[PATCH] zones: fix max length of zone names

David Bauer mail at david-bauer.net
Sat Sep 5 15:52:43 EDT 2020


Hello Matthias,

On 9/5/20 4:45 PM, Matthias Schiffer wrote:
> On 9/5/20 4:32 PM, David Bauer wrote:
>> Hi Matthias,
>>
>> On 9/5/20 4:08 PM, Matthias Schiffer wrote:
>>> On 9/5/20 1:11 AM, David Bauer wrote:
>>>> Hi Alexey,
>>>>
>>>> On 9/4/20 10:32 PM, Alexey Dobrovolskiy wrote:
>>>>> Hi,
>>>>> please, see also
>>>>> https://patchwork.ozlabs.org/project/openwrt/patch/20200830211009.3359-1-dobrovolskiy.alexey@gmail.com/
>>>>
>>>> I was not aware of this patch. Will merge yours in the coming days.
>>>>
>>>> Best wishes
>>>> David
>>>
>>>
>>> Maybe we could replace "postrouting" and similiar strings with abbreviated
>>> versions?
>>
>> From my perspective this should be possible. However, postrouting might not be
>> the primary limiting factor then, as there are also chains such as
>> "zone_<zonename>_dest_REJECT" automatically created. Sure enough, these can
>> also be renamed.
>>
>> Best wishes
>> David
>>
> 
> I wonder which solution will break more configurations... keeping the
> current names, breaking zones with longer names, or renaming them, breaking
> custom rulesets that rely on the current naming.

The patch in this thread effectively only fixes the validation. Commiting the iptables rules
with long names failed already previously with the safer string operations patch from jow.

So this patch does not break these longer names as they are currently already broken, just
provides the user with a clearer error message.

Best wishes
David

> 
> 
> 
>>>
>>> Kind regards,
>>> Matthias
>>>
>>>
>>>
>>>>
>>>>>
>>>>> Best regards,
>>>>> Alexey
>>>>>
>>>>> пт, 4 сент. 2020 г. в 02:02, David Bauer <mail at david-bauer.net>:
>>>>>>
>>>>>> Previously the max length of a zone name was assuming the max
>>>>>> length for a extension in netfilter is 32 bytes while in reality it is
>>>>>> only 29.
>>>>>>
>>>>>> Fix this incorrect assumption to allow firewall3 to validate the zone
>>>>>> name lengths correctly.
>>>>>>
>>>>>> Signed-off-by: David Bauer <mail at david-bauer.net>
>>>>>> ---
>>>>>>  zones.h | 8 ++++++--
>>>>>>  1 file changed, 6 insertions(+), 2 deletions(-)
>>>>>>
>>>>>> diff --git a/zones.h b/zones.h
>>>>>> index d786736..beb0e22 100644
>>>>>> --- a/zones.h
>>>>>> +++ b/zones.h
>>>>>> @@ -22,8 +22,12 @@
>>>>>>  #include "options.h"
>>>>>>  #include "iptables.h"
>>>>>>
>>>>>> -/* 32 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") */
>>>>>> -#define FW3_ZONE_MAXNAMELEN 14
>>>>>> +/* XT_EXTENSION_MAXNAMELEN (29)
>>>>>> + *  - sizeof("postrouting_")
>>>>>> + *  - sizeof("_rule")
>>>>>> + *  - sizeof("\0")
>>>>>> + */
>>>>>> +#define FW3_ZONE_MAXNAMELEN 11
>>>>>>
>>>>>>  extern const struct fw3_option fw3_zone_opts[];
>>>>>>
>>>>>> --
>>>>>> 2.28.0
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> openwrt-devel mailing list
>>>>>> openwrt-devel at lists.openwrt.org
>>>>>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>>>>
>>>> _______________________________________________
>>>> openwrt-devel mailing list
>>>> openwrt-devel at lists.openwrt.org
>>>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>>>>
>>>
>>>
> 
> 



More information about the openwrt-devel mailing list