Re: Possible nftables U32 equivalent to read packet's data contents

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Raul Martinez <mraul@qti.qualcomm.com>
Cc: "netfilter@vger.kernel.org" <netfilter@vger.kernel.org>
Subject: Re: Possible nftables U32 equivalent to read packet's data contents
Date: Tue, 3 Oct 2017 15:34:44 +0200	[thread overview]
Message-ID: <20171003133444.GA2000@salvia> (raw)
In-Reply-To: <f337fb23f03b4a60ae45f24a49dd7696@nalasexr02h.na.qualcomm.com>

Hi Raul, 

On Wed, Aug 30, 2017 at 09:59:26PM +0000, Raul Martinez wrote:
> Hi all,
> 
> Looking for a way to implement an expression that can read the first few bytes of an packet's data contents.
> It seems this is only possible using raw expressions such as @ll and @nh  with an offset that goes past the header length and into the packet's data.
> Is there another keyword that supports u32 behavior that I am missing? Will this approach fail because of some internal check to prevent out of bounds reads?
> 
> Another question is if raw expressions have been fixed or is there a kernel change required to enable raw expressions?
> I still get the below error when I try to use 2017 nftables. 

Would you follow up on this patch to address my comments?

http://patchwork.ozlabs.org/patch/778719/

And send a new version?

Thanks.

     prev parent reply	other threads:[~2017-10-03 13:34 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-08-30 21:59 Possible nftables U32 equivalent to read packet's data contents Raul Martinez
2017-09-01 10:30 ` Pablo Neira Ayuso
2017-09-01 16:39   ` Raul Martinez
2017-09-04 20:55     ` Pablo Neira Ayuso
2017-09-05 17:04       ` Raul Martinez
2017-10-03 13:34 ` Pablo Neira Ayuso [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171003133444.GA2000@salvia \
    --to=pablo@netfilter.org \
    --cc=mraul@qti.qualcomm.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.