diff options
| author | Florian Westphal <fw@strlen.de> | 2022-08-09 15:16:34 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-08-11 16:51:01 +0200 |
| commit | c783a29c7e5934eabac2b760571489ad83bf4fd1 (patch) | |
| tree | 7c7af22049aa18947e20424f211e8064020ef370 /lib/mpi/mpi-mul.c | |
| parent | f3e124c36f70d5ffcdd4e8bdbe7bb28a98a715c0 (diff) | |
netfilter: nf_ct_ftp: prefer skb_linearize
This uses a pseudo-linearization scheme with a 64k global buffer,
but BIG TCP arrival means IPv6 TCP stack can generate skbs
that exceed this size.
Use skb_linearize. It should be possible to rewrite this to properly
deal with segmented skbs (i.e., only do small chunk-wise accesses),
but this is going to be a lot more intrusive than this because every
helper function needs to get the sk_buff instead of a pointer to a raw
data buffer.
In practice, provided we're really looking at FTP control channel packets,
there should never be a case where we deal with huge packets.
Fixes: 7c4e983c4f3c ("net: allow gso_max_size to exceed 65536")
Fixes: 0fe79f28bfaf ("net: allow gro_max_size to exceed 65536")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'lib/mpi/mpi-mul.c')
0 files changed, 0 insertions, 0 deletions