8 files changed, 67 insertions, 16 deletions
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index cf08218ddbcf..ff4b781b1056 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -231,8 +231,10 @@ static void ipt_ulog_packet(struct net *net,
        put_unaligned(tv.tv_usec, &pm->timestamp_usec);
        put_unaligned(skb->mark, &pm->mark);
        pm->hook = hooknum;
-        if (prefix != NULL)
+        if (prefix != NULL) {
-                strncpy(pm->prefix, prefix, sizeof(pm->prefix));
+                strncpy(pm->prefix, prefix, sizeof(pm->prefix) - 1);
+                pm->prefix[sizeof(pm->prefix) - 1] = '\0';
+        }
        else if (loginfo->prefix[0] != '\0')
                strncpy(pm->prefix, loginfo->prefix, sizeof(pm->prefix));
        else
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index d1ab6ab29a55..d1b2d8034b54 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -1487,7 +1487,7 @@ static int ipv6_count_addresses(struct inet6_dev *idev)
 }
 int ipv6_chk_addr(struct net *net, const struct in6_addr *addr,
-                  struct net_device *dev, int strict)
+                  const struct net_device *dev, int strict)
 {
        struct inet6_ifaddr *ifp;
        unsigned int hash = inet6_addr_hash(addr);
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index 72836f40b730..95f3f1da0d7f 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -10,6 +10,7 @@
 #include <linux/netfilter.h>
 #include <linux/netfilter_ipv6.h>
 #include <linux/export.h>
+#include <net/addrconf.h>
 #include <net/dst.h>
 #include <net/ipv6.h>
 #include <net/ip6_route.h>
@@ -186,6 +187,10 @@ static __sum16 nf_ip6_checksum_partial(struct sk_buff *skb, unsigned int hook,
        return csum;
 };
+static const struct nf_ipv6_ops ipv6ops = {
+        .chk_addr       = ipv6_chk_addr,
+};
 static const struct nf_afinfo nf_ip6_afinfo = {
        .family                 = AF_INET6,
        .checksum               = nf_ip6_checksum,
@@ -198,6 +203,7 @@ static const struct nf_afinfo nf_ip6_afinfo = {
 int __init ipv6_netfilter_init(void)
 {
+        RCU_INIT_POINTER(nf_ipv6_ops, &ipv6ops);
        return nf_register_afinfo(&nf_ip6_afinfo);
 }
@@ -206,5 +212,6 @@ int __init ipv6_netfilter_init(void)
 */
 void ipv6_netfilter_fini(void)
 {
+        RCU_INIT_POINTER(nf_ipv6_ops, NULL);
        nf_unregister_afinfo(&nf_ip6_afinfo);
 }
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 07c865a31a3d..857ca9f35177 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -30,6 +30,8 @@ static DEFINE_MUTEX(afinfo_mutex);
 const struct nf_afinfo __rcu *nf_afinfo[NFPROTO_NUMPROTO] __read_mostly;
 EXPORT_SYMBOL(nf_afinfo);
+const struct nf_ipv6_ops __rcu *nf_ipv6_ops __read_mostly;
+EXPORT_SYMBOL_GPL(nf_ipv6_ops);
 int nf_register_afinfo(const struct nf_afinfo *afinfo)
 {
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 085b5880ab0d..05565d2b3a61 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1001,6 +1001,32 @@ static inline int is_tcp_reset(const struct sk_buff *skb, int nh_len)
        return th->rst;
 }
+static inline bool is_new_conn(const struct sk_buff *skb,
+                               struct ip_vs_iphdr *iph)
+{
+        switch (iph->protocol) {
+        case IPPROTO_TCP: {
+                struct tcphdr _tcph, *th;
+                th = skb_header_pointer(skb, iph->len, sizeof(_tcph), &_tcph);
+                if (th == NULL)
+                        return false;
+                return th->syn;
+        }
+        case IPPROTO_SCTP: {
+                sctp_chunkhdr_t *sch, schunk;
+                sch = skb_header_pointer(skb, iph->len + sizeof(sctp_sctphdr_t),
+                                         sizeof(schunk), &schunk);
+                if (sch == NULL)
+                        return false;
+                return sch->type == SCTP_CID_INIT;
+        }
+        default:
+                return false;
+        }
+}
 /* Handle response packets: rewrite addresses and send away...
