Enqueued to nf-next to address: https://bugzilla.netfilter.org/show_bug.cgi?id=1749 On Mon, Jun 03, 2024 at 08:16:59PM +0200, Pablo Neira Ayuso wrote: > secmark context is artificially limited 256 bytes, rise it to 4Kbytes. > > Fixes: fb961945457f ("netfilter: nf_tables: add SECMARK support") > Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > --- > include/uapi/linux/netfilter/nf_tables.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h > index aa4094ca2444..639894ed1b97 100644 > --- a/include/uapi/linux/netfilter/nf_tables.h > +++ b/include/uapi/linux/netfilter/nf_tables.h > @@ -1376,7 +1376,7 @@ enum nft_secmark_attributes { > #define NFTA_SECMARK_MAX (__NFTA_SECMARK_MAX - 1) > > /* Max security context length */ > -#define NFT_SECMARK_CTX_MAXLEN 256 > +#define NFT_SECMARK_CTX_MAXLEN 4096 > > /** > * enum nft_reject_types - nf_tables reject expression reject types > -- > 2.30.2 > >
