| To: | netdev@xxxxxxxxxxx |
|---|---|
| Subject: | Bug in ipv6 ipsec in handling of packets with extension headers |
| From: | Henrik Petander <lpetande@xxxxxxxxxx> |
| Date: | Thu, 05 Jun 2003 15:25:14 +0300 |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225 |
Hi,There's a bug in get_offset function of ah6 and esp6. The function returns also a pointer, prev_hdr, pointing to the last extension header before the IPSec headers. This pointer points to the skb. The ipsec headers go between the payload and the extension header, making the pointer invalid. However, after this the pointer is used for setting the next header field of the extension header to IPPROTO_ESP or IPPROTO_AH. This corrupts the packet, if any extension headers are present. An easy way to test this is to send a data packet with routing header protected by IPSec. A possible fix is to change the pointer into an offset from the start of the packet and use the offset later to set the nexthdr value in the extension header. Thanks, Henrik |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: 2.5.70-bk9: no IPsec modules are autoloaded, David S. Miller |
|---|---|
| Next by Date: | Re: Bug in ipv6 ipsec in handling of packets with extension headers, David S. Miller |
| Previous by Thread: | 2.5.70-bk9: no IPsec modules are autoloaded, Dr. Peter Bieringer |
| Next by Thread: | Re: Bug in ipv6 ipsec in handling of packets with extension headers, David S. Miller |
| Indexes: | [Date] [Thread] [Top] [All Lists] |