* [PATCH] xt_sctp - add SCTP header size to IP header offset
@ 2006-06-08 15:54 Jorge Matias Martin
2006-06-19 14:53 ` Patrick McHardy
0 siblings, 1 reply; 4+ messages in thread
From: Jorge Matias Martin @ 2006-06-08 15:54 UTC (permalink / raw)
To: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 775 bytes --]
Hi, all.
xt_sctp module is not working on 2.6.16 when --chunk-types option is used. I
have test this running sctp_darn and the following iptables options:
-A INPUT -p sctp --chunk-types any INIT -j DROP
And this is the kernel log output:
spt: 32822 dpt: 10105
Chunk num: 1 offset: 20 type: 128 length: 10105 flags: 36
skb->len: 92 offset: 10128
spt: 10105 dpt: 32822
Chunk num: 1 offset: 20 type: 39 length: 32822 flags: 79
skb->len: 284 offset: 32844
spt: 32822 dpt: 10105
Chunk num: 1 offset: 20 type: 128 length: 10105 flags: 36
...
Note that length is actually the local port, and offset must be 32 (20 IPv4
header + 12 SCTP header).
FYI, it works properly when --chunk-types is not used.
Regards.
Jorge.
[-- Attachment #2: patch --]
[-- Type: text/x-diff, Size: 580 bytes --]
--- linux-2.6.16.19/net/netfilter/xt_sctp.c.orig 2006-05-31 02:31:44.000000000 +0200
+++ linux-2.6.16.19/net/netfilter/xt_sctp.c 2006-06-08 17:32:53.000000000 +0200
@@ -152,7 +152,7 @@ match(const struct sk_buff *skb,
&& SCCHECK(((ntohs(sh->dest) >= info->dpts[0])
&& (ntohs(sh->dest) <= info->dpts[1])),
XT_SCTP_DEST_PORTS, info->flags, info->invflags)
- && SCCHECK(match_packet(skb, protoff,
+ && SCCHECK(match_packet(skb, protoff + sizeof (sctp_sctphdr_t),
info->chunkmap, info->chunk_match_type,
info->flag_info, info->flag_count,
hotdrop),
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] xt_sctp - add SCTP header size to IP header offset
2006-06-08 15:54 [PATCH] xt_sctp - add SCTP header size to IP header offset Jorge Matias Martin
@ 2006-06-19 14:53 ` Patrick McHardy
2006-06-19 15:58 ` Jorge Matias Martin
0 siblings, 1 reply; 4+ messages in thread
From: Patrick McHardy @ 2006-06-19 14:53 UTC (permalink / raw)
To: Jorge Matias Martin; +Cc: netfilter-devel
Jorge Matias Martin wrote:
> Hi, all.
>
> xt_sctp module is not working on 2.6.16 when --chunk-types option is used. I
> have test this running sctp_darn and the following iptables options:
>
> -A INPUT -p sctp --chunk-types any INIT -j DROP
>
> And this is the kernel log output:
>
> spt: 32822 dpt: 10105
> Chunk num: 1 offset: 20 type: 128 length: 10105 flags: 36
> skb->len: 92 offset: 10128
> spt: 10105 dpt: 32822
> Chunk num: 1 offset: 20 type: 39 length: 32822 flags: 79
> skb->len: 284 offset: 32844
> spt: 32822 dpt: 10105
> Chunk num: 1 offset: 20 type: 128 length: 10105 flags: 36
> ...
>
>
> Note that length is actually the local port, and offset must be 32 (20 IPv4
> header + 12 SCTP header).
>
> FYI, it works properly when --chunk-types is not used.
Looks good too me. Please add a Signed-off-by: line so I can
apply it. Thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] xt_sctp - add SCTP header size to IP header offset
2006-06-19 14:53 ` Patrick McHardy
@ 2006-06-19 15:58 ` Jorge Matias Martin
2006-06-19 16:07 ` Patrick McHardy
0 siblings, 1 reply; 4+ messages in thread
From: Jorge Matias Martin @ 2006-06-19 15:58 UTC (permalink / raw)
To: Patrick McHardy, netfilter-devel
On 19 June 2006 16:53, Patrick McHardy wrote:
> Jorge Matias Martin wrote:
> > Hi, all.
> >
> > xt_sctp module is not working on 2.6.16 when --chunk-types option is
> > used. I have test this running sctp_darn and the following iptables
> > options:
> >
> > -A INPUT -p sctp --chunk-types any INIT -j DROP
> >
> > And this is the kernel log output:
> >
> > spt: 32822 dpt: 10105
> > Chunk num: 1 offset: 20 type: 128 length: 10105 flags: 36
> > skb->len: 92 offset: 10128
> > spt: 10105 dpt: 32822
> > Chunk num: 1 offset: 20 type: 39 length: 32822 flags: 79
> > skb->len: 284 offset: 32844
> > spt: 32822 dpt: 10105
> > Chunk num: 1 offset: 20 type: 128 length: 10105 flags: 36
> > ...
> >
> >
> > Note that length is actually the local port, and offset must be 32 (20
> > IPv4 header + 12 SCTP header).
> >
> > FYI, it works properly when --chunk-types is not used.
>
> Looks good too me. Please add a Signed-off-by: line so I can
> apply it. Thanks.
Signed-off-by: Jorge Matias <jorge.matias@motorola.com>
-----------
--- linux-2.6.16.19/net/netfilter/xt_sctp.c.orig 2006-05-31
02:31:44.000000000 +0200
+++ linux-2.6.16.19/net/netfilter/xt_sctp.c 2006-06-08 17:32:53.000000000
+0200
@@ -152,7 +152,7 @@ match(const struct sk_buff *skb,
&& SCCHECK(((ntohs(sh->dest) >= info->dpts[0])
&& (ntohs(sh->dest) <= info->dpts[1])),
XT_SCTP_DEST_PORTS, info->flags, info->invflags)
- && SCCHECK(match_packet(skb, protoff,
+ && SCCHECK(match_packet(skb, protoff + sizeof
(sctp_sctphdr_t),
info->chunkmap,
info->chunk_match_type,
info->flag_info, info->flag_count,
hotdrop),
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] xt_sctp - add SCTP header size to IP header offset
2006-06-19 15:58 ` Jorge Matias Martin
@ 2006-06-19 16:07 ` Patrick McHardy
0 siblings, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2006-06-19 16:07 UTC (permalink / raw)
To: Jorge Matias Martin; +Cc: netfilter-devel
Jorge Matias Martin wrote:
> On 19 June 2006 16:53, Patrick McHardy wrote:
>
>>Looks good too me. Please add a Signed-off-by: line so I can
>>apply it. Thanks.
>
>
> Signed-off-by: Jorge Matias <jorge.matias@motorola.com>
Applied, thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2006-06-19 16:07 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-06-08 15:54 [PATCH] xt_sctp - add SCTP header size to IP header offset Jorge Matias Martin
2006-06-19 14:53 ` Patrick McHardy
2006-06-19 15:58 ` Jorge Matias Martin
2006-06-19 16:07 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.