diff --git a/extensions/xt_DELUDE.c b/extensions/xt_DELUDE.c index 89cc41a..6390f71 100644 --- a/extensions/xt_DELUDE.c +++ b/extensions/xt_DELUDE.c @@ -25,8 +25,8 @@ #include "compat_xtables.h" #define PFX KBUILD_MODNAME ": " -static void delude_send_reset(struct net *net, struct sk_buff *oldskb, - unsigned int hook) +static void delude_send_reset(struct net *net, struct sock *sk, + struct sk_buff *oldskb, unsigned int hook) { struct tcphdr _otcph, *tcph; const struct tcphdr *oth; @@ -121,7 +121,7 @@ static void delude_send_reset(struct net *net, struct sk_buff *oldskb, /* ip_route_me_harder expects skb->dst to be set */ skb_dst_set(nskb, dst_clone(skb_dst(oldskb))); - if (ip_route_me_harder(net, nskb->sk, nskb, addr_type)) + if (ip_route_me_harder(net, sk, nskb, addr_type)) goto free_nskb; else niph = ip_hdr(nskb); @@ -150,7 +150,7 @@ delude_tg(struct sk_buff *skb, const struct xt_action_param *par) * a problem, as that is supported since Linux 2.6.35. But since we do not * actually want to have a connection open, we are still going to drop it. */ - delude_send_reset(par_net(par), skb, par->state->hook); + delude_send_reset(par_net(par), par->state->sk, skb, par->state->hook); return NF_DROP; } diff --git a/extensions/xt_ECHO.c b/extensions/xt_ECHO.c index 4376d2f..f1e9600 100644 --- a/extensions/xt_ECHO.c +++ b/extensions/xt_ECHO.c @@ -113,7 +113,7 @@ echo_tg6(struct sk_buff *oldskb, const struct xt_action_param *par) goto free_nskb; nf_ct_attach(newskb, oldskb); - ip6_local_out(par_net(par), newskb->sk, newskb); + ip6_local_out(par_net(par), par->state->sk, newskb); return NF_DROP; free_nskb: @@ -191,7 +191,8 @@ echo_tg4(struct sk_buff *oldskb, const struct xt_action_param *par) /* ip_route_me_harder expects the skb's dst to be set */ skb_dst_set(newskb, dst_clone(skb_dst(oldskb))); - if (ip_route_me_harder(par_net(par), newskb->sk, newskb, RTN_UNSPEC) != 0) + if (ip_route_me_harder(par_net(par), par->state->sk, newskb, + RTN_UNSPEC) != 0) goto free_nskb; newip->ttl = ip4_dst_hoplimit(skb_dst(newskb)); diff --git a/extensions/xt_TARPIT.c b/extensions/xt_TARPIT.c index 118c26c..2deefb0 100644 --- a/extensions/xt_TARPIT.c +++ b/extensions/xt_TARPIT.c @@ -170,8 +170,8 @@ static bool tarpit_generic(struct tcphdr *tcph, const struct tcphdr *oth, return true; } -static void tarpit_tcp4(struct net *net, struct sk_buff *oldskb, - unsigned int hook, unsigned int mode) +static void tarpit_tcp4(struct net *net, struct sock *sk, + struct sk_buff *oldskb, unsigned int hook, unsigned int mode) { struct tcphdr _otcph, *tcph; const struct tcphdr *oth; @@ -265,7 +265,7 @@ static void tarpit_tcp4(struct net *net, struct sk_buff *oldskb, #endif addr_type = RTN_LOCAL; - if (ip_route_me_harder(net, nskb->sk, nskb, addr_type)) + if (ip_route_me_harder(net, sk, nskb, addr_type) != 0) goto free_nskb; else niph = ip_hdr(nskb); @@ -296,8 +296,8 @@ static void tarpit_tcp4(struct net *net, struct sk_buff *oldskb, } #ifdef WITH_IPV6 -static void tarpit_tcp6(struct net *net, struct sk_buff *oldskb, - unsigned int hook, unsigned int mode) +static void tarpit_tcp6(struct net *net, struct sock *sock, + struct sk_buff *oldskb, unsigned int hook, unsigned int mode) { struct sk_buff *nskb; struct tcphdr *tcph, oth; @@ -443,7 +443,8 @@ tarpit_tg4(struct sk_buff *skb, const struct xt_action_param *par) /* We are not interested in fragments */ if (iph->frag_off & htons(IP_OFFSET)) return NF_DROP; - tarpit_tcp4(par_net(par), skb, par->state->hook, info->variant); + tarpit_tcp4(par_net(par), par->state->sk, skb, par->state->hook, + info->variant); return NF_DROP; } @@ -484,7 +485,8 @@ tarpit_tg6(struct sk_buff *skb, const struct xt_action_param *par) pr_debug("addr is not unicast.\n"); return NF_DROP; } - tarpit_tcp6(par_net(par), skb, par->state->hook, info->variant); + tarpit_tcp6(par_net(par), par->state->sk, skb, par->state->hook, + info->variant); return NF_DROP; } #endif