Re: [PATCH nf-next v4 1/2] net: netfilter: Add IPIP flowtable SW acceleration

Lorenzo Bianconi lorenzo@kernel.org wrote:

I guess the point is we run nf_flow_skb_encap_protocol() not only for IPIP traffic but even for plain IP traffic (e.g. IP+UDP) in nf_flow_offload_lookup(). In particular, we run the following check in nf_flow_tuple_ip() for IP+UDP traffic:

pskb_may_pull(, 28)

That is less restrictive with respect to

pskb_may_pull(, 40)

Its in different functions? 40 bytes in linear area is a prerequisite for IPIP, and a check failure will not drop the skb; we'll still progress onwards to . But ok, it will be caught later too, so lets keep it as-is.