ipt_string maximum packet size

William Stearns William Stearns <wstearns@pobox.com>
Tue, 30 Oct 2001 14:10:42 -0500 (EST)


Good day, all,
	I'm starting to use the ipt_string module for string matches.
Nice work!
	As a side note, I _am_ aware of the issues in attempting string
matches on raw packets (fragmentation, encoding, case sensitivity, string
split across packets...).
	I'm coming across one of the search limits in that module:

Oct 30 13:40:03 sparrow kernel: ipt_string: Packet too big to attempt sublinear string search (1376 bytes)
Oct 30 13:42:46 sparrow kernel: ipt_string: Packet too big to attempt sublinear string search (1432 bytes)
Oct 30 13:43:32 sparrow last message repeated 14 times
Oct 30 13:43:34 sparrow last message repeated 4 times

	The limit in question appears to be:
#define BM_MAX_HLEN 1024
	which is the maximum size of some arrays and the max hlen:
                if ( hlen < BM_MAX_HLEN ) {
                        search=search_sublinear;
                }else{
                        if (net_ratelimit())
                                printk(KERN_INFO "ipt_string: Packet too big "
                                        "to attempt sublinear string search "
                                        "(%d bytes)\n", hlen );
                }
	I'll give a try recompiling this to be 1500 to handle my current
needs.  Are either of you aware of any problems with extending this beyond
1024?  I do realize that string matches are processor intensive and I'm
making the problem worse, but are you aware of any fundamental limitations
in that code?
	Cheers,
	- Bill

---------------------------------------------------------------------------
ACHTUNG!
Das machine is nicht fur gefingerpoken und mittengrabben.  Ist
easyschnappen der springenwerk, blowenfusen und corkenpoppen
mitspitzensparken.  Ist nicht fur gewerken by das dummkopfen.
Dasrubbernecken sightseeren keepen hands in das pockets.
Relaxen undvatch das blinkenlights!!!
--------------------------------------------------------------------------
William Stearns (wstearns@pobox.com).  Mason, Buildkernel, named2hosts,
and ipfwadm2ipchains are at:                http://www.pobox.com/~wstearns
LinuxMonth; articles for Linux Enthusiasts! http://www.linuxmonth.com
--------------------------------------------------------------------------