diff options
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/netfilter/ip6t_HL.c | 2 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_REJECT.c | 2 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_ah.c | 12 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_eui64.c | 6 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_frag.c | 18 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_hbh.c | 2 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_hl.c | 8 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_ipv6header.c | 6 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_owner.c | 6 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_rt.c | 16 |
10 files changed, 38 insertions, 40 deletions
diff --git a/net/ipv6/netfilter/ip6t_HL.c b/net/ipv6/netfilter/ip6t_HL.c index 20047ff5492f..33c4cb8a5c43 100644 --- a/net/ipv6/netfilter/ip6t_HL.c +++ b/net/ipv6/netfilter/ip6t_HL.c | |||
@@ -71,7 +71,7 @@ static bool ip6t_hl_checkentry(const char *tablename, | |||
71 | info->mode); | 71 | info->mode); |
72 | return false; | 72 | return false; |
73 | } | 73 | } |
74 | if ((info->mode != IP6T_HL_SET) && (info->hop_limit == 0)) { | 74 | if (info->mode != IP6T_HL_SET && info->hop_limit == 0) { |
75 | printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't " | 75 | printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't " |
76 | "make sense with value 0\n"); | 76 | "make sense with value 0\n"); |
77 | return false; | 77 | return false; |
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c index 4df07f0adf1d..0fa1f2cf9fba 100644 --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c | |||
@@ -69,7 +69,7 @@ static void send_reset(struct sk_buff *oldskb) | |||
69 | otcplen = oldskb->len - tcphoff; | 69 | otcplen = oldskb->len - tcphoff; |
70 | 70 | ||
71 | /* IP header checks: fragment, too short. */ | 71 | /* IP header checks: fragment, too short. */ |
72 | if ((proto != IPPROTO_TCP) || (otcplen < sizeof(struct tcphdr))) { | 72 | if (proto != IPPROTO_TCP || otcplen < sizeof(struct tcphdr)) { |
73 | DEBUGP("ip6t_REJECT: proto(%d) != IPPROTO_TCP, or too short. otcplen = %d\n", | 73 | DEBUGP("ip6t_REJECT: proto(%d) != IPPROTO_TCP, or too short. otcplen = %d\n", |
74 | proto, otcplen); | 74 | proto, otcplen); |
75 | return; | 75 | return; |
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c index b4b1d282761c..fbf3d7748dc2 100644 --- a/net/ipv6/netfilter/ip6t_ah.c +++ b/net/ipv6/netfilter/ip6t_ah.c | |||
@@ -78,9 +78,9 @@ match(const struct sk_buff *skb, | |||
78 | DEBUGP("SPI %u %08X\n", ntohl(ah->spi), ntohl(ah->spi)); | 78 | DEBUGP("SPI %u %08X\n", ntohl(ah->spi), ntohl(ah->spi)); |
79 | 79 | ||
80 | DEBUGP("IPv6 AH spi %02X ", | 80 | DEBUGP("IPv6 AH spi %02X ", |
81 | (spi_match(ahinfo->spis[0], ahinfo->spis[1], | 81 | spi_match(ahinfo->spis[0], ahinfo->spis[1], |
82 | ntohl(ah->spi), | 82 | ntohl(ah->spi), |
83 | !!(ahinfo->invflags & IP6T_AH_INV_SPI)))); | 83 | !!(ahinfo->invflags & IP6T_AH_INV_SPI))); |
84 | DEBUGP("len %02X %04X %02X ", | 84 | DEBUGP("len %02X %04X %02X ", |
85 | ahinfo->hdrlen, hdrlen, | 85 | ahinfo->hdrlen, hdrlen, |
86 | (!ahinfo->hdrlen || | 86 | (!ahinfo->hdrlen || |
@@ -92,9 +92,9 @@ match(const struct sk_buff *skb, | |||
92 | 92 | ||
93 | return (ah != NULL) | 93 | return (ah != NULL) |
94 | && | 94 | && |
95 | (spi_match(ahinfo->spis[0], ahinfo->spis[1], | 95 | spi_match(ahinfo->spis[0], ahinfo->spis[1], |
96 | ntohl(ah->spi), | 96 | ntohl(ah->spi), |
97 | !!(ahinfo->invflags & IP6T_AH_INV_SPI))) | 97 | !!(ahinfo->invflags & IP6T_AH_INV_SPI)) |
98 | && | 98 | && |
99 | (!ahinfo->hdrlen || | 99 | (!ahinfo->hdrlen || |
100 | (ahinfo->hdrlen == hdrlen) ^ | 100 | (ahinfo->hdrlen == hdrlen) ^ |
diff --git a/net/ipv6/netfilter/ip6t_eui64.c b/net/ipv6/netfilter/ip6t_eui64.c index bebb12a1d0e6..2af99fc6bdc9 100644 --- a/net/ipv6/netfilter/ip6t_eui64.c +++ b/net/ipv6/netfilter/ip6t_eui64.c | |||
@@ -33,7 +33,7 @@ match(const struct sk_buff *skb, | |||
33 | int i = 0; | 33 | int i = 0; |
34 | 34 | ||
35 | if (!(skb_mac_header(skb) >= skb->head && | 35 | if (!(skb_mac_header(skb) >= skb->head && |
36 | (skb_mac_header(skb) + ETH_HLEN) <= skb->data) && | 36 | skb_mac_header(skb) + ETH_HLEN <= skb->data) && |
37 | offset != 0) { | 37 | offset != 0) { |
38 | *hotdrop = true; | 38 | *hotdrop = true; |
39 | return false; | 39 | return false; |
@@ -50,8 +50,8 @@ match(const struct sk_buff *skb, | |||
50 | eui64[0] |= 0x02; | 50 | eui64[0] |= 0x02; |
51 | 51 | ||
52 | i = 0; | 52 | i = 0; |
53 | while ((ipv6_hdr(skb)->saddr.s6_addr[8 + i] == eui64[i]) | 53 | while (ipv6_hdr(skb)->saddr.s6_addr[8 + i] == eui64[i] |
54 | && (i < 8)) | 54 | && i < 8) |
55 | i++; | 55 | i++; |
56 | 56 | ||
57 | if (i == 8) | 57 | if (i == 8) |
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c index e0e416bb284a..65482af711de 100644 --- a/net/ipv6/netfilter/ip6t_frag.c +++ b/net/ipv6/netfilter/ip6t_frag.c | |||
@@ -77,35 +77,35 @@ match(const struct sk_buff *skb, | |||
77 | ntohl(fh->identification)); | 77 | ntohl(fh->identification)); |
78 | 78 | ||
79 | DEBUGP("IPv6 FRAG id %02X ", | 79 | DEBUGP("IPv6 FRAG id %02X ", |
80 | (id_match(fraginfo->ids[0], fraginfo->ids[1], | 80 | id_match(fraginfo->ids[0], fraginfo->ids[1], |
81 | ntohl(fh->identification), | 81 | ntohl(fh->identification), |
82 | !!(fraginfo->invflags & IP6T_FRAG_INV_IDS)))); | 82 | !!(fraginfo->invflags & IP6T_FRAG_INV_IDS))); |
83 | DEBUGP("res %02X %02X%04X %02X ", | 83 | DEBUGP("res %02X %02X%04X %02X ", |
84 | (fraginfo->flags & IP6T_FRAG_RES), fh->reserved, | 84 | fraginfo->flags & IP6T_FRAG_RES, fh->reserved, |
85 | ntohs(fh->frag_off) & 0x6, | 85 | ntohs(fh->frag_off) & 0x6, |
86 | !((fraginfo->flags & IP6T_FRAG_RES) | 86 | !((fraginfo->flags & IP6T_FRAG_RES) |
87 | && (fh->reserved || (ntohs(fh->frag_off) & 0x06)))); | 87 | && (fh->reserved || (ntohs(fh->frag_off) & 0x06)))); |
88 | DEBUGP("first %02X %02X %02X ", | 88 | DEBUGP("first %02X %02X %02X ", |
89 | (fraginfo->flags & IP6T_FRAG_FST), | 89 | fraginfo->flags & IP6T_FRAG_FST, |
90 | ntohs(fh->frag_off) & ~0x7, | 90 | ntohs(fh->frag_off) & ~0x7, |
91 | !((fraginfo->flags & IP6T_FRAG_FST) | 91 | !((fraginfo->flags & IP6T_FRAG_FST) |
92 | && (ntohs(fh->frag_off) & ~0x7))); | 92 | && (ntohs(fh->frag_off) & ~0x7))); |
93 | DEBUGP("mf %02X %02X %02X ", | 93 | DEBUGP("mf %02X %02X %02X ", |
94 | (fraginfo->flags & IP6T_FRAG_MF), | 94 | fraginfo->flags & IP6T_FRAG_MF, |
95 | ntohs(fh->frag_off) & IP6_MF, | 95 | ntohs(fh->frag_off) & IP6_MF, |
96 | !((fraginfo->flags & IP6T_FRAG_MF) | 96 | !((fraginfo->flags & IP6T_FRAG_MF) |
97 | && !((ntohs(fh->frag_off) & IP6_MF)))); | 97 | && !((ntohs(fh->frag_off) & IP6_MF)))); |
98 | DEBUGP("last %02X %02X %02X\n", | 98 | DEBUGP("last %02X %02X %02X\n", |
99 | (fraginfo->flags & IP6T_FRAG_NMF), | 99 | fraginfo->flags & IP6T_FRAG_NMF, |
100 | ntohs(fh->frag_off) & IP6_MF, | 100 | ntohs(fh->frag_off) & IP6_MF, |
101 | !((fraginfo->flags & IP6T_FRAG_NMF) | 101 | !((fraginfo->flags & IP6T_FRAG_NMF) |
102 | && (ntohs(fh->frag_off) & IP6_MF))); | 102 | && (ntohs(fh->frag_off) & IP6_MF))); |
103 | 103 | ||
104 | return (fh != NULL) | 104 | return (fh != NULL) |
105 | && | 105 | && |
106 | (id_match(fraginfo->ids[0], fraginfo->ids[1], | 106 | id_match(fraginfo->ids[0], fraginfo->ids[1], |
107 | ntohl(fh->identification), | 107 | ntohl(fh->identification), |
108 | !!(fraginfo->invflags & IP6T_FRAG_INV_IDS))) | 108 | !!(fraginfo->invflags & IP6T_FRAG_INV_IDS)) |
109 | && | 109 | && |
110 | !((fraginfo->flags & IP6T_FRAG_RES) | 110 | !((fraginfo->flags & IP6T_FRAG_RES) |
111 | && (fh->reserved || (ntohs(fh->frag_off) & 0x6))) | 111 | && (fh->reserved || (ntohs(fh->frag_off) & 0x6))) |
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c index bbd2615ad2e1..8eecac14ddaa 100644 --- a/net/ipv6/netfilter/ip6t_hbh.c +++ b/net/ipv6/netfilter/ip6t_hbh.c | |||
@@ -160,7 +160,7 @@ match(const struct sk_buff *skb, | |||
160 | DEBUGP("len%04X \n", optlen); | 160 | DEBUGP("len%04X \n", optlen); |
161 | 161 | ||
162 | if ((ptr > skb->len - optlen || hdrlen < optlen) && | 162 | if ((ptr > skb->len - optlen || hdrlen < optlen) && |
163 | (temp < optinfo->optsnr - 1)) { | 163 | temp < optinfo->optsnr - 1) { |
164 | DEBUGP("new pointer is too large! \n"); | 164 | DEBUGP("new pointer is too large! \n"); |
165 | break; | 165 | break; |
166 | } | 166 | } |
diff --git a/net/ipv6/netfilter/ip6t_hl.c b/net/ipv6/netfilter/ip6t_hl.c index b933e84a06a4..ddee088f5f10 100644 --- a/net/ipv6/netfilter/ip6t_hl.c +++ b/net/ipv6/netfilter/ip6t_hl.c | |||
@@ -29,16 +29,16 @@ static bool match(const struct sk_buff *skb, | |||
29 | 29 | ||
30 | switch (info->mode) { | 30 | switch (info->mode) { |
31 | case IP6T_HL_EQ: | 31 | case IP6T_HL_EQ: |
32 | return (ip6h->hop_limit == info->hop_limit); | 32 | return ip6h->hop_limit == info->hop_limit; |
33 | break; | 33 | break; |
34 | case IP6T_HL_NE: | 34 | case IP6T_HL_NE: |
35 | return (!(ip6h->hop_limit == info->hop_limit)); | 35 | return ip6h->hop_limit != info->hop_limit; |
36 | break; | 36 | break; |
37 | case IP6T_HL_LT: | 37 | case IP6T_HL_LT: |
38 | return (ip6h->hop_limit < info->hop_limit); | 38 | return ip6h->hop_limit < info->hop_limit; |
39 | break; | 39 | break; |
40 | case IP6T_HL_GT: | 40 | case IP6T_HL_GT: |
41 | return (ip6h->hop_limit > info->hop_limit); | 41 | return ip6h->hop_limit > info->hop_limit; |
42 | break; | 42 | break; |
43 | default: | 43 | default: |
44 | printk(KERN_WARNING "ip6t_hl: unknown mode %d\n", | 44 | printk(KERN_WARNING "ip6t_hl: unknown mode %d\n", |
diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c index 5ba6ef0f1b1b..ca020ce1c4a3 100644 --- a/net/ipv6/netfilter/ip6t_ipv6header.c +++ b/net/ipv6/netfilter/ip6t_ipv6header.c | |||
@@ -74,9 +74,9 @@ ipv6header_match(const struct sk_buff *skb, | |||
74 | BUG_ON(hp == NULL); | 74 | BUG_ON(hp == NULL); |
75 | 75 | ||
76 | /* Calculate the header length */ | 76 | /* Calculate the header length */ |
77 | if (nexthdr == NEXTHDR_FRAGMENT) { | 77 | if (nexthdr == NEXTHDR_FRAGMENT) |
78 | hdrlen = 8; | 78 | hdrlen = 8; |
79 | } else if (nexthdr == NEXTHDR_AUTH) | 79 | else if (nexthdr == NEXTHDR_AUTH) |
80 | hdrlen = (hp->hdrlen + 2) << 2; | 80 | hdrlen = (hp->hdrlen + 2) << 2; |
81 | else | 81 | else |
82 | hdrlen = ipv6_optlen(hp); | 82 | hdrlen = ipv6_optlen(hp); |
@@ -110,7 +110,7 @@ ipv6header_match(const struct sk_buff *skb, | |||
110 | break; | 110 | break; |
111 | } | 111 | } |
112 | 112 | ||
113 | if ((nexthdr != NEXTHDR_NONE) && (nexthdr != NEXTHDR_ESP)) | 113 | if (nexthdr != NEXTHDR_NONE && nexthdr != NEXTHDR_ESP) |
114 | temp |= MASK_PROTO; | 114 | temp |= MASK_PROTO; |
115 | 115 | ||
116 | if (info->modeflag) | 116 | if (info->modeflag) |
diff --git a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c index 8cb6c94b4a20..d2bf3204aeac 100644 --- a/net/ipv6/netfilter/ip6t_owner.c +++ b/net/ipv6/netfilter/ip6t_owner.c | |||
@@ -38,17 +38,15 @@ match(const struct sk_buff *skb, | |||
38 | if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file) | 38 | if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file) |
39 | return false; | 39 | return false; |
40 | 40 | ||
41 | if (info->match & IP6T_OWNER_UID) { | 41 | if (info->match & IP6T_OWNER_UID) |
42 | if ((skb->sk->sk_socket->file->f_uid != info->uid) ^ | 42 | if ((skb->sk->sk_socket->file->f_uid != info->uid) ^ |
43 | !!(info->invert & IP6T_OWNER_UID)) | 43 | !!(info->invert & IP6T_OWNER_UID)) |
44 | return false; | 44 | return false; |
45 | } | ||
46 | 45 | ||
