skb->h not initialized

skb->h not initialized

[Jan Engelhardt]

Hi,


while writing a netfilter match module I found that, when run,
skb->h.th is not set to the TCP header (it is assured that the packet 
_is_ TCP), as this printk shows me:

skb: h.th=cb5bc4dc nh.iph=cb5bc4dc mac.raw=cb5bc4ce head=cb5bc400 
data=cb5bc4dc tail=cb5bc510 end=cb5bc580

Is it intended that skb->h.th is not set to skb->data + length of ip 
header (skb->data+protoff as far as netfilter matches are concerned)?


	-`J'
-- 

Re: skb->h not initialized

[Pablo Neira Ayuso]

Jan Engelhardt wrote:
> while writing a netfilter match module I found that, when run,
> skb->h.th is not set to the TCP header (it is assured that the packet 
> _is_ TCP), as this printk shows me:
> 
> skb: h.th=cb5bc4dc nh.iph=cb5bc4dc mac.raw=cb5bc4ce head=cb5bc400 
> data=cb5bc4dc tail=cb5bc510 end=cb5bc580
> 
> Is it intended that skb->h.th is not set to skb->data + length of ip 
> header (skb->data+protoff as far as netfilter matches are concerned)?

The netfilter hooks are placed in the network layer, therefore skb->h.th
is not set in the input path since the packet did not reach the
transport layer yet (prerouting/input), but it is set in the output path
because it already passed by the transport layer (output/postrouting).

BTW, I'm unsure that this can be of interest in the linux-kernel list,
please there's no need to cc everyone. Use netfilter or linux-net
instead next time.

-- 
The dawn of the fourth age of Linux firewalling is coming; a time of
great struggle and heroic deeds -- J.Kadlecsik got inspired by J.Morris