On Sun, Oct 06, 2019 at 10:02:26AM +1100, Duncan Roe wrote: > Hi Pablo, > > On Fri, Sep 27, 2019 at 10:56:45PM +1000, Duncan Roe wrote: > > One would expect nfq_udp_mangle_ipv4() to take care of the length field in > > the UDP header but it did not. > > With this patch, it does. > > This patch is very unlikely to adversely affect any existing userspace > > software (that did its own length adjustment), > > because UDP checksumming was broken > > --- > > src/extra/udp.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/src/extra/udp.c b/src/extra/udp.c > > index 8c44a66..6836230 100644 > > --- a/src/extra/udp.c > > +++ b/src/extra/udp.c > > @@ -140,6 +140,8 @@ nfq_udp_mangle_ipv4(struct pkt_buff *pkt, > > iph = (struct iphdr *)pkt->network_header; > > udph = (struct udphdr *)(pkt->network_header + iph->ihl*4); > > > > + udph->len = htons(ntohs(udph->len) + rep_len - match_len); > > + > > if (!nfq_ip_mangle(pkt, iph->ihl*4 + sizeof(struct udphdr), > > match_offset, match_len, rep_buffer, rep_len)) > > return 0; > > -- > > 2.14.5 > > > Please consider applying this fix. I have other patches banking up behind it. Applied, thanks.
