* [PATCH] [NETFILTER] ip_queue: Fix wrong skb->len == nlmsg_len assumption
@ 2006-03-07 12:31 Thomas Graf
2006-03-07 12:58 ` Patrick McHardy
0 siblings, 1 reply; 3+ messages in thread
From: Thomas Graf @ 2006-03-07 12:31 UTC (permalink / raw)
To: David S. Miller; +Cc: netdev, netfilter-devel
The size of the skb carrying the netlink message is not
equivalent to the length of the actual netlink message
due to padding. ip_queue matches the length of the payload
against the original packet size to determine if packet
mangling is desired, due to the above wrong assumption
arbitary packets may not be mangled depening on their
original size.
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Index: net-2.6/net/ipv4/netfilter/ip_queue.c
===================================================================
--- net-2.6.orig/net/ipv4/netfilter/ip_queue.c
+++ net-2.6/net/ipv4/netfilter/ip_queue.c
@@ -524,7 +524,7 @@ ipq_rcv_skb(struct sk_buff *skb)
write_unlock_bh(&queue_lock);
status = ipq_receive_peer(NLMSG_DATA(nlh), type,
- skblen - NLMSG_LENGTH(0));
+ nlmsglen - NLMSG_LENGTH(0));
if (status < 0)
RCV_SKB_FAIL(status);
Index: net-2.6/net/ipv6/netfilter/ip6_queue.c
===================================================================
--- net-2.6.orig/net/ipv6/netfilter/ip6_queue.c
+++ net-2.6/net/ipv6/netfilter/ip6_queue.c
@@ -522,7 +522,7 @@ ipq_rcv_skb(struct sk_buff *skb)
write_unlock_bh(&queue_lock);
status = ipq_receive_peer(NLMSG_DATA(nlh), type,
- skblen - NLMSG_LENGTH(0));
+ nlmsglen - NLMSG_LENGTH(0));
if (status < 0)
RCV_SKB_FAIL(status);
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] [NETFILTER] ip_queue: Fix wrong skb->len == nlmsg_len assumption
2006-03-07 12:31 [PATCH] [NETFILTER] ip_queue: Fix wrong skb->len == nlmsg_len assumption Thomas Graf
@ 2006-03-07 12:58 ` Patrick McHardy
2006-03-07 23:01 ` David S. Miller
0 siblings, 1 reply; 3+ messages in thread
From: Patrick McHardy @ 2006-03-07 12:58 UTC (permalink / raw)
To: Thomas Graf; +Cc: netdev, netfilter-devel, David S. Miller
Thomas Graf wrote:
> The size of the skb carrying the netlink message is not
> equivalent to the length of the actual netlink message
> due to padding. ip_queue matches the length of the payload
> against the original packet size to determine if packet
> mangling is desired, due to the above wrong assumption
> arbitary packets may not be mangled depening on their
> original size.
Looks good, thanks Thomas. I think this should also go in 2.4.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] [NETFILTER] ip_queue: Fix wrong skb->len == nlmsg_len assumption
2006-03-07 12:58 ` Patrick McHardy
@ 2006-03-07 23:01 ` David S. Miller
0 siblings, 0 replies; 3+ messages in thread
From: David S. Miller @ 2006-03-07 23:01 UTC (permalink / raw)
To: kaber; +Cc: netdev, netfilter-devel
From: Patrick McHardy <kaber@trash.net>
Date: Tue, 07 Mar 2006 13:58:53 +0100
> Thomas Graf wrote:
> > The size of the skb carrying the netlink message is not
> > equivalent to the length of the actual netlink message
> > due to padding. ip_queue matches the length of the payload
> > against the original packet size to determine if packet
> > mangling is desired, due to the above wrong assumption
> > arbitary packets may not be mangled depening on their
> > original size.
>
> Looks good, thanks Thomas. I think this should also go in 2.4.
Pushed to 2.6.16, 2.6.x stable, and 2.4.x.
Phew!
Thanks Thomas.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2006-03-07 23:01 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-03-07 12:31 [PATCH] [NETFILTER] ip_queue: Fix wrong skb->len == nlmsg_len assumption Thomas Graf
2006-03-07 12:58 ` Patrick McHardy
2006-03-07 23:01 ` David S. Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).