Commit 22dea562 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller

[NETFILTER]: Export ip6_masked_addrcmp, don't pass IPv6 addresses on stack

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent b777e0ce
...@@ -476,6 +476,10 @@ extern int ip6t_ext_hdr(u8 nexthdr); ...@@ -476,6 +476,10 @@ extern int ip6t_ext_hdr(u8 nexthdr);
extern int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, extern int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
int target, unsigned short *fragoff); int target, unsigned short *fragoff);
extern int ip6_masked_addrcmp(const struct in6_addr *addr1,
const struct in6_addr *mask,
const struct in6_addr *addr2);
#define IP6T_ALIGN(s) (((s) + (__alignof__(struct ip6t_entry)-1)) & ~(__alignof__(struct ip6t_entry)-1)) #define IP6T_ALIGN(s) (((s) + (__alignof__(struct ip6t_entry)-1)) & ~(__alignof__(struct ip6t_entry)-1))
#endif /*__KERNEL__*/ #endif /*__KERNEL__*/
......
...@@ -119,13 +119,14 @@ static LIST_HEAD(ip6t_tables); ...@@ -119,13 +119,14 @@ static LIST_HEAD(ip6t_tables);
#define up(x) do { printk("UP:%u:" #x "\n", __LINE__); up(x); } while(0) #define up(x) do { printk("UP:%u:" #x "\n", __LINE__); up(x); } while(0)
#endif #endif
static int ip6_masked_addrcmp(struct in6_addr addr1, struct in6_addr mask, int
struct in6_addr addr2) ip6_masked_addrcmp(const struct in6_addr *addr1, const struct in6_addr *mask,
const struct in6_addr *addr2)
{ {
int i; int i;
for( i = 0; i < 16; i++){ for( i = 0; i < 16; i++){
if((addr1.s6_addr[i] & mask.s6_addr[i]) != if((addr1->s6_addr[i] & mask->s6_addr[i]) !=
(addr2.s6_addr[i] & mask.s6_addr[i])) (addr2->s6_addr[i] & mask->s6_addr[i]))
return 1; return 1;
} }
return 0; return 0;
...@@ -159,10 +160,10 @@ ip6_packet_match(const struct sk_buff *skb, ...@@ -159,10 +160,10 @@ ip6_packet_match(const struct sk_buff *skb,
#define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg)) #define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg))
if (FWINV(ip6_masked_addrcmp(ipv6->saddr,ip6info->smsk,ip6info->src), if (FWINV(ip6_masked_addrcmp(&ipv6->saddr, &ip6info->smsk,
IP6T_INV_SRCIP) &ip6info->src), IP6T_INV_SRCIP)
|| FWINV(ip6_masked_addrcmp(ipv6->daddr,ip6info->dmsk,ip6info->dst), || FWINV(ip6_masked_addrcmp(&ipv6->daddr, &ip6info->dmsk,
IP6T_INV_DSTIP)) { &ip6info->dst), IP6T_INV_DSTIP)) {
dprintf("Source or dest mismatch.\n"); dprintf("Source or dest mismatch.\n");
/* /*
dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr, dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr,
...@@ -2131,6 +2132,7 @@ EXPORT_SYMBOL(ip6t_register_target); ...@@ -2131,6 +2132,7 @@ EXPORT_SYMBOL(ip6t_register_target);
EXPORT_SYMBOL(ip6t_unregister_target); EXPORT_SYMBOL(ip6t_unregister_target);
EXPORT_SYMBOL(ip6t_ext_hdr); EXPORT_SYMBOL(ip6t_ext_hdr);
EXPORT_SYMBOL(ipv6_find_hdr); EXPORT_SYMBOL(ipv6_find_hdr);
EXPORT_SYMBOL(ip6_masked_addrcmp);
module_init(init); module_init(init);
module_exit(fini); module_exit(fini);
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment