Thread (11 messages) 11 messages, 3 authors, 2019-06-10

Re: [PATCH nf-next] netfilter: add support for matching IPv4 options

From: Florian Westphal <fw@strlen.de>
Date: 2019-06-01 08:27:37
Also in: netfilter-devel 

Pablo Neira Ayuso [off-list ref] wrote:
quoted
»       iph = skb_header_pointer(skb, *offset, sizeof(_iph), &_iph);
»       if (!iph || skb->protocol != htons(ETH_P_IP))
»       »       return -EBADMSG;
I mean, you make this check upfront from the _eval() path, ie.

static void nft_exthdr_ipv4_eval(const struct nft_expr *expr,
                                 ...
{
        ...

        if (skb->protocol != htons(ETH_P_IP))
                goto err;
Wouldn't it be preferable to just use nft_pf() != NFPROTO_IPV4?
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help