Re: [linux-yocto] [PATCH] netfilter: Fix remainder of pseudo-header protocol 0
On Tue, Jun 25, 2019 at 11:03 PM He Zhe wrote: > > > > On 6/26/19 11:00 AM, Bruce Ashfield wrote: > > On Tue, Jun 25, 2019 at 6:15 AM wrote: > >> From: He Zhe > >> > >> Since v5.1-rc1, some types of packets do not get unreachable reply with the > >> following iptables setting. Fox example, > > So what's the upstream status of this ? (I haven't checked netdev yet). > > It hasn't got reply yet. Maybe will be handled in next version. > https://lore.kernel.org/lkml/1561346258-272481-1-git-send-email-zhe...@windriver.com/ > I've gone ahead and merged the change. If there are any updates, send incremental patches. I'll have another look when I'm doing the 5.2+ official kernel, but you'll know sooner than I will if there are changes required. Bruce > Zhe > > > > > Bruce > > > >> $ iptables -A INPUT -p icmp --icmp-type 8 -j REJECT > >> $ ping 127.0.0.1 -c 1 > >> PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. > >> — 127.0.0.1 ping statistics — > >> 1 packets transmitted, 0 received, 100% packet loss, time 0ms > >> > >> We should have got the following reply from command line, but we did not. > >> From 127.0.0.1 icmp_seq=1 Destination Port Unreachable > >> > >> Yi Zhao reported it and narrowed it down to: > >> 7fc38225363d ("netfilter: reject: skip csum verification for protocols > >> that don't support it"), > >> > >> This is because nf_ip_checksum still expects pseudo-header protocol type 0 > >> for > >> packets that are of neither TCP or UDP, and thus ICMP packets are > >> mistakenly > >> treated as TCP/UDP. > >> > >> This patch corrects the conditions in nf_ip_checksum and all other places > >> that > >> still call it with protocol 0. > >> > >> Fixes: 7fc38225363d ("netfilter: reject: skip csum verification for > >> protocols that don't support it") > >> Reported-by: Yi Zhao > >> Signed-off-by: He Zhe > >> --- > >> This has been sent to upstream and would probably be handled next around. > >> It's > >> worth merging it before that. > >> > >> net/netfilter/nf_conntrack_proto_icmp.c | 2 +- > >> net/netfilter/nf_nat_proto.c| 2 +- > >> net/netfilter/utils.c | 5 +++-- > >> 3 files changed, 5 insertions(+), 4 deletions(-) > >> > >> diff --git a/net/netfilter/nf_conntrack_proto_icmp.c > >> b/net/netfilter/nf_conntrack_proto_icmp.c > >> index a824367..dd53e2b 100644 > >> --- a/net/netfilter/nf_conntrack_proto_icmp.c > >> +++ b/net/netfilter/nf_conntrack_proto_icmp.c > >> @@ -218,7 +218,7 @@ int nf_conntrack_icmpv4_error(struct nf_conn *tmpl, > >> /* See ip_conntrack_proto_tcp.c */ > >> if (state->net->ct.sysctl_checksum && > >> state->hook == NF_INET_PRE_ROUTING && > >> - nf_ip_checksum(skb, state->hook, dataoff, 0)) { > >> + nf_ip_checksum(skb, state->hook, dataoff, IPPROTO_ICMP)) { > >> icmp_error_log(skb, state, "bad hw icmp checksum"); > >> return -NF_ACCEPT; > >> } > >> diff --git a/net/netfilter/nf_nat_proto.c b/net/netfilter/nf_nat_proto.c > >> index 07da077..83a24cc 100644 > >> --- a/net/netfilter/nf_nat_proto.c > >> +++ b/net/netfilter/nf_nat_proto.c > >> @@ -564,7 +564,7 @@ int nf_nat_icmp_reply_translation(struct sk_buff *skb, > >> > >> if (!skb_make_writable(skb, hdrlen + sizeof(*inside))) > >> return 0; > >> - if (nf_ip_checksum(skb, hooknum, hdrlen, 0)) > >> + if (nf_ip_checksum(skb, hooknum, hdrlen, IPPROTO_ICMP)) > >> return 0; > >> > >> inside = (void *)skb->data + hdrlen; > >> diff --git a/net/netfilter/utils.c b/net/netfilter/utils.c > >> index 06dc555..51b454d 100644 > >> --- a/net/netfilter/utils.c > >> +++ b/net/netfilter/utils.c > >> @@ -17,7 +17,8 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int > >> hook, > >> case CHECKSUM_COMPLETE: > >> if (hook != NF_INET_PRE_ROUTING && hook != > >> NF_INET_LOCAL_IN) > >> break; > >> - if ((protocol == 0 && !csum_fold(skb->csum)) || > >> + if ((protocol != IPPROTO_TCP && protocol != IPPROTO_UDP && > >> + !csum_fold(skb->csum)) || > >> !csum_tcpudp_magic(iph->saddr, iph->daddr, > >>skb->len - dataoff, protocol, > >>skb->csum)) { > >> @@ -26,7 +27,7 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int > >> hook, > >> } > >> /* fall through */ > >> case CHECKSUM_NONE: > >> - if (protocol == 0) > >> + if (protocol != IPPROTO_TCP && protocol != IPPROTO_UDP) > >> skb->csum = 0; > >> else > >> skb->csum = csum_tcpudp_nofold(iph->saddr, > >> iph->daddr, > >> -- > >> 2.7.4 > >> > > > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II --
Re: [linux-yocto] [PATCH] netfilter: Fix remainder of pseudo-header protocol 0
On 6/26/19 11:00 AM, Bruce Ashfield wrote: > On Tue, Jun 25, 2019 at 6:15 AM wrote: >> From: He Zhe >> >> Since v5.1-rc1, some types of packets do not get unreachable reply with the >> following iptables setting. Fox example, > So what's the upstream status of this ? (I haven't checked netdev yet). It hasn't got reply yet. Maybe will be handled in next version. https://lore.kernel.org/lkml/1561346258-272481-1-git-send-email-zhe...@windriver.com/ Zhe > > Bruce > >> $ iptables -A INPUT -p icmp --icmp-type 8 -j REJECT >> $ ping 127.0.0.1 -c 1 >> PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. >> — 127.0.0.1 ping statistics — >> 1 packets transmitted, 0 received, 100% packet loss, time 0ms >> >> We should have got the following reply from command line, but we did not. >> From 127.0.0.1 icmp_seq=1 Destination Port Unreachable >> >> Yi Zhao reported it and narrowed it down to: >> 7fc38225363d ("netfilter: reject: skip csum verification for protocols that >> don't support it"), >> >> This is because nf_ip_checksum still expects pseudo-header protocol type 0 >> for >> packets that are of neither TCP or UDP, and thus ICMP packets are mistakenly >> treated as TCP/UDP. >> >> This patch corrects the conditions in nf_ip_checksum and all other places >> that >> still call it with protocol 0. >> >> Fixes: 7fc38225363d ("netfilter: reject: skip csum verification for >> protocols that don't support it") >> Reported-by: Yi Zhao >> Signed-off-by: He Zhe >> --- >> This has been sent to upstream and would probably be handled next around. >> It's >> worth merging it before that. >> >> net/netfilter/nf_conntrack_proto_icmp.c | 2 +- >> net/netfilter/nf_nat_proto.c| 2 +- >> net/netfilter/utils.c | 5 +++-- >> 3 files changed, 5 insertions(+), 4 deletions(-) >> >> diff --git a/net/netfilter/nf_conntrack_proto_icmp.c >> b/net/netfilter/nf_conntrack_proto_icmp.c >> index a824367..dd53e2b 100644 >> --- a/net/netfilter/nf_conntrack_proto_icmp.c >> +++ b/net/netfilter/nf_conntrack_proto_icmp.c >> @@ -218,7 +218,7 @@ int nf_conntrack_icmpv4_error(struct nf_conn *tmpl, >> /* See