Doug / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 0047c65a60fa3b6607b55e058ea6a89f39cb3f28

Authored by Patrick McHardy
Committed by David S. Miller
1 parent 878c41ce57
Exists in master and in 7 other branches imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-l5.0.0_1.0.0-ga

[NETFILTER]: Prepare {ipt,ip6t}_policy match for x_tables unification 

The IPv4 and IPv6 version of the policy match are identical besides address
comparison and the data structure used for userspace communication. Unify
the data structures to break compatiblity now (before it is released), so
we can port it to x_tables in 2.6.17.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

Showing 4 changed files with 36 additions and 21 deletions Side-by-side Diff

include/linux/netfilter_ipv4/ipt_policy.h
Diff comments   View file @ 0047c65
... ... @@ -27,16 +27,22 @@
27 27 reqid:1;
28 28 };
29 29  
  30 +union ipt_policy_addr
  31 +{
  32 + struct in_addr a4;
  33 + struct in6_addr a6;
  34 +};
  35 +
30 36 struct ipt_policy_elem
31 37 {
32   - u_int32_t saddr;
33   - u_int32_t smask;
34   - u_int32_t daddr;
35   - u_int32_t dmask;
36   - u_int32_t spi;
37   - u_int32_t reqid;
38   - u_int8_t proto;
39   - u_int8_t mode;
  38 + union ipt_policy_addr saddr;
  39 + union ipt_policy_addr smask;
  40 + union ipt_policy_addr daddr;
  41 + union ipt_policy_addr dmask;
  42 + u_int32_t spi;
  43 + u_int32_t reqid;
  44 + u_int8_t proto;
  45 + u_int8_t mode;
40 46  
41 47 struct ipt_policy_spec match;
42 48 struct ipt_policy_spec invert;
include/linux/netfilter_ipv6/ip6t_policy.h
Diff comments   View file @ 0047c65
... ... @@ -27,16 +27,22 @@
27 27 reqid:1;
28 28 };
29 29  
  30 +union ip6t_policy_addr
  31 +{
  32 + struct in_addr a4;
  33 + struct in6_addr a6;
  34 +};
  35 +
30 36 struct ip6t_policy_elem
31 37 {
32   - struct in6_addr saddr;
33   - struct in6_addr smask;
34   - struct in6_addr daddr;
35   - struct in6_addr dmask;
36   - u_int32_t spi;
37   - u_int32_t reqid;
38   - u_int8_t proto;
39   - u_int8_t mode;
  38 + union ip6t_policy_addr saddr;
  39 + union ip6t_policy_addr smask;
  40 + union ip6t_policy_addr daddr;
  41 + union ip6t_policy_addr dmask;
  42 + u_int32_t spi;
  43 + u_int32_t reqid;
  44 + u_int8_t proto;
  45 + u_int8_t mode;
40 46  
41 47 struct ip6t_policy_spec match;
42 48 struct ip6t_policy_spec invert;
net/ipv4/netfilter/ipt_policy.c
Diff comments   View file @ 0047c65
... ... @@ -26,10 +26,13 @@
26 26 static inline int
27 27 match_xfrm_state(struct xfrm_state *x, const struct ipt_policy_elem *e)
28 28 {
29   -#define MATCH(x,y) (!e->match.x || ((e->x == (y)) ^ e->invert.x))
  29 +#define MATCH_ADDR(x,y,z) (!e->match.x || \
  30 + ((e->x.a4.s_addr == (e->y.a4.s_addr & (z))) \
  31 + ^ e->invert.x))
  32 +#define MATCH(x,y) (!e->match.x || ((e->x == (y)) ^ e->invert.x))
30 33  
31   - return MATCH(saddr, x->props.saddr.a4 & e->smask) &&
32   - MATCH(daddr, x->id.daddr.a4 & e->dmask) &&
  34 + return MATCH_ADDR(saddr, smask, x->props.saddr.a4) &&
  35 + MATCH_ADDR(daddr, dmask, x->id.daddr.a4) &&
33 36 MATCH(proto, x->id.proto) &&
34 37 MATCH(mode, x->props.mode) &&
35 38 MATCH(spi, x->id.spi) &&
net/ipv6/netfilter/ip6t_policy.c
Diff comments   View file @ 0047c65
... ... @@ -26,8 +26,8 @@
26 26 static inline int
27 27 match_xfrm_state(struct xfrm_state *x, const struct ip6t_policy_elem *e)
28 28 {
29   -#define MATCH_ADDR(x,y,z) (!e->match.x || \
30   - ((!ip6_masked_addrcmp(&e->x, &e->y, z)) \
  29 +#define MATCH_ADDR(x,y,z) (!e->match.x || \
  30 + ((!ip6_masked_addrcmp(&e->x.a6, &e->y.a6, z)) \
31 31 ^ e->invert.x))
32 32 #define MATCH(x,y) (!e->match.x || ((e->x == (y)) ^ e->invert.x))
33 33