anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-09 06:04:56 +02:00
Code Issues Releases Wiki Activity

xt_psd: move early bail-out code above skb_header_pointer

Browse Source
This commit is contained in:
Jan Engelhardt
2011-08-11 15:45:35 +02:00
parent 21da1dfea5
commit 7e92ce7ce6
1 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
extensions/xt_psd.c
View File

@@ -130,6 +130,12 @@ xt_psd_match(const struct sk_buff *pskb, struct xt_action_param *match)
/* Get the source address, source & destination ports, and TCP flags */ /* Get the source address, source & destination ports, and TCP flags */
addr.s_addr = iph->saddr; addr.s_addr = iph->saddr;
/* We're using IP address 0.0.0.0 for a special purpose here, so don't let
* them spoof us. [DHCP needs this feature - HW] */
if (addr.s_addr == 0) {
pr_debug("spoofed source address (0.0.0.0)\n");
return false;
}
if (proto == IPPROTO_TCP) { if (proto == IPPROTO_TCP) {
tcph = skb_header_pointer(pskb, match->thoff, tcph = skb_header_pointer(pskb, match->thoff,
@@ -154,13 +160,6 @@ xt_psd_match(const struct sk_buff *pskb, struct xt_action_param *match)
return false; return false;
} }
/* We're using IP address 0.0.0.0 for a special purpose here, so don't let
* them spoof us. [DHCP needs this feature - HW] */
if (addr.s_addr == 0) {
pr_debug("spoofed source address (0.0.0.0)\n");
return false;
}
/* Use jiffies here not to depend on someone setting the time while we're /* Use jiffies here not to depend on someone setting the time while we're
* running; we need to be careful with possible return value overflows. */ * running; we need to be careful with possible return value overflows. */
now = jiffies; now = jiffies;