From: Florian Westphal <fw@strlen.de>
To: Lorenzo Bianconi <lorenzo@kernel.org>
Cc: "David S. Miller" <davem@davemloft.net>,
David Ahern <dsahern@kernel.org>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Simon Horman <horms@kernel.org>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Jozsef Kadlecsik <kadlec@netfilter.org>,
Shuah Khan <shuah@kernel.org>,
Andrew Lunn <andrew+netdev@lunn.ch>,
netdev@vger.kernel.org, netfilter-devel@vger.kernel.org,
coreteam@netfilter.org, linux-kselftest@vger.kernel.org
Subject: Re: [PATCH nf-next v4 1/2] net: netfilter: Add IPIP flowtable SW acceleration
Date: Mon, 21 Jul 2025 13:51:29 +0200 [thread overview]
Message-ID: <aH4pwa2PmzwRvMA5@strlen.de> (raw)
In-Reply-To: <aH4NNppbRppZojYO@lore-desk>
Lorenzo Bianconi <lorenzo@kernel.org> wrote:
> > Lorenzo Bianconi <lorenzo@kernel.org> wrote:
> > > +static bool nf_flow_ip4_encap_proto(struct sk_buff *skb, u16 *size)
> > > +{
> > > + struct iphdr *iph;
> > > +
> > > + if (!pskb_may_pull(skb, sizeof(*iph)))
> > > + return false;
> >
> > Nit: I think this could be 2 * sizeof() and a comment that we will
> > also need the inner ip header later, might save one reallocation.
>
> nf_flow_ip4_encap_proto() is used even for plain IP traffic but I guess we can
> assume the IP payload is at least 20B, right?
Oh, right, I missed that. But even if we have a.g. ip header with icmp
header, then the postconditions are the same, no?
as-is:
pskb_may_pull -> ok, then iph->protocol == IPPROTO_IPIP -> return false
with 2*iph:
pskb_may_pull -> return false
... but I'll leave it up to you, if you prefer pskb_may_pull(skb, sizeof(*iph)))
for clarity then lets keep it as-is.
> > > + iph = (struct iphdr *)skb_network_header(skb);
> > > + *size = iph->ihl << 2;
> >
> > I think this should be sanity tested vs. sizeof(iph).
>
> I guess this is already done in ip_has_options(), agree?
Indeed it is! Nevermind then :-)
next prev parent reply other threads:[~2025-07-21 11:51 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-18 10:31 [PATCH nf-next v4 0/2] Add IPIP flowtable SW acceleratio Lorenzo Bianconi
2025-07-18 10:31 ` [PATCH nf-next v4 1/2] net: netfilter: Add IPIP flowtable SW acceleration Lorenzo Bianconi
2025-07-18 13:14 ` Florian Westphal
2025-07-21 9:49 ` Lorenzo Bianconi
2025-07-21 11:51 ` Florian Westphal [this message]
2025-07-21 13:38 ` Lorenzo Bianconi
2025-07-21 13:57 ` Florian Westphal
2025-07-18 10:31 ` [PATCH nf-next v4 2/2] selftests: netfilter: nft_flowtable.sh: Add IPIP flowtable selftest Lorenzo Bianconi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aH4pwa2PmzwRvMA5@strlen.de \
--to=fw@strlen.de \
--cc=andrew+netdev@lunn.ch \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=kadlec@netfilter.org \
--cc=kuba@kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=lorenzo@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.