diff mbox series

[ovs-dev,v2] conntrack: Fix 'reverse_nat_packet()' variable datatype.

Message ID 1567181599-92090-1-git-send-email-dlu998@gmail.com
State Accepted
Commit ba5ca284098fdf92ca851405c8fab2ef1a4fac39
Headers show
Series [ovs-dev,v2] conntrack: Fix 'reverse_nat_packet()' variable datatype. | expand

Commit Message

Darrell Ball Aug. 30, 2019, 4:13 p.m. UTC 
The datatype 'pad' in the function 'reverse_nat_packet()' was incorrectly
declared as 'char' instead of 'uint8_t'. This can affect reverse natting
of icmpX packets with padding > 127 bytes.  At the same time, add some
comments regarding 'extract_l3_ipvX' usage in this function.  Found by
inspection.

Fixes: edd1bef468c0 ("dpdk: Add more ICMP Related NAT support.")
Signed-off-by: Darrell Ball <dlu998@gmail.com>
---

v2: Elaborate added comments.

 lib/conntrack.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Comments

Ben Pfaff Sept. 24, 2019, 8:35 p.m. UTC | #1 
On Fri, Aug 30, 2019 at 09:13:19AM -0700, Darrell Ball wrote:
> The datatype 'pad' in the function 'reverse_nat_packet()' was incorrectly
> declared as 'char' instead of 'uint8_t'. This can affect reverse natting
> of icmpX packets with padding > 127 bytes.  At the same time, add some
> comments regarding 'extract_l3_ipvX' usage in this function.  Found by
> inspection.
> 
> Fixes: edd1bef468c0 ("dpdk: Add more ICMP Related NAT support.")
> Signed-off-by: Darrell Ball <dlu998@gmail.com>

Applied to master and backported as far as branch-2.8.
diff mbox series

Patch

diff --git a/lib/conntrack.c b/lib/conntrack.c
index e5266e5..6452d82 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -688,7 +688,7 @@  static void
 reverse_nat_packet(struct dp_packet *pkt, const struct conn *conn)
 {
     char *tail = dp_packet_tail(pkt);
-    char pad = dp_packet_l2_pad_size(pkt);
+    uint8_t pad = dp_packet_l2_pad_size(pkt);
     struct conn_key inner_key;
     const char *inner_l4 = NULL;
     uint16_t orig_l3_ofs = pkt->l3_ofs;
@@ -698,6 +698,8 @@  reverse_nat_packet(struct dp_packet *pkt, const struct conn *conn)
         struct ip_header *nh = dp_packet_l3(pkt);
         struct icmp_header *icmp = dp_packet_l4(pkt);
         struct ip_header *inner_l3 = (struct ip_header *) (icmp + 1);
+        /* This call is already verified to succeed during the code path from
+         * 'conn_key_extract()' which calls 'extract_l4_icmp()'. */
         extract_l3_ipv4(&inner_key, inner_l3, tail - ((char *)inner_l3) - pad,
                         &inner_l4, false);
         pkt->l3_ofs += (char *) inner_l3 - (char *) nh;
@@ -719,6 +721,8 @@  reverse_nat_packet(struct dp_packet *pkt, const struct conn *conn)
         struct icmp6_error_header *icmp6 = dp_packet_l4(pkt);
         struct ovs_16aligned_ip6_hdr *inner_l3_6 =
             (struct ovs_16aligned_ip6_hdr *) (icmp6 + 1);
+        /* This call is already verified to succeed during the code path from
+         * 'conn_key_extract()' which calls 'extract_l4_icmp6()'. */
         extract_l3_ipv6(&inner_key, inner_l3_6,
                         tail - ((char *)inner_l3_6) - pad,
                         &inner_l4);