Message ID | 1370420536-9626-2-git-send-email-fw@strlen.de |
---|---|
State | Accepted |
Headers | show |
On Wed, Jun 05, 2013 at 10:22:16AM +0200, Florian Westphal wrote: > CAP_LEN contains the size of the network packet we're queueing to > userspace, i.e. normally it is the same as the NFQA_PAYLOAD attribute len. > > Include it only in the unlikely case when NFQA_PAYLOAD is truncated due > to copy_range limitations. Also applied, thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c index 3c42181..eb2cde8 100644 --- a/net/netfilter/nfnetlink_queue_core.c +++ b/net/netfilter/nfnetlink_queue_core.c @@ -472,7 +472,8 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, if (ct && nfqnl_ct_put(skb, ct, ctinfo) < 0) goto nla_put_failure; - if (cap_len > 0 && nla_put_be32(skb, NFQA_CAP_LEN, htonl(cap_len))) + if (cap_len > data_len && + nla_put_be32(skb, NFQA_CAP_LEN, htonl(cap_len))) goto nla_put_failure; if (nfqnl_put_packet_info(skb, entskb))
CAP_LEN contains the size of the network packet we're queueing to userspace, i.e. normally it is the same as the NFQA_PAYLOAD attribute len. Include it only in the unlikely case when NFQA_PAYLOAD is truncated due to copy_range limitations. Signed-off-by: Florian Westphal <fw@strlen.de> --- Tested with examples/nf-queue.c from libnfqueue, it still prints 'truncated packet' on 1st packet sent from tracepath.