diff options
author | Steffen Klassert <steffen.klassert@secunet.com> | 2014-12-04 09:46:20 +0100 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2014-12-08 07:38:14 +0100 |
commit | de3b7a06dfe15bda3e66a52285d422b954bb4832 (patch) | |
tree | 9cf16ff37aaf5f29642b09650fe535f170a7a0bc /net/ipv6/xfrm6_policy.c | |
parent | openvswitch: Fix flow mask validation. (diff) | |
download | linux-de3b7a06dfe15bda3e66a52285d422b954bb4832.tar.xz linux-de3b7a06dfe15bda3e66a52285d422b954bb4832.zip |
xfrm6: Fix transport header offset in _decode_session6.
skb->transport_header might not be valid when we do a reverse
decode because the ipv6 tunnel error handlers don't update it
to the inner transport header. This leads to a wrong offset
calculation and to wrong layer 4 informations. We fix this
by using the size of the ipv6 header as the first offset.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/ipv6/xfrm6_policy.c')
-rw-r--r-- | net/ipv6/xfrm6_policy.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c index 5f983644373a..aa48302f00a1 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c @@ -130,8 +130,8 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) { struct flowi6 *fl6 = &fl->u.ip6; int onlyproto = 0; - u16 offset = skb_network_header_len(skb); const struct ipv6hdr *hdr = ipv6_hdr(skb); + u16 offset = sizeof(*hdr); struct ipv6_opt_hdr *exthdr; const unsigned char *nh = skb_network_header(skb); u8 nexthdr = nh[IP6CB(skb)->nhoff]; |