diff options
| author | Patrick McHardy <kaber@trash.net> | 2010-05-11 12:59:21 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-05-11 12:59:21 -0400 |
| commit | cba7a98a474a4f2a9316473734ba76829191a78a (patch) | |
| tree | 28a0ab87dba93385353bedb76a26a1fc45b3a0c6 /net/ipv6 | |
| parent | d250fe91ae129bff0968e685cc9c466d3a5e3482 (diff) | |
| parent | 4538506be386f9736b83bf9892f829adbbb70fea (diff) | |
Merge branch 'master' of git://dev.medozas.de/linux
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 118 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_LOG.c | 2 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_REJECT.c | 2 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_ah.c | 6 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_eui64.c | 4 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_frag.c | 6 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_hbh.c | 6 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_ipv6header.c | 2 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_mh.c | 6 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_rt.c | 6 |
10 files changed, 70 insertions, 88 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 7afa11773164..56782336474f 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -197,7 +197,7 @@ ip6_checkentry(const struct ip6t_ip6 *ipv6) | |||
| 197 | } | 197 | } |
| 198 | 198 | ||
| 199 | static unsigned int | 199 | static unsigned int |
| 200 | ip6t_error(struct sk_buff *skb, const struct xt_target_param *par) | 200 | ip6t_error(struct sk_buff *skb, const struct xt_action_param *par) |
| 201 | { | 201 | { |
| 202 | if (net_ratelimit()) | 202 | if (net_ratelimit()) |
| 203 | pr_info("error: `%s'\n", (const char *)par->targinfo); | 203 | pr_info("error: `%s'\n", (const char *)par->targinfo); |
| @@ -205,21 +205,6 @@ ip6t_error(struct sk_buff *skb, const struct xt_target_param *par) | |||
| 205 | return NF_DROP; | 205 | return NF_DROP; |
| 206 | } | 206 | } |
| 207 | 207 | ||
| 208 | /* Performance critical - called for every packet */ | ||
| 209 | static inline bool | ||
| 210 | do_match(const struct ip6t_entry_match *m, const struct sk_buff *skb, | ||
| 211 | struct xt_match_param *par) | ||
| 212 | { | ||
| 213 | par->match = m->u.kernel.match; | ||
| 214 | par->matchinfo = m->data; | ||
| 215 | |||
| 216 | /* Stop iteration if it doesn't match */ | ||
| 217 | if (!m->u.kernel.match->match(skb, par)) | ||
| 218 | return true; | ||
| 219 | else | ||
| 220 | return false; | ||
| 221 | } | ||
| 222 | |||
| 223 | static inline struct ip6t_entry * | 208 | static inline struct ip6t_entry * |
| 224 | get_entry(const void *base, unsigned int offset) | 209 | get_entry(const void *base, unsigned int offset) |
| 225 | { | 210 | { |
| @@ -352,7 +337,6 @@ ip6t_do_table(struct sk_buff *skb, | |||
| 352 | struct xt_table *table) | 337 | struct xt_table *table) |
| 353 | { | 338 | { |
| 354 | static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); | 339 | static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); |
| 355 | bool hotdrop = false; | ||
| 356 | /* Initializing verdict to NF_DROP keeps gcc happy. */ | 340 | /* Initializing verdict to NF_DROP keeps gcc happy. */ |
| 357 | unsigned int verdict = NF_DROP; | 341 | unsigned int verdict = NF_DROP; |
| 358 | const char *indev, *outdev; | 342 | const char *indev, *outdev; |
| @@ -360,8 +344,7 @@ ip6t_do_table(struct sk_buff *skb, | |||
| 360 | struct ip6t_entry *e, **jumpstack; | 344 | struct ip6t_entry *e, **jumpstack; |
| 361 | unsigned int *stackptr, origptr, cpu; | 345 | unsigned int *stackptr, origptr, cpu; |
| 362 | const struct xt_table_info *private; | 346 | const struct xt_table_info *private; |
| 363 | struct xt_match_param mtpar; | 347 | struct xt_action_param acpar; |
| 364 | struct xt_target_param tgpar; | ||
| 365 | 348 | ||
| 366 | /* Initialization */ | 349 | /* Initialization */ |
| 367 | indev = in ? in->name : nulldevname; | 350 | indev = in ? in->name : nulldevname; |
| @@ -372,11 +355,11 @@ ip6t_do_table(struct sk_buff *skb, | |||
| 372 | * things we don't know, ie. tcp syn flag or ports). If the | 355 | * things we don't know, ie. tcp syn flag or ports). If the |
| 373 | * rule is also a fragment-specific rule, non-fragments won't | 356 | * rule is also a fragment-specific rule, non-fragments won't |
| 374 | * match it. */ | 357 | * match it. */ |
| 375 | mtpar.hotdrop = &hotdrop; | 358 | acpar.hotdrop = false; |
| 376 | mtpar.in = tgpar.in = in; | 359 | acpar.in = in; |
| 377 | mtpar.out = tgpar.out = out; | 360 | acpar.out = out; |
| 378 | mtpar.family = tgpar.family = NFPROTO_IPV6; | 361 | acpar.family = NFPROTO_IPV6; |
| 379 | mtpar.hooknum = tgpar.hooknum = hook; | 362 | acpar.hooknum = hook; |
| 380 | 363 | ||
| 381 | IP_NF_ASSERT(table->valid_hooks & (1 << hook)); | 364 | IP_NF_ASSERT(table->valid_hooks & (1 << hook)); |
| 382 | 365 | ||
| @@ -396,15 +379,18 @@ ip6t_do_table(struct sk_buff *skb, | |||
| 396 | 379 | ||
| 397 | IP_NF_ASSERT(e); | 380 | IP_NF_ASSERT(e); |
| 398 | if (!ip6_packet_match(skb, indev, outdev, &e->ipv6, | 381 | if (!ip6_packet_match(skb, indev, outdev, &e->ipv6, |
| 399 | &mtpar.thoff, &mtpar.fragoff, &hotdrop)) { | 382 | &acpar.thoff, &acpar.fragoff, &acpar.hotdrop)) { |
| 400 | no_match: | 383 | no_match: |
| 401 | e = ip6t_next_entry(e); | 384 | e = ip6t_next_entry(e); |
| 402 | continue; | 385 | continue; |
| 403 | } | 386 | } |
| 404 | 387 | ||
| 405 | xt_ematch_foreach(ematch, e) | 388 | xt_ematch_foreach(ematch, e) { |
| 406 | if (do_match(ematch, skb, &mtpar) != 0) | 389 | acpar.match = ematch->u.kernel.match; |
| 390 | acpar.matchinfo = ematch->data; | ||
| 391 | if (!acpar.match->match(skb, &acpar)) | ||
| 407 | goto no_match; | 392 | goto no_match; |
| 393 | } | ||
| 408 | 394 | ||
| 409 | ADD_COUNTER(e->counters, | 395 | ADD_COUNTER(e->counters, |
| 410 | ntohs(ipv6_hdr(skb)->payload_len) + | 396 | ntohs(ipv6_hdr(skb)->payload_len) + |
| @@ -451,16 +437,16 @@ ip6t_do_table(struct sk_buff *skb, | |||
| 451 | continue; | 437 | continue; |
| 452 | } | 438 | } |
| 453 | 439 | ||
| 454 | tgpar.target = t->u.kernel.target; | 440 | acpar.target = t->u.kernel.target; |
| 455 | tgpar.targinfo = t->data; | 441 | acpar.targinfo = t->data; |
| 456 | 442 | ||
| 457 | verdict = t->u.kernel.target->target(skb, &tgpar); | 443 | verdict = t->u.kernel.target->target(skb, &acpar); |
| 458 | if (verdict == IP6T_CONTINUE) | 444 | if (verdict == IP6T_CONTINUE) |
| 459 | e = ip6t_next_entry(e); | 445 | e = ip6t_next_entry(e); |
| 460 | else | 446 | else |
| 461 | /* Verdict */ | 447 | /* Verdict */ |
| 462 | break; | 448 | break; |
| 463 | } while (!hotdrop); | 449 | } while (!acpar.hotdrop); |
| 464 | 450 | ||
| 465 | xt_info_rdunlock_bh(); | 451 | xt_info_rdunlock_bh(); |
| 466 | *stackptr = origptr; | 452 | *stackptr = origptr; |
| @@ -468,7 +454,7 @@ ip6t_do_table(struct sk_buff *skb, | |||
