From: Florian Westphal <fw@strlen.de>
To: Xin Long <lucien.xin@gmail.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
Neil Horman <nhorman@tuxdriver.com>,
network dev <netdev@vger.kernel.org>,
netfilter-devel@vger.kernel.org,
Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Subject: Re: [PATCH net] netfilter: set skb transport_header before calling sctp_compute_cksum
Date: Sat, 9 Mar 2019 10:24:34 +0100 [thread overview]
Message-ID: <20190309092434.oflik6j57yrhpkh5@breakpoint.cc> (raw)
In-Reply-To: <CADvbK_djd5ckv3nTROsmHNdr0Z5ULt7MF3MXtNYAO58mo+po7Q@mail.gmail.com>
Xin Long <lucien.xin@gmail.com> wrote:
> https://marc.info/?l=linux-netdev&m=155109395226858&w=2
> But from sctp side, Neil preferred sctp_hdr().
>
> We need to either add skb_set_transport_header() in sctp_s/dnat_handler()
> and sctp_manip_pkt(), or bring that patch back?
>
> Now it seems not good to set skb->transport_header in netfilter code.
I think its fine, but I wonder why we need to do it.
Since 21d1196a35f5686c4323e42a62fdb4b23b0ab4a3 ipv4 input path sets
transport header before netfilter. The only problem is that linear
access is illegal without may_pull checks, but in this case the
make_writable call takes care of this already.
So, why was this patch needed?
If we need it, do we also need to add it in other locations that
deal with sctp csum (e.g. in ipvs?).
Thanks,
Florian
next prev parent reply other threads:[~2019-03-09 9:24 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-03 8:17 [PATCH net] netfilter: set skb transport_header before calling sctp_compute_cksum Xin Long
2019-03-08 15:50 ` Pablo Neira Ayuso
2019-03-09 9:07 ` Xin Long
2019-03-09 9:24 ` Florian Westphal [this message]
2019-03-11 11:07 ` Neil Horman
2019-03-12 8:39 ` Xin Long
2019-03-12 9:48 ` Pablo Neira Ayuso
2019-03-12 11:01 ` Xin Long
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190309092434.oflik6j57yrhpkh5@breakpoint.cc \
--to=fw@strlen.de \
--cc=lucien.xin@gmail.com \
--cc=marcelo.leitner@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).