I'll make some tests this week-end. I have had no time theses days. Regards, Jean-Michel Le 31 janv. 2013 à 16:59, Ulrich Weber a écrit : > From my side, apply yoshofuji patches and my > onces complement patch, that worked for me ;) > > I can do some more testing tomorrow with different > addresses and ranges if nobody else finds time... > > Cheers > Ulrich > > > On 01/31/13 11:04, Pablo Neira Ayuso wrote: >> Hi, >> >> On Tue, Jan 29, 2013 at 03:42:39PM +0100, Ulrich Weber wrote: >>> Hi Yoshofuji, >>> >>> thanks for your patches! If I add a onces complement >>> to the return value of csum_fold() it works for my setup. >> Any consensus on the fix for this? I'd like to have some solution into >> 3.8-rc. >> >> Thanks. >> >>> On 01/26/13 19:37, YOSHIFUJI Hideaki wrote: >>>> Cast __wsum from/to __sum16 is wrong. Instead, apply appropriate >>>> conversion function: csum_unfold() or csum_fold(). >>>> >>>> Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@xxxxxxxxxxxxxx> >>>> --- >>>> net/ipv6/netfilter/ip6t_NPT.c | 6 +++--- >>>> 1 file changed, 3 insertions(+), 3 deletions(-) >>>> >>>> diff --git a/net/ipv6/netfilter/ip6t_NPT.c b/net/ipv6/netfilter/ip6t_NPT.c >>>> index 7302b0b..3ff281b 100644 >>>> --- a/net/ipv6/netfilter/ip6t_NPT.c >>>> +++ b/net/ipv6/netfilter/ip6t_NPT.c >>>> @@ -30,7 +30,7 @@ static int ip6t_npt_checkentry(const struct xt_tgchk_param *par) >>>> (__force __wsum)npt->dst_pfx.in6.s6_addr16[i]); >>>> } >>>> - npt->adjustment = (__force __sum16) csum_sub(src_sum, dst_sum); >>>> + npt->adjustment = csum_fold(csum_sub(src_sum, dst_sum)); >>>> return 0; >>>> } >>>> @@ -66,8 +66,8 @@ static bool ip6t_npt_map_pfx(const struct ip6t_npt_tginfo *npt, >>>> return false; >>>> } >>>> - sum = (__force __sum16) csum_add((__force __wsum)addr->s6_addr16[idx], >>>> - npt->adjustment); >>>> + sum = csum_fold(csum_add(csum_unfold((__force __sum16)addr->s6_addr16[idx]), >>>> + csum_unfold(npt->adjustment))); >>>> if (sum == CSUM_MANGLED_0) >>>> sum = 0; >>>> *(__force __sum16 *)&addr->s6_addr16[idx] = sum; >>> From 40e0c6d86514a8dcc80f18fbe8a2945c6ee78f6d Mon Sep 17 00:00:00 2001 >>> From: Ulrich Weber <ulrich.weber@xxxxxxxxxx> >>> Date: Tue, 29 Jan 2013 15:24:21 +0100 >>> Subject: [PATCH] netfilter: ip6t_NTP: Use onces complement of csum_fold >>> >>> we need a 16bit value but not folded >>> >>> Signed-off-by: Ulrich Weber <ulrich.weber@xxxxxxxxxx> >>> --- >>> net/ipv6/netfilter/ip6t_NPT.c | 6 +++--- >>> 1 file changed, 3 insertions(+), 3 deletions(-) >>> >>> diff --git a/net/ipv6/netfilter/ip6t_NPT.c b/net/ipv6/netfilter/ip6t_NPT.c >>> index 74e171d..61a9b95 100644 >>> --- a/net/ipv6/netfilter/ip6t_NPT.c >>> +++ b/net/ipv6/netfilter/ip6t_NPT.c >>> @@ -35,7 +35,7 @@ static int ip6t_npt_checkentry(const struct xt_tgchk_param *par) >>> src_sum = csum_partial(&npt->src_pfx.in6, sizeof(npt->src_pfx.in6), 0); >>> dst_sum = csum_partial(&npt->dst_pfx.in6, sizeof(npt->dst_pfx.in6), 0); >>> - npt->adjustment = csum_fold(csum_sub(src_sum, dst_sum)); >>> + npt->adjustment = ~csum_fold(csum_sub(src_sum, dst_sum)); >>> return 0; >>> } >>> @@ -71,8 +71,8 @@ static bool ip6t_npt_map_pfx(const struct ip6t_npt_tginfo *npt, >>> return false; >>> } >>> - sum = csum_fold(csum_add(csum_unfold((__force __sum16)addr->s6_addr16[idx]), >>> - csum_unfold(npt->adjustment))); >>> + sum = ~csum_fold(csum_add(csum_unfold((__force __sum16)addr->s6_addr16[idx]), >>> + csum_unfold(npt->adjustment))); >>> if (sum == CSUM_MANGLED_0) >>> sum = 0; >>> *(__force __sum16 *)&addr->s6_addr16[idx] = sum; >>> -- >>> 1.7.9.5 >>> >
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
