X-Git-Url: http://git.onelab.eu/?p=linux-2.6.git;a=blobdiff_plain;f=net%2Fipv6%2Fnetfilter%2Fip6t_dst.c;fp=net%2Fipv6%2Fnetfilter%2Fip6t_dst.c;h=24412282002875419b13d08982b9997c438c1cf9;hp=9422413d0571c3e7698c3546c483778608b72b4b;hb=64ba3f394c830ec48a1c31b53dcae312c56f1604;hpb=be1e6109ac94a859551f8e1774eb9a8469fe055c

diff --git a/net/ipv6/netfilter/ip6t_dst.c b/net/ipv6/netfilter/ip6t_dst.c
index 9422413d0..244122820 100644
--- a/net/ipv6/netfilter/ip6t_dst.c
+++ b/net/ipv6/netfilter/ip6t_dst.c
@@ -55,7 +55,6 @@ static int
 match(const struct sk_buff *skb,
       const struct net_device *in,
       const struct net_device *out,
-      const struct xt_match *match,
       const void *matchinfo,
       int offset,
       unsigned int protoff,
@@ -70,13 +69,18 @@ match(const struct sk_buff *skb,
 	u8 _opttype, *tp = NULL;
 	u8 _optlen, *lp = NULL;
 	unsigned int optlen;
+	int err;
 
 #if HOPBYHOP
-	if (ipv6_find_hdr(skb, &ptr, NEXTHDR_HOP, NULL) < 0)
+	err = ipv6_find_hdr(skb, &ptr, NEXTHDR_HOP, NULL);
 #else
-	if (ipv6_find_hdr(skb, &ptr, NEXTHDR_DEST, NULL) < 0)
+	err = ipv6_find_hdr(skb, &ptr, NEXTHDR_DEST, NULL);
 #endif
+	if (err < 0) {
+		if (err != -ENOENT)
+			*hotdrop = 1;
 		return 0;
+	}
 
 	oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
 	if (oh == NULL) {
@@ -180,17 +184,22 @@ match(const struct sk_buff *skb,
 static int
 checkentry(const char *tablename,
 	   const void *info,
-	   const struct xt_match *match,
 	   void *matchinfo,
 	   unsigned int matchinfosize,
 	   unsigned int hook_mask)
 {
 	const struct ip6t_opts *optsinfo = matchinfo;
 
+	if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_opts))) {
+		DEBUGP("ip6t_opts: matchsize %u != %u\n",
+		       matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_opts)));
+		return 0;
+	}
 	if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {
 		DEBUGP("ip6t_opts: unknown flags %X\n", optsinfo->invflags);
 		return 0;
 	}
+
 	return 1;
 }
 
@@ -200,21 +209,20 @@ static struct ip6t_match opts_match = {
 #else
 	.name		= "dst",
 #endif
-	.match		= match,
-	.matchsize	= sizeof(struct ip6t_opts),
-	.checkentry	= checkentry,
+	.match		= &match,
+	.checkentry	= &checkentry,
 	.me		= THIS_MODULE,
 };
 
-static int __init ip6t_dst_init(void)
+static int __init init(void)
 {
 	return ip6t_register_match(&opts_match);
 }
 
-static void __exit ip6t_dst_fini(void)
+static void __exit cleanup(void)
 {
 	ip6t_unregister_match(&opts_match);
 }
 
-module_init(ip6t_dst_init);
-module_exit(ip6t_dst_fini);
+module_init(init);
+module_exit(cleanup);