diff options
author | Jesse Gross <jesse@nicira.com> | 2011-11-30 17:05:51 -0800 |
---|---|---|
committer | Jesse Gross <jesse@nicira.com> | 2011-12-03 09:35:10 -0800 |
commit | 75f2811c6460ccc59d83c66059943ce9c9f81a18 (patch) | |
tree | 49373cf5f5b11358aeb587209ad270496f751609 /security | |
parent | 396cf9430505cfba529a2f2a037d782719fa5844 (diff) | |
download | lwn-75f2811c6460ccc59d83c66059943ce9c9f81a18.tar.gz lwn-75f2811c6460ccc59d83c66059943ce9c9f81a18.zip |
ipv6: Add fragment reporting to ipv6_skip_exthdr().
While parsing through IPv6 extension headers, fragment headers are
skipped making them invisible to the caller. This reports the
fragment offset of the last header in order to make it possible to
determine whether the packet is fragmented and, if so whether it is
a first or last fragment.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/lsm_audit.c | 3 | ||||
-rw-r--r-- | security/selinux/hooks.c | 3 |
2 files changed, 4 insertions, 2 deletions
diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 199616bb68d3..7bd6f138236b 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -114,6 +114,7 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb, int offset, ret = 0; struct ipv6hdr *ip6; u8 nexthdr; + __be16 frag_off; ip6 = ipv6_hdr(skb); if (ip6 == NULL) @@ -126,7 +127,7 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb, offset = skb_network_offset(skb); offset += sizeof(*ip6); nexthdr = ip6->nexthdr; - offset = ipv6_skip_exthdr(skb, offset, &nexthdr); + offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); if (offset < 0) return 0; if (proto) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 7e6c2564e741..cca09bb46502 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3561,6 +3561,7 @@ static int selinux_parse_skb_ipv6(struct sk_buff *skb, u8 nexthdr; int ret = -EINVAL, offset; struct ipv6hdr _ipv6h, *ip6; + __be16 frag_off; offset = skb_network_offset(skb); ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); @@ -3573,7 +3574,7 @@ static int selinux_parse_skb_ipv6(struct sk_buff *skb, nexthdr = ip6->nexthdr; offset += sizeof(_ipv6h); - offset = ipv6_skip_exthdr(skb, offset, &nexthdr); + offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); if (offset < 0) goto out; |