Hi,

what is the policy/correct bahavior about this filed in a 'mac' module?
When (and why) can I use this?

An example: I get a packet (ipv6) with an option header. It contains the
type and the length. When I analyzes the packet, i have to jump to the
next header with this length offset, and when I found an interesting
header, I have to read from it.
What should I do when the length offset points out from the packet?
What should I do when the packet is truncated in the oprtion? (It has a
type and length field, but the packet ends there and I have to read
after these fields?)
The 'return 0' is OK, but can I set the hotdrop or not?
(w/o hotdrop=1, I simply discards the packet,
 with it, I deny the whole sending mechanism, the userspace gets back an
'operation not permitted' msg.)

Regards,

        kisza

-- 
    Andras Kis-Szabo       Security Development, Design and Audit
-------------------------/       Zorp, NetFilter and IPv6
 [EMAIL PROTECTED] /---------------------------------------------->


Reply via email to