diff mbox series

fw3: zones: limit zone names to 11 bytes

Message ID 20200830211009.3359-1-dobrovolskiy.alexey@gmail.com
State Accepted
Headers show
Series fw3: zones: limit zone names to 11 bytes | expand

Commit Message

Alexey Dobrovolskiy Aug. 30, 2020, 9:10 p.m. UTC
As defined in currently used iptables v1.8.4 [0], [1], chain name must be
under 29 chars. Thus, user can only edit 11 chars. See also [3].

[0] https://git.netfilter.org/iptables/tree/iptables/xtables.c?h=v1.8.4&id=2b506c6681c7b01803f06b258a39e9da9012e5c5#n1004
[1] https://git.netfilter.org/iptables/tree/include/linux/netfilter/x_tables.h?h=v1.8.4&id=2b506c6681c7b01803f06b258a39e9da9012e5c5#n7
[3] https://dev.archive.openwrt.org/ticket/20380

Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
---
 zones.h | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/zones.h b/zones.h
index d786736..05f8554 100644
--- a/zones.h
+++ b/zones.h
@@ -22,8 +22,11 @@ 
 #include "options.h"
 #include "iptables.h"
 
-/* 32 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") */
-#define FW3_ZONE_MAXNAMELEN 14
+/*
+ * chain name in iptables must be under 29 chars
+ * 29 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0")
+ */
+#define FW3_ZONE_MAXNAMELEN 11
 
 extern const struct fw3_option fw3_zone_opts[];