netfilter: nf_tables: nft_payload: fix transport header base

We cannot use skb->transport_header since it's unset, use pkt->xt.thoff instead. Now possible using information made available through the x_tables compatibility layer. Reported-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2013-10-11 08:00:22 (GMT)
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-10-14 16:00:56 (GMT)
commit: c54032e05bfcbb261f47aaadf8476e864e8712f4 (patch)
tree: 60d0012f8d4bd92c1a0e3ccc7f330174625506a8 /net
parent: 0ca743a5599199152a31a7146b83213c786c2eb2 (diff)
download: linux-c54032e05bfcbb261f47aaadf8476e864e8712f4.tar.xz
2 files changed, 2 insertions, 2 deletions
diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
index e51a45c..3c13007 100644
--- a/net/netfilter/nf_tables_core.c
+++ b/net/netfilter/nf_tables_core.c
@@ -44,7 +44,7 @@ static bool nft_payload_fast_eval(const struct nft_expr *expr,
 	if (priv->base == NFT_PAYLOAD_NETWORK_HEADER)
 		ptr = skb_network_header(skb);
 	else
-		ptr = skb_transport_header(skb);
+		ptr = skb_network_header(skb) + pkt->xt.thoff;
 
 	ptr += priv->offset;
 
diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c
index bc8bdb2..a2aeb31 100644
--- a/net/netfilter/nft_payload.c
+++ b/net/netfilter/nft_payload.c
@@ -36,7 +36,7 @@ static void nft_payload_eval(const struct nft_expr *expr,
 		offset = skb_network_offset(skb);
 		break;
 	case NFT_PAYLOAD_TRANSPORT_HEADER:
-		offset = skb_transport_offset(skb);
+		offset = pkt->xt.thoff;
 		break;
 	default:
 		BUG();
author	Pablo Neira Ayuso <pablo@netfilter.org>	2013-10-11 08:00:22 (GMT)
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-10-14 16:00:56 (GMT)
commit	c54032e05bfcbb261f47aaadf8476e864e8712f4 (patch)
tree	60d0012f8d4bd92c1a0e3ccc7f330174625506a8 /net
parent	0ca743a5599199152a31a7146b83213c786c2eb2 (diff)
download	linux-c54032e05bfcbb261f47aaadf8476e864e8712f4.tar.xz