Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets

To: Salvatore Bonaccorso <carnil@debian.org>
Cc: 1002706@bugs.debian.org
Subject: Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets
From: Steffen Weinreich <steve@weinreich.org>
Date: Tue, 4 Jan 2022 21:15:12 +0100
Message-id: <[🔎] 0340be43-d0e7-ca49-ea8d-569c8da925c7@weinreich.org>
Reply-to: Steffen Weinreich <steve@weinreich.org>, 1002706@bugs.debian.org
In-reply-to: <[🔎] YdR9UrxgCrmCY+wK@eldamar.lan>
References: <Yc8H9sHapPLHKWXV@salvia> <c419f813-8073-2fb7-1988-ffd38867caaa@weinreich.org> <[🔎] bb54b6a3-7332-29a9-0c3f-0fac84aa9ab1@weinreich.org> <[🔎] YdR2SWh5zbGlP1vb@eldamar.lan> <[🔎] f8e22a8d-8080-1a1c-e2e0-2fc556066ed8@weinreich.org> <[🔎] YdR9UrxgCrmCY+wK@eldamar.lan> <c419f813-8073-2fb7-1988-ffd38867caaa@weinreich.org>

Hi!
>> Regarding 4.19, the patch does not work there since the struct pkt does
>> not have a member fragoff. I suppose this is hidden deeply in the skbuf
>> structure...
> Sad. You might ask the maintainers if they can consider the fix as
> well for older stable series, mentioneing back the one you would be
> intersted in (so 4.19.y in your case). 

Thanks to a hint from Florian Westphal, i modified the patch for 4.19
and it fixes the issue also in 4.19.

The patch is attached.

cheerio

Steve

--- linux-source-4.19/net/netfilter/nft_payload.c.orig	2021-09-26 11:39:49.000000000 +0000
+++ linux-source-4.19/net/netfilter/nft_payload.c	2022-01-04 18:53:04.888219213 +0000
@@ -194,6 +194,9 @@
 				     struct sk_buff *skb,
 				     unsigned int *l4csum_offset)
 {
+	if (pkt->xt.fragoff)
+		return -1;
+
 	switch (pkt->tprot) {
 	case IPPROTO_TCP:
 		*l4csum_offset = offsetof(struct tcphdr, check);

Reply to:

Follow-Ups:
- Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets
  - From: Steffen Weinreich <steve@weinreich.org>

References:
- Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets
  - From: Steffen Weinreich <steve@weinreich.org>
- Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets
  - From: Steffen Weinreich <steve@weinreich.org>
- Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Re: [PATCH v2] builddeb: Support signing kernels with the module signing key
Next by Date: Bug#996713: firmware-brcm80211: firmware becomes non-responsive while running as an access point on RPI4
Previous by thread: Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets
Next by thread: Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets
Index(es):
- Date
- Thread