Hi Pablo, Thank you for taking care of these patches, I really appreciate it. I noticed that they have just been picked up by Linus. Could we get them into the -stable and -longterm trees too? 1ed2f73d90fb49bcf5704aee7e9084adb882bfc5 (netfilter: IPv6: fix DSCP mangle code) 4319cc0cf5bb894b7368008cdf6dd20eb8868018 (netfilter: IPv6: initialize TOS field in REJECT target module) Regards, Fernando On Tue, 2011-05-10 at 12:05 +0200, pablo@xxxxxxxxxxxxx wrote: > From: Fernando Luis Vazquez Cao <fernando@xxxxxxxxxxxxx> > > The IPv6 header is not zeroed out in alloc_skb so we must initialize > it properly unless we want to see IPv6 packets with random TOS fields > floating around. The current implementation resets the flow label > but this could be changed if deemed necessary. > > We stumbled upon this issue when trying to apply a mangle rule to > the RST packet generated by the REJECT target module. > > Signed-off-by: Fernando Luis Vazquez Cao <fernando@xxxxxxxxxxxxx> > Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > --- > net/ipv6/netfilter/ip6t_REJECT.c | 4 +++- > 1 files changed, 3 insertions(+), 1 deletions(-) > > diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c > index 28e7448..a5a4c5d 100644 > --- a/net/ipv6/netfilter/ip6t_REJECT.c > +++ b/net/ipv6/netfilter/ip6t_REJECT.c > @@ -45,6 +45,8 @@ static void send_reset(struct net *net, struct sk_buff *oldskb) > int tcphoff, needs_ack; > const struct ipv6hdr *oip6h = ipv6_hdr(oldskb); > struct ipv6hdr *ip6h; > +#define DEFAULT_TOS_VALUE 0x0U > + const __u8 tclass = DEFAULT_TOS_VALUE; > struct dst_entry *dst = NULL; > u8 proto; > struct flowi6 fl6; > @@ -124,7 +126,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb) > skb_put(nskb, sizeof(struct ipv6hdr)); > skb_reset_network_header(nskb); > ip6h = ipv6_hdr(nskb); > - ip6h->version = 6; > + *(__be32 *)ip6h = htonl(0x60000000 | (tclass << 20)); > ip6h->hop_limit = ip6_dst_hoplimit(dst); > ip6h->nexthdr = IPPROTO_TCP; > ipv6_addr_copy(&ip6h->saddr, &oip6h->daddr); -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
