X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fnetfilter%2Fxt_sctp.c;h=239018244407b29efa9d5b11821a42de86962007;hb=987b0145d94eecf292d8b301228356f44611ab7c;hp=c29692c7ca19658a4c8895cf16ef6d964c4122b2;hpb=f7ed79d23a47594e7834d66a8f14449796d4f3e6;p=linux-2.6.git

diff --git a/net/netfilter/xt_sctp.c b/net/netfilter/xt_sctp.c
index c29692c7c..239018244 100644
--- a/net/netfilter/xt_sctp.c
+++ b/net/netfilter/xt_sctp.c
@@ -123,7 +123,6 @@ static int
 match(const struct sk_buff *skb,
       const struct net_device *in,
       const struct net_device *out,
-      const struct xt_match *match,
       const void *matchinfo,
       int offset,
       unsigned int protoff,
@@ -163,14 +162,19 @@ match(const struct sk_buff *skb,
 static int
 checkentry(const char *tablename,
 	   const void *inf,
-	   const struct xt_match *match,
 	   void *matchinfo,
 	   unsigned int matchsize,
 	   unsigned int hook_mask)
 {
-	const struct xt_sctp_info *info = matchinfo;
+	const struct xt_sctp_info *info;
+	const struct ipt_ip *ip = inf;
+
+	info = (const struct xt_sctp_info *)matchinfo;
 
-	return !(info->flags & ~XT_SCTP_VALID_FLAGS)
+	return ip->proto == IPPROTO_SCTP
+		&& !(ip->invflags & XT_INV_PROTO)
+		&& matchsize == XT_ALIGN(sizeof(struct xt_sctp_info))
+		&& !(info->flags & ~XT_SCTP_VALID_FLAGS)
 		&& !(info->invflags & ~XT_SCTP_VALID_FLAGS)
 		&& !(info->invflags & ~info->flags)
 		&& ((!(info->flags & XT_SCTP_CHUNK_TYPES)) || 
@@ -180,45 +184,67 @@ checkentry(const char *tablename,
 				| SCTP_CHUNK_MATCH_ONLY)));
 }
 
-static struct xt_match sctp_match = {
-	.name		= "sctp",
-	.match		= match,
-	.matchsize	= sizeof(struct xt_sctp_info),
-	.proto		= IPPROTO_SCTP,
-	.checkentry	= checkentry,
-	.family		= AF_INET,
-	.me		= THIS_MODULE
-};
+static int
+checkentry6(const char *tablename,
+	   const void *inf,
+	   void *matchinfo,
+	   unsigned int matchsize,
+	   unsigned int hook_mask)
+{
+	const struct xt_sctp_info *info;
+	const struct ip6t_ip6 *ip = inf;
+
+	info = (const struct xt_sctp_info *)matchinfo;
 
-static struct xt_match sctp6_match = {
-	.name		= "sctp",
-	.match		= match,
-	.matchsize	= sizeof(struct xt_sctp_info),
-	.proto		= IPPROTO_SCTP,
-	.checkentry	= checkentry,
-	.family		= AF_INET6,
-	.me		= THIS_MODULE
+	return ip->proto == IPPROTO_SCTP
+		&& !(ip->invflags & XT_INV_PROTO)
+		&& matchsize == XT_ALIGN(sizeof(struct xt_sctp_info))
+		&& !(info->flags & ~XT_SCTP_VALID_FLAGS)
+		&& !(info->invflags & ~XT_SCTP_VALID_FLAGS)
+		&& !(info->invflags & ~info->flags)
+		&& ((!(info->flags & XT_SCTP_CHUNK_TYPES)) || 
+			(info->chunk_match_type &
+				(SCTP_CHUNK_MATCH_ALL 
+				| SCTP_CHUNK_MATCH_ANY
+				| SCTP_CHUNK_MATCH_ONLY)));
+}
+
+
+static struct xt_match sctp_match = 
+{ 
+	.name = "sctp",
+	.match = &match,
+	.checkentry = &checkentry,
+	.me = THIS_MODULE
+};
+static struct xt_match sctp6_match = 
+{ 
+	.name = "sctp",
+	.match = &match,
+	.checkentry = &checkentry6,
+	.me = THIS_MODULE
 };
 
-static int __init xt_sctp_init(void)
+
+static int __init init(void)
 {
 	int ret;
-	ret = xt_register_match(&sctp_match);
+	ret = xt_register_match(AF_INET, &sctp_match);
 	if (ret)
 		return ret;
 
-	ret = xt_register_match(&sctp6_match);
+	ret = xt_register_match(AF_INET6, &sctp6_match);
 	if (ret)
-		xt_unregister_match(&sctp_match);
+		xt_unregister_match(AF_INET, &sctp_match);
 
 	return ret;
 }
 
-static void __exit xt_sctp_fini(void)
+static void __exit fini(void)
 {
-	xt_unregister_match(&sctp6_match);
-	xt_unregister_match(&sctp_match);
+	xt_unregister_match(AF_INET6, &sctp6_match);
+	xt_unregister_match(AF_INET, &sctp_match);
 }
 
-module_init(xt_sctp_init);
-module_exit(xt_sctp_fini);
+module_init(init);
+module_exit(fini);