ip_conntrack_proto_tcp.c */ >> if (state->net->ct.sysctl_checksum && >> state->hook == NF_INET_PRE_ROUTING && >> - nf_ip_checksum(skb, state->hook, dataoff, 0)) { >> + nf_ip_checksum(skb, state->hook, dataoff, IPPROTO_ICMP)) { >> icmp_error_log(skb, state, "bad hw icmp checksum"); >> return -NF_ACCEPT; >> } >> diff --git a/net/netfilter/nf_nat_proto.c b/net/netfilter/nf_nat_proto.c >> index 07da077..83a24cc 100644 >> --- a/net/netfilter/nf_nat_proto.c >> +++ b/net/netfilter/nf_nat_proto.c >> @@ -564,7 +564,7 @@ int nf_nat_icmp_reply_translation(struct sk_buff *skb, >> >> if (!skb_make_writable(skb, hdrlen + sizeof(*inside))) >> return 0; >> - if (nf_ip_checksum(skb, hooknum, hdrlen, 0)) >> + if (nf_ip_checksum(skb, hooknum, hdrlen, IPPROTO_ICMP)) >> return 0; >> >> inside = (void *)skb->data + hdrlen; >> diff --git a/net/netfilter/utils.c b/net/netfilter/utils.c >> index 06dc555..51b454d 100644 >> --- a/net/netfilter/utils.c >> +++ b/net/netfilter/utils.c >> @@ -17,7 +17,8 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int >> hook, >> case CHECKSUM_COMPLETE: >> if (hook != NF_INET_PRE_ROUTING && hook != NF_INET_LOCAL_IN) >> break; >> - if ((protocol == 0 && !csum_fold(skb->csum)) || >> + if ((protocol != IPPROTO_TCP && protocol != IPPROTO_UDP && >> + !csum_fold(skb->csum)) || >> !csum_tcpudp_magic(iph->saddr, iph->daddr, >>skb->len - dataoff, protocol, >>skb->csum)) { >> @@ -26,7 +27,7 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int >> hook, >> } >> /* fall through */ >> case CHECKSUM_NONE: >> - if (protocol == 0) >> + if (protocol != IPPROTO_TCP && protocol != IPPROTO_UDP) >> skb->csum = 0; >> else >> skb->csum = csum_tcpudp_nofold(iph->saddr, >> iph->daddr, >> -- >> 2.7.4 >> > -- ___ linux-yocto mailing list linux-yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/linux-yocto
Re: [linux-yocto] [PATCH] netfilter: Fix remainder of pseudo-header protocol 0
On Tue, Jun 25, 2019 at 11:00 PM Bruce Ashfield wrote: > > On Tue, Jun 25, 2019 at 6:15 AM wrote: > > > > From: He Zhe > > > > Since v5.1-rc1, some types of packets do not get unreachable reply with the > > following iptables setting. Fox example, > > So what's the upstream status of this ? (I haven't checked netdev yet). > I should have just checked and saved an email. I found your submission of the change, but don't see any feedback. I'll follow along on netdev and see where it goes. Bruce > Bruce > > > > > $ iptables -A INPUT -p icmp --icmp-type 8 -j REJECT > > $ ping 127.0.0.1 -c 1 > > PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. > > — 127.0.0.1 ping statistics — > > 1 packets transmitted, 0 received, 100% packet loss, time 0ms > > > > We should have got the following reply from command line, but we did not. > > From 127.0.0.1 icmp_seq=1 Destination Port Unreachable > > > > Yi Zhao reported it and narrowed it down to: > > 7fc38225363d ("netfilter: reject: skip csum verification for protocols that > > don't support it"), > > > > This is because nf_ip_checksum still expects pseudo-header protocol type 0 > > for > > packets that are of neither TCP or UDP, and thus ICMP packets are mistakenly > > treated as TCP/UDP. > > > > This patch corrects the conditions in nf_ip_checksum and all other places > > that > > still call it with protocol 0. > > > > Fixes: 7fc38225363d ("netfilter: reject: skip csum verification for > > protocols that don't support it") > > Reported-by: Yi Zhao > > Signed-off-by: He Zhe > > --- > > This has been sent to upstream and would probably be handled next around. > > It's > > worth merging it before that. > > > > net/netfilter/nf_conntrack_proto_icmp.c | 2 +- > > net/netfilter/nf_nat_proto.c| 2 +- > > net/netfilter/utils.c | 5 +++-- > > 3 files changed, 5 insertions(+), 4 deletions(-) > > > > diff --git a/net/netfilter/nf_conntrack_proto_icmp.c > > b/net/netfilter/nf_conntrack_proto_icmp.c > > index a824367..dd53e2b 100644 > > --- a/net/netfilter/nf_conntrack_proto_icmp.c > > +++ b/net/netfilter/nf_conntrack_proto_icmp.c > > @@ -218,7 +218,7 @@ int nf_conntrack_icmpv4_error(struct nf_conn *tmpl, > > /* See ip_conntrack_proto_tcp.c */ > > if (state->net->ct.sysctl_checksum && > > state->hook == NF_INET_PRE_ROUTING && > > - nf_ip_checksum(skb, state->hook, dataoff, 0)) { > > + nf_ip_checksum(skb, state->hook, dataoff, IPPROTO_ICMP)) { > > icmp_error_log(skb, state, "bad hw icmp checksum"); > > return -NF_ACCEPT; > > } > > diff --git a/net/netfilter/nf_nat_proto.c b/net/netfilter/nf_nat_proto.c > > index 07da077..83a24cc 100644 > > --- a/net/netfilter/nf_nat_proto.c > > +++ b/net/netfilter/nf_nat_proto.c > > @@ -564,7 +564,7 @@ int nf_nat_icmp_reply_translation(struct sk_buff *skb, > > > > if (!skb_make_writable(skb, hdrlen + sizeof(*inside))) > > return 0; > > - if (nf_ip_checksum(skb, hooknum, hdrlen, 0)) > > + if (nf_ip_checksum(skb, hooknum, hdrlen, IPPROTO_ICMP)) > > return 0; > > > > inside = (void *)skb->data + hdrlen; > > diff --git a/net/netfilter/utils.c b/net/netfilter/utils.c > > index 06dc555..51b454d 100644 > > --- a/net/netfilter/utils.c > > +++ b/net/netfilter/utils.c > > @@ -17,7 +17,8 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int > > hook, > > case CHECKSUM_COMPLETE: > > if (hook != NF_INET_PRE_ROUTING && hook != NF_INET_LOCAL_IN) > > break; > > - if ((protocol == 0 && !csum_fold(skb->csum)) || > > + if ((protocol != IPPROTO_TCP && protocol != IPPROTO_UDP && > > + !csum_fold(skb->csum)) || > > !csum_tcpudp_magic(iph->saddr, iph->daddr, > >skb->len - dataoff, protocol, > >skb->csum)) { > > @@ -26,7 +27,7 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int > > hook, > > } > > /* fall through */ > > case CHECKSUM_NONE: > > - if (protocol == 0) > > + if (protocol != IPPROTO_TCP && protocol != IPPROTO_UDP) > > skb->csum = 0; > > else > > skb->csum = csum_tcpudp_nofold(iph->saddr, > > iph->daddr, > > -- > > 2.7.4 > > > > > -- > - Thou shalt not follow the NULL pointer, for chaos and madness await > thee at its end > - "Use the force Harry" - Gandalf, Star Trek II -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II -- ___ linux-yocto mailing list linux-yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/linux-yocto
Re: [linux-yocto] [PATCH] netfilter: Fix remainder of pseudo-header protocol 0
