Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c54032e0 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nf_tables: nft_payload: fix transport header base 



We cannot use skb->transport_header since it's unset, use
pkt->xt.thoff instead.

Now possible using information made available through the x_tables
compatibility layer.

Reported-by: default avatarEric Leblond <eric@regit.org>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 0ca743a5

net/netfilter/nf_tables_core.c

+1 −1
Original line number Diff line number Diff line
@@ -44,7 +44,7 @@ static bool nft_payload_fast_eval(const struct nft_expr *expr, 
	if (priv->base == NFT_PAYLOAD_NETWORK_HEADER)

		ptr = skb_network_header(skb);

	else

		ptr = skb_transport_header(skb);

		ptr = skb_network_header(skb) + pkt->xt.thoff;



	ptr += priv->offset;

net/netfilter/nft_payload.c

+1 −1
Original line number Diff line number Diff line
@@ -36,7 +36,7 @@ static void nft_payload_eval(const struct nft_expr *expr, 
		offset = skb_network_offset(skb);

		break;

	case NFT_PAYLOAD_TRANSPORT_HEADER:

		offset = skb_transport_offset(skb);

		offset = pkt->xt.thoff;

		break;

	default:

		BUG();