Hi, what is the policy/correct bahavior about this filed in a 'mac' module? When (and why) can I use this?
An example: I get a packet (ipv6) with an option header. It contains the type and the length. When I analyzes the packet, i have to jump to the next header with this length offset, and when I found an interesting header, I have to read from it. What should I do when the length offset points out from the packet? What should I do when the packet is truncated in the oprtion? (It has a type and length field, but the packet ends there and I have to read after these fields?) The 'return 0' is OK, but can I set the hotdrop or not? (w/o hotdrop=1, I simply discards the packet, with it, I deny the whole sending mechanism, the userspace gets back an 'operation not permitted' msg.) Regards, kisza -- Andras Kis-Szabo Security Development, Design and Audit -------------------------/ Zorp, NetFilter and IPv6 [EMAIL PROTECTED] /---------------------------------------------->