[commits] r1640 - trunk/batman-adv-kernelland

postmaster at open-mesh.net postmaster at open-mesh.net
Mon Apr 26 12:09:24 CEST 2010


Author: marek
Date: 2010-04-26 12:08:57 +0200 (Mon, 26 Apr 2010)
New Revision: 1640

Modified:
   trunk/batman-adv-kernelland/routing.c
Log:
batman-adv: Update pointer to ethhdr after skb_copy

We must ensure that all pointer to a socket buffer are updated when we
copy a socket buffer and free our reference to the old one.
Another part of the kernel could also free its reference which maybe
removes the buffer completely. In that situation we would would feed
wrong information to the routing algorithm after the memory area is
written again by someone else.

Signed-off-by: Sven Eckelmann <sven.eckelmann at gmx.de>

Modified: trunk/batman-adv-kernelland/routing.c
===================================================================
--- trunk/batman-adv-kernelland/routing.c	2010-04-20 12:46:57 UTC (rev 1639)
+++ trunk/batman-adv-kernelland/routing.c	2010-04-26 10:08:57 UTC (rev 1640)
@@ -747,6 +747,7 @@
 		skb = skb_copy(skb, GFP_ATOMIC);
 		if (!skb)
 			return NET_RX_DROP;
+		ethhdr = (struct ethhdr *)skb_mac_header(skb);
 		kfree_skb(skb_old);
 	}
 
@@ -805,6 +806,7 @@
 			if (!skb)
 				return NET_RX_DROP;
 			icmp_packet = (struct icmp_packet_rr *)skb->data;
+			ethhdr = (struct ethhdr *)skb_mac_header(skb);
 			kfree_skb(skb_old);
 		}
 
@@ -865,6 +867,7 @@
 			if (!skb)
 				return NET_RX_DROP;
 			icmp_packet = (struct icmp_packet *) skb->data;
+			ethhdr = (struct ethhdr *)skb_mac_header(skb);
 			kfree_skb(skb_old);
 		}
 
@@ -960,6 +963,7 @@
 			if (!skb)
 				return NET_RX_DROP;
 			icmp_packet = (struct icmp_packet_rr *)skb->data;
+			ethhdr = (struct ethhdr *)skb_mac_header(skb);
 			kfree_skb(skb_old);
 		}
 
@@ -1106,6 +1110,7 @@
 		if (!skb)
 			return NET_RX_DROP;
 		unicast_packet = (struct unicast_packet *) skb->data;
+		ethhdr = (struct ethhdr *)skb_mac_header(skb);
 		kfree_skb(skb_old);
 	}
 



More information about the commits mailing list