[Swan] netlink_get message length

Ted Toth txtoth at gmail.com
Sat Apr 11 01:04:05 EEST 2015


I have patched openswan (2.6.32-37) to handle SELinux security
contexts of length 1024 because in our MLS policy we can have very
long levels. When testing the patch I ran into the following issue:
netlink_get read message with length 1040 that doesn't equal nlmsg_len
1044 bytes; ignore message

The data buffer used in netlink_get is 1024 bytes long. Will the
netlink message buffer need to be larger to handle the longer
contexts?

Ted


More information about the Swan mailing list