From: Stig Thormodsrud <stig@vyatta.com>
To: netfilter@vger.kernel.org
Subject: change to max length of jump target
Date: Tue, 31 Aug 2010 18:11:58 -0700 [thread overview]
Message-ID: <4C7DA85E.8000809@vyatta.com> (raw)
I'm in the process of upgrading to iptables 1.4.9 and noticed that the
max jump target has changed from 30 characters to 28 characters. For
example I can still create a 29 character chain but can't create a jump
target to it:
root@r1:~# iptables -t filter --new-chain A2345678901234567890123456789
root@r1:~# iptables -L A2345678901234567890123456789
Chain A2345678901234567890123456789 (0 references)
target prot opt source destination
root@r1:~# iptables -t filter --insert VYATTA_IN_HOOK 1 --in-interface
eth3 --jump A2345678901234567890123456789
iptables v1.4.9: Invalid target name `A2345678901234567890123456789' (28
chars max)
Try `iptables -h' or 'iptables --help' for more information.
This worked in 1.4.4. In the code I see these changes:
git show 491c1660 include/linux/netfilter/x_tables.h
commit 491c1660fced08e2d1a08c101c63af04250275d0
Author: Jan Engelhardt <jengelh@medozas.de>
Date: Mon Jun 7 10:59:03 2010 +0200
includes: sync header files from Linux 2.6.35-rc1
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
diff --git a/include/linux/netfilter/x_tables.h
b/include/linux/netfilter/x_tabl
index ccb5641..fa2d957 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -1,9 +1,10 @@
#ifndef _X_TABLES_H
#define _X_TABLES_H
-
+#include <linux/kernel.h>
#include <linux/types.h>
#define XT_FUNCTION_MAXNAMELEN 30
+#define XT_EXTENSION_MAXNAMELEN 29
#define XT_TABLE_MAXNAMELEN 32
and:
git show 0cb675b8 iptables.c
commit 0cb675b8f18c4b074d4c69461638820708e98100
Author: Jan Engelhardt <jengelh@medozas.de>
Date: Mon Jun 7 11:50:25 2010 +0200
xtables: another try at chain name length checking
Since XT_EXTENSION_MAXNAMELEN is now available, make use of it
and clear the confusion.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
diff --git a/iptables.c b/iptables.c
index 19c2af5..efe993e 100644
--- a/iptables.c
+++ b/iptables.c
@@ -460,10 +460,10 @@ parse_target(const char *targetname)
xtables_error(PARAMETER_PROBLEM,
"Invalid target name (too short)");
- if (strlen(targetname) > XT_FUNCTION_MAXNAMELEN - 1)
+ if (strlen(targetname) >= XT_EXTENSION_MAXNAMELEN)
xtables_error(PARAMETER_PROBLEM,
"Invalid target name `%s' (%u chars max)",
targetname, XT_EXTENSION_MAXNAMELEN - 1);
Is the change from > to >= a mistake or is max length change intentional?
thanks,
stig
next reply other threads:[~2010-09-01 1:11 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-01 1:11 Stig Thormodsrud [this message]
-- strict thread matches above, loose matches on Subject: below --
2010-09-08 18:23 change to max length of jump target Stig Thormodsrud
2010-09-13 13:51 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C7DA85E.8000809@vyatta.com \
--to=stig@vyatta.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.