aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/netfilter/ip6t_HL.c2
-rw-r--r--net/ipv6/netfilter/ip6t_REJECT.c2
-rw-r--r--net/ipv6/netfilter/ip6t_ah.c12
-rw-r--r--net/ipv6/netfilter/ip6t_eui64.c6
-rw-r--r--net/ipv6/netfilter/ip6t_frag.c18
-rw-r--r--net/ipv6/netfilter/ip6t_hbh.c2
-rw-r--r--net/ipv6/netfilter/ip6t_hl.c8
-rw-r--r--net/ipv6/netfilter/ip6t_ipv6header.c6
-rw-r--r--net/ipv6/netfilter/ip6t_owner.c6
-rw-r--r--net/ipv6/netfilter/ip6t_rt.c16
10 files changed, 38 insertions, 40 deletions
diff --git a/net/ipv6/netfilter/ip6t_HL.c b/net/ipv6/netfilter/ip6t_HL.c
index 20047ff5492f..33c4cb8a5c43 100644
--- a/net/ipv6/netfilter/ip6t_HL.c
+++ b/net/ipv6/netfilter/ip6t_HL.c
@@ -71,7 +71,7 @@ static bool ip6t_hl_checkentry(const char *tablename,
71 info->mode); 71 info->mode);
72 return false; 72 return false;
73 } 73 }
74 if ((info->mode != IP6T_HL_SET) && (info->hop_limit == 0)) { 74 if (info->mode != IP6T_HL_SET && info->hop_limit == 0) {
75 printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't " 75 printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't "
76 "make sense with value 0\n"); 76 "make sense with value 0\n");
77 return false; 77 return false;
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index 4df07f0adf1d..0fa1f2cf9fba 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -69,7 +69,7 @@ static void send_reset(struct sk_buff *oldskb)
69 otcplen = oldskb->len - tcphoff; 69 otcplen = oldskb->len - tcphoff;
70 70
71 /* IP header checks: fragment, too short. */ 71 /* IP header checks: fragment, too short. */
72 if ((proto != IPPROTO_TCP) || (otcplen < sizeof(struct tcphdr))) { 72 if (proto != IPPROTO_TCP || otcplen < sizeof(struct tcphdr)) {
73 DEBUGP("ip6t_REJECT: proto(%d) != IPPROTO_TCP, or too short. otcplen = %d\n", 73 DEBUGP("ip6t_REJECT: proto(%d) != IPPROTO_TCP, or too short. otcplen = %d\n",
74 proto, otcplen); 74 proto, otcplen);
75 return; 75 return;
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c
index b4b1d282761c..fbf3d7748dc2 100644
--- a/net/ipv6/netfilter/ip6t_ah.c
+++ b/net/ipv6/netfilter/ip6t_ah.c
@@ -78,9 +78,9 @@ match(const struct sk_buff *skb,
78 DEBUGP("SPI %u %08X\n", ntohl(ah->spi), ntohl(ah->spi)); 78 DEBUGP("SPI %u %08X\n", ntohl(ah->spi), ntohl(ah->spi));
79 79
80 DEBUGP("IPv6 AH spi %02X ", 80 DEBUGP("IPv6 AH spi %02X ",
81 (spi_match(ahinfo->spis[0], ahinfo->spis[1], 81 spi_match(ahinfo->spis[0], ahinfo->spis[1],
82 ntohl(ah->spi), 82 ntohl(ah->spi),
83 !!(ahinfo->invflags & IP6T_AH_INV_SPI)))); 83 !!(ahinfo->invflags & IP6T_AH_INV_SPI)));
84 DEBUGP("len %02X %04X %02X ", 84 DEBUGP("len %02X %04X %02X ",
85 ahinfo->hdrlen, hdrlen, 85 ahinfo->hdrlen, hdrlen,
86 (!ahinfo->hdrlen || 86 (!ahinfo->hdrlen ||
@@ -92,9 +92,9 @@ match(const struct sk_buff *skb,
92 92
93 return (ah != NULL) 93 return (ah != NULL)
94 && 94 &&
95 (spi_match(ahinfo->spis[0], ahinfo->spis[1], 95 spi_match(ahinfo->spis[0], ahinfo->spis[1],
96 ntohl(ah->spi), 96 ntohl(ah->spi),
97 !!(ahinfo->invflags & IP6T_AH_INV_SPI))) 97 !!(ahinfo->invflags & IP6T_AH_INV_SPI))
98 && 98 &&
99 (!ahinfo->hdrlen || 99 (!ahinfo->hdrlen ||
100 (ahinfo->hdrlen == hdrlen) ^ 100 (ahinfo->hdrlen == hdrlen) ^
diff --git a/net/ipv6/netfilter/ip6t_eui64.c b/net/ipv6/netfilter/ip6t_eui64.c
index bebb12a1d0e6..2af99fc6bdc9 100644
--- a/net/ipv6/netfilter/ip6t_eui64.c
+++ b/net/ipv6/netfilter/ip6t_eui64.c
@@ -33,7 +33,7 @@ match(const struct sk_buff *skb,
33 int i = 0; 33 int i = 0;
34 34
35 if (!(skb_mac_header(skb) >= skb->head && 35 if (!(skb_mac_header(skb) >= skb->head &&
36 (skb_mac_header(skb) + ETH_HLEN) <= skb->data) && 36 skb_mac_header(skb) + ETH_HLEN <= skb->data) &&
37 offset != 0) { 37 offset != 0) {
38 *hotdrop = true; 38 *hotdrop = true;
39 return false; 39 return false;
@@ -50,8 +50,8 @@ match(const struct sk_buff *skb,
50 eui64[0] |= 0x02; 50 eui64[0] |= 0x02;
51 51
52 i = 0; 52 i = 0;
53 while ((ipv6_hdr(skb)->saddr.s6_addr[8 + i] == eui64[i]) 53 while (ipv6_hdr(skb)->saddr.s6_addr[8 + i] == eui64[i]
54 && (i < 8)) 54 && i < 8)
55 i++; 55 i++;
56 56
57 if (i == 8) 57 if (i == 8)
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c
index e0e416bb284a..65482af711de 100644
--- a/net/ipv6/netfilter/ip6t_frag.c
+++ b/net/ipv6/netfilter/ip6t_frag.c
@@ -77,35 +77,35 @@ match(const struct sk_buff *skb,
77 ntohl(fh->identification)); 77 ntohl(fh->identification));
78 78
79 DEBUGP("IPv6 FRAG id %02X ", 79 DEBUGP("IPv6 FRAG id %02X ",
80 (id_match(fraginfo->ids[0], fraginfo->ids[1], 80 id_match(fraginfo->ids[0], fraginfo->ids[1],
81 ntohl(fh->identification), 81 ntohl(fh->identification),
82 !!(fraginfo->invflags & IP6T_FRAG_INV_IDS)))); 82 !!(fraginfo->invflags & IP6T_FRAG_INV_IDS)));
83 DEBUGP("res %02X %02X%04X %02X ", 83 DEBUGP("res %02X %02X%04X %02X ",
84 (fraginfo->flags & IP6T_FRAG_RES), fh->reserved, 84 fraginfo->flags & IP6T_FRAG_RES, fh->reserved,
85 ntohs(fh->frag_off) & 0x6, 85 ntohs(fh->frag_off) & 0x6,
86 !((fraginfo->flags & IP6T_FRAG_RES) 86 !((fraginfo->flags & IP6T_FRAG_RES)
87 && (fh->reserved || (ntohs(fh->frag_off) & 0x06)))); 87 && (fh->reserved || (ntohs(fh->frag_off) & 0x06))));
88 DEBUGP("first %02X %02X %02X ", 88 DEBUGP("first %02X %02X %02X ",
89 (fraginfo->flags & IP6T_FRAG_FST), 89 fraginfo->flags & IP6T_FRAG_FST,
90 ntohs(fh->frag_off) & ~0x7, 90 ntohs(fh->frag_off) & ~0x7,
91 !((fraginfo->flags & IP6T_FRAG_FST) 91 !((fraginfo->flags & IP6T_FRAG_FST)
92 && (ntohs(fh->frag_off) & ~0x7))); 92 && (ntohs(fh->frag_off) & ~0x7)));
93 DEBUGP("mf %02X %02X %02X ", 93 DEBUGP("mf %02X %02X %02X ",
94 (fraginfo->flags & IP6T_FRAG_MF), 94 fraginfo->flags & IP6T_FRAG_MF,
95 ntohs(fh->frag_off) & IP6_MF, 95 ntohs(fh->frag_off) & IP6_MF,
96 !((fraginfo->flags & IP6T_FRAG_MF) 96 !((fraginfo->flags & IP6T_FRAG_MF)
97 && !((ntohs(fh->frag_off) & IP6_MF)))); 97 && !((ntohs(fh->frag_off) & IP6_MF))));
98 DEBUGP("last %02X %02X %02X\n", 98 DEBUGP("last %02X %02X %02X\n",
99 (fraginfo->flags & IP6T_FRAG_NMF), 99 fraginfo->flags & IP6T_FRAG_NMF,
100 ntohs(fh->frag_off) & IP6_MF, 100 ntohs(fh->frag_off) & IP6_MF,
101 !((fraginfo->flags & IP6T_FRAG_NMF) 101 !((fraginfo->flags & IP6T_FRAG_NMF)
102 && (ntohs(fh->frag_off) & IP6_MF))); 102 && (ntohs(fh->frag_off) & IP6_MF)));
103 103
104 return (fh != NULL) 104 return (fh != NULL)
105 && 105 &&
106 (id_match(fraginfo->ids[0], fraginfo->ids[1], 106 id_match(fraginfo->ids[0], fraginfo->ids[1],
