netfilter: xt_LOG: fix bogus extra layer-4 logging information
In 16059b5 netfilter: merge ipt_LOG and ip6_LOG into xt_LOG, we have merged ipt_LOG and ip6t_LOG. However: IN=wlan0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=213.150.61.61 DST=192.168.1.133 LEN=40 TOS=0x00 PREC=0x00 TTL=117 ID=10539 DF PROTO=TCP SPT=80 DPT=49013 WINDOW=0 RES=0x00 ACK RST URGP=0 PROTO=UDPLITE SPT=80 DPT=49013 LEN=45843 PROTO=ICMP TYPE=0 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Several missing break in the code led to including bogus layer-4 information. This patch fixes this problem. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
5f1f815103
commit
417e02bf42
@ -216,12 +216,14 @@ static void dump_ipv4_packet(struct sbuff *m,
|
||||
ntohs(ih->frag_off) & IP_OFFSET,
|
||||
iphoff+ih->ihl*4, logflags))
|
||||
return;
|
||||
break;
|
||||
case IPPROTO_UDP:
|
||||
case IPPROTO_UDPLITE:
|
||||
if (dump_udp_header(m, skb, ih->protocol,
|
||||
ntohs(ih->frag_off) & IP_OFFSET,
|
||||
iphoff+ih->ihl*4))
|
||||
return;
|
||||
break;
|
||||
case IPPROTO_ICMP: {
|
||||
struct icmphdr _icmph;
|
||||
const struct icmphdr *ich;
|
||||
@ -649,10 +651,12 @@ static void dump_ipv6_packet(struct sbuff *m,
|
||||
if (dump_tcp_header(m, skb, currenthdr, fragment, ptr,
|
||||
logflags))
|
||||
return;
|
||||
break;
|
||||
case IPPROTO_UDP:
|
||||
case IPPROTO_UDPLITE:
|
||||
if (dump_udp_header(m, skb, currenthdr, fragment, ptr))
|
||||
return;
|
||||
break;
|
||||
case IPPROTO_ICMPV6: {
|
||||
struct icmp6hdr _icmp6h;
|
||||
const struct icmp6hdr *ic;
|
||||
|
Loading…
Reference in New Issue
Block a user