[Bug 1707] iptables-extensions man page misleading for --to
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Tue Sep 26 15:26:11 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1707
Phil Sutter <phil at nwl.cc> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
CC| |pablo at netfilter.org,
| |phil at nwl.cc
--- Comment #1 from Phil Sutter <phil at nwl.cc> ---
I don't quite understand the code in skb_seq_read(), but it seems to me like
this may return a larger block than was requested in skb_prepare_seq_read() if
the skb is not fragmented. So the --to value may be relevant for fragmented
traffic only. Did you try that?
If the above is right, the man page is wrong in that it promises an upper
boundary for packet data being scanned which is not. It merely ensures the
scanner is able to read up to the given offset.
The example is wrong in that it searches a string of 19 characters in a range
of 16 bytes. But given the above, it still works.
Pablo, am I on the right track? Could you please review?
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230926/18987052/attachment.html>
More information about the netfilter-buglog
mailing list