On Fri, Dec 20, 2019 at 01:29:53AM +0100, Pablo Neira Ayuso wrote: > On Sun, Dec 15, 2019 at 01:02:20PM +1100, Duncan Roe wrote: > > Hi Pablo, > > > > In pktbuff.c, the doc for pktb_mangle states that "It is appropriate to use > > pktb_mangle to change the MAC header". > > > > This is not true. pktb_mangle always mangles from the network header onwards. > > > > I can either: > > > > Whithdraw the offending doc items > > > > OR: > > > > Adjust pktb_mangle to make the doc correct. This involves changing pktb_mangle, > > nfq_ip_mangle and (soon) nfq_ip6_mangle. The changes would be a no-op for > > AF_INET and AF_INET6 packet buffers. > > > > What do you think? > > You could fix it through signed int dataoff. So the users could > specify a negative offset to mangle the MAC address. > > This function was made to update layer 7 payload information to > implement the helpers. So dataoff usually contains the transport > header size. > > Let me know, thanks. > -ve offsets? There has to be a better way. When I added documentation for pktb_mangle, I assumed it mangled from pktb->data, rather than checking the source. That is the function I documented, and I think we need a function like that. Rather than change the behaviour of pktb_mangle when a MAC header is present, I propose a new function pktb_mangle2 which mangles from pktb->data onwards. pktb_mangle would call this new function, with dataoff incremented by pktb->network_header - pktb->data (only nonzero for AF_BRIDGE) Ok? Cheers ... Duncan.
