From 288d2171a6be20c5cf70f35bb3def94c81e4af9c Mon Sep 17 00:00:00 2001
From: Ben Pfaff <blp@nicira.com>
Date: Tue, 11 Nov 2008 13:33:24 -0800
Subject: [PATCH] In handle_arp_snat() and snat_pre_route() pull enough payload
 into the headers.

There is no guarantee that the device put any data at all into the header.
The e1000 device, for example, appears to not put any data into the header
when the packet is longer than its configured copybreak value, which is
256 bytes by default.  So we need to do it ourselves.
---
 datapath/nx_act_snat.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/datapath/nx_act_snat.c b/datapath/nx_act_snat.c
index 633428578..8bf2ed71b 100644
--- a/datapath/nx_act_snat.c
+++ b/datapath/nx_act_snat.c
@@ -205,6 +205,9 @@ handle_arp_snat(struct sk_buff *skb)
 	struct net_bridge_port *p = skb->dev->br_port;
 	struct ip_arphdr *ah = (struct ip_arphdr *)arp_hdr(skb);
 
+	if (!pskb_may_pull(skb, sizeof *ah))
+		return 0;
+
 	if ((ah->ar_op != htons(ARPOP_REQUEST)) 
 			|| ah->ar_hln != ETH_ALEN
 			|| ah->ar_pro != htons(ETH_P_IP)
@@ -305,6 +308,9 @@ snat_pre_route(struct sk_buff *skb)
 	else if (skb->protocol != htons(ETH_P_IP)) 
 		return 0;
 
+	if (!pskb_may_pull(skb, sizeof *iph))
+		goto ipv4_error;
+
 	iph = ip_hdr(skb);
 	if (iph->ihl < 5 || iph->version != 4)
 		goto ipv4_error;
-- 
2.43.0