Re: [BUG] Kernel oops with slip+dnat

[Harald Welte <laforge@xxxxxxxxxxxx>]

On Tue, Jan 08, 2002 at 11:40:54AM +0200, Sami Ponkanen wrote:
> I posted this yesterday to netfilter-devel and linux networking lists, but I 
> was instructed that this list might suit better.

Hi, following up my previous response, here's an untested patch implementing
what I was talking about.  Could you try this and report if it works?

Thanks.

--- linux-plain/net/ipv4/netfilter/ip_nat_standalone.c  Sun Dec  2 21:14:38 2001
+++ linux-nfpom/net/ipv4/netfilter/ip_nat_standalone.c  Sat Jan 12 22:01:25 2002
@@ -215,8 +215,26 @@
        ret = ip_nat_fn(hooknum, pskb, in, out, okfn);
        if (ret != NF_DROP && ret != NF_STOLEN
            && ((*pskb)->nh.iph->saddr != saddr
-               || (*pskb)->nh.iph->daddr != daddr))
-               return route_me_harder(*pskb) == 0 ? ret : NF_DROP;
+               || (*pskb)->nh.iph->daddr != daddr)) {
+               struct net_device *olddev;
+
+               olddev = (*pskb)->dst->dev;
+
+               if (route_me_harder(*pskb)) 
+                       return NF_DROP;
+
+               if ((*pskb)->dst->dev != olddev) {
+                       int hh_len = (*pskb)->dst->dev->hard_header_len;
+
+                       /* need to enlarge headroom if not enough for new
+                        * hardware header */
+                       if (skb_headroom(*pskb) < hh_len 
+                           && skb_cow(*pskb, skb_headroom(*pskb)+hh_len))
+                               /* unable to allocate more headroom, 
+                                * drop packet */
+                               return NF_DROP;
+               }
+       }
        return ret;
 }
 

 
> Sami
-- 
Live long and prosper
- Harald Welte / laforge@xxxxxxxxxxxx               http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M- 
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)