Hi Dave!
Below is a couple of fixes to ip6tables, all by Andras Kis-Szabo:
o SMP TABLE_OFFSET fix - ordered CPUs
o Set /proc entry owner
o Fix ip6tables layer4 protocol header calculation
o MAC match: register for FORWARD hook, add MODULE_LICENSE
Patch applies cleanly against 2.4.19-pre and 2.5.7.
Please apply,
Thanks.
diff -Nru --exclude .depend --exclude *.o --exclude *.ver --exclude .*.flags --exclude
*.orig --exclude *.rej --exclude *~ linux-2.5.7-plain/net/ipv6/netfilter/ip6_tables.c
linux-2.5.7-ip6fix/net/ipv6/netfilter/ip6_tables.c
--- linux-2.5.7-plain/net/ipv6/netfilter/ip6_tables.c Mon Mar 18 21:37:11 2002
+++ linux-2.5.7-ip6fix/net/ipv6/netfilter/ip6_tables.c Wed Apr 3 10:34:11 2002
@@ -110,7 +110,7 @@
#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
#ifdef CONFIG_SMP
-#define TABLE_OFFSET(t,p) (SMP_ALIGN((t)->size)*cpu_number_map(p))
+#define TABLE_OFFSET(t,p) (SMP_ALIGN((t)->size)*(p))
#else
#define TABLE_OFFSET(t,p) 0
#endif
@@ -336,7 +336,8 @@
read_lock_bh(&table->lock);
IP_NF_ASSERT(table->valid_hooks & (1 << hook));
table_base = (void *)table->private->entries
- + TABLE_OFFSET(table->private, smp_processor_id());
+ + TABLE_OFFSET(table->private,
+ cpu_number_map(smp_processor_id()));
e = get_entry(table_base, table->private->hook_entry[hook]);
#ifdef CONFIG_NETFILTER_DEBUG
@@ -426,7 +427,7 @@
#endif
/* Target might have changed stuff. */
ipv6 = (*pskb)->nh.ipv6h;
- protohdr = (u_int32_t *)ipv6 + IPV6_HDR_LEN;
+ protohdr = (u_int32_t *)((void *)ipv6 + IPV6_HDR_LEN);
datalen = (*pskb)->len - IPV6_HDR_LEN;
if (verdict == IP6T_CONTINUE)
@@ -1795,9 +1796,15 @@
}
#ifdef CONFIG_PROC_FS
- if (!proc_net_create("ip6_tables_names", 0, ip6t_get_tables)) {
- nf_unregister_sockopt(&ip6t_sockopts);
- return -ENOMEM;
+ {
+ struct proc_dir_entry *proc;
+ proc = proc_net_create("ip6_tables_names", 0,
+ ip6t_get_tables);
+ if (!proc) {
+ nf_unregister_sockopt(&ip6t_sockopts);
+ return -ENOMEM;
+ }
+ proc->owner = THIS_MODULE;
}
#endif
diff -Nru --exclude .depend --exclude *.o --exclude *.ver --exclude .*.flags --exclude
*.orig --exclude *.rej --exclude *~ linux-2.5.7-plain/net/ipv6/netfilter/ip6t_mac.c
linux-2.5.7-ip6fix/net/ipv6/netfilter/ip6t_mac.c
--- linux-2.5.7-plain/net/ipv6/netfilter/ip6t_mac.c Mon Mar 18 21:37:18 2002
+++ linux-2.5.7-ip6fix/net/ipv6/netfilter/ip6t_mac.c Wed Apr 3 10:34:03 2002
@@ -34,8 +34,10 @@
unsigned int hook_mask)
{
if (hook_mask
- & ~((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_IN))) {
- printk("ip6t_mac: only valid for PRE_ROUTING or LOCAL_IN.\n");
+ & ~((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_IN)
+ | (1 << NF_IP6_FORWARD))) {
+ printk("ip6t_mac: only valid for PRE_ROUTING, LOCAL_IN or"
+ " FORWARD\n");
return 0;
}
@@ -60,3 +62,5 @@
module_init(init);
module_exit(fini);
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("MAC address matching module for IPv6");
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+
V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
