summaryrefslogtreecommitdiff
path: root/net/ipv6/netfilter
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2013-03-25 12:11:44 -0400
committerDavid S. Miller <davem@davemloft.net>2013-03-25 12:11:44 -0400
commitda134825348faf797dc57c768bffc454ab7af34b (patch)
treef2778e4b523d4dd2bd79f9b3c9b8e722b70c5e1c /net/ipv6/netfilter
parentf5a03cf461f225d03ec7bf18b10b74e6f620cb49 (diff)
parentdece40e848f6e022f960dc9de54be518928460c3 (diff)
Merge branch 'master' of git://1984.lsi.us.es/nf-next
Pablo Neira Ayuso says: ==================== The following patchset contains Netfilter/IPVS updates for your net-next tree, they are: * Better performance in nfnetlink_queue by avoiding copy from the packet to netlink message, from Eric Dumazet. * Remove unnecessary locking in the exit path of ebt_ulog, from Gao Feng. * Use new function ipv6_iface_scope_id in nf_ct_ipv6, from Hannes Frederic Sowa. * A couple of sparse fixes for IPVS, from Julian Anastasov. * Use xor hashing in nfnetlink_queue, as suggested by Eric Dumazet, from myself. * Allow to dump expectations per master conntrack via ctnetlink, from myself. * A couple of cleanups to use PTR_RET in module init path, from Silviu-Mihai Popescu. * Remove nf_conntrack module a bit faster if netns are in use, from Vladimir Davydov. * Use checksum_partial in ip6t_NPT, from YOSHIFUJI Hideaki. * Sparse fix for nf_conntrack, from Stephen Hemminger. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/netfilter')
-rw-r--r--net/ipv6/netfilter/ip6t_NPT.c11
-rw-r--r--net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c8
2 files changed, 5 insertions, 14 deletions
diff --git a/net/ipv6/netfilter/ip6t_NPT.c b/net/ipv6/netfilter/ip6t_NPT.c
index 33608c610276..938e0b7ea1bd 100644
--- a/net/ipv6/netfilter/ip6t_NPT.c
+++ b/net/ipv6/netfilter/ip6t_NPT.c
@@ -18,9 +18,8 @@
static int ip6t_npt_checkentry(const struct xt_tgchk_param *par)
{
struct ip6t_npt_tginfo *npt = par->targinfo;
- __wsum src_sum = 0, dst_sum = 0;
struct in6_addr pfx;
- unsigned int i;
+ __wsum src_sum, dst_sum;
if (npt->src_pfx_len > 64 || npt->dst_pfx_len > 64)
return -EINVAL;
@@ -33,12 +32,8 @@ static int ip6t_npt_checkentry(const struct xt_tgchk_param *par)
if (!ipv6_addr_equal(&pfx, &npt->dst_pfx.in6))
return -EINVAL;
- for (i = 0; i < ARRAY_SIZE(npt->src_pfx.in6.s6_addr16); i++) {
- src_sum = csum_add(src_sum,
- (__force __wsum)npt->src_pfx.in6.s6_addr16[i]);
- dst_sum = csum_add(dst_sum,
- (__force __wsum)npt->dst_pfx.in6.s6_addr16[i]);
- }
+ src_sum = csum_partial(&npt->src_pfx.in6, sizeof(npt->src_pfx.in6), 0);
+ dst_sum = csum_partial(&npt->dst_pfx.in6, sizeof(npt->dst_pfx.in6), 0);
npt->adjustment = ~csum_fold(csum_sub(src_sum, dst_sum));
return 0;
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index 2b6c226f5198..97bcf2bae857 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -330,12 +330,8 @@ ipv6_getorigdst(struct sock *sk, int optval, void __user *user, int *len)
sizeof(sin6.sin6_addr));
nf_ct_put(ct);
-
- if (ipv6_addr_type(&sin6.sin6_addr) & IPV6_ADDR_LINKLOCAL)
- sin6.sin6_scope_id = sk->sk_bound_dev_if;
- else
- sin6.sin6_scope_id = 0;
-
+ sin6.sin6_scope_id = ipv6_iface_scope_id(&sin6.sin6_addr,
+ sk->sk_bound_dev_if);
return copy_to_user(user, &sin6, sizeof(sin6)) ? -EFAULT : 0;
}