diff options
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 8e4921a937ff..b0599b98d1b6 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -8,7 +8,7 @@ | |||
8 | * it under the terms of the GNU General Public License version 2 as | 8 | * it under the terms of the GNU General Public License version 2 as |
9 | * published by the Free Software Foundation. | 9 | * published by the Free Software Foundation. |
10 | */ | 10 | */ |
11 | 11 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt | |
12 | #include <linux/capability.h> | 12 | #include <linux/capability.h> |
13 | #include <linux/in.h> | 13 | #include <linux/in.h> |
14 | #include <linux/skbuff.h> | 14 | #include <linux/skbuff.h> |
@@ -771,13 +771,15 @@ check_entry_size_and_hooks(struct ip6t_entry *e, | |||
771 | continue; | 771 | continue; |
772 | if ((unsigned char *)e - base == hook_entries[h]) | 772 | if ((unsigned char *)e - base == hook_entries[h]) |
773 | newinfo->hook_entry[h] = hook_entries[h]; | 773 | newinfo->hook_entry[h] = hook_entries[h]; |
774 | if ((unsigned char *)e - base == underflows[h]) | 774 | if ((unsigned char *)e - base == underflows[h]) { |
775 | if (!unconditional(&e->ipv6)) { | ||
776 | pr_err("Underflows must be unconditional\n"); | ||
777 | return -EINVAL; | ||
778 | } | ||
775 | newinfo->underflow[h] = underflows[h]; | 779 | newinfo->underflow[h] = underflows[h]; |
780 | } | ||
776 | } | 781 | } |
777 | 782 | ||
778 | /* FIXME: underflows must be unconditional, standard verdicts | ||
779 | < 0 (not IP6T_RETURN). --RR */ | ||
780 | |||
781 | /* Clear counters and comefrom */ | 783 | /* Clear counters and comefrom */ |
782 | e->counters = ((struct xt_counters) { 0, 0 }); | 784 | e->counters = ((struct xt_counters) { 0, 0 }); |
783 | e->comefrom = 0; | 785 | e->comefrom = 0; |