Commit 0700709d authored by Harald Welte's avatar Harald Welte Committed by David S. Miller

IPv6 netfilter fixes:

- SMP TABLE_OFFSET fix - ordered CPUs
- Set /proc entry owner
- Fix ip6tables layer4 protocol header calculation
- MAC match: register for FORWARD hook, add MODULE_LICENSE
parent 0f230f96
...@@ -110,7 +110,7 @@ static LIST_HEAD(ip6t_tables); ...@@ -110,7 +110,7 @@ static LIST_HEAD(ip6t_tables);
#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0) #define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
#ifdef CONFIG_SMP #ifdef CONFIG_SMP
#define TABLE_OFFSET(t,p) (SMP_ALIGN((t)->size)*cpu_number_map(p)) #define TABLE_OFFSET(t,p) (SMP_ALIGN((t)->size)*(p))
#else #else
#define TABLE_OFFSET(t,p) 0 #define TABLE_OFFSET(t,p) 0
#endif #endif
...@@ -336,7 +336,8 @@ ip6t_do_table(struct sk_buff **pskb, ...@@ -336,7 +336,8 @@ ip6t_do_table(struct sk_buff **pskb,
read_lock_bh(&table->lock); read_lock_bh(&table->lock);
IP_NF_ASSERT(table->valid_hooks & (1 << hook)); IP_NF_ASSERT(table->valid_hooks & (1 << hook));
table_base = (void *)table->private->entries table_base = (void *)table->private->entries
+ TABLE_OFFSET(table->private, smp_processor_id()); + TABLE_OFFSET(table->private,
cpu_number_map(smp_processor_id()));
e = get_entry(table_base, table->private->hook_entry[hook]); e = get_entry(table_base, table->private->hook_entry[hook]);
#ifdef CONFIG_NETFILTER_DEBUG #ifdef CONFIG_NETFILTER_DEBUG
...@@ -426,7 +427,7 @@ ip6t_do_table(struct sk_buff **pskb, ...@@ -426,7 +427,7 @@ ip6t_do_table(struct sk_buff **pskb,
#endif #endif
/* Target might have changed stuff. */ /* Target might have changed stuff. */
ipv6 = (*pskb)->nh.ipv6h; ipv6 = (*pskb)->nh.ipv6h;
protohdr = (u_int32_t *)ipv6 + IPV6_HDR_LEN; protohdr = (u_int32_t *)((void *)ipv6 + IPV6_HDR_LEN);
datalen = (*pskb)->len - IPV6_HDR_LEN; datalen = (*pskb)->len - IPV6_HDR_LEN;
if (verdict == IP6T_CONTINUE) if (verdict == IP6T_CONTINUE)
...@@ -1795,9 +1796,15 @@ static int __init init(void) ...@@ -1795,9 +1796,15 @@ static int __init init(void)
} }
#ifdef CONFIG_PROC_FS #ifdef CONFIG_PROC_FS
if (!proc_net_create("ip6_tables_names", 0, ip6t_get_tables)) { {
nf_unregister_sockopt(&ip6t_sockopts); struct proc_dir_entry *proc;
return -ENOMEM; proc = proc_net_create("ip6_tables_names", 0,
ip6t_get_tables);
if (!proc) {
nf_unregister_sockopt(&ip6t_sockopts);
return -ENOMEM;
}
proc->owner = THIS_MODULE;
} }
#endif #endif
......
...@@ -34,8 +34,10 @@ ip6t_mac_checkentry(const char *tablename, ...@@ -34,8 +34,10 @@ ip6t_mac_checkentry(const char *tablename,
unsigned int hook_mask) unsigned int hook_mask)
{ {
if (hook_mask if (hook_mask
& ~((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_IN))) { & ~((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_IN)
printk("ip6t_mac: only valid for PRE_ROUTING or LOCAL_IN.\n"); | (1 << NF_IP6_FORWARD))) {
printk("ip6t_mac: only valid for PRE_ROUTING, LOCAL_IN or"
" FORWARD\n");
return 0; return 0;
} }
...@@ -60,3 +62,5 @@ static void __exit fini(void) ...@@ -60,3 +62,5 @@ static void __exit fini(void)
module_init(init); module_init(init);
module_exit(fini); module_exit(fini);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("MAC address matching module for IPv6");
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment