[Bug 555] New: skb_trim() Called on Paged skb in ip_queue
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Mon Mar 26 21:17:46 CEST 2007
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=555
Summary: skb_trim() Called on Paged skb in ip_queue
Product: netfilter/iptables
Version: linux-2.6.x
Platform: i386
OS/Version: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P2
Component: unknown
AssignedTo: laforge at netfilter.org
ReportedBy: smilerliu at gmail.com
In ip_queue.c:
***
static int
ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
{
int diff;
struct iphdr *user_iph = (struct iphdr *)v->payload;
if (v->data_len < sizeof(*user_iph))
return 0;
diff = v->data_len - e->skb->len;
if (diff < 0)
skb_trim(e->skb, v->data_len);
***
Here skb_trim is called on a potentially paged skb. In older kernels (such as
2.6.16.13) there is no problem because its __skb_trim() automatically calls
___pskb_trim() when the skb is paged, but in newer kernels (such as 2.6.18)
WARN_ON(1) is called and the trim is not really done.
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the netfilter-buglog
mailing list