aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
authorYasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>2006-01-17 05:39:39 -0500
committerDavid S. Miller <davem@davemloft.net>2006-01-17 05:39:39 -0500
commitf0daaa654af68c1651add9d21188d81c19672551 (patch)
tree50eebd2b494c15498c96a82bdaf5315b39b0e0fa /net/ipv6
parente0069caede8387c585060b7e2e87729e9efcebc6 (diff)
[NETFILTER] ip6tables: whitespace and indent cosmetic cleanup
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/netfilter/ip6t_dst.c151
-rw-r--r--net/ipv6/netfilter/ip6t_eui64.c68
-rw-r--r--net/ipv6/netfilter/ip6t_frag.c157
-rw-r--r--net/ipv6/netfilter/ip6t_hbh.c151
-rw-r--r--net/ipv6/netfilter/ip6t_ipv6header.c79
-rw-r--r--net/ipv6/netfilter/ip6t_owner.c28
-rw-r--r--net/ipv6/netfilter/ip6t_rt.c215
7 files changed, 427 insertions, 422 deletions
diff --git a/net/ipv6/netfilter/ip6t_dst.c b/net/ipv6/netfilter/ip6t_dst.c
index 80fe82669ce2..b4c153a53500 100644
--- a/net/ipv6/netfilter/ip6t_dst.c
+++ b/net/ipv6/netfilter/ip6t_dst.c
@@ -36,19 +36,19 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
36#endif 36#endif
37 37
38/* 38/*
39 * (Type & 0xC0) >> 6 39 * (Type & 0xC0) >> 6
40 * 0 -> ignorable 40 * 0 -> ignorable
41 * 1 -> must drop the packet 41 * 1 -> must drop the packet
42 * 2 -> send ICMP PARM PROB regardless and drop packet 42 * 2 -> send ICMP PARM PROB regardless and drop packet
43 * 3 -> Send ICMP if not a multicast address and drop packet 43 * 3 -> Send ICMP if not a multicast address and drop packet
44 * (Type & 0x20) >> 5 44 * (Type & 0x20) >> 5
45 * 0 -> invariant 45 * 0 -> invariant
46 * 1 -> can change the routing 46 * 1 -> can change the routing
47 * (Type & 0x1F) Type 47 * (Type & 0x1F) Type
48 * 0 -> Pad1 (only 1 byte!) 48 * 0 -> Pad1 (only 1 byte!)
49 * 1 -> PadN LENGTH info (total length = length + 2) 49 * 1 -> PadN LENGTH info (total length = length + 2)
50 * C0 | 2 -> JUMBO 4 x x x x ( xxxx > 64k ) 50 * C0 | 2 -> JUMBO 4 x x x x ( xxxx > 64k )
51 * 5 -> RTALERT 2 x x 51 * 5 -> RTALERT 2 x x
52 */ 52 */
53 53
54static int 54static int
@@ -60,16 +60,16 @@ match(const struct sk_buff *skb,
60 unsigned int protoff, 60 unsigned int protoff,
61 int *hotdrop) 61 int *hotdrop)
62{ 62{
63 struct ipv6_opt_hdr _optsh, *oh; 63 struct ipv6_opt_hdr _optsh, *oh;
64 const struct ip6t_opts *optinfo = matchinfo; 64 const struct ip6t_opts *optinfo = matchinfo;
65 unsigned int temp; 65 unsigned int temp;
66 unsigned int ptr; 66 unsigned int ptr;
67 unsigned int hdrlen = 0; 67 unsigned int hdrlen = 0;
68 unsigned int ret = 0; 68 unsigned int ret = 0;
69 u8 _opttype, *tp = NULL; 69 u8 _opttype, *tp = NULL;
70 u8 _optlen, *lp = NULL; 70 u8 _optlen, *lp = NULL;
71 unsigned int optlen; 71 unsigned int optlen;
72 72
73#if HOPBYHOP 73#if HOPBYHOP
74 if (ipv6_find_hdr(skb, &ptr, NEXTHDR_HOP, NULL) < 0) 74 if (ipv6_find_hdr(skb, &ptr, NEXTHDR_HOP, NULL) < 0)
75#else 75#else
@@ -77,42 +77,41 @@ match(const struct sk_buff *skb,
77#endif 77#endif
78 return 0; 78 return 0;
79 79
80 oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh); 80 oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
81 if (oh == NULL){ 81 if (oh == NULL) {
82 *hotdrop = 1; 82 *hotdrop = 1;
83 return 0; 83 return 0;
84 } 84 }
85 85
86 hdrlen = ipv6_optlen(oh); 86 hdrlen = ipv6_optlen(oh);
87 if (skb->len - ptr < hdrlen){ 87 if (skb->len - ptr < hdrlen) {
88 /* Packet smaller than it's length field */ 88 /* Packet smaller than it's length field */
89 return 0; 89 return 0;
90 } 90 }
91 91
92 DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen); 92 DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen);
93 93
94 DEBUGP("len %02X %04X %02X ", 94 DEBUGP("len %02X %04X %02X ",
95 optinfo->hdrlen, hdrlen, 95 optinfo->hdrlen, hdrlen,
96 (!(optinfo->flags & IP6T_OPTS_LEN) || 96 (!(optinfo->flags & IP6T_OPTS_LEN) ||
97 ((optinfo->hdrlen == hdrlen) ^ 97 ((optinfo->hdrlen == hdrlen) ^
98 !!(optinfo->invflags & IP6T_OPTS_INV_LEN)))); 98 !!(optinfo->invflags & IP6T_OPTS_INV_LEN))));
99 99
100 ret = (oh != NULL) 100 ret = (oh != NULL) &&
101 && 101 (!(optinfo->flags & IP6T_OPTS_LEN) ||
102 (!(optinfo->flags & IP6T_OPTS_LEN) || 102 ((optinfo->hdrlen == hdrlen) ^
103 ((optinfo->hdrlen == hdrlen) ^ 103 !!(optinfo->invflags & IP6T_OPTS_INV_LEN)));
104 !!(optinfo->invflags & IP6T_OPTS_INV_LEN))); 104
105 105 ptr += 2;
106 ptr += 2; 106 hdrlen -= 2;
107 hdrlen -= 2; 107 if (!(optinfo->flags & IP6T_OPTS_OPTS)) {
108 if ( !(optinfo->flags & IP6T_OPTS_OPTS) ){ 108 return ret;
109 return ret;
110 } else if (optinfo->flags & IP6T_OPTS_NSTRICT) { 109 } else if (optinfo->flags & IP6T_OPTS_NSTRICT) {
111 DEBUGP("Not strict - not implemented"); 110 DEBUGP("Not strict - not implemented");
112 } else { 111 } else {
113 DEBUGP("Strict "); 112 DEBUGP("Strict ");
114 DEBUGP("#%d ",optinfo->optsnr); 113 DEBUGP("#%d ", optinfo->optsnr);
115 for(temp=0; temp<optinfo->optsnr; temp++){ 114 for (temp = 0; temp < optinfo->optsnr; temp++) {
116 /* type field exists ? */ 115 /* type field exists ? */
