From patchwork Fri Mar 6 10:44:06 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Drozdov X-Patchwork-Id: 447275 X-Patchwork-Delegate: kadlec@blackhole.kfki.hu Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 776B614010F for ; Fri, 6 Mar 2015 21:45:21 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="verification failed; unprotected key" header.d=gmail.com header.i=@gmail.com header.b=GjYN+Gbs; dkim-adsp=none (unprotected policy); dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755226AbbCFKow (ORCPT ); Fri, 6 Mar 2015 05:44:52 -0500 Received: from mail-lb0-f169.google.com ([209.85.217.169]:39285 "EHLO mail-lb0-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752605AbbCFKos (ORCPT ); Fri, 6 Mar 2015 05:44:48 -0500 Received: by lbiw7 with SMTP id w7so9878590lbi.6; Fri, 06 Mar 2015 02:44:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id; bh=BG3ktGpr+SYD/fPyruv/Lq2sOV4DKU9tsQxFsf+xJhc=; b=GjYN+GbsTqtDnmK4WoCovQQQCq7tIbSIQfqzZq8/dphkmw4IcUpoAinvO4LPCR5Hjn FeM/pgoJbQg3qBZ5CIPtkKilbucW/KS4dwHyTUjJTQa7cjfgJHG+ckHRFaMcWMXDL4lN zr8q6PL9MBY1suCyiN+rV6xFk5LlcaciwqmNXG+gEMi7ykCI98Gb8r+Y49xaFHQRYTHV seicVDzBwneVvwKoz9F/680ofh0rryk/Ub5FVWE/6CPyXC9v5GO3RULiBAifftPFrBQV A3mNjvd4/4zaMCB+cdbdnqBMsDS/P/ttcU6KprGHM06CWW2JckXBgLA0Ee/uNd9Lq2RW 1nWQ== X-Received: by 10.112.150.200 with SMTP id uk8mr12438599lbb.14.1425638685977; Fri, 06 Mar 2015 02:44:45 -0800 (PST) Received: from sw.bm.in-line.local ([213.221.6.130]) by mx.google.com with ESMTPSA id dz1sm1741446lbc.47.2015.03.06.02.44.44 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 06 Mar 2015 02:44:44 -0800 (PST) From: Alexander Drozdov To: Pablo Neira Ayuso , Patrick McHardy , Jozsef Kadlecsik , "David S. Miller" Cc: netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Alexander Drozdov Subject: [PATCH] netfilter: ipset: make ip_set_get_ip*_port to use skb_network_offset Date: Fri, 6 Mar 2015 13:44:06 +0300 Message-Id: <1425638646-5906-1-git-send-email-al.drozdov@gmail.com> X-Mailer: git-send-email 1.9.1 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org All the ipset functions respect skb->network_header value, except for ip_set_get_ip4_port() & ip_set_get_ip6_port(). The functions should use skb_network_offset() to get the transport header offset. Signed-off-by: Alexander Drozdov --- net/netfilter/ipset/ip_set_getport.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/netfilter/ipset/ip_set_getport.c b/net/netfilter/ipset/ip_set_getport.c index 29fb01d..1981f02 100644 --- a/net/netfilter/ipset/ip_set_getport.c +++ b/net/netfilter/ipset/ip_set_getport.c @@ -98,7 +98,7 @@ ip_set_get_ip4_port(const struct sk_buff *skb, bool src, __be16 *port, u8 *proto) { const struct iphdr *iph = ip_hdr(skb); - unsigned int protooff = ip_hdrlen(skb); + unsigned int protooff = skb_network_offset(skb) + ip_hdrlen(skb); int protocol = iph->protocol; /* See comments at tcp_match in ip_tables.c */ @@ -135,7 +135,9 @@ ip_set_get_ip6_port(const struct sk_buff *skb, bool src, __be16 frag_off = 0; nexthdr = ipv6_hdr(skb)->nexthdr; - protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr, + protoff = ipv6_skip_exthdr(skb, + skb_network_offset(skb) + + sizeof(struct ipv6hdr), &nexthdr, &frag_off); if (protoff < 0 || (frag_off & htons(~0x7)) != 0) return false;