From patchwork Thu Mar  8 10:08:06 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Serhey Popovych <serhe.popovych@gmail.com>
X-Patchwork-Id: 883038
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netfilter-devel-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="vFcC+7rn"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3zxmSD54Trz9shB
	for <incoming@patchwork.ozlabs.org>;
	Thu,  8 Mar 2018 21:08:44 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754806AbeCHKIo (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Thu, 8 Mar 2018 05:08:44 -0500
Received: from mail-lf0-f68.google.com ([209.85.215.68]:35685 "EHLO
	mail-lf0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751380AbeCHKIm (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Thu, 8 Mar 2018 05:08:42 -0500
Received: by mail-lf0-f68.google.com with SMTP id z128-v6so1320760lff.2
	for <netfilter-devel@vger.kernel.org>;
	Thu, 08 Mar 2018 02:08:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:subject:date:message-id:in-reply-to:references;
	bh=AP3Hy8+7mectGVKYRXWHLToMPgbDYq9JB/WzlFbefM4=;
	b=vFcC+7rn8vPRYG2dG2mAKYRmfXY34rXUVPas13Qqscfk8Q8ivgGfxsY/fOcIVO74w7
	B7BWFlsbKUJDY7RpWOoYRPPSbmN3BOxGAlOLFCRkPOGffl+uRpmIpFzxIXKzK4erZwUW
	hDps6bT0dPl0um2KtgjjyQvkxzoGwncabpNlh8DbhhBVu66VUTYEsQhE1GPz4DN7CtRS
	ws+9XNCdQEFxptXNxGC3Xt9YRLPQgXqrhKd3Bu0QXpYOFnBNw1/m5M8pAvE9F8R0RSHf
	4igLuJLONeUcxPA9d5/hTC8h6aScfSL1oxSrrsop4mSxLQxWhVBbUB5F8HKRn6gJyLRp
	yDgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=AP3Hy8+7mectGVKYRXWHLToMPgbDYq9JB/WzlFbefM4=;
	b=j1WHFm/6bndGYZfev/sVC352FDCV8j2208l9DHX/1t0zSNPQWNxCV8b7u78JpC26PU
	H5NBxgQjvCyzflE+XpG8gW1GTk1wzPd4Wd30vofOu7QAFS/IaqBUEhQ7did+wAX3jriL
	8psymJRLR1Ox1Tf5Rn00wzk72E7x8AcrmEhEn+2iML88GMGjN6i6zBbZ5A+ZnavGwIaN
	BDVkslIyAGdfqZILRWRn/923R1bt8pc8lfEf+It9jIdfFixP5lOMOO6/YaTRqi3KZytX
	etrQPWztf/9/qeHvs2WN0NALPp0fM5qN696S/7g3sMOuAQyi5+kVAHE1l8426DPmmfjj
	CJ5A==
X-Gm-Message-State: AElRT7FiABS1oU+NJjDkbFLFpiy8S0QWTIMIen0+YlEhdft9Y8sP7cDk
	D/TzTgWmzh3tJFJ7xguVl1ucoQ==
X-Google-Smtp-Source: 
 AG47ELtt4TwvPs37EGj6VQ0HhVxa/C74OxkWuVPIxeaGdZ5OWHfzPKR0sEVpEPkH8BGbypVCz6A+Kw==
X-Received: by 10.25.31.141 with SMTP id f135mr18858989lff.68.1520503721128;
	Thu, 08 Mar 2018 02:08:41 -0800 (PST)
Received: from tuxracer.localdomain ([2a01:6d80::195:20:96:53])
	by smtp.gmail.com with ESMTPSA id
	65sm4097619lfa.77.2018.03.08.02.08.39
	for <netfilter-devel@vger.kernel.org>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 08 Mar 2018 02:08:40 -0800 (PST)
From: Serhey Popovych <serhe.popovych@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nf-next 1/2] netfilter: SYNPROXY: set transport header
	properly
Date: Thu,  8 Mar 2018 12:08:06 +0200
Message-Id: <1520503687-30306-2-git-send-email-serhe.popovych@gmail.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1520503687-30306-1-git-send-email-serhe.popovych@gmail.com>
References: <1520503687-30306-1-git-send-email-serhe.popovych@gmail.com>
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

We can't use skb_reset_transport_header() together with skb_put() to set
skb->transport_header field because skb_put() does not touch skb->data.

Do this same way as we did for csum_data in code: substract skb->head
from tcph.

Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
---
 net/ipv4/netfilter/ipt_SYNPROXY.c  | 8 ++++----
 net/ipv6/netfilter/ip6t_SYNPROXY.c | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/net/ipv4/netfilter/ipt_SYNPROXY.c b/net/ipv4/netfilter/ipt_SYNPROXY.c
index f75fc6b..4953390 100644
--- a/net/ipv4/netfilter/ipt_SYNPROXY.c
+++ b/net/ipv4/netfilter/ipt_SYNPROXY.c
@@ -90,8 +90,8 @@
 
 	niph = synproxy_build_ip(net, nskb, iph->daddr, iph->saddr);
 
-	skb_reset_transport_header(nskb);
 	nth = skb_put(nskb, tcp_hdr_size);
+	nskb->transport_header = (unsigned char *)nth - nskb->head;
 	nth->source	= th->dest;
 	nth->dest	= th->source;
 	nth->seq	= htonl(__cookie_v4_init_sequence(iph, th, &mss));
@@ -132,8 +132,8 @@
 
 	niph = synproxy_build_ip(net, nskb, iph->saddr, iph->daddr);
 
-	skb_reset_transport_header(nskb);
 	nth = skb_put(nskb, tcp_hdr_size);
+	nskb->transport_header = (unsigned char *)nth - nskb->head;
 	nth->source	= th->source;
 	nth->dest	= th->dest;
 	nth->seq	= htonl(recv_seq - 1);
@@ -177,8 +177,8 @@
 
 	niph = synproxy_build_ip(net, nskb, iph->daddr, iph->saddr);
 
-	skb_reset_transport_header(nskb);
 	nth = skb_put(nskb, tcp_hdr_size);
+	nskb->transport_header = (unsigned char *)nth - nskb->head;
 	nth->source	= th->dest;
 	nth->dest	= th->source;
 	nth->seq	= htonl(ntohl(th->ack_seq));
@@ -215,8 +215,8 @@
 
 	niph = synproxy_build_ip(net, nskb, iph->saddr, iph->daddr);
 
-	skb_reset_transport_header(nskb);
 	nth = skb_put(nskb, tcp_hdr_size);
+	nskb->transport_header = (unsigned char *)nth - nskb->head;
 	nth->source	= th->source;
 	nth->dest	= th->dest;
 	nth->seq	= htonl(ntohl(th->seq) + 1);
diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c b/net/ipv6/netfilter/ip6t_SYNPROXY.c
index 437af8c..46c1e28 100644
--- a/net/ipv6/netfilter/ip6t_SYNPROXY.c
+++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c
@@ -104,8 +104,8 @@
 
 	niph = synproxy_build_ip(net, nskb, &iph->daddr, &iph->saddr);
 
-	skb_reset_transport_header(nskb);
 	nth = skb_put(nskb, tcp_hdr_size);
+	nskb->transport_header = (unsigned char *)nth - nskb->head;
 	nth->source	= th->dest;
 	nth->dest	= th->source;
 	nth->seq	= htonl(__cookie_v6_init_sequence(iph, th, &mss));
@@ -146,8 +146,8 @@
 
 	niph = synproxy_build_ip(net, nskb, &iph->saddr, &iph->daddr);
 
-	skb_reset_transport_header(nskb);
 	nth = skb_put(nskb, tcp_hdr_size);
+	nskb->transport_header = (unsigned char *)nth - nskb->head;
 	nth->source	= th->source;
 	nth->dest	= th->dest;
 	nth->seq	= htonl(recv_seq - 1);
@@ -191,8 +191,8 @@
 
 	niph = synproxy_build_ip(net, nskb, &iph->daddr, &iph->saddr);
 
-	skb_reset_transport_header(nskb);
 	nth = skb_put(nskb, tcp_hdr_size);
+	nskb->transport_header = (unsigned char *)nth - nskb->head;
 	nth->source	= th->dest;
 	nth->dest	= th->source;
 	nth->seq	= htonl(ntohl(th->ack_seq));
@@ -229,8 +229,8 @@
 
 	niph = synproxy_build_ip(net, nskb, &iph->saddr, &iph->daddr);
 
-	skb_reset_transport_header(nskb);
 	nth = skb_put(nskb, tcp_hdr_size);
+	nskb->transport_header = (unsigned char *)nth - nskb->head;
 	nth->source	= th->source;
 	nth->dest	= th->dest;
 	nth->seq	= htonl(ntohl(th->seq) + 1);

