SOURCES (LINUX_2_6): kernel-pom-ng-IPMARK.patch, kernel-pom-ng-IPV...
baggins
baggins at pld-linux.org
Thu Aug 9 21:28:44 CEST 2007
Author: baggins Date: Thu Aug 9 19:28:44 2007 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- updated to 2.6.22 API
---- Files affected:
SOURCES:
kernel-pom-ng-IPMARK.patch (1.1.2.1 -> 1.1.2.2) , kernel-pom-ng-IPV4OPTSSTRIP.patch (1.1.2.1 -> 1.1.2.2) , kernel-pom-ng-ROUTE.patch (1.1.2.2 -> 1.1.2.3) , kernel-pom-ng-TARPIT.patch (1.1.2.2 -> 1.1.2.3) , kernel-pom-ng-geoip.patch (1.1.2.1 -> 1.1.2.2) , kernel-pom-ng-ipv4options.patch (1.1.2.1 -> 1.1.2.2) , kernel-pom-ng-mms-conntrack-nat.patch (1.1.2.2 -> 1.1.2.3) , kernel-pom-ng-set.patch (1.1.2.2 -> 1.1.2.3)
---- Diffs:
================================================================
Index: SOURCES/kernel-pom-ng-IPMARK.patch
diff -u SOURCES/kernel-pom-ng-IPMARK.patch:1.1.2.1 SOURCES/kernel-pom-ng-IPMARK.patch:1.1.2.2
--- SOURCES/kernel-pom-ng-IPMARK.patch:1.1.2.1 Wed May 30 13:53:30 2007
+++ SOURCES/kernel-pom-ng-IPMARK.patch Thu Aug 9 21:28:39 2007
@@ -82,7 +82,7 @@
+ )
+{
+ const struct ipt_ipmark_target_info *ipmarkinfo = targinfo;
-+ struct iphdr *iph = (*pskb)->nh.iph;
++ struct iphdr *iph = ip_hdr(*pskb);
+ unsigned long mark;
+
+ if (ipmarkinfo->addr == IPT_IPMARK_SRC)
================================================================
Index: SOURCES/kernel-pom-ng-IPV4OPTSSTRIP.patch
diff -u SOURCES/kernel-pom-ng-IPV4OPTSSTRIP.patch:1.1.2.1 SOURCES/kernel-pom-ng-IPV4OPTSSTRIP.patch:1.1.2.2
--- SOURCES/kernel-pom-ng-IPV4OPTSSTRIP.patch:1.1.2.1 Wed May 30 13:53:30 2007
+++ SOURCES/kernel-pom-ng-IPV4OPTSSTRIP.patch Thu Aug 9 21:28:39 2007
@@ -68,7 +68,7 @@
+ return NF_DROP;
+
+ skb = (*pskb);
-+ iph = (*pskb)->nh.iph;
++ iph = ip_hdr(*pskb);
+ optiph = skb->nh.raw;
+ l = ((struct ip_options *)(&(IPCB(skb)->opt)))->optlen;
+
================================================================
Index: SOURCES/kernel-pom-ng-ROUTE.patch
diff -u SOURCES/kernel-pom-ng-ROUTE.patch:1.1.2.2 SOURCES/kernel-pom-ng-ROUTE.patch:1.1.2.3
--- SOURCES/kernel-pom-ng-ROUTE.patch:1.1.2.2 Thu Aug 2 14:01:36 2007
+++ SOURCES/kernel-pom-ng-ROUTE.patch Thu Aug 9 21:28:39 2007
@@ -392,7 +392,7 @@
+ if (hooknum == NF_IP_PRE_ROUTING ||
+ hooknum == NF_IP_LOCAL_IN) {
+
-+ struct iphdr *iph = skb->nh.iph;
++ struct iphdr *iph = ip_hdr(skb);
+
+ if (iph->ttl <= 1) {
+ struct rtable *rt;
@@ -649,7 +649,7 @@
+ const struct ip6t_route_target_info *route_info)
+{
+ struct rt6_info *rt = NULL;
-+ struct ipv6hdr *ipv6h = skb->nh.ipv6h;
++ struct ipv6hdr *ipv6h = ipv6_hdr(skb);
+ struct in6_addr *gw = (struct in6_addr*)&route_info->gw;
+
+ DEBUGP("ip6t_ROUTE: called with: ");
@@ -797,7 +797,7 @@
+ if (hooknum == NF_IP6_PRE_ROUTING ||
