Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

[sfrench/cifs-2.6.git] / net / sched / act_nat.c

diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c
index d885ba311564d9a766fce6eac37edbaf0ed82b71..d0386a413e8dc9406d470e66af196efc40f4e226 100644 (file)
--- a/net/sched/act_nat.c
+++ b/net/sched/act_nat.c
@@ -159,6 +159,9 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
                        iph->daddr = new_addr;
 
                csum_replace4(&iph->check, addr, new_addr);
+       } else if ((iph->frag_off & htons(IP_OFFSET)) ||
+                  iph->protocol != IPPROTO_ICMP) {
+               goto out;
        }
 
        ihl = iph->ihl * 4;
@@ -202,7 +205,7 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
        {
                struct icmphdr *icmph;
 
-               if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph)))
+               if (!pskb_may_pull(skb, ihl + sizeof(*icmph)))
                        goto drop;
 
                icmph = (void *)(skb_network_header(skb) + ihl);
@@ -212,6 +215,10 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
                    (icmph->type != ICMP_PARAMETERPROB))
                        break;
 
+               if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph)))
+                       goto drop;
+
+               icmph = (void *)(skb_network_header(skb) + ihl);
                iph = (void *)(icmph + 1);
                if (egress)
                        addr = iph->daddr;
@@ -240,13 +247,14 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
                        iph->saddr = new_addr;
 
                inet_proto_csum_replace4(&icmph->checksum, skb, addr, new_addr,
-                                        1);
+                                        0);
                break;
        }
        default:
                break;
        }
 
+out:
        return action;
 
 drop:
@@ -261,40 +269,29 @@ static int tcf_nat_dump(struct sk_buff *skb, struct tc_action *a,
 {
        unsigned char *b = skb_tail_pointer(skb);
        struct tcf_nat *p = a->priv;
-       struct tc_nat *opt;
+       struct tc_nat opt;
        struct tcf_t t;
-       int s;
-
-       s = sizeof(*opt);
 
-       /* netlink spinlocks held above us - must use ATOMIC */
-       opt = kzalloc(s, GFP_ATOMIC);
-       if (unlikely(!opt))
-               return -ENOBUFS;
+       opt.old_addr = p->old_addr;
+       opt.new_addr = p->new_addr;
+       opt.mask = p->mask;
+       opt.flags = p->flags;
 
-       opt->old_addr = p->old_addr;
-       opt->new_addr = p->new_addr;
-       opt->mask = p->mask;
-       opt->flags = p->flags;
+       opt.index = p->tcf_index;
+       opt.action = p->tcf_action;
+       opt.refcnt = p->tcf_refcnt - ref;
+       opt.bindcnt = p->tcf_bindcnt - bind;
 
-       opt->index = p->tcf_index;
-       opt->action = p->tcf_action;
-       opt->refcnt = p->tcf_refcnt - ref;
-       opt->bindcnt = p->tcf_bindcnt - bind;
-
-       NLA_PUT(skb, TCA_NAT_PARMS, s, opt);
+       NLA_PUT(skb, TCA_NAT_PARMS, sizeof(opt), &opt);
        t.install = jiffies_to_clock_t(jiffies - p->tcf_tm.install);
        t.lastuse = jiffies_to_clock_t(jiffies - p->tcf_tm.lastuse);
        t.expires = jiffies_to_clock_t(p->tcf_tm.expires);
        NLA_PUT(skb, TCA_NAT_TM, sizeof(t), &t);
 
-       kfree(opt);
-
        return skb->len;
 
 nla_put_failure:
        nlmsg_trim(skb, b);
-       kfree(opt);
        return -1;
 }