 */
 static unsigned int
@@ -1612,6 +1638,15 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af)
         * Check if the packet belongs to an existing connection entry
         */
        cp = pp->conn_in_get(af, skb, &iph, 0);
+        if (unlikely(sysctl_expire_nodest_conn(ipvs)) && cp && cp->dest &&
+            unlikely(!atomic_read(&cp->dest->weight)) && !iph.fragoffs &&
+            is_new_conn(skb, &iph)) {
+                ip_vs_conn_expire_now(cp);
+                __ip_vs_conn_put(cp);
+                cp = NULL;
+        }
        if (unlikely(!cp) && !iph.fragoffs) {
                /* No (second) fragments need to enter here, as nf_defrag_ipv6
                 * replayed fragment zero will already have created the cp
diff --git a/net/netfilter/ipvs/ip_vs_sh.c b/net/netfilter/ipvs/ip_vs_sh.c
index 0df269d7c99f..a65edfe4b16c 100644
--- a/net/netfilter/ipvs/ip_vs_sh.c
+++ b/net/netfilter/ipvs/ip_vs_sh.c
@@ -67,8 +67,8 @@ struct ip_vs_sh_bucket {
 #define IP_VS_SH_TAB_MASK               (IP_VS_SH_TAB_SIZE - 1)
 struct ip_vs_sh_state {
-        struct ip_vs_sh_bucket          buckets[IP_VS_SH_TAB_SIZE];
        struct rcu_head                 rcu_head;
+        struct ip_vs_sh_bucket          buckets[IP_VS_SH_TAB_SIZE];
 };
 /*
diff --git a/net/netfilter/xt_LOG.c b/net/netfilter/xt_LOG.c
index 491c7d821a0b..5ab24843370a 100644
--- a/net/netfilter/xt_LOG.c
+++ b/net/netfilter/xt_LOG.c
@@ -737,7 +737,7 @@ static void dump_ipv6_packet(struct sbuff *m,
                dump_sk_uid_gid(m, skb->sk);
        /* Max length: 16 "MARK=0xFFFFFFFF " */
-        if (!recurse && skb->mark)
+        if (recurse && skb->mark)
                sb_add(m, "MARK=0x%x ", skb->mark);
 }
diff --git a/net/netfilter/xt_addrtype.c b/net/netfilter/xt_addrtype.c
index 49c5ff7f6dd6..68ff29f60867 100644
--- a/net/netfilter/xt_addrtype.c
+++ b/net/netfilter/xt_addrtype.c
@@ -22,6 +22,7 @@
 #include <net/ip6_fib.h>
 #endif
+#include <linux/netfilter_ipv6.h>
 #include <linux/netfilter/xt_addrtype.h>
 #include <linux/netfilter/x_tables.h>
@@ -33,12 +34,12 @@ MODULE_ALIAS("ip6t_addrtype");
 #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
 static u32 match_lookup_rt6(struct net *net, const struct net_device *dev,
-                            const struct in6_addr *addr)
+                            const struct in6_addr *addr, u16 mask)
 {
        const struct nf_afinfo *afinfo;
        struct flowi6 flow;
        struct rt6_info *rt;
-        u32 ret;
+        u32 ret = 0;
        int route_err;
        memset(&flow, 0, sizeof(flow));
@@ -49,12 +50,19 @@ static u32 match_lookup_rt6(struct net *net, const struct net_device *dev,
        rcu_read_lock();
        afinfo = nf_get_afinfo(NFPROTO_IPV6);
-        if (afinfo != NULL)
+        if (afinfo != NULL) {
+                const struct nf_ipv6_ops *v6ops;
+                if (dev && (mask & XT_ADDRTYPE_LOCAL)) {
+                        v6ops = nf_get_ipv6_ops();
+                        if (v6ops && v6ops->chk_addr(net, addr, dev, true))
+                                ret = XT_ADDRTYPE_LOCAL;
+                }
                route_err = afinfo->route(net, (struct dst_entry **)&rt,
-                                        flowi6_to_flowi(&flow), !!dev);
+                                          flowi6_to_flowi(&flow), false);
-        else
+        } else {
                route_err = 1;
+        }
        rcu_read_unlock();
        if (route_err)
@@ -62,15 +70,12 @@ static u32 match_lookup_rt6(struct net *net, const struct net_device *dev,
        if (rt->rt6i_flags & RTF_REJECT)
                ret = XT_ADDRTYPE_UNREACHABLE;
-        else
-                ret = 0;
-        if (rt->rt6i_flags & RTF_LOCAL)
+        if (dev == NULL && rt->rt6i_flags & RTF_LOCAL)
                ret |= XT_ADDRTYPE_LOCAL;
        if (rt->rt6i_flags & RTF_ANYCAST)
                ret |= XT_ADDRTYPE_ANYCAST;
        dst_release(&rt->dst);
        return ret;
 }
@@ -90,7 +95,7 @@ static bool match_type6(struct net *net, const struct net_device *dev,
        if ((XT_ADDRTYPE_LOCAL | XT_ADDRTYPE_ANYCAST |
             XT_ADDRTYPE_UNREACHABLE) & mask)
-                return !!(mask & match_lookup_rt6(net, dev, addr));
+                return !!(mask & match_lookup_rt6(net, dev, addr, mask));
        return true;
 }

diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c index cf08218ddbcf..ff4b781b1056 100644 --- a/net/ipv4/netfilter/ipt_ULOG.c +++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -231,8 +231,10 @@ static void ipt_ulog_packet(struct net *net,
231	put_unaligned(tv.tv_usec, &pm->timestamp_usec);	231	put_unaligned(tv.tv_usec, &pm->timestamp_usec);
232	put_unaligned(skb->mark, &pm->mark);	232	put_unaligned(skb->mark, &pm->mark);
233	pm->hook = hooknum;	233	pm->hook = hooknum;
234	if (prefix != NULL)	234	if (prefix != NULL) {
235	strncpy(pm->prefix, prefix, sizeof(pm->prefix));	235	strncpy(pm->prefix, prefix, sizeof(pm->prefix) - 1);
		236	pm->prefix[sizeof(pm->prefix) - 1] = '\0';
		237	}
236	else if (loginfo->prefix[0] != '\0')	238	else if (loginfo->prefix[0] != '\0')
237	strncpy(pm->prefix, loginfo->prefix, sizeof(pm->prefix));	239	strncpy(pm->prefix, loginfo->prefix, sizeof(pm->prefix));
238	else	240	else


diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c index d1ab6ab29a55..d1b2d8034b54 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c
@@ -1487,7 +1487,7 @@ static int ipv6_count_addresses(struct inet6_dev *idev)
1487	}	1487	}
1488		1488
1489	int ipv6_chk_addr(struct net net, const struct in6_addr addr,	1489	int ipv6_chk_addr(struct net net, const struct in6_addr addr,
1490	struct net_device *dev, int strict)	1490	const struct net_device *dev, int strict)
1491	{	1491	{
1492	struct inet6_ifaddr *ifp;	1492	struct inet6_ifaddr *ifp;
1493	unsigned int hash = inet6_addr_hash(addr);	1493	unsigned int hash = inet6_addr_hash(addr);


diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c index 72836f40b730..95f3f1da0d7f 100644 --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c
@@ -10,6 +10,7 @@
10	#include <linux/netfilter.h>	10	#include <linux/netfilter.h>
11	#include <linux/netfilter_ipv6.h>	11	#include <linux/netfilter_ipv6.h>
