[PATCH] Make udp_encap_rcv use pskb_may_pull

[PATCH] Make udp_encap_rcv use pskb_may_pull

[Olaf Kirch]

Make udp_encap_rcv use pskb_may_pull

IPsec with NAT-T breaks on some notebooks using the latest e1000 chipset,
when header split is enabled. When receiving sufficiently large packets, the
driver puts everything up to and including the UDP header into the header
portion of the skb, and the rest goes into the paged part. udp_encap_rcv
forgets to use pskb_may_pull, and fails to decapsulate it. Instead, it
passes it up it to the IKE daemon.

Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Jean Delvare <jdelvare@suse.de>

 net/ipv4/udp.c |   19 ++++++++++++++-----
 1 files changed, 14 insertions(+), 5 deletions(-)

Index: linux-2.6.19-rc6/net/ipv4/udp.c
===================================================================
--- linux-2.6.19-rc6.orig/net/ipv4/udp.c
+++ linux-2.6.19-rc6/net/ipv4/udp.c
@@ -928,24 +928,33 @@ static int udp_encap_rcv(struct sock * s
 	return 1; 
 #else
 	struct udp_sock *up = udp_sk(sk);
-  	struct udphdr *uh = skb->h.uh;
+  	struct udphdr *uh;
 	struct iphdr *iph;
 	int iphlen, len;
   
-	__u8 *udpdata = (__u8 *)uh + sizeof(struct udphdr);
-	__be32 *udpdata32 = (__be32 *)udpdata;
+	__u8 *udpdata;
+	__be32 *udpdata32;
 	__u16 encap_type = up->encap_type;
 
 	/* if we're overly short, let UDP handle it */
-	if (udpdata > skb->tail)
+	len = skb->len - sizeof(struct udphdr);
+	if (len <= 0)
 		return 1;
 
 	/* if this is not encapsulated socket, then just return now */
 	if (!encap_type)
 		return 1;
 
-	len = skb->tail - udpdata;
+	/* If this is a paged skb, make sure we pull up
+	 * whatever data we need to look at. */
+	if (!pskb_may_pull(skb, sizeof(struct udphdr) + min(len, 8)))
+		return 1;
 
+	/* Now we can get the pointers */
+	uh = skb->h.uh;
+	udpdata = (__u8 *)uh + sizeof(struct udphdr);
+	udpdata32 = (__be32 *)udpdata;
+  
 	switch (encap_type) {
 	default:
 	case UDP_ENCAP_ESPINUDP:

Re: [PATCH] Make udp_encap_rcv use pskb_may_pull

[David Miller]

From: Olaf Kirch <okir@suse.de>
Date: Thu, 23 Nov 2006 01:01:44 +0100

> 
> Make udp_encap_rcv use pskb_may_pull
> 
> IPsec with NAT-T breaks on some notebooks using the latest e1000 chipset,
> when header split is enabled. When receiving sufficiently large packets, the
> driver puts everything up to and including the UDP header into the header
> portion of the skb, and the rest goes into the paged part. udp_encap_rcv
> forgets to use pskb_may_pull, and fails to decapsulate it. Instead, it
> passes it up it to the IKE daemon.
> 
> Signed-off-by: Olaf Kirch <okir@suse.de>
> Signed-off-by: Jean Delvare <jdelvare@suse.de>

Excellent catch, applied, thanks Olaf.

Re: [PATCH] Make udp_encap_rcv use pskb_may_pull

[Ingo Oeser]

Hi David,

David Miller wrote:
> From: Olaf Kirch <okir@suse.de>
> Date: Thu, 23 Nov 2006 01:01:44 +0100
> 
> > 
> > Make udp_encap_rcv use pskb_may_pull
> 
> Excellent catch, applied, thanks Olaf.

Should this go to -stable, too? Or are these kernels not affected, yet?

Regards

Ingo Oeser

Re: [PATCH] Make udp_encap_rcv use pskb_may_pull

[David Miller]

From: Ingo Oeser <netdev@axxeo.de>
Date: Fri, 24 Nov 2006 11:54:15 +0100

> Hi David,
> 
> David Miller wrote:
> > From: Olaf Kirch <okir@suse.de>
> > Date: Thu, 23 Nov 2006 01:01:44 +0100
> > 
> > > 
> > > Make udp_encap_rcv use pskb_may_pull
> > 
> > Excellent catch, applied, thanks Olaf.
> 
> Should this go to -stable, too? Or are these kernels not affected, yet?

I planned to push this to -stable over the weekend, but thanks for
reminding me anyways.