Commit 5c1ee973 authored by Yasuyuki Kozakai's avatar Yasuyuki Kozakai Committed by Patrick McHardy

[NETFILTER]: prearation of removing skb_linearize()

   
This patch uses skb_header_pointer() so that packets can be parsed even though
skb_linearize() doesn't exist. But this patch doesn't remove skb_linearize()
yet. We can remove it after changing all match/target modules.
   
Moreover ...
    - I deleted the optimization not to parse IPv6 extension header
      many time from previous patch. I'll send the patch to do this
      separately.
    - fixed the bug that "offset" argument of match functions are always 0.
    - deleted "hdr" and "datalen" argument and added "protoff" argument
      to match functions. "protoff" means the offset to Layer 4 protocol
      header.
    - the argument order of target function is changed likely IPv4 modules.
      This prevents user from meeting kernel panic when they use old
      match modules.
    - changed {tcp,udp,icmp6}_match(). These functions became very similar
      to codes in ip_tables.c again.
Signed-off-by: default avatarYasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 9e3466b3
...@@ -355,13 +355,15 @@ struct ip6t_match ...@@ -355,13 +355,15 @@ struct ip6t_match
/* Return true or false: return FALSE and set *hotdrop = 1 to /* Return true or false: return FALSE and set *hotdrop = 1 to
force immediate packet drop. */ force immediate packet drop. */
/* Arguments changed since 2.6.9, as this must now handle
non-linear skb, using skb_header_pointer and
skb_ip_make_writable. */
int (*match)(const struct sk_buff *skb, int (*match)(const struct sk_buff *skb,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
const void *hdr, unsigned int protoff,
u_int16_t datalen,
int *hotdrop); int *hotdrop);
/* Called when user tries to insert an entry of this type. */ /* Called when user tries to insert an entry of this type. */
...@@ -386,11 +388,13 @@ struct ip6t_target ...@@ -386,11 +388,13 @@ struct ip6t_target
const char name[IP6T_FUNCTION_MAXNAMELEN]; const char name[IP6T_FUNCTION_MAXNAMELEN];
/* Returns verdict. */ /* Returns verdict. Argument order changed since 2.6.9, as this
must now handle non-linear skbs, using skb_copy_bits and
skb_ip_make_writable. */
unsigned int (*target)(struct sk_buff **pskb, unsigned int (*target)(struct sk_buff **pskb,
unsigned int hooknum,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
unsigned int hooknum,
const void *targinfo, const void *targinfo,
void *userdata); void *userdata);
......
This diff is collapsed.
...@@ -335,9 +335,9 @@ ip6t_log_packet(unsigned int hooknum, ...@@ -335,9 +335,9 @@ ip6t_log_packet(unsigned int hooknum,
static unsigned int static unsigned int
ip6t_log_target(struct sk_buff **pskb, ip6t_log_target(struct sk_buff **pskb,
unsigned int hooknum,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
unsigned int hooknum,
const void *targinfo, const void *targinfo,
void *userinfo) void *userinfo)
{ {
......
...@@ -20,9 +20,9 @@ MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); ...@@ -20,9 +20,9 @@ MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
static unsigned int static unsigned int
target(struct sk_buff **pskb, target(struct sk_buff **pskb,
unsigned int hooknum,
const struct net_device *in, const struct net_device *in,
const struct net_device *out, const struct net_device *out,
unsigned int hooknum,
const void *targinfo, const void *targinfo,
void *userinfo) void *userinfo)
{ {
......
...@@ -45,8 +45,7 @@ match(const struct sk_buff *skb, ...@@ -45,8 +45,7 @@ match(const struct sk_buff *skb,
const struct net_device *out, const struct net_device *out,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
const void *protohdr, unsigned int protoff,
u_int16_t datalen,
int *hotdrop) int *hotdrop)
{ {
struct ip_auth_hdr *ah = NULL; struct ip_auth_hdr *ah = NULL;
......
...@@ -60,8 +60,7 @@ match(const struct sk_buff *skb, ...@@ -60,8 +60,7 @@ match(const struct sk_buff *skb,
const struct net_device *out, const struct net_device *out,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
const void *protohdr, unsigned int protoff,
u_int16_t datalen,
int *hotdrop) int *hotdrop)
{ {
struct ipv6_opt_hdr *optsh = NULL; struct ipv6_opt_hdr *optsh = NULL;
......
...@@ -45,8 +45,7 @@ match(const struct sk_buff *skb, ...@@ -45,8 +45,7 @@ match(const struct sk_buff *skb,
const struct net_device *out, const struct net_device *out,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
const void *protohdr, unsigned int protoff,
u_int16_t datalen,
int *hotdrop) int *hotdrop)
{ {
struct ip_esp_hdr *esp = NULL; struct ip_esp_hdr *esp = NULL;
......
...@@ -24,8 +24,7 @@ match(const struct sk_buff *skb, ...@@ -24,8 +24,7 @@ match(const struct sk_buff *skb,
const struct net_device *out, const struct net_device *out,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
const void *hdr, unsigned int protoff,
u_int16_t datalen,
int *hotdrop) int *hotdrop)
{ {
......
...@@ -70,8 +70,7 @@ match(const struct sk_buff *skb, ...@@ -70,8 +70,7 @@ match(const struct sk_buff *skb,
const struct net_device *out, const struct net_device *out,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
const void *protohdr, unsigned int protoff,
u_int16_t datalen,
int *hotdrop) int *hotdrop)
{ {
struct fraghdr *frag = NULL; struct fraghdr *frag = NULL;
......
...@@ -59,8 +59,7 @@ match(const struct sk_buff *skb, ...@@ -59,8 +59,7 @@ match(const struct sk_buff *skb,
const struct net_device *out, const struct net_device *out,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
const void *protohdr, unsigned int protoff,
u_int16_t datalen,
int *hotdrop) int *hotdrop)
{ {
struct ipv6_opt_hdr *optsh = NULL; struct ipv6_opt_hdr *optsh = NULL;
......
...@@ -20,7 +20,7 @@ MODULE_LICENSE("GPL"); ...@@ -20,7 +20,7 @@ MODULE_LICENSE("GPL");
static int match(const struct sk_buff *skb, const struct net_device *in, static int match(const struct sk_buff *skb, const struct net_device *in,
const struct net_device *out, const void *matchinfo, const struct net_device *out, const void *matchinfo,
int offset, const void *hdr, u_int16_t datalen, int offset, unsigned int protoff,
int *hotdrop) int *hotdrop)
{ {
const struct ip6t_hl_info *info = matchinfo; const struct ip6t_hl_info *info = matchinfo;
......
...@@ -31,8 +31,7 @@ ipv6header_match(const struct sk_buff *skb, ...@@ -31,8 +31,7 @@ ipv6header_match(const struct sk_buff *skb,
const struct net_device *out, const struct net_device *out,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
const void *protohdr, unsigned int protoff,
u_int16_t datalen,
int *hotdrop) int *hotdrop)
{ {
const struct ip6t_ipv6header_info *info = matchinfo; const struct ip6t_ipv6header_info *info = matchinfo;
......
...@@ -23,8 +23,7 @@ match(const struct sk_buff *skb, ...@@ -23,8 +23,7 @@ match(const struct sk_buff *skb,
const struct net_device *out, const struct net_device *out,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
const void *hdr, unsigned int protoff,
u_int16_t datalen,
int *hotdrop) int *hotdrop)
{ {
const struct ip6t_length_info *info = matchinfo; const struct ip6t_length_info *info = matchinfo;
......
...@@ -57,8 +57,7 @@ ip6t_limit_match(const struct sk_buff *skb, ...@@ -57,8 +57,7 @@ ip6t_limit_match(const struct sk_buff *skb,
const struct net_device *out, const struct net_device *out,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
const void *hdr, unsigned int protoff,
u_int16_t datalen,
int *hotdrop) int *hotdrop)
{ {
struct ip6t_rateinfo *r = ((struct ip6t_rateinfo *)matchinfo)->master; struct ip6t_rateinfo *r = ((struct ip6t_rateinfo *)matchinfo)->master;
......
...@@ -25,8 +25,7 @@ match(const struct sk_buff *skb, ...@@ -25,8 +25,7 @@ match(const struct sk_buff *skb,
const struct net_device *out, const struct net_device *out,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
const void *hdr, unsigned int protoff,
u_int16_t datalen,
int *hotdrop) int *hotdrop)
{ {
const struct ip6t_mac_info *info = matchinfo; const struct ip6t_mac_info *info = matchinfo;
......
...@@ -24,8 +24,7 @@ match(const struct sk_buff *skb, ...@@ -24,8 +24,7 @@ match(const struct sk_buff *skb,
const struct net_device *out, const struct net_device *out,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
const void *hdr, unsigned int protoff,
u_int16_t datalen,
int *hotdrop) int *hotdrop)
{ {
const struct ip6t_mark_info *info = matchinfo; const struct ip6t_mark_info *info = matchinfo;
......
...@@ -53,15 +53,14 @@ match(const struct sk_buff *skb, ...@@ -53,15 +53,14 @@ match(const struct sk_buff *skb,
const struct net_device *out, const struct net_device *out,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
const void *hdr, unsigned int protoff,
u_int16_t datalen,
int *hotdrop) int *hotdrop)
{ {
const struct udphdr *udp = hdr; const struct udphdr *udp = (const struct udphdr *)(skb->data + protoff);
const struct ip6t_multiport *multiinfo = matchinfo; const struct ip6t_multiport *multiinfo = matchinfo;
/* Must be big enough to read ports. */ /* Must be big enough to read ports. */
if (offset == 0 && datalen < sizeof(struct udphdr)) { if (offset == 0 && skb->len - protoff < sizeof(struct udphdr)) {
/* We've been asked to examine this packet, and we /* We've been asked to examine this packet, and we
can't. Hence, no choice but to drop. */ can't. Hence, no choice but to drop. */
duprintf("ip6t_multiport:" duprintf("ip6t_multiport:"
......
...@@ -92,8 +92,7 @@ match(const struct sk_buff *skb, ...@@ -92,8 +92,7 @@ match(const struct sk_buff *skb,
const struct net_device *out, const struct net_device *out,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
const void *hdr, unsigned int protoff,
u_int16_t datalen,
int *hotdrop) int *hotdrop)
{ {
const struct ip6t_owner_info *info = matchinfo; const struct ip6t_owner_info *info = matchinfo;
......
...@@ -47,8 +47,7 @@ match(const struct sk_buff *skb, ...@@ -47,8 +47,7 @@ match(const struct sk_buff *skb,
const struct net_device *out, const struct net_device *out,
const void *matchinfo, const void *matchinfo,
int offset, int offset,
const void *protohdr, unsigned int protoff,
u_int16_t datalen,
int *hotdrop) int *hotdrop)
{ {
struct ipv6_rt_hdr *route = NULL; struct ipv6_rt_hdr *route = NULL;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment