vserver 1.9.5.x5

[linux-2.6.git] / net / ipv4 / netfilter / ip_queue.c

diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index 26dca38..a9aa12c 100644 (file)
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -55,7 +55,7 @@ typedef int (*ipq_cmpfn)(struct ipq_queue_entry *, unsigned long);
 
 static unsigned char copy_mode = IPQ_COPY_NONE;
 static unsigned int queue_maxlen = IPQ_QMAX_DEFAULT;
-static rwlock_t queue_lock = RW_LOCK_UNLOCKED;
+static DEFINE_RWLOCK(queue_lock);
 static int peer_pid;
 static unsigned int copy_range;
 static unsigned int queue_total;
@@ -162,6 +162,7 @@ static inline void
 __ipq_reset(void)
 {
        peer_pid = 0;
+       net_disable_timestamp();
        __ipq_set_mode(IPQ_COPY_NONE, 0);
        __ipq_flush(NF_DROP);
 }
@@ -257,7 +258,8 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp)
        }
        
        if (data_len)
-               memcpy(pmsg->payload, entry->skb->data, data_len);
+               if (skb_copy_bits(entry->skb, 0, pmsg->payload, data_len))
+                       BUG();
                
        nlh->nlmsg_len = skb->tail - old_tail;
        return skb;
@@ -362,6 +364,8 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
                }
                skb_put(e->skb, diff);
        }
+       if (!skb_ip_make_writable(&e->skb, v->data_len))
+               return -ENOMEM;
        memcpy(e->skb->data, v->payload, v->data_len);
        e->skb->nfcache |= NFC_ALTERED;
 
@@ -514,9 +518,10 @@ ipq_rcv_skb(struct sk_buff *skb)
                        write_unlock_bh(&queue_lock);
                        RCV_SKB_FAIL(-EBUSY);
                }
-       }
-       else
+       } else {
+               net_enable_timestamp();
                peer_pid = pid;
+       }
                
        write_unlock_bh(&queue_lock);