Jozsef Kadlecsik wrote: > Hi Patrick, > > On Thu, 4 Oct 2007, Patrick McHardy wrote: > >>Jozsef Kadlecsik wrote: >> >>>I think the code segment is correct. However, the end of the segment >>>is miscalculated by segment_seq_plus_len because the offset added to >>>'dataoff' by the get_l4proto function of IPv4/IPv6 is not taken into >>>account. Please check whether the patch below fixes it: >> >>Actually that offset should always be zero for anything but packets >>encapsulated within ICMP, which don't pass though TCP conntrack. > > > Here we calculate the sequence number of the last octet in the packet from > the actual data length of the skbuff, so by the 'dataoff' argument of > segment_seq_plus_len we must pass the length of the IP(v4|6) header. But > the 'dataoff' parameter supplied by the nf_conntrack core is larger by > skb_network_offset(skb) therefore 'dataoff' must be decremented by it > before passing to segment_seq_plus_len. Right, I didn't express myself correctly. What I meant to say is that skb_network_offset is always 0 while we're inside the IP(v6) layer. - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
