static inline int ip_local_deliver_finish(struct sk_buff *skb) { int ihl = skb->nh.iph->ihl*4; #ifdef CONFIG_NETFILTER_DEBUG nf_debug_ip_local_deliver(skb); #endif /*CONFIG_NETFILTER_DEBUG*/ __skb_pull(skb, ihl); #ifdef CONFIG_NETFILTER /* Free reference early: we don't need it any more, and it may hold ip_conntrack module loaded indefinitely. */ nf_conntrack_put(skb->nfct); skb->nfct = NULL; #endif /*CONFIG_NETFILTER*/ /* Point into the IP datagram, just past the header. */ skb->h.raw = skb->data; { /* Note: See raw.c and net/raw.h, RAWV4_HTABLE_SIZE==MAX_INET_PROTOS */ int protocol = skb->nh.iph->protocol; int hash = protocol & (MAX_INET_PROTOS - 1); struct sock *raw_sk = raw_v4_htable[hash]; struct inet_protocol *ipprot; int flag; /* If there maybe a raw socket we must check - if not we * don't care less */ if(raw_sk != NULL) raw_sk = raw_v4_input(skb, skb->nh.iph, hash); ipprot = (struct inet_protocol *) inet_protos[hash]; flag = 0; if(ipprot != NULL) { if(raw_sk == NULL && ipprot->next == NULL && ipprot->protocol == protocol) { int ret; /* Fast path... */ ret = ipprot->handler(skb); return ret; } else { flag = ip_run_ipprot(skb, skb->nh.iph, ipprot, (raw_sk != NULL)); } } /* All protocols checked. * If this packet was a broadcast, we may *not* reply to it, since that * causes (proven, grin) ARP storms and a leakage of memory (i.e. all * ICMP reply messages get queued up for transmission...) */ if(raw_sk != NULL) { /* Shift to last raw user */ raw_rcv(raw_sk, skb); sock_put(raw_sk); } else if (!flag) { /* Free and report errors */ icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PROT_UNREACH, 0); kfree_skb(skb); } } return 0; }
static inline int ip_local_deliver_finish(struct sk_buff *skb) { int ihl = skb->nh.iph->ihl*4; #ifdef CONFIG_NETFILTER_DEBUG nf_debug_ip_local_deliver(skb); #endif /*CONFIG_NETFILTER_DEBUG*/ __skb_pull(skb, ihl); /* Free reference early: we don't need it any more, and it may hold ip_conntrack module loaded indefinitely. */ nf_reset(skb); /* Point into the IP datagram, just past the header. */ skb->h.raw = skb->data; rcu_read_lock(); { /* Note: See raw.c and net/raw.h, RAWV4_HTABLE_SIZE==MAX_INET_PROTOS */ int protocol = skb->nh.iph->protocol; int hash; struct sock *raw_sk; struct net_protocol *ipprot; resubmit: hash = protocol & (MAX_INET_PROTOS - 1); raw_sk = sk_head(&raw_v4_htable[hash]); /* If there maybe a raw socket we must check - if not we * don't care less */ if (raw_sk) raw_v4_input(skb, skb->nh.iph, hash); if ((ipprot = rcu_dereference(inet_protos[hash])) != NULL) { int ret; if (!ipprot->no_policy && !xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) { kfree_skb(skb); goto out; } ret = ipprot->handler(skb); if (ret < 0) { protocol = -ret; goto resubmit; } IP_INC_STATS_BH(IPSTATS_MIB_INDELIVERS); } else { if (!raw_sk) { if (xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) { IP_INC_STATS_BH(IPSTATS_MIB_INUNKNOWNPROTOS); icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PROT_UNREACH, 0); } } else IP_INC_STATS_BH(IPSTATS_MIB_INDELIVERS); kfree_skb(skb); } } out: rcu_read_unlock(); return 0; }