netfilter: nft_compat: fix handling of large matchinfo size - openslx/kernel-qcow2-linux.git

diff options

author	Florian Westphal	2018-05-07 15:22:36 +0200
committer	Pablo Neira Ayuso	2018-05-09 10:09:27 +0200
commit	732a8049f365f514d0607e03938491bf6cb0d620 (patch)
tree	5054f81410b520b230fe2d8c53e6c0d87c3f348f /net/netfilter/nf_tables_api.c
parent	netfilter: nft_compat: prepare for indirect info storage (diff)
download	kernel-qcow2-linux-732a8049f365f514d0607e03938491bf6cb0d620.tar.gz kernel-qcow2-linux-732a8049f365f514d0607e03938491bf6cb0d620.tar.xz kernel-qcow2-linux-732a8049f365f514d0607e03938491bf6cb0d620.zip

netfilter: nft_compat: fix handling of large matchinfo size

currently matchinfo gets stored in the expression, but some xt matches are very large. To handle those we either need to switch nft core to kvmalloc and increase size limit, or allocate the info blob of large matches separately. This does the latter, this limits the scope of the changes to nft_compat. I picked a threshold of 192, this allows most matches to work as before and handle only few ones via separate alloation (cgroup, u32, sctp, rt). Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'net/netfilter/nf_tables_api.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: