From: Victor Julien <vjulien@oisf.net>
Date: Thu, 4 May 2023 04:47:58 +0000 (+0200)
Subject: respond/reject: fix IPv6 TCP resets
X-Git-Tag: suricata-6.0.12~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=18a71913e35ffe4742c49f6ed4a4e5416eb2319d;p=thirdparty%2Fsuricata.git

respond/reject: fix IPv6 TCP resets

Fix length and next header field settings.

Bug: #6038.
(cherry picked from commit 235ee362119b4351e2e0cc3be9bbb5cf90bd20d9)
---

diff --git a/src/respond-reject-libnet11.c b/src/respond-reject-libnet11.c
index 5149d5eec0..76d825b2f8 100644
--- a/src/respond-reject-libnet11.c
+++ b/src/respond-reject-libnet11.c
@@ -431,7 +431,7 @@ int RejectSendLibnet11IPv6TCP(ThreadVars *tv, Packet *p, void *data, enum Reject
     if (c == NULL)
         return 1;
 
-    lpacket.len = LIBNET_IPV6_H + LIBNET_TCP_H;
+    lpacket.len = LIBNET_TCP_H;
     lpacket.dsize = p->payload_len;
 
     switch (dir) {
@@ -452,7 +452,7 @@ int RejectSendLibnet11IPv6TCP(ThreadVars *tv, Packet *p, void *data, enum Reject
 
     BuildTCP(c, &lpacket);
 
-    if (BuildIPv6(c, &lpacket, IPPROTO_ICMP) < 0)
+    if (BuildIPv6(c, &lpacket, IPPROTO_TCP) < 0)
         goto cleanup;
 
     if (t_inject_mode == LIBNET_LINK) {