global: cleanup IP header checking

This way is more correct and ensures we're within the skb head. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2017-06-25 16:24:23 +0200
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2017-06-26 12:35:06 +0200
commit: 3b2b6e7c1eb6a8d24c057e7f032e5cd4fea191fe (patch)
tree: a9fca6dd1a0443e9e4096d9c44867630c36624b9 /src/ratelimiter.c
parent: 8644e1cddac2df86a67e3a407629d8416f8a3c5e (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/ratelimiter.c b/src/ratelimiter.c
index 2d2e758..b3fdd4c 100644
--- a/src/ratelimiter.c
+++ b/src/ratelimiter.c
@@ -82,12 +82,12 @@ bool ratelimiter_allow(struct sk_buff *skb, struct net *net)
 	struct hlist_head *bucket;
 	struct { u32 net; __be32 ip[3]; } data = { .net = (unsigned long)net & 0xffffffff };
 
-	if (skb->len >= sizeof(struct iphdr) && ip_hdr(skb)->version == 4) {
+	if (skb->protocol == htons(ETH_P_IP)) {
 		data.ip[0] = ip_hdr(skb)->saddr;
 		bucket = &table_v4[hsiphash(&data, sizeof(u32) * 2, &key) & (table_size - 1)];
 	}
 #if IS_ENABLED(CONFIG_IPV6)
-	else if (skb->len >= sizeof(struct ipv6hdr) && ip_hdr(skb)->version == 6) {
+	else if (skb->protocol == htons(ETH_P_IPV6)) {
 		memcpy(data.ip, &ipv6_hdr(skb)->saddr, sizeof(u32) * 3); /* Only 96 bits */
 		bucket = &table_v6[hsiphash(&data, sizeof(u32) * 4, &key) & (table_size - 1)];
 	}
author	Jason A. Donenfeld <Jason@zx2c4.com>	2017-06-25 16:24:23 +0200
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2017-06-26 12:35:06 +0200
commit	3b2b6e7c1eb6a8d24c057e7f032e5cd4fea191fe (patch)
tree	a9fca6dd1a0443e9e4096d9c44867630c36624b9 /src/ratelimiter.c
parent	8644e1cddac2df86a67e3a407629d8416f8a3c5e (diff)