Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753988Ab0ASMnv (ORCPT ); Tue, 19 Jan 2010 07:43:51 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751395Ab0ASMnu (ORCPT ); Tue, 19 Jan 2010 07:43:50 -0500 Received: from proxima.lp0.eu ([81.2.80.65]:36947 "EHLO proxima.lp0.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750751Ab0ASMnt (ORCPT ); Tue, 19 Jan 2010 07:43:49 -0500 Message-ID: In-Reply-To: <4B557BA2.7080407@trash.net> References: <4B54CDE5.3070100@simon.arlott.org.uk> <4B5578A5.50705@gmail.com> <4B557BA2.7080407@trash.net> Date: Tue, 19 Jan 2010 12:43:46 -0000 Subject: Re: [PATCH] xt_TCPMSS: SYN packets are allowed to contain data From: "Simon Arlott" To: "Patrick McHardy" Cc: "William Allen Simpson" , "netdev" , "Linux Kernel Mailing List" , "Netfilter Development Mailinglist" User-Agent: SquirrelMail/1.4.19 MIME-Version: 1.0 Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1275 Lines: 31 On Tue, January 19, 2010 09:30, Patrick McHardy wrote: > William Allen Simpson wrote: >> Simon Arlott wrote: >>> This moves the check for (header size != packet size) to after >>> attempting to modify an existing MSS option. Another check is >>> needed before looking through the header to ensure it doesn't >>> claim to be larger than the packet size. >>> >> What's the path from tcp_v[4,6]_rcv() to these tests? >> >> 1) Header larger than the packet is already tested in about 5 places, >> and my patch "tcp: harmonize tcp_vx_rcv header length assumptions" >> tries to get them all down to just *one* test. > > We're talking about a netfilter module here, which has to deal > with forwarded traffic and can only rely on the IP header checks > done in ip_rcv(). My gateway (where these error messages occur) is running 2.6.29, and skb->len (from the prink) is 40 bytes. If this is 20 (IPv4 Header) + 20 (TCP Header) = 40 bytes, then there is no data and the header offset is wrong so it hasn't been checked. -- Simon Arlott -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/