Re: [PATCH net] net: 802: reset skb->transport_header

From: Antonio Pastor <hidden>
Date: 2025-01-03 00:19:02
Also in: lkml

Sorry, this patch is wrong, it does not fix the potential issue yet.


No worries! Thanks for your patience with this. Much appreciated.

Note how skb_transport_header(skb) is used in
find_snap_client(skb_transport_header(skb));


I've spent so much time trying to figure out why the offset is wrong I 
lost sight that the core issue is that it is being used to begin with. 
Paolo Abeni hinted at that too.

quoted hunk ↗ jump to hunk

The proper way to fix the issue is to not rely on the transport header
at all, only reset it after pulling the network header.

diff --git a/net/802/psnap.c b/net/802/psnap.c
index fca9d454905fe37d6b838f0f00b3a16767e44e74..389df460c8c4b92f9ec6198247db0ba15bfb8f2e

--- a/net/802/psnap.c
+++ b/net/802/psnap.c

@@ -55,11 +55,11 @@ static int snap_rcv(struct sk_buff *skb, struct

net_device *dev,
                 goto drop;

         rcu_read_lock();
-       proto = find_snap_client(skb_transport_header(skb));
+       proto = find_snap_client(skb->data);
         if (proto) {
                 /* Pass the frame on. */
-               skb->transport_header += 5;
                 skb_pull_rcsum(skb, 5);
+               skb_reset_transport_header(skb);
                 rc = proto->rcvfunc(skb, dev, &snap_packet_type, orig_dev);
         }
         rcu_read_unlock();


Will send V2.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help