[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter
Subject: Re: Is it safe to use libnetfilter_queue in these cases?
From: Eric Leblond <eric () regit ! org>
Date: 2013-02-11 6:33:14
Message-ID: 1360564394.5195.14.camel () ice-age ! regit ! org
[Download RAW message or body]
Hello,
Le lundi 11 février 2013 à 12:43 +0800, Aaron Lewis a écrit :
> Hi,
>
> When I process a packet with libnetfilter_queue, would it be safe to:
>
> 1) Consider a packet is always valid, for example,
>
> In the callback, you extract the payload to a "char *data", now you
> want the protocol id, so you check data[9],
>
> Is it safe if I don't check the package length first? (Would Iptables
> drop it manually?)
It is always good for security reason to check the length.
The following document contain useful information about
libnetfilter_queue:
https://home.regit.org/netfilter-en/using-nfqueue-and-libnetfilter_queue/
BR,
--
Eric Leblond
["signature.asc" (application/pgp-signature)]
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic