xt_RAWNAT: skb writable part might not include whole L4 header (IPv4 case)

Consider TCP/IPv4 packet with IP options: sizeof(*iph) + sizeof(struct
tcphdr) is not enough to include tcp checksum. It may hurt if this
packet is fragmented.

Therefore, we should use iph->ihl * 4 instead of sizeof(*iph).

Signed-off-by: Dmitry Popov <dp@highloadlab.com>

diff --git a/doc/changelog.txt b/doc/changelog.txt
index fd0989a4a08ec5fcafe47c6badd258f2bfa5c37d..f39b11936613998f5c962a9315bbe2a496fda84c 100644 (file)
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -1,6 +1,8 @@
 
 HEAD
 ====
+Fixes:
+- xt_RAWNAT: ensure correct operation in the presence of IPv4 options
 
 
 v2.2 (2013-03-31)

diff --git a/extensions/xt_RAWNAT.c b/extensions/xt_RAWNAT.c
index a52e61441f7cb1a3a5db08960953934f0b4eb560..858f911c7c3b1a85c27f739fdb22987e027d26a5 100644 (file)
--- a/extensions/xt_RAWNAT.c
+++ b/extensions/xt_RAWNAT.c
@@ -109,7 +109,7 @@ static void rawnat4_update_l4(struct sk_buff *skb, __be32 oldip, __be32 newip)
 
 static unsigned int rawnat4_writable_part(const struct iphdr *iph)
 {
-       unsigned int wlen = sizeof(*iph);
+       unsigned int wlen = iph->ihl * 4;
 
        switch (iph->protocol) {
        case IPPROTO_TCP: