projects
/
powerpc.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
[NETFILTER]: Mark old IPv4-only connection tracking scheduled for removal
[powerpc.git]
/
net
/
ipv6
/
netfilter
/
ip6t_ah.c
diff --git
a/net/ipv6/netfilter/ip6t_ah.c
b/net/ipv6/netfilter/ip6t_ah.c
index
2f7bb20
..
4648664
100644
(file)
--- a/
net/ipv6/netfilter/ip6t_ah.c
+++ b/
net/ipv6/netfilter/ip6t_ah.c
@@
-54,9
+54,14
@@
match(const struct sk_buff *skb,
const struct ip6t_ah *ahinfo = matchinfo;
unsigned int ptr;
unsigned int hdrlen = 0;
const struct ip6t_ah *ahinfo = matchinfo;
unsigned int ptr;
unsigned int hdrlen = 0;
+ int err;
- if (ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH, NULL) < 0)
+ err = ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH, NULL);
+ if (err < 0) {
+ if (err != -ENOENT)
+ *hotdrop = 1;
return 0;
return 0;
+ }
ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
if (ah == NULL) {
ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
if (ah == NULL) {
@@
-102,7
+107,6
@@
checkentry(const char *tablename,
const void *entry,
const struct xt_match *match,
void *matchinfo,
const void *entry,
const struct xt_match *match,
void *matchinfo,
- unsigned int matchinfosize,
unsigned int hook_mask)
{
const struct ip6t_ah *ahinfo = matchinfo;
unsigned int hook_mask)
{
const struct ip6t_ah *ahinfo = matchinfo;