tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: nf_nat_proto_icmpv6:: fix wrong comparison in icmpv6_manip_pkt

In commit 58a317f1 (netfilter: ipv6: add IPv6 NAT support), icmpv6_manip_pkt
was added with an incorrect comparison of ICMP codes to types. This causes
problems when using NAT rules with the --random option. Correct the
comparison.

This closes netfilter bugzilla #851, reported by Alexander Neumann.

Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Phil Oester and committed by
Pablo Neira Ayuso d830f0fa c13a84a8

+2 -2
+2 -2
net/ipv6/netfilter/nf_nat_proto_icmpv6.c
··· 69 69 hdr = (struct icmp6hdr *)(skb->data + hdroff); 70 70 l3proto->csum_update(skb, iphdroff, &hdr->icmp6_cksum, 71 71 tuple, maniptype); 72 - if (hdr->icmp6_code == ICMPV6_ECHO_REQUEST || 73 - hdr->icmp6_code == ICMPV6_ECHO_REPLY) { 72 + if (hdr->icmp6_type == ICMPV6_ECHO_REQUEST || 73 + hdr->icmp6_type == ICMPV6_ECHO_REPLY) { 74 74 inet_proto_csum_replace2(&hdr->icmp6_cksum, skb, 75 75 hdr->icmp6_identifier, 76 76 tuple->src.u.icmp.id, 0);