Jan Engelhardt <jengelh@xxxxxxx> wrote:
> On Friday 2013-01-25 00:08, Florian Westphal wrote:
> >@@ -35,10 +35,18 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb,
> > {
> > unsigned int optl, i, j;
> > struct tcphdr *tcph;
> >+ struct tcphdr _tcph;
> > u_int16_t n, o;
> > u_int8_t *opt;
> >
> >- if (!skb_make_writable(skb, skb->len))
> >+ if (skb->len < minlen)
> >+ return XT_CONTINUE;
> >+
> >+ tcph = skb_header_pointer(skb, tcphoff, sizeof(_tcph), &_tcph);
> >+ if (!tcph)
> >+ return XT_CONTINUE; /* no options -> nothing to do */
>
> To the best of my analysis, the "no options" comment is incorrect here,
> because you are not even looking at the options so far, but only tcph.
Yup.
> The prose should probably be something like:
> if (iph->frag_off & htons(IP_OFFSET)) != 0)
> /* not the first fragment - lost case */
> return XT_CONTINUE;
[..]
Can to submit a patch?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
