Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
linux
Commits
b803d5f5
Commit
b803d5f5
authored
Nov 13, 2004
by
Patrick McHardy
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[NETFILTER]: Fix invalid tcp/udp checksums within NATed icmp errors
Signed-off-by:
Patrick McHardy
<
kaber@trash.net
>
parent
d70bfc85
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
16 additions
and
10 deletions
+16
-10
include/linux/netfilter_ipv4/ip_nat_protocol.h
include/linux/netfilter_ipv4/ip_nat_protocol.h
+1
-1
net/ipv4/netfilter/ip_nat_core.c
net/ipv4/netfilter/ip_nat_core.c
+1
-1
net/ipv4/netfilter/ip_nat_proto_icmp.c
net/ipv4/netfilter/ip_nat_proto_icmp.c
+3
-1
net/ipv4/netfilter/ip_nat_proto_tcp.c
net/ipv4/netfilter/ip_nat_proto_tcp.c
+5
-3
net/ipv4/netfilter/ip_nat_proto_udp.c
net/ipv4/netfilter/ip_nat_proto_udp.c
+5
-3
net/ipv4/netfilter/ip_nat_proto_unknown.c
net/ipv4/netfilter/ip_nat_proto_unknown.c
+1
-1
No files found.
include/linux/netfilter_ipv4/ip_nat_protocol.h
View file @
b803d5f5
...
@@ -18,7 +18,7 @@ struct ip_nat_protocol
...
@@ -18,7 +18,7 @@ struct ip_nat_protocol
/* Do a packet translation according to the ip_nat_proto_manip
/* Do a packet translation according to the ip_nat_proto_manip
* and manip type. Return true if succeeded. */
* and manip type. Return true if succeeded. */
int
(
*
manip_pkt
)(
struct
sk_buff
**
pskb
,
int
(
*
manip_pkt
)(
struct
sk_buff
**
pskb
,
unsigned
int
hdroff
,
unsigned
int
ip
hdroff
,
const
struct
ip_conntrack_manip
*
manip
,
const
struct
ip_conntrack_manip
*
manip
,
enum
ip_nat_manip_type
maniptype
);
enum
ip_nat_manip_type
maniptype
);
...
...
net/ipv4/netfilter/ip_nat_core.c
View file @
b803d5f5
...
@@ -687,7 +687,7 @@ manip_pkt(u_int16_t proto,
...
@@ -687,7 +687,7 @@ manip_pkt(u_int16_t proto,
iph
=
(
void
*
)(
*
pskb
)
->
data
+
iphdroff
;
iph
=
(
void
*
)(
*
pskb
)
->
data
+
iphdroff
;
/* Manipulate protcol part. */
/* Manipulate protcol part. */
if
(
!
ip_nat_find_proto
(
proto
)
->
manip_pkt
(
pskb
,
iphdroff
+
iph
->
ihl
*
4
,
if
(
!
ip_nat_find_proto
(
proto
)
->
manip_pkt
(
pskb
,
iphdroff
,
manip
,
maniptype
))
manip
,
maniptype
))
return
0
;
return
0
;
...
...
net/ipv4/netfilter/ip_nat_proto_icmp.c
View file @
b803d5f5
...
@@ -53,11 +53,13 @@ icmp_unique_tuple(struct ip_conntrack_tuple *tuple,
...
@@ -53,11 +53,13 @@ icmp_unique_tuple(struct ip_conntrack_tuple *tuple,
static
int
static
int
icmp_manip_pkt
(
struct
sk_buff
**
pskb
,
icmp_manip_pkt
(
struct
sk_buff
**
pskb
,
unsigned
int
hdroff
,
unsigned
int
ip
hdroff
,
const
struct
ip_conntrack_manip
*
manip
,
const
struct
ip_conntrack_manip
*
manip
,
enum
ip_nat_manip_type
maniptype
)
enum
ip_nat_manip_type
maniptype
)
{
{
struct
iphdr
*
iph
=
(
struct
iphdr
*
)((
*
pskb
)
->
data
+
iphdroff
);
struct
icmphdr
*
hdr
;
struct
icmphdr
*
hdr
;
unsigned
int
hdroff
=
iphdroff
+
iph
->
ihl
*
4
;
if
(
!
skb_ip_make_writable
(
pskb
,
hdroff
+
sizeof
(
*
hdr
)))
if
(
!
skb_ip_make_writable
(
pskb
,
hdroff
+
sizeof
(
*
hdr
)))
return
0
;
return
0
;
...
...
net/ipv4/netfilter/ip_nat_proto_tcp.c
View file @
b803d5f5
...
@@ -84,11 +84,13 @@ tcp_unique_tuple(struct ip_conntrack_tuple *tuple,
...
