=================================================================== ChangeSet@1.2040, 2004-10-04 13:21:41-03:00, acme@amd64.kerneljanitors.org [SKBUFF] introduce skb_valid_link_header(skb, hdrlen) Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: David S. Miller drivers/message/fusion/mptlan.c | 2 +- include/linux/skbuff.h | 7 +++++++ net/bridge/br_netfilter.c | 2 +- net/ipv4/netfilter/ipt_mac.c | 5 ++--- net/ipv6/netfilter/ip6t_eui64.c | 10 ++++------ net/ipv6/netfilter/ip6t_mac.c | 5 ++--- 6 files changed, 17 insertions(+), 14 deletions(-) diff -Nru a/drivers/message/fusion/mptlan.c b/drivers/message/fusion/mptlan.c --- a/drivers/message/fusion/mptlan.c 2004-10-04 13:23:51 -03:00 +++ b/drivers/message/fusion/mptlan.c 2004-10-04 13:23:51 -03:00 @@ -770,7 +770,7 @@ pSendReq = (LANSendRequest_t *) mf; - /* Set the mac.raw pointer, since this apparently isn't getting + /* Set the link header pointer, since this apparently isn't getting * done before we get the skb. Pull the data pointer past the mac data. */ skb_set_link_header(skb); diff -Nru a/include/linux/skbuff.h b/include/linux/skbuff.h --- a/include/linux/skbuff.h 2004-10-04 13:23:51 -03:00 +++ b/include/linux/skbuff.h 2004-10-04 13:23:51 -03:00 @@ -295,6 +295,13 @@ skb->mac.raw = skb->data; } +static inline int skb_valid_link_header(const struct sk_buff *skb, + const int hdrlen) +{ + return skb->mac.raw >= skb->head && + (skb->mac.raw + hdrlen) <= skb->data; +} + extern void __kfree_skb(struct sk_buff *skb); extern struct sk_buff *alloc_skb(unsigned int size, int priority); extern void kfree_skbmem(struct sk_buff *skb); diff -Nru a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c --- a/net/bridge/br_netfilter.c 2004-10-04 13:23:51 -03:00 +++ b/net/bridge/br_netfilter.c 2004-10-04 13:23:51 -03:00 @@ -759,7 +759,7 @@ #ifdef CONFIG_NETFILTER_DEBUG /* Be very paranoid. This probably won't happen anymore, but let's * keep the check just to be sure... */ - if (skb->mac.raw < skb->head || skb->mac.raw + ETH_HLEN > skb->data) { + if (!skb_valid_link_header(skb, ETH_HLEN)) { printk(KERN_CRIT "br_netfilter: Argh!! br_nf_post_routing: " "bad mac.raw pointer."); goto print_error; diff -Nru a/net/ipv4/netfilter/ipt_mac.c b/net/ipv4/netfilter/ipt_mac.c --- a/net/ipv4/netfilter/ipt_mac.c 2004-10-04 13:23:51 -03:00 +++ b/net/ipv4/netfilter/ipt_mac.c 2004-10-04 13:23:51 -03:00 @@ -30,10 +30,9 @@ const struct ipt_mac_info *info = matchinfo; /* Is mac pointer valid? */ - return (skb->mac.raw >= skb->head - && (skb->mac.raw + ETH_HLEN) <= skb->data + return (skb_valid_link_header(skb, ETH_HLEN) && /* If so, compare... */ - && ((memcmp(eth_hdr(skb)->h_source, info->srcaddr, ETH_ALEN) + ((memcmp(eth_hdr(skb)->h_source, info->srcaddr, ETH_ALEN) == 0) ^ info->invert)); } diff -Nru a/net/ipv6/netfilter/ip6t_eui64.c b/net/ipv6/netfilter/ip6t_eui64.c --- a/net/ipv6/netfilter/ip6t_eui64.c 2004-10-04 13:23:51 -03:00 +++ b/net/ipv6/netfilter/ip6t_eui64.c 2004-10-04 13:23:51 -03:00 @@ -32,12 +32,10 @@ unsigned char eui64[8]; int i=0; - if ( !(skb->mac.raw >= skb->head - && (skb->mac.raw + ETH_HLEN) <= skb->data) - && offset != 0) { - *hotdrop = 1; - return 0; - } + if (!skb_valid_link_header(skb, ETH_HLEN) && offset != 0) { + *hotdrop = 1; + return 0; + } memset(eui64, 0, sizeof(eui64)); diff -Nru a/net/ipv6/netfilter/ip6t_mac.c b/net/ipv6/netfilter/ip6t_mac.c --- a/net/ipv6/netfilter/ip6t_mac.c 2004-10-04 13:23:51 -03:00 +++ b/net/ipv6/netfilter/ip6t_mac.c 2004-10-04 13:23:51 -03:00 @@ -32,10 +32,9 @@ const struct ip6t_mac_info *info = matchinfo; /* Is mac pointer valid? */ - return (skb->mac.raw >= skb->head - && (skb->mac.raw + ETH_HLEN) <= skb->data + return (skb_valid_link_header(skb, ETH_HLEN) && /* If so, compare... */ - && ((memcmp(eth_hdr(skb)->h_source, info->srcaddr, ETH_ALEN) + ((memcmp(eth_hdr(skb)->h_source, info->srcaddr, ETH_ALEN) == 0) ^ info->invert)); }