| From greg@press.kroah.org Fri Jan 27 18:00:39 2006 |
| Message-Id: <20060128015840.722214000@press.kroah.org> |
| Date: Fri, 27 Jan 2006 17:58:41 -0800 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk |
| Subject: [patch 0/6] 2.6.14.7 -stable review |
| Status: RO |
| Content-Length: 735 |
| Lines: 17 |
| |
| This is the start of the stable review cycle for the 2.6.14.7 release. |
| There are 6 patches in this series, all will be posted as a response to |
| this one. If anyone has any issues with these being applied, please let |
| us know. If anyone is a maintainer of the proper subsystem, and wants |
| to add a signed-off-by: line to the patch, please respond with it. |
| |
| These patches are sent out with a number of different people on the Cc: |
| line. If you wish to be a reviewer, please email stable@kernel.org to |
| add your name to the list. If you want to be off the reviewer list, |
| also email us. |
| |
| Responses should be made by Monday, January 30, 00:00:00 UTC. Anything |
| received after that time, might be too late. |
| |
| thanks, |
| |
| the -stable release team |
| |
| From greg@press.kroah.org Fri Jan 27 18:00:40 2006 |
| Message-Id: <20060128020039.784060000@press.kroah.org> |
| References: <20060128015840.722214000@press.kroah.org> |
| Date: Fri, 27 Jan 2006 00:00:01 -0800 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, shaohua.li@intel.com |
| Subject: [patch 1/6] setting irq affinity is broken in ia32 with MSI enabled |
| Content-Disposition: inline; filename=setting-irq-affinity-is-broken-in-ia32-with-MSI-enabled.patch |
| Status: RO |
| Content-Length: 1167 |
| Lines: 41 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| |
| From: Shaohua Li <shaohua.li@intel.com> |
| |
| Setting irq affinity stops working when MSI is enabled. With MSI, move_irq |
| is empty, so we can't change irq affinity. It appears a typo in Ashok's |
| original commit for this issue. X86_64 actually is using move_native_irq. |
| |
| Signed-off-by: Shaohua Li <shaohua.li@intel.com> |
| Signed-off-by: Andrew Morton <akpm@osdl.org> |
| Signed-off-by: Linus Torvalds <torvalds@osdl.org> |
| Signed-off-by: Chris Wright <chrisw@sous-sol.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| --- |
| arch/i386/kernel/io_apic.c | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| --- linux-2.6.14.6.orig/arch/i386/kernel/io_apic.c |
| +++ linux-2.6.14.6/arch/i386/kernel/io_apic.c |
| @@ -1937,7 +1937,7 @@ static void ack_edge_ioapic_vector(unsig |
| { |
| int irq = vector_to_irq(vector); |
| |
| - move_irq(vector); |
| + move_native_irq(vector); |
| ack_edge_ioapic_irq(irq); |
| } |
| |
| @@ -1952,7 +1952,7 @@ static void end_level_ioapic_vector (uns |
| { |
| int irq = vector_to_irq(vector); |
| |
| - move_irq(vector); |
| + move_native_irq(vector); |
| end_level_ioapic_irq(irq); |
| } |
| |
| |
| -- |
| |
| From greg@press.kroah.org Fri Jan 27 18:00:40 2006 |
| Message-Id: <20060128020040.687499000@press.kroah.org> |
| References: <20060128015840.722214000@press.kroah.org> |
| Date: Fri, 27 Jan 2006 00:00:02 -0800 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, davem@davemloft.net, bdschuym@pandora.be |
| Subject: [patch 2/6] [EBTABLES] Don't match tcp/udp source/destination port for IP fragments |
