git.osdn.net Git - tomoyo/tomoyo-test1.git/commit

author	Florian Westphal <fw@strlen.de>
	Tue, 9 Aug 2022 13:16:34 +0000 (15:16 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 11 Aug 2022 14:51:01 +0000 (16:51 +0200)
commit	c783a29c7e5934eabac2b760571489ad83bf4fd1
tree	7c7af22049aa18947e20424f211e8064020ef370	tree \| snapshot
parent	f3e124c36f70d5ffcdd4e8bdbe7bb28a98a715c0	commit \| diff

netfilter: nf_ct_ftp: prefer skb_linearize

This uses a pseudo-linearization scheme with a 64k global buffer,
but BIG TCP arrival means IPv6 TCP stack can generate skbs
that exceed this size.

Use skb_linearize. It should be possible to rewrite this to properly
deal with segmented skbs (i.e., only do small chunk-wise accesses),
but this is going to be a lot more intrusive than this because every
helper function needs to get the sk_buff instead of a pointer to a raw
data buffer.

In practice, provided we're really looking at FTP control channel packets,
there should never be a case where we deal with huge packets.

Fixes: 7c4e983c4f3c ("net: allow gso_max_size to exceed 65536")
Fixes: 0fe79f28bfaf ("net: allow gro_max_size to exceed 65536")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>