On Tue, May 21, 2024 at 12:51:24PM +0200, Florian Westphal wrote: > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > > I see, so I fixed the bug in one direction and regressed in the other > > > one, let me retest both things locallly > > > > The check to force GSO SCTP to be segmented before being sent to > > userspace, my proposal: > > > > if (!skb_is_gso(skb) || ((queue->flags & NFQA_CFG_F_GSO) && !skb_is_gso_sctp(skb))) > > return __nfqnl_enqueue_packet(net, queue, entry); > > This disables F_GSO with sctp packets, is sctp incompatible with nfqueue? This will send a big SCTP payload to userspace (larger than mtu), then, userspace will send the such big SCTP payload to kernelspace via nf_reinject(). Can kernel deal with SCTP packets larger than MTU?
