Skip to content

L
linux
Commit 1b9a1003 authored by Yasuyuki Kozakai's avatar Yasuyuki Kozakai Committed by Patrick McHardy
Browse files
Options

[NETFILTER]: Enable ip6t_esp.c to work without skb_linearize() 

Signed-off-by: default avatarYasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 72a52569
Hide whitespace changes
Inline Side-by-side
Showing with 12 additions and 10 deletions
net/ipv6/netfilter/ip6t_esp.c
View file @ 1b9a1003
...@@ -48,7 +48,7 @@ match(const struct sk_buff *skb, ...@@ -48,7 +48,7 @@ match(const struct sk_buff *skb,
unsigned int protoff, unsigned int protoff,
int *hotdrop) int *hotdrop)
{ {
struct ip_esp_hdr *esp = NULL; struct ip_esp_hdr _esp, *eh = NULL;
const struct ip6t_esp *espinfo = matchinfo; const struct ip6t_esp *espinfo = matchinfo;
unsigned int temp; unsigned int temp;
int len; int len;
...@@ -67,7 +67,7 @@ match(const struct sk_buff *skb, ...@@ -67,7 +67,7 @@ match(const struct sk_buff *skb,
temp = 0; temp = 0;
while (ip6t_ext_hdr(nexthdr)) { while (ip6t_ext_hdr(nexthdr)) {
struct ipv6_opt_hdr *hdr; struct ipv6_opt_hdr _hdr, *hp;
int hdrlen; int hdrlen;
DEBUGP("ipv6_esp header iteration \n"); DEBUGP("ipv6_esp header iteration \n");
...@@ -85,15 +85,16 @@ match(const struct sk_buff *skb, ...@@ -85,15 +85,16 @@ match(const struct sk_buff *skb,
break; break;
} }
hdr=(struct ipv6_opt_hdr *)skb->data+ptr; hp = skb_header_pointer(skb, ptr, sizeof(_hdr), &_hdr);
BUG_ON(hp == NULL);
/* Calculate the header length */ /* Calculate the header length */
if (nexthdr == NEXTHDR_FRAGMENT) { if (nexthdr == NEXTHDR_FRAGMENT) {
hdrlen = 8; hdrlen = 8;
} else if (nexthdr == NEXTHDR_AUTH) } else if (nexthdr == NEXTHDR_AUTH)
hdrlen = (hdr->hdrlen+2)<<2; hdrlen = (hp->hdrlen+2)<<2;
else else
hdrlen = ipv6_optlen(hdr); hdrlen = ipv6_optlen(hp);
/* set the flag */ /* set the flag */
switch (nexthdr){ switch (nexthdr){
...@@ -109,7 +110,7 @@ match(const struct sk_buff *skb, ...@@ -109,7 +110,7 @@ match(const struct sk_buff *skb,
break; break;
} }
nexthdr = hdr->nexthdr; nexthdr = hp->nexthdr;
len -= hdrlen; len -= hdrlen;
ptr += hdrlen; ptr += hdrlen;
if ( ptr > skb->len ) { if ( ptr > skb->len ) {
...@@ -126,13 +127,14 @@ match(const struct sk_buff *skb, ...@@ -126,13 +127,14 @@ match(const struct sk_buff *skb,
return 0; return 0;
} }
esp = (struct ip_esp_hdr *) (skb->data + ptr); eh = skb_header_pointer(skb, ptr, sizeof(_esp), &_esp);
BUG_ON(eh == NULL);
DEBUGP("IPv6 ESP SPI %u %08X\n", ntohl(esp->spi), ntohl(esp->spi)); DEBUGP("IPv6 ESP SPI %u %08X\n", ntohl(eh->spi), ntohl(eh->spi));
return (esp != NULL) return (eh != NULL)
&& spi_match(espinfo->spis[0], espinfo->spis[1], && spi_match(espinfo->spis[0], espinfo->spis[1],
ntohl(esp->spi), ntohl(eh->spi),
!!(espinfo->invflags & IP6T_ESP_INV_SPI)); !!(espinfo->invflags & IP6T_ESP_INV_SPI));
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7