X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fipv4%2Fnetfilter%2Fip_fw_compat.c;h=f7146f31b6c3de2bf42765aab0d37fb74b935f17;hb=9213980e6a70d8473e0ffd4b39ab5b6caaba9ff5;hp=a45090d83c2920295daceff09f6fe38d2cfe6c87;hpb=c449269f45c2cdf53af08c8d0af37472f66539d9;p=linux-2.6.git

diff --git a/net/ipv4/netfilter/ip_fw_compat.c b/net/ipv4/netfilter/ip_fw_compat.c
index a45090d83..f7146f31b 100644
--- a/net/ipv4/netfilter/ip_fw_compat.c
+++ b/net/ipv4/netfilter/ip_fw_compat.c
@@ -69,7 +69,8 @@ fw_in(unsigned int hooknum,
 	/* Assume worse case: any hook could change packet */
 	(*pskb)->nfcache |= NFC_UNKNOWN | NFC_ALTERED;
 	if ((*pskb)->ip_summed == CHECKSUM_HW)
-		(*pskb)->ip_summed = CHECKSUM_NONE;
+		if (skb_checksum_help(pskb, (out == NULL)))
+			return NF_DROP;
 
 	switch (hooknum) {
 	case NF_IP_PRE_ROUTING:
@@ -181,7 +182,7 @@ static unsigned int fw_confirm(unsigned int hooknum,
 
 extern int ip_fw_ctl(int optval, void *m, unsigned int len);
 
-static int sock_fn(struct sock *sk, int optval, void *user, unsigned int len)
+static int sock_fn(struct sock *sk, int optval, void __user *user, unsigned int len)
 {
 	/* MAX of:
 	   2.2: sizeof(struct ip_fwtest) (~14x4 + 3x4 = 17x4)