1 From 806de2ef475499053e70927728e7b0c6c24b99a2 Mon Sep 17 00:00:00 2001
2 From: Taehee Yoo <ap420073@gmail.com>
3 Date: Tue, 30 Apr 2019 01:55:54 +0900
4 Subject: netfilter: nf_flow_table: check ttl value in flow offload data path
6 [ Upstream commit 33cc3c0cfa64c86b6c4bbee86997aea638534931 ]
8 nf_flow_offload_ip_hook() and nf_flow_offload_ipv6_hook() do not check
9 ttl value. So, ttl value overflow may occur.
11 Fixes: 97add9f0d66d ("netfilter: flow table support for IPv4")
12 Fixes: 0995210753a2 ("netfilter: flow table support for IPv6")
13 Signed-off-by: Taehee Yoo <ap420073@gmail.com>
14 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
15 Signed-off-by: Sasha Levin <sashal@kernel.org>
17 net/netfilter/nf_flow_table_ip.c | 6 ++++++
18 1 file changed, 6 insertions(+)
20 diff --git a/net/netfilter/nf_flow_table_ip.c b/net/netfilter/nf_flow_table_ip.c
21 index 15ed91309992..129e9ec99ec9 100644
22 --- a/net/netfilter/nf_flow_table_ip.c
23 +++ b/net/netfilter/nf_flow_table_ip.c
24 @@ -181,6 +181,9 @@ static int nf_flow_tuple_ip(struct sk_buff *skb, const struct net_device *dev,
25 iph->protocol != IPPROTO_UDP)
32 if (!pskb_may_pull(skb, thoff + sizeof(*ports)))
34 @@ -412,6 +415,9 @@ static int nf_flow_tuple_ipv6(struct sk_buff *skb, const struct net_device *dev,
35 ip6h->nexthdr != IPPROTO_UDP)
38 + if (ip6h->hop_limit <= 1)
41 thoff = sizeof(*ip6h);
42 if (!pskb_may_pull(skb, thoff + sizeof(*ports)))