[IP]: Introduce ip_hdrlen()

[net-next-2.6.git] / net / ipv4 / netfilter / iptable_filter.c

diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c
index d1d61e97b97659dc4a97928affc8cc27c1cbeaa6..42728909eba0577a64693f4a460eb2f1edf133a9 100644 (file)
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -13,6 +13,7 @@
 #include <linux/module.h>
 #include <linux/moduleparam.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
+#include <net/ip.h>
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
@@ -102,7 +103,7 @@ ipt_local_out_hook(unsigned int hook,
 {
        /* root is playing with raw sockets. */
        if ((*pskb)->len < sizeof(struct iphdr)
-           || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) {
+           || ip_hdrlen(*pskb) < sizeof(struct iphdr)) {
                if (net_ratelimit())
                        printk("ipt_hook: happy cracking.\n");
                return NF_ACCEPT;