Patchwork [V3,4/8] ipvs: Fix bug in IPv6 NAT mangling of ports inside ICMPv6 packets

login
register
mail settings
Submitter Jesper Dangaard Brouer
Date Sept. 11, 2012, 12:37 p.m.
Message ID <20120911123708.4305.50410.stgit@dragon>
Download mbox | patch
Permalink /patch/183095/
State Superseded
Headers show

Comments

Jesper Dangaard Brouer - Sept. 11, 2012, 12:37 p.m.
ICMPv6 return traffic, which needs to be NAT modified, does
not get modified correctly, because the SKB have not been
made sufficiently "writable".

Make sure SKB is writable in ip_vs_nat_icmp_v6().

Note, the calling code path have handled this case for IPv4, but
not for IPv6.  I have placed the change in ip_vs_nat_icmp_v6()
in-order to reduce the changes/impact of that path.

Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
---

 net/netfilter/ipvs/ip_vs_core.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)


--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index ebd105c..fd50f47 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -737,6 +737,12 @@  void ip_vs_nat_icmp_v6(struct sk_buff *skb, struct ip_vs_protocol *pp,
 						      icmp_offset);
 	struct ipv6hdr *ciph	 = (struct ipv6hdr *)(icmph + 1);
 
+	/* Make sure SKB is writable */
+	unsigned int write;
+	write = icmp_offset + sizeof(struct icmp6hdr) + sizeof(struct ipv6hdr);
+	if (!skb_make_writable(skb, write + 2 * sizeof(__u16)))
+		return;
+
 	if (inout) {
 		iph->saddr = cp->vaddr.in6;
 		ciph->daddr = cp->vaddr.in6;