[PATCH 2.4] netfilter: fix UDP incremental checksumming

[PATCH 2.4] netfilter: fix UDP incremental checksumming

[Harald Welte]

[-- Attachment #1.1: Type: text/plain, Size: 562 bytes --]

Hi Davem!

Please apply the following patchto your 2.4 tree and push it to Marcelo.
Thanks.


Author: Patrick McHardy <kaber@trash.net>

Add size check to ip_nat_mangle_udp_packet

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #1.2: 79_mangle_udp-sizecheck.patch --]
[-- Type: text/plain, Size: 1231 bytes --]

# This is a BitKeeper generated patch for the following project:
# Project Name: Linux kernel tree
# This patch format is intended for GNU patch command version 2.5 or higher.
# This patch includes the following deltas:
#	           ChangeSet	1.1134  -> 1.1135 
#	net/ipv4/netfilter/ip_nat_helper.c	1.10    -> 1.11   
#
# The following is the BitKeeper ChangeSet Log
# --------------------------------------------
# 03/09/28	kaber@trash.net	1.1135
# [NETFILTER]: Add size check to ip_nat_mangle_udp_packet
# --------------------------------------------
#
diff -Nru a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c
--- a/net/ipv4/netfilter/ip_nat_helper.c	Sun Sep 28 04:40:29 2003
+++ b/net/ipv4/netfilter/ip_nat_helper.c	Sun Sep 28 04:40:29 2003
@@ -233,6 +233,13 @@
 	newudplen = udplen - match_len + rep_len;
 	newlen = iph->ihl*4 + newudplen;
 
+	/* UDP helpers might accidentally mangle the wrong packet */
+	if (udplen < sizeof(*udph) + match_offset + match_len) {
+		if (net_ratelimit())
+			printk("ip_nat_mangle_udp_packet: undersized packet\n");
+		return 0;
+	}
+
 	if (newlen > 65535) {
 		if (net_ratelimit())
 			printk("ip_nat_mangle_udp_packet: nat'ed packet "

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

[PATCH 2.4 RESEND] netfilter: add size check for udp packet mangling

[Martin Josefsson]

[-- Attachment #1.1: Type: text/plain, Size: 564 bytes --]

On Thu, 2003-10-02 at 16:26, Harald Welte wrote:
> Hi Davem!
> 
> Please apply the following patchto your 2.4 tree and push it to Marcelo.
> Thanks.
> 
> 
> Author: Patrick McHardy <kaber@trash.net>
> 
> Add size check to ip_nat_mangle_udp_packet

Hi Dave

Harald sent this with the wrong subject and it got dropped.
Here it is with the correct subject.
Found when syncing patch-o-matic with 2.4-bk
Please apply. More resends are coming.


Author: Patrick McHardy <kaber@trash.net>

Add size check to ip_nat_mangle_udp_packet

-- 
/Martin

[-- Attachment #1.2: 79_mangle_udp-sizecheck.patch --]
[-- Type: text/plain, Size: 1231 bytes --]

# This is a BitKeeper generated patch for the following project:
# Project Name: Linux kernel tree
# This patch format is intended for GNU patch command version 2.5 or higher.
# This patch includes the following deltas:
#	           ChangeSet	1.1134  -> 1.1135 
#	net/ipv4/netfilter/ip_nat_helper.c	1.10    -> 1.11   
#
# The following is the BitKeeper ChangeSet Log
# --------------------------------------------
# 03/09/28	kaber@trash.net	1.1135
# [NETFILTER]: Add size check to ip_nat_mangle_udp_packet
# --------------------------------------------
#
diff -Nru a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c
--- a/net/ipv4/netfilter/ip_nat_helper.c	Sun Sep 28 04:40:29 2003
+++ b/net/ipv4/netfilter/ip_nat_helper.c	Sun Sep 28 04:40:29 2003
@@ -233,6 +233,13 @@
 	newudplen = udplen - match_len + rep_len;
 	newlen = iph->ihl*4 + newudplen;
 
