Xiao Liang <shaw.leon@xxxxxxxxx> wrote: > > But I would prefer to not mix functional and non-functional changes. > > Also, the use of the nft_tcp_header_pointer() helper is the reason why > > this doesn't result in memory corruption. > > I think this makes it explicit that > "we are modifying the original packet" > rather than > "we are modifying the packet because above skb_ensure_writable() is enough" OK, I won't argue here. > > Just use the above in nft_exthdr_tcp_set_eval and place it before the loop? > > In this case, all TCP headers will be pulled even if they don't have > the target option. Keep it simple.
