On Mon, 18 Aug 2003 03:42:09 +0400 (MSD) kuznet@ms2.inr.ac.ru wrote: > > First of all, you cannot mangle the packet contents. > > It has been mangled by transformation. Some day AH might not, nothing actually requires AH to mangle packet. The fact that it unshares the packet currently is because of implementation convenience not necessity. Also, there is pure IPIP xfrm case (f.e. ipcomp with no compression). No mangling and no SKB unsharing will occur in that case. It is not so big tragedy, in cases where mangling has occured already the unshare check we need to add to this MAC header editing code will simply pass. > No, really. IPIP reassigns the packet to tunnel device and > old MAC header is deleted, IPIP header becomes new MAC header. Ok. So at least two things need to be changed in Herbert's patch: 1) Must add check for necessary SKB header space before copying data in front of skb->data 2) SKB must be made unshared for mangling. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