@@ -84,11 +84,13 @@ tcp_unique_tuple(struct ip_conntrack_tuple *tuple,
static
int
static
int
tcp_manip_pkt
(
struct
sk_buff
**
pskb
,
tcp_manip_pkt
(
struct
sk_buff
**
pskb
,
unsigned
int
hdroff
,
unsigned
int
ip
hdroff
,
const
struct
ip_conntrack_manip
*
manip
,
const
struct
ip_conntrack_manip
*
manip
,
enum
ip_nat_manip_type
maniptype
)
enum
ip_nat_manip_type
maniptype
)
{
{
struct
iphdr
*
iph
=
(
struct
iphdr
*
)((
*
pskb
)
->
data
+
iphdroff
);
struct
tcphdr
*
hdr
;
struct
tcphdr
*
hdr
;
unsigned
int
hdroff
=
iphdroff
+
iph
->
ihl
*
4
;
u_int32_t
oldip
;
u_int32_t
oldip
;
u_int16_t
*
portptr
,
oldport
;
u_int16_t
*
portptr
,
oldport
;
int
hdrsize
=
8
;
/* TCP connection tracking guarantees this much */
int
hdrsize
=
8
;
/* TCP connection tracking guarantees this much */
...
@@ -106,11 +108,11 @@ tcp_manip_pkt(struct sk_buff **pskb,
...
@@ -106,11 +108,11 @@ tcp_manip_pkt(struct sk_buff **pskb,
if
(
maniptype
==
IP_NAT_MANIP_SRC
)
{
if
(
maniptype
==
IP_NAT_MANIP_SRC
)
{
/* Get rid of src ip and src pt */
/* Get rid of src ip and src pt */
oldip
=
(
*
pskb
)
->
nh
.
iph
->
saddr
;
oldip
=
iph
->
saddr
;
portptr
=
&
hdr
->
source
;
portptr
=
&
hdr
->
source
;
}
else
{
}
else
{
/* Get rid of dst ip and dst pt */
/* Get rid of dst ip and dst pt */
oldip
=
(
*
pskb
)
->
nh
.
iph
->
daddr
;
oldip
=
iph
->
daddr
;
portptr
=
&
hdr
->
dest
;
portptr
=
&
hdr
->
dest
;
}
}
...
...
net/ipv4/netfilter/ip_nat_proto_udp.c
View file @
b803d5f5
...
@@ -83,11 +83,13 @@ udp_unique_tuple(struct ip_conntrack_tuple *tuple,
...
@@ -83,11 +83,13 @@ udp_unique_tuple(struct ip_conntrack_tuple *tuple,
static
int
static
int
udp_manip_pkt
(
struct
sk_buff
**
pskb
,
udp_manip_pkt
(
struct
sk_buff
**
pskb
,
unsigned
int
hdroff
,
unsigned
int
ip
hdroff
,
const
struct
ip_conntrack_manip
*
manip
,
const
struct
ip_conntrack_manip
*
manip
,
enum
ip_nat_manip_type
maniptype
)
enum
ip_nat_manip_type
maniptype
)
{
{
struct
iphdr
*
iph
=
(
struct
iphdr
*
)((
*
pskb
)
->
data
+
iphdroff
);
struct
udphdr
*
hdr
;
struct
udphdr
*
hdr
;
unsigned
int
hdroff
=
iphdroff
+
iph
->
ihl
*
4
;
u_int32_t
oldip
;
u_int32_t
oldip
;
u_int16_t
*
portptr
;
u_int16_t
*
portptr
;
...
@@ -97,11 +99,11 @@ udp_manip_pkt(struct sk_buff **pskb,
...
@@ -97,11 +99,11 @@ udp_manip_pkt(struct sk_buff **pskb,
hdr
=
(
void
*
)(
*
pskb
)
->
data
+
hdroff
;
hdr
=
(
void
*
)(
*
pskb
)
->
data
+
hdroff
;
if
(
maniptype
==
IP_NAT_MANIP_SRC
)
{
if
(
maniptype
==
IP_NAT_MANIP_SRC
)
{
/* Get rid of src ip and src pt */
/* Get rid of src ip and src pt */
oldip
=
(
*
pskb
)
->
nh
.
iph
->
saddr
;
oldip
=
iph
->
saddr
;
portptr
=
&
hdr
->
source
;
portptr
=
&
hdr
->
source
;
}
else
{
}
else
{
/* Get rid of dst ip and dst pt */
/* Get rid of dst ip and dst pt */
oldip
=
(
*
pskb
)
->
nh
.
iph
->
daddr
;
oldip
=
iph
->
daddr
;
portptr
=
&
hdr
->
dest
;
portptr
=
&
hdr
->
dest
;
}
}
if
(
hdr
->
check
)
/* 0 is a special case meaning no checksum */
if
(
hdr
->
check
)
/* 0 is a special case meaning no checksum */
...
...
net/ipv4/netfilter/ip_nat_proto_unknown.c
View file @
b803d5f5
...
@@ -39,7 +39,7 @@ static int unknown_unique_tuple(struct ip_conntrack_tuple *tuple,
...
@@ -39,7 +39,7 @@ static int unknown_unique_tuple(struct ip_conntrack_tuple *tuple,
static
int
static
int
unknown_manip_pkt
(
struct
sk_buff
**
pskb
,
unknown_manip_pkt
(
struct
sk_buff
**
pskb
,
unsigned
int
hdroff
,
unsigned
int
ip
hdroff
,
const
struct
ip_conntrack_manip
*
manip
,
const
struct
ip_conntrack_manip
*
manip
,
enum
ip_nat_manip_type
maniptype
)
enum
ip_nat_manip_type
maniptype
)
{
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment