From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ola Nordstrom Subject: Re: icmp hdr incorrect in skbuff Date: Mon, 11 Nov 2002 11:54:25 -0500 Sender: netfilter-devel-admin@lists.netfilter.org Message-ID: <20021111165425.GA4721@fork.triblock.com> References: <20021111074147.GA29344@fork.triblock.com> <20021111081435.GA336@oknodo.bof.de> Reply-To: ola@triblock.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: To: netfilter-devel@lists.netfilter.org Content-Disposition: inline In-Reply-To: <20021111081435.GA336@oknodo.bof.de> Errors-To: netfilter-devel-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Unsubscribe: , List-Archive: List-Id: netfilter-devel.vger.kernel.org On Mon, Nov 11, 2002 at 09:14:35AM +0100, Patrick Schaaf wrote: > > (*skb)->h.icmph->type > > Where did you get the idea that h.icmph would be set sensibly > inside netfilter hooks? What hook, exactly, are you talking > about? Your description doesn't say that clearly, and it could > be crucial to know. nf_register_hook(&post_routing_ops) > > My gut guess would be that h.icmph would only be set correctly when > the icmp parts of the Linux network stack had their hands on the > skbuff under inspection. > > In other words, I would expect it to be valid only for echo replies > sent by the machine itself. > > Conceptually, to me, the netfilter hooks used by iptables sit > at the IP layer. Access to other layers must be implemented > locally in iptables match/target code, by working up from > the IP header (or down, to get at L2 framing, if that exists). Ok. I was under the impression that the headers above IP would be set properly inside the skbuff aswell. None of the docs really made this clear. > > Hope this helps. If I'm not talking sense, somebody shoot the argument. Yes. Thanks! -Ola