Florian Westphal <fw@xxxxxxxxx> wrote: > Since this is a limitation of netlink this isn't fixable in nfqueue. > How to best handle this situation? > > We can either truncate and queue 0xffff - NLA_HDRLEN (i.e., cut off 4 > bytes from what will be queued), or we could refuse to queue the packet > (userspace asked for the full packet, but we can't fullfill the > request). Another method would be to "fix" this in userspace by checking for attr->nla_len < NLA_HDRLEN in combination with mnl_nlmsg_get_payload_tail(nlh) - (char *) attr >= 0xffff and then assuming that the next attribute is at 0xffff - attr->nla_len instead of attr->nla_len. But that would mean cramming very ugly code into libmnl et al. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
