diff options
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 5a178be6c8cc..5164e0bf3bcc 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -343,6 +343,8 @@ ip6t_do_table(struct sk_buff *skb, | |||
343 | const struct net_device *out, | 343 | const struct net_device *out, |
344 | struct xt_table *table) | 344 | struct xt_table *table) |
345 | { | 345 | { |
346 | #define tb_comefrom ((struct ip6t_entry *)table_base)->comefrom | ||
347 | |||
346 | static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); | 348 | static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); |
347 | bool hotdrop = false; | 349 | bool hotdrop = false; |
348 | /* Initializing verdict to NF_DROP keeps gcc happy. */ | 350 | /* Initializing verdict to NF_DROP keeps gcc happy. */ |
@@ -440,18 +442,17 @@ ip6t_do_table(struct sk_buff *skb, | |||
440 | tgpar.targinfo = t->data; | 442 | tgpar.targinfo = t->data; |
441 | 443 | ||
442 | #ifdef CONFIG_NETFILTER_DEBUG | 444 | #ifdef CONFIG_NETFILTER_DEBUG |
443 | ((struct ip6t_entry *)table_base)->comefrom = 0xeeeeeeec; | 445 | tb_comefrom = 0xeeeeeeec; |
444 | #endif | 446 | #endif |
445 | verdict = t->u.kernel.target->target(skb, &tgpar); | 447 | verdict = t->u.kernel.target->target(skb, &tgpar); |
446 | 448 | ||
447 | #ifdef CONFIG_NETFILTER_DEBUG | 449 | #ifdef CONFIG_NETFILTER_DEBUG |
448 | if (((struct ip6t_entry *)table_base)->comefrom != 0xeeeeeeec && | 450 | if (tb_comefrom != 0xeeeeeeec && verdict == IP6T_CONTINUE) { |
449 | verdict == IP6T_CONTINUE) { | ||
450 | printk("Target %s reentered!\n", | 451 | printk("Target %s reentered!\n", |
451 | t->u.kernel.target->name); | 452 | t->u.kernel.target->name); |
452 | verdict = NF_DROP; | 453 | verdict = NF_DROP; |
453 | } | 454 | } |
454 | ((struct ip6t_entry *)table_base)->comefrom = 0x57acc001; | 455 | tb_comefrom = 0x57acc001; |
455 | #endif | 456 | #endif |
456 | if (verdict == IP6T_CONTINUE) | 457 | if (verdict == IP6T_CONTINUE) |
457 | e = ip6t_next_entry(e); | 458 | e = ip6t_next_entry(e); |
@@ -461,7 +462,7 @@ ip6t_do_table(struct sk_buff *skb, | |||
461 | } while (!hotdrop); | 462 | } while (!hotdrop); |
462 | 463 | ||
463 | #ifdef CONFIG_NETFILTER_DEBUG | 464 | #ifdef CONFIG_NETFILTER_DEBUG |
464 | ((struct ip6t_entry *)table_base)->comefrom = NETFILTER_LINK_POISON; | 465 | tb_comefrom = NETFILTER_LINK_POISON; |
465 | #endif | 466 | #endif |
466 | xt_info_rdunlock_bh(); | 467 | xt_info_rdunlock_bh(); |
467 | 468 | ||
@@ -472,6 +473,8 @@ ip6t_do_table(struct sk_buff *skb, | |||
472 | return NF_DROP; | 473 | return NF_DROP; |
473 | else return verdict; | 474 | else return verdict; |
474 | #endif | 475 | #endif |
476 | |||
477 | #undef tb_comefrom | ||
475 | } | 478 | } |
476 | 479 | ||
477 | /* Figures out from what hook each rule can be called: returns 0 if | 480 | /* Figures out from what hook each rule can be called: returns 0 if |