Hello, Le lundi 11 février 2013 à 12:43 +0800, Aaron Lewis a écrit : > Hi, > > When I process a packet with libnetfilter_queue, would it be safe to: > > 1) Consider a packet is always valid, for example, > > In the callback, you extract the payload to a "char *data", now you > want the protocol id, so you check data[9], > > Is it safe if I don't check the package length first? (Would Iptables > drop it manually?) It is always good for security reason to check the length. The following document contain useful information about libnetfilter_queue: https://home.regit.org/netfilter-en/using-nfqueue-and-libnetfilter_queue/ BR, -- Eric Leblond
Attachment:
signature.asc
Description: This is a digitally signed message part
