X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=net%2Fbridge%2Fnetfilter%2Febt_ip.c;h=65caa00dcf2a348d0c321a42add55acd40177339;hb=abf5cdb89d09ca981db10e1a85fd8531440165f2;hp=e4c642448e1b41e403d0bab85b98c59b85b46d29;hpb=6bfe5c9d6f4dcaa998f67e691359cf7b1c4b443d;p=linux-2.6 diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c index e4c642448e..65caa00dcf 100644 --- a/net/bridge/netfilter/ebt_ip.c +++ b/net/bridge/netfilter/ebt_ip.c @@ -28,9 +28,11 @@ static int ebt_filter_ip(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const void *data, unsigned int datalen) { - struct ebt_ip_info *info = (struct ebt_ip_info *)data; - struct iphdr _iph, *ih; - struct tcpudphdr _ports, *pptr; + const struct ebt_ip_info *info = data; + const struct iphdr *ih; + struct iphdr _iph; + const struct tcpudphdr *pptr; + struct tcpudphdr _ports; ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph); if (ih == NULL) @@ -61,15 +63,15 @@ static int ebt_filter_ip(const struct sk_buff *skb, const struct net_device *in, if (info->bitmask & EBT_IP_DPORT) { u32 dst = ntohs(pptr->dst); if (FWINV(dst < info->dport[0] || - dst > info->dport[1], - EBT_IP_DPORT)) + dst > info->dport[1], + EBT_IP_DPORT)) return EBT_NOMATCH; } if (info->bitmask & EBT_IP_SPORT) { u32 src = ntohs(pptr->src); if (FWINV(src < info->sport[0] || - src > info->sport[1], - EBT_IP_SPORT)) + src > info->sport[1], + EBT_IP_SPORT)) return EBT_NOMATCH; } } @@ -79,7 +81,7 @@ static int ebt_filter_ip(const struct sk_buff *skb, const struct net_device *in, static int ebt_ip_check(const char *tablename, unsigned int hookmask, const struct ebt_entry *e, void *data, unsigned int datalen) { - struct ebt_ip_info *info = (struct ebt_ip_info *)data; + const struct ebt_ip_info *info = data; if (datalen != EBT_ALIGN(sizeof(struct ebt_ip_info))) return -EINVAL; @@ -93,6 +95,7 @@ static int ebt_ip_check(const char *tablename, unsigned int hookmask, return -EINVAL; if (info->protocol != IPPROTO_TCP && info->protocol != IPPROTO_UDP && + info->protocol != IPPROTO_UDPLITE && info->protocol != IPPROTO_SCTP && info->protocol != IPPROTO_DCCP) return -EINVAL; @@ -104,8 +107,7 @@ static int ebt_ip_check(const char *tablename, unsigned int hookmask, return 0; } -static struct ebt_match filter_ip = -{ +static struct ebt_match filter_ip __read_mostly = { .name = EBT_IP_MATCH, .match = ebt_filter_ip, .check = ebt_ip_check, @@ -124,4 +126,5 @@ static void __exit ebt_ip_fini(void) module_init(ebt_ip_init); module_exit(ebt_ip_fini); +MODULE_DESCRIPTION("Ebtables: IPv4 protocol packet match"); MODULE_LICENSE("GPL");