Re: [PATCH libnetfilter_queue 0/3] pktbuff API updates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Pablo,

On Tue, May 05, 2020 at 02:30:34PM +0200, Pablo Neira Ayuso wrote:
> Hi Duncan,
>
> On Thu, Apr 30, 2020 at 04:34:04PM +1000, Duncan Roe wrote:
> [..]
> > Oh well in that case, how about:
> >
> > >	struct pkt_buff *pktb_alloc2(int family, void *buf, size_t buf_size, void *data, size_t len, size_t extra);
>
> Getting better. But why do you still need 'extra'?
>
> > I.e. exactly as you suggested in
> > https://www.spinics.net/lists/netfilter-devel/msg65830.html except s/head/buf/
> >
> > And we tell users to dimension buf to NFQ_BUFFER_SIZE. We don't even need to
> > expose pktb_head_size().
>
> NFQ_BUFFER_SIZE tells what is the maximum netlink message size coming
> from the kernel. That netlink message contains metadata and the actual
> payload data.
>
> The pktbuff structure helps you deal with the payload data, not the
> netlink message itself.

2 reasons, the first being more important:

1. We zeroise memory from 'data + len' for 'extra' bytes. This mirrors original
behaviour where calloc() was used to zeroise everything. Zeroising is only done
if a data copy is needed to mangle packet length to be larger than it was
originally. Do we need to zeroise at all? You tell me. We do need to zeroise the
'struct pkt_buff' - was that why calloc() was originally used?

2. We use extra to verify that 'buf_size' is big enough. It must be at least
'sizeof(struct pkt_buff) + (extra ? len + extra : 0)'.

If zeroising is unnecessary then yes, we don't need 'extra'. pktb_mangle() can
return 0 if 'buf_size' is inadequate. (pktb_alloc2() checks 'buf_size >=
sizeof(struct pkt_buff)' and copies 'buf_size' into the enlarged 'pktb' so it's
available to pktb_mangle()).

Cheeers ... Duncan.



[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux