[PATCH] netfilter: ipv6: icmpv6_manip_pkt comparing codes to types

[PATCH] netfilter: ipv6: icmpv6_manip_pkt comparing codes to types

[Phil Oester]

[-- Attachment #1: Type: text/plain, Size: 354 bytes --]

In commit 58a317f1 (netfilter: ipv6: add IPv6 NAT support), icmpv6_manip_pkt
was added with an incorrect comparison of ICMP codes to types.  This causes
problems when using NAT rules with the --random option.  Correct the
comparison.

This closes netfilter bugzilla #851, reported by Alexander Neumann.

Signed-off-by: Phil Oester <kernel@linuxace.com>


[-- Attachment #2: patch-icmpv6_manip_pkt --]
[-- Type: text/plain, Size: 714 bytes --]

diff --git a/net/ipv6/netfilter/nf_nat_proto_icmpv6.c b/net/ipv6/netfilter/nf_nat_proto_icmpv6.c
index 61aaf70..2205e8e 100644
--- a/net/ipv6/netfilter/nf_nat_proto_icmpv6.c
+++ b/net/ipv6/netfilter/nf_nat_proto_icmpv6.c
@@ -69,8 +69,8 @@ icmpv6_manip_pkt(struct sk_buff *skb,
 	hdr = (struct icmp6hdr *)(skb->data + hdroff);
 	l3proto->csum_update(skb, iphdroff, &hdr->icmp6_cksum,
 			     tuple, maniptype);
-	if (hdr->icmp6_code == ICMPV6_ECHO_REQUEST ||
-	    hdr->icmp6_code == ICMPV6_ECHO_REPLY) {
+	if (hdr->icmp6_type == ICMPV6_ECHO_REQUEST ||
+	    hdr->icmp6_type == ICMPV6_ECHO_REPLY) {
 		inet_proto_csum_replace2(&hdr->icmp6_cksum, skb,
 					 hdr->icmp6_identifier,
 					 tuple->src.u.icmp.id, 0);

Re: [PATCH] netfilter: ipv6: icmpv6_manip_pkt comparing codes to types

[Pablo Neira Ayuso]

On Thu, Sep 12, 2013 at 06:04:16PM -0700, Phil Oester wrote:
> In commit 58a317f1 (netfilter: ipv6: add IPv6 NAT support), icmpv6_manip_pkt
> was added with an incorrect comparison of ICMP codes to types.  This causes
> problems when using NAT rules with the --random option.  Correct the
> comparison.
> 
> This closes netfilter bugzilla #851, reported by Alexander Neumann.

Applied, thanks Phil.