lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Thu, 01 Dec 2011 12:46:08 +0100
From:	Patrick McHardy <kaber@...sh.net>
To:	Hans Schillstrom <hans@...illstrom.com>
CC:	pablo@...filter.org, jengelh@...ozas.de,
	netfilter-devel@...r.kernel.org, netdev@...r.kernel.org,
	hans.schillstrom@...csson.com
Subject: Re: [v4 PATCH 1/2] NETFILTER module xt_hmark, new target 	for HASH
 based fwmark

On 12/01/2011 12:39 PM, Hans Schillstrom wrote:
> t: Re: [v4 PATCH 1/2] NETFILTER module xt_hmark, new target for HASH based fwmark
>> On 12/01/2011 12:05 PM, Hans Schillstrom wrote:
>>>>>> And final question, why not simply use ipv6_skip_exthdr()?
>>>>> problems with fragments...
>>>> So the probem is that it will return the transport layer protocol
>>>> header for fragments with frag_off == 0? We also have ipv6_find_hdr()
>>>> which we could modify to indicate this in the frag_off pointer.
>>> ipv6_find_hdr() will do the trick with a light modification
>>> What about a wrapper like:
>>>
>>> int __ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
>>> 		  int target, unsigned short *fragoff,  int *fragflg)
>>> {
>>> ...
>>> 		if (nexthdr == NEXTHDR_FRAGMENT) {
>>> 			unsigned short _frag_off;
>>> 			__be16 *fp;
>>>
>>> 			if (fragflg)
>>> 			        fragflg = 1;
>>> 			fp = skb_header_pointer(skb,
>>> 						start+offsetof(struct frag_hdr,
>>> 							       frag_off),
>>> 						sizeof(_frag_off),
>>> 						&_frag_off);
>>>
>>> ...
>>> }
>>>
>>> int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
>>> 		  int target, unsigned short *fragoff)
>>> {
>>>           return __ipv6_find_hdr(skb, offset, terget, fragoff, NULL);
>>> }
>> Hmm that would require to change all current callers.
> Nope, ipv6_find_hdr()  looks the same,
> __ipv6_find_hdr() have an extra param.

Ah, right, apparently need more coffee :)

>> I was more thinking of unconditionally setting *frag_off in case of
>> fragments, then you can initialize it to some impossible value
>> like 0xffff and determine the presence of a fragment header
>> based on its value after calling ipv6_find_hdr().
> That's another way  :-)
>
> Which one do you prefer ?

You way seems cleaner to me, lets do that.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists