aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/net/ipv6.h12
-rw-r--r--net/ipv6/netfilter/ip6_tables.c22
-rw-r--r--net/ipv6/netfilter/ip6t_policy.c3
3 files changed, 18 insertions, 19 deletions
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 3b1d963d396c..c893a1ce4b39 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -282,6 +282,18 @@ static inline int ipv6_addr_cmp(const struct in6_addr *a1, const struct in6_addr
282 return memcmp((const void *) a1, (const void *) a2, sizeof(struct in6_addr)); 282 return memcmp((const void *) a1, (const void *) a2, sizeof(struct in6_addr));
283} 283}
284 284
285static inline int
286ipv6_masked_addr_cmp(const struct in6_addr *a1, const struct in6_addr *m,
287 const struct in6_addr *a2)
288{
289 unsigned int i;
290
291 for (i = 0; i < 4; i++)
292 if ((a1->s6_addr32[i] ^ a2->s6_addr32[i]) & m->s6_addr32[i])
293 return 1;
294 return 0;
295}
296
285static inline void ipv6_addr_copy(struct in6_addr *a1, const struct in6_addr *a2) 297static inline void ipv6_addr_copy(struct in6_addr *a1, const struct in6_addr *a2)
286{ 298{
287 memcpy((void *) a1, (const void *) a2, sizeof(struct in6_addr)); 299 memcpy((void *) a1, (const void *) a2, sizeof(struct in6_addr));
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index b75f8fdc3afe..d74ec335743e 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -94,19 +94,6 @@ do { \
94#define up(x) do { printk("UP:%u:" #x "\n", __LINE__); up(x); } while(0) 94#define up(x) do { printk("UP:%u:" #x "\n", __LINE__); up(x); } while(0)
95#endif 95#endif
96 96
97int
98ip6_masked_addrcmp(const struct in6_addr *addr1, const struct in6_addr *mask,
99 const struct in6_addr *addr2)
100{
101 int i;
102 for( i = 0; i < 16; i++){
103 if((addr1->s6_addr[i] & mask->s6_addr[i]) !=
104 (addr2->s6_addr[i] & mask->s6_addr[i]))
105 return 1;
106 }
107 return 0;
108}
109
110/* Check for an extension */ 97/* Check for an extension */
111int 98int
112ip6t_ext_hdr(u8 nexthdr) 99ip6t_ext_hdr(u8 nexthdr)
@@ -135,10 +122,10 @@ ip6_packet_match(const struct sk_buff *skb,
135 122
136#define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg)) 123#define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg))
137 124
138 if (FWINV(ip6_masked_addrcmp(&ipv6->saddr, &ip6info->smsk, 125 if (FWINV(ipv6_masked_addr_cmp(&ipv6->saddr, &ip6info->smsk,
139 &ip6info->src), IP6T_INV_SRCIP) 126 &ip6info->src), IP6T_INV_SRCIP)
140 || FWINV(ip6_masked_addrcmp(&ipv6->daddr, &ip6info->dmsk, 127 || FWINV(ipv6_masked_addr_cmp(&ipv6->daddr, &ip6info->dmsk,
141 &ip6info->dst), IP6T_INV_DSTIP)) { 128 &ip6info->dst), IP6T_INV_DSTIP)) {
142 dprintf("Source or dest mismatch.\n"); 129 dprintf("Source or dest mismatch.\n");
143/* 130/*
144 dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr, 131 dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr,
@@ -1526,7 +1513,6 @@ EXPORT_SYMBOL(ip6t_unregister_table);
1526EXPORT_SYMBOL(ip6t_do_table); 1513EXPORT_SYMBOL(ip6t_do_table);
1527EXPORT_SYMBOL(ip6t_ext_hdr); 1514EXPORT_SYMBOL(ip6t_ext_hdr);
1528EXPORT_SYMBOL(ipv6_find_hdr); 1515EXPORT_SYMBOL(ipv6_find_hdr);
1529EXPORT_SYMBOL(ip6_masked_addrcmp);
1530 1516
1531module_init(init); 1517module_init(init);
1532module_exit(fini); 1518module_exit(fini);
diff --git a/net/ipv6/netfilter/ip6t_policy.c b/net/ipv6/netfilter/ip6t_policy.c
index b2f30072ca6e..f2a59970e007 100644
--- a/net/ipv6/netfilter/ip6t_policy.c
+++ b/net/ipv6/netfilter/ip6t_policy.c
@@ -27,7 +27,8 @@ static inline int
27match_xfrm_state(struct xfrm_state *x, const struct ip6t_policy_elem *e) 27match_xfrm_state(struct xfrm_state *x, const struct ip6t_policy_elem *e)
28{ 28{
29#define MATCH_ADDR(x,y,z) (!e->match.x || \ 29#define MATCH_ADDR(x,y,z) (!e->match.x || \
30 ((!ip6_masked_addrcmp(&e->x.a6, &e->y.a6, z)) \ 30 ((!ipv6_masked_addr_cmp(&e->x.a6, &e->y.a6, \
31 z)) \
31 ^ e->invert.x)) 32 ^ e->invert.x))
32#define MATCH(x,y) (!e->match.x || ((e->x == (y)) ^ e->invert.x)) 33#define MATCH(x,y) (!e->match.x || ((e->x == (y)) ^ e->invert.x))
33 34