4 files changed, 13 insertions, 22 deletions

diff --git a/include/linux/netfilter/nf_conntrack_tuple_common.h b/include/linux/netfilter/nf_conntrack_tuple_common.h
index 8e145f0d61cb..2ea22b018a87 100644
--- a/include/linux/netfilter/nf_conntrack_tuple_common.h
+++ b/include/linux/netfilter/nf_conntrack_tuple_common.h
@@ -1,8 +1,7 @@
 #ifndef _NF_CONNTRACK_TUPLE_COMMON_H
 #define _NF_CONNTRACK_TUPLE_COMMON_H
 
-enum ip_conntrack_dir
-{
+enum ip_conntrack_dir {
         IP_CT_DIR_ORIGINAL,
         IP_CT_DIR_REPLY,
         IP_CT_DIR_MAX
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index e5ba03d783c6..18442ff19c07 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -316,10 +316,6 @@ extern int ip6t_ext_hdr(u8 nexthdr);
 extern int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
                          int target, unsigned short *fragoff);
 
-extern int ip6_masked_addrcmp(const struct in6_addr *addr1,
-                              const struct in6_addr *mask,
-                              const struct in6_addr *addr2);
-
 #define IP6T_ALIGN(s) XT_ALIGN(s)
 
 #ifdef CONFIG_COMPAT
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c
index 05d0d0c4ccb9..63e3888d20cf 100644
--- a/net/bridge/netfilter/ebt_ip6.c
+++ b/net/bridge/netfilter/ebt_ip6.c
@@ -35,8 +35,6 @@ ebt_ip6_mt(const struct sk_buff *skb, const struct xt_match_param *par)
         struct ipv6hdr _ip6h;
         const struct tcpudphdr *pptr;
         struct tcpudphdr _ports;
-        struct in6_addr tmp_addr;
-        int i;
 
         ih6 = skb_header_pointer(skb, 0, sizeof(_ip6h), &_ip6h);
         if (ih6 == NULL)
@@ -44,18 +42,10 @@ ebt_ip6_mt(const struct sk_buff *skb, const struct xt_match_param *par)
         if (info->bitmask & EBT_IP6_TCLASS &&
            FWINV(info->tclass != ipv6_get_dsfield(ih6), EBT_IP6_TCLASS))
                 return false;
-        for (i = 0; i < 4; i++)
-                tmp_addr.in6_u.u6_addr32[i] = ih6->saddr.in6_u.u6_addr32[i] &
-                        info->smsk.in6_u.u6_addr32[i];
-        if (info->bitmask & EBT_IP6_SOURCE &&
-                FWINV((ipv6_addr_cmp(&tmp_addr, &info->saddr) != 0),
-                        EBT_IP6_SOURCE))
-                return false;
-        for (i = 0; i < 4; i++)
-                tmp_addr.in6_u.u6_addr32[i] = ih6->daddr.in6_u.u6_addr32[i] &
-                        info->dmsk.in6_u.u6_addr32[i];
-        if (info->bitmask & EBT_IP6_DEST &&
-           FWINV((ipv6_addr_cmp(&tmp_addr, &info->daddr) != 0), EBT_IP6_DEST))
+        if (FWINV(ipv6_masked_addr_cmp(&ih6->saddr, &info->smsk,
+                                       &info->saddr), EBT_IP6_SOURCE) ||
+            FWINV(ipv6_masked_addr_cmp(&ih6->daddr, &info->dmsk,
+                                       &info->daddr), EBT_IP6_DEST))
                 return false;
         if (info->bitmask & EBT_IP6_PROTO) {
                 uint8_t nexthdr = ih6->nexthdr;
diff --git a/net/netfilter/ipvs/ip_vs_ftp.c b/net/netfilter/ipvs/ip_vs_ftp.c
index 73f38ea98f25..9f6328303844 100644
--- a/net/netfilter/ipvs/ip_vs_ftp.c
+++ b/net/netfilter/ipvs/ip_vs_ftp.c
@@ -208,8 +208,14 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
                  */
                 from.ip = n_cp->vaddr.ip;
                 port = n_cp->vport;
-                sprintf(buf, "%u,%u,%u,%u,%u,%u", NIPQUAD(from.ip),
-                        (ntohs(port)>>8)&255, ntohs(port)&255);
+                snprintf(buf, sizeof(buf), "%u,%u,%u,%u,%u,%u",
+                         ((unsigned char *)&from.ip)[0],
+                         ((unsigned char *)&from.ip)[1],
+                         ((unsigned char *)&from.ip)[2],
+                         ((unsigned char *)&from.ip)[3],
+                         ntohs(port) >> 8,
+                         ntohs(port) & 0xFF);
+
                 buf_len = strlen(buf);
 
                 /*