netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Duncan Roe <duncan_roe@optusnet.com.au>
To: Netfilter Development <netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH libnetfilter_queue 0/3] pktbuff API updates
Date: Wed, 6 May 2020 10:57:15 +1000	[thread overview]
Message-ID: <20200506005715.GA26529@dimstar.local.net> (raw)
In-Reply-To: <20200505123034.GA16780@salvia>

Hi Pablo,

On Tue, May 05, 2020 at 02:30:34PM +0200, Pablo Neira Ayuso wrote:
> Hi Duncan,
>
> On Thu, Apr 30, 2020 at 04:34:04PM +1000, Duncan Roe wrote:
> [..]
> > Oh well in that case, how about:
> >
> > >	struct pkt_buff *pktb_alloc2(int family, void *buf, size_t buf_size, void *data, size_t len, size_t extra);
>
> Getting better. But why do you still need 'extra'?
>
> > I.e. exactly as you suggested in
> > https://www.spinics.net/lists/netfilter-devel/msg65830.html except s/head/buf/
> >
> > And we tell users to dimension buf to NFQ_BUFFER_SIZE. We don't even need to
> > expose pktb_head_size().
>
> NFQ_BUFFER_SIZE tells what is the maximum netlink message size coming
> from the kernel. That netlink message contains metadata and the actual
> payload data.
>
> The pktbuff structure helps you deal with the payload data, not the
> netlink message itself.

2 reasons, the first being more important:

1. We zeroise memory from 'data + len' for 'extra' bytes. This mirrors original
behaviour where calloc() was used to zeroise everything. Zeroising is only done
if a data copy is needed to mangle packet length to be larger than it was
originally. Do we need to zeroise at all? You tell me. We do need to zeroise the
'struct pkt_buff' - was that why calloc() was originally used?

2. We use extra to verify that 'buf_size' is big enough. It must be at least
'sizeof(struct pkt_buff) + (extra ? len + extra : 0)'.

If zeroising is unnecessary then yes, we don't need 'extra'. pktb_mangle() can
return 0 if 'buf_size' is inadequate. (pktb_alloc2() checks 'buf_size >=
sizeof(struct pkt_buff)' and copies 'buf_size' into the enlarged 'pktb' so it's
available to pktb_mangle()).

Cheeers ... Duncan.

  reply	other threads:[~2020-05-06  0:57 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-26 13:23 [PATCH libnetfilter_queue 0/3] pktbuff API updates Pablo Neira Ayuso
2020-04-26 13:23 ` [PATCH libnetfilter_queue 1/3] pktbuff: add pktb_alloc_head() and pktb_build_data() Pablo Neira Ayuso
2020-04-30  5:41   ` Duncan Roe
2020-04-26 13:23 ` [PATCH libnetfilter_queue 2/3] example: nf-queue: use pkt_buff Pablo Neira Ayuso
2020-05-14  4:35   ` Duncan Roe
2020-05-14  4:35   ` [PATCH libnetfilter_queue 1/1] example: nf-queue: use pkt_buff (updated) Duncan Roe
2020-04-26 13:23 ` [PATCH libnetfilter_queue 3/3] pktbuff: add pktb_reset_network_header() and pktb_set_network_header() Pablo Neira Ayuso
2020-04-27 11:06 ` [PATCH libnetfilter_queue 0/3] pktbuff API updates Duncan Roe
2020-04-27 17:06   ` Pablo Neira Ayuso
2020-04-28  4:33     ` Duncan Roe
2020-04-28 10:34       ` Pablo Neira Ayuso
2020-04-28 21:14         ` Duncan Roe
2020-04-28 22:55           ` Pablo Neira Ayuso
2020-04-29 13:28             ` Duncan Roe
2020-04-29 19:00               ` Pablo Neira Ayuso
2020-04-29 19:54                 ` Duncan Roe
2020-04-29 21:12                   ` Pablo Neira Ayuso
2020-04-29 19:10               ` Duncan Roe
2020-04-29 19:16                 ` Pablo Neira Ayuso
2020-04-29 20:30                   ` Duncan Roe
2020-04-29 21:05                     ` Pablo Neira Ayuso
2020-04-30  6:34                       ` Duncan Roe
2020-05-02 12:50                         ` Duncan Roe
2020-05-05 12:30                         ` Pablo Neira Ayuso
2020-05-06  0:57                           ` Duncan Roe [this message]
2020-05-06  2:39                             ` Duncan Roe
2020-05-08  1:13                           ` Duncan Roe
2020-05-09  8:26                           ` Duncan Roe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200506005715.GA26529@dimstar.local.net \
    --to=duncan_roe@optusnet.com.au \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).