Commit 93edb8c7 authored by Pablo Neira's avatar Pablo Neira Committed by David S. Miller

gtp: reload GTPv1 header after pskb_may_pull()

The GTPv1 header flags indicate the presence of optional extensions
after this header. Refresh the pointer to the GTPv1 header as skb->head
might have be reallocated via pskb_may_pull().

Fixes: 459aa660 ("gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U)")
Reported-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 1dee3f59
...@@ -253,6 +253,8 @@ static int gtp1u_udp_encap_recv(struct gtp_dev *gtp, struct sk_buff *skb, ...@@ -253,6 +253,8 @@ static int gtp1u_udp_encap_recv(struct gtp_dev *gtp, struct sk_buff *skb,
if (!pskb_may_pull(skb, hdrlen)) if (!pskb_may_pull(skb, hdrlen))
return -1; return -1;
gtp1 = (struct gtp1_header *)(skb->data + sizeof(struct udphdr));
rcu_read_lock(); rcu_read_lock();
pctx = gtp1_pdp_find(gtp, ntohl(gtp1->tid)); pctx = gtp1_pdp_find(gtp, ntohl(gtp1->tid));
if (!pctx) { if (!pctx) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment