const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
+ const struct xt_target *target,
const void *targinfo,
void *userinfo)
{
unsigned int i;
u_int8_t *opt;
- if (!skb_ip_make_writable(pskb, (*pskb)->len))
+ if (!skb_make_writable(pskb, (*pskb)->len))
+ return NF_DROP;
+
+ if ((*pskb)->ip_summed == CHECKSUM_HW &&
+ skb_checksum_help(*pskb, out == NULL))
return NF_DROP;
iph = (*pskb)->nh.iph;
return NF_DROP; /* or IPT_CONTINUE ?? */
}
- if(dst_pmtu((*pskb)->dst) <= (sizeof(struct iphdr) + sizeof(struct tcphdr))) {
+ if(dst_mtu((*pskb)->dst) <= (sizeof(struct iphdr) + sizeof(struct tcphdr))) {
if (net_ratelimit())
printk(KERN_ERR
- "ipt_tcpmss_target: unknown or invalid path-MTU (%d)\n", dst_pmtu((*pskb)->dst));
+ "ipt_tcpmss_target: unknown or invalid path-MTU (%d)\n", dst_mtu((*pskb)->dst));
return NF_DROP; /* or IPT_CONTINUE ?? */
}
- newmss = dst_pmtu((*pskb)->dst) - sizeof(struct iphdr) - sizeof(struct tcphdr);
+ newmss = dst_mtu((*pskb)->dst) - sizeof(struct iphdr) - sizeof(struct tcphdr);
} else
newmss = tcpmssinfo->mss;
newmss);
retmodified:
- /* If we had a hardware checksum before, it's now invalid */
- (*pskb)->ip_summed = CHECKSUM_NONE;
- (*pskb)->nfcache |= NFC_UNKNOWN | NFC_ALTERED;
return IPT_CONTINUE;
}
/* Must specify -p tcp --syn/--tcp-flags SYN */
static int
ipt_tcpmss_checkentry(const char *tablename,
- const struct ipt_entry *e,
+ const void *e_void,
+ const struct xt_target *target,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)
{
const struct ipt_tcpmss_info *tcpmssinfo = targinfo;
-
- if (targinfosize != IPT_ALIGN(sizeof(struct ipt_tcpmss_info))) {
- DEBUGP("ipt_tcpmss_checkentry: targinfosize %u != %u\n",
- targinfosize, IPT_ALIGN(sizeof(struct ipt_tcpmss_info)));
- return 0;
- }
-
+ const struct ipt_entry *e = e_void;
if((tcpmssinfo->mss == IPT_TCPMSS_CLAMP_PMTU) &&
((hook_mask & ~((1 << NF_IP_FORWARD)
return 0;
}
- if (e->ip.proto == IPPROTO_TCP
- && !(e->ip.invflags & IPT_INV_PROTO)
- && IPT_MATCH_ITERATE(e, find_syn_match))
+ if (IPT_MATCH_ITERATE(e, find_syn_match))
return 1;
-
printk("TCPMSS: Only works on TCP SYN packets\n");
return 0;
}
static struct ipt_target ipt_tcpmss_reg = {
.name = "TCPMSS",
.target = ipt_tcpmss_target,
+ .targetsize = sizeof(struct ipt_tcpmss_info),
+ .proto = IPPROTO_TCP,
.checkentry = ipt_tcpmss_checkentry,
.me = THIS_MODULE,
};
-static int __init init(void)
+static int __init ipt_tcpmss_init(void)
{
return ipt_register_target(&ipt_tcpmss_reg);
}
-static void __exit fini(void)
+static void __exit ipt_tcpmss_fini(void)
{
ipt_unregister_target(&ipt_tcpmss_reg);
}
-module_init(init);
-module_exit(fini);
+module_init(ipt_tcpmss_init);
+module_exit(ipt_tcpmss_fini);