+ hooknum == NF_IP6_LOCAL_IN) {
+
-+ struct ipv6hdr *ipv6h = skb->nh.ipv6h;
++ struct ipv6hdr *ipv6h = ipv6_hdr(skb);
+
+ if (ipv6h->hop_limit <= 1) {
+ /* Force OUTPUT device used as source address */
================================================================
Index: SOURCES/kernel-pom-ng-TARPIT.patch
diff -u SOURCES/kernel-pom-ng-TARPIT.patch:1.1.2.2 SOURCES/kernel-pom-ng-TARPIT.patch:1.1.2.3
--- SOURCES/kernel-pom-ng-TARPIT.patch:1.1.2.2 Tue Aug 7 18:51:07 2007
+++ SOURCES/kernel-pom-ng-TARPIT.patch Thu Aug 9 21:28:39 2007
@@ -88,12 +88,12 @@
+ u_int16_t tmp;
+
+ /* A truncated TCP header isn't going to be useful */
-+ if (oskb->len < (oskb->nh.iph->ihl*4) + sizeof(struct tcphdr))
++ if (oskb->len < (ip_hdr(oskb)->ihl*4) + sizeof(struct tcphdr))
+ return;
+
-+ otcph = (struct tcphdr *)((u_int32_t*)oskb->nh.iph
-+ + oskb->nh.iph->ihl);
-+ otcplen = oskb->len - oskb->nh.iph->ihl*4;
++ otcph = (struct tcphdr *)((u_int32_t*)ip_hdr(oskb)
++ + ip_hdr(oskb)->ihl);
++ otcplen = oskb->len - ip_hdr(oskb)->ihl*4;
+
+ /* No replies for RST or FIN */
+ if (otcph->rst || otcph->fin)
@@ -104,8 +104,8 @@
+ return;
+
+ /* Check checksum. */
-+ if (tcp_v4_check(otcplen, oskb->nh.iph->saddr,
-+ oskb->nh.iph->daddr,
++ if (tcp_v4_check(otcplen, ip_hdr(oskb)->saddr,
++ ip_hdr(oskb)->daddr,
+ csum_partial((char *)otcph, otcplen, 0)) != 0)
+ return;
+
@@ -123,23 +123,23 @@
+ nskb->nf_debug = 0;
+#endif
+
-+ ntcph = (struct tcphdr *)((u_int32_t*)nskb->nh.iph + nskb->nh.iph->ihl);
++ ntcph = (struct tcphdr *)((u_int32_t*)ip_hdr(nskb) + ip_hdr(nskb)->ihl);
+
+ /* Truncate to length (no data) */
+ ntcph->doff = sizeof(struct tcphdr)/4;
-+ skb_trim(nskb, nskb->nh.iph->ihl*4 + sizeof(struct tcphdr));
-+ nskb->nh.iph->tot_len = htons(nskb->len);
++ skb_trim(nskb, ip_hdr(nskb)->ihl*4 + sizeof(struct tcphdr));
++ ip_hdr(nskb)->tot_len = htons(nskb->len);
+
+ /* Swap source and dest */
-+ nskb->nh.iph->daddr = xchg(&nskb->nh.iph->saddr, nskb->nh.iph->daddr);
++ ip_hdr(nskb)->daddr = xchg(&ip_hdr(nskb)->saddr, ip_hdr(nskb)->daddr);
+ tmp = ntcph->source;
+ ntcph->source = ntcph->dest;
+ ntcph->dest = tmp;
+
+ /* Use supplied sequence number or make a new one */
+ ntcph->seq = otcph->ack ? otcph->ack_seq
-+ : htonl(secure_tcp_sequence_number(nskb->nh.iph->saddr,
-+ nskb->nh.iph->daddr,
++ : htonl(secure_tcp_sequence_number(ip_hdr(nskb)->saddr,
++ ip_hdr(nskb)->daddr,
+ ntcph->source,
+ ntcph->dest));
+
@@ -163,14 +163,14 @@
+ /* Adjust TCP checksum */
+ ntcph->check = 0;
+ ntcph->check = tcp_v4_check(sizeof(struct tcphdr),
-+ nskb->nh.iph->saddr,
-+ nskb->nh.iph->daddr,
++ ip_hdr(nskb)->saddr,
++ ip_hdr(nskb)->daddr,
+ csum_partial((char *)ntcph,
+ sizeof(struct tcphdr), 0));
