Re: net/sched/act_nat.c BUG

From: Eric Dumazet
Date: Fri Jul 09 2010 - 11:15:20 EST


Le vendredi 09 juillet 2010 Ã 16:37 +0200, Rodrigo Partearroyo GonzÃlez
a Ãcrit :
> Hi all,
>
> I have been testing Stateless NAT and found that ICMP packets with length less
> than 20 bytes were not correctly NAT'ed. I have found a BUG that makes taking
> into account IP header length twice, so ICMP packets smaller than 20 bytes
> were being dropped.
>

CC netdev

> The proposed fix is:
>
> Index: net/sched/act_nat.c
> ===================================================================
> --- net/sched/act_nat.c
> +++ net/sched/act_nat.c
> @@ -202,7 +202,7 @@
> {
> struct icmphdr *icmph;
>
> - if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph)))
> + if (!pskb_may_pull(skb, ihl + sizeof(*icmph)))
> goto drop;
>
> icmph = (void *)(skb_network_header(skb) + ihl);
>
> Please, consider applying it.

Nice catch, but take a look at next lines too,
when call to skb_clone_writable() is done, since same error is present.

skb_clone_writable(skb,
ihl + sizeof(*icmph) + sizeof(*iph))

Please submit a formal patch, with your "Signed-off-by: ...", as
documented in Documentation/SubmittingPatches

Thanks


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/