From: Andrea Rossato <mailing_list@istitutocolli.org>
To: netfilter@lists.netfilter.org
Subject: Re: ECN target bug report
Date: Mon, 09 Dec 2002 17:37:32 +0100 [thread overview]
Message-ID: <3DF4C6CC.9080607@istitutocolli.org> (raw)
In-Reply-To: <3DF1F442.806@istitutocolli.org>
[-- Attachment #1: Type: text/plain, Size: 262 bytes --]
attached you will find what could be a suitable, even though temporary,
solution for ECN target.
a packet with ec and cwr bits set and a bad checksum will not be
processed. If the checksum is good the bits will be stripped and a new
checksum calculated.
andrea
[-- Attachment #2: ecn_checksum.patch --]
[-- Type: text/plain, Size: 1521 bytes --]
--- linux-2.4.20/net/ipv4/netfilter/ipt_ECN.c.orig 2002-12-09 10:44:03.000000000 +0100
+++ linux-2.4.20/net/ipv4/netfilter/ipt_ECN.c 2002-12-09 17:16:11.000000000 +0100
@@ -11,6 +11,7 @@
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <net/checksum.h>
+#include <net/tcp.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ipt_ECN.h>
@@ -62,6 +63,7 @@
struct tcphdr *tcph = (void *) iph + iph->ihl * 4;
u_int16_t *tcpflags = (u_int16_t *)tcph + 6;
u_int16_t diffs[2];
+ u_int32_t tcplen;
/* raw socket (tcpdump) may have clone of incoming
* skb: don't disturb it --RR */
@@ -74,6 +76,15 @@
iph = (*pskb)->nh.iph;
}
+
+ /* Checksum invalid? Ignore. */
+ /* FIXME: Source route IP option packets --RR */
+ tcplen = (*pskb)->len - iph->ihl*4;
+ if (tcp_v4_check(tcph, tcplen, iph->saddr, iph->daddr,
+ csum_partial((char *) tcph, tcplen, 0))) {
+ return 0;
+ }
+
diffs[0] = *tcpflags;
if (einfo->operation & IPT_ECN_OP_SET_ECE
@@ -87,13 +98,12 @@
}
if (diffs[0] != *tcpflags) {
- diffs[0] = htons(diffs[0]) ^ 0xFFFF;
- diffs[1] = htons(*tcpflags);
- tcph->check = csum_fold(csum_partial((char *)diffs,
- sizeof(diffs),
- tcph->check^0xFFFF));
+ tcph->check = 0;
+ tcph->check = tcp_v4_check(tcph, tcplen, iph->saddr, iph->daddr,
+ csum_partial((char *)tcph, tcph->doff*4,
+ (*pskb)->csum));
(*pskb)->nfcache |= NFC_ALTERED;
-
+
return 1;
}
prev parent reply other threads:[~2002-12-09 16:37 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-12-07 13:14 ECN target bug report Andrea Rossato
2002-12-09 10:13 ` Andrea Rossato
2002-12-09 16:23 ` Andrea Rossato
2002-12-09 16:37 ` Andrea Rossato [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3DF4C6CC.9080607@istitutocolli.org \
--to=mailing_list@istitutocolli.org \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox