Hi,
there's a patch to the ipv6header match module.
(I handled the skb structure in a wrong way)
[in debug mode with the tcpreplay6 is a very usefull thing :)]
Regards,
kisza
--
Andras Kis-Szabo Security Development, Design and Audit
-------------------------/ Zorp, NetFilter and IPv6
[EMAIL PROTECTED] /---------------------------------------------->
diff -urN netfilter.old/userspace/patch-o-matic/base/ipv6header.patch.ipv6 netfilter/userspace/patch-o-matic/base/ipv6header.patch.ipv6
--- netfilter.old/userspace/patch-o-matic/base/ipv6header.patch.ipv6 Sun Mar 24 23:25:40 2002
+++ netfilter/userspace/patch-o-matic/base/ipv6header.patch.ipv6 Sun Mar 24 23:54:38 2002
@@ -1,7 +1,7 @@
diff -urN linux/net/ipv6/netfilter/ip6t_ipv6header.c linux-2.4.9m/net/ipv6/netfilter/ip6t_ipv6header.c
--- linux/net/ipv6/netfilter/ip6t_ipv6header.c Thu Jan 1 01:00:00 1970
-+++ linux-2.4.9m/net/ipv6/netfilter/ip6t_ipv6header.c Tue Dec 18 02:12:19 2001
-@@ -0,0 +1,177 @@
++++ linux-2.4.18w/net/ipv6/netfilter/ip6t_ipv6header.c Tue Dec 18 02:12:19 2001
+@@ -0,0 +1,222 @@
+/* ipv6header match - matches IPv6 packets based
+on whether they contain certain headers */
+
@@ -18,6 +18,11 @@
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <linux/netfilter_ipv6/ip6t_ipv6header.h>
+
++EXPORT_NO_SYMBOLS;
++MODULE_LICENSE("GPL");
++MODULE_DESCRIPTION("IPv6 headers match");
++MODULE_AUTHOR("Andras Kis-Szabo <[EMAIL PROTECTED]>");
++
+#if 0
+#define DEBUGP printk
+#else
@@ -49,7 +54,8 @@
+ unsigned int temp;
+ int len;
+ u8 nexthdr;
-+ int ptr;
++ unsigned int ptr;
++ struct inet6_skb_parm *opt = (struct inet6_skb_parm *)skb->cb;
+
+ /* Make sure this isn't an evil packet */
+ DEBUGP("ipv6_header entered \n");
@@ -57,11 +63,43 @@
+ /* type of the 1st exthdr */
+ nexthdr = skb->nh.ipv6h->nexthdr;
+ /* pointer to the 1st exthdr */
-+ ptr = (u8*)(skb->nh.ipv6h+1) - skb->data;
++ ptr = sizeof(struct ipv6hdr);
+ /* available length */
+ len = skb->len - ptr;
+ temp = 0;
+
++ DEBUGP("ipv6_header nexthdr %02X \n",nexthdr);
++ DEBUGP("ipv6_header ptr %08X \n",ptr);
++ DEBUGP("ipv6_header skblen %04X \n",skb->len);
++ DEBUGP("ipv6_header skbdatalen %04X \n",skb->data_len);
++ DEBUGP("ipv6_header len %04X \n",len);
++if 0
++ for (temp=0;temp<skb->len;temp++){
++ if (!(temp % 16 )) DEBUGP("\nipv6_header data ");
++ DEBUGP("%02X ",skb->data[temp]);
++ }
++endif
++ DEBUGP("\nipv6_header h.raw %02X %02X %02X %02X \n",
++ skb->h.raw[0],
++ skb->h.raw[1],
++ skb->h.raw[2],
++ skb->h.raw[3]);
++ DEBUGP("ipv6_header nh.raw %02X %02X %02X %02X \n",
++ skb->nh.raw[0],
++ skb->nh.raw[1],
++ skb->nh.raw[2],
++ skb->nh.raw[3]);
++ DEBUGP("ipv6_header CB %02X %02X %02X %02X %02X %02X %02X \n",
++ opt->iif,
++ opt->ra,
++ opt->hop,
++ opt->auth,
++ opt->dst0,
++ opt->srcrt,
++ opt->dst1);
++
++ temp = 0;
++
+ while (ipv6_ext_hdr(nexthdr)) {
+ struct ipv6_opt_hdr *hdr;
+ int hdrlen;
@@ -81,8 +119,9 @@
+ temp |= MASK_ESP;
+ break;
+ }
-+ if (skb_copy_bits(skb, ptr, &hdr, sizeof(hdr)))
-+ BUG();
++
++ hdr=skb->data+ptr;
++
+ /* Calculate the header length */
+ if (nexthdr == NEXTHDR_FRAGMENT) {
+ hdrlen = 8;
@@ -91,6 +130,8 @@
+ else
+ hdrlen = ipv6_optlen(hdr);
+
++ DEBUGP("ipv6_header hdrlen %04X \n",hdrlen);
++
+ /* set the flag */
+ switch (nexthdr){
+ case NEXTHDR_HOP:
@@ -116,10 +157,14 @@
+
+ nexthdr = hdr->nexthdr;
+ len -= hdrlen;
-+ hdr += hdrlen;
++ ptr += hdrlen;
++ if ( ptr > skb->len ) {
++ DEBUGP("ipv6_header new ptr %04X \n",ptr);
++ break;
++ }
+ }
+
-+ if ( (nexthdr != MASK_NONE ) && (nexthdr != MASK_ESP) )
++ if ( (nexthdr != NEXTHDR_NONE ) && (nexthdr != NEXTHDR_ESP) )
+ temp |= MASK_PROTO;
+
+ DEBUGP ("ipv6header: %02X %02X \n", temp, info->matchflags);
