On Sat, Jun 01, 2019 at 02:22:30AM +0200, Pablo Neira Ayuso wrote:
> > It is the same as the IPv6 one. The offset returned is the offset to the
> > specific option (target) or the byte beyond the options if the target
> > isn't specified (< 0).
>
> Thanks for explaining. So you are using ipv6_find_hdr() as reference,
> but not sure this offset parameter is useful for this patchset since
> this is always set to zero, do you have plans to use this in a follow
> up patchset?
I developed this patchset to suit my employer needs and there is no plan
for a follow up patchset, however I think non-zero offset might be useful
in the future for tunneled packets.
> I mean, you make this check upfront from the _eval() path, ie.
>
> static void nft_exthdr_ipv4_eval(const struct nft_expr *expr,
> ...
> {
> ...
>
> if (skb->protocol != htons(ETH_P_IP))
> goto err;
Got it.
Thanks.
