git://git.onelab.eu
/
linux-2.6.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
vserver 1.9.3
[linux-2.6.git]
/
net
/
ipv4
/
netfilter
/
ipt_ecn.c
diff --git
a/net/ipv4/netfilter/ipt_ecn.c
b/net/ipv4/netfilter/ipt_ecn.c
index
0e1efd7
..
b6f7181
100644
(file)
--- a/
net/ipv4/netfilter/ipt_ecn.c
+++ b/
net/ipv4/netfilter/ipt_ecn.c
@@
-30,31
+30,34
@@
static inline int match_tcp(const struct sk_buff *skb,
const struct ipt_ecn_info *einfo,
int *hotdrop)
{
const struct ipt_ecn_info *einfo,
int *hotdrop)
{
- struct tcphdr
tcp
h;
+ struct tcphdr
_tcph, *t
h;
/* In practice, TCP match does this, so can't fail. But let's
/* In practice, TCP match does this, so can't fail. But let's
- be good citizens. */
- if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &tcph, sizeof(tcph)) < 0) {
+ * be good citizens.
+ */
+ th = skb_header_pointer(skb, skb->nh.iph->ihl * 4,
+ sizeof(_tcph), &_tcph);
+ if (th == NULL) {
*hotdrop = 0;
return 0;
}
if (einfo->operation & IPT_ECN_OP_MATCH_ECE) {
if (einfo->invert & IPT_ECN_OP_MATCH_ECE) {
*hotdrop = 0;
return 0;
}
if (einfo->operation & IPT_ECN_OP_MATCH_ECE) {
if (einfo->invert & IPT_ECN_OP_MATCH_ECE) {
- if (t
cph.
ece == 1)
+ if (t
h->
ece == 1)
return 0;
} else {
return 0;
} else {
- if (t
cph.
ece == 0)
+ if (t
h->
ece == 0)
return 0;
}
}
if (einfo->operation & IPT_ECN_OP_MATCH_CWR) {
if (einfo->invert & IPT_ECN_OP_MATCH_CWR) {
return 0;
}
}
if (einfo->operation & IPT_ECN_OP_MATCH_CWR) {
if (einfo->invert & IPT_ECN_OP_MATCH_CWR) {
- if (t
cph.
cwr == 1)
+ if (t
h->
cwr == 1)
return 0;
} else {
return 0;
} else {
- if (t
cph.
cwr == 0)
+ if (t
h->
cwr == 0)
return 0;
}
}
return 0;
}
}