All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH libnetfilter_queue] BUG: src: Update UDP header length field after mangling
@ 2019-09-27 12:56 Duncan Roe
  2019-10-05 23:02 ` Duncan Roe
  0 siblings, 1 reply; 3+ messages in thread
From: Duncan Roe @ 2019-09-27 12:56 UTC (permalink / raw)
  To: netfilter-devel

One would expect nfq_udp_mangle_ipv4() to take care of the length field in
the UDP header but it did not.
With this patch, it does.
This patch is very unlikely to adversely affect any existing userspace
software (that did its own length adjustment),
because UDP checksumming was broken
---
 src/extra/udp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/extra/udp.c b/src/extra/udp.c
index 8c44a66..6836230 100644
--- a/src/extra/udp.c
+++ b/src/extra/udp.c
@@ -140,6 +140,8 @@ nfq_udp_mangle_ipv4(struct pkt_buff *pkt,
 	iph = (struct iphdr *)pkt->network_header;
 	udph = (struct udphdr *)(pkt->network_header + iph->ihl*4);
 
+	udph->len = htons(ntohs(udph->len) + rep_len - match_len);
+
 	if (!nfq_ip_mangle(pkt, iph->ihl*4 + sizeof(struct udphdr),
 				match_offset, match_len, rep_buffer, rep_len))
 		return 0;
-- 
2.14.5


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH libnetfilter_queue] BUG: src: Update UDP header length field after mangling
  2019-09-27 12:56 [PATCH libnetfilter_queue] BUG: src: Update UDP header length field after mangling Duncan Roe
@ 2019-10-05 23:02 ` Duncan Roe
  2019-10-06 10:38   ` Pablo Neira Ayuso
  0 siblings, 1 reply; 3+ messages in thread
From: Duncan Roe @ 2019-10-05 23:02 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: Netfilter Development

Hi Pablo,

On Fri, Sep 27, 2019 at 10:56:45PM +1000, Duncan Roe wrote:
> One would expect nfq_udp_mangle_ipv4() to take care of the length field in
> the UDP header but it did not.
> With this patch, it does.
> This patch is very unlikely to adversely affect any existing userspace
> software (that did its own length adjustment),
> because UDP checksumming was broken
> ---
>  src/extra/udp.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/src/extra/udp.c b/src/extra/udp.c
> index 8c44a66..6836230 100644
> --- a/src/extra/udp.c
> +++ b/src/extra/udp.c
> @@ -140,6 +140,8 @@ nfq_udp_mangle_ipv4(struct pkt_buff *pkt,
>  	iph = (struct iphdr *)pkt->network_header;
>  	udph = (struct udphdr *)(pkt->network_header + iph->ihl*4);
>
> +	udph->len = htons(ntohs(udph->len) + rep_len - match_len);
> +
>  	if (!nfq_ip_mangle(pkt, iph->ihl*4 + sizeof(struct udphdr),
>  				match_offset, match_len, rep_buffer, rep_len))
>  		return 0;
> --
> 2.14.5
>
Please consider applying this fix. I have other patches banking up behind it.

There is no need for a corresponding TCP fix because the TCP header does not
contain a length field.

And, there is no IP4 / IP6 concern: udp.c is used by both.

(Also, git pull has stopped working for me: 80s delay then connection reset by
peer).

Cheers ... Duncan.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH libnetfilter_queue] BUG: src: Update UDP header length field after mangling
  2019-10-05 23:02 ` Duncan Roe
@ 2019-10-06 10:38   ` Pablo Neira Ayuso
  0 siblings, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2019-10-06 10:38 UTC (permalink / raw)
  To: Netfilter Development

On Sun, Oct 06, 2019 at 10:02:26AM +1100, Duncan Roe wrote:
> Hi Pablo,
> 
> On Fri, Sep 27, 2019 at 10:56:45PM +1000, Duncan Roe wrote:
> > One would expect nfq_udp_mangle_ipv4() to take care of the length field in
> > the UDP header but it did not.
> > With this patch, it does.
> > This patch is very unlikely to adversely affect any existing userspace
> > software (that did its own length adjustment),
> > because UDP checksumming was broken
> > ---
> >  src/extra/udp.c | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/src/extra/udp.c b/src/extra/udp.c
> > index 8c44a66..6836230 100644
> > --- a/src/extra/udp.c
> > +++ b/src/extra/udp.c
> > @@ -140,6 +140,8 @@ nfq_udp_mangle_ipv4(struct pkt_buff *pkt,
> >  	iph = (struct iphdr *)pkt->network_header;
> >  	udph = (struct udphdr *)(pkt->network_header + iph->ihl*4);
> >
> > +	udph->len = htons(ntohs(udph->len) + rep_len - match_len);
> > +
> >  	if (!nfq_ip_mangle(pkt, iph->ihl*4 + sizeof(struct udphdr),
> >  				match_offset, match_len, rep_buffer, rep_len))
> >  		return 0;
> > --
> > 2.14.5
> >
> Please consider applying this fix. I have other patches banking up behind it.

Applied, thanks.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2019-10-06 10:38 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-27 12:56 [PATCH libnetfilter_queue] BUG: src: Update UDP header length field after mangling Duncan Roe
2019-10-05 23:02 ` Duncan Roe
2019-10-06 10:38   ` Pablo Neira Ayuso

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.