Hi Dave! Below is a couple of fixes to ip6tables, all by Andras Kis-Szabo:
o SMP TABLE_OFFSET fix - ordered CPUs o Set /proc entry owner o Fix ip6tables layer4 protocol header calculation o MAC match: register for FORWARD hook, add MODULE_LICENSE Patch applies cleanly against 2.4.19-pre and 2.5.7. Please apply, Thanks. diff -Nru --exclude .depend --exclude *.o --exclude *.ver --exclude .*.flags --exclude *.orig --exclude *.rej --exclude *~ linux-2.5.7-plain/net/ipv6/netfilter/ip6_tables.c linux-2.5.7-ip6fix/net/ipv6/netfilter/ip6_tables.c --- linux-2.5.7-plain/net/ipv6/netfilter/ip6_tables.c Mon Mar 18 21:37:11 2002 +++ linux-2.5.7-ip6fix/net/ipv6/netfilter/ip6_tables.c Wed Apr 3 10:34:11 2002 @@ -110,7 +110,7 @@ #define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0) #ifdef CONFIG_SMP -#define TABLE_OFFSET(t,p) (SMP_ALIGN((t)->size)*cpu_number_map(p)) +#define TABLE_OFFSET(t,p) (SMP_ALIGN((t)->size)*(p)) #else #define TABLE_OFFSET(t,p) 0 #endif @@ -336,7 +336,8 @@ read_lock_bh(&table->lock); IP_NF_ASSERT(table->valid_hooks & (1 << hook)); table_base = (void *)table->private->entries - + TABLE_OFFSET(table->private, smp_processor_id()); + + TABLE_OFFSET(table->private, + cpu_number_map(smp_processor_id())); e = get_entry(table_base, table->private->hook_entry[hook]); #ifdef CONFIG_NETFILTER_DEBUG @@ -426,7 +427,7 @@ #endif /* Target might have changed stuff. */ ipv6 = (*pskb)->nh.ipv6h; - protohdr = (u_int32_t *)ipv6 + IPV6_HDR_LEN; + protohdr = (u_int32_t *)((void *)ipv6 + IPV6_HDR_LEN); datalen = (*pskb)->len - IPV6_HDR_LEN; if (verdict == IP6T_CONTINUE) @@ -1795,9 +1796,15 @@ } #ifdef CONFIG_PROC_FS - if (!proc_net_create("ip6_tables_names", 0, ip6t_get_tables)) { - nf_unregister_sockopt(&ip6t_sockopts); - return -ENOMEM; + { + struct proc_dir_entry *proc; + proc = proc_net_create("ip6_tables_names", 0, + ip6t_get_tables); + if (!proc) { + nf_unregister_sockopt(&ip6t_sockopts); + return -ENOMEM; + } + proc->owner = THIS_MODULE; } #endif diff -Nru --exclude .depend --exclude *.o --exclude *.ver --exclude .*.flags --exclude *.orig --exclude *.rej --exclude *~ linux-2.5.7-plain/net/ipv6/netfilter/ip6t_mac.c linux-2.5.7-ip6fix/net/ipv6/netfilter/ip6t_mac.c --- linux-2.5.7-plain/net/ipv6/netfilter/ip6t_mac.c Mon Mar 18 21:37:18 2002 +++ linux-2.5.7-ip6fix/net/ipv6/netfilter/ip6t_mac.c Wed Apr 3 10:34:03 2002 @@ -34,8 +34,10 @@ unsigned int hook_mask) { if (hook_mask - & ~((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_IN))) { - printk("ip6t_mac: only valid for PRE_ROUTING or LOCAL_IN.\n"); + & ~((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_IN) + | (1 << NF_IP6_FORWARD))) { + printk("ip6t_mac: only valid for PRE_ROUTING, LOCAL_IN or" + " FORWARD\n"); return 0; } @@ -60,3 +62,5 @@ module_init(init); module_exit(fini); +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("MAC address matching module for IPv6"); -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)