Patchwork [V4,7/7] ipvs: SIP fragment handling

login
register
mail settings
Submitter Jesper Dangaard Brouer
Date Sept. 26, 2012, 12:07 p.m.
Message ID <20120926120722.24804.28000.stgit@dragon>
Download mbox | patch
Permalink /patch/187060/
State Not Applicable
Headers show

Comments

Jesper Dangaard Brouer - Sept. 26, 2012, 12:07 p.m.
Use the nfct_reasm SKB if available.

Based on part of a patch from: Hans Schillstrom
I have left Hans'es comment in the patch (marked /HS)

Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>

---
V3:
 - I have split out the SIP fragment handling into a seperate patch.
   As I have not been able to test this part.
 - Change the strange SKB swapping reasm = skb, reverse logic to minimize patch


 net/netfilter/ipvs/ip_vs_pe_sip.c |   19 +++++++++++++++----
 1 files changed, 15 insertions(+), 4 deletions(-)


--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Simon Horman - Sept. 28, 2012, 2:43 a.m.
On Wed, Sep 26, 2012 at 02:07:33PM +0200, Jesper Dangaard Brouer wrote:
> Use the nfct_reasm SKB if available.
> 
> Based on part of a patch from: Hans Schillstrom
> I have left Hans'es comment in the patch (marked /HS)
> 
> Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
> 
> ---
> V3:
>  - I have split out the SIP fragment handling into a seperate patch.
>    As I have not been able to test this part.
>  - Change the strange SKB swapping reasm = skb, reverse logic to minimize patch
> 
> 
>  net/netfilter/ipvs/ip_vs_pe_sip.c |   19 +++++++++++++++----
>  1 files changed, 15 insertions(+), 4 deletions(-)

I realise that the commenting style used inside net/netfilter/ipvs/ is
wildly inconsistent, but I think it is worth using the preffered
style for network code where possible.

I intend to include the follwowing changes in my tree.

> 
> diff --git a/net/netfilter/ipvs/ip_vs_pe_sip.c b/net/netfilter/ipvs/ip_vs_pe_sip.c
> index ee4e2e3..43acba6 100644
> --- a/net/netfilter/ipvs/ip_vs_pe_sip.c
> +++ b/net/netfilter/ipvs/ip_vs_pe_sip.c
> @@ -68,6 +68,7 @@ static int get_callid(const char *dptr, unsigned int dataoff,
>  static int
>  ip_vs_sip_fill_param(struct ip_vs_conn_param *p, struct sk_buff *skb)
>  {
> +	struct sk_buff *reasm = skb_nfct_reasm(skb);
>  	struct ip_vs_iphdr iph;
>  	unsigned int dataoff, datalen, matchoff, matchlen;
>  	const char *dptr;
> @@ -78,13 +79,23 @@ ip_vs_sip_fill_param(struct ip_vs_conn_param *p, struct sk_buff *skb)
>  	/* Only useful with UDP */
>  	if (iph.protocol != IPPROTO_UDP)
>  		return -EINVAL;
> +	/*
> +	 * todo: IPv6 fragments:
> +	 *       I think this only should be done for the first fragment. /HS
> +	 */

	/* todo: IPv6 fragments:
	 *       I think this only should be done for the first fragment. /HS
	 */

> +	if (reasm) {
> +		skb = reasm;
> +		dataoff = iph.thoff_reasm + sizeof(struct udphdr);
> +	} else
> +		dataoff = iph.len + sizeof(struct udphdr);
>  
> -	/* No Data ? */
> -	dataoff = iph.len + sizeof(struct udphdr);
>  	if (dataoff >= skb->len)
>  		return -EINVAL;
> -
> -	if ((retc=skb_linearize(skb)) < 0)
> +	/*
> +	 * todo: Check if this will mess-up the reasm skb !!! /HS
> +	 */

	/* todo: Check if this will mess-up the reasm skb !!! /HS */

> +	retc = skb_linearize(skb);
> +	if (retc < 0)
>  		return retc;
>  	dptr = skb->data + dataoff;
>  	datalen = skb->len - dataoff;
> 
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/net/netfilter/ipvs/ip_vs_pe_sip.c b/net/netfilter/ipvs/ip_vs_pe_sip.c
index ee4e2e3..43acba6 100644
--- a/net/netfilter/ipvs/ip_vs_pe_sip.c
+++ b/net/netfilter/ipvs/ip_vs_pe_sip.c
@@ -68,6 +68,7 @@  static int get_callid(const char *dptr, unsigned int dataoff,
 static int
 ip_vs_sip_fill_param(struct ip_vs_conn_param *p, struct sk_buff *skb)
 {
+	struct sk_buff *reasm = skb_nfct_reasm(skb);
 	struct ip_vs_iphdr iph;
 	unsigned int dataoff, datalen, matchoff, matchlen;
 	const char *dptr;
@@ -78,13 +79,23 @@  ip_vs_sip_fill_param(struct ip_vs_conn_param *p, struct sk_buff *skb)
 	/* Only useful with UDP */
 	if (iph.protocol != IPPROTO_UDP)
 		return -EINVAL;
+	/*
+	 * todo: IPv6 fragments:
+	 *       I think this only should be done for the first fragment. /HS
+	 */
+	if (reasm) {
+		skb = reasm;
+		dataoff = iph.thoff_reasm + sizeof(struct udphdr);
+	} else
+		dataoff = iph.len + sizeof(struct udphdr);
 
-	/* No Data ? */
-	dataoff = iph.len + sizeof(struct udphdr);
 	if (dataoff >= skb->len)
 		return -EINVAL;
-
-	if ((retc=skb_linearize(skb)) < 0)
+	/*
+	 * todo: Check if this will mess-up the reasm skb !!! /HS
+	 */
+	retc = skb_linearize(skb);
+	if (retc < 0)
 		return retc;
 	dptr = skb->data + dataoff;
 	datalen = skb->len - dataoff;