git://git.onelab.eu
/
linux-2.6.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
vserver 1.9.3
[linux-2.6.git]
/
net
/
core
/
netfilter.c
diff --git
a/net/core/netfilter.c
b/net/core/netfilter.c
index
58632d1
..
91b3bb2
100644
(file)
--- a/
net/core/netfilter.c
+++ b/
net/core/netfilter.c
@@
-695,11
+695,12
@@
int skb_ip_make_writable(struct sk_buff **pskb, unsigned int writable_len)
/* DaveM says protocol headers are also modifiable. */
switch ((*pskb)->nh.iph->protocol) {
case IPPROTO_TCP: {
/* DaveM says protocol headers are also modifiable. */
switch ((*pskb)->nh.iph->protocol) {
case IPPROTO_TCP: {
- struct tcphdr hdr;
- if (skb_copy_bits(*pskb, (*pskb)->nh.iph->ihl*4,
- &hdr, sizeof(hdr)) != 0)
+ struct tcphdr _hdr, *hp;
+ hp = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4,
+ sizeof(_hdr), &_hdr);
+ if (hp == NULL)
goto copy_skb;
goto copy_skb;
- if (writable_len <= (*pskb)->nh.iph->ihl*4 + h
dr.
doff*4)
+ if (writable_len <= (*pskb)->nh.iph->ihl*4 + h
p->
doff*4)
goto pull_skb;
goto copy_skb;
}
goto pull_skb;
goto copy_skb;
}
@@
-783,13
+784,12
@@
void nf_log_packet(int pf,
nf_logfn *logfn;
rcu_read_lock();
nf_logfn *logfn;
rcu_read_lock();
- logfn =
nf_logging[pf]
;
+ logfn =
rcu_dereference(nf_logging[pf])
;
if (logfn) {
va_start(args, fmt);
vsnprintf(prefix, sizeof(prefix), fmt, args);
va_end(args);
/* We must read logging before nf_logfn[pf] */
if (logfn) {
va_start(args, fmt);
vsnprintf(prefix, sizeof(prefix), fmt, args);
va_end(args);
/* We must read logging before nf_logfn[pf] */
- smp_read_barrier_depends();
logfn(hooknum, skb, in, out, prefix);
} else if (!reported) {
printk(KERN_WARNING "nf_log_packet: can\'t log yet, "
logfn(hooknum, skb, in, out, prefix);
} else if (!reported) {
printk(KERN_WARNING "nf_log_packet: can\'t log yet, "
@@
-806,7
+806,7
@@
EXPORT_SYMBOL(nf_log_packet);
tracking in use: without this, connection may not be in hash table,
and hence manufactured ICMP or RST packets will not be associated
with it. */
tracking in use: without this, connection may not be in hash table,
and hence manufactured ICMP or RST packets will not be associated
with it. */
-void (*ip_ct_attach)(struct sk_buff *, struct
nf_ct_info
*);
+void (*ip_ct_attach)(struct sk_buff *, struct
sk_buff
*);
void __init netfilter_init(void)
{
void __init netfilter_init(void)
{