#include <linux/netfilter/x_tables.h>
#include <linux/netfilter_ipv6/ip6t_mh.h>
-MODULE_DESCRIPTION("ip6t_tables match for MH");
+MODULE_DESCRIPTION("Xtables: IPv6 Mobility Header match");
MODULE_LICENSE("GPL");
#ifdef DEBUG_IP_FIREWALL_USER
return (type >= min && type <= max) ^ invert;
}
-static bool
-mh_mt6(const struct sk_buff *skb, const struct net_device *in,
- const struct net_device *out, const struct xt_match *match,
- const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
+static bool mh_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
{
struct ip6_mh _mh;
const struct ip6_mh *mh;
- const struct ip6t_mh *mhinfo = matchinfo;
+ const struct ip6t_mh *mhinfo = par->matchinfo;
/* Must not be a fragment. */
- if (offset)
+ if (par->fragoff != 0)
return false;
- mh = skb_header_pointer(skb, protoff, sizeof(_mh), &_mh);
+ mh = skb_header_pointer(skb, par->thoff, sizeof(_mh), &_mh);
if (mh == NULL) {
/* We've been asked to examine this packet, and we
can't. Hence, no choice but to drop. */
duprintf("Dropping evil MH tinygram.\n");
- *hotdrop = true;
+ *par->hotdrop = true;
return false;
}
if (mh->ip6mh_proto != IPPROTO_NONE) {
duprintf("Dropping invalid MH Payload Proto: %u\n",
mh->ip6mh_proto);
- *hotdrop = true;
+ *par->hotdrop = true;
return false;
}
!!(mhinfo->invflags & IP6T_MH_INV_TYPE));
}
-/* Called when user tries to insert an entry of this type. */
-static bool
-mh_mt6_check(const char *tablename, const void *entry,
- const struct xt_match *match, void *matchinfo,
- unsigned int hook_mask)
+static bool mh_mt6_check(const struct xt_mtchk_param *par)
{
- const struct ip6t_mh *mhinfo = matchinfo;
+ const struct ip6t_mh *mhinfo = par->matchinfo;
/* Must specify no unknown invflags */
return !(mhinfo->invflags & ~IP6T_MH_INV_MASK);
static struct xt_match mh_mt6_reg __read_mostly = {
.name = "mh",
- .family = AF_INET6,
+ .family = NFPROTO_IPV6,
.checkentry = mh_mt6_check,
.match = mh_mt6,
.matchsize = sizeof(struct ip6t_mh),