diff options
| author | Hans Schillstrom <hans.schillstrom@ericsson.com> | 2012-04-22 23:35:26 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-05-09 06:53:47 -0400 |
| commit | 84018f55ab883f03d41ec3c9ac7f0cc80830b20f (patch) | |
| tree | 0faaab58d7760b648a8bf2bd9173cf646da997cd /net/netfilter | |
| parent | 9bb862beb6e5839e92f709d33fda07678f062f20 (diff) | |
netfilter: ip6_tables: add flags parameter to ipv6_find_hdr()
This patch adds the flags parameter to ipv6_find_hdr. This flags
allows us to:
* know if this is a fragment.
* stop at the AH header, so the information contained in that header
can be used for some specific packet handling.
This patch also adds the offset parameter for inspection of one
inner IPv6 header that is contained in error messages.
Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/xt_TPROXY.c | 4 | ||||
| -rw-r--r-- | net/netfilter/xt_socket.c | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/net/netfilter/xt_TPROXY.c b/net/netfilter/xt_TPROXY.c index 35a959a096e0..146033a86de8 100644 --- a/net/netfilter/xt_TPROXY.c +++ b/net/netfilter/xt_TPROXY.c | |||
| @@ -282,10 +282,10 @@ tproxy_tg6_v1(struct sk_buff *skb, const struct xt_action_param *par) | |||
| 282 | struct sock *sk; | 282 | struct sock *sk; |
| 283 | const struct in6_addr *laddr; | 283 | const struct in6_addr *laddr; |
| 284 | __be16 lport; | 284 | __be16 lport; |
| 285 | int thoff; | 285 | int thoff = 0; |
| 286 | int tproto; | 286 | int tproto; |
| 287 | 287 | ||
| 288 | tproto = ipv6_find_hdr(skb, &thoff, -1, NULL); | 288 | tproto = ipv6_find_hdr(skb, &thoff, -1, NULL, NULL); |
| 289 | if (tproto < 0) { | 289 | if (tproto < 0) { |
| 290 | pr_debug("unable to find transport header in IPv6 packet, dropping\n"); | 290 | pr_debug("unable to find transport header in IPv6 packet, dropping\n"); |
| 291 | return NF_DROP; | 291 | return NF_DROP; |
diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c index 72bb07f57f97..9ea482d08cf7 100644 --- a/net/netfilter/xt_socket.c +++ b/net/netfilter/xt_socket.c | |||
| @@ -263,10 +263,10 @@ socket_mt6_v1(const struct sk_buff *skb, struct xt_action_param *par) | |||
| 263 | struct sock *sk; | 263 | struct sock *sk; |
| 264 | struct in6_addr *daddr, *saddr; | 264 | struct in6_addr *daddr, *saddr; |
| 265 | __be16 dport, sport; | 265 | __be16 dport, sport; |
| 266 | int thoff, tproto; | 266 | int thoff = 0, tproto; |
| 267 | const struct xt_socket_mtinfo1 *info = (struct xt_socket_mtinfo1 *) par->matchinfo; | 267 | const struct xt_socket_mtinfo1 *info = (struct xt_socket_mtinfo1 *) par->matchinfo; |
| 268 | 268 | ||
| 269 | tproto = ipv6_find_hdr(skb, &thoff, -1, NULL); | 269 | tproto = ipv6_find_hdr(skb, &thoff, -1, NULL, NULL); |
| 270 | if (tproto < 0) { | 270 | if (tproto < 0) { |
| 271 | pr_debug("unable to find transport header in IPv6 packet, dropping\n"); | 271 | pr_debug("unable to find transport header in IPv6 packet, dropping\n"); |
| 272 | return NF_DROP; | 272 | return NF_DROP; |