On Mon, Nov 14, 2011 at 07:00:54PM +0800, Paul Guo wrote: > This patch tries to fix the following issue in netfilter: > ip_route_me_harder()->pskb_expand_head() rellocates new header with > additional head room which can break the alignment of the original > packet header. > > In one of my NAT test case, the NIC port for internal hosts is > configured with vlan and the port for external hosts is with > general configuration. If we ping an external "unknown" hosts from an > internal host, an icmp packet will be sent. We find that in > icmp_send()->...->ip_route_me_harder()->pskb_expand_head(), hh_len=18 > and current headroom (skb_headroom(skb)) of the packet is 16. After > calling pskb_expand_head() the packet header becomes to be unaligned > and then our system (arch/tile) panics immediately. > > Here is the patch: > > Signed-off-by: Paul Guo <ggang@xxxxxxxxxx> Applied to my nf branch: http://1984.lsi.us.es/git/?p=net/.git;a=summary Thanks everyone. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
