|
|
|
|
@ -275,7 +275,7 @@ int ip_options_compile(struct net *net, |
|
|
|
|
|
|
|
|
|
for (l = opt->optlen; l > 0; ) { |
|
|
|
|
switch (*optptr) { |
|
|
|
|
case IPOPT_END: |
|
|
|
|
case IPOPT_END: |
|
|
|
|
for (optptr++, l--; l > 0; optptr++, l--) { |
|
|
|
|
if (*optptr != IPOPT_END) { |
|
|
|
|
*optptr = IPOPT_END; |
|
|
|
|
@ -283,7 +283,7 @@ int ip_options_compile(struct net *net, |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
goto eol; |
|
|
|
|
case IPOPT_NOOP: |
|
|
|
|
case IPOPT_NOOP: |
|
|
|
|
l--; |
|
|
|
|
optptr++; |
|
|
|
|
continue; |
|
|
|
|
@ -294,8 +294,8 @@ int ip_options_compile(struct net *net, |
|
|
|
|
goto error; |
|
|
|
|
} |
|
|
|
|
switch (*optptr) { |
|
|
|
|
case IPOPT_SSRR: |
|
|
|
|
case IPOPT_LSRR: |
|
|
|
|
case IPOPT_SSRR: |
|
|
|
|
case IPOPT_LSRR: |
|
|
|
|
if (optlen < 3) { |
|
|
|
|
pp_ptr = optptr + 1; |
|
|
|
|
goto error; |
|
|
|
|
@ -321,7 +321,7 @@ int ip_options_compile(struct net *net, |
|
|
|
|
opt->is_strictroute = (optptr[0] == IPOPT_SSRR); |
|
|
|
|
opt->srr = optptr - iph; |
|
|
|
|
break; |
|
|
|
|
case IPOPT_RR: |
|
|
|
|
case IPOPT_RR: |
|
|
|
|
if (opt->rr) { |
|
|
|
|
pp_ptr = optptr; |
|
|
|
|
goto error; |
|
|
|
|
@ -349,7 +349,7 @@ int ip_options_compile(struct net *net, |
|
|
|
|
} |
|
|
|
|
opt->rr = optptr - iph; |
|
|
|
|
break; |
|
|
|
|
case IPOPT_TIMESTAMP: |
|
|
|
|
case IPOPT_TIMESTAMP: |
|
|
|
|
if (opt->ts) { |
|
|
|
|
pp_ptr = optptr; |
|
|
|
|
goto error; |
|
|
|
|
@ -369,13 +369,13 @@ int ip_options_compile(struct net *net, |
|
|
|
|
goto error; |
|
|
|
|
} |
|
|
|
|
switch (optptr[3]&0xF) { |
|
|
|
|
case IPOPT_TS_TSONLY: |
|
|
|
|
case IPOPT_TS_TSONLY: |
|
|
|
|
if (skb) |
|
|
|
|
timeptr = &optptr[optptr[2]-1]; |
|
|
|
|
opt->ts_needtime = 1; |
|
|
|
|
optptr[2] += 4; |
|
|
|
|
break; |
|
|
|
|
case IPOPT_TS_TSANDADDR: |
|
|
|
|
case IPOPT_TS_TSANDADDR: |
|
|
|
|
if (optptr[2]+7 > optptr[1]) { |
|
|
|
|
pp_ptr = optptr + 2; |
|
|
|
|
goto error; |
|
|
|
|
@ -389,7 +389,7 @@ int ip_options_compile(struct net *net, |
|
|
|
|
opt->ts_needtime = 1; |
|
|
|
|
optptr[2] += 8; |
|
|
|
|
break; |
|
|
|
|
case IPOPT_TS_PRESPEC: |
|
|
|
|
case IPOPT_TS_PRESPEC: |
|
|
|
|
if (optptr[2]+7 > optptr[1]) { |
|
|
|
|
pp_ptr = optptr + 2; |
|
|
|
|
goto error; |
|
|
|
|
@ -405,7 +405,7 @@ int ip_options_compile(struct net *net, |
|
|
|
|
opt->ts_needtime = 1; |
|
|
|
|
optptr[2] += 8; |
|
|
|
|
break; |
|
|
|
|
default: |
|
|
|
|
default: |
|
|
|
|
if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { |
|
|
|
|
pp_ptr = optptr + 3; |
|
|
|
|
goto error; |
|
|
|
|
@ -433,7 +433,7 @@ int ip_options_compile(struct net *net, |
|
|
|
|
} |
|
|
|
|
opt->ts = optptr - iph; |
|
|
|
|
break; |
|
|
|
|
case IPOPT_RA: |
|
|
|
|
case IPOPT_RA: |
|
|
|
|
if (optlen < 4) { |
|
|
|
|
pp_ptr = optptr + 1; |
|
|
|
|
goto error; |
|
|
|
|
@ -441,7 +441,7 @@ int ip_options_compile(struct net *net, |
|
|
|
|
if (optptr[2] == 0 && optptr[3] == 0) |
|
|
|
|
opt->router_alert = optptr - iph; |
|
|
|
|
break; |
|
|
|
|
case IPOPT_CIPSO: |
|
|
|
|
case IPOPT_CIPSO: |
|
|
|
|
if ((!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) || opt->cipso) { |
|
|
|
|
pp_ptr = optptr; |
|
|
|
|
goto error; |
|
|
|
|
@ -452,9 +452,9 @@ int ip_options_compile(struct net *net, |
|
|
|
|
goto error; |
|
|
|
|
} |
|
|
|
|
break; |
|
|
|
|
case IPOPT_SEC: |
|
|
|
|
case IPOPT_SID: |
|
|
|
|
default: |
|
|
|
|
case IPOPT_SEC: |
|
|
|
|
case IPOPT_SID: |
|
|
|
|
default: |
|
|
|
|
if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) { |
|
|
|
|
pp_ptr = optptr; |
|
|
|
|
goto error; |
|
|
|
|
|
Weilong Chen
11 years ago
committed by