skb_buff manipulation
by slipknothoudini from LinuxQuestions.org on (#5MB41)
I have a couple of questions in respect to skb_buff manipulation:
1) when you call skb_copy in a nf_hookfn
a) when is kfree_skb supposed to be called
b) if you wanted that skb_copy to replace the buffer that is passed into a nf_hookfn would you return NF_DROP in your hook_fn
2) If I wanted to store data and associate it with the skb_buff so I could retrieve said data (ideally on a separate endpoint) what would be the best method. All I could find was using skb_put to write the data and then doing some pointer math to find and read the data; for some reason skb_buff->tail - data_length and reading from that memory address will not work and so I do something akin to (skb_buff->data + skb_buff->len) - data_length and read from there which seems to work. Also this seems error prone considering other filters could put their own data into the data section and mess this up.
1) when you call skb_copy in a nf_hookfn
a) when is kfree_skb supposed to be called
b) if you wanted that skb_copy to replace the buffer that is passed into a nf_hookfn would you return NF_DROP in your hook_fn
2) If I wanted to store data and associate it with the skb_buff so I could retrieve said data (ideally on a separate endpoint) what would be the best method. All I could find was using skb_put to write the data and then doing some pointer math to find and read the data; for some reason skb_buff->tail - data_length and reading from that memory address will not work and so I do something akin to (skb_buff->data + skb_buff->len) - data_length and read from there which seems to work. Also this seems error prone considering other filters could put their own data into the data section and mess this up.