patch: ip6tables

[Andras Kis-Szabo]

--=-beM1penMJcxVOKNd5oJ8
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Thu, 2002-02-21 at 17:16, Andreas Herrmann wrote:

Hi,

> --- include/libiptc/libip6tc.h~    Fri Jan  5 16:22:37 2001
> +++ include/libiptc/libip6tc.h     Wed Feb 20 17:49:54 2002
> @@ -6,7 +6,7 @@
>  #include <linux/netfilter_ipv6/ip6_tables.h>
>=20
>  #ifndef IP6T_MIN_ALIGN
> -#define IP6T_MIN_ALIGN (__alignof__(struct ip6t_entry_match))
> +#define IP6T_MIN_ALIGN (__alignof__(struct ip6t_entry))
>  #endif
>  #define IP6T_ALIGN(s) (((s) + (IP6T_MIN_ALIGN-1)) & ~(IP6T_MIN_ALIGN-1))
Yet another problem from the code-reuse.
Thanks!

The other includes are(look like) the same.

Future questions/differences:
net/ipv[46]/netfilter=20
ip6_tables.c and ip_tables.c
-#define TABLE_OFFSET(t,p) (SMP_ALIGN((t)->size)*cpu_number_map(p))
+#define TABLE_OFFSET(t,p) (SMP_ALIGN((t)->size)*(p))

ipt_do_table()
-       u_int16_t offset =3D 0;
+       u_int16_t offset;

?
-               + TABLE_OFFSET(table->private, smp_processor_id());
+               + TABLE_OFFSET(table->private,
+                              cpu_number_map(smp_processor_id()));

ipt_register_table()
-       static struct ip6t_table_info bootstrap
-               =3D { 0, 0, { 0 }, { 0 }, { }, { } };
+       static struct ipt_table_info bootstrap
+               =3D { 0, 0, { 0 }, { 0 }, { } };

after CONFIG_PROC_FS
+       proc->owner =3D THIS_MODULE;
(missing in ipv6)

iptables_filter.c; iptables_mangle.c
-           { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 }
} }, "", "", { 0 }, { 0 }, 0, 0, 0 },
+           { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0,
0, 0 },

-             { { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)),
"" } }, { } },
+             { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), ""
} }, { }

-           { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 }
} }, "", "", { 0 }, { 0 }, 0, 0, 0 },
+           { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0,
0, 0 },

-           { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 }
} }, "", "", { 0 }, { 0 }, 0, 0, 0 },
+           { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0,
0, 0 },

-    { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } },
"", "", { 0 }, { 0 }, 0, 0, 0 },
+    { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 },

Please, someone on the kernel side check these differences!

Regards,

	kisza

=20
--=20
    Andras Kis-Szabo       Security Development, Design and Audit
-------------------------/       Zorp, NetFilter and IPv6
 kisza@SecurityAudit.hu /---------------------------------------------->

--=-beM1penMJcxVOKNd5oJ8
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA8dUIenrsnmOKV9J8RAkg6AKC4z1hKwkRaskYQxogJTyXe5737VwCfYsLI
M0FsmLF94X7ZRuXqWs7i8hI=
=SP33
-----END PGP SIGNATURE-----

--=-beM1penMJcxVOKNd5oJ8--