search for: ihl

...ctinfo) + struct ip_conntrack *ct, + enum ip_conntrack_info ctinfo) { - struct iphdr *iph; struct tcphdr *tcph; - unsigned char *ptr; - int length, dir, sack_adjusted =3D 0; + unsigned char *ptr, *optend; + unsigned int dir; =20 - iph =3D skb->nh.iph; - tcph =3D (void *)iph + iph->ihl*4; - length =3D (tcph->doff*4)-sizeof(struct tcphdr); + tcph =3D (void *)skb->nh.iph + skb->nh.iph->ihl*4; + optend =3D (unsigned char *)tcph + tcph->doff*4; ptr =3D (unsigned char *)(tcph+1); =20 dir =3D CTINFO2DIR(ctinfo); =20 - while (length > 0) { - int opcode =3D *ptr++;...

Hello, it seems, that filtering on nexthdr (TCP/UDP) content, especially src or dst port, is not working. The following has no effect on 2.4.16 or older (even 2.2) kernels: # tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match tcp dst 3128 0xffff police rate 40kbit burst 10k drop flowid :1 Even if # tc filter ls dev eth0 parent ffff: filter protocol ip pref 50 u32 filter protocol

...>version == 4) { + + int optlen; + + /* 4-4 */ + + iphv4 = skb->nh.iph; + skb->h.ipiph = iphv4; + + hdrlen = x->props.header_len; + + optlen = iphv4->ihl * 4 - sizeof(*iphv4); + if (!optlen) { + hdrlen -= IPV4_BEET_PHMAXLEN; + } else { + skb->h.raw -= (IPV4_BEET_PHMAXLEN - (optlen & 4)); + hdrlen -= optlen & 4; + } +...

Full_Name: Rico Ihle Version: 2.6.1 OS: Windows XP Professional Version 2002 Pentium(R) 4 CPU 3.2 GHz Submission from: (NULL) (134.76.183.24) # Bug in seq() function: x <- seq(-2,2,by=0.01) which(x==0.05)# How that?? # although: x# 0.05 seems to be at position 206 of x!!: x[206] # Why is this not equal to 0.05?...

...break; case IPPROTO_UDP: case IPPROTO_ICMP: size_req = 8; break; default: size_req = 0; } offset = (ntohs(ip->tot_len) < (ip->ihl<<2)+size_req); } As mentioned above, fragments with an offset of 0, that are too short to provide a full transport protocol header, are treated like non-first fragments. This allows an attacker to perform the following port rewriting attack: 1. Attacker sends a fragment, with offset...

...ze; unsigned int off; + bool fragment; int err = -EPROTO; + fragment = false; + off = sizeof(struct iphdr); header_size = skb->network_header + off + MAX_IPOPTLEN; maybe_pull_tail(skb, header_size); + if (ntohs(iph->frag_off) & 0x3fff) + fragment = true; + off = iph->ihl * 4; + if (fragment) { + if (net_ratelimit()) + netdev_err(vif->dev, "Packet is a fragment!\n"); + goto out; + } + switch (iph->protocol) { case IPPROTO_TCP: if (!skb_partial_csum_set(skb, off, @@ -1237,6 +1249,7 @@ static int checksum_setup_ipv6(struct xenvif *vif, str...

...:04:57,raw.pktlen=576,raw.pktcount=1,oob.prefix=fw2local:DROP:,oob.time.sec=1381273497,oob.time.usec=72127,oob.mark=0,oob.ifindex_out=1,oob.hook=3,oob.family=2,oob.protocol=0,raw.label=0,ip.saddr=<eth0>,ip.daddr=<remote_IP_eth1_subnet>,ip.protocol=1,ip.tos=192,ip.ttl=64,ip.totlen=576,ip.ihl=5,ip.csum=31876,ip.id=53893,ip.fragoff=0,icmp.type=3,icmp.code=1,icmp.csum=30221,oob.protocol=0,o.ip.saddr=<remote_IP_eth1_subnet>,o.ip.daddr=<external_IP>,o.ip.protocol=6,o.ip.tos=0,o.ip.ttl=63,o.ip.totlen=638,o.ip.ihl=5,o.ip.csum=15844,o.ip.id=42550,o.ip.fragoff=16384,o.tcp.sport=3832...

Looks like the GSO is involved? I got this while running Dom0 only (no guests), with a BOINC/Rosetta@home application running on all 4 cores. changeset: 10649:8e55c5c11475 Build: x86_32p (pae). ------------[ cut here ]------------ kernel BUG at net/core/dev.c:1133! invalid opcode: 0000 [#1] SMP CPU: 0 EIP: 0061:[<c04dceb0>] Not tainted VLI EFLAGS: 00210297 (2.6.16.13-xen

...remend->sin_port = htons (rp); - + if (! unixsock_name) { + memcpy (&remend->sin_addr.s_addr, rad, sizeof (IA)); + remend->sin_port = htons (rp); + } /* rough format of LSRR option and explanation of weirdness. Option comes after IP-hdr dest addr in packet, padded to *4, and ihl > 5. IHL is multiples of 4, i.e. real len = ip_hl << 2. @@ -805,14 +833,22 @@ arm_timer (1, o_wait); #ifdef POSIX_SETJMP if (sigsetjmp (jbuf,1) == 0) { - rr = connect (nnetfd, (SA *)remend, sizeof (SA)); + if (unixsock_name) { + rr = connect (nnetfd, (SA *)unixsock, size...

Hi, I''m trying to police ingress traffic based on port numbers and IP addresses. The u32 match based on IP addresses seems to work without issues and I''m am able to police incoming packets. However, the same isn''t working with u32 matches based on TCP port numbers. For port numbers, I added exactly one ''u32 match'' rule: common for both: # tc qdisc add

...int +tcp_manip_pkt(struct sk_buff **pskb, + unsigned int iphdroff, + const struct ip_conntrack_tuple *tuple, + enum ip_nat_manip_type maniptype) +{ + struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff); + struct tcphdr *hdr; + unsigned int hdroff = iphdroff + iph->ihl*4; + u32 oldip, newip; + u16 *portptr, newport, oldport; + int hdrsize = 8; /* TCP connection tracking guarantees this much */ + + /* this could be a inner header returned in icmp packet; in such + cases we cannot update the checksum field since it is outside of + the 8 bytes of transport lay...

...-03-11 15:30:45.000000000 +0800 +++ packet.c 2009-03-11 17:39:56.000000000 +0800 @@ -176,6 +176,8 @@ */ ret = recvfrom(pkt_fd, &iph, sizeof(struct iphdr), MSG_PEEK, (struct sockaddr *)&sll, &sllen); + + if (ret == -1) return -1; @@ -184,6 +186,10 @@ if (iph.ihl < 5 || iph.version != IPVERSION) goto discard_pkt; + + if (iph.protocol != IPPROTO_UDP) + goto discard_pkt; + *ifindex = sll.sll_ifindex; @@ -191,7 +197,7 @@ discard_pkt: packet_discard(); - return 0; + return -1; } void packet_discard(void) This will make packet_peek return...

...packet_peek(int *ifindex) +int packet_peek(struct netdev *dev) { struct sockaddr_ll sll; struct iphdr iph; int ret, sllen = sizeof(struct sockaddr_ll); + sll.sll_ifindex = dev->ifindex; /* * Peek at the IP header. */ @@ -192,21 +193,22 @@ int packet_peek(int *ifindex) if (iph.ihl < 5 || iph.version != IPVERSION) goto discard_pkt; - *ifindex = sll.sll_ifindex; return ret; discard_pkt: - packet_discard(); + packet_discard(dev); return 0; } -void packet_discard(void) +void packet_discard(struct netdev *dev) { struct iphdr iph; struct sockaddr_ll sll;...

..._proto != IPPROTO_TCP) return false; then check __skb_get_poff() how to get th, and check if there is some payload... > + if ((skb->protocol == htons(ETH_P_IP)) && > + hdr.ipv4->protocol == IPPROTO_TCP) { > + payload_len = ntohs(hdr.ipv4->tot_len) - hdr.ipv4->ihl * 4 - > + th->doff * 4; > + } else if ((skb->protocol == htons(ETH_P_IPV6) || > + hdr.ipv6->nexthdr == IPPROTO_TCP)) { > + payload_len = ntohs(hdr.ipv6->payload_len) - th->doff * 4; > + } else { > + return false; > + } > + > + /* We don't...

...IChmcmVxKSBjb3VudHMgZWxzZSBpbnRlbnNpdGllcw0KICAgIHIgPC0gc3Ry dWN0dXJlKGxpc3QoYnJlYWtzID0gYnJlYWtzLCBjb3VudHMgPSBjb3VudHMs DQoJICAgICAgaW50ZW5zaXRpZXMgPSBpbnRlbnNpdGllcywgbWlkcyA9IG1p ZHMpLCBjbGFzcz0iaGlzdG9ncmFtIikNCiAgICBpZiAocGxvdCkgew0KCXBs b3QubmV3KCkNCglwbG90LndpbmRvdyh4bGltLCB5bGltLCAiIikgIy0+IHls aW0ncyBkZWZhdWx0IGZyb20gJ3knDQoJaWYgKG1pc3NpbmcoeWxhYikpDQoJ ICAgIHlsYWIgPC0gcGFzdGUoaWYoIWZyZXEpIlJlbGF0aXZlICIsICJGcmVx dWVuY3kiLCBzZXA9IiIpDQoJaWYoZnJlcSAmJiB1c2UuYnIgJiYgbWF4KGgp LW1pbihoKSA+IDFlLTcgKiBtZWFuKGgpKQ0KCSAgICB3YXJuaW5nKCJ0aGUg QVJFQVMgaW4gdGhlIHBsb3QgYXJlIHdyb25nIC0tIG1heWJlIHVzZS...

...cklen_t sllen = sizeof(sll); + + recvfrom(pkt_fd, &iph, sizeof(iph), 0, + (struct sockaddr *) &sll, &sllen); +} + + /* * Receive a bootp packet. The options are listed in iov[1...iov_len]. * iov[0] must point to the bootp packet header. @@ -215,7 +234,8 @@ ret -= 4 * ip->ihl; - if (udp->source != htons(67) || udp->dest != htons(68)) + if (udp->source != htons(remote_port) || + udp->dest != htons(local_port)) goto free_pkt; if (ntohs(udp->len) > ret) diff -Nru a/ipconfig/packet.h b/ipconfig/packet.h --- a/ipconfig/packet.h Tue Apr 29 11:01...

...;+int xen_checksum_setup(struct sk_buff *skb) >+{ > if (skb->proto_csum_blank) { >+ skb->proto_csum_blank = 0; > if (skb->protocol != htons(ETH_P_IP)) >- goto out_kfree_skb; >+ goto out; > skb->h.raw = (unsigned char *)skb->nh.iph + 4*skb->nh.iph->ihl; > if (skb->h.raw >= skb->tail) >- goto out_kfree_skb; >+ goto out; > switch (skb->nh.iph->protocol) { > case IPPROTO_TCP: > skb->csum = offsetof(struct tcphdr, check); >@@ -1284,18 +1224,89 @@ > skb->csum = offsetof(struct udphdr, check)...

...payload_len; > + > + hdr.network = skb_network_header(skb); > + > + /* Only IPv4/IPv6 with TCP is supported */ > + if ((skb->protocol == htons(ETH_P_IP)) && > + hdr.ipv4->protocol == IPPROTO_TCP) { > + payload_len = ntohs(hdr.ipv4->tot_len) - hdr.ipv4->ihl * 4 - > + th->doff * 4; > + } else if ((skb->protocol == htons(ETH_P_IPV6) || > + hdr.ipv6->nexthdr == IPPROTO_TCP)) { > + payload_len = ntohs(hdr.ipv6->payload_len) - th->doff * 4; > + } else { > + return false; > + } > + > + /* We don't...

https://bugzilla.netfilter.org/show_bug.cgi?id=845 Summary: checking for LIBNFNETLINK... configure: error: Package requirements (libnfnetlink >= 0.0.41) were not met: Product: libnetfilter_queue Version: unspecified Platform: i386 OS/Version: RedHat Linux Status: NEW Severity: normal

Hi, it seems that ipconfig has a problem if multiple devices are up and connected to the same network. It seems that it uses the wrong socket/device index to compare it to incoming packet. To be more precise, the packet gets discarded in do_pkt_recv as the ifindex from state differs always from the incoming packet To reproduce create two tap devices: $ sudo tunctl -u uli -t tap0