| Message ID | 20120911123708.4305.50410.stgit@dragon |
|---|---|
| State | Superseded |
| Headers | show |
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c index ebd105c..fd50f47 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c @@ -737,6 +737,12 @@ void ip_vs_nat_icmp_v6(struct sk_buff *skb, struct ip_vs_protocol *pp, icmp_offset); struct ipv6hdr *ciph = (struct ipv6hdr *)(icmph + 1); + /* Make sure SKB is writable */ + unsigned int write; + write = icmp_offset + sizeof(struct icmp6hdr) + sizeof(struct ipv6hdr); + if (!skb_make_writable(skb, write + 2 * sizeof(__u16))) + return; + if (inout) { iph->saddr = cp->vaddr.in6; ciph->daddr = cp->vaddr.in6;
ICMPv6 return traffic, which needs to be NAT modified, does not get modified correctly, because the SKB have not been made sufficiently "writable". Make sure SKB is writable in ip_vs_nat_icmp_v6(). Note, the calling code path have handled this case for IPv4, but not for IPv6. I have placed the change in ip_vs_nat_icmp_v6() in-order to reduce the changes/impact of that path. Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> --- net/netfilter/ipvs/ip_vs_core.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html