lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 01 Dec 2011 12:46:08 +0100 From: Patrick McHardy <kaber@...sh.net> To: Hans Schillstrom <hans@...illstrom.com> CC: pablo@...filter.org, jengelh@...ozas.de, netfilter-devel@...r.kernel.org, netdev@...r.kernel.org, hans.schillstrom@...csson.com Subject: Re: [v4 PATCH 1/2] NETFILTER module xt_hmark, new target for HASH based fwmark On 12/01/2011 12:39 PM, Hans Schillstrom wrote: > t: Re: [v4 PATCH 1/2] NETFILTER module xt_hmark, new target for HASH based fwmark >> On 12/01/2011 12:05 PM, Hans Schillstrom wrote: >>>>>> And final question, why not simply use ipv6_skip_exthdr()? >>>>> problems with fragments... >>>> So the probem is that it will return the transport layer protocol >>>> header for fragments with frag_off == 0? We also have ipv6_find_hdr() >>>> which we could modify to indicate this in the frag_off pointer. >>> ipv6_find_hdr() will do the trick with a light modification >>> What about a wrapper like: >>> >>> int __ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, >>> int target, unsigned short *fragoff, int *fragflg) >>> { >>> ... >>> if (nexthdr == NEXTHDR_FRAGMENT) { >>> unsigned short _frag_off; >>> __be16 *fp; >>> >>> if (fragflg) >>> fragflg = 1; >>> fp = skb_header_pointer(skb, >>> start+offsetof(struct frag_hdr, >>> frag_off), >>> sizeof(_frag_off), >>> &_frag_off); >>> >>> ... >>> } >>> >>> int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, >>> int target, unsigned short *fragoff) >>> { >>> return __ipv6_find_hdr(skb, offset, terget, fragoff, NULL); >>> } >> Hmm that would require to change all current callers. > Nope, ipv6_find_hdr() looks the same, > __ipv6_find_hdr() have an extra param. Ah, right, apparently need more coffee :) >> I was more thinking of unconditionally setting *frag_off in case of >> fragments, then you can initialize it to some impossible value >> like 0xffff and determine the presence of a fragment header >> based on its value after calling ipv6_find_hdr(). > That's another way :-) > > Which one do you prefer ? You way seems cleaner to me, lets do that. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists