From 437a3eb45b15970957a58b368072967471c75e78 Mon Sep 17 00:00:00 2001
From: gamemann <gamemann@gflclan.com>
Date: Fri, 12 Nov 2021 21:09:53 +0000
Subject: [PATCH] Check IP header validity instead of ethernet protocol.

---
 src/xdpfw_kern.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/xdpfw_kern.c b/src/xdpfw_kern.c
index e4eb35b..8d98b0a 100644
--- a/src/xdpfw_kern.c
+++ b/src/xdpfw_kern.c
@@ -135,7 +135,7 @@ int xdp_prog_main(struct xdp_md *ctx)
     }
     
     // Check IP header protocols.
-    if ((eth->h_proto == htons(ETH_P_IPV6) && iph6->nexthdr != IPPROTO_UDP && iph6->nexthdr != IPPROTO_TCP && iph6->nexthdr != IPPROTO_ICMP) && (eth->h_proto == htons(ETH_P_IP) && iph->protocol != IPPROTO_UDP && iph->protocol != IPPROTO_TCP && iph->protocol != IPPROTO_ICMP))
+    if ((iph6 && iph6->nexthdr != IPPROTO_UDP && iph6->nexthdr != IPPROTO_TCP && iph6->nexthdr != IPPROTO_ICMP) && (iph && iph->protocol != IPPROTO_UDP && iph->protocol != IPPROTO_TCP && iph->protocol != IPPROTO_ICMP))
     {
         return XDP_PASS;
     }
@@ -398,7 +398,7 @@ int xdp_prog_main(struct xdp_md *ctx)
                 continue;
             }
         }
-        else
+        else if (iph)
         {
             // Source address.
             if (filter->srcip && iph->saddr != filter->srcip)