On Thu, 8 May 2003, Mitsuru KANDA / [ISO-2022-JP] �$B?@ED�(B �$B=<�(B wrote:
>
> Hello,
>
> In ipcomp_input():
>
> The original IP header(iph) is stored(copied) in tmp_iph.
>
> But after skb_pull(), tmp_iph is copied back to
> same place where the original IP header exists in skb->nh.raw.
>
> I believe the attached diff is to fix it for correct behavior
> which you intend.
>
> Could you check it?
This looks correct.
Dave, please apply.
- James
--
James Morris
<jmorris@xxxxxxxxxxxxxxxx>
--- bk.pending/net/ipv4/ipcomp.c Mon May 5 15:12:29 2003
+++ bk.w1/net/ipv4/ipcomp.c Thu May 8 09:59:01 2003
@@ -94,7 +94,9 @@
memcpy(&tmp_iph, iph, iph->ihl * 4);
nexthdr = *(u8 *)skb->data;
skb_pull(skb, sizeof(struct ipcomp_hdr));
+ skb->nh.raw += sizeof(struct ipcomp_hdr);
memcpy(skb->nh.raw, &tmp_iph, tmp_iph.iph.ihl * 4);
+ iph = skb->nh.iph;
iph->tot_len = htons(ntohs(iph->tot_len) - sizeof(struct ipcomp_hdr));
iph->protocol = nexthdr;
skb->h.raw = skb->data;
|