diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 22 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6t_policy.c | 3 |
2 files changed, 6 insertions, 19 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index b75f8fdc3afe..d74ec335743e 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -94,19 +94,6 @@ do { \ | |||
94 | #define up(x) do { printk("UP:%u:" #x "\n", __LINE__); up(x); } while(0) | 94 | #define up(x) do { printk("UP:%u:" #x "\n", __LINE__); up(x); } while(0) |
95 | #endif | 95 | #endif |
96 | 96 | ||
97 | int | ||
98 | ip6_masked_addrcmp(const struct in6_addr *addr1, const struct in6_addr *mask, | ||
99 | const struct in6_addr *addr2) | ||
100 | { | ||
101 | int i; | ||
102 | for( i = 0; i < 16; i++){ | ||
103 | if((addr1->s6_addr[i] & mask->s6_addr[i]) != | ||
104 | (addr2->s6_addr[i] & mask->s6_addr[i])) | ||
105 | return 1; | ||
106 | } | ||
107 | return 0; | ||
108 | } | ||
109 | |||
110 | /* Check for an extension */ | 97 | /* Check for an extension */ |
111 | int | 98 | int |
112 | ip6t_ext_hdr(u8 nexthdr) | 99 | ip6t_ext_hdr(u8 nexthdr) |
@@ -135,10 +122,10 @@ ip6_packet_match(const struct sk_buff *skb, | |||
135 | 122 | ||
136 | #define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg)) | 123 | #define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg)) |
137 | 124 | ||
138 | if (FWINV(ip6_masked_addrcmp(&ipv6->saddr, &ip6info->smsk, | 125 | if (FWINV(ipv6_masked_addr_cmp(&ipv6->saddr, &ip6info->smsk, |
139 | &ip6info->src), IP6T_INV_SRCIP) | 126 | &ip6info->src), IP6T_INV_SRCIP) |
140 | || FWINV(ip6_masked_addrcmp(&ipv6->daddr, &ip6info->dmsk, | 127 | || FWINV(ipv6_masked_addr_cmp(&ipv6->daddr, &ip6info->dmsk, |
141 | &ip6info->dst), IP6T_INV_DSTIP)) { | 128 | &ip6info->dst), IP6T_INV_DSTIP)) { |
142 | dprintf("Source or dest mismatch.\n"); | 129 | dprintf("Source or dest mismatch.\n"); |
143 | /* | 130 | /* |
144 | dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr, | 131 | dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr, |
@@ -1526,7 +1513,6 @@ EXPORT_SYMBOL(ip6t_unregister_table); | |||
1526 | EXPORT_SYMBOL(ip6t_do_table); | 1513 | EXPORT_SYMBOL(ip6t_do_table); |
1527 | EXPORT_SYMBOL(ip6t_ext_hdr); | 1514 | EXPORT_SYMBOL(ip6t_ext_hdr); |
1528 | EXPORT_SYMBOL(ipv6_find_hdr); | 1515 | EXPORT_SYMBOL(ipv6_find_hdr); |
1529 | EXPORT_SYMBOL(ip6_masked_addrcmp); | ||
1530 | 1516 | ||
1531 | module_init(init); | 1517 | module_init(init); |
1532 | module_exit(fini); | 1518 | module_exit(fini); |
diff --git a/net/ipv6/netfilter/ip6t_policy.c b/net/ipv6/netfilter/ip6t_policy.c index b2f30072ca6e..f2a59970e007 100644 --- a/net/ipv6/netfilter/ip6t_policy.c +++ b/net/ipv6/netfilter/ip6t_policy.c | |||
@@ -27,7 +27,8 @@ static inline int | |||
27 | match_xfrm_state(struct xfrm_state *x, const struct ip6t_policy_elem *e) | 27 | match_xfrm_state(struct xfrm_state *x, const struct ip6t_policy_elem *e) |
28 | { | 28 | { |
29 | #define MATCH_ADDR(x,y,z) (!e->match.x || \ | 29 | #define MATCH_ADDR(x,y,z) (!e->match.x || \ |
30 | ((!ip6_masked_addrcmp(&e->x.a6, &e->y.a6, z)) \ | 30 | ((!ipv6_masked_addr_cmp(&e->x.a6, &e->y.a6, \ |
31 | z)) \ | ||
31 | ^ e->invert.x)) | 32 | ^ e->invert.x)) |
32 | #define MATCH(x,y) (!e->match.x || ((e->x == (y)) ^ e->invert.x)) | 33 | #define MATCH(x,y) (!e->match.x || ((e->x == (y)) ^ e->invert.x)) |
33 | 34 | ||