[netfilter-cvslog] r3975 - trunk/patch-o-matic-ng/osf/linux-2.6/net/ipv4/netfilter

kaber at netfilter.org kaber at netfilter.org
Sat Jun 11 19:02:01 CEST 2005 

Author: kaber at netfilter.org
Date: 2005-06-11 19:02:00 +0200 (Sat, 11 Jun 2005)
New Revision: 3975

Modified:
   trunk/patch-o-matic-ng/osf/linux-2.6/net/ipv4/netfilter/ipt_osf.c
Log:
[0/3] OSF: resurect skb fragmentation patch (Evgeniy Polyakov <johnpol at 2ka.mipt.ru>)


Modified: trunk/patch-o-matic-ng/osf/linux-2.6/net/ipv4/netfilter/ipt_osf.c
===================================================================
--- trunk/patch-o-matic-ng/osf/linux-2.6/net/ipv4/netfilter/ipt_osf.c	2005-06-11 16:27:10 UTC (rev 3974)
+++ trunk/patch-o-matic-ng/osf/linux-2.6/net/ipv4/netfilter/ipt_osf.c	2005-06-11 17:02:00 UTC (rev 3975)
@@ -152,20 +152,30 @@
       int *hotdrop)
 {
 	struct ipt_osf_info *info = (struct ipt_osf_info *)matchinfo;
-	struct iphdr *ip = skb->nh.iph;
-	struct tcphdr *tcp;
+	struct iphdr _iph, *ip;
+	struct tcphdr _tcph, *tcp;
 	int fmatch = FMATCH_WRONG, fcount = 0;
 	unsigned long totlen, optsize = 0, window;
 	unsigned char df, *optp = NULL, *_optp = NULL;
+	unsigned char opts[MAX_IPOPTLEN];
 	char check_WSS = 0;
 	struct list_head *ent;
 	struct osf_finger *f;
+	int off;
 
-	if (!ip || !info)
+	if (!info)
 		return 0;
+	
+	off = 0;
+	
+	ip = skb_header_pointer(skb, off, sizeof(_iph), &_iph);
+	if (!ip)
+		return 0;
 				
-	tcp = (struct tcphdr *)((u_int32_t *)ip + ip->ihl);
-
+	tcp = skb_header_pointer(skb, off + ip->ihl * 4, sizeof(_tcph), &_tcph);
+	if (!tcp)
+		return 0;
+	
 	if (!tcp->syn)
 		return 0;
 	
@@ -175,8 +185,16 @@
 	
 	if (tcp->doff*4 > sizeof(struct tcphdr))
 	{
-		_optp = optp = (char *)(tcp+1);
 		optsize = tcp->doff*4 - sizeof(struct tcphdr);
+
+		if (optsize > sizeof(opts))
+		{
+			log("%s: BUG: too big options size: optsize=%lu, max=%d.\n",
+					__func__, optsize, sizeof(opts));
+			optsize = sizeof(opts);
+		}
+		
+		_optp = optp = skb_header_pointer(skb, off + ip->ihl*4 + sizeof(_tcph), optsize, opts);
 	}
 
 	/* Actually we can create hash/table of all genres and search
@@ -369,7 +387,7 @@
 		if (optp)
 		{
 			optsize = tcp->doff * 4 - sizeof(struct tcphdr);
-			if (skb_copy_bits(skb, ip->ihl*4 + sizeof(struct tcphdr),
+			if (skb_copy_bits(skb, off + ip->ihl*4 + sizeof(struct tcphdr),
 					  opt, optsize) < 0)
 			{
 				if (info->flags & IPT_OSF_LOG)

More information about the netfilter-cvslog mailing list