netfilter: nft_reject_bridge: fix skb allocation size in nft_reject_br_send_v6_unreach

In order to allocate icmpv6 skb, sizeof(struct ipv6hdr) should be used.

Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/bridge/netfilter/nft_reject_bridge.c b/net/bridge/netfilter/nft_reject_bridge.c
index eaf05de37f75ca204ded7efdba35c5257e8717d1..6de981270566966eca1c0e0eaf6ed7400fa3e9d3 100644 (file)
--- a/net/bridge/netfilter/nft_reject_bridge.c
+++ b/net/bridge/netfilter/nft_reject_bridge.c
@@ -261,7 +261,7 @@ static void nft_reject_br_send_v6_unreach(struct net *net,
        if (!reject6_br_csum_ok(oldskb, hook))
                return;
 
-       nskb = alloc_skb(sizeof(struct iphdr) + sizeof(struct icmp6hdr) +
+       nskb = alloc_skb(sizeof(struct ipv6hdr) + sizeof(struct icmp6hdr) +
                         LL_MAX_HEADER + len, GFP_ATOMIC);
        if (!nskb)
                return;