From patchwork Tue Sep 11 12:37:15 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [V3, 4/8] ipvs: Fix bug in IPv6 NAT mangling of ports inside ICMPv6 packets Date: Tue, 11 Sep 2012 02:37:15 -0000 From: Jesper Dangaard Brouer X-Patchwork-Id: 183095 Message-Id: <20120911123708.4305.50410.stgit@dragon> To: Hans Schillstrom , Hans Schillstrom , netdev@vger.kernel.org, "Patrick McHardy" , Pablo Neira Ayuso , lvs-devel@vger.kernel.org, Julian Anastasov Cc: Jesper Dangaard Brouer , Thomas Graf , Wensong Zhang , netfilter-devel@vger.kernel.org, Simon Horman ICMPv6 return traffic, which needs to be NAT modified, does not get modified correctly, because the SKB have not been made sufficiently "writable". Make sure SKB is writable in ip_vs_nat_icmp_v6(). Note, the calling code path have handled this case for IPv4, but not for IPv6. I have placed the change in ip_vs_nat_icmp_v6() in-order to reduce the changes/impact of that path. Signed-off-by: Jesper Dangaard Brouer --- net/netfilter/ipvs/ip_vs_core.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c index ebd105c..fd50f47 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c @@ -737,6 +737,12 @@ void ip_vs_nat_icmp_v6(struct sk_buff *skb, struct ip_vs_protocol *pp, icmp_offset); struct ipv6hdr *ciph = (struct ipv6hdr *)(icmph + 1); + /* Make sure SKB is writable */ + unsigned int write; + write = icmp_offset + sizeof(struct icmp6hdr) + sizeof(struct ipv6hdr); + if (!skb_make_writable(skb, write + 2 * sizeof(__u16))) + return; + if (inout) { iph->saddr = cp->vaddr.in6; ciph->daddr = cp->vaddr.in6;