[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: Is it safe to use libnetfilter_queue in these cases?
From:       Eric Leblond <eric () regit ! org>
Date:       2013-02-11 6:33:14
Message-ID: 1360564394.5195.14.camel () ice-age ! regit ! org
[Download RAW message or body]

Hello,

Le lundi 11 février 2013 à 12:43 +0800, Aaron Lewis a écrit :
> Hi,
> 
> When I process a packet with libnetfilter_queue, would it be safe to:
> 
> 1) Consider a packet is always valid, for example,
> 
> In the callback, you extract the payload to a "char *data", now you
> want the protocol id, so you check data[9],
> 
> Is it safe if I don't check the package length first? (Would Iptables
> drop it manually?)

It is always good for security reason to check the length.

The following document contain useful information about
libnetfilter_queue:
https://home.regit.org/netfilter-en/using-nfqueue-and-libnetfilter_queue/

BR,
--
Eric Leblond


["signature.asc" (application/pgp-signature)]
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[prev in list] [next in list] [prev in thread] [next in thread]