On Tue, Jun 25, 2019 at 6:15 AM wrote: > > From: He Zhe > > Since v5.1-rc1, some types of packets do not get unreachable reply with the > following iptables setting. Fox example, So what's the upstream status of this ? (I haven't checked netdev yet). Bruce > > $ iptables -A INPUT -p icmp --icmp-type 8 -j REJECT > $ ping 127.0.0.1 -c 1 > PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. > — 127.0.0.1 ping statistics — > 1 packets transmitted, 0 received, 100% packet loss, time 0ms > > We should have got the following reply from command line, but we did not. > From 127.0.0.1 icmp_seq=1 Destination Port Unreachable > > Yi Zhao reported it and narrowed it down to: > 7fc38225363d ("netfilter: reject: skip csum verification for protocols that > don't support it"), > > This is because nf_ip_checksum still expects pseudo-header protocol type 0 for > packets that are of neither TCP or UDP, and thus ICMP packets are mistakenly > treated as TCP/UDP. > > This patch corrects the conditions in nf_ip_checksum and all other places that > still call it with protocol 0. > > Fixes: 7fc38225363d ("netfilter: reject: skip csum verification for protocols > that don't support it") > Reported-by: Yi Zhao > Signed-off-by: He Zhe > --- > This has been sent to upstream and would probably be handled next around. It's > worth merging it before that. > > net/netfilter/nf_conntrack_proto_icmp.c | 2 +- > net/netfilter/nf_nat_proto.c| 2 +- > net/netfilter/utils.c | 5 +++-- > 3 files changed, 5 insertions(+), 4 deletions(-) > > diff --git a/net/netfilter/nf_conntrack_proto_icmp.c > b/net/netfilter/nf_conntrack_proto_icmp.c > index a824367..dd53e2b 100644 > --- a/net/netfilter/nf_conntrack_proto_icmp.c > +++ b/net/netfilter/nf_conntrack_proto_icmp.c > @@ -218,7 +218,7 @@ int nf_conntrack_icmpv4_error(struct nf_conn *tmpl, > /* See ip_conntrack_proto_tcp.c */ > if (state->net->ct.sysctl_checksum && > state->hook == NF_INET_PRE_ROUTING && > - nf_ip_checksum(skb, state->hook, dataoff, 0)) { > + nf_ip_checksum(skb, state->hook, dataoff, IPPROTO_ICMP)) { > icmp_error_log(skb, state, "bad hw icmp checksum"); > return -NF_ACCEPT; > } > diff --git a/net/netfilter/nf_nat_proto.c b/net/netfilter/nf_nat_proto.c > index 07da077..83a24cc 100644 > --- a/net/netfilter/nf_nat_proto.c > +++ b/net/netfilter/nf_nat_proto.c > @@ -564,7 +564,7 @@ int nf_nat_icmp_reply_translation(struct sk_buff *skb, > > if (!skb_make_writable(skb, hdrlen + sizeof(*inside))) > return 0; > - if (nf_ip_checksum(skb, hooknum, hdrlen, 0)) > + if (nf_ip_checksum(skb, hooknum, hdrlen, IPPROTO_ICMP)) > return 0; > > inside = (void *)skb->data + hdrlen; > diff --git a/net/netfilter/utils.c b/net/netfilter/utils.c > index 06dc555..51b454d 100644 > --- a/net/netfilter/utils.c > +++ b/net/netfilter/utils.c > @@ -17,7 +17,8 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int > hook, > case CHECKSUM_COMPLETE: > if (hook != NF_INET_PRE_ROUTING && hook != NF_INET_LOCAL_IN) > break; > - if ((protocol == 0 && !csum_fold(skb->csum)) || > + if ((protocol != IPPROTO_TCP && protocol != IPPROTO_UDP && > + !csum_fold(skb->csum)) || > !csum_tcpudp_magic(iph->saddr, iph->daddr, >skb->len - dataoff, protocol, >skb->csum)) { > @@ -26,7 +27,7 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int > hook, > } > /* fall through */ > case CHECKSUM_NONE: > - if (protocol == 0) > + if (protocol != IPPROTO_TCP && protocol != IPPROTO_UDP) > skb->csum = 0; > else > skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr, > -- > 2.7.4 > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II -- ___ linux-yocto mailing list linux-yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/linux-yocto
[linux-yocto] [PATCH] netfilter: Fix remainder of pseudo-header protocol 0
