[PATCH] zones: fix max length of zone names

Matthias Schiffer mschiffer at universe-factory.net
Sat Sep 5 10:45:45 EDT 2020


On 9/5/20 4:32 PM, David Bauer wrote:
> Hi Matthias,
> 
> On 9/5/20 4:08 PM, Matthias Schiffer wrote:
>> On 9/5/20 1:11 AM, David Bauer wrote:
>>> Hi Alexey,
>>>
>>> On 9/4/20 10:32 PM, Alexey Dobrovolskiy wrote:
>>>> Hi,
>>>> please, see also
>>>> https://patchwork.ozlabs.org/project/openwrt/patch/20200830211009.3359-1-dobrovolskiy.alexey@gmail.com/
>>>
>>> I was not aware of this patch. Will merge yours in the coming days.
>>>
>>> Best wishes
>>> David
>>
>>
>> Maybe we could replace "postrouting" and similiar strings with abbreviated
>> versions?
> 
> From my perspective this should be possible. However, postrouting might not be
> the primary limiting factor then, as there are also chains such as
> "zone_<zonename>_dest_REJECT" automatically created. Sure enough, these can
> also be renamed.
> 
> Best wishes
> David
> 

I wonder which solution will break more configurations... keeping the
current names, breaking zones with longer names, or renaming them, breaking
custom rulesets that rely on the current naming.



>>
>> Kind regards,
>> Matthias
>>
>>
>>
>>>
>>>>
>>>> Best regards,
>>>> Alexey
>>>>
>>>> пт, 4 сент. 2020 г. в 02:02, David Bauer <mail at david-bauer.net>:
>>>>>
>>>>> Previously the max length of a zone name was assuming the max
>>>>> length for a extension in netfilter is 32 bytes while in reality it is
>>>>> only 29.
>>>>>
>>>>> Fix this incorrect assumption to allow firewall3 to validate the zone
>>>>> name lengths correctly.
>>>>>
>>>>> Signed-off-by: David Bauer <mail at david-bauer.net>
>>>>> ---
>>>>>  zones.h | 8 ++++++--
>>>>>  1 file changed, 6 insertions(+), 2 deletions(-)
>>>>>
>>>>> diff --git a/zones.h b/zones.h
>>>>> index d786736..beb0e22 100644
>>>>> --- a/zones.h
>>>>> +++ b/zones.h
>>>>> @@ -22,8 +22,12 @@
>>>>>  #include "options.h"
>>>>>  #include "iptables.h"
>>>>>
>>>>> -/* 32 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") */
>>>>> -#define FW3_ZONE_MAXNAMELEN 14
>>>>> +/* XT_EXTENSION_MAXNAMELEN (29)
>>>>> + *  - sizeof("postrouting_")
>>>>> + *  - sizeof("_rule")
>>>>> + *  - sizeof("\0")
>>>>> + */
>>>>> +#define FW3_ZONE_MAXNAMELEN 11
>>>>>
>>>>>  extern const struct fw3_option fw3_zone_opts[];
>>>>>
>>>>> --
>>>>> 2.28.0
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> openwrt-devel mailing list
>>>>> openwrt-devel at lists.openwrt.org
>>>>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>>>
>>> _______________________________________________
>>> openwrt-devel mailing list
>>> openwrt-devel at lists.openwrt.org
>>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>>>
>>
>>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20200905/5c7dd781/attachment.sig>


More information about the openwrt-devel mailing list