diff options
author | Patrick McHardy <kaber@trash.net> | 2006-01-05 15:21:34 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-01-05 15:21:34 -0500 |
commit | 22dea562bb56dbc3430c8f23f60ccd38527b1f5a (patch) | |
tree | 4bcb8a3c6136e09a4864fa0d9948c4ff2892b2ed | |
parent | b777e0ce7437a0e788e2aeb42aca9af2cce1f2e1 (diff) |
[NETFILTER]: Export ip6_masked_addrcmp, don't pass IPv6 addresses on stack
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/linux/netfilter_ipv6/ip6_tables.h | 4 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 18 |
2 files changed, 14 insertions, 8 deletions
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index a291cb76ef18..c163ba31aab7 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h | |||
@@ -476,6 +476,10 @@ extern int ip6t_ext_hdr(u8 nexthdr); | |||
476 | extern int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, | 476 | extern int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, |
477 | int target, unsigned short *fragoff); | 477 | int target, unsigned short *fragoff); |
478 | 478 | ||
479 | extern int ip6_masked_addrcmp(const struct in6_addr *addr1, | ||
480 | const struct in6_addr *mask, | ||
481 | const struct in6_addr *addr2); | ||
482 | |||
479 | #define IP6T_ALIGN(s) (((s) + (__alignof__(struct ip6t_entry)-1)) & ~(__alignof__(struct ip6t_entry)-1)) | 483 | #define IP6T_ALIGN(s) (((s) + (__alignof__(struct ip6t_entry)-1)) & ~(__alignof__(struct ip6t_entry)-1)) |
480 | 484 | ||
481 | #endif /*__KERNEL__*/ | 485 | #endif /*__KERNEL__*/ |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 13b1a525b92c..925b42d48347 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -119,13 +119,14 @@ static LIST_HEAD(ip6t_tables); | |||
119 | #define up(x) do { printk("UP:%u:" #x "\n", __LINE__); up(x); } while(0) | 119 | #define up(x) do { printk("UP:%u:" #x "\n", __LINE__); up(x); } while(0) |
120 | #endif | 120 | #endif |
121 | 121 | ||
122 | static int ip6_masked_addrcmp(struct in6_addr addr1, struct in6_addr mask, | 122 | int |
123 | struct in6_addr addr2) | 123 | ip6_masked_addrcmp(const struct in6_addr *addr1, const struct in6_addr *mask, |
124 | const struct in6_addr *addr2) | ||
124 | { | 125 | { |
125 | int i; | 126 | int i; |
126 | for( i = 0; i < 16; i++){ | 127 | for( i = 0; i < 16; i++){ |
127 | if((addr1.s6_addr[i] & mask.s6_addr[i]) != | 128 | if((addr1->s6_addr[i] & mask->s6_addr[i]) != |
128 | (addr2.s6_addr[i] & mask.s6_addr[i])) | 129 | (addr2->s6_addr[i] & mask->s6_addr[i])) |
129 | return 1; | 130 | return 1; |
130 | } | 131 | } |
131 | return 0; | 132 | return 0; |
@@ -159,10 +160,10 @@ ip6_packet_match(const struct sk_buff *skb, | |||
159 | 160 | ||
160 | #define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg)) | 161 | #define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg)) |
161 | 162 | ||
162 | if (FWINV(ip6_masked_addrcmp(ipv6->saddr,ip6info->smsk,ip6info->src), | 163 | if (FWINV(ip6_masked_addrcmp(&ipv6->saddr, &ip6info->smsk, |
163 | IP6T_INV_SRCIP) | 164 | &ip6info->src), IP6T_INV_SRCIP) |
164 | || FWINV(ip6_masked_addrcmp(ipv6->daddr,ip6info->dmsk,ip6info->dst), | 165 | || FWINV(ip6_masked_addrcmp(&ipv6->daddr, &ip6info->dmsk, |
165 | IP6T_INV_DSTIP)) { | 166 | &ip6info->dst), IP6T_INV_DSTIP)) { |
166 | dprintf("Source or dest mismatch.\n"); | 167 | dprintf("Source or dest mismatch.\n"); |
167 | /* | 168 | /* |
168 | dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr, | 169 | dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr, |
@@ -2131,6 +2132,7 @@ EXPORT_SYMBOL(ip6t_register_target); | |||
2131 | EXPORT_SYMBOL(ip6t_unregister_target); | 2132 | EXPORT_SYMBOL(ip6t_unregister_target); |
2132 | EXPORT_SYMBOL(ip6t_ext_hdr); | 2133 | EXPORT_SYMBOL(ip6t_ext_hdr); |
2133 | EXPORT_SYMBOL(ipv6_find_hdr); | 2134 | EXPORT_SYMBOL(ipv6_find_hdr); |
2135 | EXPORT_SYMBOL(ip6_masked_addrcmp); | ||
2134 | 2136 | ||
2135 | module_init(init); | 2137 | module_init(init); |
2136 | module_exit(fini); | 2138 | module_exit(fini); |