skb->protocol == htons(ETH_P_IP))
|
||||
ctx = qeth_eddp_create_context_generic(card, skb,
|
||||
sizeof(struct qeth_hdr) + skb->nh.iph->ihl*4 +
|
||||
skb->h.th->doff*4);
|
||||
(sizeof(struct qeth_hdr) +
|
||||
ip_hdrlen(skb) +
|
||||
skb->h.th->doff * 4));
|
||||
else if (skb->protocol == htons(ETH_P_IPV6))
|
||||
ctx = qeth_eddp_create_context_generic(card, skb,
|
||||
sizeof(struct qeth_hdr) + sizeof(struct ipv6hdr) +
|
||||
|
@ -25,6 +25,7 @@
|
||||
#include <linux/types.h>
|
||||
#include <linux/ip.h>
|
||||
#include <linux/in.h>
|
||||
#include <linux/skbuff.h>
|
||||
|
||||
#include <net/inet_sock.h>
|
||||
#include <net/snmp.h>
|
||||
@ -43,6 +44,11 @@ struct inet_skb_parm
|
||||
#define IPSKB_REROUTED 16
|
||||
};
|
||||
|
||||
static inline unsigned int ip_hdrlen(const struct sk_buff *skb)
|
||||
{
|
||||
return skb->nh.iph->ihl * 4;
|
||||
}
|
||||
|
||||
struct ipcm_cookie
|
||||
{
|
||||
__be32 addr;
|
||||
@ -74,7 +80,6 @@ struct msghdr;
|
||||
struct net_device;
|
||||
struct packet_type;
|
||||
struct rtable;
|
||||
struct sk_buff;
|
||||
struct sockaddr;
|
||||
|
||||
extern void ip_mc_dropsocket(struct sock *);
|
||||
|
@ -483,7 +483,7 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb)
|
||||
flags = offset & ~IP_OFFSET;
|
||||
offset &= IP_OFFSET;
|
||||
offset <<= 3; /* offset is in 8-byte chunks */
|
||||
ihl = skb->nh.iph->ihl * 4;
|
||||
ihl = ip_hdrlen(skb);
|
||||
|
||||
/* Determine the position of this fragment. */
|
||||
end = offset + skb->len - ihl;
|
||||
@ -624,7 +624,7 @@ static struct sk_buff *ip_frag_reasm(struct ipq *qp, struct net_device *dev)
|
||||
BUG_TRAP(FRAG_CB(head)->offset == 0);
|
||||
|
||||
/* Allocate a new buffer for the datagram. */
|
||||
ihlen = head->nh.iph->ihl*4;
|
||||
ihlen = ip_hdrlen(head);
|
||||
len = ihlen + qp->len;
|
||||
|
||||
if (len > 65535)
|
||||
|
@ -198,9 +198,7 @@ int ip_call_ra_chain(struct sk_buff *skb)
|
||||
|
||||
static inline int ip_local_deliver_finish(struct sk_buff *skb)
|
||||
{
|
||||
int ihl = skb->nh.iph->ihl*4;
|
||||
|
||||
__skb_pull(skb, ihl);
|
||||
__skb_pull(skb, ip_hdrlen(skb));
|
||||
|
||||
/* Point into the IP datagram, just past the header. */
|
||||
skb->h.raw = skb->data;
|
||||
|
@ -539,7 +539,7 @@ static void ipmr_cache_resolve(struct mfc_cache *uc, struct mfc_cache *c)
|
||||
static int ipmr_cache_report(struct sk_buff *pkt, vifi_t vifi, int assert)
|
||||
{
|
||||
struct sk_buff *skb;
|
||||
int ihl = pkt->nh.iph->ihl<<2;
|
||||
const int ihl = ip_hdrlen(pkt);
|
||||
struct igmphdr *igmp;
|
||||
struct igmpmsg *msg;
|
||||
int ret;
|
||||
|
@ -331,7 +331,7 @@ static inline int app_tcp_pkt_out(struct ip_vs_conn *cp, struct sk_buff **pskb,
|
||||
struct ip_vs_app *app)
|
||||
{
|
||||
int diff;
|
||||
unsigned int tcp_offset = (*pskb)->nh.iph->ihl*4;
|
||||
const unsigned int tcp_offset = ip_hdrlen(*pskb);
|
||||
struct tcphdr *th;
|
||||
__u32 seq;
|
||||
|
||||
@ -406,7 +406,7 @@ static inline int app_tcp_pkt_in(struct ip_vs_conn *cp, struct sk_buff **pskb,
|
||||
struct ip_vs_app *app)
|
||||
{
|
||||
int diff;
|
||||
unsigned int tcp_offset = (*pskb)->nh.iph->ihl*4;
|
||||
const unsigned int tcp_offset = ip_hdrlen(*pskb);
|
||||
struct tcphdr *th;
|
||||
__u32 seq;
|
||||
|
||||
|
@ -713,8 +713,7 @@ static inline int is_tcp_reset(const struct sk_buff *skb)
|
||||
{
|
||||
struct tcphdr _tcph, *th;
|
||||
|
||||
th = skb_header_pointer(skb, skb->nh.iph->ihl * 4,
|
||||
sizeof(_tcph), &_tcph);
|
||||
th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph);
|
||||
if (th == NULL)
|
||||
return 0;
|
||||
return th->rst;
|
||||
|
@ -76,8 +76,7 @@ tcp_conn_schedule(struct sk_buff *skb,
|
||||
struct ip_vs_service *svc;
|
||||
struct tcphdr _tcph, *th;
|
||||
|
||||
th = skb_header_pointer(skb, skb->nh.iph->ihl*4,
|
||||
sizeof(_tcph), &_tcph);
|
||||
th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph);
|
||||
if (th == NULL) {
|
||||
*verdict = NF_DROP;
|
||||
return 0;
|
||||
@ -127,7 +126,7 @@ tcp_snat_handler(struct sk_buff **pskb,
|
||||
struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
|
||||
{
|
||||
struct tcphdr *tcph;
|
||||
unsigned int tcphoff = (*pskb)->nh.iph->ihl * 4;
|
||||
const unsigned int tcphoff = ip_hdrlen(*pskb);
|
||||
|
||||
/* csum_check requires unshared skb */
|
||||
if (!ip_vs_make_skb_writable(pskb, tcphoff+sizeof(*tcph)))
|
||||
@ -175,7 +174,7 @@ tcp_dnat_handler(struct sk_buff **pskb,
|
||||
struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
|
||||
{
|
||||
struct tcphdr *tcph;
|
||||
unsigned int tcphoff = (*pskb)->nh.iph->ihl * 4;
|
||||
const unsigned int tcphoff = ip_hdrlen(*pskb);
|
||||
|
||||
/* csum_check requires unshared skb */
|
||||
if (!ip_vs_make_skb_writable(pskb, tcphoff+sizeof(*tcph)))
|
||||
@ -224,7 +223,7 @@ tcp_dnat_handler(struct sk_buff **pskb,
|
||||
static int
|
||||
tcp_csum_check(struct sk_buff *skb, struct ip_vs_protocol *pp)
|
||||
{
|
||||
unsigned int tcphoff = skb->nh.iph->ihl*4;
|
||||
