| To: | Harald Welte <laforge@xxxxxxxxxxxx> |
|---|---|
| Subject: | Re: ERRATA Re: [PATCH] fix for netfilter/nat/pppoe crashes (hopefully) |
| From: | "David S. Miller" <davem@xxxxxxxxxx> |
| Date: | Thu, 2 Aug 2001 22:36:46 -0700 (PDT) |
| Cc: | Rusty Russell <rusty@xxxxxxxxxxxxxxx>, Marc Boucher <marc@xxxxxxx>, Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>, netfilter-devel@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx |
| In-reply-to: | <20010802073648.G1612@obroa-skai.gnumonks.org> |
| References: | <20010802070445.A11923@opium.mbsi.ca> <E15SVuq-0004qP-00@localhost> <20010802073648.G1612@obroa-skai.gnumonks.org> |
| Sender: | owner-netdev@xxxxxxxxxxx |
Harald Welte writes: > Sorry Rusty, but check on sizeof(struct tcphdr) is IMHO wrong, again. I think there is no way you can validly drop an ICMP packet just because the TCP checksum field is not there in the embedded header. So I think I basically agree with Harald. Nobody verifies the checksum of the TCP header included in the ICMP anyways, and in fact most of the time you can't simply because you'd need all the data part there to do so. This code should just verify that the ports are there and fix them up, and do nothing more, for the TCP in ICMP packet case. And pretty much this is what Harald's patch does if I read it correctly. Later, David S. Miller davem@xxxxxxxxxx |
| Previous by Date: | Re: ERRATA Re: [PATCH] fix for netfilter/nat/pppoe crashes (hopefully), Harald Welte |
|---|---|
| Next by Date: | Re: ERRATA Re: [PATCH] fix for netfilter/nat/pppoe crashes (hopefully), Rusty Russell |
| Previous by Thread: | Re: ERRATA Re: [PATCH] fix for netfilter/nat/pppoe crashes (hopefully), Harald Welte |
| Next by Thread: | Re: ERRATA Re: [PATCH] fix for netfilter/nat/pppoe crashes (hopefully), kuznet |
| Indexes: | [Date] [Thread] [Top] [All Lists] |