From: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
To: kadlec@blackhole.kfki.hu
Cc: yasuyuki.kozakai@toshiba.co.jp, kaber@trash.net,
netfilter-devel@lists.netfilter.org, laforge@netfilter.org,
kisza@securityaudit.hu, usagi-core@linux-ipv6.org
Subject: Re: [PATCH]: 1st step to remove skb_linearize() in ip6_tables.c and optimization
Date: Fri, 25 Jun 2004 00:06:49 +0900 (JST) [thread overview]
Message-ID: <200406241506.AAA06087@toshiba.co.jp> (raw)
In-Reply-To: <Pine.LNX.4.33.0406241510140.8190-100000@blackhole.kfki.hu>
Hi,
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Thu, 24 Jun 2004 15:25:54 +0200 (CEST)
> > > The function would make the full IP[v6], transport protocol (and IPv6
> > > option protocol) headers writable and could be called from nf_hook_slow.
> >
> > skb is not required to be writable. if skb_headlen(skb) is greater than
> > the length required to be linear, copying is not needed even though skb is
> > shared or clone.
>
> Your're of course right. For matching we don't really need the headers to
> be writable, linear is just enough. However mangle and NAT requires
> writable headers because typically we modify the headers only (let's not
> consider the conntrack/NAT protocol helpers).
>
> > And one issue is that the argument "skb" in match() is const. Can we
> > really remove it ?
>
> I'm confused: why should we remove it? The function would be called
> directly from nf_hook_slow and not from the matches.
Sorry, I misstook. But why nf_hook_slow() ? I think users expect that
skb is not linearized if ip_tables.ko is not loaded.
Then how about ipt_do_table() or hooks in iptable_filter.c ?
> > And I'm not sure about IPv6. At least, I don't like to skip IPv6 extension
> > header in skb_ip6_make_writable() to figure out that skb should be copied
> > or pulled.
>
> I'm unfamiliar with the deep magic behind IPv6: I simply assumed that
> linear headers up to the transport protocol headers in IPv6 would just be
> fine and enough for the matches. That'd require an ugly processing header
> by header in skb_ip6_make_headers_linear ;-), I think.
In the first place, I don't understand why skb_ip_make_writable() checks
required length is up to the transport protocol header or not.
If skb_ip6_make_headers_linear() will check that too, extension headers are
skipped many times. That's why I don't like it. I want to reduce the number of
times of skipping extension headers as possible.
Regards,
> I'll try to cook some code to see how it'd come out.
>
> Best regards,
> Jozsef
> -
> E-mail : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
> PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
> Address : KFKI Research Institute for Particle and Nuclear Physics
> H-1525 Budapest 114, POB. 49, Hungary
-----------------------------------------------------------------
Yasuyuki KOZAKAI @ USAGI Project <yasuyuki.kozakai@toshiba.co.jp>
next prev parent reply other threads:[~2004-06-24 15:06 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-24 4:04 [PATCH]: 1st step to remove skb_linearize() in ip6_tables.c and optimization Yasuyuki Kozakai
2004-06-24 8:13 ` Andras Kis-Szabo
2004-06-24 10:12 ` Yasuyuki Kozakai
2004-06-24 10:24 ` Jozsef Kadlecsik
2004-06-24 10:35 ` Yasuyuki Kozakai
2004-06-24 11:26 ` Patrick McHardy
2004-06-24 11:50 ` Jozsef Kadlecsik
2004-06-24 13:04 ` Yasuyuki Kozakai
2004-06-24 13:25 ` Jozsef Kadlecsik
2004-06-24 13:48 ` (usagi-core 18584) " YOSHIFUJI Hideaki / 吉藤英明
2004-06-24 15:06 ` Yasuyuki Kozakai [this message]
2004-06-24 16:50 ` Patrick McHardy
2004-06-25 4:57 ` Yasuyuki Kozakai
2004-06-25 10:01 ` Jozsef Kadlecsik
2004-06-26 7:25 ` Yasuyuki Kozakai
2004-07-21 21:36 ` Harald Welte
2004-07-29 6:09 ` Yasuyuki Kozakai
2004-08-01 16:46 ` Harald Welte
2004-08-01 17:08 ` Patrick McHardy
2004-08-01 18:11 ` Harald Welte
2004-08-02 4:05 ` Yasuyuki Kozakai
2004-08-07 21:05 ` Yasuyuki Kozakai
2004-08-09 1:40 ` Yasuyuki Kozakai
2004-06-25 9:53 ` Harald Welte
2004-06-28 20:31 ` Patrick McHardy
2004-07-06 10:20 ` Patrick McHardy
2004-07-06 10:35 ` Harald Welte
2004-07-06 22:59 ` Pablo Neira
2004-07-06 23:33 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200406241506.AAA06087@toshiba.co.jp \
--to=yasuyuki.kozakai@toshiba.co.jp \
--cc=kaber@trash.net \
--cc=kadlec@blackhole.kfki.hu \
--cc=kisza@securityaudit.hu \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=usagi-core@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.