[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 31 May 2014 15:43:16 +0930
From: David Newall <davidn@...idnewall.com>
To: David Miller <davem@...emloft.net>
CC: bdschuym@...dora.be, fw@...len.de, stephen@...workplumber.org,
netdev@...r.kernel.org, netfilter-devel@...r.kernel.org,
bridge@...ts.linux-foundation.org, bsd@...hat.com,
vyasevich@...il.com
Subject: Re: Revert 462fb2af9788a82a534f8184abfde31574e1cfa0 (bridge : Sanitize
skb before it enters the IP stack)
On 31/05/14 10:16, David Miller wrote:
> I don't see why you don't simply keep br_parse_ip_options() around
> and adjust it as you need, you're just mostly duplicating it's
> contents into br_nf_pre_routing().
More accurately, I'm *restoring* br_parse_ip_options()'s contents to
br_nf_pre_routing(). The reasons why are twofold: I'm undoing a change
which turns out to have been a mistake; and leaving it largely as-is,
just removing the call to ip_options_compile(), would be confusing in
that the name (br_pase_ip_options()) gives an expectation of function
that would be untrue.
I can see an argument in favour of leaving br_parse_options() around,
being that it is called from three places, and thus restoring the code
removes checks which are currently being performed. They weren't being
performed before and it's not clear that they are needed, but if you say
that it would be better, I'll leave it around and just remove the call
to ip_options_compile(). Just say the word.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists