59 lines
1.8 KiB
Diff
59 lines
1.8 KiB
Diff
From 89c17c1a301b3df0ae3b430a105f3208a0c6b53e Mon Sep 17 00:00:00 2001
|
|
From: Etan Kissling <etan_kissling@apple.com>
|
|
Date: Tue, 9 Feb 2021 23:51:33 +0100
|
|
Subject: [PATCH] src: fix IPv6 header handling
|
|
|
|
This corrects issues in IPv6 header handling that sometimes resulted
|
|
in an endless loop.
|
|
|
|
Signed-off-by: Etan Kissling <etan_kissling@apple.com>
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
(cherry picked from commit 51f25df304aeaa6c1b02ef7456a61278ee70c102)
|
|
---
|
|
src/extra/ipv6.c | 15 +++++++++++++--
|
|
1 file changed, 13 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/extra/ipv6.c b/src/extra/ipv6.c
|
|
index 42c5e25054dff..23f64ba6706b8 100644
|
|
--- a/src/extra/ipv6.c
|
|
+++ b/src/extra/ipv6.c
|
|
@@ -67,10 +67,19 @@ int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h,
|
|
uint8_t nexthdr = ip6h->ip6_nxt;
|
|
uint8_t *cur = (uint8_t *)ip6h + sizeof(struct ip6_hdr);
|
|
|
|
- while (nexthdr != target) {
|
|
+ while (nexthdr == IPPROTO_HOPOPTS ||
|
|
+ nexthdr == IPPROTO_ROUTING ||
|
|
+ nexthdr == IPPROTO_FRAGMENT ||
|
|
+ nexthdr == IPPROTO_AH ||
|
|
+ nexthdr == IPPROTO_NONE ||
|
|
+ nexthdr == IPPROTO_DSTOPTS) {
|
|
struct ip6_ext *ip6_ext;
|
|
uint32_t hdrlen;
|
|
|
|
+ /* Extension header was requested, we're done. */
|
|
+ if (nexthdr == target)
|
|
+ break;
|
|
+
|
|
/* No more extensions, we're done. */
|
|
if (nexthdr == IPPROTO_NONE) {
|
|
cur = NULL;
|
|
@@ -107,11 +116,13 @@ int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h,
|
|
} else if (nexthdr == IPPROTO_AH)
|
|
hdrlen = (ip6_ext->ip6e_len + 2) << 2;
|
|
else
|
|
- hdrlen = ip6_ext->ip6e_len;
|
|
+ hdrlen = (ip6_ext->ip6e_len + 1) << 3;
|
|
|
|
nexthdr = ip6_ext->ip6e_nxt;
|
|
cur += hdrlen;
|
|
}
|
|
+ if (nexthdr != target)
|
|
+ cur = NULL;
|
|
pktb->transport_header = cur;
|
|
return cur ? 1 : 0;
|
|
}
|
|
--
|
|
2.32.0
|
|
|