summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2021-02-19 12:49:21 +0100
committerJason A. Donenfeld <Jason@zx2c4.com>2021-02-19 12:53:05 +0100
commit51aff055200dbe1b1350e5607fc047e88251b08f (patch)
tree5eb70a9394ff538a8b08355f3c0c59af54d69771
parentcad80597c7947f0def83caf8cb56aff0149c83a8 (diff)
compat: zero out skb->cb before icmp
This corresponds to the fancier upstream commit that's still on lkml, which passes a zeroed ip_options struct to __icmp_send. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rw-r--r--src/compat/compat.h20
1 files changed, 16 insertions, 4 deletions
diff --git a/src/compat/compat.h b/src/compat/compat.h
index 78e942d..3e8e005 100644
--- a/src/compat/compat.h
+++ b/src/compat/compat.h
@@ -933,11 +933,11 @@ static inline int skb_ensure_writable(struct sk_buff *skb, int write_len)
#endif
#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0)
+#include <linux/icmpv6.h>
+#include <net/icmp.h>
#if IS_ENABLED(CONFIG_NF_NAT)
#include <linux/ip.h>
-#include <linux/icmpv6.h>
#include <net/ipv6.h>
-#include <net/icmp.h>
#include <net/netfilter/nf_conntrack.h>
#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0) && !defined(ISRHEL8)
#include <net/netfilter/nf_nat_core.h>
@@ -951,6 +951,7 @@ static inline void __compat_icmp_ndo_send(struct sk_buff *skb_in, int type, int
ct = nf_ct_get(skb_in, &ctinfo);
if (!ct || !(ct->status & IPS_SRC_NAT)) {
+ memset(skb_in->cb, 0, sizeof(skb_in->cb));
icmp_send(skb_in, type, code, info);
return;
}
@@ -966,6 +967,7 @@ static inline void __compat_icmp_ndo_send(struct sk_buff *skb_in, int type, int
orig_ip = ip_hdr(skb_in)->saddr;
ip_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.ip;
+ memset(skb_in->cb, 0, sizeof(skb_in->cb));
icmp_send(skb_in, type, code, info);
ip_hdr(skb_in)->saddr = orig_ip;
out:
@@ -980,6 +982,7 @@ static inline void __compat_icmpv6_ndo_send(struct sk_buff *skb_in, u8 type, u8
ct = nf_ct_get(skb_in, &ctinfo);
if (!ct || !(ct->status & IPS_SRC_NAT)) {
+ memset(skb_in->cb, 0, sizeof(skb_in->cb));
icmpv6_send(skb_in, type, code, info);
return;
}
@@ -995,14 +998,23 @@ static inline void __compat_icmpv6_ndo_send(struct sk_buff *skb_in, u8 type, u8
orig_ip = ipv6_hdr(skb_in)->saddr;
ipv6_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.in6;
+ memset(skb_in->cb, 0, sizeof(skb_in->cb));
icmpv6_send(skb_in, type, code, info);
ipv6_hdr(skb_in)->saddr = orig_ip;
out:
consume_skb(cloned_skb);
}
#else
-#define __compat_icmp_ndo_send icmp_send
-#define __compat_icmpv6_ndo_send icmpv6_send
+static inline void __compat_icmp_ndo_send(struct sk_buff *skb_in, int type, int code, __be32 info)
+{
+ memset(skb_in->cb, 0, sizeof(skb_in->cb));
+ icmp_send(skb_in, type, code, info);
+}
+static inline void __compat_icmpv6_ndo_send(struct sk_buff *skb_in, u8 type, u8 code, __u32 info)
+{
+ memset(skb_in->cb, 0, sizeof(skb_in->cb));
+ icmpv6_send(skb_in, type, code, info);
+}
#endif
#define icmp_ndo_send __compat_icmp_ndo_send
#define icmpv6_ndo_send __compat_icmpv6_ndo_send