diff options
author | Hannes Frederic Sowa <hannes@stressinduktion.org> | 2015-10-08 18:19:53 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-10-11 14:30:44 +0200 |
commit | 9ef2e965e55481a52d6d91ce61977a27836268d3 (patch) | |
tree | 95d5caad57531ee5a4b9847c25b586fe2b91a6ca /net/ipv6/ip6_output.c | |
parent | ipv6: gre: setup default multicast routes over PtP links (diff) | |
download | linux-9ef2e965e55481a52d6d91ce61977a27836268d3.tar.xz linux-9ef2e965e55481a52d6d91ce61977a27836268d3.zip |
ipv6: drop frames with attached skb->sk in forwarding
This is a clone of commit 2ab957492d13b ("ip_forward: Drop frames with
attached skb->sk") for ipv6.
This commit has exactly the same reasons as the above mentioned commit,
namely to prevent panics during netfilter reload or a misconfigured stack.
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/ip6_output.c')
-rw-r--r-- | net/ipv6/ip6_output.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 92b1aa38f121..61d403ee1031 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -376,6 +376,9 @@ int ip6_forward(struct sk_buff *skb) if (skb->pkt_type != PACKET_HOST) goto drop; + if (unlikely(skb->sk)) + goto drop; + if (skb_warn_if_lro(skb)) goto drop; |