Hello,
In ipcomp_input():
The original IP header(iph) is stored(copied) in tmp_iph.
But after skb_pull(), tmp_iph is copied back to
same place where the original IP header exists in skb->nh.raw.
I believe the attached diff is to fix it for correct behavior
which you intend.
Could you check it?
Regards,
-mk
===== ipcomp.c 1.4 vs edited =====
--- 1.4/net/ipv4/ipcomp.c Sun May 4 22:26:55 2003
+++ edited/ipcomp.c Thu May 8 02:41:47 2003
@@ -94,7 +94,9 @@
memcpy(&tmp_iph, iph, iph->ihl * 4);
nexthdr = *(u8 *)skb->data;
skb_pull(skb, sizeof(struct ipcomp_hdr));
+ skb->nh.raw += sizeof(struct ipcomp_hdr);
memcpy(skb->nh.raw, &tmp_iph, tmp_iph.iph.ihl * 4);
+ iph = skb->nh.iph;
iph->tot_len = htons(ntohs(iph->tot_len) - sizeof(struct ipcomp_hdr));
iph->protocol = nexthdr;
skb->h.raw = skb->data;
|