/[linux-patches]/genpatches-2.6/tags/2.6.15-2/1905_bridge-netfilter-ip-fragments.patch
Gentoo

Contents of /genpatches-2.6/tags/2.6.15-2/1905_bridge-netfilter-ip-fragments.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 259 - (show annotations) (download)
Wed Jan 11 21:46:01 2006 UTC (8 years, 10 months ago) by dsd
File size: 1233 byte(s)
2.6.15-2 release
1 From stable-bounces@linux.kernel.org Tue Jan 10 13:19:27 2006
2 Date: Tue, 10 Jan 2006 13:13:45 -0800 (PST)
3 Message-Id: <20060110.131345.37717560.davem@davemloft.net>
4 To: stable@kernel.org
5 From: "David S. Miller" <davem@davemloft.net>
6 Subject: [EBTABLES] Don't match tcp/udp source/destination port for IP fragments
7
8 From: Bart De Schuymer <bdschuym@pandora.be>
9
10 Signed-off-by: Bart De Schuymer <bdschuym@pandora.be>
11 Signed-off-by: David S. Miller <davem@davemloft.net>
12 Signed-off-by: Chris Wright <chrisw@sous-sol.org>
13 ---
14 net/bridge/netfilter/ebt_ip.c | 3 +++
15 1 file changed, 3 insertions(+)
16
17 --- linux-2.6.15.y.orig/net/bridge/netfilter/ebt_ip.c
18 +++ linux-2.6.15.y/net/bridge/netfilter/ebt_ip.c
19 @@ -15,6 +15,7 @@
20 #include <linux/netfilter_bridge/ebtables.h>
21 #include <linux/netfilter_bridge/ebt_ip.h>
22 #include <linux/ip.h>
23 +#include <net/ip.h>
24 #include <linux/in.h>
25 #include <linux/module.h>
26
27 @@ -51,6 +52,8 @@ static int ebt_filter_ip(const struct sk
28 if (!(info->bitmask & EBT_IP_DPORT) &&
29 !(info->bitmask & EBT_IP_SPORT))
30 return EBT_MATCH;
31 + if (ntohs(ih->frag_off) & IP_OFFSET)
32 + return EBT_NOMATCH;
33 pptr = skb_header_pointer(skb, ih->ihl*4,
34 sizeof(_ports), &_ports);
35 if (pptr == NULL)

  ViewVC Help
Powered by ViewVC 1.1.20