const unsigned int tcphoff = ip_hdrlen(skb);
|
||||
|
||||
switch (skb->ip_summed) {
|
||||
case CHECKSUM_NONE:
|
||||
@ -467,8 +466,7 @@ tcp_state_transition(struct ip_vs_conn *cp, int direction,
|
||||
{
|
||||
struct tcphdr _tcph, *th;
|
||||
|
||||
th = skb_header_pointer(skb, skb->nh.iph->ihl*4,
|
||||
sizeof(_tcph), &_tcph);
|
||||
th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph);
|
||||
if (th == NULL)
|
||||
return 0;
|
||||
|
||||
|
@ -22,7 +22,7 @@
|
||||
#include <linux/udp.h>
|
||||
|
||||
#include <net/ip_vs.h>
|
||||
|
||||
#include <net/ip.h>
|
||||
|
||||
static struct ip_vs_conn *
|
||||
udp_conn_in_get(const struct sk_buff *skb, struct ip_vs_protocol *pp,
|
||||
@ -56,7 +56,7 @@ udp_conn_out_get(const struct sk_buff *skb, struct ip_vs_protocol *pp,
|
||||
struct ip_vs_conn *cp;
|
||||
__be16 _ports[2], *pptr;
|
||||
|
||||
pptr = skb_header_pointer(skb, skb->nh.iph->ihl*4,
|
||||
pptr = skb_header_pointer(skb, ip_hdrlen(skb),
|
||||
sizeof(_ports), _ports);
|
||||
if (pptr == NULL)
|
||||
return NULL;
|
||||
@ -82,7 +82,7 @@ udp_conn_schedule(struct sk_buff *skb, struct ip_vs_protocol *pp,
|
||||
struct ip_vs_service *svc;
|
||||
struct udphdr _udph, *uh;
|
||||
|
||||
uh = skb_header_pointer(skb, skb->nh.iph->ihl*4,
|
||||
uh = skb_header_pointer(skb, ip_hdrlen(skb),
|
||||
sizeof(_udph), &_udph);
|
||||
if (uh == NULL) {
|
||||
*verdict = NF_DROP;
|
||||
@ -133,7 +133,7 @@ udp_snat_handler(struct sk_buff **pskb,
|
||||
struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
|
||||
{
|
||||
struct udphdr *udph;
|
||||
unsigned int udphoff = (*pskb)->nh.iph->ihl * 4;
|
||||
const unsigned int udphoff = ip_hdrlen(*pskb);
|
||||
|
||||
/* csum_check requires unshared skb */
|
||||
if (!ip_vs_make_skb_writable(pskb, udphoff+sizeof(*udph)))
|
||||
@ -187,7 +187,7 @@ udp_dnat_handler(struct sk_buff **pskb,
|
||||
struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
|
||||
{
|
||||
struct udphdr *udph;
|
||||
unsigned int udphoff = (*pskb)->nh.iph->ihl * 4;
|
||||
unsigned int udphoff = ip_hdrlen(*pskb);
|
||||
|
||||
/* csum_check requires unshared skb */
|
||||
if (!ip_vs_make_skb_writable(pskb, udphoff+sizeof(*udph)))
|
||||
@ -239,7 +239,7 @@ static int
|
||||
udp_csum_check(struct sk_buff *skb, struct ip_vs_protocol *pp)
|
||||
{
|
||||
struct udphdr _udph, *uh;
|
||||
unsigned int udphoff = skb->nh.iph->ihl*4;
|
||||
const unsigned int udphoff = ip_hdrlen(skb);
|
||||
|
||||
uh = skb_header_pointer(skb, udphoff, sizeof(_udph), &_udph);
|
||||
if (uh == NULL)
|
||||
|
@ -103,7 +103,7 @@ static int help(struct sk_buff **pskb,
|
||||
ip_ct_refresh(ct, *pskb, master_timeout * HZ);
|
||||
|
||||
/* No data? */
|
||||
dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
|
||||
dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
|
||||
if (dataoff >= (*pskb)->len) {
|
||||
if (net_ratelimit())
|
||||
printk("amanda_help: skblen = %u\n", (*pskb)->len);
|
||||
|
@ -750,8 +750,7 @@ resolve_normal_ct(struct sk_buff *skb,
|
||||
|
||||
IP_NF_ASSERT((skb->nh.iph->frag_off & htons(IP_OFFSET)) == 0);
|
||||
|
||||
if (!ip_ct_get_tuple(skb->nh.iph, skb, skb->nh.iph->ihl*4,
|
||||
&tuple,proto))
|
||||
if (!ip_ct_get_tuple(skb->nh.iph, skb, ip_hdrlen(skb), &tuple,proto))
|
||||
return NULL;
|
||||
|
||||
/* look for tuple match */
|
||||
|
@ -319,12 +319,12 @@ static int help(struct sk_buff **pskb,
|
||||
return NF_ACCEPT;
|
||||
}
|
||||
|
||||
th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4,
|
||||
th = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
|
||||
sizeof(_tcph), &_tcph);
|
||||
if (th == NULL)
|
||||
return NF_ACCEPT;
|
||||
|
||||
dataoff = (*pskb)->nh.iph->ihl*4 + th->doff*4;
|
||||
dataoff = ip_hdrlen(*pskb) + th->doff * 4;
|
||||
/* No data? */
|
||||
if (dataoff >= (*pskb)->len) {
|
||||
DEBUGP("ftp: pskblen = %u\n", (*pskb)->len);
|
||||
|
@ -115,13 +115,13 @@ static int get_tpkt_data(struct sk_buff **pskb, struct ip_conntrack *ct,
|
||||
int tpktoff;
|
||||
|
||||
/* Get TCP header */
|
||||
th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl * 4,
|
||||
th = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
|
||||
sizeof(_tcph), &_tcph);
|
||||
if (th == NULL)
|
||||
return 0;
|
||||
|
||||
/* Get TCP data offset */
|
||||
tcpdataoff = (*pskb)->nh.iph->ihl * 4 + th->doff * 4;
|
||||
tcpdataoff = ip_hdrlen(*pskb) + th->doff * 4;
|
||||
|
||||
/* Get TCP data length */
|
||||
tcpdatalen = (*pskb)->len - tcpdataoff;
|
||||
@ -1185,11 +1185,10 @@ static unsigned char *get_udp_data(struct sk_buff **pskb, int *datalen)
|
||||
struct udphdr _uh, *uh;
|
||||
int dataoff;
|
||||
|
||||
uh = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl * 4, sizeof(_uh),
|
||||
&_uh);
|
||||
uh = skb_header_pointer(*pskb, ip_hdrlen(*pskb), sizeof(_uh), &_uh);
|
||||
if (uh == NULL)
|
||||
return NULL;
|
||||
dataoff = (*pskb)->nh.iph->ihl * 4 + sizeof(_uh);
|
||||
dataoff = ip_hdrlen(*pskb) + sizeof(_uh);
|
||||
if (dataoff >= (*pskb)->len)
|
||||
return NULL;
|
||||
*datalen = (*pskb)->len - dataoff;
|
||||
|
@ -543,7 +543,7 @@ conntrack_pptp_help(struct sk_buff **pskb,
|
||||
struct pptp_pkt_hdr _pptph, *pptph;
|
||||
struct PptpControlHeader _ctlh, *ctlh;
|
||||
union pptp_ctrl_union _pptpReq, *pptpReq;
|
||||
unsigned int tcplen = (*pskb)->len - (*pskb)->nh.iph->ihl * 4;
|
||||
unsigned int tcplen = (*pskb)->len - ip_hdrlen(*pskb);
|
||||
unsigned int datalen, reqlen, nexthdr_off;
|
||||
int oldsstate, oldcstate;
|
||||
int ret;
|
||||
@ -556,7 +556,7 @@ conntrack_pptp_help(struct sk_buff **pskb,
|
||||
return NF_ACCEPT;
|
||||
}
|
||||
|
||||
nexthdr_off = (*pskb)->nh.iph->ihl*4;
|
||||
nexthdr_off = ip_hdrlen(*pskb);
|
||||
tcph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_tcph), &_tcph);
|
||||
BUG_ON(!tcph);
|
||||
nexthdr_off += tcph->doff * 4;
|
||||
|
@ -130,13 +130,13 @@ static int help(struct sk_buff **pskb,
|
||||
}
|
||||
|
||||
/* Not a full tcp header? */
|
||||
th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4,
|
||||
th = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
|
||||
sizeof(_tcph), &_tcph);
|
||||
if (th == NULL)
|
||||
return NF_ACCEPT;
|
||||
|
||||
/* No data? */
|
||||
dataoff = (*pskb)->nh.iph->ihl*4 + th->doff*4;
|
||||
dataoff = ip_hdrlen(*pskb) + th->doff * 4;
|
||||
if (dataoff >= (*pskb)->len)
|
||||
return NF_ACCEPT;
|
||||
|
||||
|
@ -149,7 +149,7 @@ icmp_error_message(struct sk_buff *skb,
|
||||
IP_NF_ASSERT(skb->nfct == NULL);
|
||||
|
||||
/* Not enough header? */
|
||||
inside = skb_header_pointer(skb, skb->nh.iph->ihl*4, sizeof(_in), &_in);
|
||||
inside = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_in), &_in);
|
||||
if (inside == NULL)
|
||||
return -NF_ACCEPT;
|
||||
|
||||
@ -161,7 +161,7 @@ icmp_error_message(struct sk_buff *skb,
|
||||
}
|
||||
|
||||
innerproto = ip_conntrack_proto_find_get(inside->ip.protocol);
|
||||
dataoff = skb->nh.iph->ihl*4 + sizeof(inside->icmp) + inside->ip.ihl*4;
|
||||
dataoff = ip_hdrlen(skb) + sizeof(inside->icmp) + inside->ip.ihl * 4;
|
||||
/* Are they talking about one of our connections? */
|
||||
if (!ip_ct_get_tuple(&inside->ip, skb, dataoff, &origtuple, innerproto)) {
|
||||
DEBUGP("icmp_error: ! get_tuple p=%u", inside->ip.protocol);
|
||||
@ -214,7 +214,7 @@ icmp_error(struct sk_buff *skb, enum ip_conntrack_info *ctinfo,
|
||||
struct icmphdr _ih, *icmph;
|
||||
|
||||
/* Not enough header? */
|
||||
icmph = skb_header_pointer(skb, skb->nh.iph->ihl*4, sizeof(_ih), &_ih);
|
||||
icmph = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_ih), &_ih);
|
||||
if (icmph == NULL) {
|
||||
if (LOG_INVALID(IPPROTO_ICMP))
|
||||
nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
|
||||
@ -224,7 +224,7 @@ icmp_error(struct sk_buff *skb, enum ip_conntrack_info *ctinfo,
|
||||
|
||||
/* See ip_conntrack_proto_tcp.c */
|
||||
if (ip_conntrack_checksum && hooknum == NF_IP_PRE_ROUTING &&
|
||||
nf_ip_checksum(skb, hooknum, skb->nh.iph->ihl * 4, 0)) {
|
||||
nf_ip_checksum(skb, hooknum, ip_hdrlen(skb), 0)) {
|
||||
if (LOG_INVALID(IPPROTO_ICMP))
|
||||
nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
|
||||
"ip_ct_icmp: bad ICMP checksum ");
|
||||
|
@ -206,7 +206,7 @@ static int sctp_print_conntrack(struct seq_file *s,
|
||||
}
|
||||
|
||||
#define for_each_sctp_chunk(skb, sch, _sch, offset, count) \
|
||||
for (offset = skb->nh.iph->ihl * 4 + sizeof(sctp_sctphdr_t), count = 0; \
|
||||
for (offset = ip_hdrlen(skb) + sizeof(sctp_sctphdr_t), count = 0; \
|
||||
offset < skb->len && \
|
||||
(sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch)); \
|
||||
offset += (ntohs(sch->length) + 3) & ~3, count++)
|
||||
|
@ -771,7 +771,7 @@ void ip_conntrack_tcp_update(struct sk_buff *skb,
|
||||
enum ip_conntrack_dir dir)
|
||||
{
|
||||
struct iphdr *iph = skb->nh.iph;
|
||||
struct tcphdr *tcph = (void *)skb->nh.iph + skb->nh.iph->ihl*4;
|
||||
struct tcphdr *tcph = (void *)skb->nh.iph + ip_hdrlen(skb);
|
||||
__u32 end;
|
||||
#ifdef DEBUGP_VARS
|
||||
struct ip_ct_tcp_state *sender = &conntrack->proto.tcp.seen[dir];
|
||||
|
@ -402,7 +402,7 @@ static int sip_help(struct sk_buff **pskb,
|
||||
typeof(ip_nat_sip_hook) ip_nat_sip;
|
||||
|
||||
/* No Data ? */
|
||||
dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
|
||||
dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
|
||||
if (dataoff >= (*pskb)->len) {
|
||||
DEBUGP("skb->len = %u\n", (*pskb)->len);
|
||||
return NF_ACCEPT;
|
||||
|
@ -458,7 +458,7 @@ static unsigned int ip_conntrack_local(unsigned int hooknum,
|
||||
{
|
||||
/* root is playing with raw sockets. */
|
||||
if ((*pskb)->len < sizeof(struct iphdr)
|
||||
|| (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) {
|
||||
|| ip_hdrlen(*pskb) < sizeof(struct iphdr)) {
|
||||
if (net_ratelimit())
|
||||
printk("ipt_hook: happy cracking.\n");
|
||||
return NF_ACCEPT;
|
||||
|
@ -53,7 +53,7 @@ static int tftp_help(struct sk_buff **pskb,
|
||||
typeof(ip_nat_tftp_hook) ip_nat_tftp;
|
||||
|
||||
tfh = skb_header_pointer(*pskb,
