ctdb-common: Check the version field in IPv6 packets

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

diff --git a/ctdb/common/system_socket.c b/ctdb/common/system_socket.c
index 99c83c0ed5a65b694da4a584afec06389a7745a2..9336eb50713661cec16c74162aa14e461c478db8 100644 (file)
--- a/ctdb/common/system_socket.c
+++ b/ctdb/common/system_socket.c
@@ -818,6 +818,11 @@ static int tcp6_extract(const uint8_t *ip_pkt,
        /* IP6 */
        ip6 = (const struct ip6_hdr *)ip_pkt;
 
+       /* IPv6 only */
+       if ((ip6->ip6_vfc >> 4) != 6){
+               return ENOMSG;
+       }
+
        /* we only want TCP */
        if (ip6->ip6_nxt != IPPROTO_TCP) {
                return ENOMSG;