Commit 22dea562bb56dbc3430c8f23f60ccd38527b1f5a
Committed by
David S. Miller
David S. Miller
1 parent
b777e0ce74
[NETFILTER]: Export ip6_masked_addrcmp, don't pass IPv6 addresses on stack
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Showing 2 changed files with 14 additions and 8 deletions Side-by-side Diff
include/linux/netfilter_ipv6/ip6_tables.h
| ... | ... | @@ -476,6 +476,10 @@ |
| 476 | 476 | extern int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, |
| 477 | 477 | int target, unsigned short *fragoff); |
| 478 | 478 | |
| 479 | +extern int ip6_masked_addrcmp(const struct in6_addr *addr1, | |
| 480 | + const struct in6_addr *mask, | |
| 481 | + const struct in6_addr *addr2); | |
| 482 | + | |
| 479 | 483 | #define IP6T_ALIGN(s) (((s) + (__alignof__(struct ip6t_entry)-1)) & ~(__alignof__(struct ip6t_entry)-1)) |
| 480 | 484 | |
| 481 | 485 | #endif /*__KERNEL__*/ |
net/ipv6/netfilter/ip6_tables.c
| ... | ... | @@ -119,13 +119,14 @@ |
| 119 | 119 | #define up(x) do { printk("UP:%u:" #x "\n", __LINE__); up(x); } while(0) |
| 120 | 120 | #endif |
| 121 | 121 | |
| 122 | -static int ip6_masked_addrcmp(struct in6_addr addr1, struct in6_addr mask, | |
| 123 | - struct in6_addr addr2) | |
| 122 | +int | |
| 123 | +ip6_masked_addrcmp(const struct in6_addr *addr1, const struct in6_addr *mask, | |
| 124 | + const struct in6_addr *addr2) | |
| 124 | 125 | { |
| 125 | 126 | int i; |
| 126 | 127 | for( i = 0; i < 16; i++){ |
| 127 | - if((addr1.s6_addr[i] & mask.s6_addr[i]) != | |
| 128 | - (addr2.s6_addr[i] & mask.s6_addr[i])) | |
| 128 | + if((addr1->s6_addr[i] & mask->s6_addr[i]) != | |
| 129 | + (addr2->s6_addr[i] & mask->s6_addr[i])) | |
| 129 | 130 | return 1; |
| 130 | 131 | } |
| 131 | 132 | return 0; |
| ... | ... | @@ -159,10 +160,10 @@ |
| 159 | 160 | |
| 160 | 161 | #define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg)) |
| 161 | 162 | |
| 162 | - if (FWINV(ip6_masked_addrcmp(ipv6->saddr,ip6info->smsk,ip6info->src), | |
| 163 | - IP6T_INV_SRCIP) | |
| 164 | - || FWINV(ip6_masked_addrcmp(ipv6->daddr,ip6info->dmsk,ip6info->dst), | |
| 165 | - IP6T_INV_DSTIP)) { | |
| 163 | + if (FWINV(ip6_masked_addrcmp(&ipv6->saddr, &ip6info->smsk, | |
| 164 | + &ip6info->src), IP6T_INV_SRCIP) | |
| 165 | + || FWINV(ip6_masked_addrcmp(&ipv6->daddr, &ip6info->dmsk, | |
| 166 | + &ip6info->dst), IP6T_INV_DSTIP)) { | |
| 166 | 167 | dprintf("Source or dest mismatch.\n"); |
| 167 | 168 | /* |
| 168 | 169 | dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr, |
| ... | ... | @@ -2131,6 +2132,7 @@ |
| 2131 | 2132 | EXPORT_SYMBOL(ip6t_unregister_target); |
| 2132 | 2133 | EXPORT_SYMBOL(ip6t_ext_hdr); |
| 2133 | 2134 | EXPORT_SYMBOL(ipv6_find_hdr); |
| 2135 | +EXPORT_SYMBOL(ip6_masked_addrcmp); | |
| 2134 | 2136 | |
| 2135 | 2137 | module_init(init); |
| 2136 | 2138 | module_exit(fini); |