These changes are the raw update to linux-4.4.6-rt14. Kernel sources

[kvmfornfv.git] / kernel / net / ipv4 / netfilter / nf_defrag_ipv4.c

diff --git a/kernel/net/ipv4/netfilter/nf_defrag_ipv4.c b/kernel/net/ipv4/netfilter/nf_defrag_ipv4.c
index c88b7d4..a04dee5 100644 (file)
--- a/kernel/net/ipv4/netfilter/nf_defrag_ipv4.c
+++ b/kernel/net/ipv4/netfilter/nf_defrag_ipv4.c
@@ -22,14 +22,13 @@
 #endif
 #include <net/netfilter/nf_conntrack_zones.h>
 
-static int nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
+static int nf_ct_ipv4_gather_frags(struct net *net, struct sk_buff *skb,
+                                  u_int32_t user)
 {
        int err;
 
-       skb_orphan(skb);
-
        local_bh_disable();
-       err = ip_defrag(skb, user);
+       err = ip_defrag(net, skb, user);
        local_bh_enable();
 
        if (!err) {
@@ -43,33 +42,32 @@ static int nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
 static enum ip_defrag_users nf_ct_defrag_user(unsigned int hooknum,
                                              struct sk_buff *skb)
 {
-       u16 zone = NF_CT_DEFAULT_ZONE;
-
+       u16 zone_id = NF_CT_DEFAULT_ZONE_ID;
 #if IS_ENABLED(CONFIG_NF_CONNTRACK)
-       if (skb->nfct)
-               zone = nf_ct_zone((struct nf_conn *)skb->nfct);
-#endif
+       if (skb->nfct) {
+               enum ip_conntrack_info ctinfo;
+               const struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
 
-#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
-       if (skb->nf_bridge &&
-           skb->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)
-               return IP_DEFRAG_CONNTRACK_BRIDGE_IN + zone;
+               zone_id = nf_ct_zone_id(nf_ct_zone(ct), CTINFO2DIR(ctinfo));
+       }
 #endif
+       if (nf_bridge_in_prerouting(skb))
+               return IP_DEFRAG_CONNTRACK_BRIDGE_IN + zone_id;
+
        if (hooknum == NF_INET_PRE_ROUTING)
-               return IP_DEFRAG_CONNTRACK_IN + zone;
+               return IP_DEFRAG_CONNTRACK_IN + zone_id;
        else
-               return IP_DEFRAG_CONNTRACK_OUT + zone;
+               return IP_DEFRAG_CONNTRACK_OUT + zone_id;
 }
 
-static unsigned int ipv4_conntrack_defrag(const struct nf_hook_ops *ops,
+static unsigned int ipv4_conntrack_defrag(void *priv,
                                          struct sk_buff *skb,
                                          const struct nf_hook_state *state)
 {
        struct sock *sk = skb->sk;
-       struct inet_sock *inet = inet_sk(skb->sk);
 
-       if (sk && (sk->sk_family == PF_INET) &&
-           inet->nodefrag)
+       if (sk && sk_fullsock(sk) && (sk->sk_family == PF_INET) &&
+           inet_sk(sk)->nodefrag)
                return NF_ACCEPT;
 
 #if IS_ENABLED(CONFIG_NF_CONNTRACK)
@@ -83,9 +81,9 @@ static unsigned int ipv4_conntrack_defrag(const struct nf_hook_ops *ops,
        /* Gather fragments. */
        if (ip_is_fragment(ip_hdr(skb))) {
                enum ip_defrag_users user =
-                       nf_ct_defrag_user(ops->hooknum, skb);
+                       nf_ct_defrag_user(state->hook, skb);
 
-               if (nf_ct_ipv4_gather_frags(skb, user))
+               if (nf_ct_ipv4_gather_frags(state->net, skb, user))
                        return NF_STOLEN;
        }
        return NF_ACCEPT;
@@ -94,14 +92,12 @@ static unsigned int ipv4_conntrack_defrag(const struct nf_hook_ops *ops,
 static struct nf_hook_ops ipv4_defrag_ops[] = {
        {
                .hook           = ipv4_conntrack_defrag,
-               .owner          = THIS_MODULE,
                .pf             = NFPROTO_IPV4,
                .hooknum        = NF_INET_PRE_ROUTING,
                .priority       = NF_IP_PRI_CONNTRACK_DEFRAG,
        },
        {
                .hook           = ipv4_conntrack_defrag,
-               .owner          = THIS_MODULE,
                .pf             = NFPROTO_IPV4,
                .hooknum        = NF_INET_LOCAL_OUT,
                .priority       = NF_IP_PRI_CONNTRACK_DEFRAG,