Jan Engelhardt wrote:
+static u_int16_t tcpmss_reverse_mtu4(const struct iphdr *iph)
+{
+ struct rtable *rt = NULL;
+ struct flowi fl = {.nl_u = {.ip4_u = {
+ .daddr = iph->saddr,
+ .tos = RT_TOS(iph->tos),
+ .scope = RT_SCOPE_UNIVERSE,
+ }}};
+
+ ip_route_output_key(&rt, &fl);
+ if (rt == NULL)
+ return ~(u_int16_t)0;
+ return dst_mtu(&rt->u.dst);
This leaks the dst_entry.
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
+static u_int16_t tcpmss_reverse_mtu6(const struct ipv6hdr *iph)
+{
+ struct rtable *rt = NULL;
+ struct flowi fl = {.nl_u = {.ip6_u = {
+ .daddr = iph->saddr,
+ .flowlabel = ((iph->flow_lbl[0] << 16) |
+ (iph->flow_lbl[1] << 8) | iph->flow_lbl[2]) &
+ 0x00FFFFFF,
+ }}};
+
+ ip_route_output_key(&rt, &fl);
+ if (rt == NULL)
+ return ~(u_int16_t)0;
+ return dst_mtu(&rt->u.dst);
This also leaks and you probably want to do IPv6 routing :) But the
patch should use the ->route function from nf_af_info anyways
to avoid adding module dependencies.
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
