This corrects issues in IPv6 header handling that sometimes resulted in an endless loop.
Signed-off-by: Etan Kissling <etan_kissling@xxxxxxxxx>
---
src/extra/ipv6.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/extra/ipv6.c b/src/extra/ipv6.c
index 42c5e25..1eb822f 100644
--- a/src/extra/ipv6.c
+++ b/src/extra/ipv6.c
@@ -72,7 +72,8 @@ int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h,
uint32_t hdrlen;
/* No more extensions, we're done. */
- if (nexthdr == IPPROTO_NONE) {
+ if (nexthdr == IPPROTO_TCP || nexthdr == IPPROTO_UDP || nexthdr == IPPROTO_ESP ||
+ nexthdr == IPPROTO_ICMPV6 || nexthdr == IPPROTO_NONE) {
cur = NULL;
break;
}
@@ -107,7 +108,7 @@ int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h,
} else if (nexthdr == IPPROTO_AH)
hdrlen = (ip6_ext->ip6e_len + 2) << 2;
else
- hdrlen = ip6_ext->ip6e_len;
+ hdrlen = (ip6_ext->ip6e_len + 1) << 3;
nexthdr = ip6_ext->ip6e_nxt;
cur += hdrlen;
--
2.21.1 (Apple Git-122.3)
