Hi Etan,
On Wed, Jan 13, 2021 at 10:58:52AM +0100, Etan Kissling wrote:
> diff --git a/src/extra/ipv6.c b/src/extra/ipv6.c
> index 42c5e25..1eb822f 100644
> --- a/src/extra/ipv6.c
> +++ b/src/extra/ipv6.c
> @@ -72,7 +72,8 @@ int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h,
Note: nfq_ip6_set_transport_header() is very much similar to
ipv6_skip_exthdr() in the Linux kernel, see net/ipv6/exthdrs_core.c
> uint32_t hdrlen;
>
> /* No more extensions, we're done. */
> - if (nexthdr == IPPROTO_NONE) {
> + if (nexthdr == IPPROTO_TCP || nexthdr == IPPROTO_UDP || nexthdr == IPPROTO_ESP ||
> + nexthdr == IPPROTO_ICMPV6 || nexthdr == IPPROTO_NONE) {
> cur = NULL;
> break;
> }
> @@ -107,7 +108,7 @@ int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h,
> } else if (nexthdr == IPPROTO_AH)
> hdrlen = (ip6_ext->ip6e_len + 2) << 2;
> else
> - hdrlen = ip6_ext->ip6e_len;
> + hdrlen = (ip6_ext->ip6e_len + 1) << 3;
This looks correct, IPv6 optlen is miscalculated.
The chunk above to stop the iteration, so I think the chunk that fixes
optlen is sufficient to fix the bug.
Thanks.