+
-+ fl.nl_u.ip4_u.daddr = nskb->nh.iph->daddr;
-+ fl.nl_u.ip4_u.saddr = local ? nskb->nh.iph->saddr : 0;
-+ fl.nl_u.ip4_u.tos = RT_TOS(nskb->nh.iph->tos) | RTO_CONN;
++ fl.nl_u.ip4_u.daddr = ip_hdr(nskb)->daddr;
++ fl.nl_u.ip4_u.saddr = local ? ip_hdr(nskb)->saddr : 0;
++ fl.nl_u.ip4_u.tos = RT_TOS(ip_hdr(nskb)->tos) | RTO_CONN;
+ fl.oif = 0;
+
+ if (ip_route_output_key(&nrt, &fl))
@@ -180,16 +180,16 @@
+ nskb->dst = &nrt->u.dst;
+
+ /* Adjust IP TTL */
-+ nskb->nh.iph->ttl = dst_metric(nskb->dst, RTAX_HOPLIMIT);
++ ip_hdr(nskb)->ttl = dst_metric(nskb->dst, RTAX_HOPLIMIT);
+
+ /* Set DF, id = 0 */
-+ nskb->nh.iph->frag_off = htons(IP_DF);
-+ nskb->nh.iph->id = 0;
++ ip_hdr(nskb)->frag_off = htons(IP_DF);
++ ip_hdr(nskb)->id = 0;
+
+ /* Adjust IP checksum */
-+ nskb->nh.iph->check = 0;
-+ nskb->nh.iph->check = ip_fast_csum((unsigned char *)nskb->nh.iph,
-+ nskb->nh.iph->ihl);
++ ip_hdr(nskb)->check = 0;
++ ip_hdr(nskb)->check = ip_fast_csum((unsigned char *)ip_hdr(nskb),
++ ip_hdr(nskb)->ihl);
+
+ /* "Never happens" */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,12)
@@ -232,11 +232,11 @@
+
+ /* Our naive response construction doesn't deal with IP
+ options, and probably shouldn't try. */
-+ if (skb->nh.iph->ihl*4 != sizeof(struct iphdr))
++ if (ip_hdr(skb)->ihl*4 != sizeof(struct iphdr))
+ return NF_DROP;
+
+ /* We aren't interested in fragments */
-+ if (skb->nh.iph->frag_off & htons(IP_OFFSET))
++ if (ip_hdr(skb)->frag_off & htons(IP_OFFSET))
+ return NF_DROP;
+
+ tarpit_tcp(skb,rt,hooknum == NF_IP_LOCAL_IN);
================================================================
Index: SOURCES/kernel-pom-ng-geoip.patch
diff -u SOURCES/kernel-pom-ng-geoip.patch:1.1.2.1 SOURCES/kernel-pom-ng-geoip.patch:1.1.2.2
--- SOURCES/kernel-pom-ng-geoip.patch:1.1.2.1 Wed May 30 13:53:30 2007
+++ SOURCES/kernel-pom-ng-geoip.patch Thu Aug 9 21:28:39 2007
@@ -204,7 +204,7 @@
+{
+ const struct ipt_geoip_info *info = matchinfo;
+ const struct geoip_info *node; /* This keeps the code sexy */
-+ const struct iphdr *iph = skb->nh.iph;
++ const struct iphdr *iph = ip_hdr(skb);
+ u_int32_t ip, j;
+ u_int8_t i;
+
================================================================
Index: SOURCES/kernel-pom-ng-ipv4options.patch
diff -u SOURCES/kernel-pom-ng-ipv4options.patch:1.1.2.1 SOURCES/kernel-pom-ng-ipv4options.patch:1.1.2.2
--- SOURCES/kernel-pom-ng-ipv4options.patch:1.1.2.1 Wed May 30 13:53:30 2007
+++ SOURCES/kernel-pom-ng-ipv4options.patch Thu Aug 9 21:28:39 2007
@@ -96,7 +96,7 @@
+ int *hotdrop)
+{
+ const struct ipt_ipv4options_info *info = matchinfo; /* match info for rule */
-+ const struct iphdr *iph = skb->nh.iph;
++ const struct iphdr *iph = ip_hdr(skb);
+ const struct ip_options *opt;
+
+ if (iph->ihl * 4 == sizeof(struct iphdr)) {
================================================================
Index: SOURCES/kernel-pom-ng-mms-conntrack-nat.patch
diff -u SOURCES/kernel-pom-ng-mms-conntrack-nat.patch:1.1.2.2 SOURCES/kernel-pom-ng-mms-conntrack-nat.patch:1.1.2.3
--- SOURCES/kernel-pom-ng-mms-conntrack-nat.patch:1.1.2.2 Tue Aug 7 13:24:16 2007
+++ SOURCES/kernel-pom-ng-mms-conntrack-nat.patch Thu Aug 9 21:28:39 2007
@@ -225,7 +225,7 @@
+{
+ u_int32_t newip;
+ struct nf_conn *ct = expect->master;
-+ struct iphdr *iph = (*pskb)->nh.iph;
++ struct iphdr *iph = ip_hdr(*pskb);
+ struct tcphdr *tcph = (void *) iph + iph->ihl * 4;
+ char *data = (char *)tcph + tcph->doff * 4;
+ int i, j, k, port;
================================================================
Index: SOURCES/kernel-pom-ng-set.patch
diff -u SOURCES/kernel-pom-ng-set.patch:1.1.2.2 SOURCES/kernel-pom-ng-set.patch:1.1.2.3
--- SOURCES/kernel-pom-ng-set.patch:1.1.2.2 Tue Aug 7 18:51:08 2007
+++ SOURCES/kernel-pom-ng-set.patch Thu Aug 9 21:28:39 2007
@@ -3202,8 +3202,8 @@
+{
+ return __testip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ hash_ip);
+}
+
@@ -3259,8 +3259,8 @@
+{
+ return __addip((struct ip_set_iphash *) set->data,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ hash_ip);
+}
+
@@ -3382,8 +3382,8 @@
+{
+ return __delip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ hash_ip);
+}
+
@@ -3599,13 +3599,13 @@
+
+ DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u",
+ flags[index] & IPSET_SRC ? "SRC" : "DST",
-+ NIPQUAD(skb->nh.iph->saddr),
-+ NIPQUAD(skb->nh.iph->daddr));
++ NIPQUAD(ip_hdr(skb)->saddr),
++ NIPQUAD(ip_hdr(skb)->daddr));
+
+ res = __testip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ hash_ip);
+ return (res < 0 ? 0 : res);
+}
@@ -3652,8 +3652,8 @@
+{
+ return __addip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ hash_ip);
+}
+
@@ -3698,8 +3698,8 @@
+{
+ return __delip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ hash_ip);
+}
+
@@ -3895,7 +3895,7 @@
+static inline ip_set_ip_t
+get_port(const struct sk_buff *skb, u_int32_t flags)
+{
-+ struct iphdr *iph = skb->nh.iph;
++ struct iphdr *iph = ip_hdr(skb);
+ u_int16_t offset = ntohs(iph->frag_off) & IP_OFFSET;
+
+ switch (iph->protocol) {
@@ -3906,7 +3906,7 @@
+ if (offset)
+ return INVALID_PORT;
+
-+ if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &tcph, sizeof(tcph)) < 0)
++ if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &tcph, sizeof(tcph)) < 0)
+ /* No choice either */
+ return INVALID_PORT;
+
@@ -3919,7 +3919,7 @@
+ if (offset)
+ return INVALID_PORT;
+
-+ if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &udph, sizeof(udph)) < 0)
++ if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &udph, sizeof(udph)) < 0)
+ /* No choice either */
+ return INVALID_PORT;
+
@@ -4009,8 +4009,8 @@
+
+ DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u",
+ flags[index] & IPSET_SRC ? "SRC" : "DST",
-+ NIPQUAD(skb->nh.iph->saddr),
-+ NIPQUAD(skb->nh.iph->daddr));
++ NIPQUAD(ip_hdr(skb)->saddr),
++ NIPQUAD(ip_hdr(skb)->daddr));
+ DP("flag %s port %u",
+ flags[index+1] & IPSET_SRC ? "SRC" : "DST",
+ port);
@@ -4019,8 +4019,8 @@
+
+ return __testip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ port,
+ hash_ip);
+}
@@ -4094,8 +4094,8 @@
+
+ DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u",
+ flags[index] & IPSET_SRC ? "SRC" : "DST",
-+ NIPQUAD(skb->nh.iph->saddr),
-+ NIPQUAD(skb->nh.iph->daddr));
++ NIPQUAD(ip_hdr(skb)->saddr),
++ NIPQUAD(ip_hdr(skb)->daddr));
+ DP("flag %s port %u",
+ flags[index+1] & IPSET_SRC ? "SRC" : "DST",
+ port);
@@ -4104,8 +4104,8 @@
+
+ return __addip((struct ip_set_ipporthash *) set->data,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ port,
+ hash_ip);
+}
@@ -4239,8 +4239,8 @@
+
+ DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u",
+ flags[index] & IPSET_SRC ? "SRC" : "DST",
-+ NIPQUAD(skb->nh.iph->saddr),
-+ NIPQUAD(skb->nh.iph->daddr));
++ NIPQUAD(ip_hdr(skb)->saddr),
++ NIPQUAD(ip_hdr(skb)->daddr));
+ DP("flag %s port %u",
+ flags[index+1] & IPSET_SRC ? "SRC" : "DST",
+ port);
@@ -4249,8 +4249,8 @@
+
+ return __delip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ port,
+ hash_ip);
+}
@@ -4508,13 +4508,13 @@
+
+ DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u",
+ flags[index] & IPSET_SRC ? "SRC" : "DST",
-+ NIPQUAD(skb->nh.iph->saddr),
-+ NIPQUAD(skb->nh.iph->daddr));
++ NIPQUAD(ip_hdr(skb)->saddr),
++ NIPQUAD(ip_hdr(skb)->daddr));
+
+ res = __testip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ hash_ip);
+ return (res < 0 ? 0 : res);
+}
@@ -4602,8 +4602,8 @@
+
+ return __addip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ map->timeout,
+ hash_ip,
+ GFP_ATOMIC);
@@ -4667,8 +4667,8 @@
+{
+ return __delip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ hash_ip);
+}
+
@@ -5045,12 +5045,12 @@
+ ip_set_ip_t ip;
+
+ ip = ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr);
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr);
+ DP("flag: %s src: %u.%u.%u.%u dst: %u.%u.%u.%u",
+ flags[index] & IPSET_SRC ? "SRC" : "DST",
-+ NIPQUAD(skb->nh.iph->saddr),
-+ NIPQUAD(skb->nh.iph->daddr));
++ NIPQUAD(ip_hdr(skb)->saddr),
++ NIPQUAD(ip_hdr(skb)->daddr));
+
+ if (ip < map->first_ip || ip > map->last_ip)
+ return 0;
@@ -5120,8 +5120,8 @@
+ ip_set_ip_t ip;
+
+ ip = ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr);
