On Tue, January 19, 2010 09:30, Patrick McHardy wrote: > William Allen Simpson wrote: >> Simon Arlott wrote: >>> This moves the check for (header size != packet size) to after >>> attempting to modify an existing MSS option. Another check is >>> needed before looking through the header to ensure it doesn't >>> claim to be larger than the packet size. >>> >> What's the path from tcp_v[4,6]_rcv() to these tests? >> >> 1) Header larger than the packet is already tested in about 5 places, >> and my patch "tcp: harmonize tcp_vx_rcv header length assumptions" >> tries to get them all down to just *one* test. > > We're talking about a netfilter module here, which has to deal > with forwarded traffic and can only rely on the IP header checks > done in ip_rcv(). My gateway (where these error messages occur) is running 2.6.29, and skb->len (from the prink) is 40 bytes. If this is 20 (IPv4 Header) + 20 (TCP Header) = 40 bytes, then there is no data and the header offset is wrong so it hasn't been checked. -- Simon Arlott -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
