aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/ip6_input.c9
-rw-r--r--net/ipv6/ipv6_sockglue.c11
-rw-r--r--net/ipv6/netfilter/ip6table_mangle.c2
-rw-r--r--net/ipv6/netfilter/nf_conntrack_reasm.c3
-rw-r--r--net/ipv6/reassembly.c2
-rw-r--r--net/ipv6/route.c6
-rw-r--r--net/ipv6/tcp_ipv6.c6
7 files changed, 27 insertions, 12 deletions
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index 4e5c8615832c..17eb48b8e329 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -102,6 +102,15 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
102 if (hdr->version != 6) 102 if (hdr->version != 6)
103 goto err; 103 goto err;
104 104
105 /*
106 * RFC4291 2.5.3
107 * A packet received on an interface with a destination address
108 * of loopback must be dropped.
109 */
110 if (!(dev->flags & IFF_LOOPBACK) &&
111 ipv6_addr_loopback(&hdr->daddr))
112 goto err;
113
105 skb->transport_header = skb->network_header + sizeof(*hdr); 114 skb->transport_header = skb->network_header + sizeof(*hdr);
106 IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr); 115 IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);
107 116
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index c042ce19bd14..86e28a75267f 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -345,18 +345,21 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
345 case IPV6_DSTOPTS: 345 case IPV6_DSTOPTS:
346 { 346 {
347 struct ipv6_txoptions *opt; 347 struct ipv6_txoptions *opt;
348
349 /* remove any sticky options header with a zero option
350 * length, per RFC3542.
351 */
348 if (optlen == 0) 352 if (optlen == 0)
349 optval = NULL; 353 optval = NULL;
354 else if (optlen < sizeof(struct ipv6_opt_hdr) ||
355 optlen & 0x7 || optlen > 8 * 255)
356 goto e_inval;
350 357
351 /* hop-by-hop / destination options are privileged option */ 358 /* hop-by-hop / destination options are privileged option */
352 retv = -EPERM; 359 retv = -EPERM;
353 if (optname != IPV6_RTHDR && !capable(CAP_NET_RAW)) 360 if (optname != IPV6_RTHDR && !capable(CAP_NET_RAW))
354 break; 361 break;
355 362
356 if (optlen < sizeof(struct ipv6_opt_hdr) ||
357 optlen & 0x7 || optlen > 8 * 255)
358 goto e_inval;
359
360 opt = ipv6_renew_options(sk, np->opt, optname, 363 opt = ipv6_renew_options(sk, np->opt, optname,
361 (struct ipv6_opt_hdr __user *)optval, 364 (struct ipv6_opt_hdr __user *)optval,
362 optlen); 365 optlen);
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c
index 27a5e8b48d93..f405cea21a8b 100644
--- a/net/ipv6/netfilter/ip6table_mangle.c
+++ b/net/ipv6/netfilter/ip6table_mangle.c
@@ -129,7 +129,7 @@ static struct nf_hook_ops ip6t_ops[] __read_mostly = {
129 .priority = NF_IP6_PRI_MANGLE, 129 .priority = NF_IP6_PRI_MANGLE,
130 }, 130 },
131 { 131 {
132 .hook = ip6t_local_hook, 132 .hook = ip6t_route_hook,
133 .owner = THIS_MODULE, 133 .owner = THIS_MODULE,
134 .pf = PF_INET6, 134 .pf = PF_INET6,
135 .hooknum = NF_INET_LOCAL_IN, 135 .hooknum = NF_INET_LOCAL_IN,
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index e65e26e210ee..cf20bc4fd60d 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -207,9 +207,10 @@ fq_find(__be32 id, struct in6_addr *src, struct in6_addr *dst)
207 arg.id = id; 207 arg.id = id;
208 arg.src = src; 208 arg.src = src;
209 arg.dst = dst; 209 arg.dst = dst;
210
211 read_lock_bh(&nf_frags.lock);
210 hash = ip6qhashfn(id, src, dst); 212 hash = ip6qhashfn(id, src, dst);
211 213
212 local_bh_disable();
213 q = inet_frag_find(&nf_init_frags, &nf_frags, &arg, hash); 214 q = inet_frag_find(&nf_init_frags, &nf_frags, &arg, hash);
214 local_bh_enable(); 215 local_bh_enable();
215 if (q == NULL) 216 if (q == NULL)
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 798cabc7535b..a60d7d129713 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -247,6 +247,8 @@ fq_find(struct net *net, __be32 id, struct in6_addr *src, struct in6_addr *dst,
247 arg.id = id; 247 arg.id = id;
248 arg.src = src; 248 arg.src = src;
249 arg.dst = dst; 249 arg.dst = dst;
250
251 read_lock(&ip6_frags.lock);
250 hash = ip6qhashfn(id, src, dst); 252 hash = ip6qhashfn(id, src, dst);
251 253
252 q = inet_frag_find(&net->ipv6.frags, &ip6_frags, &arg, hash); 254 q = inet_frag_find(&net->ipv6.frags, &ip6_frags, &arg, hash);
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index d1f3e19b06c7..7ff687020fa9 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -240,7 +240,7 @@ static inline int rt6_need_strict(struct in6_addr *daddr)
240static inline struct rt6_info *rt6_device_match(struct net *net, 240static inline struct rt6_info *rt6_device_match(struct net *net,
241 struct rt6_info *rt, 241 struct rt6_info *rt,
242 int oif, 242 int oif,
243 int strict) 243 int flags)
244{ 244{
245 struct rt6_info *local = NULL; 245 struct rt6_info *local = NULL;
246 struct rt6_info *sprt; 246 struct rt6_info *sprt;
@@ -253,7 +253,7 @@ static inline struct rt6_info *rt6_device_match(struct net *net,
253 if (dev->flags & IFF_LOOPBACK) { 253 if (dev->flags & IFF_LOOPBACK) {
254 if (sprt->rt6i_idev == NULL || 254 if (sprt->rt6i_idev == NULL ||
255 sprt->rt6i_idev->dev->ifindex != oif) { 255 sprt->rt6i_idev->dev->ifindex != oif) {
256 if (strict && oif) 256 if (flags & RT6_LOOKUP_F_IFACE && oif)
257 continue; 257 continue;
258 if (local && (!oif || 258 if (local && (!oif ||
259 local->rt6i_idev->dev->ifindex == oif)) 259 local->rt6i_idev->dev->ifindex == oif))
@@ -266,7 +266,7 @@ static inline struct rt6_info *rt6_device_match(struct net *net,
266 if (local) 266 if (local)
267 return local; 267 return local;
268 268
269 if (strict) 269 if (flags & RT6_LOOKUP_F_IFACE)
270 return net->ipv6.ip6_null_entry; 270 return net->ipv6.ip6_null_entry;
271 } 271 }
272 return rt; 272 return rt;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index cb46749d4c32..40ea9c36d24b 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -2036,7 +2036,7 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
2036 2036
2037 seq_printf(seq, 2037 seq_printf(seq,
2038 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X " 2038 "%4d: %08X%08X%08X%08X:%04X %08X%08X%08X%08X:%04X "
2039 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %u %u %u %u %d\n", 2039 "%02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %lu %lu %u %u %d\n",
2040 i, 2040 i,
2041 src->s6_addr32[0], src->s6_addr32[1], 2041 src->s6_addr32[0], src->s6_addr32[1],
2042 src->s6_addr32[2], src->s6_addr32[3], srcp, 2042 src->s6_addr32[2], src->s6_addr32[3], srcp,
@@ -2052,8 +2052,8 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i)
2052 icsk->icsk_probes_out, 2052 icsk->icsk_probes_out,
2053 sock_i_ino(sp), 2053 sock_i_ino(sp),
2054 atomic_read(&sp->sk_refcnt), sp, 2054 atomic_read(&sp->sk_refcnt), sp,
2055 icsk->icsk_rto, 2055 jiffies_to_clock_t(icsk->icsk_rto),
2056 icsk->icsk_ack.ato, 2056 jiffies_to_clock_t(icsk->icsk_ack.ato),
2057 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong, 2057 (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong,
2058 tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh 2058 tp->snd_cwnd, tp->snd_ssthresh>=0xFFFF?-1:tp->snd_ssthresh
2059 ); 2059 );
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-03 21:47:25 -0500