Commit 22dea562bb56dbc3430c8f23f60ccd38527b1f5a
Committed by
David S. Miller
1 parent
b777e0ce74
[NETFILTER]: Export ip6_masked_addrcmp, don't pass IPv6 addresses on stack
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Showing 2 changed files with 14 additions and 8 deletions Side-by-side Diff
include/linux/netfilter_ipv6/ip6_tables.h
... | ... | @@ -476,6 +476,10 @@ |
476 | 476 | extern int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, |
477 | 477 | int target, unsigned short *fragoff); |
478 | 478 | |
479 | +extern int ip6_masked_addrcmp(const struct in6_addr *addr1, | |
480 | + const struct in6_addr *mask, | |
481 | + const struct in6_addr *addr2); | |
482 | + | |
479 | 483 | #define IP6T_ALIGN(s) (((s) + (__alignof__(struct ip6t_entry)-1)) & ~(__alignof__(struct ip6t_entry)-1)) |
480 | 484 | |
481 | 485 | #endif /*__KERNEL__*/ |
net/ipv6/netfilter/ip6_tables.c
... | ... | @@ -119,13 +119,14 @@ |
119 | 119 | #define up(x) do { printk("UP:%u:" #x "\n", __LINE__); up(x); } while(0) |
120 | 120 | #endif |
121 | 121 | |
122 | -static int ip6_masked_addrcmp(struct in6_addr addr1, struct in6_addr mask, | |
123 | - struct in6_addr addr2) | |
122 | +int | |
123 | +ip6_masked_addrcmp(const struct in6_addr *addr1, const struct in6_addr *mask, | |
124 | + const struct in6_addr *addr2) | |
124 | 125 | { |
125 | 126 | int i; |
126 | 127 | for( i = 0; i < 16; i++){ |
127 | - if((addr1.s6_addr[i] & mask.s6_addr[i]) != | |
128 | - (addr2.s6_addr[i] & mask.s6_addr[i])) | |
128 | + if((addr1->s6_addr[i] & mask->s6_addr[i]) != | |
129 | + (addr2->s6_addr[i] & mask->s6_addr[i])) | |
129 | 130 | return 1; |
130 | 131 | } |
131 | 132 | return 0; |
... | ... | @@ -159,10 +160,10 @@ |
159 | 160 | |
160 | 161 | #define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg)) |
161 | 162 | |
162 | - if (FWINV(ip6_masked_addrcmp(ipv6->saddr,ip6info->smsk,ip6info->src), | |
163 | - IP6T_INV_SRCIP) | |
164 | - || FWINV(ip6_masked_addrcmp(ipv6->daddr,ip6info->dmsk,ip6info->dst), | |
165 | - IP6T_INV_DSTIP)) { | |
163 | + if (FWINV(ip6_masked_addrcmp(&ipv6->saddr, &ip6info->smsk, | |
164 | + &ip6info->src), IP6T_INV_SRCIP) | |
165 | + || FWINV(ip6_masked_addrcmp(&ipv6->daddr, &ip6info->dmsk, | |
166 | + &ip6info->dst), IP6T_INV_DSTIP)) { | |
166 | 167 | dprintf("Source or dest mismatch.\n"); |
167 | 168 | /* |
168 | 169 | dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr, |
... | ... | @@ -2131,6 +2132,7 @@ |
2131 | 2132 | EXPORT_SYMBOL(ip6t_unregister_target); |
2132 | 2133 | EXPORT_SYMBOL(ip6t_ext_hdr); |
2133 | 2134 | EXPORT_SYMBOL(ipv6_find_hdr); |
2135 | +EXPORT_SYMBOL(ip6_masked_addrcmp); | |
2134 | 2136 | |
2135 | 2137 | module_init(init); |
2136 | 2138 | module_exit(fini); |