[PATCH 2.4 14/18]: Backport fixes for ip6t

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH 2.4 14/18]: Backport fixes for ip6t_ipv6header
@ 2004-12-20  7:15 Patrick McHardy
  0 siblings, 0 replies; only message in thread
From: Patrick McHardy @ 2004-12-20  7:15 UTC (permalink / raw)
  To: David S. Miller; +Cc: netfilter-devel

[-- Attachment #1: Type: text/plain, Size: 37 bytes --]

Backport fixes for ip6t_ipv6header.


[-- Attachment #2: 14.diff --]
[-- Type: text/x-patch, Size: 3912 bytes --]

# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
#   2004/12/05 23:31:31+01:00 yasuyuki.kozakai@toshiba.co.jp 
#   [NETFILTER]: Backport fixes for ip6t_ipv6header
#   
#   This patch fixes following bugs in ip6t_ipv6header.c
#   
#     - The cast of the pointer to the next IPv6 extension header is wrong.
#     - The logical operation is wrong. These fixes intends
#     - soft mode without invert flag "!"
#       match if the packet contains all of the specified headers.
#     - soft mode with invert flag "!"
#   	match if the packet DOESN'T contain all of the specified
#   	headers.
#     - strict mode without invert flag "!"
#   	match if the packet contains JUST ONLY the specified headers.
#   	if the packet doesn't contain some specified headers or
#   	contains unspecified headers, the packet doesn't match with
#   	rule.
#     - strict mode with invert flag "!"
#   	NOT MATCH if the packet contains JUST ONLY the specified
#   	headers. Otherwise, match. So, if the packet contains some
#   	specified headers and DOESN'T contain other specified headers,
#   	the packet MATCHES with rule.
#   
#   Signed-off-by: Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>
#   Signed-off-by: Patrick McHardy <kaber@trash.net>
# 
# net/ipv6/netfilter/ip6t_ipv6header.c
#   2004/12/05 23:31:30+01:00 yasuyuki.kozakai@toshiba.co.jp +17 -7
#   [NETFILTER]: Backport fixes for ip6t_ipv6header
#   
#   This patch fixes following bugs in ip6t_ipv6header.c
#   
#     - The cast of the pointer to the next IPv6 extension header is wrong.
#     - The logical operation is wrong. These fixes intends
#     - soft mode without invert flag "!"
#       match if the packet contains all of the specified headers.
#     - soft mode with invert flag "!"
#   	match if the packet DOESN'T contain all of the specified
#   	headers.
#     - strict mode without invert flag "!"
#   	match if the packet contains JUST ONLY the specified headers.
#   	if the packet doesn't contain some specified headers or
#   	contains unspecified headers, the packet doesn't match with
#   	rule.
#     - strict mode with invert flag "!"
#   	NOT MATCH if the packet contains JUST ONLY the specified
#   	headers. Otherwise, match. So, if the packet contains some
#   	specified headers and DOESN'T contain other specified headers,
#   	the packet MATCHES with rule.
#   
#   Signed-off-by: Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>
#   Signed-off-by: Patrick McHardy <kaber@trash.net>
# 
diff -Nru a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c
--- a/net/ipv6/netfilter/ip6t_ipv6header.c	2004-12-20 07:01:27 +01:00
+++ b/net/ipv6/netfilter/ip6t_ipv6header.c	2004-12-20 07:01:27 +01:00
@@ -63,7 +63,7 @@
 			break;
 		}
 
-		hdr=(struct ipv6_opt_hdr *)skb->data+ptr;
+		hdr=(struct ipv6_opt_hdr *)(skb->data+ptr);
 
 		/* Calculate the header length */
                 if (nexthdr == NEXTHDR_FRAGMENT) {
@@ -107,10 +107,14 @@
 		temp |= MASK_PROTO;
 
 	if (info->modeflag)
-		return (!( (temp & info->matchflags)
-			^ info->matchflags) ^ info->invflags);
-	else
-		return (!( temp ^ info->matchflags) ^ info->invflags);
+		return !((temp ^ info->matchflags ^ info->invflags)
+			 & info->matchflags);
+	else {
+		if (info->invflags)
+			return temp != info->matchflags;
+		else
+			return temp == info->matchflags;
+	}
 }
 
 static int
@@ -120,11 +124,17 @@
 		      unsigned int matchsize,
 		      unsigned int hook_mask)
 {
+	const struct ip6t_ipv6header_info *info = matchinfo;
+
 	/* Check for obvious errors */
 	/* This match is valid in all hooks! */
-	if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_ipv6header_info))) {
+	if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_ipv6header_info)))
+		return 0;
+
+	/* invflags is 0 or 0xff in hard mode */
+	if ((!info->modeflag) && info->invflags != 0x00
+			      && info->invflags != 0xFF)
 		return 0;
-	}
 
 	return 1;
 }

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2004-12-20  7:15 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-12-20  7:15 [PATCH 2.4 14/18]: Backport fixes for ip6t_ipv6header Patrick McHardy

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.