[PATCH] netfilter6 ip6_packet_match doesn't properly skip exthdrs

To:	netdev@xxxxxxxxxxx
Subject:	[PATCH] netfilter6 ip6_packet_match doesn't properly skip exthdrs
From:	Olaf Kirch <okir@xxxxxxx>
Date:	Thu, 30 Sep 2004 14:14:08 +0200
Cc:	netfilter-devel@xxxxxxxxxxxxxxxxxxx
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mutt/1.5.6i

This patch fixes a bug in the ip6_tables code that tries to skip extension
headers. Packets with extension headers were usually not matched because
the code was looking at the wrong offset inside the skb.

Signed-off-by: Olaf Kirch <okir@xxxxxxx>

Index: linux-2.6.8.nf/net/ipv6/netfilter/ip6_tables.c
===================================================================
--- linux-2.6.8.nf.orig/net/ipv6/netfilter/ip6_tables.c 2004-09-30 
14:07:51.000000000 +0200
+++ linux-2.6.8.nf/net/ipv6/netfilter/ip6_tables.c      2004-09-30 
14:07:57.000000000 +0200
@@ -219,7 +219,7 @@
                u_int16_t ptr;          /* Header offset in skb */
                u_int16_t hdrlen;       /* Header */
 
-               ptr = IPV6_HDR_LEN;
+               ptr = ((char *) ipv6 - (char *) skb->data) + IPV6_HDR_LEN;
 
                while (ip6t_ext_hdr(currenthdr)) {
                        /* Is there enough space for the next ext header? */

-- 
Olaf Kirch     | Things that make Monday morning interesting, #1:
okir@xxxxxxx   |        "I want to use NFS over AX25, can you help me?"
---------------+

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH] netfilter6 ip6_packet_match doesn't properly skip exthdrs, Olaf Kirch <=

Previous by Date:	[PATCH]: fixed typo of reassembly.c, Yasuyuki Kozakai
Next by Date:	[PATCH] netfilter6: Skip extension headers when matching icmp6-type, Olaf Kirch
Previous by Thread:	[PATCH]: fixed typo of reassembly.c, Yasuyuki Kozakai
Next by Thread:	[PATCH] netfilter6: Skip extension headers when matching icmp6-type, Olaf Kirch
Indexes:	[Date] [Thread] [Top] [All Lists]