X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fbridge%2Fnetfilter%2Febt_ip.c;h=65b665ce57b5f3b2da41627f674142eb9c3ac8d8;hb=43bc926fffd92024b46cafaf7350d669ba9ca884;hp=7323805b97263c14b348cf7066604acdb897a112;hpb=cee37fe97739d85991964371c1f3a745c00dd236;p=linux-2.6.git

diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c
index 7323805b9..65b665ce5 100644
--- a/net/bridge/netfilter/ebt_ip.c
+++ b/net/bridge/netfilter/ebt_ip.c
@@ -15,6 +15,7 @@
 #include <linux/netfilter_bridge/ebtables.h>
 #include <linux/netfilter_bridge/ebt_ip.h>
 #include <linux/ip.h>
+#include <net/ip.h>
 #include <linux/in.h>
 #include <linux/module.h>
 
@@ -51,6 +52,8 @@ static int ebt_filter_ip(const struct sk_buff *skb, const struct net_device *in,
 		if (!(info->bitmask & EBT_IP_DPORT) &&
 		    !(info->bitmask & EBT_IP_SPORT))
 			return EBT_MATCH;
+		if (ntohs(ih->frag_off) & IP_OFFSET)
+			return EBT_NOMATCH;
 		pptr = skb_header_pointer(skb, ih->ihl*4,
 					  sizeof(_ports), &_ports);
 		if (pptr == NULL)
@@ -89,7 +92,9 @@ static int ebt_ip_check(const char *tablename, unsigned int hookmask,
 		if (info->invflags & EBT_IP_PROTO)
 			return -EINVAL;
 		if (info->protocol != IPPROTO_TCP &&
-		    info->protocol != IPPROTO_UDP)
+		    info->protocol != IPPROTO_UDP &&
+		    info->protocol != IPPROTO_SCTP &&
+		    info->protocol != IPPROTO_DCCP)
 			 return -EINVAL;
 	}
 	if (info->bitmask & EBT_IP_DPORT && info->dport[0] > info->dport[1])
@@ -107,16 +112,16 @@ static struct ebt_match filter_ip =
 	.me		= THIS_MODULE,
 };
 
-static int __init init(void)
+static int __init ebt_ip_init(void)
 {
 	return ebt_register_match(&filter_ip);
 }
 
-static void __exit fini(void)
+static void __exit ebt_ip_fini(void)
 {
 	ebt_unregister_match(&filter_ip);
 }
 
-module_init(init);
-module_exit(fini);
+module_init(ebt_ip_init);
+module_exit(ebt_ip_fini);
 MODULE_LICENSE("GPL");