| Content-Disposition: inline; filename=fix-bridge-netfilter-matching-ip-fragments.patch |
| Status: RO |
| Content-Length: 1065 |
| Lines: 34 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: Bart De Schuymer <bdschuym@pandora.be> |
| |
| Signed-off-by: Bart De Schuymer <bdschuym@pandora.be> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Chris Wright <chrisw@sous-sol.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| --- |
| net/bridge/netfilter/ebt_ip.c | 3 +++ |
| 1 file changed, 3 insertions(+) |
| |
| --- linux-2.6.14.6.orig/net/bridge/netfilter/ebt_ip.c |
| +++ linux-2.6.14.6/net/bridge/netfilter/ebt_ip.c |
| @@ -15,6 +15,7 @@ |
| #include <linux/netfilter_bridge/ebtables.h> |
| #include <linux/netfilter_bridge/ebt_ip.h> |
| #include <linux/ip.h> |
| +#include <net/ip.h> |
| #include <linux/in.h> |
| #include <linux/module.h> |
| |
| @@ -51,6 +52,8 @@ static int ebt_filter_ip(const struct sk |
| if (!(info->bitmask & EBT_IP_DPORT) && |
| !(info->bitmask & EBT_IP_SPORT)) |
| return EBT_MATCH; |
| + if (ntohs(ih->frag_off) & IP_OFFSET) |
| + return EBT_NOMATCH; |
| pptr = skb_header_pointer(skb, ih->ihl*4, |
| sizeof(_ports), &_ports); |
| if (pptr == NULL) |
| |
| -- |
| |
| From greg@press.kroah.org Fri Jan 27 18:00:41 2006 |
| Message-Id: <20060128020041.271240000@press.kroah.org> |
| References: <20060128015840.722214000@press.kroah.org> |
| Date: Fri, 27 Jan 2006 00:00:03 -0800 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, davem@davemloft.net, richm@oldelvet.org.uk |
| Subject: [patch 3/6] [SPARC64]: Fix ptrace/strace |
| Content-Disposition: inline; filename=sparc64-fix-ptrace.patch |
| Status: RO |
| Content-Length: 1392 |
| Lines: 45 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: Richard Mortimer <richm@oldelvet.org.uk> |
| |
| Don't clobber register %l0 while checking TI_SYS_NOERROR value in |
| syscall return path. This bug was introduced by: |
| |
| db7d9a4eb700be766cc9f29241483dbb1e748832 |
| |
| Problem narrowed down by Luis F. Ortiz and Richard Mortimer. |
| |
| I tried using %l2 as suggested by Luis and that works for me. |
| |
| Looking at the code I wonder if it makes sense to simplify the code |
| a little bit. The following works for me but I'm not sure how to |
| exercise the "NOERROR" codepath. |
| |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Chris Wright <chrisw@sous-sol.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| --- |
| arch/sparc64/kernel/entry.S | 7 ++----- |
| 1 file changed, 2 insertions(+), 5 deletions(-) |
| |
| --- linux-2.6.14.6.orig/arch/sparc64/kernel/entry.S |
| +++ linux-2.6.14.6/arch/sparc64/kernel/entry.S |
| @@ -1657,13 +1657,10 @@ ret_sys_call: |
| /* Check if force_successful_syscall_return() |
| * was invoked. |
| */ |
| - ldub [%curptr + TI_SYS_NOERROR], %l0 |
| - brz,pt %l0, 1f |
| - nop |
| - ba,pt %xcc, 80f |
| + ldub [%curptr + TI_SYS_NOERROR], %l2 |
| + brnz,a,pn %l2, 80f |
| stb %g0, [%curptr + TI_SYS_NOERROR] |
| |
| -1: |
| cmp %o0, -ERESTART_RESTARTBLOCK |
| bgeu,pn %xcc, 1f |
| andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT), %l6 |
| |
| -- |
| |
| From greg@press.kroah.org Fri Jan 27 18:00:43 2006 |
| Message-Id: <20060128020042.145964000@press.kroah.org> |
| References: <20060128015840.722214000@press.kroah.org> |
| Date: Fri, 27 Jan 2006 00:00:04 -0800 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, davem@davemloft.net |
| Subject: [patch 4/6] [SPARC64]: Fix sys_fstat64() entry in 64-bit syscall table. |
| Content-Disposition: inline; filename=sparc64-fix-sys_fstat64-entry-in-64-bit-syscall-table.patch |
| Status: RO |
| Content-Length: 1179 |
| Lines: 28 |
| |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: "David S. Miller" <davem@davemloft.net> |
| |
| Noticed by Jakub Jelinek. |
| |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Chris Wright <chrisw@sous-sol.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| --- |
| arch/sparc64/kernel/systbls.S | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- linux-2.6.14.6.orig/arch/sparc64/kernel/systbls.S |
| +++ linux-2.6.14.6/arch/sparc64/kernel/systbls.S |
| @@ -98,7 +98,7 @@ sys_call_table: |
| .word sys_umount, sys_setgid, sys_getgid, sys_signal, sys_geteuid |
| /*50*/ .word sys_getegid, sys_acct, sys_memory_ordering, sys_nis_syscall, sys_ioctl |
| .word sys_reboot, sys_nis_syscall, sys_symlink, sys_readlink, sys_execve |
| -/*60*/ .word sys_umask, sys_chroot, sys_newfstat, sys_stat64, sys_getpagesize |
| +/*60*/ .word sys_umask, sys_chroot, sys_newfstat, sys_fstat64, sys_getpagesize |
| .word sys_msync, sys_vfork, sys_pread64, sys_pwrite64, sys_nis_syscall |
| /*70*/ .word sys_nis_syscall, sys_mmap, sys_nis_syscall, sys64_munmap, sys_mprotect |
| .word sys_madvise, sys_vhangup, sys_nis_syscall, sys_mincore, sys_getgroups |
| |
| -- |
| |
| From greg@press.kroah.org Fri Jan 27 18:00:45 2006 |
| Message-Id: <20060128020044.285351000@press.kroah.org> |
| References: <20060128015840.722214000@press.kroah.org> |
| Date: Fri, 27 Jan 2006 00:00:05 -0800 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, kaber@trash.net |
| Subject: [patch 5/6] [NETFILTER]: Fix crash in ip_nat_pptp (CVE-2006-0036) |
| Content-Disposition: inline; filename=netfilter-fix-crash-in-ip_nat_pptp.patch |
| Status: RO |
| Content-Length: 1004 |
| Lines: 31 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| |
| From: Patrick McHardy <kaber@trash.net> |
| |
| When an inbound PPTP_IN_CALL_REQUEST packet is received the |
| PPTP NAT helper uses a NULL pointer in pointer arithmentic to |
| calculate the offset in the packet which needs to be mangled |
| and corrupts random memory or crashes. |
| |
| Signed-off-by: Patrick McHardy <kaber@trash.net> |
| Signed-off-by: Chris Wright <chrisw@sous-sol.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| --- |
| net/ipv4/netfilter/ip_nat_helper_pptp.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- linux-2.6.14.6.orig/net/ipv4/netfilter/ip_nat_helper_pptp.c |
| +++ linux-2.6.14.6/net/ipv4/netfilter/ip_nat_helper_pptp.c |
| @@ -313,7 +313,7 @@ pptp_inbound_pkt(struct sk_buff **pskb, |
| break; |
| case PPTP_IN_CALL_REQUEST: |
| /* only need to nat in case PAC is behind NAT box */ |
| - break; |
| + return NF_ACCEPT; |
| case PPTP_WAN_ERROR_NOTIFY: |
| pcid = &pptpReq->wanerr.peersCallID; |
| break; |
| |
| -- |
| |
| From greg@press.kroah.org Fri Jan 27 18:00:46 2006 |
| Message-Id: <20060128020045.469709000@press.kroah.org> |
| References: <20060128015840.722214000@press.kroah.org> |
