From 5c1ee973226ac9cc1183f3a47e86903b14cae564 Mon Sep 17 00:00:00 2001 From: Yasuyuki Kozakai Date: Tue, 19 Oct 2004 06:13:27 +0200 Subject: [NETFILTER]: prearation of removing skb_linearize() This patch uses skb_header_pointer() so that packets can be parsed even though skb_linearize() doesn't exist. But this patch doesn't remove skb_linearize() yet. We can remove it after changing all match/target modules. Moreover ... - I deleted the optimization not to parse IPv6 extension header many time from previous patch. I'll send the patch to do this separately. - fixed the bug that "offset" argument of match functions are always 0. - deleted "hdr" and "datalen" argument and added "protoff" argument to match functions. "protoff" means the offset to Layer 4 protocol header. - the argument order of target function is changed likely IPv4 modules. This prevents user from meeting kernel panic when they use old match modules. - changed {tcp,udp,icmp6}_match(). These functions became very similar to codes in ip_tables.c again. Signed-off-by: Yasuyuki KOZAKAI Signed-off-by: Patrick McHardy --- include/linux/netfilter_ipv6/ip6_tables.h | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'include/linux') diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index 6f70cf3df39a..d6ac08c14dc1 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h @@ -355,13 +355,15 @@ struct ip6t_match /* Return true or false: return FALSE and set *hotdrop = 1 to force immediate packet drop. */ + /* Arguments changed since 2.6.9, as this must now handle + non-linear skb, using skb_header_pointer and + skb_ip_make_writable. */ int (*match)(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const void *matchinfo, int offset, - const void *hdr, - u_int16_t datalen, + unsigned int protoff, int *hotdrop); /* Called when user tries to insert an entry of this type. */ @@ -386,11 +388,13 @@ struct ip6t_target const char name[IP6T_FUNCTION_MAXNAMELEN]; - /* Returns verdict. */ + /* Returns verdict. Argument order changed since 2.6.9, as this + must now handle non-linear skbs, using skb_copy_bits and + skb_ip_make_writable. */ unsigned int (*target)(struct sk_buff **pskb, - unsigned int hooknum, const struct net_device *in, const struct net_device *out, + unsigned int hooknum, const void *targinfo, void *userdata); -- cgit v1.2.3