[PATCH] act_nat: not all of the ICMP packets need an IP header payload

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] act_nat: not all of the ICMP packets need an IP header payload
@ 2010-07-10  1:33 Changli Gao
  2010-07-10  6:22 ` Eric Dumazet
  2010-07-10  6:26 ` Herbert Xu
  0 siblings, 2 replies; 5+ messages in thread
From: Changli Gao @ 2010-07-10  1:33 UTC (permalink / raw)
  To: David S. Miller
  Cc: Jamal Hadi Salim, Rodrigo Partearroyo González, Herbert Xu,
	Eric Dumazet, Iratxo Pichel Ortiz, Noelia Morón, netdev,
	Changli Gao

act_nat: not all of the ICMP packets need an IP header payload

not all of the ICMP packets need an IP header payload, so we check the length
of the skbs only when the packets should have an IP header payload.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
----
 net/sched/act_nat.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c
index 0be49a4..24e614c 100644
--- a/net/sched/act_nat.c
+++ b/net/sched/act_nat.c
@@ -205,7 +205,7 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
 	{
 		struct icmphdr *icmph;
 
-		if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph)))
+		if (!pskb_may_pull(skb, ihl + sizeof(*icmph)))
 			goto drop;
 
 		icmph = (void *)(skb_network_header(skb) + ihl);
@@ -215,6 +215,9 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
 		    (icmph->type != ICMP_PARAMETERPROB))
 			break;
 
+		if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph)))
+			goto drop;
+
 		iph = (void *)(icmph + 1);
 		if (egress)
 			addr = iph->daddr;

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] act_nat: not all of the ICMP packets need an IP header payload
  2010-07-10  1:33 [PATCH] act_nat: not all of the ICMP packets need an IP header payload Changli Gao
@ 2010-07-10  6:22 ` Eric Dumazet
  2010-07-10 14:08   ` Changli Gao
  2010-07-13  3:02   ` David Miller
  2010-07-10  6:26 ` Herbert Xu
  1 sibling, 2 replies; 5+ messages in thread
From: Eric Dumazet @ 2010-07-10  6:22 UTC (permalink / raw)
  To: Changli Gao
  Cc: David S. Miller, Jamal Hadi Salim,
	Rodrigo Partearroyo González, Herbert Xu,
	Iratxo Pichel Ortiz, Noelia Morón, netdev

Le samedi 10 juillet 2010 à 09:33 +0800, Changli Gao a écrit :
> act_nat: not all of the ICMP packets need an IP header payload
> 
> not all of the ICMP packets need an IP header payload, so we check the length
> of the skbs only when the packets should have an IP header payload.
> 
> Signed-off-by: Changli Gao <xiaosuo@gmail.com>
> ----
>  net/sched/act_nat.c |    5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c
> index 0be49a4..24e614c 100644
> --- a/net/sched/act_nat.c
> +++ b/net/sched/act_nat.c
> @@ -205,7 +205,7 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
>  	{
>  		struct icmphdr *icmph;
>  
> -		if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph)))
> +		if (!pskb_may_pull(skb, ihl + sizeof(*icmph)))
>  			goto drop;
>  
>  		icmph = (void *)(skb_network_header(skb) + ihl);
> @@ -215,6 +215,9 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a,
>  		    (icmph->type != ICMP_PARAMETERPROB))
>  			break;
>  
> +		if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph)))
> +			goto drop;
> +
>  		iph = (void *)(icmph + 1);
>  		if (egress)
>  			addr = iph->daddr;

Changli, this patch has no attribution.

Rodrigo spent lot of time to find the problem and is willing to fix it.

Could you please give a chance to Rodrigo to complete its first kernel
patch ?

Thanks



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] act_nat: not all of the ICMP packets need an IP header payload
  2010-07-10  6:22 ` Eric Dumazet
@ 2010-07-10 14:08   ` Changli Gao
  2010-07-13  3:02   ` David Miller
  1 sibling, 0 replies; 5+ messages in thread
From: Changli Gao @ 2010-07-10 14:08 UTC (permalink / raw)
  To: Eric Dumazet
  Cc: David S. Miller, Jamal Hadi Salim,
	Rodrigo Partearroyo González, Herbert Xu,
	Iratxo Pichel Ortiz, Noelia Morón, netdev

On Sat, Jul 10, 2010 at 2:22 PM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> Le samedi 10 juillet 2010 à 09:33 +0800, Changli Gao a écrit :
>
> Changli, this patch has no attribution.
>
> Rodrigo spent lot of time to find the problem and is willing to fix it.
>
> Could you please give a chance to Rodrigo to complete its first kernel
> patch ?
>

Oh. Sorry. The honor belongs to him. I think he can give his Sigh off,
if he thinks this patch is OK.

-- 
Regards,
Changli Gao(xiaosuo@gmail.com)

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] act_nat: not all of the ICMP packets need an IP header payload
  2010-07-10  6:22 ` Eric Dumazet
  2010-07-10 14:08   ` Changli Gao
@ 2010-07-13  3:02   ` David Miller
  1 sibling, 0 replies; 5+ messages in thread
From: David Miller @ 2010-07-13  3:02 UTC (permalink / raw)
  To: eric.dumazet
  Cc: xiaosuo, hadi, rpartearroyo, herbert, ipichel, nmoron, netdev

From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Sat, 10 Jul 2010 08:22:33 +0200

> Rodrigo spent lot of time to find the problem and is willing to fix it.

I gave Rodrigo suitable credit in the final commit message.

--------------------
From 70c2efa5a32a7d38e66224844032160317fa7887 Mon Sep 17 00:00:00 2001
From: Changli Gao <xiaosuo@gmail.com>
Date: Fri, 9 Jul 2010 15:33:25 +0000
Subject: [PATCH] act_nat: not all of the ICMP packets need an IP header payload
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

not all of the ICMP packets need an IP header payload, so we check the length
of the skbs only when the packets should have an IP header payload.

Based upon analysis and initial patch by Rodrigo Partearroyo González.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
--------------------

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] act_nat: not all of the ICMP packets need an IP header payload
  2010-07-10  1:33 [PATCH] act_nat: not all of the ICMP packets need an IP header payload Changli Gao
  2010-07-10  6:22 ` Eric Dumazet
@ 2010-07-10  6:26 ` Herbert Xu
  1 sibling, 0 replies; 5+ messages in thread
From: Herbert Xu @ 2010-07-10  6:26 UTC (permalink / raw)
  To: Changli Gao
  Cc: David S. Miller, Jamal Hadi Salim,
	Rodrigo Partearroyo González, Eric Dumazet,
	Iratxo Pichel Ortiz, Noelia Morón, netdev

On Sat, Jul 10, 2010 at 09:33:25AM +0800, Changli Gao wrote:
> act_nat: not all of the ICMP packets need an IP header payload
> 
> not all of the ICMP packets need an IP header payload, so we check the length
> of the skbs only when the packets should have an IP header payload.
> 
> Signed-off-by: Changli Gao <xiaosuo@gmail.com>

Acked-by: Herbert Xu <herbert@gondor.apana.org.au>

Thanks!
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2010-07-13  3:01 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-07-10  1:33 [PATCH] act_nat: not all of the ICMP packets need an IP header payload Changli Gao
2010-07-10  6:22 ` Eric Dumazet
2010-07-10 14:08   ` Changli Gao
2010-07-13  3:02   ` David Miller
2010-07-10  6:26 ` Herbert Xu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).