From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Dave Johnson <dave-kernel@centerclick.org>
Cc: netfilter-devel@vger.kernel.org, coreteam@netfilter.org
Subject: Re: [PATCH] netfilter: Wrong icmp6 checksum for ICMPV6_TIME_EXCEED in reverse SNATv6 path
Date: Mon, 24 Apr 2017 10:43:12 +0200 [thread overview]
Message-ID: <20170424084312.GA3597@salvia> (raw)
In-Reply-To: <22776.44325.616928.335465@gargle.gargle.HOWL>
On Thu, Apr 20, 2017 at 08:44:21AM -0400, Dave Johnson wrote:
>
> When recalculating the outer ICMPv6 checksum for a reverse path NATv6
> such as ICMPV6_TIME_EXCEED nf_nat_icmpv6_reply_translation() was
> accessing data beyond the headlen of the skb for non-linear skb. This
> resulted in incorrect ICMPv6 checksum as garbage data was used.
>
> Signed-off-by: Dave Johnson <dave-kernel@centerclick.org>
> ---
> diff -rup linux-4.9.23.orig/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c linux-4.9.23/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
> --- linux-4.9.23.orig/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c 2017-04-18 01:12:30.000000000 -0400
> +++ linux-4.9.23/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c 2017-04-20 08:13:41.070493666 -0400
> @@ -229,7 +229,12 @@ int nf_nat_icmpv6_reply_translation(stru
> return 0;
>
> if (skb->ip_summed != CHECKSUM_PARTIAL) {
> - struct ipv6hdr *ipv6h = ipv6_hdr(skb);
> + struct ipv6hdr *ipv6h;
> +
> + if (!skb_make_writable(skb, skb->len))
can we just make sure what we need is linear? I mean, just the ipv6
header that is what we need, instead of the entire skbuff.
next prev parent reply other threads:[~2017-04-24 8:43 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-19 2:15 Wrong icmp6 checksum for ICMPV6_TIME_EXCEED in reverse SNATv6 path Dave Johnson
2017-04-20 12:44 ` [PATCH] netfilter: " Dave Johnson
2017-04-24 8:43 ` Pablo Neira Ayuso [this message]
[not found] ` <22781.62083.680363.165680@gargle.gargle.HOWL>
2017-04-24 13:10 ` Dave Johnson
[not found] ` <22781.63534.706649.79254@gargle.gargle.HOWL>
2017-04-24 13:11 ` Dave Johnson
2017-04-25 9:15 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170424084312.GA3597@salvia \
--to=pablo@netfilter.org \
--cc=coreteam@netfilter.org \
--cc=dave-kernel@centerclick.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.