Skip to content

Commit

Permalink
ipv6: drop frames with attached skb->sk in forwarding
Browse files Browse the repository at this point in the history 
[ Upstream commit 9ef2e96 ]

This is a clone of commit 2ab9574 ("ip_forward: Drop frames with
attached skb->sk") for ipv6.

This commit has exactly the same reasons as the above mentioned commit,
namely to prevent panics during netfilter reload or a misconfigured stack.

Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
  • Loading branch information
Hannes Frederic Sowa authored and Sasha Levin committed Mar 14, 2016
1 parent b5c4153 commit b014bae
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions net/ipv6/ip6_output.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -376,6 +376,9 @@ int ip6_forward(struct sk_buff *skb)
if (skb->pkt_type != PACKET_HOST)
goto drop;

if (unlikely(skb->sk))
goto drop;

if (skb_warn_if_lro(skb))
goto drop;

Expand Down

0 comments on commit b014bae

Please sign in to comment.