+	/* UDP helpers might accidentally mangle the wrong packet */
+	if (udplen < sizeof(*udph) + match_offset + match_len) {
+		if (net_ratelimit())
+			printk("ip_nat_mangle_udp_packet: undersized packet\n");
+		return 0;
+	}
+
 	if (newlen > 65535) {
 		if (net_ratelimit())
 			printk("ip_nat_mangle_udp_packet: nat'ed packet "

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [PATCH 2.4 RESEND] netfilter: add size check for udp packet mangling

[David S. Miller]

On Mon, 13 Oct 2003 20:17:38 +0200
Martin Josefsson <gandalf@netfilter.org> wrote:

> Harald sent this with the wrong subject and it got dropped.
> Here it is with the correct subject.
> Found when syncing patch-o-matic with 2.4-bk
> Please apply. More resends are coming.

Applied, thanks for doing these double-checks with patch-o-matic.

Re: [PATCH 2.4] netfilter: fix UDP incremental checksumming

[David S. Miller]

On Thu, 2 Oct 2003 16:15:09 +0200
Harald Welte <laforge@netfilter.org> wrote:

> Please apply the following patchto your 2.4 tree and push it to Marcelo.
> Thanks.

Applied, thanks.

[PATCH 2.4] netfilter: fix UDP incremental checksumming

[Harald Welte]

[-- Attachment #1.1: Type: text/plain, Size: 648 bytes --]

Hi Davem!

Please apply the following patchto your 2.4 tree and push it to Marcelo.
Thanks.


Author: Patrick McHardy <kaber@trash.net>
Status: Submitted for kernel inclusion at 2.4.23-pre5 time

Fix UDP checksum in ip_nat_mangle_udp_packet, remove skb->csum hacks

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #1.2: 78_nathelper-udp-csum.patch --]
[-- Type: text/plain, Size: 1938 bytes --]

# This is a BitKeeper generated patch for the following project:
# Project Name: Linux kernel tree
# This patch format is intended for GNU patch command version 2.5 or higher.
# This patch includes the following deltas:
#	           ChangeSet	1.1133  -> 1.1134 
#	net/ipv4/netfilter/ip_nat_helper.c	1.9     -> 1.10   
#
# The following is the BitKeeper ChangeSet Log
# --------------------------------------------
# 03/09/28	kaber@trash.net	1.1134
# [NETFILTER]: Fix UDP checksum in ip_nat_mangle_udp_packet, remove skb->csum hacks
# --------------------------------------------
#
diff -Nru a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c
--- a/net/ipv4/netfilter/ip_nat_helper.c	Sun Sep 28 04:40:05 2003
+++ b/net/ipv4/netfilter/ip_nat_helper.c	Sun Sep 28 04:40:05 2003
@@ -195,16 +195,11 @@
 		skb_trim(*skb, newlen);
 	}
 
-	/* fix checksum information */
-
 	iph->tot_len = htons(newlen);
-	(*skb)->csum = csum_partial((char *)tcph + tcph->doff*4,
-				    newtcplen - tcph->doff*4, 0);
-
+	/* fix checksum information */
 	tcph->check = 0;
 	tcph->check = tcp_v4_check(tcph, newtcplen, iph->saddr, iph->daddr,
-				   csum_partial((char *)tcph, tcph->doff*4,
-					   (*skb)->csum));
+				   csum_partial((char *)tcph, newtcplen, 0));
 	ip_send_check(iph);
 
 	return 1;
@@ -299,18 +294,12 @@
 	iph->tot_len = htons(newlen);
 
 	/* fix udp checksum if udp checksum was previously calculated */
-	if ((*skb)->csum != 0) {
-		(*skb)->csum = csum_partial((char *)udph +
-					    sizeof(struct udphdr),
-					    newudplen - sizeof(struct udphdr),
-					    0);
-
+	if (udph->check != 0) {
 		udph->check = 0;
 		udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr,
 						newudplen, IPPROTO_UDP,
 						csum_partial((char *)udph,
-							 sizeof(struct udphdr),
-							(*skb)->csum));
+						             newudplen, 0));
 	}
 
 	ip_send_check(iph);

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]