When printing messages about dropping IPv6, do not print anything about ihl.

Check the IP version field first !

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>

diff --git a/debian/changelog b/debian/changelog
index c13d33d..78f7d13 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ secnet (0.4.1~~) unstable; urgency=medium
   * Implement comm-info and dedicated-interface-addr feature, for
     benefit of hippotat.
   * Implement `keepalive' site option, to try to keep link always up.
+  * When printing messages about dropping IPv6, do not print anything
+    about ihl.  (Check the IP version field first!)
 
  --
 

diff --git a/netlink.c b/netlink.c
index 9556e60..83b470e 100644 (file)
--- a/netlink.c
+++ b/netlink.c
@@ -487,8 +487,8 @@ static bool_t netlink_check(struct netlink *st, struct buffer_if *buf,
     struct iphdr *iph=(struct iphdr *)buf->start;
     int32_t len;
 
-    if (iph->ihl < 5) BAD("ihl %u",iph->ihl);
     if (iph->version != 4) BAD("version %u",iph->version);
+    if (iph->ihl < 5) BAD("ihl %u",iph->ihl);
     if (buf->size < iph->ihl*4) BAD("size %"PRId32"<%u*4",buf->size,iph->ihl);
     if (ip_fast_csum((uint8_t *)iph, iph->ihl)!=0) BAD("csum");
     len=ntohs(iph->tot_len);