12	#include <linux/export.h>	12	#include <linux/export.h>
		13	#include <net/addrconf.h>
13	#include <net/dst.h>	14	#include <net/dst.h>
14	#include <net/ipv6.h>	15	#include <net/ipv6.h>
15	#include <net/ip6_route.h>	16	#include <net/ip6_route.h>
@@ -186,6 +187,10 @@ static __sum16 nf_ip6_checksum_partial(struct sk_buff *skb, unsigned int hook,
186	return csum;	187	return csum;
187	};	188	};
188		189
		190	static const struct nf_ipv6_ops ipv6ops = {
		191	.chk_addr = ipv6_chk_addr,
		192	};
		193
189	static const struct nf_afinfo nf_ip6_afinfo = {	194	static const struct nf_afinfo nf_ip6_afinfo = {
190	.family = AF_INET6,	195	.family = AF_INET6,
191	.checksum = nf_ip6_checksum,	196	.checksum = nf_ip6_checksum,
@@ -198,6 +203,7 @@ static const struct nf_afinfo nf_ip6_afinfo = {
198		203
199	int __init ipv6_netfilter_init(void)	204	int __init ipv6_netfilter_init(void)
200	{	205	{
		206	RCU_INIT_POINTER(nf_ipv6_ops, &ipv6ops);
201	return nf_register_afinfo(&nf_ip6_afinfo);	207	return nf_register_afinfo(&nf_ip6_afinfo);
202	}	208	}
203		209
@@ -206,5 +212,6 @@ int __init ipv6_netfilter_init(void)
206	*/	212	*/
207	void ipv6_netfilter_fini(void)	213	void ipv6_netfilter_fini(void)
208	{	214	{
		215	RCU_INIT_POINTER(nf_ipv6_ops, NULL);
209	nf_unregister_afinfo(&nf_ip6_afinfo);	216	nf_unregister_afinfo(&nf_ip6_afinfo);
210	}	217	}


diff --git a/net/netfilter/core.c b/net/netfilter/core.c index 07c865a31a3d..857ca9f35177 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c
@@ -30,6 +30,8 @@ static DEFINE_MUTEX(afinfo_mutex);
30		30
31	const struct nf_afinfo __rcu *nf_afinfo[NFPROTO_NUMPROTO] __read_mostly;	31	const struct nf_afinfo __rcu *nf_afinfo[NFPROTO_NUMPROTO] __read_mostly;
32	EXPORT_SYMBOL(nf_afinfo);	32	EXPORT_SYMBOL(nf_afinfo);
		33	const struct nf_ipv6_ops __rcu *nf_ipv6_ops __read_mostly;
		34	EXPORT_SYMBOL_GPL(nf_ipv6_ops);
33		35
34	int nf_register_afinfo(const struct nf_afinfo *afinfo)	36	int nf_register_afinfo(const struct nf_afinfo *afinfo)
35	{	37	{


diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c index 085b5880ab0d..05565d2b3a61 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1001,6 +1001,32 @@ static inline int is_tcp_reset(const struct sk_buff *skb, int nh_len)
1001	return th->rst;	1001	return th->rst;
1002	}	1002	}
1003		1003
		1004	static inline bool is_new_conn(const struct sk_buff *skb,
		1005	struct ip_vs_iphdr *iph)
		1006	{
		1007	switch (iph->protocol) {
		1008	case IPPROTO_TCP: {
		1009	struct tcphdr _tcph, *th;
		1010
		1011	th = skb_header_pointer(skb, iph->len, sizeof(_tcph), &_tcph);
		1012	if (th == NULL)
		1013	return false;
		1014	return th->syn;
		1015	}
		1016	case IPPROTO_SCTP: {
		1017	sctp_chunkhdr_t *sch, schunk;
		1018
		1019	sch = skb_header_pointer(skb, iph->len + sizeof(sctp_sctphdr_t),
		1020	sizeof(schunk), &schunk);
		1021	if (sch == NULL)
		1022	return false;
		1023	return sch->type == SCTP_CID_INIT;
		1024	}
		1025	default:
		1026	return false;
		1027	}
		1028	}
		1029
1004	/* Handle response packets: rewrite addresses and send away...	1030	/* Handle response packets: rewrite addresses and send away...
