netfilter: ip6t_NPT: Fix adjustment calculation (f5271fff) · Commits · e / devices / android_kernel_teracube_2e

Cast __wsum from/to __sum16 is wrong. Instead, apply appropriate conversion function: csum_unfold() or csum_fold(). [ The original patch has been modified to undo the final ~ that csum_fold returns. We only need to fold the 32-bit word that results from the checksum calculation into a 16-bit to ensure that the original subnet is restored appropriately. Spotted by Ulrich Weber. ] Signed-off-by:

YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by:

Pablo Neira Ayuso <pablo@netfilter.org>

net/ipv6/netfilter/ip6t_NPT.c

+3 −3

Original line number	Diff line number	Diff line
		@@ -30,7 +30,7 @@ static int ip6t_npt_checkentry(const struct xt_tgchk_param *par)
		(__force __wsum)npt->dst_pfx.in6.s6_addr16[i]);
		}

		npt->adjustment = (__force __sum16) csum_sub(src_sum, dst_sum);
		npt->adjustment = ~csum_fold(csum_sub(src_sum, dst_sum));
		return 0;
		}

		@@ -66,8 +66,8 @@ static bool ip6t_npt_map_pfx(const struct ip6t_npt_tginfo *npt,
		return false;
		}

		sum = (__force __sum16) csum_add((__force __wsum)addr->s6_addr16[idx],
		npt->adjustment);
		sum = ~csum_fold(csum_add(csum_unfold((__force __sum16)addr->s6_addr16[idx]),
		csum_unfold(npt->adjustment)));
		if (sum == CSUM_MANGLED_0)
		sum = 0;
		(__force __sum16 )&addr->s6_addr16[idx] = sum;