Skip to content

Commit 51aff05

Browse files
zx2c4zx2c4
committed
compat: zero out skb->cb before icmp
This corresponds to the fancier upstream commit that's still on lkml, which passes a zeroed ip_options struct to __icmp_send. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
1 parent cad8059 commit 51aff05

File tree

1 file changed

+16
-4
lines changed

1 file changed

+16
-4
lines changed

src/compat/compat.h

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -933,11 +933,11 @@ static inline int skb_ensure_writable(struct sk_buff *skb, int write_len)
933933
#endif
934934

935935
#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0)
936+
#include <linux/icmpv6.h>
937+
#include <net/icmp.h>
936938
#if IS_ENABLED(CONFIG_NF_NAT)
937939
#include <linux/ip.h>
938-
#include <linux/icmpv6.h>
939940
#include <net/ipv6.h>
940-
#include <net/icmp.h>
941941
#include <net/netfilter/nf_conntrack.h>
942942
#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0) && !defined(ISRHEL8)
943943
#include <net/netfilter/nf_nat_core.h>
@@ -951,6 +951,7 @@ static inline void __compat_icmp_ndo_send(struct sk_buff *skb_in, int type, int
951951

952952
ct = nf_ct_get(skb_in, &ctinfo);
953953
if (!ct || !(ct->status & IPS_SRC_NAT)) {
954+
memset(skb_in->cb, 0, sizeof(skb_in->cb));
954955
icmp_send(skb_in, type, code, info);
955956
return;
956957
}
@@ -966,6 +967,7 @@ static inline void __compat_icmp_ndo_send(struct sk_buff *skb_in, int type, int
966967

967968
orig_ip = ip_hdr(skb_in)->saddr;
968969
ip_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.ip;
970+
memset(skb_in->cb, 0, sizeof(skb_in->cb));
969971
icmp_send(skb_in, type, code, info);
970972
ip_hdr(skb_in)->saddr = orig_ip;
971973
out:
@@ -980,6 +982,7 @@ static inline void __compat_icmpv6_ndo_send(struct sk_buff *skb_in, u8 type, u8
980982

981983
ct = nf_ct_get(skb_in, &ctinfo);
982984
if (!ct || !(ct->status & IPS_SRC_NAT)) {
985+
memset(skb_in->cb, 0, sizeof(skb_in->cb));
983986
icmpv6_send(skb_in, type, code, info);
984987
return;
985988
}
@@ -995,14 +998,23 @@ static inline void __compat_icmpv6_ndo_send(struct sk_buff *skb_in, u8 type, u8
995998

996999
orig_ip = ipv6_hdr(skb_in)->saddr;
9971000
ipv6_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.in6;
1001+
memset(skb_in->cb, 0, sizeof(skb_in->cb));
9981002
icmpv6_send(skb_in, type, code, info);
9991003
ipv6_hdr(skb_in)->saddr = orig_ip;
10001004
out:
10011005
consume_skb(cloned_skb);
10021006
}
10031007
#else
1004-
#define __compat_icmp_ndo_send icmp_send
1005-
#define __compat_icmpv6_ndo_send icmpv6_send
1008+
static inline void __compat_icmp_ndo_send(struct sk_buff *skb_in, int type, int code, __be32 info)
1009+
{
1010+
memset(skb_in->cb, 0, sizeof(skb_in->cb));
1011+
icmp_send(skb_in, type, code, info);
1012+
}
1013+
static inline void __compat_icmpv6_ndo_send(struct sk_buff *skb_in, u8 type, u8 code, __u32 info)
1014+
{
1015+
memset(skb_in->cb, 0, sizeof(skb_in->cb));
1016+
icmpv6_send(skb_in, type, code, info);
1017+
}
10061018
#endif
10071019
#define icmp_ndo_send __compat_icmp_ndo_send
10081020
#define icmpv6_ndo_send __compat_icmpv6_ndo_send

0 commit comments

Comments
 (0)