[001/001] QoS and/or fair queueing: Stateless NAT BUG

Submitted by rpartearroyo@albentia.com on July 9, 2010, 4:35 p.m.

Details

Message ID 25524.83.175.223.254.1278693359.squirrel@mail.albentia.com
State Superseded
Delegated to: David Miller
Headers show

Commit Message

rpartearroyo@albentia.com July 9, 2010, 4:35 p.m.
Hi all,
I have been testing Stateless NAT and found that ICMP packets with length
less than 20 bytes were not correctly NAT'ed. I have found a BUG that
makes taking into account IP header length twice, so ICMP packets smaller
than 20 bytes were being dropped.

Proposed formal patch is below, as suggested by Eric Dumazet, thanks.
It is taken from 2.6.34.1 stable version.

Signed-off-by: Rodrigo Partearroyo González <rpartearroyo@albentia.com>
---
---

Patch hide | download patch | download mbox

diff -uprN a/net/sched/act_nat.c b/net/sched/act_nat.c
--- a/net/sched/act_nat.c    2010-07-09 18:25:18.000000000 +0200
+++ b/net/sched/act_nat.c 2010-07-09 18:26:16.000000000 +0200
@@ -202,7 +202,7 @@  static int tcf_nat(struct sk_buff *skb,
        {
                struct icmphdr *icmph;

-               if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph)))
+               if (!pskb_may_pull(skb, ihl + sizeof(*icmph)))
                        goto drop;

                icmph = (void *)(skb_network_header(skb) + ihl);
@@ -223,7 +223,7 @@  static int tcf_nat(struct sk_buff *skb,

                if (skb_cloned(skb) &&
                    !skb_clone_writable(skb,
-                                       ihl + sizeof(*icmph) +
sizeof(*iph)) &&
+                                       ihl + sizeof(*icmph) ) &&
                    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
                        goto drop;