* [PATCH 11/10]: [NETFILTER]: Export ip6_masked_addrcmp, don't pass IPv6 addresses on stack
@ 2005-11-11 5:25 Patrick McHardy
0 siblings, 0 replies; only message in thread
From: Patrick McHardy @ 2005-11-11 5:25 UTC (permalink / raw)
To: Kernel Netdev Mailing List, Netfilter Development Mailinglist
[-- Attachment #1: Type: text/plain, Size: 65 bytes --]
For completeness, the next two patches contain the policy match.
[-- Attachment #2: 11.diff --]
[-- Type: text/x-patch, Size: 3003 bytes --]
[NETFILTER]: Export ip6_masked_addrcmp, don't pass IPv6 addresses on stack
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit f12c4452cdb1b7d0d33a00120145e301507458e4
tree 4762d9addca1746390024fcf437c73759b90955c
parent 5365555b302ffc8a31170833ca33636e9e66ff9a
author Patrick McHardy <kaber@trash.net> Fri, 11 Nov 2005 06:14:09 +0100
committer Patrick McHardy <kaber@trash.net> Fri, 11 Nov 2005 06:14:09 +0100
include/linux/netfilter_ipv6/ip6_tables.h | 4 ++++
net/ipv6/netfilter/ip6_tables.c | 18 ++++++++++--------
2 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index 2efc046..1e11010 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -476,6 +476,10 @@ extern int ip6t_ext_hdr(u8 nexthdr);
extern int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
u8 target);
+extern int ip6_masked_addrcmp(const struct in6_addr *addr1,
+ const struct in6_addr *mask,
+ const struct in6_addr *addr2);
+
#define IP6T_ALIGN(s) (((s) + (__alignof__(struct ip6t_entry)-1)) & ~(__alignof__(struct ip6t_entry)-1))
#endif /*__KERNEL__*/
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 7d49222..71a80e0 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -128,13 +128,14 @@ static LIST_HEAD(ip6t_tables);
#define up(x) do { printk("UP:%u:" #x "\n", __LINE__); up(x); } while(0)
#endif
-static int ip6_masked_addrcmp(struct in6_addr addr1, struct in6_addr mask,
- struct in6_addr addr2)
+int
+ip6_masked_addrcmp(const struct in6_addr *addr1, const struct in6_addr *mask,
+ const struct in6_addr *addr2)
{
int i;
for( i = 0; i < 16; i++){
- if((addr1.s6_addr[i] & mask.s6_addr[i]) !=
- (addr2.s6_addr[i] & mask.s6_addr[i]))
+ if((addr1->s6_addr[i] & mask->s6_addr[i]) !=
+ (addr2->s6_addr[i] & mask->s6_addr[i]))
return 1;
}
return 0;
@@ -168,10 +169,10 @@ ip6_packet_match(const struct sk_buff *s
#define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg))
- if (FWINV(ip6_masked_addrcmp(ipv6->saddr,ip6info->smsk,ip6info->src),
- IP6T_INV_SRCIP)
- || FWINV(ip6_masked_addrcmp(ipv6->daddr,ip6info->dmsk,ip6info->dst),
- IP6T_INV_DSTIP)) {
+ if (FWINV(ip6_masked_addrcmp(&ipv6->saddr, &ip6info->smsk,
+ &ip6info->src), IP6T_INV_SRCIP)
+ || FWINV(ip6_masked_addrcmp(&ipv6->daddr, &ip6info->dmsk,
+ &ip6info->dst), IP6T_INV_DSTIP)) {
dprintf("Source or dest mismatch.\n");
/*
dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr,
@@ -2094,6 +2095,7 @@ EXPORT_SYMBOL(ip6t_register_target);
EXPORT_SYMBOL(ip6t_unregister_target);
EXPORT_SYMBOL(ip6t_ext_hdr);
EXPORT_SYMBOL(ipv6_find_hdr);
+EXPORT_SYMBOL(ip6_masked_addrcmp);
module_init(init);
module_exit(fini);
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2005-11-11 5:25 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-11-11 5:25 [PATCH 11/10]: [NETFILTER]: Export ip6_masked_addrcmp, don't pass IPv6 addresses on stack Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.