From: He Zhe Since v5.1-rc1, some types of packets do not get unreachable reply with the following iptables setting. Fox example, $ iptables -A INPUT -p icmp --icmp-type 8 -j REJECT $ ping 127.0.0.1 -c 1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. — 127.0.0.1 ping statistics — 1 packets transmitted, 0 received, 100% packet loss, time 0ms We should have got the following reply from command line, but we did not. From 127.0.0.1 icmp_seq=1 Destination Port Unreachable Yi Zhao reported it and narrowed it down to: 7fc38225363d ("netfilter: reject: skip csum verification for protocols that don't support it"), This is because nf_ip_checksum still expects pseudo-header protocol type 0 for packets that are of neither TCP or UDP, and thus ICMP packets are mistakenly treated as TCP/UDP. This patch corrects the conditions in nf_ip_checksum and all other places that still call it with protocol 0. Fixes: 7fc38225363d ("netfilter: reject: skip csum verification for protocols that don't support it") Reported-by: Yi Zhao Signed-off-by: He Zhe --- This has been sent to upstream and would probably be handled next around. It's worth merging it before that. net/netfilter/nf_conntrack_proto_icmp.c | 2 +- net/netfilter/nf_nat_proto.c| 2 +- net/netfilter/utils.c | 5 +++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/net/netfilter/nf_conntrack_proto_icmp.c b/net/netfilter/nf_conntrack_proto_icmp.c index a824367..dd53e2b 100644 --- a/net/netfilter/nf_conntrack_proto_icmp.c +++ b/net/netfilter/nf_conntrack_proto_icmp.c @@ -218,7 +218,7 @@ int nf_conntrack_icmpv4_error(struct nf_conn *tmpl, /* See ip_conntrack_proto_tcp.c */ if (state->net->ct.sysctl_checksum && state->hook == NF_INET_PRE_ROUTING && - nf_ip_checksum(skb, state->hook, dataoff, 0)) { + nf_ip_checksum(skb, state->hook, dataoff, IPPROTO_ICMP)) { icmp_error_log(skb, state, "bad hw icmp checksum"); return -NF_ACCEPT; } diff --git a/net/netfilter/nf_nat_proto.c b/net/netfilter/nf_nat_proto.c index 07da077..83a24cc 100644 --- a/net/netfilter/nf_nat_proto.c +++ b/net/netfilter/nf_nat_proto.c @@ -564,7 +564,7 @@ int nf_nat_icmp_reply_translation(struct sk_buff *skb, if (!skb_make_writable(skb, hdrlen + sizeof(*inside))) return 0; - if (nf_ip_checksum(skb, hooknum, hdrlen, 0)) + if (nf_ip_checksum(skb, hooknum, hdrlen, IPPROTO_ICMP)) return 0; inside = (void *)skb->data + hdrlen; diff --git a/net/netfilter/utils.c b/net/netfilter/utils.c index 06dc555..51b454d 100644 --- a/net/netfilter/utils.c +++ b/net/netfilter/utils.c @@ -17,7 +17,8 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook, case CHECKSUM_COMPLETE: if (hook != NF_INET_PRE_ROUTING && hook != NF_INET_LOCAL_IN) break; - if ((protocol == 0 && !csum_fold(skb->csum)) || + if ((protocol != IPPROTO_TCP && protocol != IPPROTO_UDP && + !csum_fold(skb->csum)) || !csum_tcpudp_magic(iph->saddr, iph->daddr, skb->len - dataoff, protocol, skb->csum)) { @@ -26,7 +27,7 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook, } /* fall through */ case CHECKSUM_NONE: - if (protocol == 0) + if (protocol != IPPROTO_TCP && protocol != IPPROTO_UDP) skb->csum = 0; else skb->csum = csum_tcpudp_nofold(iph->saddr, iph->daddr, -- 2.7.4 -- ___ linux-yocto mailing list linux-yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/linux-yocto