1005	*/	1031	*/
1006	static unsigned int	1032	static unsigned int
@@ -1612,6 +1638,15 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af)
1612	* Check if the packet belongs to an existing connection entry	1638	* Check if the packet belongs to an existing connection entry
1613	*/	1639	*/
1614	cp = pp->conn_in_get(af, skb, &iph, 0);	1640	cp = pp->conn_in_get(af, skb, &iph, 0);
		1641
		1642	if (unlikely(sysctl_expire_nodest_conn(ipvs)) && cp && cp->dest &&
		1643	unlikely(!atomic_read(&cp->dest->weight)) && !iph.fragoffs &&
		1644	is_new_conn(skb, &iph)) {
		1645	ip_vs_conn_expire_now(cp);
		1646	__ip_vs_conn_put(cp);
		1647	cp = NULL;
		1648	}
		1649
1615	if (unlikely(!cp) && !iph.fragoffs) {	1650	if (unlikely(!cp) && !iph.fragoffs) {
1616	/* No (second) fragments need to enter here, as nf_defrag_ipv6	1651	/* No (second) fragments need to enter here, as nf_defrag_ipv6
1617	* replayed fragment zero will already have created the cp	1652	* replayed fragment zero will already have created the cp


diff --git a/net/netfilter/ipvs/ip_vs_sh.c b/net/netfilter/ipvs/ip_vs_sh.c index 0df269d7c99f..a65edfe4b16c 100644 --- a/net/netfilter/ipvs/ip_vs_sh.c +++ b/net/netfilter/ipvs/ip_vs_sh.c
@@ -67,8 +67,8 @@ struct ip_vs_sh_bucket {
67	#define IP_VS_SH_TAB_MASK (IP_VS_SH_TAB_SIZE - 1)	67	#define IP_VS_SH_TAB_MASK (IP_VS_SH_TAB_SIZE - 1)
68		68
69	struct ip_vs_sh_state {	69	struct ip_vs_sh_state {
70	struct ip_vs_sh_bucket buckets[IP_VS_SH_TAB_SIZE];
71	struct rcu_head rcu_head;	70	struct rcu_head rcu_head;
		71	struct ip_vs_sh_bucket buckets[IP_VS_SH_TAB_SIZE];
72	};	72	};
73		73
74	/*	74	/*


diff --git a/net/netfilter/xt_LOG.c b/net/netfilter/xt_LOG.c index 491c7d821a0b..5ab24843370a 100644 --- a/net/netfilter/xt_LOG.c +++ b/net/netfilter/xt_LOG.c
@@ -737,7 +737,7 @@ static void dump_ipv6_packet(struct sbuff *m,
737	dump_sk_uid_gid(m, skb->sk);	737	dump_sk_uid_gid(m, skb->sk);
738		738
739	/* Max length: 16 "MARK=0xFFFFFFFF " */	739	/* Max length: 16 "MARK=0xFFFFFFFF " */
740	if (!recurse && skb->mark)	740	if (recurse && skb->mark)
741	sb_add(m, "MARK=0x%x ", skb->mark);	741	sb_add(m, "MARK=0x%x ", skb->mark);
742	}	742	}
743		743


diff --git a/net/netfilter/xt_addrtype.c b/net/netfilter/xt_addrtype.c index 49c5ff7f6dd6..68ff29f60867 100644 --- a/net/netfilter/xt_addrtype.c +++ b/net/netfilter/xt_addrtype.c
@@ -22,6 +22,7 @@
22	#include <net/ip6_fib.h>	22	#include <net/ip6_fib.h>
23	#endif	23	#endif
24		24
		25	#include <linux/netfilter_ipv6.h>
25	#include <linux/netfilter/xt_addrtype.h>	26	#include <linux/netfilter/xt_addrtype.h>
26	#include <linux/netfilter/x_tables.h>	27	#include <linux/netfilter/x_tables.h>
