aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/netfilter/ip6_tables.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 5a178be6c8cc..5164e0bf3bcc 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -343,6 +343,8 @@ ip6t_do_table(struct sk_buff *skb,
343 const struct net_device *out, 343 const struct net_device *out,
344 struct xt_table *table) 344 struct xt_table *table)
345{ 345{
346#define tb_comefrom ((struct ip6t_entry *)table_base)->comefrom
347
346 static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); 348 static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long))));
347 bool hotdrop = false; 349 bool hotdrop = false;
348 /* Initializing verdict to NF_DROP keeps gcc happy. */ 350 /* Initializing verdict to NF_DROP keeps gcc happy. */
@@ -440,18 +442,17 @@ ip6t_do_table(struct sk_buff *skb,
440 tgpar.targinfo = t->data; 442 tgpar.targinfo = t->data;
441 443
442#ifdef CONFIG_NETFILTER_DEBUG 444#ifdef CONFIG_NETFILTER_DEBUG
443 ((struct ip6t_entry *)table_base)->comefrom = 0xeeeeeeec; 445 tb_comefrom = 0xeeeeeeec;
444#endif 446#endif
445 verdict = t->u.kernel.target->target(skb, &tgpar); 447 verdict = t->u.kernel.target->target(skb, &tgpar);
446 448
447#ifdef CONFIG_NETFILTER_DEBUG 449#ifdef CONFIG_NETFILTER_DEBUG
448 if (((struct ip6t_entry *)table_base)->comefrom != 0xeeeeeeec && 450 if (tb_comefrom != 0xeeeeeeec && verdict == IP6T_CONTINUE) {
449 verdict == IP6T_CONTINUE) {
450 printk("Target %s reentered!\n", 451 printk("Target %s reentered!\n",
451 t->u.kernel.target->name); 452 t->u.kernel.target->name);
452 verdict = NF_DROP; 453 verdict = NF_DROP;
453 } 454 }
454 ((struct ip6t_entry *)table_base)->comefrom = 0x57acc001; 455 tb_comefrom = 0x57acc001;
455#endif 456#endif
456 if (verdict == IP6T_CONTINUE) 457 if (verdict == IP6T_CONTINUE)
457 e = ip6t_next_entry(e); 458 e = ip6t_next_entry(e);
@@ -461,7 +462,7 @@ ip6t_do_table(struct sk_buff *skb,
461 } while (!hotdrop); 462 } while (!hotdrop);
462 463
463#ifdef CONFIG_NETFILTER_DEBUG 464#ifdef CONFIG_NETFILTER_DEBUG
464 ((struct ip6t_entry *)table_base)->comefrom = NETFILTER_LINK_POISON; 465 tb_comefrom = NETFILTER_LINK_POISON;
465#endif 466#endif
466 xt_info_rdunlock_bh(); 467 xt_info_rdunlock_bh();
467 468
@@ -472,6 +473,8 @@ ip6t_do_table(struct sk_buff *skb,
472 return NF_DROP; 473 return NF_DROP;
473 else return verdict; 474 else return verdict;
474#endif 475#endif
476
477#undef tb_comefrom
475} 478}
476 479
477/* Figures out from what hook each rule can be called: returns 0 if 480/* Figures out from what hook each rule can be called: returns 0 if