From: Patrick McHardy <kaber@trash.net>
To: dccp@vger.kernel.org
Subject: [DCCP]: Fix skb->cb conflicts with IP
Date: Fri, 04 Apr 2008 12:13:16 +0000 [thread overview]
Message-ID: <47F61B5C.8090105@trash.net> (raw)
[-- Attachment #1: Type: text/plain, Size: 0 bytes --]
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1773 bytes --]
commit eced67957ee99f7b5fafdc73a58bcd037a1789b2
Author: Patrick McHardy <kaber@trash.net>
Date: Fri Apr 4 14:10:23 2008 +0200
[DCCP]: Fix skb->cb conflicts with IP
dev_queue_xmit() and the other IP output functions expect to get a skb
with clear or properly initialized skb->cb. Unlike TCP and UDP, the
dccp_skb_cb doesn't contain a struct inet_skb_parm at the beginning,
so the DCCP-specific data is interpreted by the IP output functions.
This can cause false negatives for the conditional POST_ROUTING hook
invocation, making the packet bypass the hook.
Add a inet_skb_parm/inet6_skb_parm union to the beginning of
dccp_skb_cb to avoid clashes. Also add a BUILD_BUG_ON to make
sure it fits in the cb.
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/net/dccp/dccp.h b/net/dccp/dccp.h
index fe7726b..f44d492 100644
--- a/net/dccp/dccp.h
+++ b/net/dccp/dccp.h
@@ -325,6 +325,12 @@ static inline int dccp_bad_service_code(const struct sock *sk,
* This is used for transmission as well as for reception.
*/
struct dccp_skb_cb {
+ union {
+ struct inet_skb_parm h4;
+#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
+ struct inet6_skb_parm h6;
+#endif
+ } header;
__u8 dccpd_type:4;
__u8 dccpd_ccval:4;
__u8 dccpd_reset_code,
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index e3f5d37..c91d3c1 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -1057,6 +1057,9 @@ static int __init dccp_init(void)
int ehash_order, bhash_order, i;
int rc = -ENOBUFS;
+ BUILD_BUG_ON(sizeof(struct dccp_skb_cb) >
+ FIELD_SIZEOF(struct sk_buff, cb));
+
dccp_hashinfo.bind_bucket_cachep =
kmem_cache_create("dccp_bind_bucket",
sizeof(struct inet_bind_bucket), 0,
WARNING: multiple messages have this Message-ID (diff)
From: Patrick McHardy <kaber@trash.net>
To: acme@redhat.com
Cc: dccp@vger.kernel.org, Linux Netdev List <netdev@vger.kernel.org>
Subject: [DCCP]: Fix skb->cb conflicts with IP
Date: Fri, 04 Apr 2008 14:13:16 +0200 [thread overview]
Message-ID: <47F61B5C.8090105@trash.net> (raw)
[-- Attachment #1: Type: text/plain, Size: 0 bytes --]
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1773 bytes --]
commit eced67957ee99f7b5fafdc73a58bcd037a1789b2
Author: Patrick McHardy <kaber@trash.net>
Date: Fri Apr 4 14:10:23 2008 +0200
[DCCP]: Fix skb->cb conflicts with IP
dev_queue_xmit() and the other IP output functions expect to get a skb
with clear or properly initialized skb->cb. Unlike TCP and UDP, the
dccp_skb_cb doesn't contain a struct inet_skb_parm at the beginning,
so the DCCP-specific data is interpreted by the IP output functions.
This can cause false negatives for the conditional POST_ROUTING hook
invocation, making the packet bypass the hook.
Add a inet_skb_parm/inet6_skb_parm union to the beginning of
dccp_skb_cb to avoid clashes. Also add a BUILD_BUG_ON to make
sure it fits in the cb.
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/net/dccp/dccp.h b/net/dccp/dccp.h
index fe7726b..f44d492 100644
--- a/net/dccp/dccp.h
+++ b/net/dccp/dccp.h
@@ -325,6 +325,12 @@ static inline int dccp_bad_service_code(const struct sock *sk,
* This is used for transmission as well as for reception.
*/
struct dccp_skb_cb {
+ union {
+ struct inet_skb_parm h4;
+#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
+ struct inet6_skb_parm h6;
+#endif
+ } header;
__u8 dccpd_type:4;
__u8 dccpd_ccval:4;
__u8 dccpd_reset_code,
diff --git a/net/dccp/proto.c b/net/dccp/proto.c
index e3f5d37..c91d3c1 100644
--- a/net/dccp/proto.c
+++ b/net/dccp/proto.c
@@ -1057,6 +1057,9 @@ static int __init dccp_init(void)
int ehash_order, bhash_order, i;
int rc = -ENOBUFS;
+ BUILD_BUG_ON(sizeof(struct dccp_skb_cb) >
+ FIELD_SIZEOF(struct sk_buff, cb));
+
dccp_hashinfo.bind_bucket_cachep =
kmem_cache_create("dccp_bind_bucket",
sizeof(struct inet_bind_bucket), 0,
next reply other threads:[~2008-04-04 12:13 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-04 12:13 Patrick McHardy [this message]
2008-04-04 12:13 ` [DCCP]: Fix skb->cb conflicts with IP Patrick McHardy
2008-04-04 13:25 ` Gerrit Renker
2008-04-04 13:25 ` Gerrit Renker
2008-04-04 13:26 ` Arnaldo Carvalho de Melo
2008-04-04 13:26 ` Arnaldo Carvalho de Melo
2008-04-04 13:40 ` Patrick McHardy
2008-04-04 13:40 ` Patrick McHardy
2008-04-04 13:47 ` Arnaldo Carvalho de Melo
2008-04-04 13:47 ` Arnaldo Carvalho de Melo
2008-04-11 13:41 ` Patrick McHardy
2008-04-11 13:41 ` Patrick McHardy
2008-04-11 13:59 ` Gerrit Renker
2008-04-11 13:59 ` Gerrit Renker
2008-04-11 14:03 ` Patrick McHardy
2008-04-11 14:03 ` Patrick McHardy
2008-04-11 14:05 ` Arnaldo Carvalho de Melo
2008-04-11 14:05 ` Arnaldo Carvalho de Melo
2008-04-11 18:24 ` David Miller
2008-04-11 18:24 ` David Miller
2008-04-13 1:35 ` David Miller
2008-04-13 1:35 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47F61B5C.8090105@trash.net \
--to=kaber@trash.net \
--cc=dccp@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.