Re: [BK PATCH] Fix ip_conntrack_amanda data corruption bug that breaksamanda dumps

From: Patrick McHardy
Date: Thu Nov 04 2004 - 19:03:12 EST

Next message: David Schwartz: "RE: Possible GPL infringement in Broadcom-based routers"
Previous message: Jesper Juhl: "[Patch] Tiny update to Documentation/Changes , link to latest versionseems to be link to archive..."
In reply to: Matthias Andree: "Re: [BK PATCH] Fix ip_conntrack_amanda data corruption bug that breaks amanda dumps"
Next in thread: David S. Miller: "Re: [BK PATCH] Fix ip_conntrack_amanda data corruption bug thatbreaks amanda dumps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Matthias Andree wrote:

On Thu, 04 Nov 2004, Patrick McHardy wrote:

The data that is changed is only a copy, the actual packet is not touched.

Why then does the application not see the packets as long as
ip_conntrack_amanda is loaded and starts seeing them again as soon as
"rmmod ip_conntrack_amanda" has completed?

Your observation and your patch were correct, thanks. It is supposed
to be just a copy, I missed that it wasn't anymore. While your patch
works too, and is even faster with non-linear skbs, I don't like the
idea of using the skb as a scratch-area, so I sent this patch to Dave
instead.

Regards
Patrick

# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/11/04 22:50:11+01:00 kaber@xxxxxxxxxxxx
# [NETFILTER]: Don't use skb_header_pointer in amanda conntrack helper
#
# Fixes broken packets, noticed by Matthias Andree <matthias.andree@xxxxxx>
#
# Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
#
# net/ipv4/netfilter/ip_conntrack_amanda.c
# 2004/11/04 22:50:04+01:00 kaber@xxxxxxxxxxxx +5 -7
# [NETFILTER]: Don't use skb_header_pointer in amanda conntrack helper
#
# Fixes broken packets, noticed by Matthias Andree <matthias.andree@xxxxxx>
#
# Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
#
diff -Nru a/net/ipv4/netfilter/ip_conntrack_amanda.c b/net/ipv4/netfilter/ip_conntrack_amanda.c
--- a/net/ipv4/netfilter/ip_conntrack_amanda.c 2004-11-04 22:50:37 +01:00
+++ b/net/ipv4/netfilter/ip_conntrack_amanda.c 2004-11-04 22:50:37 +01:00
@@ -49,7 +49,7 @@
{
struct ip_conntrack_expect *exp;
struct ip_ct_amanda_expect *exp_amanda_info;
- char *amp, *data, *data_limit, *tmp;
+ char *data, *data_limit, *tmp;
unsigned int dataoff, i;
u_int16_t port, len;

@@ -70,11 +70,9 @@
}

LOCK_BH(&amanda_buffer_lock);
- amp = skb_header_pointer(skb, dataoff,
- skb->len - dataoff, amanda_buffer);
- BUG_ON(amp == NULL);
- data = amp;
- data_limit = amp + skb->len - dataoff;
+ skb_copy_bits(skb, dataoff, amanda_buffer, skb->len - dataoff);
+ data = amanda_buffer;
+ data_limit = amanda_buffer + skb->len - dataoff;
*data_limit = '\0';

/* Search for the CONNECT string */
@@ -110,7 +108,7 @@
exp->mask.dst.u.tcp.port = 0xFFFF;

exp_amanda_info = &exp->help.exp_amanda_info;
- exp_amanda_info->offset = tmp - amp;
+ exp_amanda_info->offset = tmp - amanda_buffer;
exp_amanda_info->port = port;
exp_amanda_info->len = len;

Next message: David Schwartz: "RE: Possible GPL infringement in Broadcom-based routers"
Previous message: Jesper Juhl: "[Patch] Tiny update to Documentation/Changes , link to latest versionseems to be link to archive..."
In reply to: Matthias Andree: "Re: [BK PATCH] Fix ip_conntrack_amanda data corruption bug that breaks amanda dumps"
Next in thread: David S. Miller: "Re: [BK PATCH] Fix ip_conntrack_amanda data corruption bug thatbreaks amanda dumps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]