diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2010-03-16 21:09:04 +0100 |
---|---|---|
committer | Jan Engelhardt <jengelh@medozas.de> | 2010-03-18 14:20:06 +0100 |
commit | 1d1c397db95f1c0cd95f6fa633c1e68acfaacec3 (patch) | |
tree | a73194780ee95ca32ceae75a8be425060b420169 | |
parent | 7d5f7ed802507999c22949b84686d03987fe57ec (diff) |
netfilter: xtables: clean up xt_mac match routine
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
-rw-r--r-- | net/netfilter/xt_mac.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/net/netfilter/xt_mac.c b/net/netfilter/xt_mac.c index c2007116ce5b..2039d0741b37 100644 --- a/net/netfilter/xt_mac.c +++ b/net/netfilter/xt_mac.c @@ -26,14 +26,16 @@ MODULE_ALIAS("ip6t_mac"); static bool mac_mt(const struct sk_buff *skb, const struct xt_match_param *par) { - const struct xt_mac_info *info = par->matchinfo; - - /* Is mac pointer valid? */ - return skb_mac_header(skb) >= skb->head && - skb_mac_header(skb) + ETH_HLEN <= skb->data - /* If so, compare... */ - && ((!compare_ether_addr(eth_hdr(skb)->h_source, info->srcaddr)) - ^ info->invert); + const struct xt_mac_info *info = par->matchinfo; + bool ret; + + if (skb_mac_header(skb) < skb->head) + return false; + if (skb_mac_header(skb) + ETH_HLEN > skb->data) + return false; + ret = compare_ether_addr(eth_hdr(skb)->h_source, info->srcaddr) == 0; + ret ^= info->invert; + return ret; } static struct xt_match mac_mt_reg __read_mostly = { |