diff options
-rw-r--r-- | include/net/ipv6.h | 12 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 22 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_policy.c | 3 |
3 files changed, 18 insertions, 19 deletions
diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 3b1d963d396c..c893a1ce4b39 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h | |||
@@ -282,6 +282,18 @@ static inline int ipv6_addr_cmp(const struct in6_addr *a1, const struct in6_addr | |||
282 | return memcmp((const void *) a1, (const void *) a2, sizeof(struct in6_addr)); | 282 | return memcmp((const void *) a1, (const void *) a2, sizeof(struct in6_addr)); |
283 | } | 283 | } |
284 | 284 | ||
285 | static inline int | ||
286 | ipv6_masked_addr_cmp(const struct in6_addr *a1, const struct in6_addr *m, | ||
287 | const struct in6_addr *a2) | ||
288 | { | ||
289 | unsigned int i; | ||
290 | |||
291 | for (i = 0; i < 4; i++) | ||
292 | if ((a1->s6_addr32[i] ^ a2->s6_addr32[i]) & m->s6_addr32[i]) | ||
293 | return 1; | ||
294 | return 0; | ||
295 | } | ||
296 | |||
285 | static inline void ipv6_addr_copy(struct in6_addr *a1, const struct in6_addr *a2) | 297 | static inline void ipv6_addr_copy(struct in6_addr *a1, const struct in6_addr *a2) |
286 | { | 298 | { |
287 | memcpy((void *) a1, (const void *) a2, sizeof(struct in6_addr)); | 299 | memcpy((void *) a1, (const void *) a2, sizeof(struct in6_addr)); |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index b75f8fdc3afe..d74ec335743e 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -94,19 +94,6 @@ do { \ | |||
94 | #define up(x) do { printk("UP:%u:" #x "\n", __LINE__); up(x); } while(0) | 94 | #define up(x) do { printk("UP:%u:" #x "\n", __LINE__); up(x); } while(0) |
95 | #endif | 95 | #endif |
96 | 96 | ||
97 | int | ||
98 | ip6_masked_addrcmp(const struct in6_addr *addr1, const struct in6_addr *mask, | ||
99 | const struct in6_addr *addr2) | ||
100 | { | ||
101 | int i; | ||
102 | for( i = 0; i < 16; i++){ | ||
103 | if((addr1->s6_addr[i] & mask->s6_addr[i]) != | ||
104 | (addr2->s6_addr[i] & mask->s6_addr[i])) | ||
105 | return 1; | ||
106 | } | ||
107 | return 0; | ||
108 | } | ||
109 | |||
110 | /* Check for an extension */ | 97 | /* Check for an extension */ |
111 | int | 98 | int |
112 | ip6t_ext_hdr(u8 nexthdr) | 99 | ip6t_ext_hdr(u8 nexthdr) |
@@ -135,10 +122,10 @@ ip6_packet_match(const struct sk_buff *skb, | |||
135 | 122 | ||
136 | #define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg)) | 123 | #define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg)) |
137 | 124 | ||
138 | if (FWINV(ip6_masked_addrcmp(&ipv6->saddr, &ip6info->smsk, | 125 | if (FWINV(ipv6_masked_addr_cmp(&ipv6->saddr, &ip6info->smsk, |
139 | &ip6info->src), IP6T_INV_SRCIP) | 126 | &ip6info->src), IP6T_INV_SRCIP) |
140 | || FWINV(ip6_masked_addrcmp(&ipv6->daddr, &ip6info->dmsk, | 127 | || FWINV(ipv6_masked_addr_cmp(&ipv6->daddr, &ip6info->dmsk, |
141 | &ip6info->dst), IP6T_INV_DSTIP)) { | 128 | &ip6info->dst), IP6T_INV_DSTIP)) { |
142 | dprintf("Source or dest mismatch.\n"); | 129 | dprintf("Source or dest mismatch.\n"); |
143 | /* | 130 | /* |
144 | dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr, | 131 | dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr, |
@@ -1526,7 +1513,6 @@ EXPORT_SYMBOL(ip6t_unregister_table); | |||
1526 | EXPORT_SYMBOL(ip6t_do_table); | 1513 | EXPORT_SYMBOL(ip6t_do_table); |
1527 | EXPORT_SYMBOL(ip6t_ext_hdr); | 1514 | EXPORT_SYMBOL(ip6t_ext_hdr); |
1528 | EXPORT_SYMBOL(ipv6_find_hdr); | 1515 | EXPORT_SYMBOL(ipv6_find_hdr); |
1529 | EXPORT_SYMBOL(ip6_masked_addrcmp); | ||
1530 | 1516 | ||
1531 | module_init(init); | 1517 | module_init(init); |
1532 | module_exit(fini); | 1518 | module_exit(fini); |
diff --git a/net/ipv6/netfilter/ip6t_policy.c b/net/ipv6/netfilter/ip6t_policy.c index b2f30072ca6e..f2a59970e007 100644 --- a/net/ipv6/netfilter/ip6t_policy.c +++ b/net/ipv6/netfilter/ip6t_policy.c | |||
@@ -27,7 +27,8 @@ static inline int | |||
27 | match_xfrm_state(struct xfrm_state *x, const struct ip6t_policy_elem *e) | 27 | match_xfrm_state(struct xfrm_state *x, const struct ip6t_policy_elem *e) |
28 | { | 28 | { |
29 | #define MATCH_ADDR(x,y,z) (!e->match.x || \ | 29 | #define MATCH_ADDR(x,y,z) (!e->match.x || \ |
30 | ((!ip6_masked_addrcmp(&e->x.a6, &e->y.a6, z)) \ | 30 | ((!ipv6_masked_addr_cmp(&e->x.a6, &e->y.a6, \ |
31 | z)) \ | ||
31 | ^ e->invert.x)) | 32 | ^ e->invert.x)) |
32 | #define MATCH(x,y) (!e->match.x || ((e->x == (y)) ^ e->invert.x)) | 33 | #define MATCH(x,y) (!e->match.x || ((e->x == (y)) ^ e->invert.x)) |
33 | 34 | ||