From: Hannes Frederic Sowa <han...@stressinduktion.org> Date: Thu, 16 Apr 2015 14:11:42 +0200
> On Thu, Apr 16, 2015, at 07:29, Herbert Xu wrote: >> On Thu, Apr 16, 2015 at 06:24:00AM +0100, Patrick McHardy wrote: >> > >> > Netfilter may change the contents of the packet, even change its size. >> > It is *really* hard to do this while keeping the original fragments >> > intact. >> >> Perhaps we should provide better helpers to facilitate this? >> >> So instead of directly manipulating the content of the skb you >> would so so through helpers and the helpers can then try to do >> sensible things with the fragments. > > When Florian and me started discussing how to solve this we also wanted > to be as transparent as possible. But looking at all possible > fragmentation scenarios, this seems to be too complicated. > > Even imagine a fragment with overlapping offsets and some of the > fragments got duplicated. If we had to keep this in frag_list and now > netfilter has to change any of this contents, this will become a total > mess, like changing one port in multiple skbs at different offsets. > > I doubt it is worth the effort. You guys keep talking about exceptional cases rather than what is unquestionable the common case, and the one worth handling in the fast paths. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
