1 files changed, 37 insertions, 24 deletions

diff --git a/kernel/ipt_DECRYPT.c b/kernel/ipt_DECRYPT.c
index ce59525..9458fa9 100644
--- a/kernel/ipt_DECRYPT.c
+++ b/kernel/ipt_DECRYPT.c
@@ -53,9 +53,15 @@ MODULE_DESCRIPTION ("SEPPL iptables Decryption Target");
 MODULE_AUTHOR("Lennart Poettering <"PACKAGE_BUGREPORT">");
 #endif
 
-static unsigned int ipt_DECRYPT_target(struct sk_buff **pskb, unsigned int hooknum, const struct net_device *in, const struct net_device *out, const void *_ti, void *userinfo) {
-	struct iphdr *ih = (*pskb)->nh.iph;
-    unsigned ihl = ih->ihl<<2;
+static unsigned int ipt_DECRYPT_target(struct sk_buff **pskb,
+                                       const struct net_device *in,
+                                       const struct net_device *out,
+                                       unsigned int hooknum,
+                                       const void *_ti,
+                                       void *userinfo) {
+    
+    struct iphdr *ih;
+    unsigned ihl;
     struct seppl_key *key;
     struct seppl_uncrypt_hdr *uh;
     struct seppl_crypt_hdr *ch;
@@ -64,9 +70,18 @@ static unsigned int ipt_DECRYPT_target(struct sk_buff **pskb, unsigned int hookn
     int crypt_l, bs;
     struct scatterlist sg[1];
 
+    if (!skb_ip_make_writable(pskb, (*pskb)->len)) {
+        if (net_ratelimit())
+            printk(KERN_ERR "ipt_DECRYPT: Failed to make skb writable.\n");
+        return NF_DROP;
+    }
+
+    ih = (*pskb)->nh.iph;
+    ihl = ih->ihl<<2;
+        
     if (ih->protocol != SEPPL_PROTOCOL) {
         if (net_ratelimit())
-            printk(KERN_ERR "ipt_DECRYPT: Incorrect protocol\n");
+            printk(KERN_ERR "ipt_DECRYPT: Incorrect protocol 0x%02x\n", ih->protocol);
         return NF_DROP;
     }
 
@@ -163,45 +178,43 @@ static unsigned int ipt_DECRYPT_target(struct sk_buff **pskb, unsigned int hookn
 }
 
 static int ipt_DECRYPT_check(const char *table, const struct ipt_entry *e, void *_ti, unsigned int ti_size, unsigned int hook_mask) {
- 	if (ti_size != IPT_ALIGN(sizeof(struct ipt_decrypt_info))) {
+    if (ti_size != IPT_ALIGN(sizeof(struct ipt_decrypt_info))) {
         printk(KERN_ERR "ipt_DECRYPT: Structure too small");
-  		return 0;
-  	}
+        return 0;
+    }
     
-	if (strcmp(table, "mangle") != 0) {
-		printk(KERN_ERR "ipt_DECRYPT: Not in mangle table\n");
-		return 0;
-	}
+    if (strcmp(table, "mangle") != 0) {
+        printk(KERN_ERR "ipt_DECRYPT: Not in mangle table\n");
+        return 0;
+    }
     
- 	if ((hook_mask & ~(1 << NF_IP_PRE_ROUTING)) != 0) { 
- 		printk(KERN_ERR "ipt_DECRYPT: Not in PREROUTING chain"); 
- 		return 0; 
- 	} 
-
-	return 1;
+    if ((hook_mask & ~(1 << NF_IP_PRE_ROUTING)) != 0) { 
+        printk(KERN_ERR "ipt_DECRYPT: Not in PREROUTING chain"); 
+        return 0; 
+    } 
+    
+    return 1;
 }
 
 static struct ipt_target ipt_DECRYPT_reg = {
     { NULL, NULL },
     "DECRYPT",
-    ipt_DECRYPT_target,
     ipt_DECRYPT_check,
     NULL,
+    ipt_DECRYPT_target,
     THIS_MODULE
 };
 
 static int __init init(void) {
-	if (ipt_register_target(&ipt_DECRYPT_reg))
-		return -EINVAL;
+    if (ipt_register_target(&ipt_DECRYPT_reg))
+        return -EINVAL;
     
-	return 0;
+    return 0;
 }
 
 static void __exit fini(void) {
-	ipt_unregister_target(&ipt_DECRYPT_reg);
+    ipt_unregister_target(&ipt_DECRYPT_reg);
 }
 
 module_init(init);
 module_exit(fini);
-
-EXPORT_NO_SYMBOLS;