[PATCH 001/001] QoS and/or fair queueing: Stateless NAT BUG

LKML Archive mirror
 help / color / mirror / Atom feed

* [PATCH 001/001] QoS and/or fair queueing: Stateless NAT BUG
@ 2010-07-09 16:35 rpartearroyo
  2010-07-09 17:19 ` Rodrigo Partearroyo González
  0 siblings, 1 reply; 5+ messages in thread
From: rpartearroyo @ 2010-07-09 16:35 UTC (permalink / raw
  To: Eric Dumazet
  Cc: Herbert Xu, Linux Kernel Mailing List, Iratxo Pichel Ortiz,
	Noelia Morón, netdev

Hi all,
I have been testing Stateless NAT and found that ICMP packets with length
less than 20 bytes were not correctly NAT'ed. I have found a BUG that
makes taking into account IP header length twice, so ICMP packets smaller
than 20 bytes were being dropped.

Proposed formal patch is below, as suggested by Eric Dumazet, thanks.
It is taken from 2.6.34.1 stable version.

Signed-off-by: Rodrigo Partearroyo González <rpartearroyo@albentia.com>
---
diff -uprN a/net/sched/act_nat.c b/net/sched/act_nat.c
--- a/net/sched/act_nat.c    2010-07-09 18:25:18.000000000 +0200
+++ b/net/sched/act_nat.c 2010-07-09 18:26:16.000000000 +0200
@@ -202,7 +202,7 @@ static int tcf_nat(struct sk_buff *skb,
        {
                struct icmphdr *icmph;

-               if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph)))
+               if (!pskb_may_pull(skb, ihl + sizeof(*icmph)))
                        goto drop;

                icmph = (void *)(skb_network_header(skb) + ihl);
@@ -223,7 +223,7 @@ static int tcf_nat(struct sk_buff *skb,

                if (skb_cloned(skb) &&
                    !skb_clone_writable(skb,
-                                       ihl + sizeof(*icmph) +
sizeof(*iph)) &&
+                                       ihl + sizeof(*icmph) ) &&
                    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
                        goto drop;
---

-- 
Rodrigo Partearroyo González

Albentia Systems S.A.
http://www.albentia.com

C\Margarita Salas 22
Parque Tecnológico de Leganés
Leganés (28918)
Madrid
Spain



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 001/001] QoS and/or fair queueing: Stateless NAT BUG
  2010-07-09 16:35 rpartearroyo
@ 2010-07-09 17:19 ` Rodrigo Partearroyo González
  0 siblings, 0 replies; 5+ messages in thread
From: Rodrigo Partearroyo González @ 2010-07-09 17:19 UTC (permalink / raw
  To: Eric Dumazet
  Cc: Herbert Xu, Linux Kernel Mailing List, Iratxo Pichel Ortiz,
	Noelia Morón, netdev

Seems like the mailer corrupted the patch. Sorry, I resend it.
Thanks Eric.

On Viernes, 9 de Julio de 2010 18:35:59 rpartearroyo@albentia.com escribió:
> Hi all,
> I have been testing Stateless NAT and found that ICMP packets with length
> less than 20 bytes were not correctly NAT'ed. I have found a BUG that
> makes taking into account IP header length twice, so ICMP packets smaller
> than 20 bytes were being dropped.
> 
> Proposed formal patch is below, as suggested by Eric Dumazet, thanks.
> It is taken from 2.6.34.1 stable version.
> 
Signed-off-by: Rodrigo Partearroyo González <rpartearroyo@albentia.com>
---
diff -uprN a/net/sched/act_nat.c b/net/sched/act_nat.c
--- a/net/sched/act_nat.c	2010-07-09 18:25:18.000000000 +0200
+++ b/net/sched/act_nat.c	2010-07-09 18:26:16.000000000 +0200
@@ -202,7 +202,7 @@ static int tcf_nat(struct sk_buff *skb, 
 	{
 		struct icmphdr *icmph;
 
-		if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph)))
+		if (!pskb_may_pull(skb, ihl + sizeof(*icmph)))
 			goto drop;
 
 		icmph = (void *)(skb_network_header(skb) + ihl);
@@ -223,7 +223,7 @@ static int tcf_nat(struct sk_buff *skb, 
 
 		if (skb_cloned(skb) &&
 		    !skb_clone_writable(skb,
-					ihl + sizeof(*icmph) + sizeof(*iph)) &&
+					ihl + sizeof(*icmph) ) &&
 		    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
 			goto drop;
---

-- 
Rodrigo Partearroyo González
R&D Engineer

Albentia Systems S.A.
http://www.albentia.com
+34 914400213

C\Margarita Salas 22
Parque Tecnológico de Leganés
Leganés (28918)
Madrid
Spain

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 001/001] QoS and/or fair queueing: Stateless NAT BUG
@ 2010-07-09 17:37 Rodrigo Partearroyo González
  2010-07-09 17:52 ` David Miller
  2010-07-09 17:54 ` Eric Dumazet
  0 siblings, 2 replies; 5+ messages in thread
From: Rodrigo Partearroyo González @ 2010-07-09 17:37 UTC (permalink / raw
  To: Eric Dumazet
  Cc: Herbert Xu, Linux Kernel Mailing List, Iratxo Pichel Ortiz,
	Noelia Morón, netdev

Hi all,
I have been testing Stateless NAT and found that ICMP packets with length
less than 20 bytes were not correctly NAT'ed. I have found a BUG that
makes taking into account IP header length twice, so ICMP packets smaller
than 20 bytes were being dropped.

