[NETFILTER]: Convert ip6_tables matches/targets to centralized error checking

[mirror_ubuntu-bionic-kernel.git] / net / ipv6 / netfilter / ip6t_ah.c

diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c
index dde37793d20b00a2a7dbad7cc374873c43032f5e..28710edcff4e72ab8d4733964c88b69cd05abc50 100644 (file)
--- a/net/ipv6/netfilter/ip6t_ah.c
+++ b/net/ipv6/netfilter/ip6t_ah.c
@@ -9,6 +9,7 @@
 
 #include <linux/module.h>
 #include <linux/skbuff.h>
+#include <linux/ip.h>
 #include <linux/ipv6.h>
 #include <linux/types.h>
 #include <net/checksum.h>
@@ -53,7 +54,7 @@ match(const struct sk_buff *skb,
        unsigned int ptr;
        unsigned int hdrlen = 0;
 
-       if (ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH) < 0)
+       if (ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH, NULL) < 0)
                return 0;
 
        ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
@@ -97,18 +98,13 @@ match(const struct sk_buff *skb,
 /* Called when user tries to insert an entry of this type. */
 static int
 checkentry(const char *tablename,
-          const struct ip6t_ip6 *ip,
+          const void *entry,
           void *matchinfo,
           unsigned int matchinfosize,
           unsigned int hook_mask)
 {
        const struct ip6t_ah *ahinfo = matchinfo;
 
-       if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_ah))) {
-               DEBUGP("ip6t_ah: matchsize %u != %u\n",
-                      matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_ah)));
-               return 0;
-       }
        if (ahinfo->invflags & ~IP6T_AH_INV_MASK) {
                DEBUGP("ip6t_ah: unknown flags %X\n", ahinfo->invflags);
                return 0;
@@ -118,8 +114,9 @@ checkentry(const char *tablename,
 
 static struct ip6t_match ah_match = {
        .name           = "ah",
-       .match          = &match,
-       .checkentry     = &checkentry,
+       .match          = match,
+       .matchsize      = sizeof(struct ip6t_ah),
+       .checkentry     = checkentry,
        .me             = THIS_MODULE,
 };