[Bug 800] New: sk_buff.transport_header set incorrectly for NF_IP_PRE_ROUTING hook

Wed Aug 22 00:43:45 CEST 2012

http://bugzilla.netfilter.org/show_bug.cgi?id=800

           Summary: sk_buff.transport_header set incorrectly for
                    NF_IP_PRE_ROUTING hook
           Product: netfilter/iptables
           Version: linux-2.6.x
          Platform: x86_64
        OS/Version: Ubuntu
            Status: NEW
          Severity: normal
          Priority: P5
         Component: netfilter hooks
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: ryan at moreharts.com
   Estimated Hours: 0.0

Created attachment 388
  --> http://bugzilla.netfilter.org/attachment.cgi?id=388
Example code

While working on a module that uses netfilter, I encountered a situation where
ip_hdr(skb) and tcp_hdr(skb) return the same address (both point to the
beginning of the IP header). This only occurs on packets seen by a
NF_IP_PRE_ROUTING handler. Identical code for a NF_LOCAL_OUT handler behaves as
expected.

The attached code demonstrates a fairly minimal example of this.

Looking into it a bit, skb->transport_header is incorrect, offset just enough
to put it at the IP headers (as expected, given tcp_hdr is simple math). I
didn't explore further to see where else length/offset data was off. 

Expected behavior of example code would be for only "inbound not broken" and
"outbound not broken" to display. Instead, inbound reports as broken,
indicating ip_hdr() and tcp_hdr() are returning the same value. (For double
confirmation, the code confirms that it really does have an IPv4 packet and
that it's 

This was done on Ubuntu 12.04 kernel Linux ubuntu 3.2.0-29-generic #46-Ubuntu
SMP Fri Jul 27 17:03:23 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux.

If this is user error, I'd be happy to hear it.

-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.