| 468 | #ifdef DEBUG_ALLOW_ALL | 454 | #ifdef DEBUG_ALLOW_ALL |
| 469 | return NF_ACCEPT; | 455 | return NF_ACCEPT; |
| 470 | #else | 456 | #else |
| 471 | if (hotdrop) | 457 | if (acpar.hotdrop) |
| 472 | return NF_DROP; | 458 | return NF_DROP; |
| 473 | else return verdict; | 459 | else return verdict; |
| 474 | #endif | 460 | #endif |
| @@ -2167,7 +2153,7 @@ icmp6_type_code_match(u_int8_t test_type, u_int8_t min_code, u_int8_t max_code, | |||
| 2167 | } | 2153 | } |
| 2168 | 2154 | ||
| 2169 | static bool | 2155 | static bool |
| 2170 | icmp6_match(const struct sk_buff *skb, const struct xt_match_param *par) | 2156 | icmp6_match(const struct sk_buff *skb, struct xt_action_param *par) |
| 2171 | { | 2157 | { |
| 2172 | const struct icmp6hdr *ic; | 2158 | const struct icmp6hdr *ic; |
| 2173 | struct icmp6hdr _icmph; | 2159 | struct icmp6hdr _icmph; |
| @@ -2183,7 +2169,7 @@ icmp6_match(const struct sk_buff *skb, const struct xt_match_param *par) | |||
| 2183 | * can't. Hence, no choice but to drop. | 2169 | * can't. Hence, no choice but to drop. |
| 2184 | */ | 2170 | */ |
| 2185 | duprintf("Dropping evil ICMP tinygram.\n"); | 2171 | duprintf("Dropping evil ICMP tinygram.\n"); |
| 2186 | *par->hotdrop = true; | 2172 | par->hotdrop = true; |
| 2187 | return false; | 2173 | return false; |
| 2188 | } | 2174 | } |
| 2189 | 2175 | ||
| @@ -2204,22 +2190,23 @@ static int icmp6_checkentry(const struct xt_mtchk_param *par) | |||
| 2204 | } | 2190 | } |
| 2205 | 2191 | ||
| 2206 | /* The built-in targets: standard (NULL) and error. */ | 2192 | /* The built-in targets: standard (NULL) and error. */ |
| 2207 | static struct xt_target ip6t_standard_target __read_mostly = { | 2193 | static struct xt_target ip6t_builtin_tg[] __read_mostly = { |
| 2208 | .name = IP6T_STANDARD_TARGET, | 2194 | { |
| 2209 | .targetsize = sizeof(int), | 2195 | .name = IP6T_STANDARD_TARGET, |
| 2210 | .family = NFPROTO_IPV6, | 2196 | .targetsize = sizeof(int), |
| 2197 | .family = NFPROTO_IPV6, | ||
| 2211 | #ifdef CONFIG_COMPAT | 2198 | #ifdef CONFIG_COMPAT |
| 2212 | .compatsize = sizeof(compat_int_t), | 2199 | .compatsize = sizeof(compat_int_t), |
| 2213 | .compat_from_user = compat_standard_from_user, | 2200 | .compat_from_user = compat_standard_from_user, |
| 2214 | .compat_to_user = compat_standard_to_user, | 2201 | .compat_to_user = compat_standard_to_user, |
| 2215 | #endif | 2202 | #endif |
| 2216 | }; | 2203 | }, |
| 2217 | 2204 | { | |
| 2218 | static struct xt_target ip6t_error_target __read_mostly = { | 2205 | .name = IP6T_ERROR_TARGET, |
| 2219 | .name = IP6T_ERROR_TARGET, | 2206 | .target = ip6t_error, |
| 2220 | .target = ip6t_error, | 2207 | .targetsize = IP6T_FUNCTION_MAXNAMELEN, |
| 2221 | .targetsize = IP6T_FUNCTION_MAXNAMELEN, | 2208 | .family = NFPROTO_IPV6, |
| 2222 | .family = NFPROTO_IPV6, | 2209 | }, |
| 2223 | }; | 2210 | }; |
| 2224 | 2211 | ||
| 2225 | static struct nf_sockopt_ops ip6t_sockopts = { | 2212 | static struct nf_sockopt_ops ip6t_sockopts = { |
| @@ -2239,13 +2226,15 @@ static struct nf_sockopt_ops ip6t_sockopts = { | |||
| 2239 | .owner = THIS_MODULE, | 2226 | .owner = THIS_MODULE, |
| 2240 | }; | 2227 | }; |
| 2241 | 2228 | ||
| 2242 | static struct xt_match icmp6_matchstruct __read_mostly = { | 2229 | static struct xt_match ip6t_builtin_mt[] __read_mostly = { |
| 2243 | .name = "icmp6", | 2230 | { |
| 2244 | .match = icmp6_match, | 2231 | .name = "icmp6", |
| 2245 | .matchsize = sizeof(struct ip6t_icmp), | 2232 | .match = icmp6_match, |
| 2246 | .checkentry = icmp6_checkentry, | 2233 | .matchsize = sizeof(struct ip6t_icmp), |
| 2247 | .proto = IPPROTO_ICMPV6, | 2234 | .checkentry = icmp6_checkentry, |
| 2248 | .family = NFPROTO_IPV6, | 2235 | .proto = IPPROTO_ICMPV6, |
| 2236 | .family = NFPROTO_IPV6, | ||
| 2237 | }, | ||
| 2249 | }; | 2238 | }; |
| 2250 | 2239 | ||
| 2251 | static int __net_init ip6_tables_net_init(struct net *net) | 2240 | static int __net_init ip6_tables_net_init(struct net *net) |
| @@ -2272,13 +2261,10 @@ static int __init ip6_tables_init(void) | |||
| 2272 | goto err1; | 2261 | goto err1; |
| 2273 | 2262 | ||
| 2274 | /* Noone else will be downing sem now, so we won't sleep */ | 2263 | /* Noone else will be downing sem now, so we won't sleep */ |
| 2275 | ret = xt_register_target(&ip6t_standard_target); | 2264 | ret = xt_register_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg)); |
| 2276 | if (ret < 0) | 2265 | if (ret < 0) |
| 2277 | goto err2; | 2266 | goto err2; |
| 2278 | ret = xt_register_target(&ip6t_error_target); | 2267 | ret = xt_register_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt)); |
| 2279 | if (ret < 0) | ||
| 2280 | goto err3; | ||
| 2281 | ret = xt_register_match(&icmp6_matchstruct); | ||
| 2282 | if (ret < 0) | 2268 | if (ret < 0) |
| 2283 | goto err4; | 2269 | goto err4; |
| 2284 | 2270 | ||
| @@ -2291,11 +2277,9 @@ static int __init ip6_tables_init(void) | |||
| 2291 | return 0; | 2277 | return 0; |
| 2292 | 2278 | ||
| 2293 | err5: | 2279 | err5: |
| 2294 | xt_unregister_match(&icmp6_matchstruct); | 2280 | xt_unregister_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt)); |
| 2295 | err4: | 2281 | err4: |
| 2296 | xt_unregister_target(&ip6t_error_target); | 2282 | xt_unregister_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg)); |
| 2297 | err3: | ||
| 2298 | xt_unregister_target(&ip6t_standard_target); | ||
| 2299 | err2: | 2283 | err2: |
| 2300 | unregister_pernet_subsys(&ip6_tables_net_ops); | 2284 | unregister_pernet_subsys(&ip6_tables_net_ops); |
| 2301 | err1: | 2285 | err1: |
| @@ -2306,10 +2290,8 @@ static void __exit ip6_tables_fini(void) | |||
| 2306 | { | 2290 | { |
| 2307 | nf_unregister_sockopt(&ip6t_sockopts); | 2291 | nf_unregister_sockopt(&ip6t_sockopts); |
| 2308 | 2292 | ||
| 2309 | xt_unregister_match(&icmp6_matchstruct); | 2293 | xt_unregister_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt)); |
| 2310 | xt_unregister_target(&ip6t_error_target); | 2294 | xt_unregister_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg)); |
| 2311 | xt_unregister_target(&ip6t_standard_target); | ||
| 2312 | |||
| 2313 | unregister_pernet_subsys(&ip6_tables_net_ops); | 2295 | unregister_pernet_subsys(&ip6_tables_net_ops); |
| 2314 | } | 2296 | } |
| 2315 | 2297 | ||
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c index 1f47a525f484..af4ee11f2066 100644 --- a/net/ipv6/netfilter/ip6t_LOG.c +++ b/net/ipv6/netfilter/ip6t_LOG.c | |||
| @@ -436,7 +436,7 @@ ip6t_log_packet(u_int8_t pf, | |||
| 436 | } | 436 | } |
| 437 | 437 | ||
| 438 | static unsigned int | 438 | static unsigned int |
| 439 | log_tg6(struct sk_buff *skb, const struct xt_target_param *par) | 439 | log_tg6(struct sk_buff *skb, const struct xt_action_param *par) |
| 440 | { | 440 | { |
| 441 | const struct ip6t_log_info *loginfo = par->targinfo; | 441 | const struct ip6t_log_info *loginfo = par->targinfo; |
