Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > 27922b4260f65d317aabda37e42bbbff > files > 2855

kernel-2.6.18-238.el5.src.rpm

From: Neil Horman <nhorman@redhat.com>
Date: Thu, 26 Jun 2008 13:54:25 -0400
Subject: [net] make udp_encap_rcv use pskb_may_pull
Message-id: 20080626175425.GG3838@hmsendeavour.rdu.redhat.com
O-Subject: [RHEL 5.3 PATCH] Make udp_encap_rcv use pskb_may_pull (bz 350281)
Bugzilla: 350281
RH-Acked-by: David S. Miller <davem@redhat.com>
RH-Acked-by: Herbert Xu <herbert.xu@redhat.com>
RH-Acked-by: Thomas Graf <tgraf@redhat.com>

Hey all-
	IPsec with NAT-T breaks on some notebooks using the latest e1000 chipset
when header split is enabled. When receiving sufficiently large packets, the
driver puts everything up to and including the UDP header into the header
portion of the skb, and the rest goes into the paged part. udp_encap_rcv
forgets to use pskb_may_pull, and fails to decapsulate it.  This is a backport
of upstream commit 753eab76a3337863a0d86ce045fa4eb6c3cbeef9, which corrects the
problem.

Regards
Neil

diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 483b625..7abe930 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -915,23 +915,32 @@ static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
 	return 1; 
 #else
 	struct udp_sock *up = udp_sk(sk);
-  	struct udphdr *uh = skb->h.uh;
+  	struct udphdr *uh;
 	struct iphdr *iph;
 	int iphlen, len;
   
-	__u8 *udpdata = (__u8 *)uh + sizeof(struct udphdr);
-	__u32 *udpdata32 = (__u32 *)udpdata;
+	__u8 *udpdata;
+	__u32 *udpdata32;
 	__u16 encap_type = up->encap_type;
 
 	/* if we're overly short, let UDP handle it */
-	if (udpdata > skb->tail)
+	len = skb->len - sizeof(struct udphdr);
+	if (len <= 0)
 		return 1;
 
 	/* if this is not encapsulated socket, then just return now */
 	if (!encap_type)
 		return 1;
 
-	len = skb->tail - udpdata;
+	/* If this is a paged skb, make sure we pull up
+	 * whatever data we need to look at. */
+	if (!pskb_may_pull(skb, sizeof(struct udphdr) + min(len, 8)))
+		return 1;
+
+	/* Now we can get the pointers */
+	uh = skb->h.uh;
+	udpdata = (__u8 *)uh + sizeof(struct udphdr);
+	udpdata32 = (__be32 *)udpdata;
 
 	switch (encap_type) {
 	default:

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional