From f34be8445fb45e6f86879d45822ed24df0aced92 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 9 Apr 2008 20:06:17 +0200 Subject: [PATCH] TEE: make skb writable before attempting checksum update This also adds the compat function xtnu_skb_make_writable(). --- extensions/compat_xtables.c | 12 ++++++++++++ extensions/compat_xtables.h | 1 + extensions/compat_xtnu.h | 1 + extensions/xt_TEE.c | 3 +++ 4 files changed, 17 insertions(+) diff --git a/extensions/compat_xtables.c b/extensions/compat_xtables.c index a2e3d81..cea80e7 100644 --- a/extensions/compat_xtables.c +++ b/extensions/compat_xtables.c @@ -309,6 +309,18 @@ int xtnu_ip_route_me_harder(struct sk_buff *skb, unsigned int addr_type) return ret; } EXPORT_SYMBOL_GPL(xtnu_ip_route_me_harder); + +int xtnu_skb_make_writable(struct sk_buff *skb, unsigned int len) +{ + struct sk_buff *nskb = skb; + int ret; + + ret = skb_make_writable(&skb, len); + if (nskb != skb) + return unable(__func__); + return ret; +} +EXPORT_SYMBOL_GPL(xtnu_skb_make_writable); #endif #if LINUX_VERSION_CODE == KERNEL_VERSION(2, 6, 24) diff --git a/extensions/compat_xtables.h b/extensions/compat_xtables.h index 75741df..42357bb 100644 --- a/extensions/compat_xtables.h +++ b/extensions/compat_xtables.h @@ -59,6 +59,7 @@ #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 23) # define xt_target xtnu_target # define ip_route_me_harder xtnu_ip_route_me_harder +# define skb_make_writable xtnu_skb_make_writable # define xt_register_target xtnu_register_target # define xt_unregister_target xtnu_unregister_target # define xt_register_targets xtnu_register_targets diff --git a/extensions/compat_xtnu.h b/extensions/compat_xtnu.h index c1be614..5fe8e2f 100644 --- a/extensions/compat_xtnu.h +++ b/extensions/compat_xtnu.h @@ -69,6 +69,7 @@ static inline struct xtnu_target *xtcompat_nutarget(const struct xt_target *t) extern int xtnu_ip_local_out(struct sk_buff *); extern int xtnu_ip_route_me_harder(struct sk_buff *, unsigned int); +extern int xtnu_skb_make_writable(struct sk_buff *, unsigned int); extern int xtnu_register_match(struct xtnu_match *); extern int xtnu_ip_route_output_key(void *, struct rtable **, struct flowi *); extern void xtnu_unregister_match(struct xtnu_match *); diff --git a/extensions/xt_TEE.c b/extensions/xt_TEE.c index fa4305b..4578428 100644 --- a/extensions/xt_TEE.c +++ b/extensions/xt_TEE.c @@ -158,6 +158,9 @@ tee_tg(struct sk_buff *skb, const struct net_device *in, } #endif + if (!skb_make_writable(skb, sizeof(struct iphdr))) + return NF_DROP; + /* * If we are in INPUT, the checksum must be recalculated since * the length could have changed as a result of defragmentation.