提交 cb39ad8b 编写于 作者: P Pablo Neira Ayuso

netfilter: nf_tables: allow set names up to 32 bytes

Currently, we support set names of up to 16 bytes, get this aligned
with the maximum length we can use in ipset to make it easier when
considering migration to nf_tables.
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
上级 d7cdf816
...@@ -303,7 +303,7 @@ void nft_unregister_set(struct nft_set_ops *ops); ...@@ -303,7 +303,7 @@ void nft_unregister_set(struct nft_set_ops *ops);
struct nft_set { struct nft_set {
struct list_head list; struct list_head list;
struct list_head bindings; struct list_head bindings;
char name[IFNAMSIZ]; char name[NFT_SET_MAXNAMELEN];
u32 ktype; u32 ktype;
u32 dtype; u32 dtype;
u32 size; u32 size;
......
...@@ -3,6 +3,7 @@ ...@@ -3,6 +3,7 @@
#define NFT_TABLE_MAXNAMELEN 32 #define NFT_TABLE_MAXNAMELEN 32
#define NFT_CHAIN_MAXNAMELEN 32 #define NFT_CHAIN_MAXNAMELEN 32
#define NFT_SET_MAXNAMELEN 32
#define NFT_USERDATA_MAXLEN 256 #define NFT_USERDATA_MAXLEN 256
/** /**
......
...@@ -2317,7 +2317,7 @@ nft_select_set_ops(const struct nlattr * const nla[], ...@@ -2317,7 +2317,7 @@ nft_select_set_ops(const struct nlattr * const nla[],
static const struct nla_policy nft_set_policy[NFTA_SET_MAX + 1] = { static const struct nla_policy nft_set_policy[NFTA_SET_MAX + 1] = {
[NFTA_SET_TABLE] = { .type = NLA_STRING }, [NFTA_SET_TABLE] = { .type = NLA_STRING },
[NFTA_SET_NAME] = { .type = NLA_STRING, [NFTA_SET_NAME] = { .type = NLA_STRING,
.len = IFNAMSIZ - 1 }, .len = NFT_SET_MAXNAMELEN - 1 },
[NFTA_SET_FLAGS] = { .type = NLA_U32 }, [NFTA_SET_FLAGS] = { .type = NLA_U32 },
[NFTA_SET_KEY_TYPE] = { .type = NLA_U32 }, [NFTA_SET_KEY_TYPE] = { .type = NLA_U32 },
[NFTA_SET_KEY_LEN] = { .type = NLA_U32 }, [NFTA_SET_KEY_LEN] = { .type = NLA_U32 },
...@@ -2401,7 +2401,7 @@ static int nf_tables_set_alloc_name(struct nft_ctx *ctx, struct nft_set *set, ...@@ -2401,7 +2401,7 @@ static int nf_tables_set_alloc_name(struct nft_ctx *ctx, struct nft_set *set,
unsigned long *inuse; unsigned long *inuse;
unsigned int n = 0, min = 0; unsigned int n = 0, min = 0;
p = strnchr(name, IFNAMSIZ, '%'); p = strnchr(name, NFT_SET_MAXNAMELEN, '%');
if (p != NULL) { if (p != NULL) {
if (p[1] != 'd' || strchr(p + 2, '%')) if (p[1] != 'd' || strchr(p + 2, '%'))
return -EINVAL; return -EINVAL;
...@@ -2696,7 +2696,7 @@ static int nf_tables_newset(struct net *net, struct sock *nlsk, ...@@ -2696,7 +2696,7 @@ static int nf_tables_newset(struct net *net, struct sock *nlsk,
struct nft_table *table; struct nft_table *table;
struct nft_set *set; struct nft_set *set;
struct nft_ctx ctx; struct nft_ctx ctx;
char name[IFNAMSIZ]; char name[NFT_SET_MAXNAMELEN];
unsigned int size; unsigned int size;
bool create; bool create;
u64 timeout; u64 timeout;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册