From: Patrick McHardy <kaber@xxxxxxxxx> Date: Tue, 18 Nov 2008 11:49:18 +0100 > Pablo Neira Ayuso wrote: > > SKF_AD_NLATTR allows us to find the first matching attribute in a > > stream of netlink attributes from one offset to the end of the > > netlink message. This is not suitable to look for a specific > > matching inside a set of nested attributes. > > For example, in ctnetlink messages, if we look for the CTA_V6_SRC > > attribute in a message that talks about an IPv4 connection, > > SKF_AD_NLATTR returns the offset of CTA_STATUS which has the same > > value of CTA_V6_SRC but outside the nest. To differenciate > > CTA_STATUS and CTA_V6_SRC, we would have to make assumptions on the > > size of the attribute and the usual offset, resulting in horrible > > BSF code. > > This patch adds SKF_AD_NLATTR_NEST, which is a variant of > > SKF_AD_NLATTR, that looks for an attribute inside the limits of > > a nested attributes, but not further. > > This patch validates that we have enough room to look for the > > nested attributes - based on a suggestion from Patrick McHardy. > > Looks good, thanks Pablo. > > Acked-by: Patrick McHardy <kaber@xxxxxxxxx> Applied, thanks everyone. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
