[PATCH]: prearation of removing skb_linearize()

Tue Sep 21 13:37:51 CEST 2004

Hi Yasuyuki,

Yasuyuki Kozakai wrote:

>Hi,
>
>I updated the patch which prepares to remove skb_linearize() from ip6_tables.c
>
>This patch uses skb_header_pointer() so that packets can be parsed even though
>skb_linearize() doesn't exist. But this patch doesn't remove skb_linearize()
>yet. We can remove it after changing all match/target modules.
>
>Moreover ...
>	- I deleted the optimization not to parse IPv6 extension header
>	  many time from previous patch. I'll send the patch to do this
>	  separately.
>	- fixed the bug that "offset" argument of match functions are always 0.
>	- deleted "hdr" and "datalen" argument and added "protoff" argument
>	  to match functions. "protoff" means the offset to Layer 4 protocol
>	  header.
>	- the argument order of target function is changed likely IPv4 modules.
>	  This prevents user from meeting kernel panic when they use old
>	  match modules.
>	- changed {tcp,udp,icmp6}_match(). These functions became very similar
>	  to codes in ip_tables.c again.
>
>I tested this patch with some configurations(attached file: "tests.txt")
>In these tests, I also used quick hack to fragment skb at the end of IPv6
>header before filtering to confirm that I didn't forget to use
>skb_header_pointer() somewhere.
>
>Double checks and more tests are welcome.
>  
>
Looks good, I'm going to review your patch more in-depth tonight.
One thing I noticed while looking over it:

>@@ -1535,26 +1546,31 @@
> 
> static int
> tcp_find_option(u_int8_t option,
>-		const struct tcphdr *tcp,
>-		u_int16_t datalen,
>+		const struct sk_buff *skb,
>+		unsigned int tcpoff,
>+		unsigned int optlen,
> 		int invert,
> 		int *hotdrop)
> {
>-	unsigned int i = sizeof(struct tcphdr);
>-	const u_int8_t *opt = (u_int8_t *)tcp;
>+	/* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
>+	char _opt[60 - sizeof(struct tcphdr)], *op;
>  
>

This should stay a u_int8_t, look at
http://netfilter.org/security/2004-06-30-2.6-tcpoption.html

Regards
Patrick