| From 4319cc0cf5bb894b7368008cdf6dd20eb8868018 Mon Sep 17 00:00:00 2001 |
| From: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> |
| Date: Tue, 10 May 2011 09:55:44 +0200 |
| Subject: netfilter: IPv6: initialize TOS field in REJECT target module |
| |
| From: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> |
| |
| commit 4319cc0cf5bb894b7368008cdf6dd20eb8868018 upstream. |
| |
| The IPv6 header is not zeroed out in alloc_skb so we must initialize |
| it properly unless we want to see IPv6 packets with random TOS fields |
| floating around. The current implementation resets the flow label |
| but this could be changed if deemed necessary. |
| |
| We stumbled upon this issue when trying to apply a mangle rule to |
| the RST packet generated by the REJECT target module. |
| |
| Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp> |
| Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| net/ipv6/netfilter/ip6t_REJECT.c | 4 +++- |
| 1 file changed, 3 insertions(+), 1 deletion(-) |
| |
| --- a/net/ipv6/netfilter/ip6t_REJECT.c |
| +++ b/net/ipv6/netfilter/ip6t_REJECT.c |
| @@ -43,6 +43,8 @@ static void send_reset(struct net *net, |
| int tcphoff, needs_ack; |
| const struct ipv6hdr *oip6h = ipv6_hdr(oldskb); |
| struct ipv6hdr *ip6h; |
| +#define DEFAULT_TOS_VALUE 0x0U |
| + const __u8 tclass = DEFAULT_TOS_VALUE; |
| struct dst_entry *dst = NULL; |
| u8 proto; |
| struct flowi fl; |
| @@ -121,7 +123,7 @@ static void send_reset(struct net *net, |
| skb_put(nskb, sizeof(struct ipv6hdr)); |
| skb_reset_network_header(nskb); |
| ip6h = ipv6_hdr(nskb); |
| - ip6h->version = 6; |
| + *(__be32 *)ip6h = htonl(0x60000000 | (tclass << 20)); |
| ip6h->hop_limit = dst_metric(dst, RTAX_HOPLIMIT); |
| ip6h->nexthdr = IPPROTO_TCP; |
| ipv6_addr_copy(&ip6h->saddr, &oip6h->daddr); |
