fedora core 6 1.2949 + vserver 2.2.0

[linux-2.6.git] / net / ipv4 / netfilter / ipt_ecn.c

diff --git a/net/ipv4/netfilter/ipt_ecn.c b/net/ipv4/netfilter/ipt_ecn.c
index 0e1efd7..dafbdec 100644 (file)
--- a/net/ipv4/netfilter/ipt_ecn.c
+++ b/net/ipv4/netfilter/ipt_ecn.c
@@ -30,31 +30,34 @@ static inline int match_tcp(const struct sk_buff *skb,
                            const struct ipt_ecn_info *einfo,
                            int *hotdrop)
 {
-       struct tcphdr tcph;
+       struct tcphdr _tcph, *th;
 
        /* In practice, TCP match does this, so can't fail.  But let's
-           be good citizens. */
-       if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &tcph, sizeof(tcph)) < 0) {
+        * be good citizens.
+        */
+       th = skb_header_pointer(skb, skb->nh.iph->ihl * 4,
+                               sizeof(_tcph), &_tcph);
+       if (th == NULL) {
                *hotdrop = 0;
                return 0;
        }
 
        if (einfo->operation & IPT_ECN_OP_MATCH_ECE) {
                if (einfo->invert & IPT_ECN_OP_MATCH_ECE) {
-                       if (tcph.ece == 1)
+                       if (th->ece == 1)
                                return 0;
                } else {
-                       if (tcph.ece == 0)
+                       if (th->ece == 0)
                                return 0;
                }
        }
 
        if (einfo->operation & IPT_ECN_OP_MATCH_CWR) {
                if (einfo->invert & IPT_ECN_OP_MATCH_CWR) {
-                       if (tcph.cwr == 1)
+                       if (th->cwr == 1)
                                return 0;
                } else {
-                       if (tcph.cwr == 0)
+                       if (th->cwr == 0)
                                return 0;
                }
        }
@@ -62,9 +65,10 @@ static inline int match_tcp(const struct sk_buff *skb,
        return 1;
 }
 
-static int match(const struct sk_buff *skb, const struct net_device *in,
-                const struct net_device *out, const void *matchinfo,
-                int offset, int *hotdrop)
+static int match(const struct sk_buff *skb,
+                const struct net_device *in, const struct net_device *out,
+                const struct xt_match *match, const void *matchinfo,
+                int offset, unsigned int protoff, int *hotdrop)
 {
        const struct ipt_ecn_info *info = matchinfo;
 
@@ -82,14 +86,12 @@ static int match(const struct sk_buff *skb, const struct net_device *in,
        return 1;
 }
 
-static int checkentry(const char *tablename, const struct ipt_ip *ip,
-                     void *matchinfo, unsigned int matchsize,
-                     unsigned int hook_mask)
+static int checkentry(const char *tablename, const void *ip_void,
+                     const struct xt_match *match,
+                     void *matchinfo, unsigned int hook_mask)
 {
        const struct ipt_ecn_info *info = matchinfo;
-
-       if (matchsize != IPT_ALIGN(sizeof(struct ipt_ecn_info)))
-               return 0;
+       const struct ipt_ip *ip = ip_void;
 
        if (info->operation & IPT_ECN_OP_MATCH_MASK)
                return 0;
@@ -109,20 +111,21 @@ static int checkentry(const char *tablename, const struct ipt_ip *ip,
 
 static struct ipt_match ecn_match = {
        .name           = "ecn",
-       .match          = &match,
-       .checkentry     = &checkentry,
+       .match          = match,
+       .matchsize      = sizeof(struct ipt_ecn_info),
+       .checkentry     = checkentry,
        .me             = THIS_MODULE,
 };
 
-static int __init init(void)
+static int __init ipt_ecn_init(void)
 {
        return ipt_register_match(&ecn_match);
 }
 
-static void __exit fini(void)
+static void __exit ipt_ecn_fini(void)
 {
        ipt_unregister_match(&ecn_match);
 }
 
-module_init(init);
-module_exit(fini);
+module_init(ipt_ecn_init);
+module_exit(ipt_ecn_fini);