[Swan] netlink_get message length

Paul Wouters paul at nohats.ca
Sat Apr 11 03:18:27 EEST 2015


On Fri, 10 Apr 2015, Ted Toth wrote:

> I have patched openswan (2.6.32-37) to handle SELinux security
> contexts of length 1024 because in our MLS policy we can have very
> long levels. When testing the patch I ran into the following issue:
> netlink_get read message with length 1040 that doesn't equal nlmsg_len
> 1044 bytes; ignore message
>
> The data buffer used in netlink_get is 1024 bytes long. Will the
> netlink message buffer need to be larger to handle the longer
> contexts?

That's why it got increased to 8192.

https://github.com/libreswan/libreswan/commit/44f616b9ad8ded3e5f2887c225648ac9c2ab4177

+/*
+ * The socket buffer is used to queue netlink messages between sender and
+ * receiver. The size of these buffers specifies the maximum size you will be
+ * able to write() to a netlink socket, i.e. it will indirectly define the
+ * maximum message size. The default is 32KiB. For now we picked a somewhat
+ * arbitrary maximum of 8192 for the data portion to accomdate large selinux
+ * IPsec labels (see rhbz#1154784)
+ */
+#define MAX_NETLINK_DATA_SIZE 8192
#endif


Paul


More information about the Swan mailing list