On Fri, 10 Apr 2015, Ted Toth wrote:
I have patched openswan (2.6.32-37) to handle SELinux security
contexts of length 1024 because in our MLS policy we can have very
long levels. When testing the patch I ran into the following issue:
netlink_get read message with length 1040 that doesn't equal nlmsg_len
1044 bytes; ignore message
The data buffer used in netlink_get is 1024 bytes long. Will the
netlink message buffer need to be larger to handle the longer
contexts?
That's why it got increased to 8192.
https://github.com/libreswan/libreswan/commit/44f616b9ad8ded3e5f2887c225648ac9c2ab4177
+/*
+ * The socket buffer is used to queue netlink messages between sender and
+ * receiver. The size of these buffers specifies the maximum size you will be
+ * able to write() to a netlink socket, i.e. it will indirectly define the
+ * maximum message size. The default is 32KiB. For now we picked a somewhat
+ * arbitrary maximum of 8192 for the data portion to accomdate large selinux
+ * IPsec labels (see rhbz#1154784)
+ */
+#define MAX_NETLINK_DATA_SIZE 8192
#endif
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
