首页 发现 帮助
注册 登录
phyus
/
linux-vybrid_public
8
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

[NET]: skb_trim audit

I found a few more spots where pskb_trim_rcsum could be used but were not.
This patch changes them to use it.

Also, sk_filter can get paged skb data.  Therefore we must use pskb_trim
instead of skb_trim.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Herbert Xu 19 年之前
父节点
c8c9f9a3de
当前提交
b38dfee3d6
共有 3 个文件被更改,包括 7 次插入22 次删除
分列视图 显示文件统计
  1. 1 4
      include/net/sock.h
  2. 3 11
      net/bridge/br_netfilter.c
  3. 3 7
      net/ipv6/netfilter/nf_conntrack_reasm.c

+ 1 - 4
include/net/sock.h
查看文件 

@@ -873,10 +873,7 @@ static inline int sk_filter(struct sock *sk, struct sk_buff *skb, int needlock)
 
 		if (filter) {
 
 			unsigned int pkt_len = sk_run_filter(skb, filter->insns,
 
 							     filter->len);
 
-			if (!pkt_len)
 
-				err = -EPERM;
 
-			else
 
-				skb_trim(skb, pkt_len);
 
+			err = pkt_len ? pskb_trim(skb, pkt_len) : -EPERM;
 
 		}
 
 
 		if (needlock)

+ 3 - 11
net/bridge/br_netfilter.c
查看文件 

@@ -407,12 +407,8 @@ static unsigned int br_nf_pre_routing_ipv6(unsigned int hook,
 
 	if (pkt_len || hdr->nexthdr != NEXTHDR_HOP) {
 
 		if (pkt_len + sizeof(struct ipv6hdr) > skb->len)
 
 			goto inhdr_error;
 
-		if (pkt_len + sizeof(struct ipv6hdr) < skb->len) {
 
-			if (__pskb_trim(skb, pkt_len + sizeof(struct ipv6hdr)))
 
-				goto inhdr_error;
 
-			if (skb->ip_summed == CHECKSUM_HW)
 
-				skb->ip_summed = CHECKSUM_NONE;
 
-		}
 
+		if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr)))
 
+			goto inhdr_error;
 
 	}
 
 	if (hdr->nexthdr == NEXTHDR_HOP && check_hbh_len(skb))
 
 		goto inhdr_error;
 
@@ -495,11 +491,7 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
 
 	if (skb->len < len || len < 4 * iph->ihl)
 
 		goto inhdr_error;
 
 
-	if (skb->len > len) {
 
-		__pskb_trim(skb, len);
 
-		if (skb->ip_summed == CHECKSUM_HW)
 
-			skb->ip_summed = CHECKSUM_NONE;
 
-	}
 
+	pskb_trim_rcsum(skb, len);
 
 
 	nf_bridge_put(skb->nf_bridge);
 
 	if (!nf_bridge_alloc(skb))

+ 3 - 7
net/ipv6/netfilter/nf_conntrack_reasm.c
查看文件 

@@ -456,13 +456,9 @@ static int nf_ct_frag6_queue(struct nf_ct_frag6_queue *fq, struct sk_buff *skb,
 
 		DEBUGP("queue: message is too short.\n");
 
 		goto err;
 
 	}
 
-	if (end-offset < skb->len) {
 
-		if (pskb_trim(skb, end - offset)) {
 
-			DEBUGP("Can't trim\n");
 
-			goto err;
 
-		}
 
-		if (skb->ip_summed != CHECKSUM_UNNECESSARY)
 
-			skb->ip_summed = CHECKSUM_NONE;
 
+	if (pskb_trim_rcsum(skb, end - offset)) {
 
+		DEBUGP("Can't trim\n");
 
+		goto err;
 
 	}
 
 
 	/* Find out which fragments are in front and at the back of us