summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/net/ipv6.h12
-rw-r--r--net/ipv6/netfilter/ip6_tables.c22
-rw-r--r--net/ipv6/netfilter/ip6t_policy.c3
3 files changed, 18 insertions, 19 deletions
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 3b1d963d396..c893a1ce4b3 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -282,6 +282,18 @@ static inline int ipv6_addr_cmp(const struct in6_addr *a1, const struct in6_addr
return memcmp((const void *) a1, (const void *) a2, sizeof(struct in6_addr));
}
+static inline int
+ipv6_masked_addr_cmp(const struct in6_addr *a1, const struct in6_addr *m,
+ const struct in6_addr *a2)
+{
+ unsigned int i;
+
+ for (i = 0; i < 4; i++)
+ if ((a1->s6_addr32[i] ^ a2->s6_addr32[i]) & m->s6_addr32[i])
+ return 1;
+ return 0;
+}
+
static inline void ipv6_addr_copy(struct in6_addr *a1, const struct in6_addr *a2)
{
memcpy((void *) a1, (const void *) a2, sizeof(struct in6_addr));
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index b75f8fdc3af..d74ec335743 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -94,19 +94,6 @@ do { \
#define up(x) do { printk("UP:%u:" #x "\n", __LINE__); up(x); } while(0)
#endif
-int
-ip6_masked_addrcmp(const struct in6_addr *addr1, const struct in6_addr *mask,
- const struct in6_addr *addr2)
-{
- int i;
- for( i = 0; i < 16; i++){
- if((addr1->s6_addr[i] & mask->s6_addr[i]) !=
- (addr2->s6_addr[i] & mask->s6_addr[i]))
- return 1;
- }
- return 0;
-}
-
/* Check for an extension */
int
ip6t_ext_hdr(u8 nexthdr)
@@ -135,10 +122,10 @@ ip6_packet_match(const struct sk_buff *skb,
#define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg))
- if (FWINV(ip6_masked_addrcmp(&ipv6->saddr, &ip6info->smsk,
- &ip6info->src), IP6T_INV_SRCIP)
- || FWINV(ip6_masked_addrcmp(&ipv6->daddr, &ip6info->dmsk,
- &ip6info->dst), IP6T_INV_DSTIP)) {
+ if (FWINV(ipv6_masked_addr_cmp(&ipv6->saddr, &ip6info->smsk,
+ &ip6info->src), IP6T_INV_SRCIP)
+ || FWINV(ipv6_masked_addr_cmp(&ipv6->daddr, &ip6info->dmsk,
+ &ip6info->dst), IP6T_INV_DSTIP)) {
dprintf("Source or dest mismatch.\n");
/*
dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr,
@@ -1526,7 +1513,6 @@ EXPORT_SYMBOL(ip6t_unregister_table);
EXPORT_SYMBOL(ip6t_do_table);
EXPORT_SYMBOL(ip6t_ext_hdr);
EXPORT_SYMBOL(ipv6_find_hdr);
-EXPORT_SYMBOL(ip6_masked_addrcmp);
module_init(init);
module_exit(fini);
diff --git a/net/ipv6/netfilter/ip6t_policy.c b/net/ipv6/netfilter/ip6t_policy.c
index b2f30072ca6..f2a59970e00 100644
--- a/net/ipv6/netfilter/ip6t_policy.c
+++ b/net/ipv6/netfilter/ip6t_policy.c
@@ -27,7 +27,8 @@ static inline int
match_xfrm_state(struct xfrm_state *x, const struct ip6t_policy_elem *e)
{
#define MATCH_ADDR(x,y,z) (!e->match.x || \
- ((!ip6_masked_addrcmp(&e->x.a6, &e->y.a6, z)) \
+ ((!ipv6_masked_addr_cmp(&e->x.a6, &e->y.a6, \
+ z)) \
^ e->invert.x))
#define MATCH(x,y) (!e->match.x || ((e->x == (y)) ^ e->invert.x))