Commit f2fab154 authored by Patrick McHardy's avatar Patrick McHardy

Merge coreworks.de:/home/kaber/src/nf/nf-2.6-ip6tables

into coreworks.de:/home/kaber/src/nf/nf-2.6
parents 40128c8e 2e905ca1
...@@ -69,7 +69,7 @@ ip6t_eui64_checkentry(const char *tablename, ...@@ -69,7 +69,7 @@ ip6t_eui64_checkentry(const char *tablename,
{ {
if (hook_mask if (hook_mask
& ~((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_IN) | & ~((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_IN) |
(1 << NF_IP6_PRE_ROUTING) )) { (1 << NF_IP6_FORWARD))) {
printk("ip6t_eui64: only valid for PRE_ROUTING, LOCAL_IN or FORWARD.\n"); printk("ip6t_eui64: only valid for PRE_ROUTING, LOCAL_IN or FORWARD.\n");
return 0; return 0;
} }
......
...@@ -51,7 +51,7 @@ ipv6header_match(const struct sk_buff *skb, ...@@ -51,7 +51,7 @@ ipv6header_match(const struct sk_buff *skb,
temp = 0; temp = 0;
while (ip6t_ext_hdr(nexthdr)) { while (ip6t_ext_hdr(nexthdr)) {
struct ipv6_opt_hdr *hdr; struct ipv6_opt_hdr _hdr, *hp;
int hdrlen; int hdrlen;
/* Is there enough space for the next ext header? */ /* Is there enough space for the next ext header? */
...@@ -68,15 +68,16 @@ ipv6header_match(const struct sk_buff *skb, ...@@ -68,15 +68,16 @@ ipv6header_match(const struct sk_buff *skb,
break; break;
} }
hdr=(struct ipv6_opt_hdr *)skb->data+ptr; hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
BUG_ON(hp == NULL);
/* Calculate the header length */ /* Calculate the header length */
if (nexthdr == NEXTHDR_FRAGMENT) { if (nexthdr == NEXTHDR_FRAGMENT) {
hdrlen = 8; hdrlen = 8;
} else if (nexthdr == NEXTHDR_AUTH) } else if (nexthdr == NEXTHDR_AUTH)
hdrlen = (hdr->hdrlen+2)<<2; hdrlen = (hp->hdrlen+2)<<2;
else else
hdrlen = ipv6_optlen(hdr); hdrlen = ipv6_optlen(hp);
/* set the flag */ /* set the flag */
switch (nexthdr){ switch (nexthdr){
...@@ -100,7 +101,7 @@ ipv6header_match(const struct sk_buff *skb, ...@@ -100,7 +101,7 @@ ipv6header_match(const struct sk_buff *skb,
break; break;
} }
nexthdr = hdr->nexthdr; nexthdr = hp->nexthdr;
len -= hdrlen; len -= hdrlen;
ptr += hdrlen; ptr += hdrlen;
if (ptr > skb->len) if (ptr > skb->len)
...@@ -111,10 +112,14 @@ ipv6header_match(const struct sk_buff *skb, ...@@ -111,10 +112,14 @@ ipv6header_match(const struct sk_buff *skb,
temp |= MASK_PROTO; temp |= MASK_PROTO;
if (info->modeflag) if (info->modeflag)
return (!( (temp & info->matchflags) return !((temp ^ info->matchflags ^ info->invflags)
^ info->matchflags) ^ info->invflags); & info->matchflags);
else {
if (info->invflags)
return temp != info->matchflags;
else else
return (!( temp ^ info->matchflags) ^ info->invflags); return temp == info->matchflags;
}
} }
static int static int
...@@ -124,11 +129,18 @@ ipv6header_checkentry(const char *tablename, ...@@ -124,11 +129,18 @@ ipv6header_checkentry(const char *tablename,
unsigned int matchsize, unsigned int matchsize,
unsigned int hook_mask) unsigned int hook_mask)
{ {
const struct ip6t_ipv6header_info *info = matchinfo;
/* Check for obvious errors */ /* Check for obvious errors */
/* This match is valid in all hooks! */ /* This match is valid in all hooks! */
if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_ipv6header_info))) if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_ipv6header_info)))
return 0; return 0;
/* invflags is 0 or 0xff in hard mode */
if ((!info->modeflag) && info->invflags != 0x00
&& info->invflags != 0xFF)
return 0;
return 1; return 1;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment