mirror of
https://github.com/brain-hackers/linux-brain.git
synced 2024-06-09 23:36:23 +09:00
netfilter: conntrack, nat: prefer skb_ensure_writable
like previous patches -- convert conntrack to use the core helper. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
ec0974df35
commit
86f0453854
|
@ -339,7 +339,7 @@ static bool sctp_error(struct sk_buff *skb,
|
||||||
if (state->hook == NF_INET_PRE_ROUTING &&
|
if (state->hook == NF_INET_PRE_ROUTING &&
|
||||||
state->net->ct.sysctl_checksum &&
|
state->net->ct.sysctl_checksum &&
|
||||||
skb->ip_summed == CHECKSUM_NONE) {
|
skb->ip_summed == CHECKSUM_NONE) {
|
||||||
if (!skb_make_writable(skb, dataoff + sizeof(struct sctphdr))) {
|
if (skb_ensure_writable(skb, dataoff + sizeof(*sh))) {
|
||||||
logmsg = "nf_ct_sctp: failed to read header ";
|
logmsg = "nf_ct_sctp: failed to read header ";
|
||||||
goto out_invalid;
|
goto out_invalid;
|
||||||
}
|
}
|
||||||
|
|
|
@ -126,7 +126,7 @@ static unsigned int nf_ct_sack_adjust(struct sk_buff *skb,
|
||||||
optoff = protoff + sizeof(struct tcphdr);
|
optoff = protoff + sizeof(struct tcphdr);
|
||||||
optend = protoff + tcph->doff * 4;
|
optend = protoff + tcph->doff * 4;
|
||||||
|
|
||||||
if (!skb_make_writable(skb, optend))
|
if (skb_ensure_writable(skb, optend))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
tcph = (void *)skb->data + protoff;
|
tcph = (void *)skb->data + protoff;
|
||||||
|
@ -176,7 +176,7 @@ int nf_ct_seq_adjust(struct sk_buff *skb,
|
||||||
this_way = &seqadj->seq[dir];
|
this_way = &seqadj->seq[dir];
|
||||||
other_way = &seqadj->seq[!dir];
|
other_way = &seqadj->seq[!dir];
|
||||||
|
|
||||||
if (!skb_make_writable(skb, protoff + sizeof(*tcph)))
|
if (skb_ensure_writable(skb, protoff + sizeof(*tcph)))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
tcph = (void *)skb->data + protoff;
|
tcph = (void *)skb->data + protoff;
|
||||||
|
|
|
@ -98,7 +98,7 @@ bool __nf_nat_mangle_tcp_packet(struct sk_buff *skb,
|
||||||
struct tcphdr *tcph;
|
struct tcphdr *tcph;
|
||||||
int oldlen, datalen;
|
int oldlen, datalen;
|
||||||
|
|
||||||
if (!skb_make_writable(skb, skb->len))
|
if (skb_ensure_writable(skb, skb->len))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
if (rep_len > match_len &&
|
if (rep_len > match_len &&
|
||||||
|
@ -148,7 +148,7 @@ nf_nat_mangle_udp_packet(struct sk_buff *skb,
|
||||||
struct udphdr *udph;
|
struct udphdr *udph;
|
||||||
int datalen, oldlen;
|
int datalen, oldlen;
|
||||||
|
|
||||||
if (!skb_make_writable(skb, skb->len))
|
if (skb_ensure_writable(skb, skb->len))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
if (rep_len > match_len &&
|
if (rep_len > match_len &&
|
||||||
|
|
|
@ -73,7 +73,7 @@ static bool udp_manip_pkt(struct sk_buff *skb,
|
||||||
struct udphdr *hdr;
|
struct udphdr *hdr;
|
||||||
bool do_csum;
|
bool do_csum;
|
||||||
|
|
||||||
if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
|
if (skb_ensure_writable(skb, hdroff + sizeof(*hdr)))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
hdr = (struct udphdr *)(skb->data + hdroff);
|
hdr = (struct udphdr *)(skb->data + hdroff);
|
||||||
|
@ -91,7 +91,7 @@ static bool udplite_manip_pkt(struct sk_buff *skb,
|
||||||
#ifdef CONFIG_NF_CT_PROTO_UDPLITE
|
#ifdef CONFIG_NF_CT_PROTO_UDPLITE
|
||||||
struct udphdr *hdr;
|
struct udphdr *hdr;
|
||||||
|
|
||||||
if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
|
if (skb_ensure_writable(skb, hdroff + sizeof(*hdr)))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
hdr = (struct udphdr *)(skb->data + hdroff);
|
hdr = (struct udphdr *)(skb->data + hdroff);
|
||||||
|
@ -117,7 +117,7 @@ sctp_manip_pkt(struct sk_buff *skb,
|
||||||
if (skb->len >= hdroff + sizeof(*hdr))
|
if (skb->len >= hdroff + sizeof(*hdr))
|
||||||
hdrsize = sizeof(*hdr);
|
hdrsize = sizeof(*hdr);
|
||||||
|
|
||||||
if (!skb_make_writable(skb, hdroff + hdrsize))
|
if (skb_ensure_writable(skb, hdroff + hdrsize))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
hdr = (struct sctphdr *)(skb->data + hdroff);
|
hdr = (struct sctphdr *)(skb->data + hdroff);
|
||||||
|
@ -158,7 +158,7 @@ tcp_manip_pkt(struct sk_buff *skb,
|
||||||
if (skb->len >= hdroff + sizeof(struct tcphdr))
|
if (skb->len >= hdroff + sizeof(struct tcphdr))
|
||||||