| 442 | struct nf_loginfo li; | 442 | struct nf_loginfo li; |
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c index af1d6494ac39..47d227713758 100644 --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c | |||
| @@ -175,7 +175,7 @@ send_unreach(struct net *net, struct sk_buff *skb_in, unsigned char code, | |||
| 175 | } | 175 | } |
| 176 | 176 | ||
| 177 | static unsigned int | 177 | static unsigned int |
| 178 | reject_tg6(struct sk_buff *skb, const struct xt_target_param *par) | 178 | reject_tg6(struct sk_buff *skb, const struct xt_action_param *par) |
| 179 | { | 179 | { |
| 180 | const struct ip6t_reject_info *reject = par->targinfo; | 180 | const struct ip6t_reject_info *reject = par->targinfo; |
| 181 | struct net *net = dev_net((par->in != NULL) ? par->in : par->out); | 181 | struct net *net = dev_net((par->in != NULL) ? par->in : par->out); |
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c index 1580693c86c1..89cccc5a9c92 100644 --- a/net/ipv6/netfilter/ip6t_ah.c +++ b/net/ipv6/netfilter/ip6t_ah.c | |||
| @@ -36,7 +36,7 @@ spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, bool invert) | |||
| 36 | return r; | 36 | return r; |
| 37 | } | 37 | } |
| 38 | 38 | ||
| 39 | static bool ah_mt6(const struct sk_buff *skb, const struct xt_match_param *par) | 39 | static bool ah_mt6(const struct sk_buff *skb, struct xt_action_param *par) |
| 40 | { | 40 | { |
| 41 | struct ip_auth_hdr _ah; | 41 | struct ip_auth_hdr _ah; |
| 42 | const struct ip_auth_hdr *ah; | 42 | const struct ip_auth_hdr *ah; |
| @@ -48,13 +48,13 @@ static bool ah_mt6(const struct sk_buff *skb, const struct xt_match_param *par) | |||
| 48 | err = ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH, NULL); | 48 | err = ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH, NULL); |
| 49 | if (err < 0) { | 49 | if (err < 0) { |
| 50 | if (err != -ENOENT) | 50 | if (err != -ENOENT) |
| 51 | *par->hotdrop = true; | 51 | par->hotdrop = true; |
| 52 | return false; | 52 | return false; |
| 53 | } | 53 | } |
| 54 | 54 | ||
| 55 | ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah); | 55 | ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah); |
| 56 | if (ah == NULL) { | 56 | if (ah == NULL) { |
| 57 | *par->hotdrop = true; | 57 | par->hotdrop = true; |
| 58 | return false; | 58 | return false; |
| 59 | } | 59 | } |
| 60 | 60 | ||
diff --git a/net/ipv6/netfilter/ip6t_eui64.c b/net/ipv6/netfilter/ip6t_eui64.c index ca287f6d2bce..aab0706908c5 100644 --- a/net/ipv6/netfilter/ip6t_eui64.c +++ b/net/ipv6/netfilter/ip6t_eui64.c | |||
| @@ -20,14 +20,14 @@ MODULE_LICENSE("GPL"); | |||
| 20 | MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); | 20 | MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); |
| 21 | 21 | ||
| 22 | static bool | 22 | static bool |
| 23 | eui64_mt6(const struct sk_buff *skb, const struct xt_match_param *par) | 23 | eui64_mt6(const struct sk_buff *skb, struct xt_action_param *par) |
| 24 | { | 24 | { |
| 25 | unsigned char eui64[8]; | 25 | unsigned char eui64[8]; |
| 26 | 26 | ||
| 27 | if (!(skb_mac_header(skb) >= skb->head && | 27 | if (!(skb_mac_header(skb) >= skb->head && |
| 28 | skb_mac_header(skb) + ETH_HLEN <= skb->data) && | 28 | skb_mac_header(skb) + ETH_HLEN <= skb->data) && |
| 29 | par->fragoff != 0) { | 29 | par->fragoff != 0) { |
| 30 | *par->hotdrop = true; | 30 | par->hotdrop = true; |
| 31 | return false; | 31 | return false; |
| 32 | } | 32 | } |
| 33 | 33 | ||
