Commit 679a8738 authored by Herbert Xu's avatar Herbert Xu Committed by David S. Miller

[IPV6]: Fix raw socket checksums with IPsec

I made a mistake in my last patch to the raw socket checksum code.
I used the value of inet->cork.length as the length of the payload.
While this works with normal packets, it breaks down when IPsec is
present since the cork length includes the extension header length.

So here is a patch to fix the length calculations.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 31da185d
...@@ -455,11 +455,11 @@ csum_copy_err: ...@@ -455,11 +455,11 @@ csum_copy_err:
static int rawv6_push_pending_frames(struct sock *sk, struct flowi *fl, static int rawv6_push_pending_frames(struct sock *sk, struct flowi *fl,
struct raw6_sock *rp) struct raw6_sock *rp)
{ {
struct inet_sock *inet = inet_sk(sk);
struct sk_buff *skb; struct sk_buff *skb;
int err = 0; int err = 0;
int offset; int offset;
int len; int len;
int total_len;
u32 tmp_csum; u32 tmp_csum;
u16 csum; u16 csum;
...@@ -470,7 +470,8 @@ static int rawv6_push_pending_frames(struct sock *sk, struct flowi *fl, ...@@ -470,7 +470,8 @@ static int rawv6_push_pending_frames(struct sock *sk, struct flowi *fl,
goto out; goto out;
offset = rp->offset; offset = rp->offset;
if (offset >= inet->cork.length - 1) { total_len = inet_sk(sk)->cork.length - (skb->nh.raw - skb->data);
if (offset >= total_len - 1) {
err = -EINVAL; err = -EINVAL;
ip6_flush_pending_frames(sk); ip6_flush_pending_frames(sk);
goto out; goto out;
...@@ -514,7 +515,7 @@ static int rawv6_push_pending_frames(struct sock *sk, struct flowi *fl, ...@@ -514,7 +515,7 @@ static int rawv6_push_pending_frames(struct sock *sk, struct flowi *fl,
tmp_csum = csum_ipv6_magic(&fl->fl6_src, tmp_csum = csum_ipv6_magic(&fl->fl6_src,
&fl->fl6_dst, &fl->fl6_dst,
inet->cork.length, fl->proto, tmp_csum); total_len, fl->proto, tmp_csum);
if (tmp_csum == 0) if (tmp_csum == 0)
tmp_csum = -1; tmp_csum = -1;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment