git://git.onelab.eu
/
linux-2.6.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
vserver 1.9.3
[linux-2.6.git]
/
net
/
ipv4
/
netfilter
/
ipfwadm_core.c
diff --git
a/net/ipv4/netfilter/ipfwadm_core.c
b/net/ipv4/netfilter/ipfwadm_core.c
index
424a903
..
b0f490f
100644
(file)
--- a/
net/ipv4/netfilter/ipfwadm_core.c
+++ b/
net/ipv4/netfilter/ipfwadm_core.c
@@
-1,3
+1,5
@@
+#warning ipfwadm is obsolete, and will be removed soon.
+
/* Minor modifications to fit on compatibility framework:
Rusty.Russell@rustcorp.com.au
*/
/* Minor modifications to fit on compatibility framework:
Rusty.Russell@rustcorp.com.au
*/
@@
-410,20
+412,21
@@
int ip_fw_chk(struct sk_buff **pskb,
dprintf1("TCP ");
/* ports stay 0xFFFF if it is not the first fragment */
if (!offset) {
dprintf1("TCP ");
/* ports stay 0xFFFF if it is not the first fragment */
if (!offset) {
- struct tcphdr
tcp
h;
+ struct tcphdr
_tcph, *t
h;
- if (skb_copy_bits(*pskb,
- (*pskb)->nh.iph->ihl * 4,
- &tcph, sizeof(tcph)))
+ th = skb_header_pointer(*pskb,
+ (*pskb)->nh.iph->ihl*4,
+ sizeof(_tcph), &_tcph);
+ if (th == NULL)
return FW_BLOCK;
return FW_BLOCK;
- src_port = ntohs(t
cph.
source);
- dst_port = ntohs(t
cph.
dest);
+ src_port = ntohs(t
h->
source);
+ dst_port = ntohs(t
h->
dest);
- if(!t
cph.ack && !tcph.
rst)
+ if(!t
h->ack && !th->
rst)
/* We do NOT have ACK, value TRUE */
notcpack = 1;
/* We do NOT have ACK, value TRUE */
notcpack = 1;
- if(!t
cph.
syn || !notcpack)
+ if(!t
h->
syn || !notcpack)
/* We do NOT have SYN, value TRUE */
notcpsyn = 1;
}
/* We do NOT have SYN, value TRUE */
notcpsyn = 1;
}
@@
-433,29
+436,32
@@
int ip_fw_chk(struct sk_buff **pskb,
dprintf1("UDP ");
/* ports stay 0xFFFF if it is not the first fragment */
if (!offset) {
dprintf1("UDP ");
/* ports stay 0xFFFF if it is not the first fragment */
if (!offset) {
- struct udphdr
udp
h;
+ struct udphdr
_udph, *u
h;
- if (skb_copy_bits(*pskb,
- (*pskb)->nh.iph->ihl * 4,
- &udph, sizeof(udph)))
+ uh = skb_header_pointer(*pskb,
+ (*pskb)->nh.iph->ihl*4,
+ sizeof(_udph), &_udph);
+ if (uh == NULL)
return FW_BLOCK;
return FW_BLOCK;
- src_port = ntohs(u
dph.
source);
- dst_port = ntohs(u
dph.
dest);
+ src_port = ntohs(u
h->
source);
+ dst_port = ntohs(u
h->
dest);
}
prt = IP_FW_F_UDP;
break;
case IPPROTO_ICMP:
/* icmp_type stays 255 if it is not the first fragment */
if (!offset) {
}
prt = IP_FW_F_UDP;
break;
case IPPROTO_ICMP:
/* icmp_type stays 255 if it is not the first fragment */
if (!offset) {
- struct icmphdr
icmph
;
+ struct icmphdr
_icmph, *ic
;
- if (skb_copy_bits(*pskb,
- (*pskb)->nh.iph->ihl * 4,
- &icmph, sizeof(icmph)))
+ ic = skb_header_pointer(*pskb,
+ (*pskb)->nh.iph->ihl*4,
+ sizeof(_icmph),
+ &_icmph);
+ if (ic == NULL)
return FW_BLOCK;
return FW_BLOCK;
- icmp_type = (__u16) ic
mph.
type;
+ icmp_type = (__u16) ic
->
type;
}
dprintf2("ICMP:%d ", icmp_type);
prt = IP_FW_F_ICMP;
}
dprintf2("ICMP:%d ", icmp_type);
prt = IP_FW_F_ICMP;