Re: tproxy: added IPv6 support to the socket match

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, Oct 23, 2010 at 21:23, Linux Kernel Mailing List
<linux-kernel@xxxxxxxxxxxxxxx> wrote:
> Gitweb: Â Â http://git.kernel.org/linus/b64c9256a9b76fc9f059f71bd08ba88fb0cbba2e
> Commit: Â Â b64c9256a9b76fc9f059f71bd08ba88fb0cbba2e
> Parent: Â Â 6ad7889327a5ee6ab4220bd34e4428c7d0de0f32
> Author: Â Â Balazs Scheidler <bazsi@xxxxxxxxxx>
> AuthorDate: Thu Oct 21 16:19:42 2010 +0200
> Committer: ÂPatrick McHardy <kaber@xxxxxxxxx>
> CommitDate: Thu Oct 21 16:19:42 2010 +0200
>
> Â Âtproxy: added IPv6 support to the socket match
>
> Â ÂThe ICMP extraction bits were contributed by Harry Mason.
>
> Â ÂSigned-off-by: Balazs Scheidler <bazsi@xxxxxxxxxx>
> Â ÂSigned-off-by: KOVACS Krisztian <hidden@xxxxxxxxxx>
> Â ÂSigned-off-by: Patrick McHardy <kaber@xxxxxxxxx>
> ---
> Ânet/netfilter/xt_socket.c | Â165 ++++++++++++++++++++++++++++++++++++++++++---
> Â1 files changed, 154 insertions(+), 11 deletions(-)
>
> diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c
> index 266faa0..2dbd4c8 100644
> --- a/net/netfilter/xt_socket.c
> +++ b/net/netfilter/xt_socket.c

> +static bool
> +socket_mt6_v1(const struct sk_buff *skb, struct xt_action_param *par)
> +{
> + Â Â Â struct ipv6hdr *iph = ipv6_hdr(skb);
> + Â Â Â struct udphdr _hdr, *hp = NULL;
> + Â Â Â struct sock *sk;
> + Â Â Â struct in6_addr *daddr, *saddr;
> + Â Â Â __be16 dport, sport;
> + Â Â Â int thoff;
> + Â Â Â u8 tproto;

tproto is unsigned...

> + Â Â Â const struct xt_socket_mtinfo1 *info = (struct xt_socket_mtinfo1 *) par->matchinfo;
> +
> + Â Â Â tproto = ipv6_find_hdr(skb, &thoff, -1, NULL);

but ipv6_find_hdr() returns int, and negative values for errors...

> + Â Â Â if (tproto < 0) {

which it can never catch.

> + Â Â Â Â Â Â Â pr_debug("unable to find transport header in IPv6 packet, dropping\n");
> + Â Â Â Â Â Â Â return NF_DROP;
> + Â Â Â }

net/netfilter/xt_socket.c:256: warning: comparison is always false due
to limited range of data type

Gr{oetje,eeting}s,

            Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
             Â Â -- Linus Torvalds
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux