]> git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff
batman-adv: frag: avoid underflow of TTL
authorSven Eckelmann <sven@narfation.org>
Thu, 11 Jun 2026 20:14:54 +0000 (22:14 +0200)
committerSven Eckelmann <sven@narfation.org>
Sat, 13 Jun 2026 05:57:51 +0000 (07:57 +0200)
Packets with a TTL are using it to limit the amount of time this packet can
be forwarded. But for batadv_frag_packet, the TTL was always only reduced
but it was never evaluated. It could even underflow without any effect.

Check the TTL in batadv_frag_skb_fwd() before attempting to prepare it for
forwarding. This keeps it in sync with the not fragmented unicast packet.

Cc: stable@kernel.org
Fixes: 610bfc6bc99b ("batman-adv: Receive fragmented packets and merge")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
net/batman-adv/fragmentation.c

index f311a42203d2eb8a95b6ff20fcd9be12a71f87ca..8a006a0473a87d77a79a38b11d0d06c364aebc3c 100644 (file)
@@ -417,6 +417,13 @@ bool batadv_frag_skb_fwd(struct sk_buff *skb,
         */
        total_size = ntohs(packet->total_size);
        if (total_size > neigh_node->if_incoming->net_dev->mtu) {
+               if (packet->ttl < 2) {
+                       kfree_skb(skb);
+                       *rx_result = NET_RX_DROP;
+                       ret = true;
+                       goto out;
+               }
+
                if (skb_cow(skb, ETH_HLEN) < 0) {
                        kfree_skb(skb);
                        *rx_result = NET_RX_DROP;