* [PATCH] netfilter6 ip6_packet_match doesn't properly skip exthdrs
@ 2004-09-30 12:14 Olaf Kirch
0 siblings, 0 replies; only message in thread
From: Olaf Kirch @ 2004-09-30 12:14 UTC (permalink / raw)
To: netdev; +Cc: netfilter-devel
This patch fixes a bug in the ip6_tables code that tries to skip extension
headers. Packets with extension headers were usually not matched because
the code was looking at the wrong offset inside the skb.
Signed-off-by: Olaf Kirch <okir@suse.de>
Index: linux-2.6.8.nf/net/ipv6/netfilter/ip6_tables.c
===================================================================
--- linux-2.6.8.nf.orig/net/ipv6/netfilter/ip6_tables.c 2004-09-30 14:07:51.000000000 +0200
+++ linux-2.6.8.nf/net/ipv6/netfilter/ip6_tables.c 2004-09-30 14:07:57.000000000 +0200
@@ -219,7 +219,7 @@
u_int16_t ptr; /* Header offset in skb */
u_int16_t hdrlen; /* Header */
- ptr = IPV6_HDR_LEN;
+ ptr = ((char *) ipv6 - (char *) skb->data) + IPV6_HDR_LEN;
while (ip6t_ext_hdr(currenthdr)) {
/* Is there enough space for the next ext header? */
--
Olaf Kirch | Things that make Monday morning interesting, #1:
okir@suse.de | "I want to use NFS over AX25, can you help me?"
---------------+
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2004-09-30 12:14 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-09-30 12:14 [PATCH] netfilter6 ip6_packet_match doesn't properly skip exthdrs Olaf Kirch
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.