On Tue, Sep 26, 2017 at 03:28:42AM +0800, Eric Garver wrote: > On Mon, Sep 25, 2017 at 10:16:09PM +0800, Yi Yang wrote: > > + > > + length = nsh_hdr_len(nsh_hdr); > > + skb_pull(skb, length); > > Do you need to verify you can actually pull length bytes? I don't see > any guarantee.
I have added skb length check in pop_nsh, so that can verify this. > > + err = skb_ensure_writable(skb, skb_network_offset(skb) + > > + sizeof(struct nshhdr)); > > This calls pskb_may_pull(), but you're not pulling any data here. set_ipv4 and set_ipv6 also used skb_ensure_writable to check if skb has enough header length, they didn't call skb_pull in the following part, so I think this is ok. I have sent out v10 to fix all of your comments for v9, please help review v10, thanks a lot.