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c index a5daf0ffb4ec..eda898fda6ca 100644 --- a/net/ipv6/netfilter/ip6t_frag.c +++ b/net/ipv6/netfilter/ip6t_frag.c | |||
| @@ -35,7 +35,7 @@ id_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert) | |||
| 35 | } | 35 | } |
| 36 | 36 | ||
| 37 | static bool | 37 | static bool |
| 38 | frag_mt6(const struct sk_buff *skb, const struct xt_match_param *par) | 38 | frag_mt6(const struct sk_buff *skb, struct xt_action_param *par) |
| 39 | { | 39 | { |
| 40 | struct frag_hdr _frag; | 40 | struct frag_hdr _frag; |
| 41 | const struct frag_hdr *fh; | 41 | const struct frag_hdr *fh; |
| @@ -46,13 +46,13 @@ frag_mt6(const struct sk_buff *skb, const struct xt_match_param *par) | |||
| 46 | err = ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL); | 46 | err = ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL); |
| 47 | if (err < 0) { | 47 | if (err < 0) { |
| 48 | if (err != -ENOENT) | 48 | if (err != -ENOENT) |
| 49 | *par->hotdrop = true; | 49 | par->hotdrop = true; |
| 50 | return false; | 50 | return false; |
| 51 | } | 51 | } |
| 52 | 52 | ||
| 53 | fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag); | 53 | fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag); |
| 54 | if (fh == NULL) { | 54 | if (fh == NULL) { |
| 55 | *par->hotdrop = true; | 55 | par->hotdrop = true; |
| 56 | return false; | 56 | return false; |
| 57 | } | 57 | } |
| 58 | 58 | ||
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c index e424e7c8f824..59df051eaef6 100644 --- a/net/ipv6/netfilter/ip6t_hbh.c +++ b/net/ipv6/netfilter/ip6t_hbh.c | |||
| @@ -44,7 +44,7 @@ MODULE_ALIAS("ip6t_dst"); | |||
| 44 | static struct xt_match hbh_mt6_reg[] __read_mostly; | 44 | static struct xt_match hbh_mt6_reg[] __read_mostly; |
| 45 | 45 | ||
| 46 | static bool | 46 | static bool |
| 47 | hbh_mt6(const struct sk_buff *skb, const struct xt_match_param *par) | 47 | hbh_mt6(const struct sk_buff *skb, struct xt_action_param *par) |
| 48 | { | 48 | { |
| 49 | struct ipv6_opt_hdr _optsh; | 49 | struct ipv6_opt_hdr _optsh; |
| 50 | const struct ipv6_opt_hdr *oh; | 50 | const struct ipv6_opt_hdr *oh; |
| @@ -65,13 +65,13 @@ hbh_mt6(const struct sk_buff *skb, const struct xt_match_param *par) | |||
| 65 | NEXTHDR_HOP : NEXTHDR_DEST, NULL); | 65 | NEXTHDR_HOP : NEXTHDR_DEST, NULL); |
| 66 | if (err < 0) { | 66 | if (err < 0) { |
| 67 | if (err != -ENOENT) | 67 | if (err != -ENOENT) |
| 68 | *par->hotdrop = true; | 68 | par->hotdrop = true; |
| 69 | return false; | 69 | return false; |
| 70 | } | 70 | } |
| 71 | 71 | ||
| 72 | oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh); | 72 | oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh); |
| 73 | if (oh == NULL) { | 73 | if (oh == NULL) { |
| 74 | *par->hotdrop = true; | 74 | par->hotdrop = true; |
| 75 | return false; | 75 | return false; |
| 76 | } | 76 | } |
| 77 | 77 | ||
diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c index 46fbabb493fa..54bd9790603f 100644 --- a/net/ipv6/netfilter/ip6t_ipv6header.c +++ b/net/ipv6/netfilter/ip6t_ipv6header.c | |||
| @@ -27,7 +27,7 @@ MODULE_DESCRIPTION("Xtables: IPv6 header types match"); | |||
| 27 | MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); | 27 | MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); |
| 28 | 28 | ||
| 29 | static bool | 29 | static bool |
| 30 | ipv6header_mt6(const struct sk_buff *skb, const struct xt_match_param *par) | 30 | ipv6header_mt6(const struct sk_buff *skb, struct xt_action_param *par) |
| 31 | { | 31 | { |
| 32 | const struct ip6t_ipv6header_info *info = par->matchinfo; | 32 | const struct ip6t_ipv6header_info *info = par->matchinfo; |
| 33 | unsigned int temp; | 33 | unsigned int temp; |
diff --git a/net/ipv6/netfilter/ip6t_mh.c b/net/ipv6/netfilter/ip6t_mh.c index c9f443e0138f..0c90c66b1992 100644 --- a/net/ipv6/netfilter/ip6t_mh.c +++ b/net/ipv6/netfilter/ip6t_mh.c | |||
| @@ -32,7 +32,7 @@ type_match(u_int8_t min, u_int8_t max, u_int8_t type, bool invert) | |||
| 32 | return (type >= min && type <= max) ^ invert; | 32 | return (type >= min && type <= max) ^ invert; |
| 33 | } | 33 | } |
| 34 | 34 | ||
| 35 | static bool mh_mt6(const struct sk_buff *skb, const struct xt_match_param *par) | 35 | static bool mh_mt6(const struct sk_buff *skb, struct xt_action_param *par) |
| 36 | { | 36 | { |
| 37 | struct ip6_mh _mh; | 37 | struct ip6_mh _mh; |
| 38 | const struct ip6_mh *mh; | 38 | const struct ip6_mh *mh; |
| @@ -47,14 +47,14 @@ static bool mh_mt6(const struct sk_buff *skb, const struct xt_match_param *par) | |||
| 47 | /* We've been asked to examine this packet, and we | 47 | /* We've been asked to examine this packet, and we |
| 48 | can't. Hence, no choice but to drop. */ | 48 | can't. Hence, no choice but to drop. */ |
| 49 | pr_debug("Dropping evil MH tinygram.\n"); | 49 | pr_debug("Dropping evil MH tinygram.\n"); |
| 50 | *par->hotdrop = true; | 50 | par->hotdrop = true; |
| 51 | return false; | 51 | return false; |
| 52 | } | 52 | } |
| 53 | 53 | ||
| 54 | if (mh->ip6mh_proto != IPPROTO_NONE) { | 54 | if (mh->ip6mh_proto != IPPROTO_NONE) { |
| 55 | pr_debug("Dropping invalid MH Payload Proto: %u\n", | 55 | pr_debug("Dropping invalid MH Payload Proto: %u\n", |
| 56 | mh->ip6mh_proto); | 56 | mh->ip6mh_proto); |
| 57 | *par->hotdrop = true; | 57 | par->hotdrop = true; |
| 58 | return false; | 58 | return false; |
| 59 | } | 59 | } |
| 60 | 60 | ||
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c index 09322720d2a6..d8488c50a8e0 100644 --- a/net/ipv6/netfilter/ip6t_rt.c +++ b/net/ipv6/netfilter/ip6t_rt.c | |||
| @@ -36,7 +36,7 @@ segsleft_match(u_int32_t min, u_int32_t max, u_int32_t id, bool invert) | |||
| 36 | return r; | 36 | return r; |
| 37 | } | 37 | } |
| 38 | 38 | ||
| 39 | static bool rt_mt6(const struct sk_buff *skb, const struct xt_match_param *par) | 39 | static bool rt_mt6(const struct sk_buff *skb, struct xt_action_param *par) |
| 40 | { | 40 | { |
| 41 | struct ipv6_rt_hdr _route; | 41 | struct ipv6_rt_hdr _route; |
| 42 | const struct ipv6_rt_hdr *rh; | 42 | const struct ipv6_rt_hdr *rh; |
| @@ -52,13 +52,13 @@ static bool rt_mt6(const struct sk_buff *skb, const struct xt_match_param *par) | |||
| 52 | err = ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL); | 52 | err = ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL); |
| 53 | if (err < 0) { | 53 | if (err < 0) { |
| 54 | if (err != -ENOENT) | 54 | if (err != -ENOENT) |
| 55 | *par->hotdrop = true; | 55 | par->hotdrop = true; |
| 56 | return false; | 56 | return false; |
| 57 | } | 57 | } |
| 58 | 58 | ||
| 59 | rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route); | 59 | rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route); |
| 60 | if (rh == NULL) { | 60 | if (rh == NULL) { |
| 61 | *par->hotdrop = true; | 61 | par->hotdrop = true; |
| 62 | return false; | 62 | return false; |
| 63 | } | 63 | } |
| 64 | 64 | ||