diff options
-rw-r--r-- | include/net/sock.h | 5 | ||||
-rw-r--r-- | net/bridge/br_netfilter.c | 14 | ||||
-rw-r--r-- | net/ipv6/netfilter/nf_conntrack_reasm.c | 10 |
3 files changed, 7 insertions, 22 deletions
diff --git a/include/net/sock.h b/include/net/sock.h index 75b0e97ed93..96565ff0de6 100644 --- a/include/net/sock.h +++ b/include/net/sock.h | |||
@@ -873,10 +873,7 @@ static inline int sk_filter(struct sock *sk, struct sk_buff *skb, int needlock) | |||
873 | if (filter) { | 873 | if (filter) { |
874 | unsigned int pkt_len = sk_run_filter(skb, filter->insns, | 874 | unsigned int pkt_len = sk_run_filter(skb, filter->insns, |
875 | filter->len); | 875 | filter->len); |
876 | if (!pkt_len) | 876 | err = pkt_len ? pskb_trim(skb, pkt_len) : -EPERM; |
877 | err = -EPERM; | ||
878 | else | ||
879 | skb_trim(skb, pkt_len); | ||
880 | } | 877 | } |
881 | 878 | ||
882 | if (needlock) | 879 | if (needlock) |
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 3da9264449f..3e41f9d6d51 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c | |||
@@ -407,12 +407,8 @@ static unsigned int br_nf_pre_routing_ipv6(unsigned int hook, | |||
407 | if (pkt_len || hdr->nexthdr != NEXTHDR_HOP) { | 407 | if (pkt_len || hdr->nexthdr != NEXTHDR_HOP) { |
408 | if (pkt_len + sizeof(struct ipv6hdr) > skb->len) | 408 | if (pkt_len + sizeof(struct ipv6hdr) > skb->len) |
409 | goto inhdr_error; | 409 | goto inhdr_error; |
410 | if (pkt_len + sizeof(struct ipv6hdr) < skb->len) { | 410 | if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr))) |
411 | if (__pskb_trim(skb, pkt_len + sizeof(struct ipv6hdr))) | 411 | goto inhdr_error; |
412 | goto inhdr_error; | ||
413 | if (skb->ip_summed == CHECKSUM_HW) | ||
414 | skb->ip_summed = CHECKSUM_NONE; | ||
415 | } | ||
416 | } | 412 | } |
417 | if (hdr->nexthdr == NEXTHDR_HOP && check_hbh_len(skb)) | 413 | if (hdr->nexthdr == NEXTHDR_HOP && check_hbh_len(skb)) |
418 | goto inhdr_error; | 414 | goto inhdr_error; |
@@ -495,11 +491,7 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb, | |||
495 | if (skb->len < len || len < 4 * iph->ihl) | 491 | if (skb->len < len || len < 4 * iph->ihl) |
496 | goto inhdr_error; | 492 | goto inhdr_error; |
497 | 493 | ||
498 | if (skb->len > len) { | 494 | pskb_trim_rcsum(skb, len); |
499 | __pskb_trim(skb, len); | ||
500 | if (skb->ip_summed == CHECKSUM_HW) | ||
501 | skb->ip_summed = CHECKSUM_NONE; | ||
502 | } | ||
503 | 495 | ||
504 | nf_bridge_put(skb->nf_bridge); | 496 | nf_bridge_put(skb->nf_bridge); |
505 | if (!nf_bridge_alloc(skb)) | 497 | if (!nf_bridge_alloc(skb)) |
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index 3e319035f82..c32a029e43f 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c | |||
@@ -456,13 +456,9 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb, | |||
456 | DEBUGP("queue: message is too short.\n"); | 456 | DEBUGP("queue: message is too short.\n"); |
457 | goto err; | 457 | goto err; |
458 | } | 458 | } |
459 | if (end-offset < skb->len) { | 459 | if (pskb_trim_rcsum(skb, end - offset)) { |
460 | if (pskb_trim(skb, end - offset)) { | 460 | DEBUGP("Can't trim\n"); |
461 | DEBUGP("Can't trim\n"); | 461 | goto err; |
462 | goto err; | ||
463 | } | ||
464 | if (skb->ip_summed != CHECKSUM_UNNECESSARY) | ||
465 | skb->ip_summed = CHECKSUM_NONE; | ||
466 | } | 462 | } |
467 | 463 | ||
468 | /* Find out which fragments are in front and at the back of us | 464 | /* Find out which fragments are in front and at the back of us |