diff options
author | Duncan Roe <duncan_roe@optusnet.com.au> | 2023-10-08 13:41:31 +1100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-10-08 11:07:02 +0200 |
commit | 151296423e475cd9008b56f893b1dd07912bf81a (patch) | |
tree | 7fc6aba63ad679ba6a50f5aab9b519c01710aa61 /src/extra | |
parent | 468b81e1959cea1ce22a78386aca14568922076e (diff) |
src: Fix IPv6 Fragment Header processing
2 items:
1. frag_off (Fragment Offset pointer) overshot by 2 bytes because of adding
offsetof() to it *after* it had been cast to uint16_t *.
2. Need to mask off LS 3 bits of ip6f_offlg *after* call to htons.
Fixes: a0c885ae5a79 ("add pkt_buff and protocol helper functions")
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/extra')
-rw-r--r-- | src/extra/ipv6.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/extra/ipv6.c b/src/extra/ipv6.c index 69d86a8..fd8ebc4 100644 --- a/src/extra/ipv6.c +++ b/src/extra/ipv6.c @@ -113,11 +113,11 @@ int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h, break; } - frag_off = (uint16_t *)cur + - offsetof(struct ip6_frag, ip6f_offlg); + frag_off = (uint16_t *)(cur + + offsetof(struct ip6_frag, ip6f_offlg)); /* Fragment offset is only 13 bits long. */ - if (htons(*frag_off & ~0x7)) { + if (htons(*frag_off) & ~0x7) { /* Not the first fragment, it does not contain * any headers. */ |