From: Patrick McHardy <kaber@trash.net>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: Netfilter Developer Mailing List <netfilter-devel@vger.kernel.org>
Subject: Re: 4/7 [NETFILTER]: xt_length match, revision 1
Date: Thu, 04 Sep 2008 16:56:18 +0200 [thread overview]
Message-ID: <48BFF712.3020301@trash.net> (raw)
In-Reply-To: <alpine.LNX.1.10.0808131927360.13154@fbirervta.pbzchgretzou.qr>
Jan Engelhardt wrote:
> commit 60425bec17c83f58e5ef1e833898a65af292cf64
> Author: Jan Engelhardt <jengelh@computergmbh.de>
> Date: Sun Aug 10 17:46:28 2008 -0400
>
> [NETFILTER]: xt_length match, revision 1
>
> Introduce xt_length match revision 1. It adds support for layer-4,
> layer-5 and layer-7 length matching. It is much easier than writing
> up the according xt_u32 magic.
>
> This can be used for packet scheduling; specific example are online
> games where all data is transferred over the same port, but the
> regular gameplay has a characteristically lower packet size than bulk
> downloads of game maps. (Tested with Unreal Tournament 99.)
I still think this is too ugly to live, additionally:
> +static bool
> +xtlength_layer7_sctp(unsigned int *length, const struct sk_buff *skb,
> + unsigned int offset)
> +{
> + const struct sctp_chunkhdr *ch;
> + struct sctp_chunkhdr chbuf;
> + unsigned int pos;
> +
> + *length = 0;
> + for (pos = sizeof(struct sctphdr); pos < skb->len;
> + pos += ntohs(ch->length)) {
Endless loop
> + ch = skb_header_pointer(skb, offset + pos,
> + sizeof(chbuf), &chbuf);
> + if (ch == NULL)
> + return false;
> + if (ch->type != SCTP_CID_DATA)
> + continue;
> + *length += ntohs(ch->length);
> + }
> + return true;
> +}
next prev parent reply other threads:[~2008-09-04 14:56 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-13 23:25 1/7 [NETFILTER]: Use unsigned types for hooknum and pf vars Jan Engelhardt
2008-08-13 23:27 ` 2/7 [NETFILTER]: Rename ipt_recent to xt_recent Jan Engelhardt
2008-09-04 14:45 ` Patrick McHardy
2008-08-13 23:27 ` 3/7 [NETFILTER]: xt_recent: IPv6 support Jan Engelhardt
2008-09-04 14:48 ` Patrick McHardy
2008-08-13 23:27 ` 4/7 [NETFILTER]: xt_length match, revision 1 Jan Engelhardt
2008-09-04 14:56 ` Patrick McHardy [this message]
2008-09-04 15:56 ` Jan Engelhardt
2008-09-04 15:58 ` Patrick McHardy
2008-08-13 23:42 ` 5/7 [NETFILTER]: Introduce NFPROTO_* constants Jan Engelhardt
2008-09-04 14:59 ` Patrick McHardy
2008-08-13 23:43 ` 6/7 [NETFILTER]: Use NFPROTO_* in extensions Jan Engelhardt
2008-09-04 15:05 ` Patrick McHardy
2008-09-04 16:01 ` Patrick McHardy
2008-08-13 23:44 ` 7/7 [NETFILTER]: Implement NFPROTO_UNSPEC as a wildcard for extensions Jan Engelhardt
2008-09-04 15:10 ` Patrick McHardy
2008-09-04 15:41 ` Jan Engelhardt
2008-09-04 14:34 ` 1/7 [NETFILTER]: Use unsigned types for hooknum and pf vars Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48BFF712.3020301@trash.net \
--to=kaber@trash.net \
--cc=jengelh@medozas.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.