hdrsize = sizeof(struct tcphdr);
|
hdrsize = sizeof(struct tcphdr);
|
||||||
|
|
||||||
if (!skb_make_writable(skb, hdroff + hdrsize))
|
if (skb_ensure_writable(skb, hdroff + hdrsize))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
hdr = (struct tcphdr *)(skb->data + hdroff);
|
hdr = (struct tcphdr *)(skb->data + hdroff);
|
||||||
|
@ -198,7 +198,7 @@ dccp_manip_pkt(struct sk_buff *skb,
|
||||||
if (skb->len >= hdroff + sizeof(struct dccp_hdr))
|
if (skb->len >= hdroff + sizeof(struct dccp_hdr))
|
||||||
hdrsize = sizeof(struct dccp_hdr);
|
hdrsize = sizeof(struct dccp_hdr);
|
||||||
|
|
||||||
if (!skb_make_writable(skb, hdroff + hdrsize))
|
if (skb_ensure_writable(skb, hdroff + hdrsize))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
hdr = (struct dccp_hdr *)(skb->data + hdroff);
|
hdr = (struct dccp_hdr *)(skb->data + hdroff);
|
||||||
|
@ -232,7 +232,7 @@ icmp_manip_pkt(struct sk_buff *skb,
|
||||||
{
|
{
|
||||||
struct icmphdr *hdr;
|
struct icmphdr *hdr;
|
||||||
|
|
||||||
if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
|
if (skb_ensure_writable(skb, hdroff + sizeof(*hdr)))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
hdr = (struct icmphdr *)(skb->data + hdroff);
|
hdr = (struct icmphdr *)(skb->data + hdroff);
|
||||||
|
@ -250,7 +250,7 @@ icmpv6_manip_pkt(struct sk_buff *skb,
|
||||||
{
|
{
|
||||||
struct icmp6hdr *hdr;
|
struct icmp6hdr *hdr;
|
||||||
|
|
||||||
if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))
|
if (skb_ensure_writable(skb, hdroff + sizeof(*hdr)))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
hdr = (struct icmp6hdr *)(skb->data + hdroff);
|
hdr = (struct icmp6hdr *)(skb->data + hdroff);
|
||||||
|
@ -278,7 +278,7 @@ gre_manip_pkt(struct sk_buff *skb,
|
||||||
|
|
||||||
/* pgreh includes two optional 32bit fields which are not required
|
/* pgreh includes two optional 32bit fields which are not required
|
||||||
* to be there. That's where the magic '8' comes from */
|
* to be there. That's where the magic '8' comes from */
|
||||||
if (!skb_make_writable(skb, hdroff + sizeof(*pgreh) - 8))
|
if (skb_ensure_writable(skb, hdroff + sizeof(*pgreh) - 8))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
greh = (void *)skb->data + hdroff;
|
greh = (void *)skb->data + hdroff;
|
||||||
|
@ -350,7 +350,7 @@ static bool nf_nat_ipv4_manip_pkt(struct sk_buff *skb,
|
||||||
struct iphdr *iph;
|
struct iphdr *iph;
|
||||||
unsigned int hdroff;
|
unsigned int hdroff;
|
||||||
|
|
||||||
if (!skb_make_writable(skb, iphdroff + sizeof(*iph)))
|
if (skb_ensure_writable(skb, iphdroff + sizeof(*iph)))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
iph = (void *)skb->data + iphdroff;
|
iph = (void *)skb->data + iphdroff;
|
||||||
|
@ -381,7 +381,7 @@ static bool nf_nat_ipv6_manip_pkt(struct sk_buff *skb,
|
||||||
int hdroff;
|
int hdroff;
|
||||||
u8 nexthdr;
|
u8 nexthdr;
|
||||||
|
|
||||||
if (!skb_make_writable(skb, iphdroff + sizeof(*ipv6h)))
|
if (skb_ensure_writable(skb, iphdroff + sizeof(*ipv6h)))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
ipv6h = (void *)skb->data + iphdroff;
|
ipv6h = (void *)skb->data + iphdroff;
|
||||||
|
@ -565,7 +565,7 @@ int nf_nat_icmp_reply_translation(struct sk_buff *skb,
|
||||||
|
|
||||||
WARN_ON(ctinfo != IP_CT_RELATED && ctinfo != IP_CT_RELATED_REPLY);
|
WARN_ON(ctinfo != IP_CT_RELATED && ctinfo != IP_CT_RELATED_REPLY);
|
||||||
|
|
||||||
if (!skb_make_writable(skb, hdrlen + sizeof(*inside)))
|
if (skb_ensure_writable(skb, hdrlen + sizeof(*inside)))
|
||||||
return 0;
|
return 0;
|
||||||
if (nf_ip_checksum(skb, hooknum, hdrlen, 0))
|
if (nf_ip_checksum(skb, hooknum, hdrlen, 0))
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -787,7 +787,7 @@ int nf_nat_icmpv6_reply_translation(struct sk_buff *skb,
|
||||||
|
|
||||||
WARN_ON(ctinfo != IP_CT_RELATED && ctinfo != IP_CT_RELATED_REPLY);
|
WARN_ON(ctinfo != IP_CT_RELATED && ctinfo != IP_CT_RELATED_REPLY);
|
||||||
|
|
||||||
if (!skb_make_writable(skb, hdrlen + sizeof(*inside)))
|
if (skb_ensure_writable(skb, hdrlen + sizeof(*inside)))
|
||||||
return 0;
|
return 0;
|
||||||
if (nf_ip6_checksum(skb, hooknum, hdrlen, IPPROTO_ICMPV6))
|
if (nf_ip6_checksum(skb, hooknum, hdrlen, IPPROTO_ICMPV6))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user