|
||||
(*pskb)->nh.iph->ihl*4+sizeof(struct udphdr),
|
||||
ip_hdrlen(*pskb) + sizeof(struct udphdr),
|
||||
sizeof(_tftph), &_tftph);
|
||||
if (tfh == NULL)
|
||||
return NF_ACCEPT;
|
||||
|
@ -422,7 +422,7 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
|
||||
} *inside;
|
||||
struct ip_conntrack_protocol *proto;
|
||||
struct ip_conntrack_tuple inner, target;
|
||||
int hdrlen = (*pskb)->nh.iph->ihl * 4;
|
||||
int hdrlen = ip_hdrlen(*pskb);
|
||||
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
|
||||
unsigned long statusbit;
|
||||
enum ip_nat_manip_type manip = HOOK2MANIP(hooknum);
|
||||
@ -430,7 +430,7 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
|
||||
if (!skb_make_writable(pskb, hdrlen + sizeof(*inside)))
|
||||
return 0;
|
||||
|
||||
inside = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4;
|
||||
inside = (void *)(*pskb)->data + ip_hdrlen(*pskb);
|
||||
|
||||
/* We're actually going to mangle it beyond trivial checksum
|
||||
adjustment, so make sure the current checksum is correct. */
|
||||
@ -458,7 +458,7 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
|
||||
|
||||
/* rcu_read_lock()ed by nf_hook_slow */
|
||||
proto = __ip_conntrack_proto_find(inside->ip.protocol);
|
||||
if (!ip_ct_get_tuple(&inside->ip, *pskb, (*pskb)->nh.iph->ihl*4 +
|
||||
if (!ip_ct_get_tuple(&inside->ip, *pskb, ip_hdrlen(*pskb) +
|
||||
sizeof(struct icmphdr) + inside->ip.ihl*4,
|
||||
&inner, proto))
|
||||
return 0;
|
||||
@ -469,15 +469,14 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
|
||||
packet: PREROUTING (DST manip), routing produces ICMP, goes
|
||||
through POSTROUTING (which must correct the DST manip). */
|
||||
if (!manip_pkt(inside->ip.protocol, pskb,
|
||||
(*pskb)->nh.iph->ihl*4
|
||||
+ sizeof(inside->icmp),
|
||||
ip_hdrlen(*pskb) + sizeof(inside->icmp),
|
||||
&ct->tuplehash[!dir].tuple,
|
||||
!manip))
|
||||
return 0;
|
||||
|
||||
if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) {
|
||||
/* Reloading "inside" here since manip_pkt inner. */
|
||||
inside = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4;
|
||||
inside = (void *)(*pskb)->data + ip_hdrlen(*pskb);
|
||||
inside->icmp.checksum = 0;
|
||||
inside->icmp.checksum = csum_fold(skb_checksum(*pskb, hdrlen,
|
||||
(*pskb)->len - hdrlen,
|
||||
|
@ -322,8 +322,8 @@ ip_nat_sack_adjust(struct sk_buff **pskb,
|
||||
{
|
||||
unsigned int dir, optoff, optend;
|
||||
|
||||
optoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct tcphdr);
|
||||
optend = (*pskb)->nh.iph->ihl*4 + tcph->doff*4;
|
||||
optoff = ip_hdrlen(*pskb) + sizeof(struct tcphdr);
|
||||
optend = ip_hdrlen(*pskb) + tcph->doff * 4;
|
||||
|
||||
if (!skb_make_writable(pskb, optend))
|
||||
return 0;
|
||||
@ -374,10 +374,10 @@ ip_nat_seq_adjust(struct sk_buff **pskb,
|
||||
this_way = &ct->nat.info.seq[dir];
|
||||
other_way = &ct->nat.info.seq[!dir];
|
||||
|
||||
if (!skb_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph)))
|
||||
if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph)))
|
||||
return 0;
|
||||
|
||||
tcph = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4;
|
||||
tcph = (void *)(*pskb)->data + ip_hdrlen(*pskb);
|
||||
if (after(ntohl(tcph->seq), this_way->correction_pos))
|
||||
newseq = htonl(ntohl(tcph->seq) + this_way->offset_after);
|
||||
else
|
||||
|
@ -57,11 +57,11 @@ static int set_addr(struct sk_buff **pskb,
|
||||
}
|
||||
|
||||
/* Relocate data pointer */
|
||||
th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl * 4,
|
||||
th = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
|
||||
sizeof(_tcph), &_tcph);
|
||||
if (th == NULL)
|
||||
return -1;
|
||||
*data = (*pskb)->data + (*pskb)->nh.iph->ihl * 4 +
|
||||
*data = (*pskb)->data + ip_hdrlen(*pskb) +
|
||||
th->doff * 4 + dataoff;
|
||||
} else {
|
||||
if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo,
|
||||
@ -75,8 +75,8 @@ static int set_addr(struct sk_buff **pskb,
|
||||
/* ip_nat_mangle_udp_packet uses skb_make_writable() to copy
|
||||
* or pull everything in a linear buffer, so we can safely
|
||||
* use the skb pointers now */
|
||||
*data = (*pskb)->data + (*pskb)->nh.iph->ihl * 4 +
|
||||
sizeof(struct udphdr);
|
||||
*data = ((*pskb)->data + ip_hdrlen(*pskb) +
|
||||
sizeof(struct udphdr));
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
@ -90,7 +90,7 @@ static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo,
|
||||
if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo,
|
||||
matchoff, matchlen, addr, addrlen))
|
||||
return 0;
|
||||
*dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
|
||||
*dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr);
|
||||
return 1;
|
||||
|
||||
}
|
||||
@ -104,7 +104,7 @@ static unsigned int ip_nat_sip(struct sk_buff **pskb,
|
||||
struct addr_map map;
|
||||
int dataoff, datalen;
|
||||
|
||||
dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
|
||||
dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
|
||||
datalen = (*pskb)->len - dataoff;
|
||||
if (datalen < sizeof("SIP/2.0") - 1)
|
||||
return NF_DROP;
|
||||
@ -153,7 +153,7 @@ static unsigned int mangle_sip_packet(struct sk_buff **pskb,
|
||||
return 0;
|
||||
|
||||
/* We need to reload this. Thanks Patrick. */
|
||||
*dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
|
||||
*dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -166,7 +166,7 @@ static int mangle_content_len(struct sk_buff **pskb,
|
||||
char buffer[sizeof("65536")];
|
||||
int bufflen;
|
||||
|
||||
dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
|
||||
dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
|
||||
|
||||
/* Get actual SDP lenght */
|
||||
if (ct_sip_get_info(dptr, (*pskb)->len - dataoff, &matchoff,
|
||||
@ -199,7 +199,7 @@ static unsigned int mangle_sdp(struct sk_buff **pskb,
|
||||
char buffer[sizeof("nnn.nnn.nnn.nnn")];
|
||||
unsigned int dataoff, bufflen;
|
||||
|
||||
dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
|
||||
dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
|
||||
|
||||
/* Mangle owner and contact info. */
|
||||
bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip));
|
||||
|
@ -112,8 +112,7 @@ ip_nat_fn(unsigned int hooknum,
|
||||
if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) {
|
||||
struct icmphdr _hdr, *hp;
|
||||
|
||||
hp = skb_header_pointer(*pskb,
|
||||
(*pskb)->nh.iph->ihl*4,
|
||||
hp = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
|
||||
sizeof(_hdr), &_hdr);
|
||||
if (hp != NULL &&
|
||||
hp->type == ICMP_REDIRECT)
|
||||
@ -211,7 +210,7 @@ ip_nat_out(unsigned int hooknum,
|
||||
|
||||
/* root is playing with raw sockets. */
|
||||
if ((*pskb)->len < sizeof(struct iphdr)
|
||||
|| (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr))
|
||||
|| ip_hdrlen(*pskb) < sizeof(struct iphdr))
|
||||
return NF_ACCEPT;
|
||||
|
||||
ret = ip_nat_fn(hooknum, pskb, in, out, okfn);
|
||||
@ -244,7 +243,7 @@ ip_nat_local_fn(unsigned int hooknum,
|
||||
|
||||
/* root is playing with raw sockets. */
|
||||
if ((*pskb)->len < sizeof(struct iphdr)
|
||||
|| (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr))
|
||||
|| ip_hdrlen(*pskb) < sizeof(struct iphdr))
|
||||
return NF_ACCEPT;
|
||||
|
||||
ret = ip_nat_fn(hooknum, pskb, in, out, okfn);
|
||||
|
@ -198,7 +198,7 @@ int do_match(struct ipt_entry_match *m,
|
||||
{
|
||||
/* Stop iteration if it doesn't match */
|
||||
if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data,
|
||||
offset, skb->nh.iph->ihl*4, hotdrop))
|
||||
offset, ip_hdrlen(skb), hotdrop))
|
||||
return 1;
|
||||
else
|
||||
return 0;
|
||||
|
@ -13,6 +13,7 @@
|
||||
#include <linux/module.h>
|
||||
#include <linux/skbuff.h>
|
||||
#include <linux/ip.h>
|
||||
#include <net/ip.h>
|
||||
#include <linux/tcp.h>
|
||||
#include <net/checksum.h>
|
||||
|
||||
@ -52,7 +53,7 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
|
||||
__be16 oldval;
|
||||
|
||||
/* Not enought header? */
|
||||
tcph = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4,
|
||||
tcph = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
|
||||
sizeof(_tcph), &_tcph);
|
||||
if (!tcph)
|
||||
return 0;
|
||||
@ -63,9 +64,9 @@ set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
|
||||
tcph->cwr == einfo->proto.tcp.cwr)))
|
||||
return 1;
|
||||
|
||||
if (!skb_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph)))
|
||||
if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph)))
|
||||
return 0;
|
||||
tcph = (void *)(*pskb)->nh.iph + (*pskb)->nh.iph->ihl*4;
|
||||
tcph = (void *)(*pskb)->nh.iph + ip_hdrlen(*pskb);
|
||||
|
||||
oldval = ((__be16 *)tcph)[6];
|
||||
if (einfo->operation & IPT_ECN_OP_SET_ECE)
|
||||
|
@ -43,7 +43,6 @@ MODULE_DESCRIPTION("iptables REJECT target module");
|
||||
static void send_reset(struct sk_buff *oldskb, int hook)
|
||||
{
|
||||
struct sk_buff *nskb;
|
||||
struct iphdr *iph = oldskb->nh.iph;
|
||||
struct tcphdr _otcph, *oth, *tcph;
|
||||
__be16 tmp_port;
|
||||
__be32 tmp_addr;
|
||||
@ -54,7 +53,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
|
||||
if (oldskb->nh.iph->frag_off & htons(IP_OFFSET))
|
||||
return;
|
||||
|
||||
oth = skb_header_pointer(oldskb, oldskb->nh.iph->ihl * 4,
|
||||
oth = skb_header_pointer(oldskb, ip_hdrlen(oldskb),
|
||||
sizeof(_otcph), &_otcph);
|
||||
if (oth == NULL)
|
||||
return;
|
||||
@ -64,7 +63,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
|
||||
return;
|
||||
|
||||
/* Check checksum */
|
||||
if (nf_ip_checksum(oldskb, hook, iph->ihl * 4, IPPROTO_TCP))
|
||||
if (nf_ip_checksum(oldskb, hook, ip_hdrlen(oldskb), IPPROTO_TCP))
|
||||
return;
|
||||
|
||||
/* We need a linear, writeable skb. We also need to expand
|
||||
@ -84,7 +83,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
|
||||
skb_shinfo(nskb)->gso_segs = 0;
|
||||
skb_shinfo(nskb)->gso_type = 0;
|
||||
|
||||
tcph = (struct tcphdr *)((u_int32_t*)nskb->nh.iph + nskb->nh.iph->ihl);
|
||||
tcph = (struct tcphdr *)(skb_network_header(nskb) + ip_hdrlen(nskb));
