Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 028b0275 authored Apr 12, 2008 by Patrick McHardy Committed by David S. Miller Apr 12, 2008

[DCCP]: Fix skb->cb conflicts with IP



dev_queue_xmit() and the other IP output functions expect to get a skb
with clear or properly initialized skb->cb. Unlike TCP and UDP, the
dccp_skb_cb doesn't contain a struct inet_skb_parm at the beginning,
so the DCCP-specific data is interpreted by the IP output functions.
This can cause false negatives for the conditional POST_ROUTING hook
invocation, making the packet bypass the hook.

Add a inet_skb_parm/inet6_skb_parm union to the beginning of
dccp_skb_cb to avoid clashes. Also add a BUILD_BUG_ON to make
sure it fits in the cb.

[ Combined with patch from Gerrit Renker to remove two now unnecessary
  memsets of IPCB(skb)->opt ]

Signed-off-by: Patrick McHardy <kaber@trash.net>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent ae1b6a31

net/dccp/dccp.h

+6 −0

Original line number	Diff line number	Diff line
		@@ -325,6 +325,12 @@ static inline int dccp_bad_service_code(const struct sock *sk,
		* This is used for transmission as well as for reception.
		*/
		struct dccp_skb_cb {
		union {
		struct inet_skb_parm h4;
		#if defined(CONFIG_IPV6) \|\| defined (CONFIG_IPV6_MODULE)
		struct inet6_skb_parm h6;
		#endif
		} header;
		__u8 dccpd_type:4;
		__u8 dccpd_ccval:4;
		__u8 dccpd_reset_code,

net/dccp/ipv4.c

+0 −1

Original line number	Diff line number	Diff line
		@@ -489,7 +489,6 @@ static int dccp_v4_send_response(struct sock sk, struct request_sock req,

		dh->dccph_checksum = dccp_v4_csum_finish(skb, ireq->loc_addr,
		ireq->rmt_addr);
		memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
		err = ip_build_and_send_pkt(skb, sk, ireq->loc_addr,
		ireq->rmt_addr,
		ireq->opt);

net/dccp/output.c

+0 −1

Original line number	Diff line number	Diff line
		@@ -126,7 +126,6 @@ static int dccp_transmit_skb(struct sock sk, struct sk_buff skb)

		DCCP_INC_STATS(DCCP_MIB_OUTSEGS);

		memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
		err = icsk->icsk_af_ops->queue_xmit(skb, 0);
		return net_xmit_eval(err);
		}

net/dccp/proto.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -1057,6 +1057,9 @@ static int __init dccp_init(void)
		int ehash_order, bhash_order, i;
		int rc = -ENOBUFS;

		BUILD_BUG_ON(sizeof(struct dccp_skb_cb) >
		FIELD_SIZEOF(struct sk_buff, cb));

		dccp_hashinfo.bind_bucket_cachep =
		kmem_cache_create("dccp_bind_bucket",
		sizeof(struct inet_bind_bucket), 0,