Commit 70c2efa5 authored Jul 09, 2010 by Changli Gao Committed by David S. Miller Jul 12, 2010

act_nat: not all of the ICMP packets need an IP header payload



not all of the ICMP packets need an IP header payload, so we check the length
of the skbs only when the packets should have an IP header payload.

Based upon analysis and initial patch by Rodrigo Partearroyo González.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
----
 net/sched/act_nat.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
Signed-off-by: David S. Miller <davem@davemloft.net>

parent c4363d6a

net/sched/act_nat.c

+4 −1

Original line number	Diff line number	Diff line
		@@ -205,7 +205,7 @@ static int tcf_nat(struct sk_buff skb, struct tc_action a,
		{
		struct icmphdr *icmph;

		if (!pskb_may_pull(skb, ihl + sizeof(icmph) + sizeof(iph)))
		if (!pskb_may_pull(skb, ihl + sizeof(*icmph)))
		goto drop;

		icmph = (void *)(skb_network_header(skb) + ihl);
		@@ -215,6 +215,9 @@ static int tcf_nat(struct sk_buff skb, struct tc_action a,
		(icmph->type != ICMP_PARAMETERPROB))
		break;

		if (!pskb_may_pull(skb, ihl + sizeof(icmph) + sizeof(iph)))
		goto drop;

		iph = (void *)(icmph + 1);
		if (egress)
		addr = iph->daddr;