[GIT PULL nf] IPVS fix for v3.10

[GIT PULL nf] IPVS fix for v3.10

[Simon Horman]

Hi Pablo,

I realise this is rather late in the cycle, so please feel free
to push back on this. We can add it to v3.11 and then -stable.

This fix appears to resolve a long-standing problem that has
existed since SCTP support was added to IPVS in v2.6.32.
I believe it is relevant to -stable all the way back until then.

The following changes since commit b396966c4688522863572927cb30aa874b3ec504:

  netfilter: xt_TCPMSS: Fix missing fragmentation handling (2013-06-12 11:06:19 +0200)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs.git tags/ipvs-fixes-for-v3.10

for you to fetch changes up to 06f3d7f973ec04290d86b7dd91b48d38d90433dc:

  ipvs: SCTP ports should be writable in ICMP packets (2013-06-19 09:53:52 +0900)

----------------------------------------------------------------
IPVS fix for v3.10

Correct long standing bug in treatment of SCTP
when it it is embeded in ICMP from a client.

----------------------------------------------------------------
Julian Anastasov (1):
      ipvs: SCTP ports should be writable in ICMP packets

 net/netfilter/ipvs/ip_vs_core.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

-- 
1.8.2.1

[PATCH nf] ipvs: SCTP ports should be writable in ICMP packets

[Simon Horman]

From: Julian Anastasov <ja@ssi.bg>

Make sure that SCTP ports are writable when embedded in ICMP
from client, so that ip_vs_nat_icmp can translate them safely.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
---
 net/netfilter/ipvs/ip_vs_core.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 05565d2..23b8eb5 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1442,7 +1442,8 @@ ignore_ipip:
 
 	/* do the statistics and put it back */
 	ip_vs_in_stats(cp, skb);
-	if (IPPROTO_TCP == cih->protocol || IPPROTO_UDP == cih->protocol)
+	if (IPPROTO_TCP == cih->protocol || IPPROTO_UDP == cih->protocol ||
+	    IPPROTO_SCTP == cih->protocol)
 		offset += 2 * sizeof(__u16);
 	verdict = ip_vs_icmp_xmit(skb, cp, pp, offset, hooknum, &ciph);
 
-- 
1.8.2.1

Re: [GIT PULL nf] IPVS fix for v3.10

[Pablo Neira Ayuso]

On Wed, Jun 19, 2013 at 10:56:01AM +0900, Simon Horman wrote:
> Hi Pablo,
> 
> I realise this is rather late in the cycle, so please feel free
> to push back on this. We can add it to v3.11 and then -stable.
> 
> This fix appears to resolve a long-standing problem that has
> existed since SCTP support was added to IPVS in v2.6.32.
> I believe it is relevant to -stable all the way back until then.
> 
> The following changes since commit b396966c4688522863572927cb30aa874b3ec504:
> 
>   netfilter: xt_TCPMSS: Fix missing fragmentation handling (2013-06-12 11:06:19 +0200)
> 
> are available in the git repository at:
> 
>   git://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs.git tags/ipvs-fixes-for-v3.10
> 
> for you to fetch changes up to 06f3d7f973ec04290d86b7dd91b48d38d90433dc:
> 
>   ipvs: SCTP ports should be writable in ICMP packets (2013-06-19 09:53:52 +0900)

Pulled, thanks Simon.