git://git.onelab.eu
/
linux-2.6.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fedora core 6 1.2949 + vserver 2.2.0
[linux-2.6.git]
/
net
/
ipv6
/
netfilter
/
ip6t_ipv6header.c
diff --git
a/net/ipv6/netfilter/ip6t_ipv6header.c
b/net/ipv6/netfilter/ip6t_ipv6header.c
index
32e67f0
..
3093c39
100644
(file)
--- a/
net/ipv6/netfilter/ip6t_ipv6header.c
+++ b/
net/ipv6/netfilter/ip6t_ipv6header.c
@@
-29,6
+29,7
@@
static int
ipv6header_match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
ipv6header_match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
+ const struct xt_match *match,
const void *matchinfo,
int offset,
unsigned int protoff,
const void *matchinfo,
int offset,
unsigned int protoff,
@@
-50,20
+51,20
@@
ipv6header_match(const struct sk_buff *skb,
len = skb->len - ptr;
temp = 0;
len = skb->len - ptr;
temp = 0;
-
while (ip6t_ext_hdr(nexthdr)) {
+ while (ip6t_ext_hdr(nexthdr)) {
struct ipv6_opt_hdr _hdr, *hp;
struct ipv6_opt_hdr _hdr, *hp;
- int hdrlen;
+ int hdrlen;
/* Is there enough space for the next ext header? */
/* Is there enough space for the next ext header? */
-
if (len < (int)sizeof(struct ipv6_opt_hdr))
-
return 0;
+ if (len < (int)sizeof(struct ipv6_opt_hdr))
+ return 0;
/* No more exthdr -> evaluate */
/* No more exthdr -> evaluate */
-
if (nexthdr == NEXTHDR_NONE) {
+ if (nexthdr == NEXTHDR_NONE) {
temp |= MASK_NONE;
break;
}
/* ESP -> evaluate */
temp |= MASK_NONE;
break;
}
/* ESP -> evaluate */
-
if (nexthdr == NEXTHDR_ESP) {
+ if (nexthdr == NEXTHDR_ESP) {
temp |= MASK_ESP;
break;
}
temp |= MASK_ESP;
break;
}
@@
-72,43
+73,43
@@
ipv6header_match(const struct sk_buff *skb,
BUG_ON(hp == NULL);
/* Calculate the header length */
BUG_ON(hp == NULL);
/* Calculate the header length */
-
if (nexthdr == NEXTHDR_FRAGMENT) {
-
hdrlen = 8;
-
} else if (nexthdr == NEXTHDR_AUTH)
-
hdrlen = (hp->hdrlen+2)<<
2;
-
else
-
hdrlen = ipv6_optlen(hp);
+ if (nexthdr == NEXTHDR_FRAGMENT) {
+ hdrlen = 8;
+ } else if (nexthdr == NEXTHDR_AUTH)
+
hdrlen = (hp->hdrlen + 2) <<
2;
+ else
+ hdrlen = ipv6_optlen(hp);
/* set the flag */
/* set the flag */
- switch (nexthdr){
-
case NEXTHDR_HOP:
-
temp |= MASK_HOPOPTS;
-
break;
-
case NEXTHDR_ROUTING:
-
temp |= MASK_ROUTING;
-
break;
-
case NEXTHDR_FRAGMENT:
-
temp |= MASK_FRAGMENT;
-
break;
-
case NEXTHDR_AUTH:
-
temp |= MASK_AH;
-
break;
-
case NEXTHDR_DEST:
-
temp |= MASK_DSTOPTS;
-
break;
-
default:
-
return 0;
-
break;
+ switch (nexthdr)
{
+ case NEXTHDR_HOP:
+ temp |= MASK_HOPOPTS;
+ break;
+ case NEXTHDR_ROUTING:
+ temp |= MASK_ROUTING;
+ break;
+ case NEXTHDR_FRAGMENT:
+ temp |= MASK_FRAGMENT;
+ break;
+ case NEXTHDR_AUTH:
+ temp |= MASK_AH;
+ break;
+ case NEXTHDR_DEST:
+ temp |= MASK_DSTOPTS;
+ break;
+ default:
+ return 0;
+ break;
}
}
-
nexthdr = hp->nexthdr;
-
len -= hdrlen;
-
ptr += hdrlen;
+ nexthdr = hp->nexthdr;
+ len -= hdrlen;
+ ptr += hdrlen;
if (ptr > skb->len)
break;
if (ptr > skb->len)
break;
-
}
+ }
- if (
(nexthdr != NEXTHDR_NONE ) && (nexthdr != NEXTHDR_ESP)
)
+ if (
(nexthdr != NEXTHDR_NONE) && (nexthdr != NEXTHDR_ESP)
)
temp |= MASK_PROTO;
if (info->modeflag)
temp |= MASK_PROTO;
if (info->modeflag)
@@
-124,21
+125,16
@@
ipv6header_match(const struct sk_buff *skb,
static int
ipv6header_checkentry(const char *tablename,
static int
ipv6header_checkentry(const char *tablename,
- const struct ip6t_ip6 *ip,
+ const void *ip,
+ const struct xt_match *match,
void *matchinfo,
void *matchinfo,
- unsigned int matchsize,
unsigned int hook_mask)
{
const struct ip6t_ipv6header_info *info = matchinfo;
unsigned int hook_mask)
{
const struct ip6t_ipv6header_info *info = matchinfo;
- /* Check for obvious errors */
- /* This match is valid in all hooks! */
- if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_ipv6header_info)))
- return 0;
-
/* invflags is 0 or 0xff in hard mode */
/* invflags is 0 or 0xff in hard mode */
- if ((!info->modeflag) && info->invflags != 0x00
-
&&
info->invflags != 0xFF)
+ if ((!info->modeflag) && info->invflags != 0x00
&&
+ info->invflags != 0xFF)
return 0;
return 1;
return 0;
return 1;
@@
-147,12
+143,13
@@
ipv6header_checkentry(const char *tablename,
static struct ip6t_match ip6t_ipv6header_match = {
.name = "ipv6header",
.match = &ipv6header_match,
static struct ip6t_match ip6t_ipv6header_match = {
.name = "ipv6header",
.match = &ipv6header_match,
+ .matchsize = sizeof(struct ip6t_ipv6header_info),
.checkentry = &ipv6header_checkentry,
.destroy = NULL,
.me = THIS_MODULE,
};
.checkentry = &ipv6header_checkentry,
.destroy = NULL,
.me = THIS_MODULE,
};
-static int
__init ipv6header_init(void)
+static int __init ipv6header_init(void)
{
return ip6t_register_match(&ip6t_ipv6header_match);
}
{
return ip6t_register_match(&ip6t_ipv6header_match);
}
@@
-164,4
+161,3
@@
static void __exit ipv6header_exit(void)
module_init(ipv6header_init);
module_exit(ipv6header_exit);
module_init(ipv6header_init);
module_exit(ipv6header_exit);
-