From patchwork Mon Jun 10 04:06:34 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Oester X-Patchwork-Id: 250333 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 6F43A2C0087 for ; Tue, 11 Jun 2013 04:06:00 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753261Ab3FJSF6 (ORCPT ); Mon, 10 Jun 2013 14:05:58 -0400 Received: from mail-pd0-f178.google.com ([209.85.192.178]:64637 "EHLO mail-pd0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752436Ab3FJSF6 (ORCPT ); Mon, 10 Jun 2013 14:05:58 -0400 Received: by mail-pd0-f178.google.com with SMTP id w11so3225560pde.23 for ; Mon, 10 Jun 2013 11:05:57 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:mime-version:content-type :content-disposition:user-agent:x-gm-message-state; bh=lSgc2pZ5TizuYFCco2CgyA7qf5chqat9h+2357XKtQQ=; b=Qrh6M4KrQ8VW7y1OJNMMK8uvxK2bGHHULvVObpv9FOuyT6cyI0k8jHZkrM3aV1yclJ Fh86J9CLt2iC8GBRmt7fmiWHKGHjeStY5xNlTF/vGeK1Yqb4nrREaGo0mV4U5Wk2GqLe ohw8N2hrU54m4inSRIbsze7dwUI7BDJ7GkdP7b/dyyzGq97jz+g2TXKK6/mZtenTJV/E RzDgKPNOs0oYHv3+1YIwoFOjsw8G1iCcLksAU+KBrkEq3V8jjT6A/gIRTOT7/mMMIq7R 71w4K0A0e67s8D6m9zCqqvm1E4KlgSBgbTAd5MxhIsuCvP9ZNol+HMRpk6W8zDQDYcjk YGeQ== X-Received: by 10.68.65.134 with SMTP id x6mr10942965pbs.219.1370887557851; Mon, 10 Jun 2013 11:05:57 -0700 (PDT) Received: from gmail.com (50-201-246-221-static.hfc.comcastbusiness.net. [50.201.246.221]) by mx.google.com with ESMTPSA id dg3sm9166158pbc.24.2013.06.10.11.05.55 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 10 Jun 2013 11:05:56 -0700 (PDT) Date: Mon, 10 Jun 2013 00:06:34 -0400 From: Phil Oester To: netfilter-devel@vger.kernel.org Cc: pablo@netfilter.org Subject: [PATCH] netfilter: xt_TCPMSS: Add safe fragmentation handling Message-ID: <20130610040634.GB2742@gmail.com> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-Gm-Message-State: ALoCoQntoWf266Ex+FehsgDIY0ybIeCpdQrEUUNXOBA3k/VaeDBZYdpshab/uuWOOMiNDwB1pXii Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Similar to commit bc6bcb59 ("netfilter: xt_TCPOPTSTRIP: fix possible mangling beyond packet boundary"), add safe fragment handling to xt_TCPMSS. Phil Signed-off-by: Phil Oester diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c index a75240f..d81b760 100644 --- a/net/netfilter/xt_TCPMSS.c +++ b/net/netfilter/xt_TCPMSS.c @@ -45,17 +45,22 @@ optlen(const u_int8_t *opt, unsigned int offset) static int tcpmss_mangle_packet(struct sk_buff *skb, - const struct xt_tcpmss_info *info, + const struct xt_action_param *par, unsigned int in_mtu, unsigned int tcphoff, unsigned int minlen) { + const struct xt_tcpmss_info *info = par->targinfo; struct tcphdr *tcph; unsigned int tcplen, i; __be16 oldval; u16 newmss; u8 *opt; + /* This is a fragment, no TCP header is available */ + if (par->fragoff != 0) + return XT_CONTINUE; + if (!skb_make_writable(skb, skb->len)) return -1; @@ -182,7 +187,7 @@ tcpmss_tg4(struct sk_buff *skb, const struct xt_action_param *par) __be16 newlen; int ret; - ret = tcpmss_mangle_packet(skb, par->targinfo, + ret = tcpmss_mangle_packet(skb, par, tcpmss_reverse_mtu(skb, PF_INET), iph->ihl * 4, sizeof(*iph) + sizeof(struct tcphdr)); @@ -211,7 +216,7 @@ tcpmss_tg6(struct sk_buff *skb, const struct xt_action_param *par) tcphoff = ipv6_skip_exthdr(skb, sizeof(*ipv6h), &nexthdr, &frag_off); if (tcphoff < 0) return NF_DROP; - ret = tcpmss_mangle_packet(skb, par->targinfo, + ret = tcpmss_mangle_packet(skb, par, tcpmss_reverse_mtu(skb, PF_INET6), tcphoff, sizeof(*ipv6h) + sizeof(struct tcphdr));