summaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
authorAdam Langley <agl@imperialviolet.org>2008-07-31 20:49:48 -0700
committerDavid S. Miller <davem@davemloft.net>2008-07-31 20:49:48 -0700
commit90b7e1120bb43ffaabb88d28f80a0c2e13167b15 (patch)
tree5264787eb3c303186cff15bfd6b7ebef2a3ecb7b /net/ipv6
parent77e2f14f71d68d05945f1d30ca55b5194d6ab1ce (diff)
downloadkernel-crypto-90b7e1120bb43ffaabb88d28f80a0c2e13167b15.tar.gz
kernel-crypto-90b7e1120bb43ffaabb88d28f80a0c2e13167b15.tar.xz
kernel-crypto-90b7e1120bb43ffaabb88d28f80a0c2e13167b15.zip
tcp: MD5: Fix MD5 signatures on certain ACK packets
I noticed, looking at tcpdumps, that timewait ACKs were getting sent with an incorrect MD5 signature when signatures were enabled. I broke this in 49a72dfb8814c2d65bd9f8c9c6daf6395a1ec58d ("tcp: Fix MD5 signatures for non-linear skbs"). I didn't take into account that the skb passed to tcp_*_send_ack was the inbound packet, thus the source and dest addresses need to be swapped when calculating the MD5 pseudoheader. Signed-off-by: Adam Langley <agl@imperialviolet.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/tcp_ipv6.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 1db45216b23..1bcdcbc71d6 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1094,8 +1094,8 @@ static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32
*topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
(TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
tcp_v6_md5_hash_hdr((__u8 *)topt, key,
- &ipv6_hdr(skb)->daddr,
- &ipv6_hdr(skb)->saddr, t1);
+ &ipv6_hdr(skb)->saddr,
+ &ipv6_hdr(skb)->daddr, t1);
}
#endif