Commit 86f04538 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: conntrack, nat: prefer skb_ensure_writable 



like previous patches -- convert conntrack to use the core helper.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent ec0974df

net/netfilter/nf_conntrack_proto_sctp.c

+1 −1
Original line number Diff line number Diff line
@@ -339,7 +339,7 @@ static bool sctp_error(struct sk_buff *skb, 
	if (state->hook == NF_INET_PRE_ROUTING &&

	    state->net->ct.sysctl_checksum &&

	    skb->ip_summed == CHECKSUM_NONE) {

		if (!skb_make_writable(skb, dataoff + sizeof(struct sctphdr))) {

		if (skb_ensure_writable(skb, dataoff + sizeof(*sh))) {

			logmsg = "nf_ct_sctp: failed to read header ";

			goto out_invalid;

		}

net/netfilter/nf_conntrack_seqadj.c

+2 −2
Original line number Diff line number Diff line
@@ -126,7 +126,7 @@ static unsigned int nf_ct_sack_adjust(struct sk_buff *skb, 
	optoff = protoff + sizeof(struct tcphdr);

	optend = protoff + tcph->doff * 4;



	if (!skb_make_writable(skb, optend))

	if (skb_ensure_writable(skb, optend))

		return 0;



	tcph = (void *)skb->data + protoff;
@@ -176,7 +176,7 @@ int nf_ct_seq_adjust(struct sk_buff *skb, 
	this_way  = &seqadj->seq[dir];

	other_way = &seqadj->seq[!dir];



	if (!skb_make_writable(skb, protoff + sizeof(*tcph)))

	if (skb_ensure_writable(skb, protoff + sizeof(*tcph)))

		return 0;



	tcph = (void *)skb->data + protoff;

net/netfilter/nf_nat_helper.c

+2 −2
Original line number Diff line number Diff line
@@ -98,7 +98,7 @@ bool __nf_nat_mangle_tcp_packet(struct sk_buff *skb, 
	struct tcphdr *tcph;

	int oldlen, datalen;



	if (!skb_make_writable(skb, skb->len))

	if (skb_ensure_writable(skb, skb->len))

		return false;



	if (rep_len > match_len &&
@@ -148,7 +148,7 @@ nf_nat_mangle_udp_packet(struct sk_buff *skb, 
	struct udphdr *udph;

	int datalen, oldlen;



	if (!skb_make_writable(skb, skb->len))

	if (skb_ensure_writable(skb, skb->len))

		return false;



	if (rep_len > match_len &&

net/netfilter/nf_nat_proto.c

+12 −12
Original line number Diff line number Diff line
@@ -73,7 +73,7 @@ static bool udp_manip_pkt(struct sk_buff *skb, 
	struct udphdr *hdr;

	bool do_csum;



	if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))

	if (skb_ensure_writable(skb, hdroff + sizeof(*hdr)))

		return false;



	hdr = (struct udphdr *)(skb->data + hdroff);
@@ -91,7 +91,7 @@ static bool udplite_manip_pkt(struct sk_buff *skb, 
#ifdef CONFIG_NF_CT_PROTO_UDPLITE

	struct udphdr *hdr;



	if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))

	if (skb_ensure_writable(skb, hdroff + sizeof(*hdr)))

		return false;



	hdr = (struct udphdr *)(skb->data + hdroff);
@@ -117,7 +117,7 @@ sctp_manip_pkt(struct sk_buff *skb, 
	if (skb->len >= hdroff + sizeof(*hdr))

		hdrsize = sizeof(*hdr);



	if (!skb_make_writable(skb, hdroff + hdrsize))

	if (skb_ensure_writable(skb, hdroff + hdrsize))

		return false;



	hdr = (struct sctphdr *)(skb->data + hdroff);
@@ -158,7 +158,7 @@ tcp_manip_pkt(struct sk_buff *skb, 
	if (skb->len >= hdroff + sizeof(struct tcphdr))

