netfilter: ebtables: Fixes dropping of small packets in bridge nat

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Fixes an error causing small packets to get dropped. skb_ensure_writable
expects the second parameter to be a length in the ethernet payload.=20
If we want to write the ethernet header (src, dst), we should pass 0.
Otherwise, packets with small payloads (< ETH_ALEN) will get dropped.

Fixes: c1a831167901 ("netfilter: bridge: convert skb_make_writable to skb_ensure_writable")
Signed-off-by: Timothée COCAULT <timothee.cocault@orange.com>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Timothée COCAULT and committed by

Pablo Neira Ayuso 5 years ago 63137bc5 68f9f9c2

+3 -3

3 changed files

expand all

net

bridge

netfilter

ebt_dnat.c

ebt_redirect.c

ebt_snat.c

+1 -1

net/bridge/netfilter/ebt_dnat.c

··· 21 21 { 22 22 const struct ebt_nat_info *info = par->targinfo; 23 23 24 - if (skb_ensure_writable(skb, ETH_ALEN)) 24 + if (skb_ensure_writable(skb, 0)) 25 25 return EBT_DROP; 26 26 27 27 ether_addr_copy(eth_hdr(skb)->h_dest, info->mac);

+1 -1

net/bridge/netfilter/ebt_redirect.c

··· 21 21 { 22 22 const struct ebt_redirect_info *info = par->targinfo; 23 23 24 - if (skb_ensure_writable(skb, ETH_ALEN)) 24 + if (skb_ensure_writable(skb, 0)) 25 25 return EBT_DROP; 26 26 27 27 if (xt_hooknum(par) != NF_BR_BROUTING)

+1 -1

net/bridge/netfilter/ebt_snat.c

··· 22 22 { 23 23 const struct ebt_nat_info *info = par->targinfo; 24 24 25 - if (skb_ensure_writable(skb, ETH_ALEN * 2)) 25 + if (skb_ensure_writable(skb, 0)) 26 26 return EBT_DROP; 27 27 28 28 ether_addr_copy(eth_hdr(skb)->h_source, info->mac);