Commit 424b86a6 authored Mar 29, 2009 by Pablo Neira Ayuso Committed by David S. Miller Mar 29, 2009

netfilter: xtables: fix IPv6 dependency in the cluster match



This patch fixes a dependency with IPv6:

ERROR: "__ipv6_addr_type" [net/netfilter/xt_cluster.ko] undefined!

This patch adds a function that checks if the higher bits of the
address is 0xFF to identify a multicast address, instead of adding a
dependency due to __ipv6_addr_type(). I came up with this idea after
Patrick McHardy pointed possible problems with runtime module
dependencies.

Reported-by: Steven Noonan <steven@uplinklabs.net>
Reported-by: Randy Dunlap <randy.dunlap@oracle.com>
Reported-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 13223cb0

net/netfilter/xt_cluster.c

+9 −2

Original line number	Diff line number	Diff line
		@@ -57,6 +57,13 @@ xt_cluster_hash(const struct nf_conn *ct,
		return (((u64)hash * info->total_nodes) >> 32);
		}

		static inline bool
		xt_cluster_ipv6_is_multicast(const struct in6_addr *addr)
		{
		__be32 st = addr->s6_addr32[0];
		return ((st & htonl(0xFF000000)) == htonl(0xFF000000));
		}

		static inline bool
		xt_cluster_is_multicast_addr(const struct sk_buff *skb, u_int8_t family)
		{
		@@ -67,8 +74,8 @@ xt_cluster_is_multicast_addr(const struct sk_buff *skb, u_int8_t family)
		is_multicast = ipv4_is_multicast(ip_hdr(skb)->daddr);
		break;
		case NFPROTO_IPV6:
		is_multicast = ipv6_addr_type(&ipv6_hdr(skb)->daddr) &
		IPV6_ADDR_MULTICAST;
		is_multicast =
		xt_cluster_ipv6_is_multicast(&ipv6_hdr(skb)->daddr);
		break;
		default:
		WARN_ON(1);