[ 3.5.y.z extended stable ] Patch "ipv6: fix header length calculation in ip6_append_data()" has been added to staging queue

Herton Ronaldo Krzesinski herton.krzesinski at canonical.com
Fri Feb 15 03:10:24 UTC 2013 

This is a note to let you know that I have just added a patch titled

    ipv6: fix header length calculation in ip6_append_data()

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Herton

------

>From 5c470f3343f74349f9eb6382def9ed97a2b96f09 Mon Sep 17 00:00:00 2001
From: Romain KUNTZ <r.kuntz at ipflavors.com>
Date: Wed, 16 Jan 2013 12:47:40 +0000
Subject: [PATCH] ipv6: fix header length calculation in ip6_append_data()

commit 7efdba5bd9a2f3e2059beeb45c9fa55eefe1bced upstream.

Commit 299b0767 (ipv6: Fix IPsec slowpath fragmentation problem)
has introduced a error in the header length calculation that
provokes corrupted packets when non-fragmentable extensions
headers (Destination Option or Routing Header Type 2) are used.

rt->rt6i_nfheader_len is the length of the non-fragmentable
extension header, and it should be substracted to
rt->dst.header_len, and not to exthdrlen, as it was done before
commit 299b0767.

This patch reverts to the original and correct behavior. It has
been successfully tested with and without IPsec on packets
that include non-fragmentable extensions headers.

Signed-off-by: Romain Kuntz <r.kuntz at ipflavors.com>
Acked-by: Steffen Klassert <steffen.klassert at secunet.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
[ herton: adjust context ]
Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski at canonical.com>
---
 net/ipv6/ip6_output.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index decc21d1..4703c70 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1293,10 +1293,10 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
 		cork->length = 0;
 		sk->sk_sndmsg_page = NULL;
 		sk->sk_sndmsg_off = 0;
-		exthdrlen = (opt ? opt->opt_flen : 0) - rt->rt6i_nfheader_len;
+		exthdrlen = (opt ? opt->opt_flen : 0);
 		length += exthdrlen;
 		transhdrlen += exthdrlen;
-		dst_exthdrlen = rt->dst.header_len;
+		dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len;
 	} else {
 		rt = (struct rt6_info *)cork->dst;
 		fl6 = &inet->cork.fl.u.ip6;
--
1.7.9.5

More information about the kernel-team mailing list