On Fri, Dec 24, 2021 at 10:37:13AM +0800, zhang kai wrote:
> if seq/ack offset is zero, don't update
Please, provide more details: explain the scenario that triggers and
seq/ack offset adjustment of zero, describe the scenario that triggers
the bug, etc.
> Signed-off-by: zhang kai <zhangkaiheb@xxxxxxx>
> ---
> net/netfilter/nf_conntrack_seqadj.c | 15 ++++++++++-----
> 1 file changed, 10 insertions(+), 5 deletions(-)
>
> diff --git a/net/netfilter/nf_conntrack_seqadj.c b/net/netfilter/nf_conntrack_seqadj.c
> index 3066449f8bd8..d35e272a2e36 100644
> --- a/net/netfilter/nf_conntrack_seqadj.c
> +++ b/net/netfilter/nf_conntrack_seqadj.c
> @@ -186,11 +186,13 @@ int nf_ct_seq_adjust(struct sk_buff *skb,
> else
> seqoff = this_way->offset_before;
>
> - newseq = htonl(ntohl(tcph->seq) + seqoff);
> - inet_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, false);
> - pr_debug("Adjusting sequence number from %u->%u\n",
> - ntohl(tcph->seq), ntohl(newseq));
> - tcph->seq = newseq;
> + if (seqoff) {
> + newseq = htonl(ntohl(tcph->seq) + seqoff);
> + inet_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, false);
> + pr_debug("Adjusting sequence number from %u->%u\n",
> + ntohl(tcph->seq), ntohl(newseq));
> + tcph->seq = newseq;
> + }
>
> if (!tcph->ack)
> goto out;
> @@ -201,6 +203,9 @@ int nf_ct_seq_adjust(struct sk_buff *skb,
> else
> ackoff = other_way->offset_before;
>
> + if (!ackoff)
> + goto out;
> +
> newack = htonl(ntohl(tcph->ack_seq) - ackoff);
> inet_proto_csum_replace4(&tcph->check, skb, tcph->ack_seq, newack,
> false);
> --
> 2.17.1
>
