aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6/netfilter/ip6_tables.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv6/netfilter/ip6_tables.c')
-rw-r--r--net/ipv6/netfilter/ip6_tables.c40
1 files changed, 20 insertions, 20 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 7083e1cfb2f..7c512e13f95 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -92,16 +92,16 @@ do { \
92#endif 92#endif
93 93
94/* Check for an extension */ 94/* Check for an extension */
95int 95int
96ip6t_ext_hdr(u8 nexthdr) 96ip6t_ext_hdr(u8 nexthdr)
97{ 97{
98 return ( (nexthdr == IPPROTO_HOPOPTS) || 98 return ( (nexthdr == IPPROTO_HOPOPTS) ||
99 (nexthdr == IPPROTO_ROUTING) || 99 (nexthdr == IPPROTO_ROUTING) ||
100 (nexthdr == IPPROTO_FRAGMENT) || 100 (nexthdr == IPPROTO_FRAGMENT) ||
101 (nexthdr == IPPROTO_ESP) || 101 (nexthdr == IPPROTO_ESP) ||
102 (nexthdr == IPPROTO_AH) || 102 (nexthdr == IPPROTO_AH) ||
103 (nexthdr == IPPROTO_NONE) || 103 (nexthdr == IPPROTO_NONE) ||
104 (nexthdr == IPPROTO_DSTOPTS) ); 104 (nexthdr == IPPROTO_DSTOPTS) );
105} 105}
106 106
107/* Returns whether matches rule or not. */ 107/* Returns whether matches rule or not. */
@@ -120,9 +120,9 @@ ip6_packet_match(const struct sk_buff *skb,
120#define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg)) 120#define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg))
121 121
122 if (FWINV(ipv6_masked_addr_cmp(&ipv6->saddr, &ip6info->smsk, 122 if (FWINV(ipv6_masked_addr_cmp(&ipv6->saddr, &ip6info->smsk,
123 &ip6info->src), IP6T_INV_SRCIP) 123 &ip6info->src), IP6T_INV_SRCIP)
124 || FWINV(ipv6_masked_addr_cmp(&ipv6->daddr, &ip6info->dmsk, 124 || FWINV(ipv6_masked_addr_cmp(&ipv6->daddr, &ip6info->dmsk,
125 &ip6info->dst), IP6T_INV_DSTIP)) { 125 &ip6info->dst), IP6T_INV_DSTIP)) {
126 dprintf("Source or dest mismatch.\n"); 126 dprintf("Source or dest mismatch.\n");
127/* 127/*
128 dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr, 128 dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr,
@@ -177,7 +177,7 @@ ip6_packet_match(const struct sk_buff *skb,
177 *fragoff = _frag_off; 177 *fragoff = _frag_off;
178 178
179 dprintf("Packet protocol %hi ?= %s%hi.\n", 179 dprintf("Packet protocol %hi ?= %s%hi.\n",
180 protohdr, 180 protohdr,
181 ip6info->invflags & IP6T_INV_PROTO ? "!":"", 181 ip6info->invflags & IP6T_INV_PROTO ? "!":"",
182 ip6info->proto); 182 ip6info->proto);
183 183
@@ -197,7 +197,7 @@ ip6_packet_match(const struct sk_buff *skb,
197} 197}
198 198
199/* should be ip6 safe */ 199/* should be ip6 safe */
200static inline int 200static inline int
201ip6_checkentry(const struct ip6t_ip6 *ipv6) 201ip6_checkentry(const struct ip6t_ip6 *ipv6)
202{ 202{
203 if (ipv6->flags & ~IP6T_F_MASK) { 203 if (ipv6->flags & ~IP6T_F_MASK) {
@@ -337,7 +337,7 @@ ip6t_do_table(struct sk_buff **pskb,
337 e = get_entry(table_base, v); 337 e = get_entry(table_base, v);
338 } else { 338 } else {
339 /* Targets which reenter must return 339 /* Targets which reenter must return
