diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-02-19 12:49:21 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2021-02-19 12:53:05 +0100 |
| commit | 51aff055200dbe1b1350e5607fc047e88251b08f (patch) | |
| tree | 5eb70a9394ff538a8b08355f3c0c59af54d69771 | |
| parent | cad80597c7947f0def83caf8cb56aff0149c83a8 (diff) | |
compat: zero out skb->cb before icmp
This corresponds to the fancier upstream commit that's still on lkml,
which passes a zeroed ip_options struct to __icmp_send.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| -rw-r--r-- | src/compat/compat.h | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/src/compat/compat.h b/src/compat/compat.h index 78e942d..3e8e005 100644 --- a/src/compat/compat.h +++ b/src/compat/compat.h @@ -933,11 +933,11 @@ static inline int skb_ensure_writable(struct sk_buff *skb, int write_len) #endif #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0) +#include <linux/icmpv6.h> +#include <net/icmp.h> #if IS_ENABLED(CONFIG_NF_NAT) #include <linux/ip.h> -#include <linux/icmpv6.h> #include <net/ipv6.h> -#include <net/icmp.h> #include <net/netfilter/nf_conntrack.h> #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0) && !defined(ISRHEL8) #include <net/netfilter/nf_nat_core.h> @@ -951,6 +951,7 @@ static inline void __compat_icmp_ndo_send(struct sk_buff *skb_in, int type, int ct = nf_ct_get(skb_in, &ctinfo); if (!ct || !(ct->status & IPS_SRC_NAT)) { + memset(skb_in->cb, 0, sizeof(skb_in->cb)); icmp_send(skb_in, type, code, info); return; } @@ -966,6 +967,7 @@ static inline void __compat_icmp_ndo_send(struct sk_buff *skb_in, int type, int orig_ip = ip_hdr(skb_in)->saddr; ip_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.ip; + memset(skb_in->cb, 0, sizeof(skb_in->cb)); icmp_send(skb_in, type, code, info); ip_hdr(skb_in)->saddr = orig_ip; out: @@ -980,6 +982,7 @@ static inline void __compat_icmpv6_ndo_send(struct sk_buff *skb_in, u8 type, u8 ct = nf_ct_get(skb_in, &ctinfo); if (!ct || !(ct->status & IPS_SRC_NAT)) { + memset(skb_in->cb, 0, sizeof(skb_in->cb)); icmpv6_send(skb_in, type, code, info); return; } @@ -995,14 +998,23 @@ static inline void __compat_icmpv6_ndo_send(struct sk_buff *skb_in, u8 type, u8 orig_ip = ipv6_hdr(skb_in)->saddr; ipv6_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.in6; + memset(skb_in->cb, 0, sizeof(skb_in->cb)); icmpv6_send(skb_in, type, code, info); ipv6_hdr(skb_in)->saddr = orig_ip; out: consume_skb(cloned_skb); } #else -#define __compat_icmp_ndo_send icmp_send -#define __compat_icmpv6_ndo_send icmpv6_send +static inline void __compat_icmp_ndo_send(struct sk_buff *skb_in, int type, int code, __be32 info) +{ + memset(skb_in->cb, 0, sizeof(skb_in->cb)); + icmp_send(skb_in, type, code, info); +} +static inline void __compat_icmpv6_ndo_send(struct sk_buff *skb_in, u8 type, u8 code, __u32 info) +{ + memset(skb_in->cb, 0, sizeof(skb_in->cb)); + icmpv6_send(skb_in, type, code, info); +} #endif #define icmp_ndo_send __compat_icmp_ndo_send #define icmpv6_ndo_send __compat_icmpv6_ndo_send |