git://git.onelab.eu
/
linux-2.6.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fedora core 6 1.2949 + vserver 2.2.0
[linux-2.6.git]
/
net
/
netfilter
/
nfnetlink_queue.c
diff --git
a/net/netfilter/nfnetlink_queue.c
b/net/netfilter/nfnetlink_queue.c
index
49ef41e
..
a88a017
100644
(file)
--- a/
net/netfilter/nfnetlink_queue.c
+++ b/
net/netfilter/nfnetlink_queue.c
@@
-349,7
+349,7
@@
nfqnl_build_packet_message(struct nfqnl_instance *queue,
struct sk_buff *entskb = entry->skb;
struct net_device *indev;
struct net_device *outdev;
struct sk_buff *entskb = entry->skb;
struct net_device *indev;
struct net_device *outdev;
-
unsigned int
tmp_uint;
+
__be32
tmp_uint;
QDEBUG("entered\n");
QDEBUG("entered\n");
@@
-377,9
+377,9
@@
nfqnl_build_packet_message(struct nfqnl_instance *queue,
break;
case NFQNL_COPY_PACKET:
break;
case NFQNL_COPY_PACKET:
- if (
entskb->ip_summed == CHECKSUM_HW &&
- (*errp = skb_checksum_help(entskb,
-
outdev == NULL
))) {
+ if (
(entskb->ip_summed == CHECKSUM_PARTIAL ||
+ entskb->ip_summed == CHECKSUM_COMPLETE) &&
+
(*errp = skb_checksum_help(entskb
))) {
spin_unlock_bh(&queue->lock);
return NULL;
}
spin_unlock_bh(&queue->lock);
return NULL;
}
@@
-414,7
+414,7
@@
nfqnl_build_packet_message(struct nfqnl_instance *queue,
nfmsg->res_id = htons(queue->queue_num);
pmsg.packet_id = htonl(entry->id);
nfmsg->res_id = htons(queue->queue_num);
pmsg.packet_id = htonl(entry->id);
- pmsg.hw_protocol =
htons(entskb->protocol)
;
+ pmsg.hw_protocol =
entskb->protocol
;
pmsg.hook = entinf->hook;
NFA_PUT(skb, NFQA_PACKET_HDR, sizeof(pmsg), &pmsg);
pmsg.hook = entinf->hook;
NFA_PUT(skb, NFQA_PACKET_HDR, sizeof(pmsg), &pmsg);
@@
-480,8
+480,8
@@
nfqnl_build_packet_message(struct nfqnl_instance *queue,
#endif
}
#endif
}
- if (entskb->
nf
mark) {
- tmp_uint = htonl(entskb->
nf
mark);
+ if (entskb->mark) {
+ tmp_uint = htonl(entskb->mark);
NFA_PUT(skb, NFQA_MARK, sizeof(u_int32_t), &tmp_uint);
}
NFA_PUT(skb, NFQA_MARK, sizeof(u_int32_t), &tmp_uint);
}
@@
-489,10
+489,9
@@
nfqnl_build_packet_message(struct nfqnl_instance *queue,
&& entskb->dev->hard_header_parse) {
struct nfqnl_msg_packet_hw phw;
&& entskb->dev->hard_header_parse) {
struct nfqnl_msg_packet_hw phw;
- phw.hw_addrlen =
- entskb->dev->hard_header_parse(entskb,
+ int len = entskb->dev->hard_header_parse(entskb,
phw.hw_addr);
phw.hw_addr);
- phw.hw_addrlen = htons(
phw.hw_addr
len);
+ phw.hw_addrlen = htons(len);
NFA_PUT(skb, NFQA_HWADDR, sizeof(phw), &phw);
}
NFA_PUT(skb, NFQA_HWADDR, sizeof(phw), &phw);
}
@@
-584,7
+583,7
@@
nfqnl_enqueue_packet(struct sk_buff *skb, struct nf_info *info,
queue->queue_dropped++;
status = -ENOSPC;
if (net_ratelimit())
queue->queue_dropped++;
status = -ENOSPC;
if (net_ratelimit())
- printk(KERN_WARNING "
ip
_queue: full at %d entries, "
+ printk(KERN_WARNING "
nf
_queue: full at %d entries, "
"dropping packets(s). Dropped: %d\n",
queue->queue_total, queue->queue_dropped);
goto err_out_free_nskb;
"dropping packets(s). Dropped: %d\n",
queue->queue_total, queue->queue_dropped);
goto err_out_free_nskb;
@@
-622,9
+621,10
@@
nfqnl_mangle(void *data, int data_len, struct nfqnl_queue_entry *e)
int diff;
diff = data_len - e->skb->len;
int diff;
diff = data_len - e->skb->len;
- if (diff < 0)
- skb_trim(e->skb, data_len);
- else if (diff > 0) {
+ if (diff < 0) {
+ if (pskb_trim(e->skb, data_len))
+ return -ENOMEM;
+ } else if (diff > 0) {
if (data_len > 0xFFFF)
return -EINVAL;
if (diff > skb_tailroom(e->skb)) {
if (data_len > 0xFFFF)
return -EINVAL;
if (diff > skb_tailroom(e->skb)) {
@@
-635,7
+635,7
@@
nfqnl_mangle(void *data, int data_len, struct nfqnl_queue_entry *e)
diff,
GFP_ATOMIC);
if (newskb == NULL) {
diff,
GFP_ATOMIC);
if (newskb == NULL) {
- printk(KERN_WARNING "
ip
_queue: OOM "
+ printk(KERN_WARNING "
nf
_queue: OOM "
"in mangle, dropping packet\n");
return -ENOMEM;
}
"in mangle, dropping packet\n");
return -ENOMEM;
}
@@
-834,8
+834,8
@@
nfqnl_recv_verdict(struct sock *ctnl, struct sk_buff *skb,
}
if (nfqa[NFQA_MARK-1])
}
if (nfqa[NFQA_MARK-1])
- entry->skb->
nfmark = ntohl(*(u_int32_t
*)
-
NFA_DATA(nfqa[NFQA_MARK-1]));
+ entry->skb->
mark = ntohl(*(__be32
*)
+ NFA_DATA(nfqa[NFQA_MARK-1]));
issue_verdict(entry, verdict);
instance_put(queue);
issue_verdict(entry, verdict);
instance_put(queue);
@@
-947,6
+947,14
@@
nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
ntohl(params->copy_range));
}
ntohl(params->copy_range));
}
+ if (nfqa[NFQA_CFG_QUEUE_MAXLEN-1]) {
+ __be32 *queue_maxlen;
+ queue_maxlen = NFA_DATA(nfqa[NFQA_CFG_QUEUE_MAXLEN-1]);
+ spin_lock_bh(&queue->lock);
+ queue->queue_maxlen = ntohl(*queue_maxlen);
+ spin_unlock_bh(&queue->lock);
+ }
+
out_put:
instance_put(queue);
return ret;
out_put:
instance_put(queue);
return ret;