On Mon, Mar 11, 2019 at 7:08 PM Neil Horman <nhorman@xxxxxxxxxxxxx> wrote: > > On Sat, Mar 09, 2019 at 10:24:34AM +0100, Florian Westphal wrote: > > Xin Long <lucien.xin@xxxxxxxxx> wrote: > > > https://marc.info/?l=linux-netdev&m=155109395226858&w=2 > > > But from sctp side, Neil preferred sctp_hdr(). > > > > > > We need to either add skb_set_transport_header() in sctp_s/dnat_handler() > > > and sctp_manip_pkt(), or bring that patch back? > > > > > > Now it seems not good to set skb->transport_header in netfilter code. > > > > I think its fine, but I wonder why we need to do it. > > > > Since 21d1196a35f5686c4323e42a62fdb4b23b0ab4a3 ipv4 input path sets > > transport header before netfilter. The only problem is that linear > > access is illegal without may_pull checks, but in this case the > > make_writable call takes care of this already. > > > Yes, this. It seems to me we should be setting the transport header prior to > ever getting into the netfilter code, which does imply that we need the may_pull > check to linearize enough of the packet to do so, just like tcp and udp do. > > > So, why was this patch needed? The issue was reported when going to nf_conntrack by br_netfilter's bridge-nf-call-iptables, which could be: br_prerouting->inet_prerouting-> br_forward->inet_forward-> br_postrouting->inet_postrouting > > If we need it, do we also need to add it in other locations that > > deal with sctp csum (e.g. in ipvs?). So ipvs hooks are in inet_local_in/out, sctp_s/dnat_handler() won't be affected. But the one in sctp_manip_pkt() that may be in inet_pre/postrouting will need to set it. I will post v2 with skb_set_transport_header(skb, dataoff) added in sctp_manip_pkt(). agreed? > > > This is a fair question, and I'm not yet sure of the answer. > > > Thanks, > > Florian > >