117 if (hdrlen < 1) 116 if (hdrlen < 1)
118 break; 117 break;
@@ -122,10 +121,10 @@ match(const struct sk_buff *skb,
122 break; 121 break;
123 122
124 /* Type check */ 123 /* Type check */
125 if (*tp != (optinfo->opts[temp] & 0xFF00)>>8){ 124 if (*tp != (optinfo->opts[temp] & 0xFF00) >> 8) {
126 DEBUGP("Tbad %02X %02X\n", 125 DEBUGP("Tbad %02X %02X\n",
127 *tp, 126 *tp,
128 (optinfo->opts[temp] & 0xFF00)>>8); 127 (optinfo->opts[temp] & 0xFF00) >> 8);
129 return 0; 128 return 0;
130 } else { 129 } else {
131 DEBUGP("Tok "); 130 DEBUGP("Tok ");
@@ -169,7 +168,8 @@ match(const struct sk_buff *skb,
169 } 168 }
170 if (temp == optinfo->optsnr) 169 if (temp == optinfo->optsnr)
171 return ret; 170 return ret;
172 else return 0; 171 else
172 return 0;
173 } 173 }
174 174
175 return 0; 175 return 0;
@@ -178,25 +178,24 @@ match(const struct sk_buff *skb,
178/* Called when user tries to insert an entry of this type. */ 178/* Called when user tries to insert an entry of this type. */
179static int 179static int
180checkentry(const char *tablename, 180checkentry(const char *tablename,
181 const void *info, 181 const void *info,
182 void *matchinfo, 182 void *matchinfo,
183 unsigned int matchinfosize, 183 unsigned int matchinfosize,
184 unsigned int hook_mask) 184 unsigned int hook_mask)
185{ 185{
186 const struct ip6t_opts *optsinfo = matchinfo; 186 const struct ip6t_opts *optsinfo = matchinfo;
187 187
188 if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_opts))) { 188 if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_opts))) {
189 DEBUGP("ip6t_opts: matchsize %u != %u\n", 189 DEBUGP("ip6t_opts: matchsize %u != %u\n",
190 matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_opts))); 190 matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_opts)));
191 return 0; 191 return 0;
192 } 192 }
193 if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) { 193 if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {
194 DEBUGP("ip6t_opts: unknown flags %X\n", 194 DEBUGP("ip6t_opts: unknown flags %X\n", optsinfo->invflags);
195 optsinfo->invflags); 195 return 0;
196 return 0; 196 }
197 } 197
198 198 return 1;
199 return 1;
200} 199}
201 200
202static struct ip6t_match opts_match = { 201static struct ip6t_match opts_match = {
@@ -212,12 +211,12 @@ static struct ip6t_match opts_match = {
212 211
213static int __init init(void) 212static int __init init(void)
214{ 213{
215 return ip6t_register_match(&opts_match); 214 return ip6t_register_match(&opts_match);
216} 215}
217 216
218static void __exit cleanup(void) 217static void __exit cleanup(void)
219{ 218{
220 ip6t_unregister_match(&opts_match); 219 ip6t_unregister_match(&opts_match);
221} 220}
222 221
223module_init(init); 222module_init(init);
diff --git a/net/ipv6/netfilter/ip6t_eui64.c b/net/ipv6/netfilter/ip6t_eui64.c
index ddf5f571909c..27396ac0b9ed 100644
--- a/net/ipv6/netfilter/ip6t_eui64.c
+++ b/net/ipv6/netfilter/ip6t_eui64.c
@@ -27,45 +27,45 @@ match(const struct sk_buff *skb,
27 unsigned int protoff, 27 unsigned int protoff,
28 int *hotdrop) 28 int *hotdrop)
29{ 29{
30 unsigned char eui64[8];
31 int i = 0;
30 32
31 unsigned char eui64[8]; 33 if (!(skb->mac.raw >= skb->head &&
32 int i=0; 34 (skb->mac.raw + ETH_HLEN) <= skb->data) &&
33 35 offset != 0) {
34 if ( !(skb->mac.raw >= skb->head 36 *hotdrop = 1;
35 && (skb->mac.raw + ETH_HLEN) <= skb->data) 37 return 0;
36 && offset != 0) { 38 }
37 *hotdrop = 1; 39
38 return 0; 40 memset(eui64, 0, sizeof(eui64));
39 } 41
40 42 if (eth_hdr(skb)->h_proto == ntohs(ETH_P_IPV6)) {
41 memset(eui64, 0, sizeof(eui64)); 43 if (skb->nh.ipv6h->version == 0x6) {
42 44 memcpy(eui64, eth_hdr(skb)->h_source, 3);
43 if (eth_hdr(skb)->h_proto == ntohs(ETH_P_IPV6)) { 45 memcpy(eui64 + 5, eth_hdr(skb)->h_source + 3, 3);
44 if (skb->nh.ipv6h->version == 0x6) { 46 eui64[3] = 0xff;
45 memcpy(eui64, eth_hdr(skb)->h_source, 3); 47 eui64[4] = 0xfe;
46 memcpy(eui64 + 5, eth_hdr(skb)->h_source + 3, 3); 48 eui64[0] |= 0x02;
47 eui64[3]=0xff; 49
48 eui64[4]=0xfe; 50 i = 0;
49 eui64[0] |= 0x02; 51 while ((skb->nh.ipv6h->saddr.s6_addr[8+i] == eui64[i])
50 52 && (i < 8))
51 i=0; 53 i++;
52 while ((skb->nh.ipv6h->saddr.s6_addr[8+i] == 54
53 eui64[i]) && (i<8)) i++; 55 if (i == 8)
54 56 return 1;
55 if ( i == 8 ) 57 }
56 return 1; 58 }
57 } 59
58 } 60 return 0;
59
60 return 0;
61} 61}
62 62
63static int 63static int
64ip6t_eui64_checkentry(const char *tablename, 64ip6t_eui64_checkentry(const char *tablename,
65 const void *ip, 65 const void *ip,
66 void *matchinfo, 66 void *matchinfo,
67 unsigned int matchsize, 67 unsigned int matchsize,
68 unsigned int hook_mask) 68 unsigned int hook_mask)
69{ 69{
70 if (hook_mask 70 if (hook_mask
71 & ~((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_IN) | 71 & ~((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_IN) |
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c
index a9964b946ed5..4c14125a0e26 100644
--- a/net/ipv6/netfilter/ip6t_frag.c
+++ b/net/ipv6/netfilter/ip6t_frag.c
@@ -31,12 +31,12 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
31static inline int 31static inline int
32id_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert) 32id_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert)
33{ 33{
34 int r=0; 34 int r = 0;
35 DEBUGP("frag id_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ', 35 DEBUGP("frag id_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ',
36 min,id,max); 36 min, id, max);
37 r=(id >= min && id <= max) ^ invert; 37 r = (id >= min && id <= max) ^ invert;
38 DEBUGP(" result %s\n",r? "PASS" : "FAILED"); 38 DEBUGP(" result %s\n", r ? "PASS" : "FAILED");
39 return r; 39 return r;
40} 40}
41 41
42static int 42static int
@@ -48,92 +48,91 @@ match(const struct sk_buff *skb,
48 unsigned int protoff, 48 unsigned int protoff,
49 int *hotdrop) 49 int *hotdrop)
50{ 50{
51 struct frag_hdr _frag, *fh; 51 struct frag_hdr _frag, *fh;
52 const struct ip6t_frag *fraginfo = matchinfo; 52 const struct ip6t_frag *fraginfo = matchinfo;
53 unsigned int ptr; 53 unsigned int ptr;
54 54
55 if (ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL) < 0) 55 if (ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL) < 0)
56 return 0; 56 return 0;
57 57
58 fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag); 58 fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag);
59 if (fh == NULL){ 59 if (fh == NULL) {
60 *hotdrop = 1; 60 *hotdrop = 1;
61 return 0; 61 return 0;
62 } 62 }
63 63
64 DEBUGP("INFO %04X ", fh->frag_off); 64 DEBUGP("INFO %04X ", fh->frag_off);
65 DEBUGP("OFFSET %04X ", ntohs(fh->frag_off) & ~0x7); 65 DEBUGP("OFFSET %04X ", ntohs(fh->frag_off) & ~0x7);
66 DEBUGP("RES %02X %04X", fh->reserved, ntohs(fh->frag_off) & 0x6); 66 DEBUGP("RES %02X %04X", fh->reserved, ntohs(fh->frag_off) & 0x6);
67 DEBUGP("MF %04X ", fh->frag_off & htons(IP6_MF)); 67 DEBUGP("MF %04X ", fh->frag_off & htons(IP6_MF));
68 DEBUGP("ID %u %08X\n", ntohl(fh->identification), 68 DEBUGP("ID %u %08X\n", ntohl(fh->identification),
69 ntohl(fh->identification)); 69 ntohl(fh->identification));
70 70
71 DEBUGP("IPv6 FRAG id %02X ", 71 DEBUGP("IPv6 FRAG id %02X ",
72 (id_match(fraginfo->ids[0], fraginfo->ids[1], 72 (id_match(fraginfo->ids[0], fraginfo->ids[1],
73 ntohl(fh->identification), 73 ntohl(fh->identification),
74 !!(fraginfo->invflags & IP6T_FRAG_INV_IDS)))); 74 !!(fraginfo->invflags & IP6T_FRAG_INV_IDS))));
75 DEBUGP("res %02X %02X%04X %02X ", 75 DEBUGP("res %02X %02X%04X %02X ",
76 (fraginfo->flags & IP6T_FRAG_RES), fh->reserved, 76 (fraginfo->flags & IP6T_FRAG_RES), fh->reserved,
77 ntohs(fh->frag_off) & 0x6, 77 ntohs(fh->frag_off) & 0x6,
78 !((fraginfo->flags & IP6T_FRAG_RES) 78 !((fraginfo->flags & IP6T_FRAG_RES)
79 && (fh->reserved || (ntohs(fh->frag_off) & 0x06)))); 79 && (fh->reserved || (ntohs(fh->frag_off) & 0x06))));
80 DEBUGP("first %02X %02X %02X ", 80 DEBUGP("first %02X %02X %02X ",
81 (fraginfo->flags & IP6T_FRAG_FST), 81 (fraginfo->flags & IP6T_FRAG_FST),
82 ntohs(fh->frag_off) & ~0x7, 82 ntohs(fh->frag_off) & ~0x7,
83 !((fraginfo->flags & IP6T_FRAG_FST) 83 !((fraginfo->flags & IP6T_FRAG_FST)
84 && (ntohs(fh->frag_off) & ~0x7))); 84 && (ntohs(fh->frag_off) & ~0x7)));
85 DEBUGP("mf %02X %02X %02X ", 85 DEBUGP("mf %02X %02X %02X ",
86 (fraginfo->flags & IP6T_FRAG_MF), 86 (fraginfo->flags & IP6T_FRAG_MF),
87 ntohs(fh->frag_off) & IP6_MF, 87 ntohs(fh->frag_off) & IP6_MF,
88 !((fraginfo->flags & IP6T_FRAG_MF) 88 !((fraginfo->flags & IP6T_FRAG_MF)
89 && !((ntohs(fh->frag_off) & IP6_MF)))); 89 && !((ntohs(fh->frag_off) & IP6_MF))));
90 DEBUGP("last %02X %02X %02X\n", 90 DEBUGP("last %02X %02X %02X\n",
91 (fraginfo->flags & IP6T_FRAG_NMF), 91 (fraginfo->flags & IP6T_FRAG_NMF),
92 ntohs(fh->frag_off) & IP6_MF, 92 ntohs(fh->frag_off) & IP6_MF,
93 !((fraginfo->flags & IP6T_FRAG_NMF) 93 !((fraginfo->flags & IP6T_FRAG_NMF)
94 && (ntohs(fh->frag_off) & IP6_MF))); 94 && (ntohs(fh->frag_off) & IP6_MF)));
95 95
96 return (fh != NULL) 96 return (fh != NULL)
97 && 97 &&
98 (id_match(fraginfo->ids[0], fraginfo->ids[1], 98 (id_match(fraginfo->ids[0], fraginfo->ids[1],
99 ntohl(fh->identification), 99 ntohl(fh->identification),
100 !!(fraginfo->invflags & IP6T_FRAG_INV_IDS))) 100 !!(fraginfo->invflags & IP6T_FRAG_INV_IDS)))
101 && 101 &&
102 !((fraginfo->flags & IP6T_FRAG_RES) 102 !((fraginfo->flags & IP6T_FRAG_RES)
103 && (fh->reserved || (ntohs(fh->frag_off) & 0x6))) 103 && (fh->reserved || (ntohs(fh->frag_off) & 0x6)))
104 && 104 &&
105 !((fraginfo->flags & IP6T_FRAG_FST) 105 !((fraginfo->flags & IP6T_FRAG_FST)
106 && (ntohs(fh->frag_off) & ~0x7)) 106 && (ntohs(fh->frag_off) & ~0x7))
107 && 107 &&
108 !((fraginfo->flags & IP6T_FRAG_MF) 108 !((fraginfo->flags & IP6T_FRAG_MF)
109 && !(ntohs(fh->frag_off) & IP6_MF)) 109 && !(ntohs(fh->frag_off) & IP6_MF))
110 && 110 &&
111 !((fraginfo->flags & IP6T_FRAG_NMF) 111 !((fraginfo->flags & IP6T_FRAG_NMF)
112 && (ntohs(fh->frag_off) & IP6_MF)); 112 && (ntohs(fh->frag_off) & IP6_MF));
113} 113}
114 114
115/* Called when user tries to insert an entry of this type. */ 115/* Called when user tries to insert an entry of this type. */
116static int 116static int
117checkentry(const char *tablename, 117checkentry(const char *tablename,
118 const void *ip, 118 const void *ip,
119 void *matchinfo, 119 void *matchinfo,
120 unsigned int matchinfosize, 120 unsigned int matchinfosize,
121 unsigned int hook_mask) 121 unsigned int hook_mask)
122{ 122{
123 const struct ip6t_frag *fraginfo = matchinfo; 123 const struct ip6t_frag *fraginfo = matchinfo;
124 124
125 if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_frag))) { 125 if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_frag))) {
126 DEBUGP("ip6t_frag: matchsize %u != %u\n", 126 DEBUGP("ip6t_frag: matchsize %u != %u\n",
127 matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_frag))); 127 matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_frag)));
128 return 0; 128 return 0;
129 } 129 }
130 if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) { 130 if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) {
131 DEBUGP("ip6t_frag: unknown flags %X\n", 131 DEBUGP("ip6t_frag: unknown flags %X\n", fraginfo->invflags);
132 fraginfo->invflags); 132 return 0;
133 return 0; 133 }
134 } 134
135 135 return 1;
136 return 1;
137} 136}
138 137
139static struct ip6t_match frag_match = { 138static struct ip6t_match frag_match = {
@@ -145,12 +144,12 @@ static struct ip6t_match frag_match = {
145 144
146static int __init init(void) 145static int __init init(void)
147{ 146{
148 return ip6t_register_match(&frag_match); 147 return ip6t_register_match(&frag_match);
149} 148}
150 149
151static void __exit cleanup(void) 150static void __exit cleanup(void)
152{ 151{
153 ip6t_unregister_match(&frag_match); 152 ip6t_unregister_match(&frag_match);
154} 153}
155 154
156module_init(init); 155module_init(init);
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c
index ed8ded18bbd4..37a8474a7e0c 100644
--- a/net/ipv6/netfilter/ip6t_hbh.c
+++ b/net/ipv6/netfilter/ip6t_hbh.c
@@ -36,19 +36,19 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
36#endif 36#endif
37 37
38/* 38/*
39 * (Type & 0xC0) >> 6 39 * (Type & 0xC0) >> 6
40 * 0 -> ignorable 40 * 0 -> ignorable
41 * 1 -> must drop the packet 41 * 1 -> must drop the packet
42 * 2 -> send ICMP PARM PROB regardless and drop packet 42 * 2 -> send ICMP PARM PROB regardless and drop packet
43 * 3 -> Send ICMP if not a multicast address and drop packet 43 * 3 -> Send ICMP if not a multicast address and drop packet
44 * (Type & 0x20) >> 5 44 * (Type & 0x20) >> 5
45 * 0 -> invariant 45 * 0 -> invariant
46 * 1 -> can change the routing 46 * 1 -> can change the routing
47 * (Type & 0x1F) Type 47 * (Type & 0x1F) Type
48 * 0 -> Pad1 (only 1 byte!) 48 * 0 -> Pad1 (only 1 byte!)
49 * 1 -> PadN LENGTH info (total length = length + 2) 49 * 1 -> PadN LENGTH info (total length = length + 2)
50 * C0 | 2 -> JUMBO 4 x x x x ( xxxx > 64k ) 50 * C0 | 2 -> JUMBO 4 x x x x ( xxxx > 64k )
51 * 5 -> RTALERT 2 x x 51 * 5 -> RTALERT 2 x x
52 */ 52 */
53 53
54static int 54static int
@@ -60,16 +60,16 @@ match(const struct sk_buff *skb,
60 unsigned int protoff, 60 unsigned int protoff,
61 int *hotdrop) 61 int *hotdrop)
62{ 62{
63 struct ipv6_opt_hdr _optsh, *oh; 63 struct ipv6_opt_hdr _optsh, *oh;
64 const struct ip6t_opts *optinfo = matchinfo; 64 const struct ip6t_opts *optinfo = matchinfo;
65 unsigned int temp; 65 unsigned int temp;
66 unsigned int ptr; 66 unsigned int ptr;
67 unsigned int hdrlen = 0; 67 unsigned int hdrlen = 0;
68 unsigned int ret = 0; 68 unsigned int ret = 0;
69 u8 _opttype, *tp = NULL; 69 u8 _opttype, *tp = NULL;
70 u8 _optlen, *lp = NULL; 70 u8 _optlen, *lp = NULL;
71 unsigned int optlen; 71 unsigned int optlen;
72 72
73#if HOPBYHOP 73#if HOPBYHOP
74 if (ipv6_find_hdr(skb, &ptr, NEXTHDR_HOP, NULL) < 0) 74 if (ipv6_find_hdr(skb, &ptr, NEXTHDR_HOP, NULL) < 0)
75#else 75#else
@@ -77,42 +77,41 @@ match(const struct sk_buff *skb,
77#endif 77#endif
78 return 0; 78 return 0;
79 79
80 oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh); 80 oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
81 if (oh == NULL){ 81 if (oh == NULL) {
82 *hotdrop = 1; 82 *hotdrop = 1;
83 return 0; 83 return 0;
84 } 84 }
85 85
86 hdrlen = ipv6_optlen(oh); 86 hdrlen = ipv6_optlen(oh);
87 if (skb->len - ptr < hdrlen){ 87 if (skb->len - ptr < hdrlen) {
88 /* Packet smaller than it's length field */ 88 /* Packet smaller than it's length field */
89 return 0; 89 return 0;
90 } 90 }
91 91
92 DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen); 92 DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen);
93 93
94 DEBUGP("len %02X %04X %02X ", 94 DEBUGP("len %02X %04X %02X ",
95 optinfo->hdrlen, hdrlen, 95 optinfo->hdrlen, hdrlen,
96 (!(optinfo->flags & IP6T_OPTS_LEN) || 96 (!(optinfo->flags & IP6T_OPTS_LEN) ||
97 ((optinfo->hdrlen == hdrlen) ^ 97 ((optinfo->hdrlen == hdrlen) ^
98 !!(optinfo->invflags & IP6T_OPTS_INV_LEN)))); 98 !!(optinfo->invflags & IP6T_OPTS_INV_LEN))));
99 99
100 ret = (oh != NULL) 100 ret = (oh != NULL) &&
101 && 101 (!(optinfo->flags & IP6T_OPTS_LEN) ||
102 (!(optinfo->flags & IP6T_OPTS_LEN) || 102 ((optinfo->hdrlen == hdrlen) ^
103 ((optinfo->hdrlen == hdrlen) ^ 103 !!(optinfo->invflags & IP6T_OPTS_INV_LEN)));
104 !!(optinfo->invflags & IP6T_OPTS_INV_LEN))); 104
105 105 ptr += 2;
106 ptr += 2; 106 hdrlen -= 2;
107 hdrlen -= 2; 107 if (!(optinfo->flags & IP6T_OPTS_OPTS)) {
108 if ( !(optinfo->flags & IP6T_OPTS_OPTS) ){ 108 return ret;
109 return ret;
110 } else if (optinfo->flags & IP6T_OPTS_NSTRICT) { 109 } else if (optinfo->flags & IP6T_OPTS_NSTRICT) {
111 DEBUGP("Not strict - not implemented"); 110 DEBUGP("Not strict - not implemented");
112 } else { 111 } else {
113 DEBUGP("Strict "); 112 DEBUGP("Strict ");
114 DEBUGP("#%d ",optinfo->optsnr); 113 DEBUGP("#%d ", optinfo->optsnr);
115 for(temp=0; temp<optinfo->optsnr; temp++){ 114 for (temp = 0; temp < optinfo->optsnr; temp++) {
116 /* type field exists ? */ 115 /* type field exists ? */
117 if (hdrlen < 1) 116 if (hdrlen < 1)
118 break; 117 break;
@@ -122,10 +121,10 @@ match(const struct sk_buff *skb,
122 break; 121 break;
123 122
124 /* Type check */ 123 /* Type check */
125 if (*tp != (optinfo->opts[temp] & 0xFF00)>>8){ 124 if (*tp != (optinfo->opts[temp] & 0xFF00) >> 8) {
126 DEBUGP("Tbad %02X %02X\n", 125 DEBUGP("Tbad %02X %02X\n",
127 *tp, 126 *tp,
128 (optinfo->opts[temp] & 0xFF00)>>8); 127 (optinfo->opts[temp] & 0xFF00) >> 8);
129 return 0; 128 return 0;
130 } else { 129 } else {
131 DEBUGP("Tok "); 130 DEBUGP("Tok ");
@@ -169,7 +168,8 @@ match(const struct sk_buff *skb,
169 } 168 }
170 if (temp == optinfo->optsnr) 169 if (temp == optinfo->optsnr)
171 return ret; 170 return ret;
172 else return 0; 171 else
172 return 0;
173 } 173 }
174 174
175 return 0; 175 return 0;
@@ -178,25 +178,24 @@ match(const struct sk_buff *skb,
178/* Called when user tries to insert an entry of this type. */ 178/* Called when user tries to insert an entry of this type. */
179static int 179static int
180checkentry(const char *tablename, 180checkentry(const char *tablename,
181 const void *entry, 181 const void *entry,
182 void *matchinfo, 182 void *matchinfo,
183 unsigned int matchinfosize, 183 unsigned int matchinfosize,
184 unsigned int hook_mask) 184 unsigned int hook_mask)
185{ 185{
186 const struct ip6t_opts *optsinfo = matchinfo; 186 const struct ip6t_opts *optsinfo = matchinfo;
187 187
188 if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_opts))) { 188 if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_opts))) {
189 DEBUGP("ip6t_opts: matchsize %u != %u\n", 189 DEBUGP("ip6t_opts: matchsize %u != %u\n",
190 matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_opts))); 190 matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_opts)));
191 return 0; 191 return 0;
192 } 192 }
193 if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) { 193 if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {
194 DEBUGP("ip6t_opts: unknown flags %X\n", 194 DEBUGP("ip6t_opts: unknown flags %X\n", optsinfo->invflags);
195 optsinfo->invflags); 195 return 0;
196 return 0; 196 }
197 } 197
198 198 return 1;
199 return 1;
200} 199}
201 200
202static struct ip6t_match opts_match = { 201static struct ip6t_match opts_match = {
@@ -212,12 +211,12 @@ static struct ip6t_match opts_match = {
212 211
213static int __init init(void) 212static int __init init(void)
214{ 213{
215 return ip6t_register_match(&opts_match); 214 return ip6t_register_match(&opts_match);
216} 215}
217 216
218static void __exit cleanup(void) 217static void __exit cleanup(void)
219{ 218{
220 ip6t_unregister_match(&opts_match); 219 ip6t_unregister_match(&opts_match);
221} 220}
222 221
223module_init(init); 222module_init(init);
diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c
index fda1ceaf5a29..83ad6b272f7e 100644
--- a/net/ipv6/netfilter/ip6t_ipv6header.c
+++ b/net/ipv6/netfilter/ip6t_ipv6header.c
@@ -50,20 +50,20 @@ ipv6header_match(const struct sk_buff *skb,
50 len = skb->len - ptr; 50 len = skb->len - ptr;
51 temp = 0; 51 temp = 0;
52 52
53 while (ip6t_ext_hdr(nexthdr)) { 53 while (ip6t_ext_hdr(nexthdr)) {
54 struct ipv6_opt_hdr _hdr, *hp; 54 struct ipv6_opt_hdr _hdr, *hp;
55 int hdrlen; 55 int hdrlen;
56 56
57 /* Is there enough space for the next ext header? */ 57 /* Is there enough space for the next ext header? */
58 if (len < (int)sizeof(struct ipv6_opt_hdr)) 58 if (len < (int)sizeof(struct ipv6_opt_hdr))
59 return 0; 59 return 0;
60 /* No more exthdr -> evaluate */ 60 /* No more exthdr -> evaluate */
61 if (nexthdr == NEXTHDR_NONE) { 61 if (nexthdr == NEXTHDR_NONE) {
62 temp |= MASK_NONE; 62 temp |= MASK_NONE;
63 break; 63 break;
64 } 64 }
65 /* ESP -> evaluate */ 65 /* ESP -> evaluate */
66 if (nexthdr == NEXTHDR_ESP) { 66 if (nexthdr == NEXTHDR_ESP) {
67 temp |= MASK_ESP; 67 temp |= MASK_ESP;
68 break; 68 break;
69 } 69 }
@@ -72,43 +72,43 @@ ipv6header_match(const struct sk_buff *skb,
72 BUG_ON(hp == NULL); 72 BUG_ON(hp == NULL);
73 73
74 /* Calculate the header length */ 74 /* Calculate the header length */
75 if (nexthdr == NEXTHDR_FRAGMENT) { 75 if (nexthdr == NEXTHDR_FRAGMENT) {
76 hdrlen = 8; 76 hdrlen = 8;
77 } else if (nexthdr == NEXTHDR_AUTH) 77 } else if (nexthdr == NEXTHDR_AUTH)
78 hdrlen = (hp->hdrlen+2)<<2; 78 hdrlen = (hp->hdrlen + 2) << 2;
79 else 79 else
80 hdrlen = ipv6_optlen(hp); 80 hdrlen = ipv6_optlen(hp);
81 81
82 /* set the flag */ 82 /* set the flag */
83 switch (nexthdr){ 83 switch (nexthdr) {
84 case NEXTHDR_HOP: 84 case NEXTHDR_HOP:
85 temp |= MASK_HOPOPTS; 85 temp |= MASK_HOPOPTS;
86 break; 86 break;
87 case NEXTHDR_ROUTING: 87 case NEXTHDR_ROUTING:
88 temp |= MASK_ROUTING; 88 temp |= MASK_ROUTING;
89 break; 89 break;
90 case NEXTHDR_FRAGMENT: 90 case NEXTHDR_FRAGMENT:
91 temp |= MASK_FRAGMENT; 91 temp |= MASK_FRAGMENT;
92 break; 92 break;
93 case NEXTHDR_AUTH: 93 case NEXTHDR_AUTH:
94 temp |= MASK_AH; 94 temp |= MASK_AH;
95 break; 95 break;
96 case NEXTHDR_DEST: 96 case NEXTHDR_DEST:
97 temp |= MASK_DSTOPTS; 97 temp |= MASK_DSTOPTS;
98 break; 98 break;
99 default: 99 default:
100 return 0; 100 return 0;
101 break; 101 break;
102 } 102 }
103 103
104 nexthdr = hp->nexthdr; 104 nexthdr = hp->nexthdr;
105 len -= hdrlen; 105 len -= hdrlen;
106 ptr += hdrlen; 106 ptr += hdrlen;
107 if (ptr > skb->len) 107 if (ptr > skb->len)
108 break; 108 break;
109 } 109 }
110 110
111 if ( (nexthdr != NEXTHDR_NONE ) && (nexthdr != NEXTHDR_ESP) ) 111 if ((nexthdr != NEXTHDR_NONE) && (nexthdr != NEXTHDR_ESP))
112 temp |= MASK_PROTO; 112 temp |= MASK_PROTO;
113 113
114 if (info->modeflag) 114 if (info->modeflag)
@@ -137,8 +137,8 @@ ipv6header_checkentry(const char *tablename,
137 return 0; 137 return 0;
138 138
139 /* invflags is 0 or 0xff in hard mode */ 139 /* invflags is 0 or 0xff in hard mode */
140 if ((!info->modeflag) && info->invflags != 0x00 140 if ((!info->modeflag) && info->invflags != 0x00 &&
141 && info->invflags != 0xFF) 141 info->invflags != 0xFF)
142 return 0; 142 return 0;
143 143
144 return 1; 144 return 1;
@@ -152,7 +152,7 @@ static struct ip6t_match ip6t_ipv6header_match = {
152 .me = THIS_MODULE, 152 .me = THIS_MODULE,
153}; 153};
154 154
155static int __init ipv6header_init(void) 155static int __init ipv6header_init(void)
156{ 156{
157 return ip6t_register_match(&ip6t_ipv6header_match); 157 return ip6t_register_match(&ip6t_ipv6header_match);
158} 158}
@@ -164,4 +164,3 @@ static void __exit ipv6header_exit(void)
164 164
165module_init(ipv6header_init); 165module_init(ipv6header_init);
166module_exit(ipv6header_exit); 166module_exit(ipv6header_exit);
167
diff --git a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c
index 5409b375b512..8c8a4c7ec934 100644
--- a/net/ipv6/netfilter/ip6t_owner.c
+++ b/net/ipv6/netfilter/ip6t_owner.c
@@ -36,14 +36,14 @@ match(const struct sk_buff *skb,
36 if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file) 36 if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file)
37 return 0; 37 return 0;
38 38
39 if(info->match & IP6T_OWNER_UID) { 39 if (info->match & IP6T_OWNER_UID) {
40 if((skb->sk->sk_socket->file->f_uid != info->uid) ^ 40 if ((skb->sk->sk_socket->file->f_uid != info->uid) ^
41 !!(info->invert & IP6T_OWNER_UID)) 41 !!(info->invert & IP6T_OWNER_UID))
42 return 0; 42 return 0;
43 } 43 }
44 44
45 if(info->match & IP6T_OWNER_GID) { 45 if (info->match & IP6T_OWNER_GID) {
46 if((skb->sk->sk_socket->file->f_gid != info->gid) ^ 46 if ((skb->sk->sk_socket->file->f_gid != info->gid) ^
47 !!(info->invert & IP6T_OWNER_GID)) 47 !!(info->invert & IP6T_OWNER_GID))
48 return 0; 48 return 0;
49 } 49 }
@@ -53,23 +53,23 @@ match(const struct sk_buff *skb,
53 53
54static int 54static int
55checkentry(const char *tablename, 55checkentry(const char *tablename,
56 const void *ip, 56 const void *ip,
57 void *matchinfo, 57 void *matchinfo,
58 unsigned int matchsize, 58 unsigned int matchsize,
59 unsigned int hook_mask) 59 unsigned int hook_mask)
60{ 60{
61 const struct ip6t_owner_info *info = matchinfo; 61 const struct ip6t_owner_info *info = matchinfo;
62 62
63 if (hook_mask 63 if (hook_mask
64 & ~((1 << NF_IP6_LOCAL_OUT) | (1 << NF_IP6_POST_ROUTING))) { 64 & ~((1 << NF_IP6_LOCAL_OUT) | (1 << NF_IP6_POST_ROUTING))) {
65 printk("ip6t_owner: only valid for LOCAL_OUT or POST_ROUTING.\n"); 65 printk("ip6t_owner: only valid for LOCAL_OUT or POST_ROUTING.\n");
66 return 0; 66 return 0;
67 } 67 }
68 68
69 if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_owner_info))) 69 if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_owner_info)))
70 return 0; 70 return 0;
71 71
72 if (info->match & (IP6T_OWNER_PID|IP6T_OWNER_SID)) { 72 if (info->match & (IP6T_OWNER_PID | IP6T_OWNER_SID)) {
73 printk("ipt_owner: pid and sid matching " 73 printk("ipt_owner: pid and sid matching "
74 "not supported anymore\n"); 74 "not supported anymore\n");
75 return 0; 75 return 0;
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c
index 8465b4375855..8f82476dc89e 100644
--- a/net/ipv6/netfilter/ip6t_rt.c
+++ b/net/ipv6/netfilter/ip6t_rt.c
@@ -33,12 +33,12 @@ MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
