diff options
author | Patrick McHardy <kaber@trash.net> | 2008-04-12 21:35:41 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-04-12 21:35:41 -0400 |
commit | 028b027524b162eef90839a92ba4b8bddf23e06c (patch) | |
tree | 5c128717f73ff6fb93c361cfae6961267ed52082 | |
parent | ae1b6a31b1f9ef2c7ba5ef89799f210a9ba6937c (diff) |
[DCCP]: Fix skb->cb conflicts with IP
dev_queue_xmit() and the other IP output functions expect to get a skb
with clear or properly initialized skb->cb. Unlike TCP and UDP, the
dccp_skb_cb doesn't contain a struct inet_skb_parm at the beginning,
so the DCCP-specific data is interpreted by the IP output functions.
This can cause false negatives for the conditional POST_ROUTING hook
invocation, making the packet bypass the hook.
Add a inet_skb_parm/inet6_skb_parm union to the beginning of
dccp_skb_cb to avoid clashes. Also add a BUILD_BUG_ON to make
sure it fits in the cb.
[ Combined with patch from Gerrit Renker to remove two now unnecessary
memsets of IPCB(skb)->opt ]
Signed-off-by: Patrick McHardy <kaber@trash.net>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/dccp/dccp.h | 6 | ||||
-rw-r--r-- | net/dccp/ipv4.c | 1 | ||||
-rw-r--r-- | net/dccp/output.c | 1 | ||||
-rw-r--r-- | net/dccp/proto.c | 3 |
4 files changed, 9 insertions, 2 deletions
diff --git a/net/dccp/dccp.h b/net/dccp/dccp.h index 287a62bc2e0f..ba2ef94a2302 100644 --- a/net/dccp/dccp.h +++ b/net/dccp/dccp.h | |||
@@ -325,6 +325,12 @@ static inline int dccp_bad_service_code(const struct sock *sk, | |||
325 | * This is used for transmission as well as for reception. | 325 | * This is used for transmission as well as for reception. |
326 | */ | 326 | */ |
327 | struct dccp_skb_cb { | 327 | struct dccp_skb_cb { |
328 | union { | ||
329 | struct inet_skb_parm h4; | ||
330 | #if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) | ||
331 | struct inet6_skb_parm h6; | ||
332 | #endif | ||
333 | } header; | ||
328 | __u8 dccpd_type:4; | 334 | __u8 dccpd_type:4; |
329 | __u8 dccpd_ccval:4; | 335 | __u8 dccpd_ccval:4; |
330 | __u8 dccpd_reset_code, | 336 | __u8 dccpd_reset_code, |
diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c index 474075adbde4..b33704415555 100644 --- a/net/dccp/ipv4.c +++ b/net/dccp/ipv4.c | |||
@@ -489,7 +489,6 @@ static int dccp_v4_send_response(struct sock *sk, struct request_sock *req, | |||
489 | 489 | ||
490 | dh->dccph_checksum = dccp_v4_csum_finish(skb, ireq->loc_addr, | 490 | dh->dccph_checksum = dccp_v4_csum_finish(skb, ireq->loc_addr, |
491 | ireq->rmt_addr); | 491 | ireq->rmt_addr); |
492 | memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); | ||
493 | err = ip_build_and_send_pkt(skb, sk, ireq->loc_addr, | 492 | err = ip_build_and_send_pkt(skb, sk, ireq->loc_addr, |
494 | ireq->rmt_addr, | 493 | ireq->rmt_addr, |
495 | ireq->opt); | 494 | ireq->opt); |
diff --git a/net/dccp/output.c b/net/dccp/output.c index 3b763db3d863..3d7d628d870d 100644 --- a/net/dccp/output.c +++ b/net/dccp/output.c | |||
@@ -126,7 +126,6 @@ static int dccp_transmit_skb(struct sock *sk, struct sk_buff *skb) | |||
126 | 126 | ||
127 | DCCP_INC_STATS(DCCP_MIB_OUTSEGS); | 127 | DCCP_INC_STATS(DCCP_MIB_OUTSEGS); |
128 | 128 | ||
129 | memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); | ||
130 | err = icsk->icsk_af_ops->queue_xmit(skb, 0); | 129 | err = icsk->icsk_af_ops->queue_xmit(skb, 0); |
131 | return net_xmit_eval(err); | 130 | return net_xmit_eval(err); |
132 | } | 131 | } |
diff --git a/net/dccp/proto.c b/net/dccp/proto.c index e3f5d37b84be..c91d3c1fd30d 100644 --- a/net/dccp/proto.c +++ b/net/dccp/proto.c | |||
@@ -1057,6 +1057,9 @@ static int __init dccp_init(void) | |||
1057 | int ehash_order, bhash_order, i; | 1057 | int ehash_order, bhash_order, i; |
1058 | int rc = -ENOBUFS; | 1058 | int rc = -ENOBUFS; |
1059 | 1059 | ||
1060 | BUILD_BUG_ON(sizeof(struct dccp_skb_cb) > | ||
1061 | FIELD_SIZEOF(struct sk_buff, cb)); | ||
1062 | |||
1060 | dccp_hashinfo.bind_bucket_cachep = | 1063 | dccp_hashinfo.bind_bucket_cachep = |
1061 | kmem_cache_create("dccp_bind_bucket", | 1064 | kmem_cache_create("dccp_bind_bucket", |
1062 | sizeof(struct inet_bind_bucket), 0, | 1065 | sizeof(struct inet_bind_bucket), 0, |