| Date: Fri, 27 Jan 2006 00:00:06 -0800 |
| From: Greg KH <gregkh@suse.de> |
| To: linux-kernel@vger.kernel.org, |
| stable@kernel.org |
| Cc: Justin Forbes <jmforbes@linuxtx.org>, |
| Zwane Mwaikambo <zwane@arm.linux.org.uk>, |
| Theodore Ts'o <tytso@mit.edu>, |
| Randy Dunlap <rdunlap@xenotime.net>, |
| Dave Jones <davej@redhat.com>, |
| Chuck Wolber <chuckw@quantumlinux.com>, |
| torvalds@osdl.org, |
| akpm@osdl.org, |
| alan@lxorguk.ukuu.org.uk, kaber@trash.net |
| Subject: [patch 6/6] [NETFILTER]: Fix another crash in ip_nat_pptp (CVE-2006-0037) |
| Content-Disposition: inline; filename=netfilter-fix-another-crash-in-ip_nat_pptp.patch |
| Status: RO |
| Content-Length: 5633 |
| Lines: 152 |
| |
| -stable review patch. If anyone has any objections, please let us know. |
| |
| ------------------ |
| From: Patrick McHardy <kaber@trash.net> |
| |
| The PPTP NAT helper calculates the offset at which the packet needs |
| to be mangled as difference between two pointers to the header. With |
| non-linear skbs however the pointers may point to two seperate buffers |
| on the stack and the calculation results in a wrong offset beeing |
| used. |
| |
| Signed-off-by: Patrick McHardy <kaber@trash.net> |
| Signed-off-by: Chris Wright <chrisw@sous-sol.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| --- |
| net/ipv4/netfilter/ip_nat_helper_pptp.c | 57 +++++++++++++++----------------- |
| 1 file changed, 27 insertions(+), 30 deletions(-) |
| |
| --- linux-2.6.14.6.orig/net/ipv4/netfilter/ip_nat_helper_pptp.c |
| +++ linux-2.6.14.6/net/ipv4/netfilter/ip_nat_helper_pptp.c |
| @@ -148,14 +148,14 @@ pptp_outbound_pkt(struct sk_buff **pskb, |
| { |
| struct ip_ct_pptp_master *ct_pptp_info = &ct->help.ct_pptp_info; |
| struct ip_nat_pptp *nat_pptp_info = &ct->nat.help.nat_pptp_info; |
| - |
| - u_int16_t msg, *cid = NULL, new_callid; |
| + u_int16_t msg, new_callid; |
| + unsigned int cid_off; |
| |
| new_callid = htons(ct_pptp_info->pns_call_id); |
| |
| switch (msg = ntohs(ctlh->messageType)) { |
| case PPTP_OUT_CALL_REQUEST: |
| - cid = &pptpReq->ocreq.callID; |
| + cid_off = offsetof(union pptp_ctrl_union, ocreq.callID); |
| /* FIXME: ideally we would want to reserve a call ID |
| * here. current netfilter NAT core is not able to do |
| * this :( For now we use TCP source port. This breaks |
| @@ -172,10 +172,10 @@ pptp_outbound_pkt(struct sk_buff **pskb, |
| ct_pptp_info->pns_call_id = ntohs(new_callid); |
| break; |
| case PPTP_IN_CALL_REPLY: |
| - cid = &pptpReq->icreq.callID; |
| + cid_off = offsetof(union pptp_ctrl_union, icreq.callID); |
| break; |
| case PPTP_CALL_CLEAR_REQUEST: |
| - cid = &pptpReq->clrreq.callID; |
| + cid_off = offsetof(union pptp_ctrl_union, clrreq.callID); |
| break; |
| default: |
| DEBUGP("unknown outbound packet 0x%04x:%s\n", msg, |
| @@ -197,18 +197,15 @@ pptp_outbound_pkt(struct sk_buff **pskb, |
| |
| /* only OUT_CALL_REQUEST, IN_CALL_REPLY, CALL_CLEAR_REQUEST pass |
| * down to here */ |
| - |
| - IP_NF_ASSERT(cid); |
| - |
| DEBUGP("altering call id from 0x%04x to 0x%04x\n", |
| - ntohs(*cid), ntohs(new_callid)); |
| + ntohs(*(u_int16_t *)pptpReq + cid_off), ntohs(new_callid)); |
| |
| /* mangle packet */ |
| if (ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, |
