Commit 4319cc0c authored by Fernando Luis Vazquez Cao's avatar Fernando Luis Vazquez Cao Committed by Pablo Neira Ayuso

netfilter: IPv6: initialize TOS field in REJECT target module

The IPv6 header is not zeroed out in alloc_skb so we must initialize
it properly unless we want to see IPv6 packets with random TOS fields
floating around. The current implementation resets the flow label
but this could be changed if deemed necessary.

We stumbled upon this issue when trying to apply a mangle rule to
the RST packet generated by the REJECT target module.
Signed-off-by: default avatarFernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 7a4f0761
...@@ -45,6 +45,8 @@ static void send_reset(struct net *net, struct sk_buff *oldskb) ...@@ -45,6 +45,8 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
int tcphoff, needs_ack; int tcphoff, needs_ack;
const struct ipv6hdr *oip6h = ipv6_hdr(oldskb); const struct ipv6hdr *oip6h = ipv6_hdr(oldskb);
struct ipv6hdr *ip6h; struct ipv6hdr *ip6h;
#define DEFAULT_TOS_VALUE 0x0U
const __u8 tclass = DEFAULT_TOS_VALUE;
struct dst_entry *dst = NULL; struct dst_entry *dst = NULL;
u8 proto; u8 proto;
struct flowi6 fl6; struct flowi6 fl6;
...@@ -124,7 +126,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb) ...@@ -124,7 +126,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
skb_put(nskb, sizeof(struct ipv6hdr)); skb_put(nskb, sizeof(struct ipv6hdr));
skb_reset_network_header(nskb); skb_reset_network_header(nskb);
ip6h = ipv6_hdr(nskb); ip6h = ipv6_hdr(nskb);
ip6h->version = 6; *(__be32 *)ip6h = htonl(0x60000000 | (tclass << 20));
ip6h->hop_limit = ip6_dst_hoplimit(dst); ip6h->hop_limit = ip6_dst_hoplimit(dst);
ip6h->nexthdr = IPPROTO_TCP; ip6h->nexthdr = IPPROTO_TCP;
ipv6_addr_copy(&ip6h->saddr, &oip6h->daddr); ipv6_addr_copy(&ip6h->saddr, &oip6h->daddr);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment