On Wed, Jun 15, 2016 at 03:13:15PM +, Lubashev, Igor wrote:
> Vish, Pablo,
>
> I wonder about the value of sending more data than a client is
> willing to consume (setting aside the important fact that the client
> code crashes due to the extra data).
>
> It seems that we should either drop
On 06/15/2016 08:39 AM, Pablo Neira Ayuso wrote:
> But nlmsg_len should match len in this.
>
> If we're just sending a part of the packet to userspace, then we
> should adjust nlmsg_len to indicate exactly the netlink message length
> that we're sending to userspace.
>
> Is your patch triggering
On Sun, Jun 12, 2016 at 11:40:57PM -0400, Vishwanath Pai wrote:
> On 06/09/2016 01:57 PM, Vishwanath Pai wrote:
> > On 06/08/2016 08:16 AM, Pablo Neira Ayuso wrote:
> >> Looking again at your code:
> >>
> >> case NFULNL_COPY_PACKET:
> >> - if (inst->copy_range > skb->len)
>
On 06/09/2016 01:57 PM, Vishwanath Pai wrote:
> On 06/08/2016 08:16 AM, Pablo Neira Ayuso wrote:
>> Looking again at your code:
>>
>> case NFULNL_COPY_PACKET:
>> - if (inst->copy_range > skb->len)
>> + data_len = inst->copy_range;
>> + if
On 06/08/2016 08:16 AM, Pablo Neira Ayuso wrote:
> Looking again at your code:
>
> case NFULNL_COPY_PACKET:
> - if (inst->copy_range > skb->len)
> + data_len = inst->copy_range;
> + if (li->u.ulog.copy_len < data_len)
> +
On 06/06/2016 06:31 PM, Pablo Neira Ayuso wrote:
> On Wed, Jun 01, 2016 at 08:23:54PM -0400, Vishwanath Pai wrote:
>> netfilter/nflog: nflog-range does not truncate packets
>>
>> The --nflog-range parameter from userspace is ignored in the kernel and
>> the entire packet is sent to the userspace.
On Wed, Jun 01, 2016 at 08:23:54PM -0400, Vishwanath Pai wrote:
> netfilter/nflog: nflog-range does not truncate packets
>
> The --nflog-range parameter from userspace is ignored in the kernel and
> the entire packet is sent to the userspace. The per-instance parameter
> copy_range still works,
netfilter/nflog: nflog-range does not truncate packets
The --nflog-range parameter from userspace is ignored in the kernel and
the entire packet is sent to the userspace. The per-instance parameter
copy_range still works, with this change --nflog-range will have
preference over copy_range.