netfilter: nf_flow_table: check ttl value in flow offload data path
[ Upstream commit 33cc3c0cfa64c86b6c4bbee86997aea638534931 ] nf_flow_offload_ip_hook() and nf_flow_offload_ipv6_hook() do not check ttl value. So, ttl value overflow may occur. Fixes: 97add9f0 ("netfilter: flow table support for IPv4") Fixes: 09952107 ("netfilter: flow table support for IPv6") Signed-off-by: NTaehee Yoo <ap420073@gmail.com> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: NSasha Levin <sashal@kernel.org>
Showing
想要评论请 注册 或 登录