From: Josh Hunt <johunt@akamai.com>
To: Jan Engelhardt <jengelh@inai.de>
Cc: "netfilter-devel@vger.kernel.org" <netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH 1/3] xtables: tarpit: Make tarpit code generic
Date: Sun, 08 Jul 2012 08:58:37 -0500 [thread overview]
Message-ID: <4FF9920D.2000808@akamai.com> (raw)
In-Reply-To: <alpine.LNX.2.01.1207081448340.29827@frira.zrqbmnf.qr>
On 07/08/2012 07:58 AM, Jan Engelhardt wrote:
>
> On Saturday 2012-07-07 23:20, Josh Hunt wrote:
>
>> Moves TCP header manipulation into a separate function to allow code-sharing for
>> IPv6 support.
>
> Hi Josh,
>
>
> in your patch, you seem to oversee that the tarpit_generic block that
> you are moving into a new function had "return;"s to exit from
> the tarpit_tcp function. With your change,
>
>> + niph->tot_len = htons(nskb->len);
>> + tcph->urg_ptr = 0;
>> + /* Reset flags */
>> + ((u_int8_t *)tcph)[13] = 0;
>> +
>> + tarpit_generic(oth, tcph, payload, mode);
>>
>> /* Adjust TCP checksum */
>> tcph->check = 0;
>
> The checksum code (and what follows) it will be executed in all cases,
> even though TCP RST are supposed not to get any reply per the comment.
>
> tarpit_generic would have to return a bool value propagating this
> exit style. In other words,
>
>
> static bool tarpit_generic
> {
> if (mode == XTTARPIT_TARPIT)
> /* No replies for RST, FIN , ... */
> if (oth->rst ...)
> return false;
> }
> ...
> return true;
> }
>
> static void tarpit_tcp
> {
> ...
> if (!tarpit_generic())
> return;
> tcph->check = 0;
> ...
> }
Doh! Yep totally overlooked that. Thanks for catching. Will update and
resend.
>
> It would also be appreciated if you could move each case
> (XTTARPIT_{TARPIT,HONEYPOT,RESET}) into their own functions in three
> patches added to the front of the set.
> (Reduces indent and makes the diffs simpler.)
>
Sure. I'll do this as well.
Thanks for the review.
Josh
next prev parent reply other threads:[~2012-07-08 13:58 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-07 21:20 [PATCH 0/3] IPv6 tarpit support Josh Hunt
2012-07-07 21:20 ` [PATCH 1/3] xtables: tarpit: Make tarpit code generic Josh Hunt
2012-07-08 12:58 ` Jan Engelhardt
2012-07-08 13:58 ` Josh Hunt [this message]
2012-07-07 21:21 ` [PATCH 2/3] xtables: tarpit: Add IPv6 support Josh Hunt
2012-07-07 21:21 ` [PATCH 3/3] xtables: libxt_TARPIT: Enable " Josh Hunt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FF9920D.2000808@akamai.com \
--to=johunt@akamai.com \
--cc=jengelh@inai.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.