From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jesper Dangaard Brouer Subject: [PATCH V3 4/8] ipvs: Fix bug in IPv6 NAT mangling of ports inside ICMPv6 packets Date: Tue, 11 Sep 2012 14:37:15 +0200 Message-ID: <20120911123708.4305.50410.stgit@dragon> References: <20120911123531.4305.40304.stgit@dragon> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Cc: Jesper Dangaard Brouer , Thomas Graf , Wensong Zhang , netfilter-devel@vger.kernel.org, Simon Horman To: Hans Schillstrom , Hans Schillstrom , netdev@vger.kernel.org, "Patrick McHardy" , Pablo Neira Ayuso , lvs-devel@vger.kernel.org, Julian Anastasov Return-path: In-Reply-To: <20120911123531.4305.40304.stgit@dragon> Sender: netdev-owner@vger.kernel.org List-Id: netfilter-devel.vger.kernel.org ICMPv6 return traffic, which needs to be NAT modified, does not get modified correctly, because the SKB have not been made sufficiently "writable". Make sure SKB is writable in ip_vs_nat_icmp_v6(). Note, the calling code path have handled this case for IPv4, but not for IPv6. I have placed the change in ip_vs_nat_icmp_v6() in-order to reduce the changes/impact of that path. Signed-off-by: Jesper Dangaard Brouer --- net/netfilter/ipvs/ip_vs_core.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c index ebd105c..fd50f47 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c @@ -737,6 +737,12 @@ void ip_vs_nat_icmp_v6(struct sk_buff *skb, struct ip_vs_protocol *pp, icmp_offset); struct ipv6hdr *ciph = (struct ipv6hdr *)(icmph + 1); + /* Make sure SKB is writable */ + unsigned int write; + write = icmp_offset + sizeof(struct icmp6hdr) + sizeof(struct ipv6hdr); + if (!skb_make_writable(skb, write + 2 * sizeof(__u16))) + return; + if (inout) { iph->saddr = cp->vaddr.in6; ciph->daddr = cp->vaddr.in6;