|
||||
|
||||
/* Swap source and dest */
|
||||
tmp_addr = nskb->nh.iph->saddr;
|
||||
@ -96,7 +95,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
|
||||
|
||||
/* Truncate to length (no data) */
|
||||
tcph->doff = sizeof(struct tcphdr)/4;
|
||||
skb_trim(nskb, nskb->nh.iph->ihl*4 + sizeof(struct tcphdr));
|
||||
skb_trim(nskb, ip_hdrlen(nskb) + sizeof(struct tcphdr));
|
||||
nskb->nh.iph->tot_len = htons(nskb->len);
|
||||
|
||||
if (tcph->ack) {
|
||||
@ -105,9 +104,9 @@ static void send_reset(struct sk_buff *oldskb, int hook)
|
||||
tcph->ack_seq = 0;
|
||||
} else {
|
||||
needs_ack = 1;
|
||||
tcph->ack_seq = htonl(ntohl(oth->seq) + oth->syn + oth->fin
|
||||
+ oldskb->len - oldskb->nh.iph->ihl*4
|
||||
- (oth->doff<<2));
|
||||
tcph->ack_seq = htonl(ntohl(oth->seq) + oth->syn + oth->fin +
|
||||
oldskb->len - ip_hdrlen(oldskb) -
|
||||
(oth->doff << 2));
|
||||
tcph->seq = 0;
|
||||
}
|
||||
|
||||
@ -149,7 +148,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
|
||||
|
||||
/* Adjust IP checksum */
|
||||
nskb->nh.iph->check = 0;
|
||||
nskb->nh.iph->check = ip_fast_csum((unsigned char *)nskb->nh.iph,
|
||||
nskb->nh.iph->check = ip_fast_csum(skb_network_header(nskb),
|
||||
nskb->nh.iph->ihl);
|
||||
|
||||
/* "Never happens" */
|
||||
@ -182,7 +181,7 @@ static unsigned int reject(struct sk_buff **pskb,
|
||||
|
||||
/* Our naive response construction doesn't deal with IP
|
||||
options, and probably shouldn't try. */
|
||||
if ((*pskb)->nh.iph->ihl<<2 != sizeof(struct iphdr))
|
||||
if (ip_hdrlen(*pskb) != sizeof(struct iphdr))
|
||||
return NF_DROP;
|
||||
|
||||
/* WARNING: This code causes reentry within iptables.
|
||||
|
@ -11,6 +11,7 @@
|
||||
|
||||
#include <linux/in.h>
|
||||
#include <linux/ip.h>
|
||||
#include <net/ip.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/skbuff.h>
|
||||
#include <linux/tcp.h>
|
||||
@ -38,8 +39,7 @@ static inline int match_tcp(const struct sk_buff *skb,
|
||||
/* In practice, TCP match does this, so can't fail. But let's
|
||||
* be good citizens.
|
||||
*/
|
||||
th = skb_header_pointer(skb, skb->nh.iph->ihl * 4,
|
||||
sizeof(_tcph), &_tcph);
|
||||
th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph);
|
||||
if (th == NULL) {
|
||||
*hotdrop = 0;
|
||||
return 0;
|
||||
|
@ -13,6 +13,7 @@
|
||||
#include <linux/module.h>
|
||||
#include <linux/moduleparam.h>
|
||||
#include <linux/netfilter_ipv4/ip_tables.h>
|
||||
#include <net/ip.h>
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
|
||||
@ -102,7 +103,7 @@ ipt_local_out_hook(unsigned int hook,
|
||||
{
|
||||
/* root is playing with raw sockets. */
|
||||
if ((*pskb)->len < sizeof(struct iphdr)
|
||||
|| (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) {
|
||||
|| ip_hdrlen(*pskb) < sizeof(struct iphdr)) {
|
||||
if (net_ratelimit())
|
||||
printk("ipt_hook: happy cracking.\n");
|
||||
return NF_ACCEPT;
|
||||
|
@ -17,6 +17,7 @@
|
||||
#include <net/sock.h>
|
||||
#include <net/route.h>
|
||||
#include <linux/ip.h>
|
||||
#include <net/ip.h>
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
|
||||
@ -136,7 +137,7 @@ ipt_local_hook(unsigned int hook,
|
||||
|
||||
/* root is playing with raw sockets. */
|
||||
if ((*pskb)->len < sizeof(struct iphdr)
|
||||
|| (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) {
|
||||
|| ip_hdrlen(*pskb) < sizeof(struct iphdr)) {
|
||||
if (net_ratelimit())
|
||||
printk("ipt_hook: happy cracking.\n");
|
||||
return NF_ACCEPT;
|
||||
|
@ -105,7 +105,7 @@ ipv4_prepare(struct sk_buff **pskb, unsigned int hooknum, unsigned int *dataoff,
|
||||
return -NF_DROP;
|
||||
}
|
||||
|
||||
*dataoff = skb_network_offset(*pskb) + (*pskb)->nh.iph->ihl * 4;
|
||||
*dataoff = skb_network_offset(*pskb) + ip_hdrlen(*pskb);
|
||||
*protonum = (*pskb)->nh.iph->protocol;
|
||||
|
||||
return NF_ACCEPT;
|
||||
@ -151,8 +151,8 @@ static unsigned int ipv4_conntrack_help(unsigned int hooknum,
|
||||
if (!help || !help->helper)
|
||||
return NF_ACCEPT;
|
||||
|
||||
return help->helper->help(pskb, (skb_network_offset(*pskb) +
|
||||
(*pskb)->nh.iph->ihl * 4),
|
||||
return help->helper->help(pskb,
|
||||
skb_network_offset(*pskb) + ip_hdrlen(*pskb),
|
||||
ct, ctinfo);
|
||||
}
|
||||
|
||||
@ -198,7 +198,7 @@ static unsigned int ipv4_conntrack_local(unsigned int hooknum,
|
||||
{
|
||||
/* root is playing with raw sockets. */
|
||||
if ((*pskb)->len < sizeof(struct iphdr)
|
||||
|| (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) {
|
||||
|| ip_hdrlen(*pskb) < sizeof(struct iphdr)) {
|
||||
if (net_ratelimit())
|
||||
printk("ipt_hook: happy cracking.\n");
|
||||
return NF_ACCEPT;
|
||||
|
@ -158,7 +158,7 @@ icmp_error_message(struct sk_buff *skb,
|
||||
NF_CT_ASSERT(skb->nfct == NULL);
|
||||
|
||||
/* Not enough header? */
|
||||
inside = skb_header_pointer(skb, skb->nh.iph->ihl*4, sizeof(_in), &_in);
|
||||
inside = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_in), &_in);
|
||||
if (inside == NULL)
|
||||
return -NF_ACCEPT;
|
||||
|
||||
@ -172,7 +172,7 @@ icmp_error_message(struct sk_buff *skb,
|
||||
/* rcu_read_lock()ed by nf_hook_slow */
|
||||
innerproto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol);
|
||||
|
||||
dataoff = skb->nh.iph->ihl*4 + sizeof(inside->icmp);
|
||||
dataoff = ip_hdrlen(skb) + sizeof(inside->icmp);
|
||||
/* Are they talking about one of our connections? */
|
||||
if (!nf_ct_get_tuple(skb, dataoff, dataoff + inside->ip.ihl*4, PF_INET,
|
||||
inside->ip.protocol, &origtuple,
|
||||
@ -227,7 +227,7 @@ icmp_error(struct sk_buff *skb, unsigned int dataoff,
|
||||
struct icmphdr _ih, *icmph;
|
||||
|
||||
/* Not enough header? */
|
||||
icmph = skb_header_pointer(skb, skb->nh.iph->ihl*4, sizeof(_ih), &_ih);
|
||||
icmph = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_ih), &_ih);
|
||||
if (icmph == NULL) {
|
||||
if (LOG_INVALID(IPPROTO_ICMP))
|
||||
nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
|
||||
|
@ -431,7 +431,7 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
|
||||
} *inside;
|
||||
struct nf_conntrack_l4proto *l4proto;
|
||||
struct nf_conntrack_tuple inner, target;
|
||||
int hdrlen = (*pskb)->nh.iph->ihl * 4;
|
||||
int hdrlen = ip_hdrlen(*pskb);
|
||||
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
|
||||
unsigned long statusbit;
|
||||
enum nf_nat_manip_type manip = HOOK2MANIP(hooknum);
|
||||
@ -439,7 +439,7 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
|
||||
if (!skb_make_writable(pskb, hdrlen + sizeof(*inside)))
|
||||
return 0;
|
||||
|
||||
inside = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4;
|
||||
inside = (void *)(*pskb)->data + ip_hdrlen(*pskb);
|
||||
|
||||
/* We're actually going to mangle it beyond trivial checksum
|
||||
adjustment, so make sure the current checksum is correct. */
|
||||
@ -469,9 +469,9 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
|
||||
l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol);
|
||||
|
||||
if (!nf_ct_get_tuple(*pskb,
|
||||
(*pskb)->nh.iph->ihl*4 + sizeof(struct icmphdr),
|
||||
(*pskb)->nh.iph->ihl*4 +
|
||||
sizeof(struct icmphdr) + inside->ip.ihl*4,
|
||||
ip_hdrlen(*pskb) + sizeof(struct icmphdr),
|
||||
(ip_hdrlen(*pskb) +
|
||||
sizeof(struct icmphdr) + inside->ip.ihl * 4),
|
||||
(u_int16_t)AF_INET,
|
||||
inside->ip.protocol,
|
||||
&inner, l3proto, l4proto))
|
||||
@ -483,14 +483,14 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
|
||||
packet: PREROUTING (DST manip), routing produces ICMP, goes
|
||||
through POSTROUTING (which must correct the DST manip). */
|
||||
if (!manip_pkt(inside->ip.protocol, pskb,
|
||||
(*pskb)->nh.iph->ihl*4 + sizeof(inside->icmp),
|
||||
ip_hdrlen(*pskb) + sizeof(inside->icmp),
|
||||
&ct->tuplehash[!dir].tuple,
|
||||
!manip))
|
||||
return 0;
|
||||
|
||||
if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) {
|
||||
/* Reloading "inside" here since manip_pkt inner. */
|
||||
inside = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4;
|
||||
inside = (void *)(*pskb)->data + ip_hdrlen(*pskb);
|
||||
inside->icmp.checksum = 0;
|
||||
inside->icmp.checksum =
|
||||
csum_fold(skb_checksum(*pskb, hdrlen,
|
||||
|
@ -55,11 +55,11 @@ static int set_addr(struct sk_buff **pskb,
|
||||
}
|
||||
|
||||
/* Relocate data pointer */
|
||||
th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl * 4,
|
||||
th = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
|
||||
sizeof(_tcph), &_tcph);
|
||||
if (th == NULL)
|
||||
return -1;
|
||||
*data = (*pskb)->data + (*pskb)->nh.iph->ihl * 4 +
|
||||
*data = (*pskb)->data + ip_hdrlen(*pskb) +
|
||||
th->doff * 4 + dataoff;
|
||||
} else {
|
||||
if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo,
|
||||
@ -73,8 +73,8 @@ static int set_addr(struct sk_buff **pskb,
|
||||
/* nf_nat_mangle_udp_packet uses skb_make_writable() to copy
|
||||
* or pull everything in a linear buffer, so we can safely
|
||||
* use the skb pointers now */
|
||||
*data = (*pskb)->data + (*pskb)->nh.iph->ihl * 4 +
|
||||
sizeof(struct udphdr);
|
||||
*data = ((*pskb)->data + ip_hdrlen(*pskb) +
|
||||
sizeof(struct udphdr));
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
@ -190,7 +190,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb,
|
||||
(int)rep_len - (int)match_len,
|
||||
ct, ctinfo);
|
||||
/* Tell TCP window tracking about seq change */
|
||||
nf_conntrack_tcp_update(*pskb, (*pskb)->nh.iph->ihl*4,
|
||||
nf_conntrack_tcp_update(*pskb, ip_hdrlen(*pskb),
|
||||
ct, CTINFO2DIR(ctinfo));
|
||||
}
|
||||
return 1;
|
||||
@ -318,8 +318,8 @@ nf_nat_sack_adjust(struct sk_buff **pskb,
|
||||
unsigned int dir, optoff, optend;
|
||||
struct nf_conn_nat *nat = nfct_nat(ct);
|
||||
|
||||
optoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct tcphdr);
|
||||
optend = (*pskb)->nh.iph->ihl*4 + tcph->doff*4;
|
||||
optoff = ip_hdrlen(*pskb) + sizeof(struct tcphdr);
|
||||
optend = ip_hdrlen(*pskb) + tcph->doff * 4;
|
||||
|
||||
if (!skb_make_writable(pskb, optend))
|
||||
return 0;
|
||||
@ -371,10 +371,10 @@ nf_nat_seq_adjust(struct sk_buff **pskb,
|
||||
this_way = &nat->info.seq[dir];
|
||||
other_way = &nat->info.seq[!dir];
|
||||
|
||||
if (!skb_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph)))
|
||||
if (!skb_make_writable(pskb, ip_hdrlen(*pskb) + sizeof(*tcph)))
|
||||
return 0;
|
||||
|
||||
tcph = (void *)(*pskb)->data + (*pskb)->nh.iph->ihl*4;
|
||||
tcph = (void *)(*pskb)->data + ip_hdrlen(*pskb);
|
||||
if (after(ntohl(tcph->seq), this_way->correction_pos))
|
||||
newseq = htonl(ntohl(tcph->seq) + this_way->offset_after);
|
||||
else
|
||||
@ -399,7 +399,7 @@ nf_nat_seq_adjust(struct sk_buff **pskb,
|
||||
if (!nf_nat_sack_adjust(pskb, tcph, ct, ctinfo))
|
||||
return 0;
|
||||
|
||||
nf_conntrack_tcp_update(*pskb, (*pskb)->nh.iph->ihl*4, ct, dir);
|
||||
nf_conntrack_tcp_update(*pskb, ip_hdrlen(*pskb), ct, dir);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
@ -11,6 +11,7 @@
|
||||
#include <linux/module.h>
|
||||
#include <linux/skbuff.h>
|
||||
#include <linux/ip.h>
|
||||
#include <net/ip.h>
|
||||
#include <linux/udp.h>
|
||||
|
||||
#include <net/netfilter/nf_nat.h>
|
||||
@ -92,7 +93,7 @@ static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo,
|
||||
if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo,
|
||||
matchoff, matchlen, addr, addrlen))
|
||||
return 0;
|
||||
*dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
|
||||
*dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr);
|
||||
return 1;
|
||||
|
||||
}
|
||||
@ -106,7 +107,7 @@ static unsigned int ip_nat_sip(struct sk_buff **pskb,
|
||||
struct addr_map map;
|
||||
int dataoff, datalen;
|
||||
|
||||
dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
|
||||
dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
|
||||
datalen = (*pskb)->len - dataoff;
|
||||
if (datalen < sizeof("SIP/2.0") - 1)
|
||||
return NF_DROP;
|
||||
@ -155,7 +156,7 @@ static unsigned int mangle_sip_packet(struct sk_buff **pskb,
|
||||
return 0;
|
||||
|
||||
/* We need to reload this. Thanks Patrick. */
|
||||
*dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
|
||||
*dptr = (*pskb)->data + ip_hdrlen(*pskb) + sizeof(struct udphdr);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -168,7 +169,7 @@ static int mangle_content_len(struct sk_buff **pskb,
|
||||
char buffer[sizeof("65536")];
|
||||
int bufflen;
|
||||
|
||||
dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
|
||||
dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
|
||||
|
||||
/* Get actual SDP lenght */
|
||||
if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff,
|
||||
@ -200,7 +201,7 @@ static unsigned int mangle_sdp(struct sk_buff **pskb,
|
||||
char buffer[sizeof("nnn.nnn.nnn.nnn")];
|
||||
unsigned int dataoff, bufflen;
|
||||
|
||||
dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
|
||||
dataoff = ip_hdrlen(*pskb) + sizeof(struct udphdr);
|
||||
|
||||
/* Mangle owner and contact info. */
|
||||
bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip));
|
||||
|
@ -101,8 +101,7 @@ nf_nat_fn(unsigned int hooknum,
|
||||
if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) {
|
||||
struct icmphdr _hdr, *hp;
|
||||
|
||||
hp = skb_header_pointer(*pskb,
|
||||
(*pskb)->nh.iph->ihl*4,
|
||||
hp = skb_header_pointer(*pskb, ip_hdrlen(*pskb),
|
||||
sizeof(_hdr), &_hdr);
|
||||
if (hp != NULL &&
|
||||
hp->type == ICMP_REDIRECT)
|
||||
@ -203,7 +202,7 @@ nf_nat_out(unsigned int hooknum,
|
||||
|
||||
/* root is playing with raw sockets. */
|
||||
if ((*pskb)->len < sizeof(struct iphdr) ||
|
||||
(*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr))
|
||||
ip_hdrlen(*pskb) < sizeof(struct iphdr))
|
||||
return NF_ACCEPT;
|
||||
|
||||
ret = nf_nat_fn(hooknum, pskb, in, out, okfn);
|
||||
@ -236,7 +235,7 @@ nf_nat_local_fn(unsigned int hooknum,
|
||||
|
||||
/* root is playing with raw sockets. */
|
||||
if ((*pskb)->len < sizeof(struct iphdr) ||
|
||||
(*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr))
|
||||
ip_hdrlen(*pskb) < sizeof(struct iphdr))
|
||||
return NF_ACCEPT;
|
||||
|
||||
ret = nf_nat_fn(hooknum, pskb, in, out, okfn);
|
||||
|
@ -102,7 +102,7 @@ ip6t_local_out_hook(unsigned int hook,
|
||||
#if 0
|
||||
/* root is playing with raw sockets. */
|
||||
if ((*pskb)->len < sizeof(struct iphdr)
|
||||
|| (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) {
|
||||
|| ip_hdrlen(*pskb) < sizeof(struct iphdr)) {
|
||||
if (net_ratelimit())
|
||||
printk("ip6t_hook: happy cracking.\n");
|
||||
return NF_ACCEPT;
|
||||
|
@ -138,7 +138,7 @@ ip6t_local_hook(unsigned int hook,
|
||||
#if 0
|
||||
/* root is playing with raw sockets. */
|
||||
if ((*pskb)->len < sizeof(struct iphdr)
|
||||
|| (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) {
|
||||
|| ip_hdrlen(*pskb) < sizeof(struct iphdr)) {
|
||||
if (net_ratelimit())
|
||||
printk("ip6t_hook: happy cracking.\n");
|
||||
return NF_ACCEPT;
|
||||
|
Loading…
Reference in New Issue
Block a user