aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2006-01-05 15:21:34 -0500
committerDavid S. Miller <davem@davemloft.net>2006-01-05 15:21:34 -0500
commit22dea562bb56dbc3430c8f23f60ccd38527b1f5a (patch)
tree4bcb8a3c6136e09a4864fa0d9948c4ff2892b2ed
parentb777e0ce7437a0e788e2aeb42aca9af2cce1f2e1 (diff)
[NETFILTER]: Export ip6_masked_addrcmp, don't pass IPv6 addresses on stack
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/linux/netfilter_ipv6/ip6_tables.h4
-rw-r--r--net/ipv6/netfilter/ip6_tables.c18
2 files changed, 14 insertions, 8 deletions
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index a291cb76ef18..c163ba31aab7 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -476,6 +476,10 @@ extern int ip6t_ext_hdr(u8 nexthdr);
476extern int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, 476extern int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
477 int target, unsigned short *fragoff); 477 int target, unsigned short *fragoff);
478 478
479extern int ip6_masked_addrcmp(const struct in6_addr *addr1,
480 const struct in6_addr *mask,
481 const struct in6_addr *addr2);
482
479#define IP6T_ALIGN(s) (((s) + (__alignof__(struct ip6t_entry)-1)) & ~(__alignof__(struct ip6t_entry)-1)) 483#define IP6T_ALIGN(s) (((s) + (__alignof__(struct ip6t_entry)-1)) & ~(__alignof__(struct ip6t_entry)-1))
480 484
481#endif /*__KERNEL__*/ 485#endif /*__KERNEL__*/
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 13b1a525b92c..925b42d48347 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -119,13 +119,14 @@ static LIST_HEAD(ip6t_tables);
119#define up(x) do { printk("UP:%u:" #x "\n", __LINE__); up(x); } while(0) 119#define up(x) do { printk("UP:%u:" #x "\n", __LINE__); up(x); } while(0)
120#endif 120#endif
121 121
122static int ip6_masked_addrcmp(struct in6_addr addr1, struct in6_addr mask, 122int
123 struct in6_addr addr2) 123ip6_masked_addrcmp(const struct in6_addr *addr1, const struct in6_addr *mask,
124 const struct in6_addr *addr2)
124{ 125{
125 int i; 126 int i;
126 for( i = 0; i < 16; i++){ 127 for( i = 0; i < 16; i++){
127 if((addr1.s6_addr[i] & mask.s6_addr[i]) != 128 if((addr1->s6_addr[i] & mask->s6_addr[i]) !=
128 (addr2.s6_addr[i] & mask.s6_addr[i])) 129 (addr2->s6_addr[i] & mask->s6_addr[i]))
129 return 1; 130 return 1;
130 } 131 }
131 return 0; 132 return 0;
@@ -159,10 +160,10 @@ ip6_packet_match(const struct sk_buff *skb,
159 160
160#define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg)) 161#define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg))
161 162
162 if (FWINV(ip6_masked_addrcmp(ipv6->saddr,ip6info->smsk,ip6info->src), 163 if (FWINV(ip6_masked_addrcmp(&ipv6->saddr, &ip6info->smsk,
163 IP6T_INV_SRCIP) 164 &ip6info->src), IP6T_INV_SRCIP)
164 || FWINV(ip6_masked_addrcmp(ipv6->daddr,ip6info->dmsk,ip6info->dst), 165 || FWINV(ip6_masked_addrcmp(&ipv6->daddr, &ip6info->dmsk,
165 IP6T_INV_DSTIP)) { 166 &ip6info->dst), IP6T_INV_DSTIP)) {
166 dprintf("Source or dest mismatch.\n"); 167 dprintf("Source or dest mismatch.\n");
167/* 168/*
168 dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr, 169 dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr,
@@ -2131,6 +2132,7 @@ EXPORT_SYMBOL(ip6t_register_target);
2131EXPORT_SYMBOL(ip6t_unregister_target); 2132EXPORT_SYMBOL(ip6t_unregister_target);
2132EXPORT_SYMBOL(ip6t_ext_hdr); 2133EXPORT_SYMBOL(ip6t_ext_hdr);
2133EXPORT_SYMBOL(ipv6_find_hdr); 2134EXPORT_SYMBOL(ipv6_find_hdr);
2135EXPORT_SYMBOL(ip6_masked_addrcmp);
2134 2136
2135module_init(init); 2137module_init(init);
2136module_exit(fini); 2138module_exit(fini);