aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/netfilter/ip6_tables.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 4853a3d542b7..9176e98ace7a 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -329,6 +329,12 @@ static void trace_packet(struct sk_buff *skb,
329} 329}
330#endif 330#endif
331 331
332static inline __pure struct ip6t_entry *
333ip6t_next_entry(const struct ip6t_entry *entry)
334{
335 return (void *)entry + entry->next_offset;
336}
337
332/* Returns one of the generic firewall policies, like NF_ACCEPT. */ 338/* Returns one of the generic firewall policies, like NF_ACCEPT. */
333unsigned int 339unsigned int
334ip6t_do_table(struct sk_buff *skb, 340ip6t_do_table(struct sk_buff *skb,
@@ -414,11 +420,11 @@ ip6t_do_table(struct sk_buff *skb,
414 back->comefrom); 420 back->comefrom);
415 continue; 421 continue;
416 } 422 }
417 if (table_base + v != (void *)e + e->next_offset 423 if (table_base + v != ip6t_next_entry(e)
418 && !(e->ipv6.flags & IP6T_F_GOTO)) { 424 && !(e->ipv6.flags & IP6T_F_GOTO)) {
419 /* Save old back ptr in next entry */ 425 /* Save old back ptr in next entry */
420 struct ip6t_entry *next 426 struct ip6t_entry *next
421 = (void *)e + e->next_offset; 427 = ip6t_next_entry(e);
422 next->comefrom 428 next->comefrom
423 = (void *)back - table_base; 429 = (void *)back - table_base;
424 /* set back pointer to next entry */ 430 /* set back pointer to next entry */
@@ -451,7 +457,7 @@ ip6t_do_table(struct sk_buff *skb,
451 = 0x57acc001; 457 = 0x57acc001;
452#endif 458#endif
453 if (verdict == IP6T_CONTINUE) 459 if (verdict == IP6T_CONTINUE)
454 e = (void *)e + e->next_offset; 460 e = ip6t_next_entry(e);
455 else 461 else
456 /* Verdict */ 462 /* Verdict */
457 break; 463 break;
@@ -459,7 +465,7 @@ ip6t_do_table(struct sk_buff *skb,
459 } else { 465 } else {
460 466
461 no_match: 467 no_match:
462 e = (void *)e + e->next_offset; 468 e = ip6t_next_entry(e);
463 } 469 }
464 } while (!hotdrop); 470 } while (!hotdrop);
465 471