Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
[EBTABLES] Don't match tcp/udp source/destination port for IP fragments
Signed-off-by: Bart De Schuymer <bdschuym@pandora.be>
Signed-off-by: David S. Miller <davem@davemloft.net>
authored by
Bart De Schuymer
and committed by
David S. Miller
8a4c8a96
65e480ac
+3
net/bridge/netfilter/ebt_ip.c
+3
net/bridge/netfilter/ebt_ip.c
···
15
15
#include <linux/netfilter_bridge/ebtables.h>
16
16
#include <linux/netfilter_bridge/ebt_ip.h>
17
17
#include <linux/ip.h>
18
+
#include <net/ip.h>
18
19
#include <linux/in.h>
19
20
#include <linux/module.h>
20
21
···
52
51
if (!(info->bitmask & EBT_IP_DPORT) &&
53
52
!(info->bitmask & EBT_IP_SPORT))
54
53
return EBT_MATCH;
54
+
if (ntohs(ih->frag_off) & IP_OFFSET)
55
+
return EBT_NOMATCH;
55
56
pptr = skb_header_pointer(skb, ih->ihl*4,
56
57
sizeof(_ports), &_ports);
57
58
if (pptr == NULL)