forked from Minki/linux
netfilter: Wrong icmp6 checksum for ICMPV6_TIME_EXCEED in reverse SNATv6 path
When recalculating the outer ICMPv6 checksum for a reverse path NATv6 such as ICMPV6_TIME_EXCEED nf_nat_icmpv6_reply_translation() was accessing data beyond the headlen of the skb for non-linear skb. This resulted in incorrect ICMPv6 checksum as garbage data was used. Patch replaces csum_partial() with skb_checksum() which supports non-linear skbs similar to nf_nat_icmp_reply_translation() from ipv4. Signed-off-by: Dave Johnson <dave-kernel@centerclick.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
277a292835
commit
9dd2ab609e
@ -235,7 +235,7 @@ int nf_nat_icmpv6_reply_translation(struct sk_buff *skb,
|
||||
inside->icmp6.icmp6_cksum =
|
||||
csum_ipv6_magic(&ipv6h->saddr, &ipv6h->daddr,
|
||||
skb->len - hdrlen, IPPROTO_ICMPV6,
|
||||
csum_partial(&inside->icmp6,
|
||||
skb_checksum(skb, hdrlen,
|
||||
skb->len - hdrlen, 0));
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user