Re: linux-next: Tree for March 27 (netfilter build error)

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Sun, 29 Mar 2009 13:59:30 +0200

David Miller wrote:
> From: Cyrill Gorcunov <gorcunov@xxxxxxxxx>
> Date: Sun, 29 Mar 2009 10:47:04 +0400
> 
>> [Randy Dunlap - Sat, Mar 28, 2009 at 09:26:42PM -0700]
>> ... 
>> | works_for_me.  Thanks.
>> | but missing S-O-B.
>> | 
>> | Acked-by: Randy Dunlap <randy.dunlap@xxxxxxxxxx>
>> ...
>>
>> Thanks for testing Randy. So if nobody will complain
>> here is a solid version of the patch. Though I would like
>> if Pablo or Patrick confirm its correctness. Thanks!
> 
> I'll apply this once Patrick or Pablo have a look at it.

I think that the patch attached is better since it removes the overhead
of the IPv6 dependency, which is indeed too much for the use of one
function. Thanks.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers
netfilter: xtables: fix IPv6 dependency in the cluster match

This patch fixes a dependency with IPv6:

ERROR: "__ipv6_addr_type" [net/netfilter/xt_cluster.ko] undefined!

This patch adds a function that checks if the higher bits of the
address is 0xFF to identify a multicast address, instead of adding a
dependency due to __ipv6_addr_type(). I came up with this idea after
Patrick McHardy pointed possible problems with runtime module
dependencies.

Reported-by: Steven Noonan <steven@xxxxxxxxxxxxxx>
Reported-by: Randy Dunlap <randy.dunlap@xxxxxxxxxx>
Reported-by: Cyrill Gorcunov <gorcunov@xxxxxxxxxx>
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---

 net/netfilter/xt_cluster.c |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/xt_cluster.c b/net/netfilter/xt_cluster.c
index ad5bd89..f2d2482 100644
--- a/net/netfilter/xt_cluster.c
+++ b/net/netfilter/xt_cluster.c
@@ -58,6 +58,13 @@ xt_cluster_hash(const struct nf_conn *ct,
 }
 
 static inline bool
+xt_cluster_ipv6_is_multicast(const struct in6_addr *addr)
+{
+	__be32 st = addr->s6_addr32[0];
+	return ((st & htonl(0xFF000000)) == htonl(0xFF000000)); 
+}
+
+static inline bool
 xt_cluster_is_multicast_addr(const struct sk_buff *skb, u_int8_t family)
 {
 	bool is_multicast = false;
@@ -67,8 +74,8 @@ xt_cluster_is_multicast_addr(const struct sk_buff *skb, u_int8_t family)
 		is_multicast = ipv4_is_multicast(ip_hdr(skb)->daddr);
 		break;
 	case NFPROTO_IPV6:
-		is_multicast = ipv6_addr_type(&ipv6_hdr(skb)->daddr) &
-						IPV6_ADDR_MULTICAST;
+		is_multicast =
+			xt_cluster_ipv6_is_multicast(&ipv6_hdr(skb)->daddr);
 		break;
 	default:
 		WARN_ON(1);




