summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>2006-04-18 14:47:44 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2006-04-18 15:57:52 -0700
commite5d25a90886d62d88fdd7cd5c3375f4fe436be64 (patch)
tree677a7aa9816db94dfae91e6cb7f35864e47dc6d4
parente3cae904d7df4f86ea1d13d459e667d389cc35e3 (diff)
downloadlinux-e5d25a90886d62d88fdd7cd5c3375f4fe436be64.tar.bz2
[IPV6] XFRM: Fix decoding session with preceding extension header(s).
We did not correctly decode session with preceding extension header(s). This was because we had already pulled preceding headers, skb->nh.raw + 40 + 1 - skb->data was minus, and pskb_may_pull() failed. We now have IP6CB(skb)->nhoff and skb->h.raw, and we can start parsing / decoding upper layer protocol from current position. Tracked down by Noriaki TAKAMIYA <takamiya@po.ntts.co.jp> and tested by Kazunori Miyazawa <kazunori@miyazawa.org>. Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv6/xfrm6_policy.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 588922bd9264..88c840f1beb6 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -191,10 +191,10 @@ error:
static inline void
_decode_session6(struct sk_buff *skb, struct flowi *fl)
{
- u16 offset = sizeof(struct ipv6hdr);
+ u16 offset = skb->h.raw - skb->nh.raw;
struct ipv6hdr *hdr = skb->nh.ipv6h;
struct ipv6_opt_hdr *exthdr;
- u8 nexthdr = skb->nh.ipv6h->nexthdr;
+ u8 nexthdr = skb->nh.raw[IP6CB(skb)->nhoff];
memset(fl, 0, sizeof(struct flowi));
ipv6_addr_copy(&fl->fl6_dst, &hdr->daddr);