From: Duncan Roe <duncan_roe@optusnet.com.au>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Netfilter Development <netfilter-devel@vger.kernel.org>
Subject: Re: Documentation question
Date: Sat, 21 Dec 2019 21:43:45 +1100 [thread overview]
Message-ID: <20191221104345.GA10475@dimstar.local.net> (raw)
In-Reply-To: <20191220002953.gv25rcn7kvv43zk4@salvia>
On Fri, Dec 20, 2019 at 01:29:53AM +0100, Pablo Neira Ayuso wrote:
> On Sun, Dec 15, 2019 at 01:02:20PM +1100, Duncan Roe wrote:
> > Hi Pablo,
> >
> > In pktbuff.c, the doc for pktb_mangle states that "It is appropriate to use
> > pktb_mangle to change the MAC header".
> >
> > This is not true. pktb_mangle always mangles from the network header onwards.
> >
> > I can either:
> >
> > Whithdraw the offending doc items
> >
> > OR:
> >
> > Adjust pktb_mangle to make the doc correct. This involves changing pktb_mangle,
> > nfq_ip_mangle and (soon) nfq_ip6_mangle. The changes would be a no-op for
> > AF_INET and AF_INET6 packet buffers.
> >
> > What do you think?
>
> You could fix it through signed int dataoff. So the users could
> specify a negative offset to mangle the MAC address.
>
> This function was made to update layer 7 payload information to
> implement the helpers. So dataoff usually contains the transport
> header size.
>
> Let me know, thanks.
>
-ve offsets? There has to be a better way.
When I added documentation for pktb_mangle, I assumed it mangled from
pktb->data, rather than checking the source.
That is the function I documented, and I think we need a function like that.
Rather than change the behaviour of pktb_mangle when a MAC header is present, I
propose a new function pktb_mangle2 which mangles from pktb->data onwards.
pktb_mangle would call this new function, with dataoff incremented by
pktb->network_header - pktb->data (only nonzero for AF_BRIDGE)
Ok?
Cheers ... Duncan.
next prev parent reply other threads:[~2019-12-21 10:44 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-15 2:02 Documentation question Duncan Roe
2019-12-20 0:29 ` Pablo Neira Ayuso
2019-12-21 10:43 ` Duncan Roe [this message]
2019-12-22 2:23 ` Duncan Roe
2019-12-22 3:36 ` [PATCH libnetfilter_queue] src: pktb_mangle has signed offset arg so can mangle MAC header with -ve one Duncan Roe
2019-12-30 11:38 ` Pablo Neira Ayuso
-- strict thread matches above, loose matches on Subject: below --
2021-07-04 23:45 Documentation question Duncan Roe
2021-07-05 8:56 ` Pablo Neira Ayuso
2021-07-05 13:13 ` Duncan Roe
2021-07-05 14:42 ` Pablo Neira Ayuso
2019-11-20 23:09 Duncan Roe
2019-11-20 23:26 ` Florian Westphal
2019-11-21 5:33 ` Duncan Roe
2019-10-30 9:07 Duncan Roe
2019-10-30 9:15 ` Pablo Neira Ayuso
2019-10-30 9:38 ` Duncan Roe
2019-10-30 9:47 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191221104345.GA10475@dimstar.local.net \
--to=duncan_roe@optusnet.com.au \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.