Proposed formal patch is below, as suggested by Eric Dumazet, thanks.
It is taken from 2.6.34.1 stable version.

Signed-off-by: Rodrigo Partearroyo González <rpartearroyo@albentia.com>
---
diff -uprN a/net/sched/act_nat.c b/net/sched/act_nat.c
--- a/net/sched/act_nat.c	2010-07-09 18:25:18.000000000 +0200
+++ b/net/sched/act_nat.c	2010-07-09 18:26:16.000000000 +0200
@@ -202,7 +202,7 @@ static int tcf_nat(struct sk_buff *skb, 
 	{
 		struct icmphdr *icmph;
 
-		if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph)))
+		if (!pskb_may_pull(skb, ihl + sizeof(*icmph)))
 			goto drop;
 
 		icmph = (void *)(skb_network_header(skb) + ihl);
@@ -223,7 +223,7 @@ static int tcf_nat(struct sk_buff *skb, 
 
 		if (skb_cloned(skb) &&
 		    !skb_clone_writable(skb,
-					ihl + sizeof(*icmph) + sizeof(*iph)) &&
+					ihl + sizeof(*icmph)) &&
 		    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
 			goto drop;

---
Rodrigo Partearroyo González
R&D Engineer

Albentia Systems S.A.
http://www.albentia.com
+34 914400213

C\Margarita Salas 22
Parque Tecnológico de Leganés
Leganés (28918)
Madrid
Spain

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 001/001] QoS and/or fair queueing: Stateless NAT BUG
  2010-07-09 17:37 [PATCH 001/001] QoS and/or fair queueing: Stateless NAT BUG Rodrigo Partearroyo González
@ 2010-07-09 17:52 ` David Miller
  2010-07-09 17:54 ` Eric Dumazet
  1 sibling, 0 replies; 5+ messages in thread
From: David Miller @ 2010-07-09 17:52 UTC (permalink / raw
  To: rpartearroyo; +Cc: eric.dumazet, herbert, linux-kernel, ipichel, nmoron, netdev

From: Rodrigo Partearroyo González <rpartearroyo@albentia.com>
Date: Fri, 9 Jul 2010 19:37:16 +0200

> Hi all,
> I have been testing Stateless NAT and found that ICMP packets with length
> less than 20 bytes were not correctly NAT'ed. I have found a BUG that
> makes taking into account IP header length twice, so ICMP packets smaller
> than 20 bytes were being dropped.
> 
> Proposed formal patch is below, as suggested by Eric Dumazet, thanks.
> It is taken from 2.6.34.1 stable version.
> 
> Signed-off-by: Rodrigo Partearroyo González <rpartearroyo@albentia.com>

Applied, thanks.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 001/001] QoS and/or fair queueing: Stateless NAT BUG
  2010-07-09 17:37 [PATCH 001/001] QoS and/or fair queueing: Stateless NAT BUG Rodrigo Partearroyo González
  2010-07-09 17:52 ` David Miller
@ 2010-07-09 17:54 ` Eric Dumazet
  1 sibling, 0 replies; 5+ messages in thread
From: Eric Dumazet @ 2010-07-09 17:54 UTC (permalink / raw
  To: Rodrigo Partearroyo González
  Cc: Herbert Xu, Linux Kernel Mailing List, Iratxo Pichel Ortiz,
	Noelia Morón, netdev

Le vendredi 09 juillet 2010 à 19:37 +0200, Rodrigo Partearroyo González
a écrit :
> Hi all,
> I have been testing Stateless NAT and found that ICMP packets with length
> less than 20 bytes were not correctly NAT'ed. I have found a BUG that
> makes taking into account IP header length twice, so ICMP packets smaller
> than 20 bytes were being dropped.
> 
> Proposed formal patch is below, as suggested by Eric Dumazet, thanks.
> It is taken from 2.6.34.1 stable version.
> 
> Signed-off-by: Rodrigo Partearroyo González <rpartearroyo@albentia.com>

Acked-by: Eric Dumazet <eric.dumazet@gmail.com>

> ---
> diff -uprN a/net/sched/act_nat.c b/net/sched/act_nat.c
> --- a/net/sched/act_nat.c	2010-07-09 18:25:18.000000000 +0200
> +++ b/net/sched/act_nat.c	2010-07-09 18:26:16.000000000 +0200
> @@ -202,7 +202,7 @@ static int tcf_nat(struct sk_buff *skb, 
>  	{
>  		struct icmphdr *icmph;
>  
> -		if (!pskb_may_pull(skb, ihl + sizeof(*icmph) + sizeof(*iph)))
> +		if (!pskb_may_pull(skb, ihl + sizeof(*icmph)))
>  			goto drop;
>  
>  		icmph = (void *)(skb_network_header(skb) + ihl);
> @@ -223,7 +223,7 @@ static int tcf_nat(struct sk_buff *skb, 
>  
>  		if (skb_cloned(skb) &&
>  		    !skb_clone_writable(skb,
> -					ihl + sizeof(*icmph) + sizeof(*iph)) &&
> +					ihl + sizeof(*icmph)) &&
>  		    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
>  			goto drop;
> 





^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2010-07-09 17:54 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-07-09 17:37 [PATCH 001/001] QoS and/or fair queueing: Stateless NAT BUG Rodrigo Partearroyo González
2010-07-09 17:52 ` David Miller
2010-07-09 17:54 ` Eric Dumazet
  -- strict thread matches above, loose matches on Subject: below --
2010-07-09 16:35 rpartearroyo
2010-07-09 17:19 ` Rodrigo Partearroyo González

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).