Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6150bacf authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller
Browse files

[NETFILTER]: Check TCP checksum in ipt_REJECT 



Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent e3be8ba7

net/ipv4/netfilter/ipt_REJECT.c

+12 −1
Original line number Diff line number Diff line
@@ -104,10 +104,12 @@ static inline struct rtable *route_reverse(struct sk_buff *skb, 
static void send_reset(struct sk_buff *oldskb, int hook)

{

	struct sk_buff *nskb;

	struct iphdr *iph = oldskb->nh.iph;

	struct tcphdr _otcph, *oth, *tcph;

	struct rtable *rt;

	u_int16_t tmp_port;

	u_int32_t tmp_addr;

	unsigned int tcplen;

	int needs_ack;

	int hh_len;
@@ -124,7 +126,16 @@ static void send_reset(struct sk_buff *oldskb, int hook) 
	if (oth->rst)

		return;



	/* FIXME: Check checksum --RR */

	/* Check checksum */

	tcplen = oldskb->len - iph->ihl * 4;

	if (((hook != NF_IP_LOCAL_IN && oldskb->ip_summed != CHECKSUM_HW) ||

	     (hook == NF_IP_LOCAL_IN &&

	      oldskb->ip_summed != CHECKSUM_UNNECESSARY)) &&

	    csum_tcpudp_magic(iph->saddr, iph->daddr, tcplen, IPPROTO_TCP,

	                      oldskb->ip_summed == CHECKSUM_HW ? oldskb->csum :

	                      skb_checksum(oldskb, iph->ihl * 4, tcplen, 0)))

		return;



	if ((rt = route_reverse(oldskb, oth, hook)) == NULL)

		return;