On 2017-03-22 12:11, Pablo Neira Ayuso wrote: > On Wed, Mar 22, 2017 at 03:05:36AM -0400, Richard Guy Briggs wrote: > > Even though the skb->data pointer has been moved from the link layer > > header to the network layer header, use the same method to calculate the > > offset in ipv4 and ipv6 routines. > > > > Signed-off-by: Richard Guy Briggs <rgb@xxxxxxxxxx> > > --- > > net/netfilter/xt_AUDIT.c | 2 +- > > 1 files changed, 1 insertions(+), 1 deletions(-) > > > > diff --git a/net/netfilter/xt_AUDIT.c b/net/netfilter/xt_AUDIT.c > > index 4973cbd..cdb7cee 100644 > > --- a/net/netfilter/xt_AUDIT.c > > +++ b/net/netfilter/xt_AUDIT.c > > @@ -76,7 +76,7 @@ static void audit_ip4(struct audit_buffer *ab, struct sk_buff *skb) > > struct iphdr _iph; > > const struct iphdr *ih; > > > > - ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph); > > + ih = skb_header_pointer(skb, skb_network_offset(skb), sizeof(_iph), &_iph); > > This update is completely pointless. Its point is to be consistent with audit_ip6() and to prevent further time consumed by confusion and head-scratching. I know it is slightly slower with an identical result. > If you want I can place it in nf-next, your call. I'd prefer to bring it through the audit-next tree to avoid the merge conflict. - RGB -- Richard Guy Briggs <rgb@xxxxxxxxxx> Kernel Security Engineering, Base Operating Systems, Red Hat Remote, Ottawa, Canada Voice: +1.647.777.2635, Internal: (81) 32635 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
