diff options
author | Bandan Das <bandan.das@stratus.com> | 2010-09-19 05:34:33 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-09-19 15:42:34 -0400 |
commit | 462fb2af9788a82a534f8184abfde31574e1cfa0 (patch) | |
tree | 63a8abf3657bb4ce586fdf14c89e6d81ca280725 /net/ipv4/ip_options.c | |
parent | aef3ea33e85035f7c827c1db9155f97f4b7ee725 (diff) |
bridge : Sanitize skb before it enters the IP stack
Related dicussion here : http://lkml.org/lkml/2010/9/3/16
Introduce a function br_parse_ip_options that will audit the
skb and possibly refill IP options before a packet enters the
IP stack. If no options are present, the function will zero out
the skb cb area so that it is not misinterpreted as options by some
unsuspecting IP layer routine. If packet consistency fails, drop it.
Signed-off-by: Bandan Das <bandan.das@stratus.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/ip_options.c')
-rw-r--r-- | net/ipv4/ip_options.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c index ba9836c488ed..1906fa35860c 100644 --- a/net/ipv4/ip_options.c +++ b/net/ipv4/ip_options.c | |||
@@ -466,7 +466,7 @@ error: | |||
466 | } | 466 | } |
467 | return -EINVAL; | 467 | return -EINVAL; |
468 | } | 468 | } |
469 | 469 | EXPORT_SYMBOL(ip_options_compile); | |
470 | 470 | ||
471 | /* | 471 | /* |
472 | * Undo all the changes done by ip_options_compile(). | 472 | * Undo all the changes done by ip_options_compile(). |
@@ -646,3 +646,4 @@ int ip_options_rcv_srr(struct sk_buff *skb) | |||
646 | } | 646 | } |
647 | return 0; | 647 | return 0; |
648 | } | 648 | } |
649 | EXPORT_SYMBOL(ip_options_rcv_srr); | ||