		hdrsize = sizeof(struct tcphdr);



	if (!skb_make_writable(skb, hdroff + hdrsize))

	if (skb_ensure_writable(skb, hdroff + hdrsize))

		return false;



	hdr = (struct tcphdr *)(skb->data + hdroff);
@@ -198,7 +198,7 @@ dccp_manip_pkt(struct sk_buff *skb, 
	if (skb->len >= hdroff + sizeof(struct dccp_hdr))

		hdrsize = sizeof(struct dccp_hdr);



	if (!skb_make_writable(skb, hdroff + hdrsize))

	if (skb_ensure_writable(skb, hdroff + hdrsize))

		return false;



	hdr = (struct dccp_hdr *)(skb->data + hdroff);
@@ -232,7 +232,7 @@ icmp_manip_pkt(struct sk_buff *skb, 
{

	struct icmphdr *hdr;



	if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))

	if (skb_ensure_writable(skb, hdroff + sizeof(*hdr)))

		return false;



	hdr = (struct icmphdr *)(skb->data + hdroff);
@@ -250,7 +250,7 @@ icmpv6_manip_pkt(struct sk_buff *skb, 
{

	struct icmp6hdr *hdr;



	if (!skb_make_writable(skb, hdroff + sizeof(*hdr)))

	if (skb_ensure_writable(skb, hdroff + sizeof(*hdr)))

		return false;



	hdr = (struct icmp6hdr *)(skb->data + hdroff);
@@ -278,7 +278,7 @@ gre_manip_pkt(struct sk_buff *skb, 


	/* pgreh includes two optional 32bit fields which are not required

	 * to be there.  That's where the magic '8' comes from */

	if (!skb_make_writable(skb, hdroff + sizeof(*pgreh) - 8))

	if (skb_ensure_writable(skb, hdroff + sizeof(*pgreh) - 8))

		return false;



	greh = (void *)skb->data + hdroff;
@@ -350,7 +350,7 @@ static bool nf_nat_ipv4_manip_pkt(struct sk_buff *skb, 
	struct iphdr *iph;

	unsigned int hdroff;



	if (!skb_make_writable(skb, iphdroff + sizeof(*iph)))

	if (skb_ensure_writable(skb, iphdroff + sizeof(*iph)))

		return false;



	iph = (void *)skb->data + iphdroff;
@@ -381,7 +381,7 @@ static bool nf_nat_ipv6_manip_pkt(struct sk_buff *skb, 
	int hdroff;

	u8 nexthdr;



	if (!skb_make_writable(skb, iphdroff + sizeof(*ipv6h)))

	if (skb_ensure_writable(skb, iphdroff + sizeof(*ipv6h)))

		return false;



	ipv6h = (void *)skb->data + iphdroff;
@@ -565,7 +565,7 @@ int nf_nat_icmp_reply_translation(struct sk_buff *skb, 


	WARN_ON(ctinfo != IP_CT_RELATED && ctinfo != IP_CT_RELATED_REPLY);



	if (!skb_make_writable(skb, hdrlen + sizeof(*inside)))

	if (skb_ensure_writable(skb, hdrlen + sizeof(*inside)))

		return 0;

	if (nf_ip_checksum(skb, hooknum, hdrlen, 0))

		return 0;
@@ -787,7 +787,7 @@ int nf_nat_icmpv6_reply_translation(struct sk_buff *skb, 


	WARN_ON(ctinfo != IP_CT_RELATED && ctinfo != IP_CT_RELATED_REPLY);



	if (!skb_make_writable(skb, hdrlen + sizeof(*inside)))

	if (skb_ensure_writable(skb, hdrlen + sizeof(*inside)))

		return 0;

	if (nf_ip6_checksum(skb, hooknum, hdrlen, IPPROTO_ICMPV6))

		return 0;

CRA Git | Maintained and supported by SUSTech CRA and CCSE