From patchwork Thu Mar  8 10:08:07 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Serhey Popovych <serhe.popovych@gmail.com>
X-Patchwork-Id: 883039
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netfilter-devel-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="hEa3cax+"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3zxmSG1mw6z9sh5
	for <incoming@patchwork.ozlabs.org>;
	Thu,  8 Mar 2018 21:08:46 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754988AbeCHKIp (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Thu, 8 Mar 2018 05:08:45 -0500
Received: from mail-lf0-f65.google.com ([209.85.215.65]:36637 "EHLO
	mail-lf0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751107AbeCHKIo (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Thu, 8 Mar 2018 05:08:44 -0500
Received: by mail-lf0-f65.google.com with SMTP id g72-v6so7536199lfg.3
	for <netfilter-devel@vger.kernel.org>;
	Thu, 08 Mar 2018 02:08:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:subject:date:message-id:in-reply-to:references;
	bh=oZjg0dgmxEcDt2NSYdApm1r22ka3A3JlqUwoRwW82/Y=;
	b=hEa3cax+UWLUNtVQW6sp4VW5A5B6rziyKTv4/Sq5KSRgWCP/JkctN/5qouACipXECR
	FVeE4f5ztSljyyY+xhFNfqzu/QLlPUeiWjetGQuJRGeASLJmNAYBV7yoGYTsj9R6Th1v
	7VCzxlGbBDuGC7JUtlXANRIGA33VqufZZv+y1O1mL4UygXMD2st+ikVbtrQdnyKT1NyN
	5Y4ylAcNDHf1GQJ7WrLB922vE6H4QEyM58xsYX0ohY/3BXEbyIKlQ3g4ITxkMKKt/u8e
	xljDUziBDULe5YTdN7CmVshIwcCe6Wntq7Tmf+Xb3a4OR8uL26Do02k+XbRaIM++1/tH
	VYTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=oZjg0dgmxEcDt2NSYdApm1r22ka3A3JlqUwoRwW82/Y=;
	b=Uws5eYefhAh0e7h/eyMCCSDHvduGt7yo00lAZHDhz/9QjRL5e8z8bHYNK8P8lxOCoi
	jUKCZxdcZA1A3CqBGeIgU3EK5kx9vDFtLx4ZxrEDXqjsHskogzW13mhmRs8cnU3TVS3J
	on0iO0u6pX3B0Prhk4F0/CWU6oZsvWiWClLSFRVx2HOwYvH0kmg68vAhItjJJ2US+FlT
	Oueoe/RyNdXaTCBB6XpSVwa19KL0Fo6FgyTQgtggZqZeeuOSwOvRyXHeVT1JYtwfIAel
	Jay22DXMFmTRdk8cygRJr/CF+a5QyfOLO+4VUAQXpj2KaXeDJwbEsSYN2tALiZy64ZJk
	g0Hg==
X-Gm-Message-State: AElRT7Emm/dWIU4wZu9TqIISvutWSw8onGK4nMtccefbJOH0f2+LkShv
	hURHv4DVt2xma7cqta0cAsCiUA==
X-Google-Smtp-Source: 
 AG47ELvxxzAOhvDfITTx/k60EtkQoB5Wv5qtOpE8mErredwIybY9WojMAZwFBcRZ7SM80eV7oEy9Gw==
X-Received: by 10.25.216.74 with SMTP id p71mr18979804lfg.11.1520503722178;
	Thu, 08 Mar 2018 02:08:42 -0800 (PST)
Received: from tuxracer.localdomain ([2a01:6d80::195:20:96:53])
	by smtp.gmail.com with ESMTPSA id
	65sm4097619lfa.77.2018.03.08.02.08.41
	for <netfilter-devel@vger.kernel.org>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 08 Mar 2018 02:08:41 -0800 (PST)
From: Serhey Popovych <serhe.popovych@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nf-next 2/2] netfilter: nf_reject: set transport header
	properly
Date: Thu,  8 Mar 2018 12:08:07 +0200
Message-Id: <1520503687-30306-3-git-send-email-serhe.popovych@gmail.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1520503687-30306-1-git-send-email-serhe.popovych@gmail.com>
References: <1520503687-30306-1-git-send-email-serhe.popovych@gmail.com>
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

We can't use skb_reset_transport_header() together with skb_put() to set
skb->transport_header field because skb_put() does not touch skb->data.

Do this same way as we did for csum_data in code below: substract
skb->head from tcph.

Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
---
 net/ipv4/netfilter/nf_reject_ipv4.c | 2 +-
 net/ipv6/netfilter/nf_reject_ipv6.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/ipv4/netfilter/nf_reject_ipv4.c b/net/ipv4/netfilter/nf_reject_ipv4.c
index 5cd06ba..6698cb3 100644
--- a/net/ipv4/netfilter/nf_reject_ipv4.c
+++ b/net/ipv4/netfilter/nf_reject_ipv4.c
@@ -75,8 +75,8 @@ void nf_reject_ip_tcphdr_put(struct sk_buff *nskb, const struct sk_buff *oldskb,
 	struct iphdr *niph = ip_hdr(nskb);
 	struct tcphdr *tcph;
 
-	skb_reset_transport_header(nskb);
 	tcph = skb_put_zero(nskb, sizeof(struct tcphdr));
+	nskb->transport_header = (unsigned char *)tcph - nskb->head;
 	tcph->source	= oth->dest;
 	tcph->dest	= oth->source;
 	tcph->doff	= sizeof(struct tcphdr) / 4;
diff --git a/net/ipv6/netfilter/nf_reject_ipv6.c b/net/ipv6/netfilter/nf_reject_ipv6.c
index 2485840..e9ae4d2 100644
--- a/net/ipv6/netfilter/nf_reject_ipv6.c
+++ b/net/ipv6/netfilter/nf_reject_ipv6.c
@@ -94,8 +94,8 @@ void nf_reject_ip6_tcphdr_put(struct sk_buff *nskb,
 	struct tcphdr *tcph;
 	int needs_ack;
 
-	skb_reset_transport_header(nskb);
 	tcph = skb_put(nskb, sizeof(struct tcphdr));
+	nskb->transport_header = (unsigned char *)tcph - nskb->head;
 	/* Truncate to length (no data) */
 	tcph->doff = sizeof(struct tcphdr)/4;
 	tcph->source = oth->dest;