diff options
authorDuncan Roe <>2019-09-27 22:56:45 +1000
committerPablo Neira Ayuso <>2019-10-06 12:37:29 +0200
commita0b7cc0d20429ca1b62f551a4bd528ef7a0ea09b (patch)
parent38a7e5b365edce1fc0a972a05bbda0673ca63cad (diff)
src: Update UDP header length field after mangling
One would expect nfq_udp_mangle_ipv4() to take care of the length field in the UDP header but it did not. With this patch, it does. This patch is very unlikely to adversely affect any existing userspace software (that did its own length adjustment), because UDP checksumming was broken. Signed-off-by: Pablo Neira Ayuso <>
1 files changed, 2 insertions, 0 deletions
diff --git a/src/extra/udp.c b/src/extra/udp.c
index c48a179..f89d314 100644
--- a/src/extra/udp.c
+++ b/src/extra/udp.c
@@ -140,6 +140,8 @@ nfq_udp_mangle_ipv4(struct pkt_buff *pkt,
iph = (struct iphdr *)pkt->network_header;
udph = (struct udphdr *)(pkt->network_header + iph->ihl*4);
+ udph->len = htons(ntohs(udph->len) + rep_len - match_len);
if (!nfq_ip_mangle(pkt, iph->ihl*4 + sizeof(struct udphdr),
match_offset, match_len, rep_buffer, rep_len))
return 0;