107 ntohl(fh->identification), 107 ntohl(fh->identification),
108 !!(fraginfo->invflags & IP6T_FRAG_INV_IDS))) 108 !!(fraginfo->invflags & IP6T_FRAG_INV_IDS))
109 && 109 &&
110 !((fraginfo->flags & IP6T_FRAG_RES) 110 !((fraginfo->flags & IP6T_FRAG_RES)
111 && (fh->reserved || (ntohs(fh->frag_off) & 0x6))) 111 && (fh->reserved || (ntohs(fh->frag_off) & 0x6)))
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c
index bbd2615ad2e1..8eecac14ddaa 100644
--- a/net/ipv6/netfilter/ip6t_hbh.c
+++ b/net/ipv6/netfilter/ip6t_hbh.c
@@ -160,7 +160,7 @@ match(const struct sk_buff *skb,
160 DEBUGP("len%04X \n", optlen); 160 DEBUGP("len%04X \n", optlen);
161 161
162 if ((ptr > skb->len - optlen || hdrlen < optlen) && 162 if ((ptr > skb->len - optlen || hdrlen < optlen) &&
163 (temp < optinfo->optsnr - 1)) { 163 temp < optinfo->optsnr - 1) {
164 DEBUGP("new pointer is too large! \n"); 164 DEBUGP("new pointer is too large! \n");
165 break; 165 break;
166 } 166 }
diff --git a/net/ipv6/netfilter/ip6t_hl.c b/net/ipv6/netfilter/ip6t_hl.c
index b933e84a06a4..ddee088f5f10 100644
--- a/net/ipv6/netfilter/ip6t_hl.c
+++ b/net/ipv6/netfilter/ip6t_hl.c
@@ -29,16 +29,16 @@ static bool match(const struct sk_buff *skb,
29 29
30 switch (info->mode) { 30 switch (info->mode) {
31 case IP6T_HL_EQ: 31 case IP6T_HL_EQ:
32 return (ip6h->hop_limit == info->hop_limit); 32 return ip6h->hop_limit == info->hop_limit;
33 break; 33 break;
34 case IP6T_HL_NE: 34 case IP6T_HL_NE:
35 return (!(ip6h->hop_limit == info->hop_limit)); 35 return ip6h->hop_limit != info->hop_limit;
36 break; 36 break;
37 case IP6T_HL_LT: 37 case IP6T_HL_LT:
38 return (ip6h->hop_limit < info->hop_limit); 38 return ip6h->hop_limit < info->hop_limit;
39 break; 39 break;
40 case IP6T_HL_GT: 40 case IP6T_HL_GT:
41 return (ip6h->hop_limit > info->hop_limit); 41 return ip6h->hop_limit > info->hop_limit;
42 break; 42 break;
43 default: 43 default:
44 printk(KERN_WARNING "ip6t_hl: unknown mode %d\n", 44 printk(KERN_WARNING "ip6t_hl: unknown mode %d\n",
diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c
index 5ba6ef0f1b1b..ca020ce1c4a3 100644
--- a/net/ipv6/netfilter/ip6t_ipv6header.c
+++ b/net/ipv6/netfilter/ip6t_ipv6header.c
@@ -74,9 +74,9 @@ ipv6header_match(const struct sk_buff *skb,
74 BUG_ON(hp == NULL); 74 BUG_ON(hp == NULL);
75 75
76 /* Calculate the header length */ 76 /* Calculate the header length */
77 if (nexthdr == NEXTHDR_FRAGMENT) { 77 if (nexthdr == NEXTHDR_FRAGMENT)
78 hdrlen = 8; 78 hdrlen = 8;
79 } else if (nexthdr == NEXTHDR_AUTH) 79 else if (nexthdr == NEXTHDR_AUTH)
80 hdrlen = (hp->hdrlen + 2) << 2; 80 hdrlen = (hp->hdrlen + 2) << 2;
81 else 81 else
82 hdrlen = ipv6_optlen(hp); 82 hdrlen = ipv6_optlen(hp);
@@ -110,7 +110,7 @@ ipv6header_match(const struct sk_buff *skb,
110 break; 110 break;
111 } 111 }
112 112
113 if ((nexthdr != NEXTHDR_NONE) && (nexthdr != NEXTHDR_ESP)) 113 if (nexthdr != NEXTHDR_NONE && nexthdr != NEXTHDR_ESP)
114 temp |= MASK_PROTO; 114 temp |= MASK_PROTO;
115 115
116 if (info->modeflag) 116 if (info->modeflag)
diff --git a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c
index 8cb6c94b4a20..d2bf3204aeac 100644
