Commit 7efdba5b authored Jan 16, 2013 by Romain KUNTZ Committed by David S. Miller Jan 17, 2013

ipv6: fix header length calculation in ip6_append_data()



Commit 299b0767 (ipv6: Fix IPsec slowpath fragmentation problem)
has introduced a error in the header length calculation that
provokes corrupted packets when non-fragmentable extensions
headers (Destination Option or Routing Header Type 2) are used.

rt->rt6i_nfheader_len is the length of the non-fragmentable
extension header, and it should be substracted to
rt->dst.header_len, and not to exthdrlen, as it was done before
commit 299b0767.

This patch reverts to the original and correct behavior. It has
been successfully tested with and without IPsec on packets
that include non-fragmentable extensions headers.

Signed-off-by: Romain Kuntz <r.kuntz@ipflavors.com>
Acked-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 3022551b

net/ipv6/ip6_output.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -1213,10 +1213,10 @@ int ip6_append_data(struct sock sk, int getfrag(void from, char *to,
		if (dst_allfrag(rt->dst.path))
		cork->flags \|= IPCORK_ALLFRAG;
		cork->length = 0;
		exthdrlen = (opt ? opt->opt_flen : 0) - rt->rt6i_nfheader_len;
		exthdrlen = (opt ? opt->opt_flen : 0);
		length += exthdrlen;
		transhdrlen += exthdrlen;
		dst_exthdrlen = rt->dst.header_len;
		dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len;
		} else {
		rt = (struct rt6_info *)cork->dst;
		fl6 = &inet->cork.fl.u.ip6;

Admin message