X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fipv4%2Fnetfilter%2Fipfwadm_core.c;h=b0f490f9d40653adcbd888955319635005f3f4ab;hb=c7b5ebbddf7bcd3651947760f423e3783bbe6573;hp=424a9034fa27a9c9ddaa2107a3486dd3c96c95c5;hpb=a2c21200f1c81b08cb55e417b68150bba439b646;p=linux-2.6.git

diff --git a/net/ipv4/netfilter/ipfwadm_core.c b/net/ipv4/netfilter/ipfwadm_core.c
index 424a9034f..b0f490f9d 100644
--- a/net/ipv4/netfilter/ipfwadm_core.c
+++ b/net/ipv4/netfilter/ipfwadm_core.c
@@ -1,3 +1,5 @@
+#warning ipfwadm is obsolete, and will be removed soon.
+
 /* Minor modifications to fit on compatibility framework:
    Rusty.Russell@rustcorp.com.au
 */
@@ -410,20 +412,21 @@ int ip_fw_chk(struct sk_buff **pskb,
 			dprintf1("TCP ");
 			/* ports stay 0xFFFF if it is not the first fragment */
 			if (!offset) {
-				struct tcphdr tcph;
+				struct tcphdr _tcph, *th;
 
-				if (skb_copy_bits(*pskb,
-						  (*pskb)->nh.iph->ihl * 4,
-						  &tcph, sizeof(tcph)))
+				th = skb_header_pointer(*pskb,
+							(*pskb)->nh.iph->ihl*4,
+							sizeof(_tcph), &_tcph);
+				if (th == NULL)
 					return FW_BLOCK;
 
-				src_port = ntohs(tcph.source);
-				dst_port = ntohs(tcph.dest);
+				src_port = ntohs(th->source);
+				dst_port = ntohs(th->dest);
 
-				if(!tcph.ack && !tcph.rst)
+				if(!th->ack && !th->rst)
 					/* We do NOT have ACK, value TRUE */
 					notcpack = 1;
-				if(!tcph.syn || !notcpack)
+				if(!th->syn || !notcpack)
 					/* We do NOT have SYN, value TRUE */
 					notcpsyn = 1;
 			}
@@ -433,29 +436,32 @@ int ip_fw_chk(struct sk_buff **pskb,
 			dprintf1("UDP ");
 			/* ports stay 0xFFFF if it is not the first fragment */
 			if (!offset) {
-				struct udphdr udph;
+				struct udphdr _udph, *uh;
 
-				if (skb_copy_bits(*pskb,
-						  (*pskb)->nh.iph->ihl * 4,
-						  &udph, sizeof(udph)))
+				uh = skb_header_pointer(*pskb,
+							(*pskb)->nh.iph->ihl*4,
+							sizeof(_udph), &_udph);
+				if (uh == NULL)
 					return FW_BLOCK;
 
-				src_port = ntohs(udph.source);
-				dst_port = ntohs(udph.dest);
+				src_port = ntohs(uh->source);
+				dst_port = ntohs(uh->dest);
 			}
 			prt = IP_FW_F_UDP;
 			break;
 		case IPPROTO_ICMP:
 			/* icmp_type stays 255 if it is not the first fragment */
 			if (!offset) {
-				struct icmphdr icmph;
+				struct icmphdr _icmph, *ic;
 
-				if (skb_copy_bits(*pskb,
-						  (*pskb)->nh.iph->ihl * 4,
-						  &icmph, sizeof(icmph)))
+				ic = skb_header_pointer(*pskb,
+							(*pskb)->nh.iph->ihl*4,
+							sizeof(_icmph),
+							&_icmph);
+				if (ic == NULL)
 					return FW_BLOCK;
 
-				icmp_type = (__u16) icmph.type;
+				icmp_type = (__u16) ic->type;
 			}
 			dprintf2("ICMP:%d ", icmp_type);
 			prt = IP_FW_F_ICMP;