git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Xin Long <lucien.xin@gmail.com>
	Sat, 28 Jan 2023 15:58:34 +0000 (10:58 -0500)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 10 Jan 2024 16:10:21 +0000 (17:10 +0100)
commit	9487cc4c90fbb0b8b34a3835be410676c6cb24eb
tree	230c628c4421a2b696cd90f82ee790175a141e3d	tree
parent	5f523f1beb465ff2e398946abd090c5a14e69c75	commit \| diff

netfilter: use skb_ip_totlen and iph_totlen

[ Upstream commit a13fbf5ed5b4fc9095f12e955ca3a59b5507ff01 ]

There are also quite some places in netfilter that may process IPv4 TCP
GSO packets, we need to replace them too.

In length_mt(), we have to use u_int32_t/int to accept skb_ip_totlen()
return value, otherwise it may overflow and mismatch. This change will
also help us add selftest for IPv4 BIG TCP in the following patch.

Note that we don't need to replace the one in tcpmss_tg4(), as it will
return if there is data after tcphdr in tcpmss_mangle_packet(). The
same in mangle_contents() in nf_nat_helper.c, it returns false when
skb->len + extra > 65535 in enlarge_skb().

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: 0ae8e4cca787 ("netfilter: nf_tables: set transport offset from mac header for netdev/egress")
Signed-off-by: Sasha Levin <sashal@kernel.org>

include/net/netfilter/nf_tables_ipv4.h		diff \| blob \| blame \| history
net/netfilter/ipvs/ip_vs_xmit.c		diff \| blob \| blame \| history
net/netfilter/nf_log_syslog.c		diff \| blob \| blame \| history
net/netfilter/xt_length.c		diff \| blob \| blame \| history