net: skb_condense() can also deal with empty skbs

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

It seems attackers can also send UDP packets with no payload at all.

skb_condense() can still be a win in this case.

It will be possible to replace the custom code in tcp_add_backlog()
to get full benefit from skb_condense()

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Eric Dumazet and committed by

David S. Miller 9 years ago 3174fed9 5ac9efbe

+13 -9

1 changed file

expand all

net

core

skbuff.c

+13 -9

net/core/skbuff.c

··· 4946 4946 */ 4947 4947 void skb_condense(struct sk_buff *skb) 4948 4948 { 4949 - if (!skb->data_len || 4950 - skb->data_len > skb->end - skb->tail || 4951 - skb_cloned(skb)) 4952 - return; 4949 + if (skb->data_len) { 4950 + if (skb->data_len > skb->end - skb->tail || 4951 + skb_cloned(skb)) 4952 + return; 4953 4953 4954 - /* Nice, we can free page frag(s) right now */ 4955 - __pskb_pull_tail(skb, skb->data_len); 4956 - 4957 - /* Now adjust skb->truesize, since __pskb_pull_tail() does 4958 - * not do this. 4954 + /* Nice, we can free page frag(s) right now */ 4955 + __pskb_pull_tail(skb, skb->data_len); 4956 + } 4957 + /* At this point, skb->truesize might be over estimated, 4958 + * because skb had a fragment, and fragments do not tell 4959 + * their truesize. 4960 + * When we pulled its content into skb->head, fragment 4961 + * was freed, but __pskb_pull_tail() could not possibly 4962 + * adjust skb->truesize, not knowing the frag truesize. 4959 4963 */ 4960 4964 skb->truesize = SKB_TRUESIZE(skb_end_offset(skb)); 4961 4965 }