Commit 417e02bf authored by Richard Weinberger's avatar Richard Weinberger Committed by Pablo Neira Ayuso

netfilter: xt_LOG: fix bogus extra layer-4 logging information

In 16059b5 netfilter: merge ipt_LOG and ip6_LOG into xt_LOG, we have
merged ipt_LOG and ip6t_LOG.

However:

IN=wlan0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
SRC=213.150.61.61 DST=192.168.1.133 LEN=40 TOS=0x00 PREC=0x00 TTL=117
ID=10539 DF PROTO=TCP SPT=80 DPT=49013 WINDOW=0 RES=0x00 ACK RST
URGP=0 PROTO=UDPLITE SPT=80 DPT=49013 LEN=45843 PROTO=ICMP TYPE=0
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Several missing break in the code led to including bogus layer-4
information. This patch fixes this problem.
Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 5f1f8151
...@@ -216,12 +216,14 @@ static void dump_ipv4_packet(struct sbuff *m, ...@@ -216,12 +216,14 @@ static void dump_ipv4_packet(struct sbuff *m,
ntohs(ih->frag_off) & IP_OFFSET, ntohs(ih->frag_off) & IP_OFFSET,
iphoff+ih->ihl*4, logflags)) iphoff+ih->ihl*4, logflags))
return; return;
break;
case IPPROTO_UDP: case IPPROTO_UDP:
case IPPROTO_UDPLITE: case IPPROTO_UDPLITE:
if (dump_udp_header(m, skb, ih->protocol, if (dump_udp_header(m, skb, ih->protocol,
ntohs(ih->frag_off) & IP_OFFSET, ntohs(ih->frag_off) & IP_OFFSET,
iphoff+ih->ihl*4)) iphoff+ih->ihl*4))
return; return;
break;
case IPPROTO_ICMP: { case IPPROTO_ICMP: {
struct icmphdr _icmph; struct icmphdr _icmph;
const struct icmphdr *ich; const struct icmphdr *ich;
...@@ -649,10 +651,12 @@ static void dump_ipv6_packet(struct sbuff *m, ...@@ -649,10 +651,12 @@ static void dump_ipv6_packet(struct sbuff *m,
if (dump_tcp_header(m, skb, currenthdr, fragment, ptr, if (dump_tcp_header(m, skb, currenthdr, fragment, ptr,
logflags)) logflags))
return; return;
break;
case IPPROTO_UDP: case IPPROTO_UDP:
case IPPROTO_UDPLITE: case IPPROTO_UDPLITE:
if (dump_udp_header(m, skb, currenthdr, fragment, ptr)) if (dump_udp_header(m, skb, currenthdr, fragment, ptr))
return; return;
break;
case IPPROTO_ICMPV6: { case IPPROTO_ICMPV6: {
struct icmp6hdr _icmp6h; struct icmp6hdr _icmp6h;
const struct icmp6hdr *ic; const struct icmp6hdr *ic;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment