diff options
author | Liping Zhang <zlpnobody@gmail.com> | 2017-01-07 21:33:54 +0800 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-01-18 20:32:43 +0100 |
commit | 9a6d87626252496311cd122aaa9fbf21ae19e449 (patch) | |
tree | 1f71a32764f460697a222d870e665af415edfdce /net | |
parent | ec23189049651b16dc2ffab35a4371dc1f491aca (diff) | |
download | op-kernel-dev-9a6d87626252496311cd122aaa9fbf21ae19e449.zip op-kernel-dev-9a6d87626252496311cd122aaa9fbf21ae19e449.tar.gz |
netfilter: pkttype: unnecessary to check ipv6 multicast address
Since there's no broadcast address in IPV6, so in ipv6 family, the
PACKET_LOOPBACK must be multicast packets, there's no need to check
it again.
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nft_meta.c | 5 | ||||
-rw-r--r-- | net/netfilter/xt_pkttype.c | 3 |
2 files changed, 2 insertions, 6 deletions
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index 66c7f4b..9a22b24 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c @@ -154,10 +154,7 @@ void nft_meta_get_eval(const struct nft_expr *expr, *dest = PACKET_BROADCAST; break; case NFPROTO_IPV6: - if (ipv6_hdr(skb)->daddr.s6_addr[0] == 0xFF) - *dest = PACKET_MULTICAST; - else - *dest = PACKET_BROADCAST; + *dest = PACKET_MULTICAST; break; default: WARN_ON(1); diff --git a/net/netfilter/xt_pkttype.c b/net/netfilter/xt_pkttype.c index 57efb70..1ef9915 100644 --- a/net/netfilter/xt_pkttype.c +++ b/net/netfilter/xt_pkttype.c @@ -33,8 +33,7 @@ pkttype_mt(const struct sk_buff *skb, struct xt_action_param *par) else if (xt_family(par) == NFPROTO_IPV4 && ipv4_is_multicast(ip_hdr(skb)->daddr)) type = PACKET_MULTICAST; - else if (xt_family(par) == NFPROTO_IPV6 && - ipv6_hdr(skb)->daddr.s6_addr[0] == 0xFF) + else if (xt_family(par) == NFPROTO_IPV6) type = PACKET_MULTICAST; else type = PACKET_BROADCAST; |