[ 161/175] ipv6: fix incorrent ipv6 ipsec packet fragment
From: Greg KH
Date: Fri Mar 30 2012 - 17:37:23 EST
3.3-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gao feng <gaofeng@xxxxxxxxxxxxxx>
[ Upstream commit 1f85851e17b64cabd089a8a8839dddebc627948c ]
Since commit 299b0767(ipv6: Fix IPsec slowpath fragmentation problem)
In func ip6_append_data,after call skb_put(skb, fraglen + dst_exthdrlen)
the skb->len contains dst_exthdrlen,and we don't reduce dst_exthdrlen at last
This will make fraggap>0 in next "while cycle",and cause the size of skb incorrent
Fix this by reserve headroom for dst_exthdrlen.
Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
Acked-by: Steffen Klassert <steffen.klassert@xxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/ipv6/ip6_output.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1416,8 +1416,9 @@ alloc_new_skb:
*/
skb->ip_summed = csummode;
skb->csum = 0;
- /* reserve for fragmentation */
- skb_reserve(skb, hh_len+sizeof(struct frag_hdr));
+ /* reserve for fragmentation and ipsec header */
+ skb_reserve(skb, hh_len + sizeof(struct frag_hdr) +
+ dst_exthdrlen);
if (sk->sk_type == SOCK_DGRAM)
skb_shinfo(skb)->tx_flags = tx_flags;
@@ -1425,9 +1426,9 @@ alloc_new_skb:
/*
* Find where to start putting bytes
*/
- data = skb_put(skb, fraglen + dst_exthdrlen);
- skb_set_network_header(skb, exthdrlen + dst_exthdrlen);
- data += fragheaderlen + dst_exthdrlen;
+ data = skb_put(skb, fraglen);
+ skb_set_network_header(skb, exthdrlen);
+ data += fragheaderlen;
skb->transport_header = (skb->network_header +
fragheaderlen);
if (fraggap) {
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/