Message ID | m2d25phhox.wl@sfc.wide.ad.jp |
---|---|
State | Awaiting Upstream, archived |
Delegated to: | David Miller |
Headers | show |
From: Hajime Tazaki <tazaki@sfc.wide.ad.jp> Date: Wed, 04 Feb 2015 23:31:10 +0900 > When a network-layer header has multiple IPv6 extension headers, then offset > for mobility header goes wrong. This regression breaks an xfrm policy lookup > for a particular receive packet. Binding update packets of Mobile IPv6 > are all discarded without this fix. > > Fixes: de3b7a06dfe1 ("xfrm6: Fix transport header offset in _decode_session6.") > Signed-off-by: Hajime Tazaki <tazaki@sfc.wide.ad.jp> Steffen, please review and/or integrate into your tree. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Thu, Feb 05, 2015 at 03:38:54PM -0800, David Miller wrote: > From: Hajime Tazaki <tazaki@sfc.wide.ad.jp> > Date: Wed, 04 Feb 2015 23:31:10 +0900 > > > When a network-layer header has multiple IPv6 extension headers, then offset > > for mobility header goes wrong. This regression breaks an xfrm policy lookup > > for a particular receive packet. Binding update packets of Mobile IPv6 > > are all discarded without this fix. > > > > Fixes: de3b7a06dfe1 ("xfrm6: Fix transport header offset in _decode_session6.") > > Signed-off-by: Hajime Tazaki <tazaki@sfc.wide.ad.jp> > > Steffen, please review and/or integrate into your tree. Now applied to the ipsec tree, thanks! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c index 48bf5a0..8d2d01b 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c @@ -200,6 +200,7 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) #if IS_ENABLED(CONFIG_IPV6_MIP6) case IPPROTO_MH: + offset += ipv6_optlen(exthdr); if (!onlyproto && pskb_may_pull(skb, nh + offset + 3 - skb->data)) { struct ip6_mh *mh;
When a network-layer header has multiple IPv6 extension headers, then offset for mobility header goes wrong. This regression breaks an xfrm policy lookup for a particular receive packet. Binding update packets of Mobile IPv6 are all discarded without this fix. Fixes: de3b7a06dfe1 ("xfrm6: Fix transport header offset in _decode_session6.") Signed-off-by: Hajime Tazaki <tazaki@sfc.wide.ad.jp> --- net/ipv6/xfrm6_policy.c | 1 + 1 file changed, 1 insertion(+)