* [PATCH 2.6 12/19]: Enable ip6t_multiport.c to work without skb_linearize()
@ 2004-10-25 0:49 Patrick McHardy
0 siblings, 0 replies; only message in thread
From: Patrick McHardy @ 2004-10-25 0:49 UTC (permalink / raw)
To: David S. Miller; +Cc: Netfilter Development Mailinglist
[-- Attachment #1: Type: text/plain, Size: 48 bytes --]
Convert ip6t_multiport to skb_header_pointer.
[-- Attachment #2: 12.diff --]
[-- Type: text/x-patch, Size: 2192 bytes --]
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/10/20 21:33:37+02:00 yasuyuki.kozakai@toshiba.co.jp
# [NETFILTER]: Enable ip6t_multiport.c to work without skb_linearize()
#
# Signed-off-by: Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>
# Signed-off-by: Patrick McHardy <kaber@trash.net>
#
# net/ipv6/netfilter/ip6t_multiport.c
# 2004/10/20 21:33:00+02:00 yasuyuki.kozakai@toshiba.co.jp +18 -13
# [NETFILTER]: Enable ip6t_multiport.c to work without skb_linearize()
#
# Signed-off-by: Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>
# Signed-off-by: Patrick McHardy <kaber@trash.net>
#
diff -Nru a/net/ipv6/netfilter/ip6t_multiport.c b/net/ipv6/netfilter/ip6t_multiport.c
--- a/net/ipv6/netfilter/ip6t_multiport.c 2004-10-22 03:41:35 +02:00
+++ b/net/ipv6/netfilter/ip6t_multiport.c 2004-10-22 03:41:35 +02:00
@@ -56,24 +56,29 @@
unsigned int protoff,
int *hotdrop)
{
- const struct udphdr *udp = (const struct udphdr *)(skb->data + protoff);
+ u16 _ports[2], *pptr;
const struct ip6t_multiport *multiinfo = matchinfo;
- /* Must be big enough to read ports. */
- if (offset == 0 && skb->len - protoff < sizeof(struct udphdr)) {
+ /* Must not be a fragment. */
+ if (offset)
+ return 0;
+
+ /* Must be big enough to read ports (both UDP and TCP have
+ them at the start). */
+ pptr = skb_header_pointer(skb, protoff, sizeof(_ports), &_ports[0]);
+ if (pptr == NULL) {
/* We've been asked to examine this packet, and we
- can't. Hence, no choice but to drop. */
- duprintf("ip6t_multiport:"
- " Dropping evil offset=0 tinygram.\n");
- *hotdrop = 1;
- return 0;
+ * can't. Hence, no choice but to drop.
+ */
+ duprintf("ip6t_multiport:"
+ " Dropping evil offset=0 tinygram.\n");
+ *hotdrop = 1;
+ return 0;
}
- /* Must not be a fragment. */
- return !offset
- && ports_match(multiinfo->ports,
- multiinfo->flags, multiinfo->count,
- ntohs(udp->source), ntohs(udp->dest));
+ return ports_match(multiinfo->ports,
+ multiinfo->flags, multiinfo->count,
+ ntohs(pptr[0]), ntohs(pptr[1]));
}
/* Called when user tries to insert an entry of this type. */
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2004-10-25 0:49 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-10-25 0:49 [PATCH 2.6 12/19]: Enable ip6t_multiport.c to work without skb_linearize() Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.