[NETFILTER] ip6tables: remove duplicate code

Some IPv6 matches have very similar loops to find IPv6 extension header and we can unify them. This patch introduces ipv6_find_hdr() to do it. I just checked that it can find the target headers in the packet which has dst,hbh,rt,frag,ah,esp headers. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> 2005-09-19 18:34:40 -0400
committer: David S. Miller <davem@davemloft.net> 2005-09-19 18:34:40 -0400
commit: e674d0f38de6109b59dbe30fba8b296a03229b8e (patch)
tree: 459271f7cef6319dfa7ca9ab050269c98e551994 /net
parent: 926b50f92a30090da2c1a8675de954c2d9b09732 (diff)
7 files changed, 91 insertions, 464 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 1cb8adb2787f..2da514b16d95 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -1955,6 +1955,57 @@ static void __exit fini(void)
 #endif
 }
+/*
+ * find specified header up to transport protocol header.
+ * If found target header, the offset to the header is set to *offset
+ * and return 0. otherwise, return -1.
+ *
+ * Notes: - non-1st Fragment Header isn't skipped.
+ *        - ESP header isn't skipped.
+ *        - The target header may be trancated.
+ */
+int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, u8 target)
+{
+        unsigned int start = (u8*)(skb->nh.ipv6h + 1) - skb->data;
+        u8 nexthdr = skb->nh.ipv6h->nexthdr;
+        unsigned int len = skb->len - start;
+        while (nexthdr != target) {
+                struct ipv6_opt_hdr _hdr, *hp;
+                unsigned int hdrlen;
+                if ((!ipv6_ext_hdr(nexthdr)) || nexthdr == NEXTHDR_NONE)
+                        return -1;
+                hp = skb_header_pointer(skb, start, sizeof(_hdr), &_hdr);
+                if (hp == NULL)
+                        return -1;
+                if (nexthdr == NEXTHDR_FRAGMENT) {
+                        unsigned short _frag_off, *fp;
+                        fp = skb_header_pointer(skb,
+                                                start+offsetof(struct frag_hdr,
+                                                               frag_off),
+                                                sizeof(_frag_off),
+                                                &_frag_off);
+                        if (fp == NULL)
+                                return -1;
+                        if (ntohs(*fp) & ~0x7)
+                                return -1;
+                        hdrlen = 8;
+                } else if (nexthdr == NEXTHDR_AUTH)
+                        hdrlen = (hp->hdrlen + 2) << 2; 
+                else
+                        hdrlen = ipv6_optlen(hp); 
+                nexthdr = hp->nexthdr;
+                len -= hdrlen;
+                start += hdrlen;
+        }
+        *offset = start;
+        return 0;
+}
 EXPORT_SYMBOL(ip6t_register_table);
 EXPORT_SYMBOL(ip6t_unregister_table);
 EXPORT_SYMBOL(ip6t_do_table);
@@ -1963,6 +2014,7 @@ EXPORT_SYMBOL(ip6t_unregister_match);
 EXPORT_SYMBOL(ip6t_register_target);
 EXPORT_SYMBOL(ip6t_unregister_target);
 EXPORT_SYMBOL(ip6t_ext_hdr);
+EXPORT_SYMBOL(ipv6_find_hdr);
 module_init(init);
 module_exit(fini);
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c
index d5b94f142bba..dde37793d20b 100644
--- a/net/ipv6/netfilter/ip6t_ah.c
+++ b/net/ipv6/netfilter/ip6t_ah.c
@@ -48,92 +48,21 @@ match(const struct sk_buff *skb,
      unsigned int protoff,
      int *hotdrop)
 {
-        struct ip_auth_hdr *ah = NULL, _ah;
+        struct ip_auth_hdr *ah, _ah;
        const struct ip6t_ah *ahinfo = matchinfo;
-        unsigned int temp;
-        int len;
-        u8 nexthdr;
        unsigned int ptr;
        unsigned int hdrlen = 0;
-        /*DEBUGP("IPv6 AH entered\n");*/
+        if (ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH) < 0)
-        /* if (opt->auth == 0) return 0;
-        * It does not filled on output */
-        /* type of the 1st exthdr */
-        nexthdr = skb->nh.ipv6h->nexthdr;
-        /* pointer to the 1st exthdr */
-        ptr = sizeof(struct ipv6hdr);
-        /* available length */
-        len = skb->len - ptr;
-        temp = 0;
-        while (ip6t_ext_hdr(nexthdr)) {
-                struct ipv6_opt_hdr _hdr, *hp;
-                DEBUGP("ipv6_ah header iteration \n");
-                /* Is there enough space for the next ext header? */
-                if (len < sizeof(struct ipv6_opt_hdr))
-                        return 0;
-                /* No more exthdr -> evaluate */
-                if (nexthdr == NEXTHDR_NONE)
-                        break;
-                /* ESP -> evaluate */
-                if (nexthdr == NEXTHDR_ESP)
-                        break;
-                hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
-                BUG_ON(hp == NULL);
-                /* Calculate the header length */
-                if (nexthdr == NEXTHDR_FRAGMENT)
-                        hdrlen = 8;
-                else if (nexthdr == NEXTHDR_AUTH)
-                        hdrlen = (hp->hdrlen+2)<<2;
-                else
-                        hdrlen = ipv6_optlen(hp);
-                /* AH -> evaluate */
-                if (nexthdr == NEXTHDR_AUTH) {
-                        temp |= MASK_AH;
-                        break;
-                }
-                
-                /* set the flag */
-                switch (nexthdr) {
-                case NEXTHDR_HOP:
-                case NEXTHDR_ROUTING:
-                case NEXTHDR_FRAGMENT:
-                case NEXTHDR_AUTH:
-                case NEXTHDR_DEST:
-                        break;
-                default:
-                        DEBUGP("ipv6_ah match: unknown nextheader %u\n",nexthdr);
-                        return 0;
-                }
-                nexthdr = hp->nexthdr;
-                len -= hdrlen;
-                ptr += hdrlen;
-                if (ptr > skb->len) {
-                        DEBUGP("ipv6_ah: new pointer too large! \n");
-                        break;
-                }
-        }
-        /* AH header not found */
-        if (temp != MASK_AH)
                return 0;
-        if (len < sizeof(struct ip_auth_hdr)){
+        ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
+        if (ah == NULL) {
                *hotdrop = 1;
                return 0;
        }
-        ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
+        hdrlen = (ah->hdrlen + 2) << 2;
-        BUG_ON(ah == NULL);
        DEBUGP("IPv6 AH LEN %u %u ", hdrlen, ah->hdrlen);
        DEBUGP("RES %04X ", ah->reserved);
diff --git a/net/ipv6/netfilter/ip6t_dst.c b/net/ipv6/netfilter/ip6t_dst.c
index 540925e4a7a8..c450a635e54b 100644
--- a/net/ipv6/netfilter/ip6t_dst.c
+++ b/net/ipv6/netfilter/ip6t_dst.c
@@ -63,8 +63,6 @@ match(const struct sk_buff *skb,
       struct ipv6_opt_hdr _optsh, *oh;
       const struct ip6t_opts *optinfo = matchinfo;
       unsigned int temp;
-       unsigned int len;
-       u8 nexthdr;
       unsigned int ptr;
       unsigned int hdrlen = 0;
       unsigned int ret = 0;
@@ -72,97 +70,25 @@ match(const struct sk_buff *skb,
       u8 _optlen, *lp = NULL;
       unsigned int optlen;
       
-       /* type of the 1st exthdr */
-       nexthdr = skb->nh.ipv6h->nexthdr;
-       /* pointer to the 1st exthdr */
-       ptr = sizeof(struct ipv6hdr);
-       /* available length */
-       len = skb->len - ptr;
-       temp = 0;
-        while (ip6t_ext_hdr(nexthdr)) {
-               struct ipv6_opt_hdr _hdr, *hp;
-              DEBUGP("ipv6_opts header iteration \n");
-              /* Is there enough space for the next ext header? */
-                if (len < (int)sizeof(struct ipv6_opt_hdr))
-                        return 0;
-              /* No more exthdr -> evaluate */
-                if (nexthdr == NEXTHDR_NONE) {
-                     break;
-              }
-              /* ESP -> evaluate */
-                if (nexthdr == NEXTHDR_ESP) {
-                     break;
-              }
-              hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
-              BUG_ON(hp == NULL);
-              /* Calculate the header length */
-                if (nexthdr == NEXTHDR_FRAGMENT) {
-                        hdrlen = 8;
-                } else if (nexthdr == NEXTHDR_AUTH)
-                        hdrlen = (hp->hdrlen+2)<<2;
-                else
-                        hdrlen = ipv6_optlen(hp);
-              /* OPTS -> evaluate */
 #if HOPBYHOP
-                if (nexthdr == NEXTHDR_HOP) {
+        if (ipv6_find_hdr(skb, &ptr, NEXTHDR_HOP) < 0)
-                     temp |= MASK_HOPOPTS;
 #else
-                if (nexthdr == NEXTHDR_DEST) {
+        if (ipv6_find_hdr(skb, &ptr, NEXTHDR_DEST) < 0)
-                     temp |= MASK_DSTOPTS;
 #endif
-                     break;
+                return 0;
-              }
-              /* set the flag */
+       oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
-              switch (nexthdr){
+       if (oh == NULL){
-                     case NEXTHDR_HOP:
-                     case NEXTHDR_ROUTING:
-                     case NEXTHDR_FRAGMENT:
-                     case NEXTHDR_AUTH:
-                     case NEXTHDR_DEST:
-                            break;
-                     default:
-                            DEBUGP("ipv6_opts match: unknown nextheader %u\n",nexthdr);
-                            return 0;
-                            break;
-              }
-                nexthdr = hp->nexthdr;
-                len -= hdrlen;
-                ptr += hdrlen;
-                if ( ptr > skb->len ) {
-                        DEBUGP("ipv6_opts: new pointer is too large! \n");
-                        break;
-                }
-        }
-       /* OPTIONS header not found */
-#if HOPBYHOP
-       if ( temp != MASK_HOPOPTS ) return 0;
-#else
-       if ( temp != MASK_DSTOPTS ) return 0;
-#endif
-       if (len < (int)sizeof(struct ipv6_opt_hdr)){
               *hotdrop = 1;
                return 0;
       }
-       if (len < hdrlen){
+       hdrlen = ipv6_optlen(oh);
+       if (skb->len - ptr < hdrlen){
               /* Packet smaller than it's length field */
                return 0;
       }
-       oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
-       BUG_ON(oh == NULL);
       DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen);
       DEBUGP("len %02X %04X %02X ",
diff --git a/net/ipv6/netfilter/ip6t_esp.c b/net/ipv6/netfilter/ip6t_esp.c
index e39dd236fd8e..24bc0cde43a1 100644
--- a/net/ipv6/netfilter/ip6t_esp.c
+++ b/net/ipv6/netfilter/ip6t_esp.c
@@ -48,87 +48,22 @@ match(const struct sk_buff *skb,
      unsigned int protoff,
      int *hotdrop)
 {
-        struct ip_esp_hdr _esp, *eh = NULL;
+        struct ip_esp_hdr _esp, *eh;
        const struct ip6t_esp *espinfo = matchinfo;
-        unsigned int temp;
-        int len;
-        u8 nexthdr;
        unsigned int ptr;
        /* Make sure this isn't an evil packet */
        /*DEBUGP("ipv6_esp entered \n");*/
-        /* type of the 1st exthdr */
+        if (ipv6_find_hdr(skb, &ptr, NEXTHDR_ESP) < 0)
-        nexthdr = skb->nh.ipv6h->nexthdr;
-        /* pointer to the 1st exthdr */
-        ptr = sizeof(struct ipv6hdr);
-        /* available length */
-        len = skb->len - ptr;
-        temp = 0;
-        while (ip6t_ext_hdr(nexthdr)) {
-                struct ipv6_opt_hdr _hdr, *hp;
-                int hdrlen;
-                DEBUGP("ipv6_esp header iteration \n");
-                /* Is there enough space for the next ext header? */
-                if (len < sizeof(struct ipv6_opt_hdr))
-                        return 0;
-                /* No more exthdr -> evaluate */
-                if (nexthdr == NEXTHDR_NONE)
-                        break;
-                /* ESP -> evaluate */
-                if (nexthdr == NEXTHDR_ESP) {
-                        temp |= MASK_ESP;
-                        break;
-                }
-                hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
-                BUG_ON(hp == NULL);
-                /* Calculate the header length */
-                if (nexthdr == NEXTHDR_FRAGMENT)
-                        hdrlen = 8;
-                else if (nexthdr == NEXTHDR_AUTH)
-                        hdrlen = (hp->hdrlen+2)<<2;
-                else
-                        hdrlen = ipv6_optlen(hp);
-                /* set the flag */
-                switch (nexthdr) {
-                case NEXTHDR_HOP:
-                case NEXTHDR_ROUTING:
-                case NEXTHDR_FRAGMENT:
-                case NEXTHDR_AUTH:
-                case NEXTHDR_DEST:
-                        break;
-                default:
-                        DEBUGP("ipv6_esp match: unknown nextheader %u\n",nexthdr);
-                        return 0;
-                }
-                nexthdr = hp->nexthdr;
-                len -= hdrlen;
-                ptr += hdrlen;
-                if (ptr > skb->len) {
-                        DEBUGP("ipv6_esp: new pointer too large! \n");
-                        break;
-                }
-        }
-        /* ESP header not found */
-        if (temp != MASK_ESP)
                return 0;
-        if (len < sizeof(struct ip_esp_hdr)) {
+        eh = skb_header_pointer(skb, ptr, sizeof(_esp), &_esp);
+        if (eh == NULL) {
                *hotdrop = 1;
                return 0;
        }
-        eh = skb_header_pointer(skb, ptr, sizeof(_esp), &_esp);
-        BUG_ON(eh == NULL);
        DEBUGP("IPv6 ESP SPI %u %08X\n", ntohl(eh->spi), ntohl(eh->spi));
        return (eh != NULL)
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c
index 4bfa30a9bc80..085d5f8eea29 100644
--- a/net/ipv6/netfilter/ip6t_frag.c
+++ b/net/ipv6/netfilter/ip6t_frag.c
@@ -48,90 +48,18 @@ match(const struct sk_buff *skb,
      unsigned int protoff,
      int *hotdrop)
 {
-       struct frag_hdr _frag, *fh = NULL;
+       struct frag_hdr _frag, *fh;
       const struct ip6t_frag *fraginfo = matchinfo;
-       unsigned int temp;
-       int len;
-       u8 nexthdr;
       unsigned int ptr;
-       unsigned int hdrlen = 0;
-       /* type of the 1st exthdr */
-       nexthdr = skb->nh.ipv6h->nexthdr;
-       /* pointer to the 1st exthdr */
-       ptr = sizeof(struct ipv6hdr);
-       /* available length */
-       len = skb->len - ptr;
-       temp = 0;
-        while (ip6t_ext_hdr(nexthdr)) {
-               struct ipv6_opt_hdr _hdr, *hp;
-              DEBUGP("ipv6_frag header iteration \n");
-              /* Is there enough space for the next ext header? */
-                if (len < (int)sizeof(struct ipv6_opt_hdr))
-                        return 0;
-              /* No more exthdr -> evaluate */
-                if (nexthdr == NEXTHDR_NONE) {
-                     break;
-              }
-              /* ESP -> evaluate */
-                if (nexthdr == NEXTHDR_ESP) {
-                     break;
-              }
-              hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
-              BUG_ON(hp == NULL);
-              /* Calculate the header length */
-                if (nexthdr == NEXTHDR_FRAGMENT) {
-                        hdrlen = 8;
-                } else if (nexthdr == NEXTHDR_AUTH)
-                        hdrlen = (hp->hdrlen+2)<<2;
-                else
-                        hdrlen = ipv6_optlen(hp);
-              /* FRAG -> evaluate */
-                if (nexthdr == NEXTHDR_FRAGMENT) {
-                     temp |= MASK_FRAGMENT;
-                     break;
-              }
-              /* set the flag */
-              switch (nexthdr){
-                     case NEXTHDR_HOP:
-                     case NEXTHDR_ROUTING:
-                     case NEXTHDR_FRAGMENT:
-                     case NEXTHDR_AUTH:
-                     case NEXTHDR_DEST:
-                            break;
-                     default:
-                            DEBUGP("ipv6_frag match: unknown nextheader %u\n",nexthdr);
-                            return 0;
-                            break;
-              }
-                nexthdr = hp->nexthdr;
-                len -= hdrlen;
-                ptr += hdrlen;
-                if ( ptr > skb->len ) {
-                        DEBUGP("ipv6_frag: new pointer too large! \n");
-                        break;
-                }
-        }
-       /* FRAG header not found */
-       if ( temp != MASK_FRAGMENT ) return 0;
-       if (len < sizeof(struct frag_hdr)){
-               *hotdrop = 1;
-                return 0;
-       }
-       fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag);
+        if (ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT) < 0)
-       BUG_ON(fh == NULL);
+                return 0;
+        fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag);
+        if (fh == NULL){
+                *hotdrop = 1;
+                return 0;
+        }
       DEBUGP("INFO %04X ", fh->frag_off);
       DEBUGP("OFFSET %04X ", ntohs(fh->frag_off) & ~0x7);
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c
index 27f3650d127e..1d09485111d0 100644
--- a/net/ipv6/netfilter/ip6t_hbh.c
+++ b/net/ipv6/netfilter/ip6t_hbh.c
@@ -63,8 +63,6 @@ match(const struct sk_buff *skb,
       struct ipv6_opt_hdr _optsh, *oh;
       const struct ip6t_opts *optinfo = matchinfo;
       unsigned int temp;
-       unsigned int len;
-       u8 nexthdr;
       unsigned int ptr;
       unsigned int hdrlen = 0;
       unsigned int ret = 0;
@@ -72,97 +70,25 @@ match(const struct sk_buff *skb,
       u8 _optlen, *lp = NULL;
       unsigned int optlen;
       
-       /* type of the 1st exthdr */
-       nexthdr = skb->nh.ipv6h->nexthdr;
-       /* pointer to the 1st exthdr */
-       ptr = sizeof(struct ipv6hdr);
-       /* available length */
-       len = skb->len - ptr;
-       temp = 0;
-        while (ip6t_ext_hdr(nexthdr)) {
-               struct ipv6_opt_hdr _hdr, *hp;
-              DEBUGP("ipv6_opts header iteration \n");
-              /* Is there enough space for the next ext header? */
-                if (len < (int)sizeof(struct ipv6_opt_hdr))
-                        return 0;
-              /* No more exthdr -> evaluate */
-                if (nexthdr == NEXTHDR_NONE) {
-                     break;
-              }
-              /* ESP -> evaluate */
-                if (nexthdr == NEXTHDR_ESP) {
-                     break;
-              }
-              hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
-              BUG_ON(hp == NULL);
-              /* Calculate the header length */
-                if (nexthdr == NEXTHDR_FRAGMENT) {
-                        hdrlen = 8;
-                } else if (nexthdr == NEXTHDR_AUTH)
-                        hdrlen = (hp->hdrlen+2)<<2;
-                else
-                        hdrlen = ipv6_optlen(hp);
-              /* OPTS -> evaluate */
 #if HOPBYHOP
-                if (nexthdr == NEXTHDR_HOP) {
+        if (ipv6_find_hdr(skb, &ptr, NEXTHDR_HOP) < 0)
-                     temp |= MASK_HOPOPTS;
 #else
-                if (nexthdr == NEXTHDR_DEST) {
+        if (ipv6_find_hdr(skb, &ptr, NEXTHDR_DEST) < 0)
-                     temp |= MASK_DSTOPTS;
 #endif
-                     break;
+                return 0;
-              }
-              /* set the flag */
+       oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
-              switch (nexthdr){
+       if (oh == NULL){
-                     case NEXTHDR_HOP:
-                     case NEXTHDR_ROUTING:
-                     case NEXTHDR_FRAGMENT:
-                     case NEXTHDR_AUTH:
-                     case NEXTHDR_DEST:
-                            break;
-                     default:
-                            DEBUGP("ipv6_opts match: unknown nextheader %u\n",nexthdr);
-                            return 0;
-                            break;
-              }
-                nexthdr = hp->nexthdr;
-                len -= hdrlen;
-                ptr += hdrlen;
-                if ( ptr > skb->len ) {
-                        DEBUGP("ipv6_opts: new pointer is too large! \n");
-                        break;
-                }
-        }
-       /* OPTIONS header not found */
-#if HOPBYHOP
-       if ( temp != MASK_HOPOPTS ) return 0;
-#else
-       if ( temp != MASK_DSTOPTS ) return 0;
-#endif
-       if (len < (int)sizeof(struct ipv6_opt_hdr)){
               *hotdrop = 1;
                return 0;
       }
-       if (len < hdrlen){
+       hdrlen = ipv6_optlen(oh);
+       if (skb->len - ptr < hdrlen){
               /* Packet smaller than it's length field */
                return 0;
       }
-       oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
-       BUG_ON(oh == NULL);
       DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen);
       DEBUGP("len %02X %04X %02X ",
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c
index 2bb670037df3..beb2fd5cebbb 100644
--- a/net/ipv6/netfilter/ip6t_rt.c
+++ b/net/ipv6/netfilter/ip6t_rt.c
@@ -50,98 +50,29 @@ match(const struct sk_buff *skb,
      unsigned int protoff,
      int *hotdrop)
 {
-       struct ipv6_rt_hdr _route, *rh = NULL;
+       struct ipv6_rt_hdr _route, *rh;
       const struct ip6t_rt *rtinfo = matchinfo;
       unsigned int temp;
-       unsigned int len;
-       u8 nexthdr;
       unsigned int ptr;
       unsigned int hdrlen = 0;
       unsigned int ret = 0;
       struct in6_addr *ap, _addr;
-       /* type of the 1st exthdr */
+        if (ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING) < 0)
-       nexthdr = skb->nh.ipv6h->nexthdr;
+                return 0;
-       /* pointer to the 1st exthdr */
-       ptr = sizeof(struct ipv6hdr);
-       /* available length */
-       len = skb->len - ptr;
-       temp = 0;
-        while (ip6t_ext_hdr(nexthdr)) {
+       rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route);
-               struct ipv6_opt_hdr _hdr, *hp;
+       if (rh == NULL){
-              DEBUGP("ipv6_rt header iteration \n");
-              /* Is there enough space for the next ext header? */
-                if (len < (int)sizeof(struct ipv6_opt_hdr))
-                        return 0;
-              /* No more exthdr -> evaluate */
-                if (nexthdr == NEXTHDR_NONE) {
-                     break;
-              }
-              /* ESP -> evaluate */
-                if (nexthdr == NEXTHDR_ESP) {
-                     break;
-              }
-              hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
-              BUG_ON(hp == NULL);
-              /* Calculate the header length */
-                if (nexthdr == NEXTHDR_FRAGMENT) {
-                        hdrlen = 8;
-                } else if (nexthdr == NEXTHDR_AUTH)
-                        hdrlen = (hp->hdrlen+2)<<2;
-                else
-                        hdrlen = ipv6_optlen(hp);
-              /* ROUTING -> evaluate */
-                if (nexthdr == NEXTHDR_ROUTING) {
-                     temp |= MASK_ROUTING;
-                     break;
-              }
-              /* set the flag */
-              switch (nexthdr){
-                     case NEXTHDR_HOP:
-                     case NEXTHDR_ROUTING:
-                     case NEXTHDR_FRAGMENT:
-                     case NEXTHDR_AUTH:
-                     case NEXTHDR_DEST:
-                            break;
-                     default:
-                            DEBUGP("ipv6_rt match: unknown nextheader %u\n",nexthdr);
-                            return 0;
-                            break;
-              }
-                nexthdr = hp->nexthdr;
-                len -= hdrlen;
-                ptr += hdrlen;
-                if ( ptr > skb->len ) {
-                        DEBUGP("ipv6_rt: new pointer is too large! \n");
-                        break;
-                }
-        }
-       /* ROUTING header not found */
-       if ( temp != MASK_ROUTING ) return 0;
-       if (len < (int)sizeof(struct ipv6_rt_hdr)){
               *hotdrop = 1;
                return 0;
       }
-       if (len < hdrlen){
+       hdrlen = ipv6_optlen(rh);
+       if (skb->len - ptr < hdrlen){
               /* Pcket smaller than its length field */
                return 0;
       }
-       rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route);
-       BUG_ON(rh == NULL);
       DEBUGP("IPv6 RT LEN %u %u ", hdrlen, rh->hdrlen);
       DEBUGP("TYPE %04X ", rh->type);
       DEBUGP("SGS_LEFT %u %02X\n", rh->segments_left, rh->segments_left);
author	Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>	2005-09-19 18:34:40 -0400
committer	David S. Miller <davem@davemloft.net>	2005-09-19 18:34:40 -0400
commit	e674d0f38de6109b59dbe30fba8b296a03229b8e (patch)
tree	459271f7cef6319dfa7ca9ab050269c98e551994 /net
parent	926b50f92a30090da2c1a8675de954c2d9b09732 (diff)

diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 1cb8adb2787f..2da514b16d95 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c
@@ -1955,6 +1955,57 @@ static void __exit fini(void)
1955	#endif	1955	#endif
1956	}	1956	}
1957		1957
		1958	/*
		1959	* find specified header up to transport protocol header.
		1960	* If found target header, the offset to the header is set to *offset
		1961	* and return 0. otherwise, return -1.
		1962	*
		1963	* Notes: - non-1st Fragment Header isn't skipped.
		1964	* - ESP header isn't skipped.
		1965	* - The target header may be trancated.
		1966	*/
		1967	int ipv6_find_hdr(const struct sk_buff skb, unsigned int offset, u8 target)
		1968	{
		1969	unsigned int start = (u8*)(skb->nh.ipv6h + 1) - skb->data;
		1970	u8 nexthdr = skb->nh.ipv6h->nexthdr;
		1971	unsigned int len = skb->len - start;
		1972
		1973	while (nexthdr != target) {
		1974	struct ipv6_opt_hdr _hdr, *hp;
		1975	unsigned int hdrlen;
		1976
		1977	if ((!ipv6_ext_hdr(nexthdr)) \|\| nexthdr == NEXTHDR_NONE)
		1978	return -1;
		1979	hp = skb_header_pointer(skb, start, sizeof(_hdr), &_hdr);
		1980	if (hp == NULL)
		1981	return -1;
		1982	if (nexthdr == NEXTHDR_FRAGMENT) {
		1983	unsigned short _frag_off, *fp;
		1984	fp = skb_header_pointer(skb,
		1985	start+offsetof(struct frag_hdr,
		1986	frag_off),
		1987	sizeof(_frag_off),
		1988	&_frag_off);
		1989	if (fp == NULL)
		1990	return -1;
		1991
		1992	if (ntohs(*fp) & ~0x7)
		1993	return -1;
		1994	hdrlen = 8;
		1995	} else if (nexthdr == NEXTHDR_AUTH)
		1996	hdrlen = (hp->hdrlen + 2) << 2;
		1997	else
		1998	hdrlen = ipv6_optlen(hp);
		1999
		2000	nexthdr = hp->nexthdr;
		2001	len -= hdrlen;
		2002	start += hdrlen;
		2003	}
		2004
		2005	*offset = start;
		2006	return 0;
		2007	}
		2008
1958	EXPORT_SYMBOL(ip6t_register_table);	2009	EXPORT_SYMBOL(ip6t_register_table);
1959	EXPORT_SYMBOL(ip6t_unregister_table);	2010	EXPORT_SYMBOL(ip6t_unregister_table);
1960	EXPORT_SYMBOL(ip6t_do_table);	2011	EXPORT_SYMBOL(ip6t_do_table);
@@ -1963,6 +2014,7 @@ EXPORT_SYMBOL(ip6t_unregister_match);
1963	EXPORT_SYMBOL(ip6t_register_target);	2014	EXPORT_SYMBOL(ip6t_register_target);
1964	EXPORT_SYMBOL(ip6t_unregister_target);	2015	EXPORT_SYMBOL(ip6t_unregister_target);
1965	EXPORT_SYMBOL(ip6t_ext_hdr);	2016	EXPORT_SYMBOL(ip6t_ext_hdr);
		2017	EXPORT_SYMBOL(ipv6_find_hdr);
1966		2018
1967	module_init(init);	2019	module_init(init);
1968	module_exit(fini);	2020	module_exit(fini);


diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c index d5b94f142bba..dde37793d20b 100644 --- a/net/ipv6/netfilter/ip6t_ah.c +++ b/net/ipv6/netfilter/ip6t_ah.c
@@ -48,92 +48,21 @@ match(const struct sk_buff *skb,
48	unsigned int protoff,	48	unsigned int protoff,
49	int *hotdrop)	49	int *hotdrop)
50	{	50	{
51	struct ip_auth_hdr *ah = NULL, _ah;	51	struct ip_auth_hdr *ah, _ah;
52	const struct ip6t_ah *ahinfo = matchinfo;	52	const struct ip6t_ah *ahinfo = matchinfo;
53	unsigned int temp;
54	int len;
55	u8 nexthdr;
56	unsigned int ptr;	53	unsigned int ptr;
57	unsigned int hdrlen = 0;	54	unsigned int hdrlen = 0;
58		55
59	/DEBUGP("IPv6 AH entered\n");/	56	if (ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH) < 0)
60	/* if (opt->auth == 0) return 0;
61	* It does not filled on output */
62
63	/* type of the 1st exthdr */
64	nexthdr = skb->nh.ipv6h->nexthdr;
65	/* pointer to the 1st exthdr */
66	ptr = sizeof(struct ipv6hdr);
67	/* available length */
68	len = skb->len - ptr;
69	temp = 0;
70
71	while (ip6t_ext_hdr(nexthdr)) {
72	struct ipv6_opt_hdr _hdr, *hp;
73
74	DEBUGP("ipv6_ah header iteration \n");
75
76	/* Is there enough space for the next ext header? */
77	if (len < sizeof(struct ipv6_opt_hdr))
78	return 0;
79	/* No more exthdr -> evaluate */
80	if (nexthdr == NEXTHDR_NONE)
81	break;
82	/* ESP -> evaluate */
83	if (nexthdr == NEXTHDR_ESP)
84	break;
85
86	hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
87	BUG_ON(hp == NULL);
88
89	/* Calculate the header length */
90	if (nexthdr == NEXTHDR_FRAGMENT)
91	hdrlen = 8;
92	else if (nexthdr == NEXTHDR_AUTH)
93	hdrlen = (hp->hdrlen+2)<<2;
94	else
95	hdrlen = ipv6_optlen(hp);
96
97	/* AH -> evaluate */
98	if (nexthdr == NEXTHDR_AUTH) {
99	temp \|= MASK_AH;
100	break;
101	}
102
103
104	/* set the flag */
105	switch (nexthdr) {
106	case NEXTHDR_HOP:
107	case NEXTHDR_ROUTING:
108	case NEXTHDR_FRAGMENT:
109	case NEXTHDR_AUTH:
110	case NEXTHDR_DEST:
111	break;
112	default:
113	DEBUGP("ipv6_ah match: unknown nextheader %u\n",nexthdr);
114	return 0;
115	}
116
117	nexthdr = hp->nexthdr;
118	len -= hdrlen;
119	ptr += hdrlen;
120	if (ptr > skb->len) {
121	DEBUGP("ipv6_ah: new pointer too large! \n");
122	break;
123	}
124	}
125
126	/* AH header not found */
127	if (temp != MASK_AH)
128	return 0;	57	return 0;
129		58
130	if (len < sizeof(struct ip_auth_hdr)){	59	ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
		60	if (ah == NULL) {
131	*hotdrop = 1;	61	*hotdrop = 1;
132	return 0;	62	return 0;
133	}	63	}
134		64
135	ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);	65	hdrlen = (ah->hdrlen + 2) << 2;
136	BUG_ON(ah == NULL);
137		66
138	DEBUGP("IPv6 AH LEN %u %u ", hdrlen, ah->hdrlen);	67	DEBUGP("IPv6 AH LEN %u %u ", hdrlen, ah->hdrlen);
139	DEBUGP("RES %04X ", ah->reserved);	68	DEBUGP("RES %04X ", ah->reserved);


diff --git a/net/ipv6/netfilter/ip6t_dst.c b/net/ipv6/netfilter/ip6t_dst.c index 540925e4a7a8..c450a635e54b 100644 --- a/net/ipv6/netfilter/ip6t_dst.c +++ b/net/ipv6/netfilter/ip6t_dst.c
@@ -63,8 +63,6 @@ match(const struct sk_buff *skb,
63	struct ipv6_opt_hdr _optsh, *oh;	63	struct ipv6_opt_hdr _optsh, *oh;
64	const struct ip6t_opts *optinfo = matchinfo;	64	const struct ip6t_opts *optinfo = matchinfo;
65	unsigned int temp;	65	unsigned int temp;
66	unsigned int len;
67	u8 nexthdr;
68	unsigned int ptr;	66	unsigned int ptr;
69	unsigned int hdrlen = 0;	67	unsigned int hdrlen = 0;
70	unsigned int ret = 0;	68	unsigned int ret = 0;
@@ -72,97 +70,25 @@ match(const struct sk_buff *skb,
72	u8 _optlen, *lp = NULL;	70	u8 _optlen, *lp = NULL;
73	unsigned int optlen;	71	unsigned int optlen;
74		72
75	/* type of the 1st exthdr */
76	nexthdr = skb->nh.ipv6h->nexthdr;
77	/* pointer to the 1st exthdr */
78	ptr = sizeof(struct ipv6hdr);
79	/* available length */
80	len = skb->len - ptr;
81	temp = 0;
82
83	while (ip6t_ext_hdr(nexthdr)) {
84	struct ipv6_opt_hdr _hdr, *hp;
85
86	DEBUGP("ipv6_opts header iteration \n");
87
88	/* Is there enough space for the next ext header? */
89	if (len < (int)sizeof(struct ipv6_opt_hdr))
90	return 0;
91	/* No more exthdr -> evaluate */
92	if (nexthdr == NEXTHDR_NONE) {
93	break;
94	}
95	/* ESP -> evaluate */
96	if (nexthdr == NEXTHDR_ESP) {
97	break;
98	}
99
100	hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
101	BUG_ON(hp == NULL);
102
103	/* Calculate the header length */
104	if (nexthdr == NEXTHDR_FRAGMENT) {
105	hdrlen = 8;
106	} else if (nexthdr == NEXTHDR_AUTH)
107	hdrlen = (hp->hdrlen+2)<<2;
108	else
109	hdrlen = ipv6_optlen(hp);
110
111	/* OPTS -> evaluate */
112	#if HOPBYHOP	73	#if HOPBYHOP
113	if (nexthdr == NEXTHDR_HOP) {	74	if (ipv6_find_hdr(skb, &ptr, NEXTHDR_HOP) < 0)
114	temp \|= MASK_HOPOPTS;
115	#else	75	#else
116	if (nexthdr == NEXTHDR_DEST) {	76	if (ipv6_find_hdr(skb, &ptr, NEXTHDR_DEST) < 0)
117	temp \|= MASK_DSTOPTS;
118	#endif	77	#endif
119	break;	78	return 0;
120	}
121
122		79
123	/* set the flag */	80	oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
124	switch (nexthdr){	81	if (oh == NULL){
125	case NEXTHDR_HOP:
126	case NEXTHDR_ROUTING:
127	case NEXTHDR_FRAGMENT:
128	case NEXTHDR_AUTH:
129	case NEXTHDR_DEST:
130	break;
131	default:
132	DEBUGP("ipv6_opts match: unknown nextheader %u\n",nexthdr);
133	return 0;
134	break;
135	}
136
137	nexthdr = hp->nexthdr;
138	len -= hdrlen;
139	ptr += hdrlen;
140	if ( ptr > skb->len ) {
141	DEBUGP("ipv6_opts: new pointer is too large! \n");
142	break;
143	}
144	}
145
146	/* OPTIONS header not found */
147	#if HOPBYHOP
148	if ( temp != MASK_HOPOPTS ) return 0;
149	#else
150	if ( temp != MASK_DSTOPTS ) return 0;
151	#endif
152
153	if (len < (int)sizeof(struct ipv6_opt_hdr)){
154	*hotdrop = 1;	82	*hotdrop = 1;
155	return 0;	83	return 0;
156	}	84	}
157		85
158	if (len < hdrlen){	86	hdrlen = ipv6_optlen(oh);
		87	if (skb->len - ptr < hdrlen){
159	/* Packet smaller than it's length field */	88	/* Packet smaller than it's length field */
160	return 0;	89	return 0;
161	}	90	}
162		91
163	oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
164	BUG_ON(oh == NULL);
165
166	DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen);	92	DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen);
167		93
168	DEBUGP("len %02X %04X %02X ",	94	DEBUGP("len %02X %04X %02X ",


diff --git a/net/ipv6/netfilter/ip6t_esp.c b/net/ipv6/netfilter/ip6t_esp.c index e39dd236fd8e..24bc0cde43a1 100644 --- a/net/ipv6/netfilter/ip6t_esp.c +++ b/net/ipv6/netfilter/ip6t_esp.c
@@ -48,87 +48,22 @@ match(const struct sk_buff *skb,
48	unsigned int protoff,	48	unsigned int protoff,
49	int *hotdrop)	49	int *hotdrop)
50	{	50	{
51	struct ip_esp_hdr _esp, *eh = NULL;	51	struct ip_esp_hdr _esp, *eh;
52	const struct ip6t_esp *espinfo = matchinfo;	52	const struct ip6t_esp *espinfo = matchinfo;
53	unsigned int temp;
54	int len;
55	u8 nexthdr;
56	unsigned int ptr;	53	unsigned int ptr;
57		54
58	/* Make sure this isn't an evil packet */	55	/* Make sure this isn't an evil packet */
59	/DEBUGP("ipv6_esp entered \n");/	56	/DEBUGP("ipv6_esp entered \n");/
60		57
61	/* type of the 1st exthdr */	58	if (ipv6_find_hdr(skb, &ptr, NEXTHDR_ESP) < 0)
62	nexthdr = skb->nh.ipv6h->nexthdr;
63	/* pointer to the 1st exthdr */
64	ptr = sizeof(struct ipv6hdr);
65	/* available length */
66	len = skb->len - ptr;
67	temp = 0;
68
69	while (ip6t_ext_hdr(nexthdr)) {
70	struct ipv6_opt_hdr _hdr, *hp;
71	int hdrlen;
72
73	DEBUGP("ipv6_esp header iteration \n");
74
75	/* Is there enough space for the next ext header? */
76	if (len < sizeof(struct ipv6_opt_hdr))
77	return 0;
78	/* No more exthdr -> evaluate */
79	if (nexthdr == NEXTHDR_NONE)
80	break;
81	/* ESP -> evaluate */
82	if (nexthdr == NEXTHDR_ESP) {
83	temp \|= MASK_ESP;
84	break;
85	}
86
87	hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
88	BUG_ON(hp == NULL);
89
90	/* Calculate the header length */
91	if (nexthdr == NEXTHDR_FRAGMENT)
92	hdrlen = 8;
93	else if (nexthdr == NEXTHDR_AUTH)
94	hdrlen = (hp->hdrlen+2)<<2;
95	else
96	hdrlen = ipv6_optlen(hp);
97
98	/* set the flag */
99	switch (nexthdr) {
100	case NEXTHDR_HOP:
101	case NEXTHDR_ROUTING:
102	case NEXTHDR_FRAGMENT:
103	case NEXTHDR_AUTH:
104	case NEXTHDR_DEST:
105	break;
106	default:
107	DEBUGP("ipv6_esp match: unknown nextheader %u\n",nexthdr);
108	return 0;
109	}
110
111	nexthdr = hp->nexthdr;
112	len -= hdrlen;
113	ptr += hdrlen;
114	if (ptr > skb->len) {
115	DEBUGP("ipv6_esp: new pointer too large! \n");
116	break;
117	}
118	}
119
120	/* ESP header not found */
121	if (temp != MASK_ESP)
122	return 0;	59	return 0;
123		60
124	if (len < sizeof(struct ip_esp_hdr)) {	61	eh = skb_header_pointer(skb, ptr, sizeof(_esp), &_esp);
		62	if (eh == NULL) {
125	*hotdrop = 1;	63	*hotdrop = 1;
126	return 0;	64	return 0;
127	}	65	}
128		66
129	eh = skb_header_pointer(skb, ptr, sizeof(_esp), &_esp);
130	BUG_ON(eh == NULL);
131
132	DEBUGP("IPv6 ESP SPI %u %08X\n", ntohl(eh->spi), ntohl(eh->spi));	67	DEBUGP("IPv6 ESP SPI %u %08X\n", ntohl(eh->spi), ntohl(eh->spi));
133		68
134	return (eh != NULL)	69	return (eh != NULL)


diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c index 4bfa30a9bc80..085d5f8eea29 100644 --- a/net/ipv6/netfilter/ip6t_frag.c +++ b/net/ipv6/netfilter/ip6t_frag.c
@@ -48,90 +48,18 @@ match(const struct sk_buff *skb,
48	unsigned int protoff,	48	unsigned int protoff,
49	int *hotdrop)	49	int *hotdrop)
50	{	50	{
51	struct frag_hdr _frag, *fh = NULL;	51	struct frag_hdr _frag, *fh;
52	const struct ip6t_frag *fraginfo = matchinfo;	52	const struct ip6t_frag *fraginfo = matchinfo;
53	unsigned int temp;
54	int len;
55	u8 nexthdr;
56	unsigned int ptr;	53	unsigned int ptr;
57	unsigned int hdrlen = 0;
58
59	/* type of the 1st exthdr */
60	nexthdr = skb->nh.ipv6h->nexthdr;
61	/* pointer to the 1st exthdr */
62	ptr = sizeof(struct ipv6hdr);
63	/* available length */
64	len = skb->len - ptr;
65	temp = 0;
66
67	while (ip6t_ext_hdr(nexthdr)) {
68	struct ipv6_opt_hdr _hdr, *hp;
69
70	DEBUGP("ipv6_frag header iteration \n");
71
72	/* Is there enough space for the next ext header? */
73	if (len < (int)sizeof(struct ipv6_opt_hdr))
74	return 0;
75	/* No more exthdr -> evaluate */
76	if (nexthdr == NEXTHDR_NONE) {
77	break;
78	}
79	/* ESP -> evaluate */
80	if (nexthdr == NEXTHDR_ESP) {
81	break;
82	}
83
84	hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
85	BUG_ON(hp == NULL);
86
87	/* Calculate the header length */
88	if (nexthdr == NEXTHDR_FRAGMENT) {
89	hdrlen = 8;
90	} else if (nexthdr == NEXTHDR_AUTH)
91	hdrlen = (hp->hdrlen+2)<<2;
92	else
93	hdrlen = ipv6_optlen(hp);
94
95	/* FRAG -> evaluate */
96	if (nexthdr == NEXTHDR_FRAGMENT) {
97	temp \|= MASK_FRAGMENT;
98	break;
99	}
100
101
102	/* set the flag */
103	switch (nexthdr){
104	case NEXTHDR_HOP:
105	case NEXTHDR_ROUTING:
106	case NEXTHDR_FRAGMENT:
107	case NEXTHDR_AUTH:
108	case NEXTHDR_DEST:
109	break;
110	default:
111	DEBUGP("ipv6_frag match: unknown nextheader %u\n",nexthdr);
112	return 0;
113	break;
114	}
115
116	nexthdr = hp->nexthdr;
117	len -= hdrlen;
118	ptr += hdrlen;
119	if ( ptr > skb->len ) {
120	DEBUGP("ipv6_frag: new pointer too large! \n");
121	break;
122	}
123	}
124
125	/* FRAG header not found */
126	if ( temp != MASK_FRAGMENT ) return 0;
127
128	if (len < sizeof(struct frag_hdr)){
129	*hotdrop = 1;
130	return 0;
131	}
132		54
133	fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag);	55	if (ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT) < 0)
134	BUG_ON(fh == NULL);	56	return 0;
		57
		58	fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag);
		59	if (fh == NULL){
		60	*hotdrop = 1;
		61	return 0;
		62	}
135		63
136	DEBUGP("INFO %04X ", fh->frag_off);	64	DEBUGP("INFO %04X ", fh->frag_off);
137	DEBUGP("OFFSET %04X ", ntohs(fh->frag_off) & ~0x7);	65	DEBUGP("OFFSET %04X ", ntohs(fh->frag_off) & ~0x7);


diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c index 27f3650d127e..1d09485111d0 100644 --- a/net/ipv6/netfilter/ip6t_hbh.c +++ b/net/ipv6/netfilter/ip6t_hbh.c
@@ -63,8 +63,6 @@ match(const struct sk_buff *skb,
63	struct ipv6_opt_hdr _optsh, *oh;	63	struct ipv6_opt_hdr _optsh, *oh;
64	const struct ip6t_opts *optinfo = matchinfo;	64	const struct ip6t_opts *optinfo = matchinfo;
65	unsigned int temp;	65	unsigned int temp;
66	unsigned int len;
67	u8 nexthdr;
68	unsigned int ptr;	66	unsigned int ptr;
69	unsigned int hdrlen = 0;	67	unsigned int hdrlen = 0;
70	unsigned int ret = 0;	68	unsigned int ret = 0;
@@ -72,97 +70,25 @@ match(const struct sk_buff *skb,
72	u8 _optlen, *lp = NULL;	70	u8 _optlen, *lp = NULL;
73	unsigned int optlen;	71	unsigned int optlen;
74		72
75	/* type of the 1st exthdr */
76	nexthdr = skb->nh.ipv6h->nexthdr;
77	/* pointer to the 1st exthdr */
78	ptr = sizeof(struct ipv6hdr);
79	/* available length */
80	len = skb->len - ptr;
81	temp = 0;
82
83	while (ip6t_ext_hdr(nexthdr)) {
84	struct ipv6_opt_hdr _hdr, *hp;
85
86	DEBUGP("ipv6_opts header iteration \n");
87
88	/* Is there enough space for the next ext header? */
89	if (len < (int)sizeof(struct ipv6_opt_hdr))
90	return 0;
91	/* No more exthdr -> evaluate */
92	if (nexthdr == NEXTHDR_NONE) {
93	break;
94	}
95	/* ESP -> evaluate */
96	if (nexthdr == NEXTHDR_ESP) {
97	break;
98	}
99
100	hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
101	BUG_ON(hp == NULL);
102
103	/* Calculate the header length */
104	if (nexthdr == NEXTHDR_FRAGMENT) {
105	hdrlen = 8;
106	} else if (nexthdr == NEXTHDR_AUTH)
107	hdrlen = (hp->hdrlen+2)<<2;
108	else
109	hdrlen = ipv6_optlen(hp);
110
111	/* OPTS -> evaluate */
112	#if HOPBYHOP	73	#if HOPBYHOP
113	if (nexthdr == NEXTHDR_HOP) {	74	if (ipv6_find_hdr(skb, &ptr, NEXTHDR_HOP) < 0)
114	temp \|= MASK_HOPOPTS;
115	#else	75	#else
116	if (nexthdr == NEXTHDR_DEST) {	76	if (ipv6_find_hdr(skb, &ptr, NEXTHDR_DEST) < 0)
117	temp \|= MASK_DSTOPTS;
118	#endif	77	#endif
119	break;	78	return 0;
120	}
121
122		79
123	/* set the flag */	80	oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
124	switch (nexthdr){	81	if (oh == NULL){
125	case NEXTHDR_HOP:
126	case NEXTHDR_ROUTING:
127	case NEXTHDR_FRAGMENT:
128	case NEXTHDR_AUTH:
129	case NEXTHDR_DEST:
130	break;
131	default:
132	DEBUGP("ipv6_opts match: unknown nextheader %u\n",nexthdr);
133	return 0;
134	break;
135	}
136
137	nexthdr = hp->nexthdr;
138	len -= hdrlen;
139	ptr += hdrlen;
140	if ( ptr > skb->len ) {
141	DEBUGP("ipv6_opts: new pointer is too large! \n");
142	break;
143	}
144	}
145
146	/* OPTIONS header not found */
147	#if HOPBYHOP
148	if ( temp != MASK_HOPOPTS ) return 0;
149	#else
150	if ( temp != MASK_DSTOPTS ) return 0;
151	#endif
152
153	if (len < (int)sizeof(struct ipv6_opt_hdr)){
154	*hotdrop = 1;	82	*hotdrop = 1;
155	return 0;	83	return 0;
156	}	84	}
157		85
158	if (len < hdrlen){	86	hdrlen = ipv6_optlen(oh);
		87	if (skb->len - ptr < hdrlen){
159	/* Packet smaller than it's length field */	88	/* Packet smaller than it's length field */
160	return 0;	89	return 0;
161	}	90	}
162		91
163	oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
164	BUG_ON(oh == NULL);
165
166	DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen);	92	DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen);
167		93
168	DEBUGP("len %02X %04X %02X ",	94	DEBUGP("len %02X %04X %02X ",


diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c index 2bb670037df3..beb2fd5cebbb 100644 --- a/net/ipv6/netfilter/ip6t_rt.c +++ b/net/ipv6/netfilter/ip6t_rt.c
@@ -50,98 +50,29 @@ match(const struct sk_buff *skb,
50	unsigned int protoff,	50	unsigned int protoff,
51	int *hotdrop)	51	int *hotdrop)
52	{	52	{
53	struct ipv6_rt_hdr _route, *rh = NULL;	53	struct ipv6_rt_hdr _route, *rh;
54	const struct ip6t_rt *rtinfo = matchinfo;	54	const struct ip6t_rt *rtinfo = matchinfo;
55	unsigned int temp;	55	unsigned int temp;
56	unsigned int len;
57	u8 nexthdr;
58	unsigned int ptr;	56	unsigned int ptr;
59	unsigned int hdrlen = 0;	57	unsigned int hdrlen = 0;
60	unsigned int ret = 0;	58	unsigned int ret = 0;
61	struct in6_addr *ap, _addr;	59	struct in6_addr *ap, _addr;
62		60
63	/* type of the 1st exthdr */	61	if (ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING) < 0)
64	nexthdr = skb->nh.ipv6h->nexthdr;	62	return 0;
65	/* pointer to the 1st exthdr */
66	ptr = sizeof(struct ipv6hdr);
67	/* available length */
68	len = skb->len - ptr;
69	temp = 0;
70		63
71	while (ip6t_ext_hdr(nexthdr)) {	64	rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route);
72	struct ipv6_opt_hdr _hdr, *hp;	65	if (rh == NULL){
73
74	DEBUGP("ipv6_rt header iteration \n");
75
76	/* Is there enough space for the next ext header? */
77	if (len < (int)sizeof(struct ipv6_opt_hdr))
78	return 0;
79	/* No more exthdr -> evaluate */
80	if (nexthdr == NEXTHDR_NONE) {
81	break;
82	}
83	/* ESP -> evaluate */
84	if (nexthdr == NEXTHDR_ESP) {
85	break;
86	}
87
88	hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
89	BUG_ON(hp == NULL);
90
91	/* Calculate the header length */
92	if (nexthdr == NEXTHDR_FRAGMENT) {
93	hdrlen = 8;
94	} else if (nexthdr == NEXTHDR_AUTH)
95	hdrlen = (hp->hdrlen+2)<<2;
96	else
97	hdrlen = ipv6_optlen(hp);
98
99	/* ROUTING -> evaluate */
100	if (nexthdr == NEXTHDR_ROUTING) {
101	temp \|= MASK_ROUTING;
102	break;
103	}
104
105
106	/* set the flag */
107	switch (nexthdr){
108	case NEXTHDR_HOP:
109	case NEXTHDR_ROUTING:
110	case NEXTHDR_FRAGMENT:
111	case NEXTHDR_AUTH:
112	case NEXTHDR_DEST:
113	break;
114	default:
115	DEBUGP("ipv6_rt match: unknown nextheader %u\n",nexthdr);
116	return 0;
117	break;
118	}
119
120	nexthdr = hp->nexthdr;
121	len -= hdrlen;
122	ptr += hdrlen;
123	if ( ptr > skb->len ) {
124	DEBUGP("ipv6_rt: new pointer is too large! \n");
125	break;
126	}
127	}
128
129	/* ROUTING header not found */
130	if ( temp != MASK_ROUTING ) return 0;
131
132	if (len < (int)sizeof(struct ipv6_rt_hdr)){
133	*hotdrop = 1;	66	*hotdrop = 1;
134	return 0;	67	return 0;
135	}	68	}
136		69
137	if (len < hdrlen){	70	hdrlen = ipv6_optlen(rh);
		71	if (skb->len - ptr < hdrlen){
138	/* Pcket smaller than its length field */	72	/* Pcket smaller than its length field */
139	return 0;	73	return 0;
140	}	74	}
141		75
142	rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route);
143	BUG_ON(rh == NULL);
144
145	DEBUGP("IPv6 RT LEN %u %u ", hdrlen, rh->hdrlen);	76	DEBUGP("IPv6 RT LEN %u %u ", hdrlen, rh->hdrlen);
146	DEBUGP("TYPE %04X ", rh->type);	77	DEBUGP("TYPE %04X ", rh->type);
147	DEBUGP("SGS_LEFT %u %02X\n", rh->segments_left, rh->segments_left);	78	DEBUGP("SGS_LEFT %u %02X\n", rh->segments_left, rh->segments_left);