On Wed, Jun 26, 2024 at 7:31 AM Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > Enqueued to nf-next to address: > > https://bugzilla.netfilter.org/show_bug.cgi?id=1749 Thanks Pablo! > On Mon, Jun 03, 2024 at 08:16:59PM +0200, Pablo Neira Ayuso wrote: > > secmark context is artificially limited 256 bytes, rise it to 4Kbytes. > > > > Fixes: fb961945457f ("netfilter: nf_tables: add SECMARK support") > > Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > > --- > > include/uapi/linux/netfilter/nf_tables.h | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h > > index aa4094ca2444..639894ed1b97 100644 > > --- a/include/uapi/linux/netfilter/nf_tables.h > > +++ b/include/uapi/linux/netfilter/nf_tables.h > > @@ -1376,7 +1376,7 @@ enum nft_secmark_attributes { > > #define NFTA_SECMARK_MAX (__NFTA_SECMARK_MAX - 1) > > > > /* Max security context length */ > > -#define NFT_SECMARK_CTX_MAXLEN 256 > > +#define NFT_SECMARK_CTX_MAXLEN 4096 > > > > /** > > * enum nft_reject_types - nf_tables reject expression reject types > > -- > > 2.30.2 -- paul-moore.com
