diff options
author | Jesse Gross <jesse@nicira.com> | 2011-11-30 17:05:51 -0800 |
---|---|---|
committer | Jesse Gross <jesse@nicira.com> | 2011-12-03 09:35:10 -0800 |
commit | 75f2811c6460ccc59d83c66059943ce9c9f81a18 (patch) | |
tree | 49373cf5f5b11358aeb587209ad270496f751609 /security | |
parent | 396cf9430505cfba529a2f2a037d782719fa5844 (diff) | |
download | op-kernel-dev-75f2811c6460ccc59d83c66059943ce9c9f81a18.zip op-kernel-dev-75f2811c6460ccc59d83c66059943ce9c9f81a18.tar.gz |
ipv6: Add fragment reporting to ipv6_skip_exthdr().
While parsing through IPv6 extension headers, fragment headers are
skipped making them invisible to the caller. This reports the
fragment offset of the last header in order to make it possible to
determine whether the packet is fragmented and, if so whether it is
a first or last fragment.
Signed-off-by: Jesse Gross <jesse@nicira.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/lsm_audit.c | 3 | ||||
-rw-r--r-- | security/selinux/hooks.c | 3 |
2 files changed, 4 insertions, 2 deletions
diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 199616bb..7bd6f13 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -114,6 +114,7 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb, int offset, ret = 0; struct ipv6hdr *ip6; u8 nexthdr; + __be16 frag_off; ip6 = ipv6_hdr(skb); if (ip6 == NULL) @@ -126,7 +127,7 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb, offset = skb_network_offset(skb); offset += sizeof(*ip6); nexthdr = ip6->nexthdr; - offset = ipv6_skip_exthdr(skb, offset, &nexthdr); + offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); if (offset < 0) return 0; if (proto) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 7e6c256..cca09bb 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3561,6 +3561,7 @@ static int selinux_parse_skb_ipv6(struct sk_buff *skb, u8 nexthdr; int ret = -EINVAL, offset; struct ipv6hdr _ipv6h, *ip6; + __be16 frag_off; offset = skb_network_offset(skb); ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h); @@ -3573,7 +3574,7 @@ static int selinux_parse_skb_ipv6(struct sk_buff *skb, nexthdr = ip6->nexthdr; offset += sizeof(_ipv6h); - offset = ipv6_skip_exthdr(skb, offset, &nexthdr); + offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); if (offset < 0) goto out; |