summaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2006-07-04 04:38:35 +0200
committerDavid S. Miller <davem@davemloft.net>2006-07-04 04:38:35 +0200
commitbbcf467dab42ea3c85f368df346c82af2fbba665 (patch)
treee9fe30c1be9c6a3773454bad3eefaabf4f5bee48 /net/ipv6
parent[IPVS]: Add sysctl documentation (diff)
downloadlinux-bbcf467dab42ea3c85f368df346c82af2fbba665.tar.xz
linux-bbcf467dab42ea3c85f368df346c82af2fbba665.zip
[NET]: Verify gso_type too in gso_segment
We don't want nasty Xen guests to pass a TCPv6 packet in with gso_type set to TCPv4 or even UDP (or a packet that's both TCP and UDP). Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/ipv6_sockglue.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index c28e5c287447..ec59344478d2 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -64,6 +64,14 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb, int features)
struct inet6_protocol *ops;
int proto;
+ if (unlikely(skb_shinfo(skb)->gso_type &
+ ~(SKB_GSO_UDP |
+ SKB_GSO_DODGY |
+ SKB_GSO_TCP_ECN |
+ SKB_GSO_TCPV6 |
+ 0)))
+ goto out;
+
if (unlikely(!pskb_may_pull(skb, sizeof(*ipv6h))))
goto out;