netfilter: nf_nat: change sequence number adjustments to 32 bits

Using 16 bits is too small, when many adjustments happen the offsets might overflow and break the connection. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Patrick McHardy <kaber@trash.net> 2013-07-28 20:54:10 (GMT)
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-07-31 17:54:51 (GMT)
commit: 2d89c68ac78ae432038ef23371d2fa949d725d43 (patch)
tree: 9eb19fc7550976ff633849e95c752a34f19df4f2 /net/netfilter/nf_conntrack_proto_tcp.c
parent: 0658cdc8f3babb4a441f5a803a0b644fafcbf9ef (diff)
download: linux-fsl-qoriq-2d89c68ac78ae432038ef23371d2fa949d725d43.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 7dcc376..8f308d8 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -496,7 +496,7 @@ static void tcp_sack(const struct sk_buff *skb, unsigned int dataoff,
 }
 
 #ifdef CONFIG_NF_NAT_NEEDED
-static inline s16 nat_offset(const struct nf_conn *ct,
+static inline s32 nat_offset(const struct nf_conn *ct,
 			     enum ip_conntrack_dir dir,
 			     u32 seq)
 {
@@ -525,7 +525,7 @@ static bool tcp_in_window(const struct nf_conn *ct,
 	struct ip_ct_tcp_state *receiver = &state->seen[!dir];
 	const struct nf_conntrack_tuple *tuple = &ct->tuplehash[dir].tuple;
 	__u32 seq, ack, sack, end, win, swin;
-	s16 receiver_offset;
+	s32 receiver_offset;
 	bool res;
 
 	/*
author	Patrick McHardy <kaber@trash.net>	2013-07-28 20:54:10 (GMT)
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-07-31 17:54:51 (GMT)
commit	2d89c68ac78ae432038ef23371d2fa949d725d43 (patch)
tree	9eb19fc7550976ff633849e95c752a34f19df4f2 /net/netfilter/nf_conntrack_proto_tcp.c
parent	0658cdc8f3babb4a441f5a803a0b644fafcbf9ef (diff)
download	linux-fsl-qoriq-2d89c68ac78ae432038ef23371d2fa949d725d43.tar.xz