From: Duncan Roe <duncan_roe@optusnet.com.au>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Netfilter Development <netfilter-devel@vger.kernel.org>
Subject: Re: Documentation question
Date: Sun, 22 Dec 2019 13:23:51 +1100 [thread overview]
Message-ID: <20191222022351.GB1804@dimstar.local.net> (raw)
In-Reply-To: <20191221104345.GA10475@dimstar.local.net>
On Sat, Dec 21, 2019 at 09:43:45PM +1100, Duncan Roe wrote:
> On Fri, Dec 20, 2019 at 01:29:53AM +0100, Pablo Neira Ayuso wrote:
> > On Sun, Dec 15, 2019 at 01:02:20PM +1100, Duncan Roe wrote:
> > > Hi Pablo,
> > >
> > > In pktbuff.c, the doc for pktb_mangle states that "It is appropriate to use
> > > pktb_mangle to change the MAC header".
> > >
> > > This is not true. pktb_mangle always mangles from the network header onwards.
> > >
> > > I can either:
> > >
> > > Whithdraw the offending doc items
> > >
> > > OR:
> > >
> > > Adjust pktb_mangle to make the doc correct. This involves changing pktb_mangle,
> > > nfq_ip_mangle and (soon) nfq_ip6_mangle. The changes would be a no-op for
> > > AF_INET and AF_INET6 packet buffers.
> > >
> > > What do you think?
> >
> > You could fix it through signed int dataoff. So the users could
> > specify a negative offset to mangle the MAC address.
> >
> > This function was made to update layer 7 payload information to
> > implement the helpers. So dataoff usually contains the transport
> > header size.
> >
> > Let me know, thanks.
> >
> -ve offsets? There has to be a better way.
>
> When I added documentation for pktb_mangle, I assumed it mangled from
> pktb->data, rather than checking the source.
>
> That is the function I documented, and I think we need a function like that.
>
> Rather than change the behaviour of pktb_mangle when a MAC header is present, I
> propose a new function pktb_mangle2 which mangles from pktb->data onwards.
>
> pktb_mangle would call this new function, with dataoff incremented by
> pktb->network_header - pktb->data (only nonzero for AF_BRIDGE)
>
> Ok?
>
> Cheers ... Duncan.
>
On second thoughts, I'll just do the signed offset thing and have done with it.
Hope you can accept it quickly: I'll base it on master so you can apply it
before considering the pktb_usebuf() patch.
next prev parent reply other threads:[~2019-12-22 2:24 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-15 2:02 Documentation question Duncan Roe
2019-12-20 0:29 ` Pablo Neira Ayuso
2019-12-21 10:43 ` Duncan Roe
2019-12-22 2:23 ` Duncan Roe [this message]
2019-12-22 3:36 ` [PATCH libnetfilter_queue] src: pktb_mangle has signed offset arg so can mangle MAC header with -ve one Duncan Roe
2019-12-30 11:38 ` Pablo Neira Ayuso
-- strict thread matches above, loose matches on Subject: below --
2021-07-04 23:45 Documentation question Duncan Roe
2021-07-05 8:56 ` Pablo Neira Ayuso
2021-07-05 13:13 ` Duncan Roe
2021-07-05 14:42 ` Pablo Neira Ayuso
2019-11-20 23:09 Duncan Roe
2019-11-20 23:26 ` Florian Westphal
2019-11-21 5:33 ` Duncan Roe
2019-10-30 9:07 Duncan Roe
2019-10-30 9:15 ` Pablo Neira Ayuso
2019-10-30 9:38 ` Duncan Roe
2019-10-30 9:47 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191222022351.GB1804@dimstar.local.net \
--to=duncan_roe@optusnet.com.au \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).