27		28
@@ -33,12 +34,12 @@ MODULE_ALIAS("ip6t_addrtype");
33		34
34	#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)	35	#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
35	static u32 match_lookup_rt6(struct net net, const struct net_device dev,	36	static u32 match_lookup_rt6(struct net net, const struct net_device dev,
36	const struct in6_addr *addr)	37	const struct in6_addr *addr, u16 mask)
37	{	38	{
38	const struct nf_afinfo *afinfo;	39	const struct nf_afinfo *afinfo;
39	struct flowi6 flow;	40	struct flowi6 flow;
40	struct rt6_info *rt;	41	struct rt6_info *rt;
41	u32 ret;	42	u32 ret = 0;
42	int route_err;	43	int route_err;
43		44
44	memset(&flow, 0, sizeof(flow));	45	memset(&flow, 0, sizeof(flow));
@@ -49,12 +50,19 @@ static u32 match_lookup_rt6(struct net net, const struct net_device dev,
49	rcu_read_lock();	50	rcu_read_lock();
50		51
51	afinfo = nf_get_afinfo(NFPROTO_IPV6);	52	afinfo = nf_get_afinfo(NFPROTO_IPV6);
52	if (afinfo != NULL)	53	if (afinfo != NULL) {
		54	const struct nf_ipv6_ops *v6ops;
		55
		56	if (dev && (mask & XT_ADDRTYPE_LOCAL)) {
		57	v6ops = nf_get_ipv6_ops();
		58	if (v6ops && v6ops->chk_addr(net, addr, dev, true))
		59	ret = XT_ADDRTYPE_LOCAL;
		60	}
53	route_err = afinfo->route(net, (struct dst_entry **)&rt,	61	route_err = afinfo->route(net, (struct dst_entry **)&rt,
54	flowi6_to_flowi(&flow), !!dev);	62	flowi6_to_flowi(&flow), false);
55	else	63	} else {
56	route_err = 1;	64	route_err = 1;
57		65	}
58	rcu_read_unlock();	66	rcu_read_unlock();
59		67
60	if (route_err)	68	if (route_err)
@@ -62,15 +70,12 @@ static u32 match_lookup_rt6(struct net net, const struct net_device dev,
62		70
63	if (rt->rt6i_flags & RTF_REJECT)	71	if (rt->rt6i_flags & RTF_REJECT)
64	ret = XT_ADDRTYPE_UNREACHABLE;	72	ret = XT_ADDRTYPE_UNREACHABLE;
65	else
66	ret = 0;
67		73
68	if (rt->rt6i_flags & RTF_LOCAL)	74	if (dev == NULL && rt->rt6i_flags & RTF_LOCAL)
69	ret \|= XT_ADDRTYPE_LOCAL;	75	ret \|= XT_ADDRTYPE_LOCAL;
70	if (rt->rt6i_flags & RTF_ANYCAST)	76	if (rt->rt6i_flags & RTF_ANYCAST)
71	ret \|= XT_ADDRTYPE_ANYCAST;	77	ret \|= XT_ADDRTYPE_ANYCAST;
72		78
73
74	dst_release(&rt->dst);	79	dst_release(&rt->dst);
75	return ret;	80	return ret;
76	}	81	}
@@ -90,7 +95,7 @@ static bool match_type6(struct net net, const struct net_device dev,
90		95
91	if ((XT_ADDRTYPE_LOCAL \| XT_ADDRTYPE_ANYCAST \|	96	if ((XT_ADDRTYPE_LOCAL \| XT_ADDRTYPE_ANYCAST \|
92	XT_ADDRTYPE_UNREACHABLE) & mask)	97	XT_ADDRTYPE_UNREACHABLE) & mask)
93	return !!(mask & match_lookup_rt6(net, dev, addr));	98	return !!(mask & match_lookup_rt6(net, dev, addr, mask));
94	return true;	99	return true;
95	}	100	}
96		101