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr);
+
+ if (!(skb->mac.raw >= skb->head
+ && (skb->mac.raw + ETH_HLEN) <= skb->data))
@@ -5174,8 +5174,8 @@
+{
+ return __delip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ hash_ip);
+}
+
@@ -5444,8 +5444,8 @@
+{
+ return __testip(set,
+ ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr),
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr),
+ hash_ip);
+}
+
@@ -5537,8 +5537,8 @@
+ struct ip_set_nethash *map = (struct ip_set_nethash *) set->data;
+ int ret = -ERANGE;
+ ip_set_ip_t ip = ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr);
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr);
+
+ if (map->cidr[0])
+ ret = __addip(map, ip, map->cidr[0], hash_ip);
@@ -5666,8 +5666,8 @@
+ struct ip_set_nethash *map = (struct ip_set_nethash *) set->data;
+ int ret = -ERANGE;
+ ip_set_ip_t ip = ntohl(flags[index] & IPSET_SRC
-+ ? skb->nh.iph->saddr
-+ : skb->nh.iph->daddr);
++ ? ip_hdr(skb)->saddr
++ : ip_hdr(skb)->daddr);
+
+ if (map->cidr[0])
+ ret = __delip(map, ip, map->cidr[0], hash_ip);
@@ -5845,7 +5845,7 @@
+static inline ip_set_ip_t
+get_port(const struct sk_buff *skb, u_int32_t flags)
+{
-+ struct iphdr *iph = skb->nh.iph;
++ struct iphdr *iph = ip_hdr(skb);
+ u_int16_t offset = ntohs(iph->frag_off) & IP_OFFSET;
+
+ switch (iph->protocol) {
@@ -5856,7 +5856,7 @@
+ if (offset)
+ return INVALID_PORT;
+
-+ if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &tcph, sizeof(tcph)) < 0)
++ if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &tcph, sizeof(tcph)) < 0)
+ /* No choice either */
+ return INVALID_PORT;
+
@@ -5869,7 +5869,7 @@
+ if (offset)
+ return INVALID_PORT;
+
-+ if (skb_copy_bits(skb, skb->nh.iph->ihl*4, &udph, sizeof(udph)) < 0)
++ if (skb_copy_bits(skb, ip_hdr(skb)->ihl*4, &udph, sizeof(udph)) < 0)
+ /* No choice either */
+ return INVALID_PORT;
+
================================================================
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/kernel-pom-ng-IPMARK.patch?r1=1.1.2.1&r2=1.1.2.2&f=u
http://cvs.pld-linux.org/SOURCES/kernel-pom-ng-IPV4OPTSSTRIP.patch?r1=1.1.2.1&r2=1.1.2.2&f=u
http://cvs.pld-linux.org/SOURCES/kernel-pom-ng-ROUTE.patch?r1=1.1.2.2&r2=1.1.2.3&f=u
http://cvs.pld-linux.org/SOURCES/kernel-pom-ng-TARPIT.patch?r1=1.1.2.2&r2=1.1.2.3&f=u
http://cvs.pld-linux.org/SOURCES/kernel-pom-ng-geoip.patch?r1=1.1.2.1&r2=1.1.2.2&f=u
http://cvs.pld-linux.org/SOURCES/kernel-pom-ng-ipv4options.patch?r1=1.1.2.1&r2=1.1.2.2&f=u
http://cvs.pld-linux.org/SOURCES/kernel-pom-ng-mms-conntrack-nat.patch?r1=1.1.2.2&r2=1.1.2.3&f=u
http://cvs.pld-linux.org/SOURCES/kernel-pom-ng-set.patch?r1=1.1.2.2&r2=1.1.2.3&f=u
More information about the pld-cvs-commit
mailing list