diff options
author | Pablo Neira Ayuso <pablo@gnumonks.org> | 2014-02-19 23:28:04 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@gnumonks.org> | 2014-02-20 00:06:05 +0100 |
commit | 1fa0cd93f82dc95390c7d1c6dfca85d6729768cb (patch) | |
tree | 677210ac6ce94f074d1e289e021535f2f65b1073 | |
parent | 5df6cd2115098c2268aeb0701070a51434cdc85c (diff) |
gtp: rework handling of GTPv1 extensions
* Conditional check if we can pull the extensions (if any).
* Pull the GTPv1 header (8 bytes) and the extensions (if any).
Tested with emulated replayed pcap traffic, works for me.
-rw-r--r-- | gtp.c | 16 |
1 files changed, 8 insertions, 8 deletions
@@ -290,18 +290,16 @@ static int gtp1u_udp_encap_recv(struct gtp_instance *gti, struct sk_buff *skb) if ((gtp1->flags >> 5) != GTP_V1) goto out; - /* look-up table for faster length computing */ - gtp1_hdrlen = gtp1u_header_len[gtp1->flags & GTP1_F_MASK]; - /* check if it is T-PDU. */ if (gtp1->type != GTP_TPDU) goto out; - /* check for sufficient header size */ - if (!pskb_may_pull(skb, gtp1_hdrlen)) - goto out; + /* look-up table for faster length computing */ + gtp1_hdrlen = gtp1u_header_len[gtp1->flags & GTP1_F_MASK]; - /* FIXME: actually take care of extension header chain */ + /* check for sufficient header size */ + if (gtp1_hdrlen && !pskb_may_pull(skb, gtp1_hdrlen)) + goto out_rcu; /* look-up the PDP context for the Tunnel ID */ rcu_read_lock(); @@ -310,7 +308,9 @@ static int gtp1u_udp_encap_recv(struct gtp_instance *gti, struct sk_buff *skb) goto out_rcu; /* get rid of the GTP header */ - __skb_pull(skb, sizeof(*gtp1)); + __skb_pull(skb, sizeof(*gtp1) + gtp1_hdrlen); + + /* FIXME: actually take care of extension header chain */ if (!gtp_check_src_ms(skb, pctx)) goto out_rcu; |