Patchwork [001/001] QoS and/or fair queueing: Stateless NAT BUG

login
register
mail settings
Submitter rpartearroyo@albentia.com
Date July 9, 2010, 4:35 p.m.
Message ID <25524.83.175.223.254.1278693359.squirrel@mail.albentia.com>
Download mbox | patch
Permalink /patch/58413/
State Superseded
Delegated to: David Miller
Headers show

Comments

rpartearroyo@albentia.com - July 9, 2010, 4:35 p.m.
Hi all,
I have been testing Stateless NAT and found that ICMP packets with length
less than 20 bytes were not correctly NAT'ed. I have found a BUG that
makes taking into account IP header length twice, so ICMP packets smaller
than 20 bytes were being dropped.

Proposed formal patch is below, as suggested by Eric Dumazet, thanks.
It is taken from 2.6.34.1 stable version.

Signed-off-by: Rodrigo Partearroyo González <rpartearroyo@albentia.com>
---
---

Patch

diff -uprN a/net/sched/act_nat.c b/net/sched/act_nat.c
--- a/net/sched/act_nat.c    2010-07-09 18:25:18.000000000 +0200
+++ b/net/sched/act_nat.c 2010-07-09 18:26:16.000000000 +0200
@@ -202,7 +202,7 @@  static int tcf_nat(struct sk_buff *skb,
        {
                struct icmphdr *icmph;

-               if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph)))
+               if (!pskb_may_pull(skb, ihl + sizeof(*icmph)))
                        goto drop;

                icmph = (void *)(skb_network_header(skb) + ihl);
@@ -223,7 +223,7 @@  static int tcf_nat(struct sk_buff *skb,

                if (skb_cloned(skb) &&
                    !skb_clone_writable(skb,
-                                       ihl + sizeof(*icmph) +
sizeof(*iph)) &&
+                                       ihl + sizeof(*icmph) ) &&
                    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
                        goto drop;