PPTP conntrack for kernel 2.6
Thu Aug 19 12:23:24 CEST 2004
Content-Type: text/plain; charset=us-ascii
On Tue, Aug 17, 2004 at 09:58:37AM +0100, Robbie Dinn wrote:
> Laurens Blankers wrote:
> >Could someone please port the pptp conntrack module to kernel 2.6?
> I thought I would have a go at this. It is a bit harder to do
> than I thought.
Thanks for picking this issue up.
PPTP is actually the only helper that can be ported to 2.6.x without the
big hazzle of implementing pattern matching on nonlinear skb's, so it
can done in a safe way (as opposed to lots of other helpers).
> I think I might have spotted something that looks a bit strange,
> maybe even a bug? Please bear in mind that I don't understand the
It's not that difficult. We're trying to assure that a certain part of
the skb can be written to. (linearized, non-shared/cloned,...)
> Both udp_manip_pkt() and tcp_manip_pkt() make a call to
> skb_ip_make_writable(). It is the second parameter passed to
> skb_ip_make_writable() that I am worried about.
> In udp_manip_pkt() it is called like this:
> if (!skb_ip_make_writable(pskb, hdroff + sizeof(hdr)))
> where hdr is a pointer to a struct udphdr
that is indeed a bug. It has to be sizeof(*hdr)
> In tcp_manip_pkt() it is called like this:
> if (!skb_ip_make_writable(pskb, hdroff + hdrsize))
> where hdrsize may have a value of sizeof(tcphdr)
yes, depending on tcp options, ..
Bugfix is in
- Harald Welte <firstname.lastname@example.org> http://www.netfilter.org/
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the netfilter-devel