diff options
author | Adam Langley <agl@imperialviolet.org> | 2008-07-31 20:49:48 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-07-31 20:49:48 -0700 |
commit | 90b7e1120bb43ffaabb88d28f80a0c2e13167b15 (patch) | |
tree | 5264787eb3c303186cff15bfd6b7ebef2a3ecb7b /net/ipv6 | |
parent | 77e2f14f71d68d05945f1d30ca55b5194d6ab1ce (diff) | |
download | kernel-crypto-90b7e1120bb43ffaabb88d28f80a0c2e13167b15.tar.gz kernel-crypto-90b7e1120bb43ffaabb88d28f80a0c2e13167b15.tar.xz kernel-crypto-90b7e1120bb43ffaabb88d28f80a0c2e13167b15.zip |
tcp: MD5: Fix MD5 signatures on certain ACK packets
I noticed, looking at tcpdumps, that timewait ACKs were getting sent
with an incorrect MD5 signature when signatures were enabled.
I broke this in 49a72dfb8814c2d65bd9f8c9c6daf6395a1ec58d ("tcp: Fix
MD5 signatures for non-linear skbs"). I didn't take into account that
the skb passed to tcp_*_send_ack was the inbound packet, thus the
source and dest addresses need to be swapped when calculating the MD5
pseudoheader.
Signed-off-by: Adam Langley <agl@imperialviolet.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/tcp_ipv6.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 1db45216b23..1bcdcbc71d6 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -1094,8 +1094,8 @@ static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); tcp_v6_md5_hash_hdr((__u8 *)topt, key, - &ipv6_hdr(skb)->daddr, - &ipv6_hdr(skb)->saddr, t1); + &ipv6_hdr(skb)->saddr, + &ipv6_hdr(skb)->daddr, t1); } #endif |