netfilter: IPv6: initialize TOS field in REJECT target module

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The IPv6 header is not zeroed out in alloc_skb so we must initialize
it properly unless we want to see IPv6 packets with random TOS fields
floating around. The current implementation resets the flow label
but this could be changed if deemed necessary.

We stumbled upon this issue when trying to apply a mangle rule to
the RST packet generated by the REJECT target module.

Signed-off-by: Fernando Luis Vazquez Cao <fernando@oss.ntt.co.jp>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Fernando Luis Vazquez Cao and committed by

Pablo Neira Ayuso 15 years ago 4319cc0c 7a4f0761

+3 -1

1 changed file

expand all

net

ipv6

netfilter

ip6t_REJECT.c

+3 -1

net/ipv6/netfilter/ip6t_REJECT.c

··· 45 45 int tcphoff, needs_ack; 46 46 const struct ipv6hdr *oip6h = ipv6_hdr(oldskb); 47 47 struct ipv6hdr *ip6h; 48 + #define DEFAULT_TOS_VALUE 0x0U 49 + const __u8 tclass = DEFAULT_TOS_VALUE; 48 50 struct dst_entry *dst = NULL; 49 51 u8 proto; 50 52 struct flowi6 fl6; ··· 126 124 skb_put(nskb, sizeof(struct ipv6hdr)); 127 125 skb_reset_network_header(nskb); 128 126 ip6h = ipv6_hdr(nskb); 129 - ip6h->version = 6; 127 + *(__be32 *)ip6h = htonl(0x60000000 | (tclass << 20)); 130 128 ip6h->hop_limit = ip6_dst_hoplimit(dst); 131 129 ip6h->nexthdr = IPPROTO_TCP; 132 130 ipv6_addr_copy(&ip6h->saddr, &oip6h->daddr);