| - (void *)cid - ((void *)ctlh - sizeof(struct pptp_pkt_hdr)), |
| - sizeof(new_callid), |
| - (char *)&new_callid, |
| - sizeof(new_callid)) == 0) |
| + cid_off + sizeof(struct pptp_pkt_hdr) + |
| + sizeof(struct PptpControlHeader), |
| + sizeof(new_callid), (char *)&new_callid, |
| + sizeof(new_callid)) == 0) |
| return NF_DROP; |
| |
| return NF_ACCEPT; |
| @@ -297,7 +294,8 @@ pptp_inbound_pkt(struct sk_buff **pskb, |
| union pptp_ctrl_union *pptpReq) |
| { |
| struct ip_nat_pptp *nat_pptp_info = &ct->nat.help.nat_pptp_info; |
| - u_int16_t msg, new_cid = 0, new_pcid, *pcid = NULL, *cid = NULL; |
| + u_int16_t msg, new_cid = 0, new_pcid; |
| + unsigned int pcid_off, cid_off = 0; |
| |
| int ret = NF_ACCEPT, rv; |
| |
| @@ -305,23 +303,23 @@ pptp_inbound_pkt(struct sk_buff **pskb, |
| |
| switch (msg = ntohs(ctlh->messageType)) { |
| case PPTP_OUT_CALL_REPLY: |
| - pcid = &pptpReq->ocack.peersCallID; |
| - cid = &pptpReq->ocack.callID; |
| + pcid_off = offsetof(union pptp_ctrl_union, ocack.peersCallID); |
| + cid_off = offsetof(union pptp_ctrl_union, ocack.callID); |
| break; |
| case PPTP_IN_CALL_CONNECT: |
| - pcid = &pptpReq->iccon.peersCallID; |
| + pcid_off = offsetof(union pptp_ctrl_union, iccon.peersCallID); |
| break; |
| case PPTP_IN_CALL_REQUEST: |
| /* only need to nat in case PAC is behind NAT box */ |
| return NF_ACCEPT; |
| case PPTP_WAN_ERROR_NOTIFY: |
| - pcid = &pptpReq->wanerr.peersCallID; |
| + pcid_off = offsetof(union pptp_ctrl_union, wanerr.peersCallID); |
| break; |
| case PPTP_CALL_DISCONNECT_NOTIFY: |
| - pcid = &pptpReq->disc.callID; |
| + pcid_off = offsetof(union pptp_ctrl_union, disc.callID); |
| break; |
| case PPTP_SET_LINK_INFO: |
| - pcid = &pptpReq->setlink.peersCallID; |
| + pcid_off = offsetof(union pptp_ctrl_union, setlink.peersCallID); |
| break; |
| |
| default: |
| @@ -343,25 +341,24 @@ pptp_inbound_pkt(struct sk_buff **pskb, |
| * WAN_ERROR_NOTIFY, CALL_DISCONNECT_NOTIFY pass down here */ |
| |
| /* mangle packet */ |
| - IP_NF_ASSERT(pcid); |
| DEBUGP("altering peer call id from 0x%04x to 0x%04x\n", |
| - ntohs(*pcid), ntohs(new_pcid)); |
| + ntohs(*(u_int16_t *)pptpReq + pcid_off), ntohs(new_pcid)); |
| |
| - rv = ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, |
| - (void *)pcid - ((void *)ctlh - sizeof(struct pptp_pkt_hdr)), |
| + rv = ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, |
| + pcid_off + sizeof(struct pptp_pkt_hdr) + |
| + sizeof(struct PptpControlHeader), |
| sizeof(new_pcid), (char *)&new_pcid, |
| sizeof(new_pcid)); |
| if (rv != NF_ACCEPT) |
| return rv; |
| |
| if (new_cid) { |
| - IP_NF_ASSERT(cid); |
| DEBUGP("altering call id from 0x%04x to 0x%04x\n", |
| - ntohs(*cid), ntohs(new_cid)); |
| - rv = ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, |
| - (void *)cid - ((void *)ctlh - sizeof(struct pptp_pkt_hdr)), |
| - sizeof(new_cid), |
| - (char *)&new_cid, |
| + ntohs(*(u_int16_t *)pptpReq + cid_off), ntohs(new_cid)); |
| + rv = ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, |
| + cid_off + sizeof(struct pptp_pkt_hdr) + |
| + sizeof(struct PptpControlHeader), |
| + sizeof(new_cid), (char *)&new_cid, |
| sizeof(new_cid)); |
| if (rv != NF_ACCEPT) |
| return rv; |
| |
| -- |
| |