All of lore.kernel.org
 help / color / mirror / Atom feed
From: Florian Westphal <fw@strlen.de>
To: Shivani Bhardwaj <shivanib134@gmail.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH] src: netlink_delinearize: Fix datatype for len
Date: Mon, 29 Feb 2016 11:06:32 +0100	[thread overview]
Message-ID: <20160229100632.GA7277@breakpoint.cc> (raw)
In-Reply-To: <20160228194043.GA15021@gmail.com>

Shivani Bhardwaj <shivanib134@gmail.com> wrote:
> Change the data type of len from unsigned int to int in order to make
> it valid for checks like
> 
> if (len < 0)
> 
> The issue was brought into attention by the unexplained behavior of
> frag with frag-off. Bugzilla entry:
> https://bugzilla.netfilter.org/show_bug.cgi?id=935
> 
> This patch fixes this bug, however there are still issues with frag
> that need to be fixed.

exthdr (frag) seems to have several issues:

- we should reject exthdr and only allow it with ipv6.
- for inet/bridge, we should also inject ipv6 dependency
- some exthdrs (frag for instance) have odd bit lengths
  and need mask/shift instructions.

For example, in your example rule we generate:
   [ exthdr load 1b @ 44 + 2 => reg 1 ]
   [ cmp eq reg 1 0x00002100 ]

But thats not correct -- we truncated the load to one byte.
Instead we should have loaded 2 bytes and then masked off the extra 3bits.

I'll work on this.

  reply	other threads:[~2016-02-29 10:06 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-02-28 19:40 [PATCH] src: netlink_delinearize: Fix datatype for len Shivani Bhardwaj
2016-02-29 10:06 ` Florian Westphal [this message]
2016-02-29 10:28   ` Shivani Bhardwaj

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160229100632.GA7277@breakpoint.cc \
    --to=fw@strlen.de \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=shivanib134@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.