340 abs. verdicts */ 340 abs. verdicts */
341#ifdef CONFIG_NETFILTER_DEBUG 341#ifdef CONFIG_NETFILTER_DEBUG
342 ((struct ip6t_entry *)table_base)->comefrom 342 ((struct ip6t_entry *)table_base)->comefrom
343 = 0xeeeeeeec; 343 = 0xeeeeeeec;
@@ -534,10 +534,10 @@ check_match(struct ip6t_entry_match *m,
534 int ret; 534 int ret;
535 535
536 match = try_then_request_module(xt_find_match(AF_INET6, m->u.user.name, 536 match = try_then_request_module(xt_find_match(AF_INET6, m->u.user.name,
537 m->u.user.revision), 537 m->u.user.revision),
538 "ip6t_%s", m->u.user.name); 538 "ip6t_%s", m->u.user.name);
539 if (IS_ERR(match) || !match) { 539 if (IS_ERR(match) || !match) {
540 duprintf("check_match: `%s' not found\n", m->u.user.name); 540 duprintf("check_match: `%s' not found\n", m->u.user.name);
541 return match ? PTR_ERR(match) : -ENOENT; 541 return match ? PTR_ERR(match) : -ENOENT;
542 } 542 }
543 m->u.kernel.match = match; 543 m->u.kernel.match = match;
@@ -661,7 +661,7 @@ check_entry_size_and_hooks(struct ip6t_entry *e,
661 } 661 }
662 662
663 /* FIXME: underflows must be unconditional, standard verdicts 663 /* FIXME: underflows must be unconditional, standard verdicts
664 < 0 (not IP6T_RETURN). --RR */ 664 < 0 (not IP6T_RETURN). --RR */
665 665
666 /* Clear counters and comefrom */ 666 /* Clear counters and comefrom */
667 e->counters = ((struct xt_counters) { 0, 0 }); 667 e->counters = ((struct xt_counters) { 0, 0 });
@@ -1003,8 +1003,8 @@ do_replace(void __user *user, unsigned int len)
1003 /* Update module usage count based on number of rules */ 1003 /* Update module usage count based on number of rules */
1004 duprintf("do_replace: oldnum=%u, initnum=%u, newnum=%u\n", 1004 duprintf("do_replace: oldnum=%u, initnum=%u, newnum=%u\n",
1005 oldinfo->number, oldinfo->initial_entries, newinfo->number); 1005 oldinfo->number, oldinfo->initial_entries, newinfo->number);
1006 if ((oldinfo->number > oldinfo->initial_entries) || 1006 if ((oldinfo->number > oldinfo->initial_entries) ||
1007 (newinfo->number <= oldinfo->initial_entries)) 1007 (newinfo->number <= oldinfo->initial_entries))
1008 module_put(t->me); 1008 module_put(t->me);
1009 if ((oldinfo->number > oldinfo->initial_entries) && 1009 if ((oldinfo->number > oldinfo->initial_entries) &&
1010 (newinfo->number <= oldinfo->initial_entries)) 1010 (newinfo->number <= oldinfo->initial_entries))
@@ -1492,9 +1492,9 @@ int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
1492 } 1492 }
1493 hdrlen = 8; 1493 hdrlen = 8;
1494 } else if (nexthdr == NEXTHDR_AUTH) 1494 } else if (nexthdr == NEXTHDR_AUTH)
1495 hdrlen = (hp->hdrlen + 2) << 2; 1495 hdrlen = (hp->hdrlen + 2) << 2;
1496 else 1496 else
1497 hdrlen = ipv6_optlen(hp); 1497 hdrlen = ipv6_optlen(hp);
1498 1498
1499 nexthdr = hp->nexthdr; 1499 nexthdr = hp->nexthdr;
1500 len -= hdrlen; 1500 len -= hdrlen;
generated by cgit v1.2.2 (git 2.25.0) at 2024-10-19 07:43:16 -0400