summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorAhmed Abdelsalam <amsalam20@gmail.com>2018-02-27 07:25:14 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2018-03-11 22:59:06 +0100
commit1400288f6d39d9839748c44216171e84c6d47d66 (patch)
tree921cff53b70f0edd401292098f4eb4516047ca07 /include
parent86b89aa695d84d2c28731ac92f5c0b592b11cdb8 (diff)
src: handle rt0 and rt2 properly
Type 0 and 2 of the IPv6 Routing extension header are not handled properly by exthdr_init_raw() in src/exthdr.c In order to fix the bug, we extended the "enum nft_exthdr_op" to differentiate between rt, rt0, and rt2. This patch should fix the bug. We tested the patch against the same configuration reported in the bug and the output is as shown below. table ip6 filter { chain input { type filter hook input priority 0; policy accept; rt0 addr[1] a::2 } } Fixes: Bugzilla #1219 Signed-off-by: Ahmed Abdelsalam <amsalam20@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r--include/exthdr.h1
-rw-r--r--include/linux/netfilter/nf_tables.h3
2 files changed, 4 insertions, 0 deletions
diff --git a/include/exthdr.h b/include/exthdr.h
index 97ccc387..06bf6285 100644
--- a/include/exthdr.h
+++ b/include/exthdr.h
@@ -14,6 +14,7 @@
struct exthdr_desc {
const char *name;
uint8_t type;
+ int proto_key;
struct proto_hdr_template templates[10];
};
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 517a39a0..1a98f03a 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -731,6 +731,9 @@ enum nft_exthdr_flags {
enum nft_exthdr_op {
NFT_EXTHDR_OP_IPV6,
NFT_EXTHDR_OP_TCPOPT,
+ NFT_EXTHDR_OP_RT0,
+ NFT_EXTHDR_OP_RT2,
+ NFT_EXTHDR_OP_RT4,
__NFT_EXTHDR_OP_MAX
};
#define NFT_EXTHDR_OP_MAX (__NFT_EXTHDR_OP_MAX - 1)