Some of our dated conntrack helpers assume skbs can't contain tcp packets larger than 64kb. Update those. For SANE, I don't see a reason for the 'full-packet-copy', just extract the sane header. For h323, packet gets capped at 64k; larger one will be seen as truncated. For irc, cap at 4k: a line length should not exceed 512 bytes. For ftp, use skb_linearize(), its the most simple way to resolve this. Florian Westphal (4): netfilter: conntrack: sane: remove pseudo skb linearization netfilter: conntrack: h323: cap packet size at 64k netfilter: conntrack_ftp: prefer skb_linearize netfilter: conntrack_irc: cap packet search space to 4k net/netfilter/nf_conntrack_ftp.c | 24 +++------ net/netfilter/nf_conntrack_h323_main.c | 10 +++- net/netfilter/nf_conntrack_irc.c | 12 +++-- net/netfilter/nf_conntrack_sane.c | 68 ++++++++++++-------------- 4 files changed, 54 insertions(+), 60 deletions(-) -- 2.35.1
