In iptables.c, somebody wrote:
>
> dprintf("ipt_hook: hook %u.\n", hook);
> /* Let locally-generated evil packets through. */
> if (hook == NF_IP_LOCAL_OUT
> && ((*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)
> || (*pskb)->len < sizeof(struct iphdr))) {
> dprintf("ipt_hook: happy cracking.\n");
> return NF_ACCEPT;
> }
Yuck! Surely there's a cleaner way to do that?
Peter