netfilter: nf_tables: nft_payload: fix transport header base

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

We cannot use skb->transport_header since it's unset, use
pkt->xt.thoff instead.

Now possible using information made available through the x_tables
compatibility layer.

Reported-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Pablo Neira Ayuso 12 years ago c54032e0 0ca743a5

+2 -2

2 changed files

expand all

net

netfilter

nf_tables_core.c

nft_payload.c

+1 -1

net/netfilter/nf_tables_core.c

··· 44 44 if (priv->base == NFT_PAYLOAD_NETWORK_HEADER) 45 45 ptr = skb_network_header(skb); 46 46 else 47 - ptr = skb_transport_header(skb); 47 + ptr = skb_network_header(skb) + pkt->xt.thoff; 48 48 49 49 ptr += priv->offset; 50 50

+1 -1

net/netfilter/nft_payload.c

··· 36 36 offset = skb_network_offset(skb); 37 37 break; 38 38 case NFT_PAYLOAD_TRANSPORT_HEADER: 39 - offset = skb_transport_offset(skb); 39 + offset = pkt->xt.thoff; 40 40 break; 41 41 default: 42 42 BUG();