47 | if (info->match & IP6T_OWNER_GID) { | 46 | if (info->match & IP6T_OWNER_GID) |
48 | if ((skb->sk->sk_socket->file->f_gid != info->gid) ^ | 47 | if ((skb->sk->sk_socket->file->f_gid != info->gid) ^ |
49 | !!(info->invert & IP6T_OWNER_GID)) | 48 | !!(info->invert & IP6T_OWNER_GID)) |
50 | return false; | 49 | return false; |
51 | } | ||
52 | 50 | ||
53 | return true; | 51 | return true; |
54 | } | 52 | } |
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c index bc5ff4b1af39..f86fdcdd8cb8 100644 --- a/net/ipv6/netfilter/ip6t_rt.c +++ b/net/ipv6/netfilter/ip6t_rt.c | |||
@@ -87,9 +87,9 @@ match(const struct sk_buff *skb, | |||
87 | DEBUGP("SGS_LEFT %u %02X\n", rh->segments_left, rh->segments_left); | 87 | DEBUGP("SGS_LEFT %u %02X\n", rh->segments_left, rh->segments_left); |
88 | 88 | ||
89 | DEBUGP("IPv6 RT segsleft %02X ", | 89 | DEBUGP("IPv6 RT segsleft %02X ", |
90 | (segsleft_match(rtinfo->segsleft[0], rtinfo->segsleft[1], | 90 | segsleft_match(rtinfo->segsleft[0], rtinfo->segsleft[1], |
91 | rh->segments_left, | 91 | rh->segments_left, |
92 | !!(rtinfo->invflags & IP6T_RT_INV_SGS)))); | 92 | !!(rtinfo->invflags & IP6T_RT_INV_SGS))); |
93 | DEBUGP("type %02X %02X %02X ", | 93 | DEBUGP("type %02X %02X %02X ", |
94 | rtinfo->rt_type, rh->type, | 94 | rtinfo->rt_type, rh->type, |
95 | (!(rtinfo->flags & IP6T_RT_TYP) || | 95 | (!(rtinfo->flags & IP6T_RT_TYP) || |
@@ -97,11 +97,11 @@ match(const struct sk_buff *skb, | |||
97 | !!(rtinfo->invflags & IP6T_RT_INV_TYP)))); | 97 | !!(rtinfo->invflags & IP6T_RT_INV_TYP)))); |
98 | DEBUGP("len %02X %04X %02X ", | 98 | DEBUGP("len %02X %04X %02X ", |
99 | rtinfo->hdrlen, hdrlen, | 99 | rtinfo->hdrlen, hdrlen, |
100 | (!(rtinfo->flags & IP6T_RT_LEN) || | 100 | !(rtinfo->flags & IP6T_RT_LEN) || |
101 | ((rtinfo->hdrlen == hdrlen) ^ | 101 | ((rtinfo->hdrlen == hdrlen) ^ |
102 | !!(rtinfo->invflags & IP6T_RT_INV_LEN)))); | 102 | !!(rtinfo->invflags & IP6T_RT_INV_LEN))); |
103 | DEBUGP("res %02X %02X %02X ", | 103 | DEBUGP("res %02X %02X %02X ", |
104 | (rtinfo->flags & IP6T_RT_RES), | 104 | rtinfo->flags & IP6T_RT_RES, |
105 | ((const struct rt0_hdr *)rh)->reserved, | 105 | ((const struct rt0_hdr *)rh)->reserved, |
106 | !((rtinfo->flags & IP6T_RT_RES) && | 106 | !((rtinfo->flags & IP6T_RT_RES) && |
107 | (((const struct rt0_hdr *)rh)->reserved))); | 107 | (((const struct rt0_hdr *)rh)->reserved))); |
@@ -188,8 +188,8 @@ match(const struct sk_buff *skb, | |||
188 | break; | 188 | break; |
189 | } | 189 | } |
190 | DEBUGP("temp=%d #%d\n", temp, rtinfo->addrnr); | 190 | DEBUGP("temp=%d #%d\n", temp, rtinfo->addrnr); |
191 | if ((temp == rtinfo->addrnr) && | 191 | if (temp == rtinfo->addrnr && |
192 | (temp == (unsigned int)((hdrlen - 8) / 16))) | 192 | temp == (unsigned int)((hdrlen - 8) / 16)) |
193 | return ret; | 193 | return ret; |
194 | else | 194 | else |
195 | return false; | 195 | return false; |