hello,
i was just going thru linux ipv6 code and i came across something like this
in the ipv6_rcv routine:
hdr = skb->nh.ipv6h;
.....
....
if (hdr->nexthdr == NEXTHDR_HOP) {
skb->h.raw = (u8*)(hdr+1);
if (!ipv6_parse_hopopts(skb, &hdr->nexthdr)) {
ipv6_statistics.Ip6InHdrErrors++;
return 0;
}
}
note that here skb->h.raw points to the beginning of the hop-by-hop ext
header. now ipv6_parse_hopopts is called with a arg = pointer to the nexthdr
field of the ipv6 header.
ipv6_parse_hopopts(struct sk_buff *skb, u8 *nhptr) {
((struct inet6_skb_parm*)skb->cb)->hop = sizeof(struct ipv6hdr);
if (ip6_parse_tlv(tlvprochopopt_lst, skb, nhptr))
return nhptr+((nhptr[1]+1)<<3);
return NULL;
}
in the ipv6_parse_hopopts routine it is written:
return nhptr+((nhptr[1]+1)<<3);
now this thing should return a pointer to the next header after the
hop-by-hop ext header. but it seems it will point to almost at the wrong
place since nhptr is not pointing to the hop-by-hop header.it can point to
the right place only if nhptr is pointing to the beginning of hop-by-hop
header.
and also, in the routing ip6_parse_tlv nhptr is passed as an argument but
never used (atleast i can't see it:)
PS: I am not a kernel guru so be patient if there is something blatantly
foolish or wrong in my observation!
imran
|