diff options
| author | Steffen Klassert <steffen.klassert@secunet.com> | 2014-12-08 01:56:18 -0500 |
|---|---|---|
| committer | Steffen Klassert <steffen.klassert@secunet.com> | 2014-12-08 01:56:18 -0500 |
| commit | f855691975bb06373a98711e4cfe2c224244b536 (patch) | |
| tree | 9469cc24b2824cea15c6a61884087359f22df6fc /net/ipv6 | |
| parent | de3b7a06dfe15bda3e66a52285d422b954bb4832 (diff) | |
xfrm6: Fix the nexthdr offset in _decode_session6.
xfrm_decode_session() was originally designed for the
usage in the receive path where the correct nexthdr offset
is stored in IP6CB(skb)->nhoff. Over time this function
spread to code that is used in the output path (netfilter,
vti) where IP6CB(skb)->nhoff is not set. As a result, we
get a wrong nexthdr and the upper layer flow informations
are wrong. This can leed to incorrect policy lookups.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/xfrm6_policy.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c index aa48302f00a1..48bf5a06847b 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c | |||
| @@ -134,8 +134,14 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) | |||
| 134 | u16 offset = sizeof(*hdr); | 134 | u16 offset = sizeof(*hdr); |
| 135 | struct ipv6_opt_hdr *exthdr; | 135 | struct ipv6_opt_hdr *exthdr; |
| 136 | const unsigned char *nh = skb_network_header(skb); | 136 | const unsigned char *nh = skb_network_header(skb); |
| 137 | u8 nexthdr = nh[IP6CB(skb)->nhoff]; | 137 | u16 nhoff = IP6CB(skb)->nhoff; |
| 138 | int oif = 0; | 138 | int oif = 0; |
| 139 | u8 nexthdr; | ||
| 140 | |||
| 141 | if (!nhoff) | ||
| 142 | nhoff = offsetof(struct ipv6hdr, nexthdr); | ||
| 143 | |||
| 144 | nexthdr = nh[nhoff]; | ||
| 139 | 145 | ||
| 140 | if (skb_dst(skb)) | 146 | if (skb_dst(skb)) |
| 141 | oif = skb_dst(skb)->dev->ifindex; | 147 | oif = skb_dst(skb)->dev->ifindex; |