[DCCP]: Fix skb->cb conflicts with IP
authorPatrick McHardy <kaber@trash.net>
Sun, 13 Apr 2008 01:35:41 +0000 (18:35 -0700)
committerDavid S. Miller <davem@davemloft.net>
Sun, 13 Apr 2008 01:35:41 +0000 (18:35 -0700)
dev_queue_xmit() and the other IP output functions expect to get a skb
with clear or properly initialized skb->cb. Unlike TCP and UDP, the
dccp_skb_cb doesn't contain a struct inet_skb_parm at the beginning,
so the DCCP-specific data is interpreted by the IP output functions.
This can cause false negatives for the conditional POST_ROUTING hook
invocation, making the packet bypass the hook.

Add a inet_skb_parm/inet6_skb_parm union to the beginning of
dccp_skb_cb to avoid clashes. Also add a BUILD_BUG_ON to make
sure it fits in the cb.

[ Combined with patch from Gerrit Renker to remove two now unnecessary
  memsets of IPCB(skb)->opt ]

Signed-off-by: Patrick McHardy <kaber@trash.net>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/dccp/dccp.h
net/dccp/ipv4.c
net/dccp/output.c
net/dccp/proto.c

index 287a62bc2e0ffb40c741743026231f04b37ff176..ba2ef94a230256e47e49179ced2d3324bd12acfb 100644 (file)
@@ -325,6 +325,12 @@ static inline int dccp_bad_service_code(const struct sock *sk,
  * This is used for transmission as well as for reception.
  */
 struct dccp_skb_cb {
+       union {
+               struct inet_skb_parm    h4;
+#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
+               struct inet6_skb_parm   h6;
+#endif
+       } header;
        __u8  dccpd_type:4;
        __u8  dccpd_ccval:4;
        __u8  dccpd_reset_code,
index 474075adbde4d7c426fc960ef4079686cd185e2e..b3370441555570cea5a09d2003e5191c8a0680e7 100644 (file)
@@ -489,7 +489,6 @@ static int dccp_v4_send_response(struct sock *sk, struct request_sock *req,
 
                dh->dccph_checksum = dccp_v4_csum_finish(skb, ireq->loc_addr,
                                                              ireq->rmt_addr);
-               memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
                err = ip_build_and_send_pkt(skb, sk, ireq->loc_addr,
                                            ireq->rmt_addr,
                                            ireq->opt);
index 3b763db3d863bbdd941080a24a1c0c7abff607e7..3d7d628d870d394d391af91b63a8a69c3adbf5c0 100644 (file)
@@ -126,7 +126,6 @@ static int dccp_transmit_skb(struct sock *sk, struct sk_buff *skb)
 
                DCCP_INC_STATS(DCCP_MIB_OUTSEGS);
 
-               memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
                err = icsk->icsk_af_ops->queue_xmit(skb, 0);
                return net_xmit_eval(err);
        }
index e3f5d37b84be1817f2b69b0fe31c65e999ceb05d..c91d3c1fd30d4239018dd23c1c132680ab067435 100644 (file)
@@ -1057,6 +1057,9 @@ static int __init dccp_init(void)
        int ehash_order, bhash_order, i;
        int rc = -ENOBUFS;
 
+       BUILD_BUG_ON(sizeof(struct dccp_skb_cb) >
+                    FIELD_SIZEOF(struct sk_buff, cb));
+
        dccp_hashinfo.bind_bucket_cachep =
                kmem_cache_create("dccp_bind_bucket",
                                  sizeof(struct inet_bind_bucket), 0,