netfilter: ebtables: Fixes dropping of small packets in bridge nat

Fixes an error causing small packets to get dropped. skb_ensure_writable
expects the second parameter to be a length in the ethernet payload.=20
If we want to write the ethernet header (src, dst), we should pass 0.
Otherwise, packets with small payloads (< ETH_ALEN) will get dropped.

Fixes: c1a831167901 ("netfilter: bridge: convert skb_make_writable to skb_ensure_writable")
Signed-off-by: Timothée COCAULT <timothee.cocault@orange.com>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c
index 12a4f4d9368109999d5b2d3c5fe24957c5e7f747..3fda71a8579d13920b3e738fc3fbcd8251dc468c 100644 (file)
--- a/net/bridge/netfilter/ebt_dnat.c
+++ b/net/bridge/netfilter/ebt_dnat.c
@@ -21,7 +21,7 @@ ebt_dnat_tg(struct sk_buff *skb, const struct xt_action_param *par)
 {
        const struct ebt_nat_info *info = par->targinfo;
 
-       if (skb_ensure_writable(skb, ETH_ALEN))
+       if (skb_ensure_writable(skb, 0))
                return EBT_DROP;
 
        ether_addr_copy(eth_hdr(skb)->h_dest, info->mac);

diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c
index 0cad62a4052b94c5d5dffb7c9bcffaaa5b35a14b..307790562b492959d3e7a2332a5c8196ce901beb 100644 (file)
--- a/net/bridge/netfilter/ebt_redirect.c
+++ b/net/bridge/netfilter/ebt_redirect.c
@@ -21,7 +21,7 @@ ebt_redirect_tg(struct sk_buff *skb, const struct xt_action_param *par)
 {
        const struct ebt_redirect_info *info = par->targinfo;
 
-       if (skb_ensure_writable(skb, ETH_ALEN))
+       if (skb_ensure_writable(skb, 0))
                return EBT_DROP;
 
        if (xt_hooknum(par) != NF_BR_BROUTING)

diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c
index 27443bf229a3baac1aa7724edd25e431f2507621..7dfbcdfc30e5d22dfac17ee01db590a5abe13e70 100644 (file)
--- a/net/bridge/netfilter/ebt_snat.c
+++ b/net/bridge/netfilter/ebt_snat.c
@@ -22,7 +22,7 @@ ebt_snat_tg(struct sk_buff *skb, const struct xt_action_param *par)
 {
        const struct ebt_nat_info *info = par->targinfo;
 
-       if (skb_ensure_writable(skb, ETH_ALEN * 2))
+       if (skb_ensure_writable(skb, 0))
                return EBT_DROP;
 
        ether_addr_copy(eth_hdr(skb)->h_source, info->mac);