X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fipv4%2Fnetfilter%2Fipt_ah.c;fp=net%2Fipv4%2Fnetfilter%2Fipt_ah.c;h=144adfec13cccff549bb4e716c979b7057e02037;hb=64ba3f394c830ec48a1c31b53dcae312c56f1604;hp=2927135873d7a28be87ef0a1560579a584ac5016;hpb=be1e6109ac94a859551f8e1774eb9a8469fe055c;p=linux-2.6.git

diff --git a/net/ipv4/netfilter/ipt_ah.c b/net/ipv4/netfilter/ipt_ah.c
index 292713587..144adfec1 100644
--- a/net/ipv4/netfilter/ipt_ah.c
+++ b/net/ipv4/netfilter/ipt_ah.c
@@ -39,7 +39,6 @@ static int
 match(const struct sk_buff *skb,
       const struct net_device *in,
       const struct net_device *out,
-      const struct xt_match *match,
       const void *matchinfo,
       int offset,
       unsigned int protoff,
@@ -72,39 +71,49 @@ match(const struct sk_buff *skb,
 static int
 checkentry(const char *tablename,
 	   const void *ip_void,
-	   const struct xt_match *match,
 	   void *matchinfo,
 	   unsigned int matchinfosize,
 	   unsigned int hook_mask)
 {
 	const struct ipt_ah *ahinfo = matchinfo;
+	const struct ipt_ip *ip = ip_void;
 
-	/* Must specify no unknown invflags */
+	/* Must specify proto == AH, and no unknown invflags */
+	if (ip->proto != IPPROTO_AH || (ip->invflags & IPT_INV_PROTO)) {
+		duprintf("ipt_ah: Protocol %u != %u\n", ip->proto,
+			 IPPROTO_AH);
+		return 0;
+	}
+	if (matchinfosize != IPT_ALIGN(sizeof(struct ipt_ah))) {
+		duprintf("ipt_ah: matchsize %u != %u\n",
+			 matchinfosize, IPT_ALIGN(sizeof(struct ipt_ah)));
+		return 0;
+	}
 	if (ahinfo->invflags & ~IPT_AH_INV_MASK) {
-		duprintf("ipt_ah: unknown flags %X\n", ahinfo->invflags);
+		duprintf("ipt_ah: unknown flags %X\n",
+			 ahinfo->invflags);
 		return 0;
 	}
+
 	return 1;
 }
 
 static struct ipt_match ah_match = {
 	.name		= "ah",
-	.match		= match,
-	.matchsize	= sizeof(struct ipt_ah),
-	.proto		= IPPROTO_AH,
-	.checkentry	= checkentry,
+	.match		= &match,
+	.checkentry	= &checkentry,
 	.me		= THIS_MODULE,
 };
 
-static int __init ipt_ah_init(void)
+static int __init init(void)
 {
 	return ipt_register_match(&ah_match);
 }
 
-static void __exit ipt_ah_fini(void)
+static void __exit cleanup(void)
 {
 	ipt_unregister_match(&ah_match);
 }
 
-module_init(ipt_ah_init);
-module_exit(ipt_ah_fini);
+module_init(init);
+module_exit(cleanup);