From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Hi, The following patches aim to provide a workaround for the problem described by Florian Westphal in: http://marc.info/?l=netfilter-devel&m=134519473212536&w=2 The idea (by now) is to limit the maximum support length to what we can handle, which is 65535 - 4 bytes and add a new attribute that allows us to know the real packet length in the kernel. Pablo Neira Ayuso (2): netfilter: nfnetlink_queue: fix maximum packet length to userspace netfilter: nfnetlink_queue: add NFQA_CAP_LEN attribute include/linux/netfilter/nfnetlink_queue.h | 1 + net/netfilter/nfnetlink_queue_core.c | 19 ++++++++++++++----- 2 files changed, 15 insertions(+), 5 deletions(-) -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
