From f0fa4c69ba5342a422fec42d60beeeeef169fe04 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Mon, 20 Mar 2006 18:03:16 -0800 Subject: [PATCH] --- yaml --- r: 22175 b: refs/heads/master c: f2ffd9eeda82b476c034d733be08ecf6a87d2edf h: refs/heads/master i: 22173: 2776f3e3f044b10aac40c62e7ffaf125f05fbdff 22171: 14c30c445dcbac0852b5b61522019cb31937783e 22167: d1bd3335cf95786f5184ae98cf1c527ec7982b56 22159: 8db344f1db0a3642ebe53792e462cab61afa7814 22143: 6f309b1d4e7fbb5ee72c876cb1319ea8a2618373 v: v3 --- [refs] | 2 +- trunk/include/net/ipv6.h | 12 ++++++++++++ trunk/net/ipv6/netfilter/ip6_tables.c | 22 ++++------------------ trunk/net/ipv6/netfilter/ip6t_policy.c | 3 ++- 4 files changed, 19 insertions(+), 20 deletions(-) diff --git a/[refs] b/[refs] index 4751b8034ad4..8fa3cf2a6291 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: c49867347404c46f137a261643ed4fce4376f324 +refs/heads/master: f2ffd9eeda82b476c034d733be08ecf6a87d2edf diff --git a/trunk/include/net/ipv6.h b/trunk/include/net/ipv6.h index 3b1d963d396c..c893a1ce4b39 100644 --- a/trunk/include/net/ipv6.h +++ b/trunk/include/net/ipv6.h @@ -282,6 +282,18 @@ static inline int ipv6_addr_cmp(const struct in6_addr *a1, const struct in6_addr return memcmp((const void *) a1, (const void *) a2, sizeof(struct in6_addr)); } +static inline int +ipv6_masked_addr_cmp(const struct in6_addr *a1, const struct in6_addr *m, + const struct in6_addr *a2) +{ + unsigned int i; + + for (i = 0; i < 4; i++) + if ((a1->s6_addr32[i] ^ a2->s6_addr32[i]) & m->s6_addr32[i]) + return 1; + return 0; +} + static inline void ipv6_addr_copy(struct in6_addr *a1, const struct in6_addr *a2) { memcpy((void *) a1, (const void *) a2, sizeof(struct in6_addr)); diff --git a/trunk/net/ipv6/netfilter/ip6_tables.c b/trunk/net/ipv6/netfilter/ip6_tables.c index b75f8fdc3afe..d74ec335743e 100644 --- a/trunk/net/ipv6/netfilter/ip6_tables.c +++ b/trunk/net/ipv6/netfilter/ip6_tables.c @@ -94,19 +94,6 @@ do { \ #define up(x) do { printk("UP:%u:" #x "\n", __LINE__); up(x); } while(0) #endif -int -ip6_masked_addrcmp(const struct in6_addr *addr1, const struct in6_addr *mask, - const struct in6_addr *addr2) -{ - int i; - for( i = 0; i < 16; i++){ - if((addr1->s6_addr[i] & mask->s6_addr[i]) != - (addr2->s6_addr[i] & mask->s6_addr[i])) - return 1; - } - return 0; -} - /* Check for an extension */ int ip6t_ext_hdr(u8 nexthdr) @@ -135,10 +122,10 @@ ip6_packet_match(const struct sk_buff *skb, #define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg)) - if (FWINV(ip6_masked_addrcmp(&ipv6->saddr, &ip6info->smsk, - &ip6info->src), IP6T_INV_SRCIP) - || FWINV(ip6_masked_addrcmp(&ipv6->daddr, &ip6info->dmsk, - &ip6info->dst), IP6T_INV_DSTIP)) { + if (FWINV(ipv6_masked_addr_cmp(&ipv6->saddr, &ip6info->smsk, + &ip6info->src), IP6T_INV_SRCIP) + || FWINV(ipv6_masked_addr_cmp(&ipv6->daddr, &ip6info->dmsk, + &ip6info->dst), IP6T_INV_DSTIP)) { dprintf("Source or dest mismatch.\n"); /* dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr, @@ -1526,7 +1513,6 @@ EXPORT_SYMBOL(ip6t_unregister_table); EXPORT_SYMBOL(ip6t_do_table); EXPORT_SYMBOL(ip6t_ext_hdr); EXPORT_SYMBOL(ipv6_find_hdr); -EXPORT_SYMBOL(ip6_masked_addrcmp); module_init(init); module_exit(fini); diff --git a/trunk/net/ipv6/netfilter/ip6t_policy.c b/trunk/net/ipv6/netfilter/ip6t_policy.c index b2f30072ca6e..f2a59970e007 100644 --- a/trunk/net/ipv6/netfilter/ip6t_policy.c +++ b/trunk/net/ipv6/netfilter/ip6t_policy.c @@ -27,7 +27,8 @@ static inline int match_xfrm_state(struct xfrm_state *x, const struct ip6t_policy_elem *e) { #define MATCH_ADDR(x,y,z) (!e->match.x || \ - ((!ip6_masked_addrcmp(&e->x.a6, &e->y.a6, z)) \ + ((!ipv6_masked_addr_cmp(&e->x.a6, &e->y.a6, \ + z)) \ ^ e->invert.x)) #define MATCH(x,y) (!e->match.x || ((e->x == (y)) ^ e->invert.x))