33static inline int 33static inline int
34segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert) 34segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert)
35{ 35{
36 int r=0; 36 int r = 0;
37 DEBUGP("rt segsleft_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ', 37 DEBUGP("rt segsleft_match:%c 0x%x <= 0x%x <= 0x%x",
38 min,id,max); 38 invert ? '!' : ' ', min, id, max);
39 r=(id >= min && id <= max) ^ invert; 39 r = (id >= min && id <= max) ^ invert;
40 DEBUGP(" result %s\n",r? "PASS" : "FAILED"); 40 DEBUGP(" result %s\n", r ? "PASS" : "FAILED");
41 return r; 41 return r;
42} 42}
43 43
44static int 44static int
@@ -50,87 +50,93 @@ match(const struct sk_buff *skb,
50 unsigned int protoff, 50 unsigned int protoff,
51 int *hotdrop) 51 int *hotdrop)
52{ 52{
53 struct ipv6_rt_hdr _route, *rh; 53 struct ipv6_rt_hdr _route, *rh;
54 const struct ip6t_rt *rtinfo = matchinfo; 54 const struct ip6t_rt *rtinfo = matchinfo;
55 unsigned int temp; 55 unsigned int temp;
56 unsigned int ptr; 56 unsigned int ptr;
57 unsigned int hdrlen = 0; 57 unsigned int hdrlen = 0;
58 unsigned int ret = 0; 58 unsigned int ret = 0;
59 struct in6_addr *ap, _addr; 59 struct in6_addr *ap, _addr;
60 60
61 if (ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL) < 0) 61 if (ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL) < 0)
62 return 0; 62 return 0;
63 63
64 rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route); 64 rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route);
65 if (rh == NULL){ 65 if (rh == NULL) {
66 *hotdrop = 1; 66 *hotdrop = 1;
67 return 0; 67 return 0;
68 } 68 }
69 69
70 hdrlen = ipv6_optlen(rh); 70 hdrlen = ipv6_optlen(rh);
71 if (skb->len - ptr < hdrlen){ 71 if (skb->len - ptr < hdrlen) {
72 /* Pcket smaller than its length field */ 72 /* Pcket smaller than its length field */
73 return 0; 73 return 0;
74 } 74 }
75 75
76 DEBUGP("IPv6 RT LEN %u %u ", hdrlen, rh->hdrlen); 76 DEBUGP("IPv6 RT LEN %u %u ", hdrlen, rh->hdrlen);
77 DEBUGP("TYPE %04X ", rh->type); 77 DEBUGP("TYPE %04X ", rh->type);
78 DEBUGP("SGS_LEFT %u %02X\n", rh->segments_left, rh->segments_left); 78 DEBUGP("SGS_LEFT %u %02X\n", rh->segments_left, rh->segments_left);
79 79
80 DEBUGP("IPv6 RT segsleft %02X ", 80 DEBUGP("IPv6 RT segsleft %02X ",
81 (segsleft_match(rtinfo->segsleft[0], rtinfo->segsleft[1], 81 (segsleft_match(rtinfo->segsleft[0], rtinfo->segsleft[1],
82 rh->segments_left, 82 rh->segments_left,
83 !!(rtinfo->invflags & IP6T_RT_INV_SGS)))); 83 !!(rtinfo->invflags & IP6T_RT_INV_SGS))));
84 DEBUGP("type %02X %02X %02X ", 84 DEBUGP("type %02X %02X %02X ",
85 rtinfo->rt_type, rh->type, 85 rtinfo->rt_type, rh->type,
86 (!(rtinfo->flags & IP6T_RT_TYP) || 86 (!(rtinfo->flags & IP6T_RT_TYP) ||
87 ((rtinfo->rt_type == rh->type) ^ 87 ((rtinfo->rt_type == rh->type) ^
88 !!(rtinfo->invflags & IP6T_RT_INV_TYP)))); 88 !!(rtinfo->invflags & IP6T_RT_INV_TYP))));
89 DEBUGP("len %02X %04X %02X ", 89 DEBUGP("len %02X %04X %02X ",
90 rtinfo->hdrlen, hdrlen, 90 rtinfo->hdrlen, hdrlen,
91 (!(rtinfo->flags & IP6T_RT_LEN) || 91 (!(rtinfo->flags & IP6T_RT_LEN) ||
92 ((rtinfo->hdrlen == hdrlen) ^ 92 ((rtinfo->hdrlen == hdrlen) ^
93 !!(rtinfo->invflags & IP6T_RT_INV_LEN)))); 93 !!(rtinfo->invflags & IP6T_RT_INV_LEN))));
94 DEBUGP("res %02X %02X %02X ", 94 DEBUGP("res %02X %02X %02X ",
95 (rtinfo->flags & IP6T_RT_RES), ((struct rt0_hdr *)rh)->reserved, 95 (rtinfo->flags & IP6T_RT_RES),
96 !((rtinfo->flags & IP6T_RT_RES) && (((struct rt0_hdr *)rh)->reserved))); 96 ((struct rt0_hdr *)rh)->reserved,
97 97 !((rtinfo->flags & IP6T_RT_RES) &&
98 ret = (rh != NULL) 98 (((struct rt0_hdr *)rh)->reserved)));
99 && 99
100 (segsleft_match(rtinfo->segsleft[0], rtinfo->segsleft[1], 100 ret = (rh != NULL)
101 rh->segments_left, 101 &&
102 !!(rtinfo->invflags & IP6T_RT_INV_SGS))) 102 (segsleft_match(rtinfo->segsleft[0], rtinfo->segsleft[1],
103 && 103 rh->segments_left,
104 (!(rtinfo->flags & IP6T_RT_LEN) || 104 !!(rtinfo->invflags & IP6T_RT_INV_SGS)))
105 ((rtinfo->hdrlen == hdrlen) ^ 105 &&
106 !!(rtinfo->invflags & IP6T_RT_INV_LEN))) 106 (!(rtinfo->flags & IP6T_RT_LEN) ||
107 && 107 ((rtinfo->hdrlen == hdrlen) ^
108 (!(rtinfo->flags & IP6T_RT_TYP) || 108 !!(rtinfo->invflags & IP6T_RT_INV_LEN)))
109 ((rtinfo->rt_type == rh->type) ^ 109 &&
110 !!(rtinfo->invflags & IP6T_RT_INV_TYP))); 110 (!(rtinfo->flags & IP6T_RT_TYP) ||
111 ((rtinfo->rt_type == rh->type) ^
112 !!(rtinfo->invflags & IP6T_RT_INV_TYP)));
111 113
112 if (ret && (rtinfo->flags & IP6T_RT_RES)) { 114 if (ret && (rtinfo->flags & IP6T_RT_RES)) {
113 u_int32_t *rp, _reserved; 115 u_int32_t *rp, _reserved;
114 rp = skb_header_pointer(skb, 116 rp = skb_header_pointer(skb,
115 ptr + offsetof(struct rt0_hdr, reserved), 117 ptr + offsetof(struct rt0_hdr,
116 sizeof(_reserved), &_reserved); 118 reserved),
119 sizeof(_reserved),
120 &_reserved);
117 121
118 ret = (*rp == 0); 122 ret = (*rp == 0);
119 } 123 }
120 124
121 DEBUGP("#%d ",rtinfo->addrnr); 125 DEBUGP("#%d ", rtinfo->addrnr);
122 if ( !(rtinfo->flags & IP6T_RT_FST) ){ 126 if (!(rtinfo->flags & IP6T_RT_FST)) {
123 return ret; 127 return ret;
124 } else if (rtinfo->flags & IP6T_RT_FST_NSTRICT) { 128 } else if (rtinfo->flags & IP6T_RT_FST_NSTRICT) {
125 DEBUGP("Not strict "); 129 DEBUGP("Not strict ");
126 if ( rtinfo->addrnr > (unsigned int)((hdrlen-8)/16) ){ 130 if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) {
127 DEBUGP("There isn't enough space\n"); 131 DEBUGP("There isn't enough space\n");
128 return 0; 132 return 0;
129 } else { 133 } else {
130 unsigned int i = 0; 134 unsigned int i = 0;
131 135
132 DEBUGP("#%d ",rtinfo->addrnr); 136 DEBUGP("#%d ", rtinfo->addrnr);
133 for(temp=0; temp<(unsigned int)((hdrlen-8)/16); temp++){ 137 for (temp = 0;
138 temp < (unsigned int)((hdrlen - 8) / 16);
139 temp++) {
134 ap = skb_header_pointer(skb, 140 ap = skb_header_pointer(skb,
135 ptr 141 ptr
136 + sizeof(struct rt0_hdr) 142 + sizeof(struct rt0_hdr)
@@ -141,24 +147,26 @@ match(const struct sk_buff *skb,
141 BUG_ON(ap == NULL); 147 BUG_ON(ap == NULL);
142 148
143 if (ipv6_addr_equal(ap, &rtinfo->addrs[i])) { 149 if (ipv6_addr_equal(ap, &rtinfo->addrs[i])) {
144 DEBUGP("i=%d temp=%d;\n",i,temp); 150 DEBUGP("i=%d temp=%d;\n", i, temp);
145 i++; 151 i++;
146 } 152 }
147 if (i==rtinfo->addrnr) break; 153 if (i == rtinfo->addrnr)
154 break;
148 } 155 }
149 DEBUGP("i=%d #%d\n", i, rtinfo->addrnr); 156 DEBUGP("i=%d #%d\n", i, rtinfo->addrnr);
150 if (i == rtinfo->addrnr) 157 if (i == rtinfo->addrnr)
151 return ret; 158 return ret;
152 else return 0; 159 else
160 return 0;
153 } 161 }
154 } else { 162 } else {
155 DEBUGP("Strict "); 163 DEBUGP("Strict ");
156 if ( rtinfo->addrnr > (unsigned int)((hdrlen-8)/16) ){ 164 if (rtinfo->addrnr > (unsigned int)((hdrlen - 8) / 16)) {
157 DEBUGP("There isn't enough space\n"); 165 DEBUGP("There isn't enough space\n");
158 return 0; 166 return 0;
159 } else { 167 } else {
160 DEBUGP("#%d ",rtinfo->addrnr); 168 DEBUGP("#%d ", rtinfo->addrnr);
161 for(temp=0; temp<rtinfo->addrnr; temp++){ 169 for (temp = 0; temp < rtinfo->addrnr; temp++) {
162 ap = skb_header_pointer(skb, 170 ap = skb_header_pointer(skb,
163 ptr 171 ptr
164 + sizeof(struct rt0_hdr) 172 + sizeof(struct rt0_hdr)
@@ -171,9 +179,11 @@ match(const struct sk_buff *skb,
171 break; 179 break;
172 } 180 }
173 DEBUGP("temp=%d #%d\n", temp, rtinfo->addrnr); 181 DEBUGP("temp=%d #%d\n", temp, rtinfo->addrnr);
174 if ((temp == rtinfo->addrnr) && (temp == (unsigned int)((hdrlen-8)/16))) 182 if ((temp == rtinfo->addrnr) &&
183 (temp == (unsigned int)((hdrlen - 8) / 16)))
175 return ret; 184 return ret;
176 else return 0; 185 else
186 return 0;
177 } 187 }
178 } 188 }
179 189
@@ -183,32 +193,31 @@ match(const struct sk_buff *skb,
183/* Called when user tries to insert an entry of this type. */ 193/* Called when user tries to insert an entry of this type. */
184static int 194static int
185checkentry(const char *tablename, 195checkentry(const char *tablename,
186 const void *entry, 196 const void *entry,
187 void *matchinfo, 197 void *matchinfo,
188 unsigned int matchinfosize, 198 unsigned int matchinfosize,
189 unsigned int hook_mask) 199 unsigned int hook_mask)
190{ 200{
191 const struct ip6t_rt *rtinfo = matchinfo; 201 const struct ip6t_rt *rtinfo = matchinfo;
192 202
193 if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_rt))) { 203 if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_rt))) {
194 DEBUGP("ip6t_rt: matchsize %u != %u\n", 204 DEBUGP("ip6t_rt: matchsize %u != %u\n",
195 matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_rt))); 205 matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_rt)));
196 return 0; 206 return 0;
197 } 207 }
198 if (rtinfo->invflags & ~IP6T_RT_INV_MASK) { 208 if (rtinfo->invflags & ~IP6T_RT_INV_MASK) {
199 DEBUGP("ip6t_rt: unknown flags %X\n", 209 DEBUGP("ip6t_rt: unknown flags %X\n", rtinfo->invflags);
200 rtinfo->invflags); 210 return 0;
201 return 0; 211 }
202 } 212 if ((rtinfo->flags & (IP6T_RT_RES | IP6T_RT_FST_MASK)) &&
203 if ( (rtinfo->flags & (IP6T_RT_RES|IP6T_RT_FST_MASK)) && 213 (!(rtinfo->flags & IP6T_RT_TYP) ||
204 (!(rtinfo->flags & IP6T_RT_TYP) || 214 (rtinfo->rt_type != 0) ||
205 (rtinfo->rt_type != 0) || 215 (rtinfo->invflags & IP6T_RT_INV_TYP))) {
206 (rtinfo->invflags & IP6T_RT_INV_TYP)) ) { 216 DEBUGP("`--rt-type 0' required before `--rt-0-*'");
207 DEBUGP("`--rt-type 0' required before `--rt-0-*'"); 217 return 0;
208 return 0; 218 }
209 } 219
210 220 return 1;
211 return 1;
212} 221}
213 222
214static struct ip6t_match rt_match = { 223static struct ip6t_match rt_match = {
@@ -220,12 +229,12 @@ static struct ip6t_match rt_match = {
220 229
221static int __init init(void) 230static int __init init(void)
222{ 231{
223 return ip6t_register_match(&rt_match); 232 return ip6t_register_match(&rt_match);
224} 233}
225 234
226static void __exit cleanup(void) 235static void __exit cleanup(void)
227{ 236{
228 ip6t_unregister_match(&rt_match); 237 ip6t_unregister_match(&rt_match);
229} 238}
230 239
231module_init(init); 240module_init(init);