On Thu, May 28, 2015 at 10:24:33AM +0200, Bernhard Thaler wrote:
[...]
> @@ -264,6 +265,109 @@ drop:
> return -1;
> }
>
> +/* We only check the length. A bridge shouldn't do hop-by-hop stuff anyway */
> +static int check_hbh_len(struct sk_buff *skb)
> +{
> + unsigned char *raw = (u8 *)(ipv6_hdr(skb) + 1);
> + u32 pkt_len;
> + const unsigned char *nh = skb_network_header(skb);
> + int off = raw - nh;
> + int len = (raw[1] + 1) << 3;
> +
> + if ((raw + len) - skb->data > skb_headlen(skb))
> + goto bad;
> +
> + off += 2;
> + len -= 2;
> +
> + while (len > 0) {
> + int optlen = nh[off + 1] + 2;
> +
> + switch (nh[off]) {
> + case IPV6_TLV_PAD1:
> + optlen = 1;
> + break;
> +
> + case IPV6_TLV_PADN:
> + break;
> +
> + case IPV6_TLV_JUMBO:
> + if (nh[off + 1] != 4 || (off & 3) != 2)
> + goto bad;
> + pkt_len = ntohl(*(__be32 *)(nh + off + 2));
> + if (pkt_len <= IPV6_MAXPLEN ||
> + ipv6_hdr(skb)->payload_len)
> + goto bad;
> + if (pkt_len > skb->len - sizeof(struct ipv6hdr))
> + goto bad;
> + if (pskb_trim_rcsum(skb,
> + pkt_len + sizeof(struct ipv6hdr)))
> + goto bad;
> + nh = skb_network_header(skb);
> + break;
> + default:
> + if (optlen > len)
> + goto bad;
> + break;
> + }
> + off += optlen;
> + len -= optlen;
> + }
> + if (len == 0)
> + return 0;
> +bad:
> + return -1;
> +}
[...]
> @@ -554,91 +662,17 @@ static struct net_device *setup_pre_routing(struct sk_buff *skb)
> return skb->dev;
> }
>
> -/* We only check the length. A bridge shouldn't do any hop-by-hop stuff anyway */
> -static int check_hbh_len(struct sk_buff *skb)
> -{
> - unsigned char *raw = (u8 *)(ipv6_hdr(skb) + 1);
> - u32 pkt_len;
> - const unsigned char *nh = skb_network_header(skb);
> - int off = raw - nh;
> - int len = (raw[1] + 1) << 3;
> -
> - if ((raw + len) - skb->data > skb_headlen(skb))
> - goto bad;
> -
> - off += 2;
> - len -= 2;
> -
> - while (len > 0) {
> - int optlen = nh[off + 1] + 2;
> -
> - switch (nh[off]) {
> - case IPV6_TLV_PAD1:
> - optlen = 1;
> - break;
> -
> - case IPV6_TLV_PADN:
> - break;
> -
> - case IPV6_TLV_JUMBO:
> - if (nh[off + 1] != 4 || (off & 3) != 2)
> - goto bad;
> - pkt_len = ntohl(*(__be32 *) (nh + off + 2));
> - if (pkt_len <= IPV6_MAXPLEN ||
> - ipv6_hdr(skb)->payload_len)
> - goto bad;
> - if (pkt_len > skb->len - sizeof(struct ipv6hdr))
> - goto bad;
> - if (pskb_trim_rcsum(skb,
> - pkt_len + sizeof(struct ipv6hdr)))
> - goto bad;
> - nh = skb_network_header(skb);
> - break;
> - default:
> - if (optlen > len)
> - goto bad;
> - break;
> - }
> - off += optlen;
> - len -= optlen;
> - }
> - if (len == 0)
> - return 0;
> -bad:
> - return -1;
> -
> -}
Please, if you need to move this code at the top of the file, do this
in a separated patch in first place as preparation. Then, it should
follow the patch that makes real changes on the code.
This helps us to review your changes.
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
