X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fbridge%2Fnetfilter%2Febt_ip.c;h=e4c642448e1b41e403d0bab85b98c59b85b46d29;hb=97bf2856c6014879bd04983a3e9dfcdac1e7fe85;hp=7323805b97263c14b348cf7066604acdb897a112;hpb=c7b5ebbddf7bcd3651947760f423e3783bbe6573;p=linux-2.6.git diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c index 7323805b9..e4c642448 100644 --- a/net/bridge/netfilter/ebt_ip.c +++ b/net/bridge/netfilter/ebt_ip.c @@ -15,12 +15,13 @@ #include #include #include +#include #include #include struct tcpudphdr { - uint16_t src; - uint16_t dst; + __be16 src; + __be16 dst; }; static int ebt_filter_ip(const struct sk_buff *skb, const struct net_device *in, @@ -51,6 +52,8 @@ static int ebt_filter_ip(const struct sk_buff *skb, const struct net_device *in, if (!(info->bitmask & EBT_IP_DPORT) && !(info->bitmask & EBT_IP_SPORT)) return EBT_MATCH; + if (ntohs(ih->frag_off) & IP_OFFSET) + return EBT_NOMATCH; pptr = skb_header_pointer(skb, ih->ihl*4, sizeof(_ports), &_ports); if (pptr == NULL) @@ -89,7 +92,9 @@ static int ebt_ip_check(const char *tablename, unsigned int hookmask, if (info->invflags & EBT_IP_PROTO) return -EINVAL; if (info->protocol != IPPROTO_TCP && - info->protocol != IPPROTO_UDP) + info->protocol != IPPROTO_UDP && + info->protocol != IPPROTO_SCTP && + info->protocol != IPPROTO_DCCP) return -EINVAL; } if (info->bitmask & EBT_IP_DPORT && info->dport[0] > info->dport[1]) @@ -107,16 +112,16 @@ static struct ebt_match filter_ip = .me = THIS_MODULE, }; -static int __init init(void) +static int __init ebt_ip_init(void) { return ebt_register_match(&filter_ip); } -static void __exit fini(void) +static void __exit ebt_ip_fini(void) { ebt_unregister_match(&filter_ip); } -module_init(init); -module_exit(fini); +module_init(ebt_ip_init); +module_exit(ebt_ip_fini); MODULE_LICENSE("GPL");