ipv6: Add fragment reporting to ipv6_skip_exthdr().

While parsing through IPv6 extension headers, fragment headers are
skipped making them invisible to the caller.  This reports the
fragment offset of the last header in order to make it possible to
determine whether the packet is fragmented and, if so whether it is
a first or last fragment.

Signed-off-by: Jesse Gross <jesse@nicira.com>

2 files changed, 4 insertions, 2 deletions

diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 199616bb68d..7bd6f138236 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -114,6 +114,7 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
         int offset, ret = 0;
         struct ipv6hdr *ip6;
         u8 nexthdr;
+        __be16 frag_off;
 
         ip6 = ipv6_hdr(skb);
         if (ip6 == NULL)
@@ -126,7 +127,7 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
         offset = skb_network_offset(skb);
         offset += sizeof(*ip6);
         nexthdr = ip6->nexthdr;
-        offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
+        offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
         if (offset < 0)
                 return 0;
         if (proto)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 7e6c2564e74..cca09bb4650 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3561,6 +3561,7 @@ static int selinux_parse_skb_ipv6(struct sk_buff *skb,
         u8 nexthdr;
         int ret = -EINVAL, offset;
         struct ipv6hdr _ipv6h, *ip6;
+        __be16 frag_off;
 
         offset = skb_network_offset(skb);
         ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
@@ -3573,7 +3574,7 @@ static int selinux_parse_skb_ipv6(struct sk_buff *skb,
 
         nexthdr = ip6->nexthdr;
         offset += sizeof(_ipv6h);
-        offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
+        offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
         if (offset < 0)
                 goto out;