| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160602002354.GG1644@akamai.com>
Date: Wed, 1 Jun 2016 20:23:54 -0400
From: Vishwanath Pai <vpai@...mai.com>
To: pablo@...filter.org, kaber@...sh.net, kadlec@...ckhole.kfki.hu,
netfilter-devel@...r.kernel.org
Cc: coreteam@...filter.org, johunt@...mai.com, netdev@...r.kernel.org,
pai.vishwain@...il.com
Subject: [PATCH] netfilter/nflog: nflog-range does not truncate packets
netfilter/nflog: nflog-range does not truncate packets
The --nflog-range parameter from userspace is ignored in the kernel and
the entire packet is sent to the userspace. The per-instance parameter
copy_range still works, with this change --nflog-range will have
preference over copy_range.
Signed-off-by: Vishwanath Pai <vpai@...mai.com>
Reviewed-by: Joshua Hunt <johunt@...mai.com>
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index 4ef1fae..f40ddba 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -680,7 +680,6 @@ nfulnl_log_packet(struct net *net,
if (qthreshold > li->u.ulog.qthreshold)
qthreshold = li->u.ulog.qthreshold;
-
switch (inst->copy_mode) {
case NFULNL_COPY_META:
case NFULNL_COPY_NONE:
@@ -688,10 +687,12 @@ nfulnl_log_packet(struct net *net,
break;
case NFULNL_COPY_PACKET:
- if (inst->copy_range > skb->len)
+ data_len = inst->copy_range;
+ if (li->u.ulog.copy_len < data_len)
+ data_len = li->u.ulog.copy_len;
+
+ if (data_len > skb->len)
data_len = skb->len;
- else
- data_len = inst->copy_range;
size += nla_total_size(data_len);
break;
Powered by blists - more mailing lists