--- a/net/ipv6/netfilter/ip6t_owner.c
+++ b/net/ipv6/netfilter/ip6t_owner.c
@@ -38,17 +38,15 @@ match(const struct sk_buff *skb,
38 if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file) 38 if (!skb->sk || !skb->sk->sk_socket || !skb->sk->sk_socket->file)
39 return false; 39 return false;
40 40
41 if (info->match & IP6T_OWNER_UID) { 41 if (info->match & IP6T_OWNER_UID)
42 if ((skb->sk->sk_socket->file->f_uid != info->uid) ^ 42 if ((skb->sk->sk_socket->file->f_uid != info->uid) ^
43 !!(info->invert & IP6T_OWNER_UID)) 43 !!(info->invert & IP6T_OWNER_UID))
44 return false; 44 return false;
45 }
46 45
47 if (info->match & IP6T_OWNER_GID) { 46 if (info->match & IP6T_OWNER_GID)
48 if ((skb->sk->sk_socket->file->f_gid != info->gid) ^ 47 if ((skb->sk->sk_socket->file->f_gid != info->gid) ^
49 !!(info->invert & IP6T_OWNER_GID)) 48 !!(info->invert & IP6T_OWNER_GID))
50 return false; 49 return false;
51 }
52 50
53 return true; 51 return true;
54} 52}
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c
index bc5ff4b1af39..f86fdcdd8cb8 100644
--- a/net/ipv6/netfilter/ip6t_rt.c
+++ b/net/ipv6/netfilter/ip6t_rt.c
@@ -87,9 +87,9 @@ match(const struct sk_buff *skb,
87 DEBUGP("SGS_LEFT %u %02X\n", rh->segments_left, rh->segments_left); 87 DEBUGP("SGS_LEFT %u %02X\n", rh->segments_left, rh->segments_left);
88 88
89 DEBUGP("IPv6 RT segsleft %02X ", 89 DEBUGP("IPv6 RT segsleft %02X ",
90 (segsleft_match(rtinfo->segsleft[0], rtinfo->segsleft[1], 90 segsleft_match(rtinfo->segsleft[0], rtinfo->segsleft[1],
91 rh->segments_left, 91 rh->segments_left,
92 !!(rtinfo->invflags & IP6T_RT_INV_SGS)))); 92 !!(rtinfo->invflags & IP6T_RT_INV_SGS)));
93 DEBUGP("type %02X %02X %02X ", 93 DEBUGP("type %02X %02X %02X ",
94 rtinfo->rt_type, rh->type, 94 rtinfo->rt_type, rh->type,
95 (!(rtinfo->flags & IP6T_RT_TYP) || 95 (!(rtinfo->flags & IP6T_RT_TYP) ||
@@ -97,11 +97,11 @@ match(const struct sk_buff *skb,
97 !!(rtinfo->invflags & IP6T_RT_INV_TYP)))); 97 !!(rtinfo->invflags & IP6T_RT_INV_TYP))));
98 DEBUGP("len %02X %04X %02X ", 98 DEBUGP("len %02X %04X %02X ",
99 rtinfo->hdrlen, hdrlen, 99 rtinfo->hdrlen, hdrlen,
100 (!(rtinfo->flags & IP6T_RT_LEN) || 100 !(rtinfo->flags & IP6T_RT_LEN) ||
101 ((rtinfo->hdrlen == hdrlen) ^ 101 ((rtinfo->hdrlen == hdrlen) ^
102 !!(rtinfo->invflags & IP6T_RT_INV_LEN)))); 102 !!(rtinfo->invflags & IP6T_RT_INV_LEN)));
103 DEBUGP("res %02X %02X %02X ", 103 DEBUGP("res %02X %02X %02X ",
104 (rtinfo->flags & IP6T_RT_RES), 104 rtinfo->flags & IP6T_RT_RES,
105 ((const struct rt0_hdr *)rh)->reserved, 105 ((const struct rt0_hdr *)rh)->reserved,
106 !((rtinfo->flags & IP6T_RT_RES) && 106 !((rtinfo->flags & IP6T_RT_RES) &&
107 (((const struct rt0_hdr *)rh)->reserved))); 107 (((const struct rt0_hdr *)rh)->reserved)));
@@ -188,8 +188,8 @@ match(const struct sk_buff *skb,
188 break; 188 break;
189 } 189 }
190 DEBUGP("temp=%d #%d\n", temp, rtinfo->addrnr); 190 DEBUGP("temp=%d #%d\n", temp, rtinfo->addrnr);
191 if ((temp == rtinfo->addrnr) && 191 if (temp == rtinfo->addrnr &&
192 (temp == (unsigned int)((hdrlen - 8) / 16))) 192 temp == (unsigned int)((hdrlen - 8) / 16))
193 return ret; 193 return ret;
194 else 194 else
195 return false; 195 return false;