From: Jesper Dangaard Brouer <brouer@redhat.com>
To: Hans Schillstrom <hans@schillstrom.com>,
Hans Schillstrom <hans.schillstrom@ericsson.com>,
netdev@vger.kernel.org, Patrick McHardy <kaber@trash.net>,
Pablo Neira Ayuso <pablo@netfilter.org>,
lvs-devel@vger.kernel.org, Julian Anastasov <ja@ssi.bg>
Cc: Jesper Dangaard Brouer <brouer@redhat.com>,
Thomas Graf <tgraf@suug.ch>, Wensong Zhang <wensong@linux-vs.org>,
netfilter-devel@vger.kernel.org,
Simon Horman <horms@verge.net.au>
Subject: [PATCH V3 4/8] ipvs: Fix bug in IPv6 NAT mangling of ports inside ICMPv6 packets
Date: Tue, 11 Sep 2012 14:37:15 +0200 [thread overview]
Message-ID: <20120911123708.4305.50410.stgit@dragon> (raw)
In-Reply-To: <20120911123531.4305.40304.stgit@dragon>
ICMPv6 return traffic, which needs to be NAT modified, does
not get modified correctly, because the SKB have not been
made sufficiently "writable".
Make sure SKB is writable in ip_vs_nat_icmp_v6().
Note, the calling code path have handled this case for IPv4, but
not for IPv6. I have placed the change in ip_vs_nat_icmp_v6()
in-order to reduce the changes/impact of that path.
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
---
net/netfilter/ipvs/ip_vs_core.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index ebd105c..fd50f47 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -737,6 +737,12 @@ void ip_vs_nat_icmp_v6(struct sk_buff *skb, struct ip_vs_protocol *pp,
icmp_offset);
struct ipv6hdr *ciph = (struct ipv6hdr *)(icmph + 1);
+ /* Make sure SKB is writable */
+ unsigned int write;
+ write = icmp_offset + sizeof(struct icmp6hdr) + sizeof(struct ipv6hdr);
+ if (!skb_make_writable(skb, write + 2 * sizeof(__u16)))
+ return;
+
if (inout) {
iph->saddr = cp->vaddr.in6;
ciph->daddr = cp->vaddr.in6;
next prev parent reply other threads:[~2012-09-11 12:37 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-11 12:36 [PATCH V3 0/8] ipvs: IPv6 fragment handling for IPVS Jesper Dangaard Brouer
2012-09-11 12:36 ` [PATCH V3 1/8] ipvs: Trivial changes, use compressed IPv6 address in output Jesper Dangaard Brouer
2012-09-11 12:36 ` [PATCH V3 2/8] ipvs: IPv6 extend ICMPv6 handling for future types Jesper Dangaard Brouer
2012-09-11 12:37 ` [PATCH V3 3/8] ipvs: Use config macro IS_ENABLED() Jesper Dangaard Brouer
2012-09-11 12:37 ` Jesper Dangaard Brouer [this message]
2012-09-11 12:37 ` [PATCH V3 5/8] ipvs: Fix faulty IPv6 extension header handling in IPVS Jesper Dangaard Brouer
2012-09-11 12:38 ` [PATCH V3 6/8] ipvs: Complete IPv6 fragment handling for IPVS Jesper Dangaard Brouer
2012-09-11 12:38 ` [PATCH V3 7/8] ipvs: API change to avoid rescan of IPv6 exthdr Jesper Dangaard Brouer
2012-09-11 12:39 ` [PATCH V3 8/8] ipvs: SIP fragment handling Jesper Dangaard Brouer
2012-09-12 22:57 ` [PATCH V3 0/8] ipvs: IPv6 fragment handling for IPVS Julian Anastasov
2012-09-25 13:11 ` Jesper Dangaard Brouer
2012-09-25 20:48 ` Julian Anastasov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120911123708.4305.50410.stgit@dragon \
--to=brouer@redhat.com \
--cc=hans.schillstrom@ericsson.com \
--cc=hans@schillstrom.com \
--cc=horms@verge.net.au \
--cc=ja@ssi.bg \
--cc=kaber@trash.net \
--cc=lvs-devel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=tgraf@suug.ch \
--cc=wensong@linux-vs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.