Commit b3b8b99e authored by Rusty Russell's avatar Rusty Russell Committed by Linus Torvalds

[PATCH] ipt_REJECT Target nonlinear fixes

nfsim now generates non-linear packets: when run under valgrind it
finds linear assumptions very nicely.  This is the second thing I
tried, and it found a real bug.

In this case, checking the UDP checksum is correct, but overkill, and
like the ICMP header handling, does not handle non-linear packets.  Remove UDP
checksum, fix ICMP error.

Signed-off-by: Rusty Russell
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 85dc4e4f
...@@ -223,7 +223,6 @@ static void send_reset(struct sk_buff *oldskb, int hook) ...@@ -223,7 +223,6 @@ static void send_reset(struct sk_buff *oldskb, int hook)
static void send_unreach(struct sk_buff *skb_in, int code) static void send_unreach(struct sk_buff *skb_in, int code)
{ {
struct iphdr *iph; struct iphdr *iph;
struct udphdr *udph;
struct icmphdr *icmph; struct icmphdr *icmph;
struct sk_buff *nskb; struct sk_buff *nskb;
u32 saddr; u32 saddr;
...@@ -257,26 +256,13 @@ static void send_unreach(struct sk_buff *skb_in, int code) ...@@ -257,26 +256,13 @@ static void send_unreach(struct sk_buff *skb_in, int code)
if (skb_in->len < skb_in->nh.iph->ihl*4 + 8) if (skb_in->len < skb_in->nh.iph->ihl*4 + 8)
return; return;
/* if UDP checksum is set, verify it's correct */
if (iph->protocol == IPPROTO_UDP
&& skb_in->tail-(u8*)iph >= sizeof(struct udphdr)) {
int datalen = skb_in->len - (iph->ihl<<2);
udph = (struct udphdr *)((char *)iph + (iph->ihl<<2));
if (udph->check
&& csum_tcpudp_magic(iph->saddr, iph->daddr,
datalen, IPPROTO_UDP,
csum_partial((char *)udph, datalen,
0)) != 0)
return;
}
/* If we send an ICMP error to an ICMP error a mess would result.. */ /* If we send an ICMP error to an ICMP error a mess would result.. */
if (iph->protocol == IPPROTO_ICMP if (iph->protocol == IPPROTO_ICMP) {
&& skb_in->tail-(u8*)iph >= sizeof(struct icmphdr)) { struct icmphdr ihdr;
icmph = (struct icmphdr *)((char *)iph + (iph->ihl<<2));
if (skb_copy_bits(skb_in, skb_in->nh.iph->ihl*4, icmph = skb_header_pointer(skb_in, skb_in->nh.iph->ihl*4,
icmph, sizeof(*icmph)) < 0) sizeof(ihdr), &ihdr);
if (!icmph)
return; return;
/* Between echo-reply (0) and timestamp (13), /* Between echo-reply (0) and timestamp (13),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment