I tried the 3 line code: __builtin_memcpy(skb, &ip->saddr, &src, sizeof(src); __builtin_memcpy(skb, &ip->daddr, &dst, sizeof(dst); ip->check = 0x12;
To my surprise, tc dit not reject the code in direct-action mode. IIRC, since skb must stays uncloned, the verifier will detect all the writes, which means we need to do the 'data + X > data_end' check after each write. Did I miss anything? Best wishes
