Message ID | 201007091937.17349.rpartearroyo@albentia.com |
---|---|
State | Superseded, archived |
Delegated to: | David Miller |
Headers | show |
From: Rodrigo Partearroyo González <rpartearroyo@albentia.com> Date: Fri, 9 Jul 2010 19:37:16 +0200 > Hi all, > I have been testing Stateless NAT and found that ICMP packets with length > less than 20 bytes were not correctly NAT'ed. I have found a BUG that > makes taking into account IP header length twice, so ICMP packets smaller > than 20 bytes were being dropped. > > Proposed formal patch is below, as suggested by Eric Dumazet, thanks. > It is taken from 2.6.34.1 stable version. > > Signed-off-by: Rodrigo Partearroyo González <rpartearroyo@albentia.com> Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Le vendredi 09 juillet 2010 à 19:37 +0200, Rodrigo Partearroyo González a écrit : > Hi all, > I have been testing Stateless NAT and found that ICMP packets with length > less than 20 bytes were not correctly NAT'ed. I have found a BUG that > makes taking into account IP header length twice, so ICMP packets smaller > than 20 bytes were being dropped. > > Proposed formal patch is below, as suggested by Eric Dumazet, thanks. > It is taken from 2.6.34.1 stable version. > > Signed-off-by: Rodrigo Partearroyo González <rpartearroyo@albentia.com> Acked-by: Eric Dumazet <eric.dumazet@gmail.com> > --- > diff -uprN a/net/sched/act_nat.c b/net/sched/act_nat.c > --- a/net/sched/act_nat.c 2010-07-09 18:25:18.000000000 +0200 > +++ b/net/sched/act_nat.c 2010-07-09 18:26:16.000000000 +0200 > @@ -202,7 +202,7 @@ static int tcf_nat(struct sk_buff *skb, > { > struct icmphdr *icmph; > > - if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph))) > + if (!pskb_may_pull(skb, ihl + sizeof(*icmph))) > goto drop; > > icmph = (void *)(skb_network_header(skb) + ihl); > @@ -223,7 +223,7 @@ static int tcf_nat(struct sk_buff *skb, > > if (skb_cloned(skb) && > !skb_clone_writable(skb, > - ihl + sizeof(*icmph) + sizeof(*iph)) && > + ihl + sizeof(*icmph)) && > pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) > goto drop; > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff -uprN a/net/sched/act_nat.c b/net/sched/act_nat.c --- a/net/sched/act_nat.c 2010-07-09 18:25:18.000000000 +0200 +++ b/net/sched/act_nat.c 2010-07-09 18:26:16.000000000 +0200 @@ -202,7 +202,7 @@ static int tcf_nat(struct sk_buff *skb, { struct icmphdr *icmph; - if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph))) + if (!pskb_may_pull(skb, ihl + sizeof(*icmph))) goto drop; icmph = (void *)(skb_network_header(skb) + ihl); @@ -223,7 +223,7 @@ static int tcf_nat(struct sk_buff *skb, if (skb_cloned(skb) && !skb_clone_writable(skb, - ihl + sizeof(*icmph) + sizeof(*iph)) && + ihl + sizeof(*icmph)) && pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) goto drop;
Hi all, I have been testing Stateless NAT and found that ICMP packets with length less than 20 bytes were not correctly NAT'ed. I have found a BUG that makes taking into account IP header length twice, so ICMP packets smaller than 20 bytes were being dropped. Proposed formal patch is below, as suggested by Eric Dumazet, thanks. It is taken from 2.6.34.1 stable version. Signed-off-by: Rodrigo Partearroyo González <rpartearroyo@albentia.com> --- --- Rodrigo Partearroyo González R&D Engineer Albentia Systems S.A. http://www.albentia.com +34 914400213 C\Margarita Salas 22 Parque Tecnológico de Leganés Leganés (28918) Madrid Spain -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html