gtp: reload GTPv1 header after pskb_may_pull() The GTPv1 header flags indicate the presence of optional extensions after this header. Refresh the pointer to the GTPv1 header as skb->head might have be reallocated via pskb_may_pull(). Fixes: 459aa660eb1d ("gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U)") Reported-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 93edb8c7f94fb3d384790ac8a83c3fb9389f6ca5 [log] [tgz]
author: Pablo Neira <pablo@netfilter.org> Tue May 10 21:33:38 2016 +0200
committer: David S. Miller <davem@davemloft.net> Tue May 10 15:56:23 2016 -0400
tree: 76baacecad6ebd442b864df240b9ed5224107e41
parent: 1dee3f59a8d5e711797dc82628aaf94a64e99922 [diff] [blame]
diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c
index 8ce1104..f7caf1e 100644
--- a/drivers/net/gtp.c
+++ b/drivers/net/gtp.c

@@ -253,6 +253,8 @@
 	if (!pskb_may_pull(skb, hdrlen))
 		return -1;
 
+	gtp1 = (struct gtp1_header *)(skb->data + sizeof(struct udphdr));
+
 	rcu_read_lock();
 	pctx = gtp1_pdp_find(gtp, ntohl(gtp1->tid));
 	if (!pctx) {
commit	93edb8c7f94fb3d384790ac8a83c3fb9389f6ca5	[log] [tgz]
author	Pablo Neira <pablo@netfilter.org>	Tue May 10 21:33:38 2016 +0200
committer	David S. Miller <davem@davemloft.net>	Tue May 10 15:56:23 2016 -0400
tree	76baacecad6ebd442b864df240b9ed5224107e41
parent	1dee3f59a8d5e711797dc82628aaf94a64e99922 [diff] [blame]