update to 2.6.9-rc1

[linux-flexiantxendom0-3.2.10.git] / net / ipv4 / netfilter / ip_nat_standalone.c

diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
index a416fdb..9208e8a 100644 (file)
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -99,11 +99,13 @@ ip_nat_fn(unsigned int hooknum,
                    hash table yet).  We must not let this through, in
                    case we're doing NAT to the same network. */
                if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) {
-                       struct icmphdr hdr;
+                       struct icmphdr _hdr, *hp;
 
-                       if (skb_copy_bits(*pskb, (*pskb)->nh.iph->ihl*4,
-                                         &hdr, sizeof(hdr)) == 0
-                           && hdr.type == ICMP_REDIRECT)
+                       hp = skb_header_pointer(*pskb,
+                                               (*pskb)->nh.iph->ihl*4,
+                                               sizeof(_hdr), &_hdr);
+                       if (hp != NULL &&
+                           hp->type == ICMP_REDIRECT)
                                return NF_DROP;
                }
                return NF_ACCEPT;