Jan Engelhardt wrote:
On Thursday 2008-09-04 10:56, Patrick McHardy wrote:
[NETFILTER]: xt_length match, revision 1
Introduce xt_length match revision 1. It adds support for layer-4,
layer-5 and layer-7 length matching. It is much easier than writing
up the according xt_u32 magic.
I still think this is too ugly to live
Do you have a better suggestion?
Not currently, too busy catching up. Lets revisit this later.
+static bool
+xtlength_layer7_sctp(unsigned int *length, const struct sk_buff *skb,
+ unsigned int offset)
+{
+ const struct sctp_chunkhdr *ch;
+ struct sctp_chunkhdr chbuf;
+ unsigned int pos;
+
+ *length = 0;
+ for (pos = sizeof(struct sctphdr); pos < skb->len;
+ pos += ntohs(ch->length)) {
Endless loop
It should have been
pos = offset + sizeof(struct sctphdr)
right? If not, where is the endless loop?
ch->length may be zero. It should round up to multiples of four.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
