Re: [PATCH] zones: fix max length of zone names
Hello Matthias,
On 9/5/20 4:45 PM, Matthias Schiffer wrote:
> On 9/5/20 4:32 PM, David Bauer wrote:
>> Hi Matthias,
>>
>> On 9/5/20 4:08 PM, Matthias Schiffer wrote:
>>> On 9/5/20 1:11 AM, David Bauer wrote:
Hi Alexey,
On 9/4/20 10:32 PM, Alexey Dobrovolskiy wrote:
> Hi,
> please, see also
> https://patchwork.ozlabs.org/project/openwrt/patch/20200830211009.3359-1-dobrovolskiy.ale...@gmail.com/
I was not aware of this patch. Will merge yours in the coming days.
Best wishes
David
>>>
>>>
>>> Maybe we could replace "postrouting" and similiar strings with abbreviated
>>> versions?
>>
>> From my perspective this should be possible. However, postrouting might not
>> be
>> the primary limiting factor then, as there are also chains such as
>> "zone__dest_REJECT" automatically created. Sure enough, these can
>> also be renamed.
>>
>> Best wishes
>> David
>>
>
> I wonder which solution will break more configurations... keeping the
> current names, breaking zones with longer names, or renaming them, breaking
> custom rulesets that rely on the current naming.
The patch in this thread effectively only fixes the validation. Commiting the
iptables rules
with long names failed already previously with the safer string operations
patch from jow.
So this patch does not break these longer names as they are currently already
broken, just
provides the user with a clearer error message.
Best wishes
David
>
>
>
>>>
>>> Kind regards,
>>> Matthias
>>>
>>>
>>>
>
> Best regards,
> Alexey
>
> пт, 4 сент. 2020 г. в 02:02, David Bauer :
>>
>> Previously the max length of a zone name was assuming the max
>> length for a extension in netfilter is 32 bytes while in reality it is
>> only 29.
>>
>> Fix this incorrect assumption to allow firewall3 to validate the zone
>> name lengths correctly.
>>
>> Signed-off-by: David Bauer
>> ---
>> zones.h | 8 ++--
>> 1 file changed, 6 insertions(+), 2 deletions(-)
>>
>> diff --git a/zones.h b/zones.h
>> index d786736..beb0e22 100644
>> --- a/zones.h
>> +++ b/zones.h
>> @@ -22,8 +22,12 @@
>> #include "options.h"
>> #include "iptables.h"
>>
>> -/* 32 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") */
>> -#define FW3_ZONE_MAXNAMELEN 14
>> +/* XT_EXTENSION_MAXNAMELEN (29)
>> + * - sizeof("postrouting_")
>> + * - sizeof("_rule")
>> + * - sizeof("\0")
>> + */
>> +#define FW3_ZONE_MAXNAMELEN 11
>>
>> extern const struct fw3_option fw3_zone_opts[];
>>
>> --
>> 2.28.0
>>
>>
>> ___
>> openwrt-devel mailing list
>> openwrt-devel@lists.openwrt.org
>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>>>
>>>
>
>
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] zones: fix max length of zone names
On 9/5/20 4:32 PM, David Bauer wrote:
> Hi Matthias,
>
> On 9/5/20 4:08 PM, Matthias Schiffer wrote:
>> On 9/5/20 1:11 AM, David Bauer wrote:
>>> Hi Alexey,
>>>
>>> On 9/4/20 10:32 PM, Alexey Dobrovolskiy wrote:
Hi,
please, see also
https://patchwork.ozlabs.org/project/openwrt/patch/20200830211009.3359-1-dobrovolskiy.ale...@gmail.com/
>>>
>>> I was not aware of this patch. Will merge yours in the coming days.
>>>
>>> Best wishes
>>> David
>>
>>
>> Maybe we could replace "postrouting" and similiar strings with abbreviated
>> versions?
>
> From my perspective this should be possible. However, postrouting might not be
> the primary limiting factor then, as there are also chains such as
> "zone__dest_REJECT" automatically created. Sure enough, these can
> also be renamed.
>
> Best wishes
> David
>
I wonder which solution will break more configurations... keeping the
current names, breaking zones with longer names, or renaming them, breaking
custom rulesets that rely on the current naming.
>>
>> Kind regards,
>> Matthias
>>
>>
>>
>>>
Best regards,
Alexey
пт, 4 сент. 2020 г. в 02:02, David Bauer :
>
> Previously the max length of a zone name was assuming the max
> length for a extension in netfilter is 32 bytes while in reality it is
> only 29.
>
> Fix this incorrect assumption to allow firewall3 to validate the zone
> name lengths correctly.
>
> Signed-off-by: David Bauer
> ---
> zones.h | 8 ++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/zones.h b/zones.h
> index d786736..beb0e22 100644
> --- a/zones.h
> +++ b/zones.h
> @@ -22,8 +22,12 @@
> #include "options.h"
> #include "iptables.h"
>
> -/* 32 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") */
> -#define FW3_ZONE_MAXNAMELEN 14
> +/* XT_EXTENSION_MAXNAMELEN (29)
> + * - sizeof("postrouting_")
> + * - sizeof("_rule")
> + * - sizeof("\0")
> + */
> +#define FW3_ZONE_MAXNAMELEN 11
>
> extern const struct fw3_option fw3_zone_opts[];
>
> --
> 2.28.0
>
>
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>>>
>>> ___
>>> openwrt-devel mailing list
>>> openwrt-devel@lists.openwrt.org
>>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>>>
>>
>>
signature.asc
Description: OpenPGP digital signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] zones: fix max length of zone names
Hi Matthias,
On 9/5/20 4:08 PM, Matthias Schiffer wrote:
> On 9/5/20 1:11 AM, David Bauer wrote:
>> Hi Alexey,
>>
>> On 9/4/20 10:32 PM, Alexey Dobrovolskiy wrote:
>>> Hi,
>>> please, see also
>>> https://patchwork.ozlabs.org/project/openwrt/patch/20200830211009.3359-1-dobrovolskiy.ale...@gmail.com/
>>
>> I was not aware of this patch. Will merge yours in the coming days.
>>
>> Best wishes
>> David
>
>
> Maybe we could replace "postrouting" and similiar strings with abbreviated
> versions?
From my perspective this should be possible. However, postrouting might not be
the primary limiting factor then, as there are also chains such as
"zone__dest_REJECT" automatically created. Sure enough, these can
also be renamed.
Best wishes
David
>
> Kind regards,
> Matthias
>
>
>
>>
>>>
>>> Best regards,
>>> Alexey
>>>
>>> пт, 4 сент. 2020 г. в 02:02, David Bauer :
Previously the max length of a zone name was assuming the max
length for a extension in netfilter is 32 bytes while in reality it is
only 29.
Fix this incorrect assumption to allow firewall3 to validate the zone
name lengths correctly.
Signed-off-by: David Bauer
---
zones.h | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/zones.h b/zones.h
index d786736..beb0e22 100644
--- a/zones.h
+++ b/zones.h
@@ -22,8 +22,12 @@
#include "options.h"
#include "iptables.h"
-/* 32 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") */
-#define FW3_ZONE_MAXNAMELEN 14
+/* XT_EXTENSION_MAXNAMELEN (29)
+ * - sizeof("postrouting_")
+ * - sizeof("_rule")
+ * - sizeof("\0")
+ */
+#define FW3_ZONE_MAXNAMELEN 11
extern const struct fw3_option fw3_zone_opts[];
--
2.28.0
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>>
>> ___
>> openwrt-devel mailing list
>> openwrt-devel@lists.openwrt.org
>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>>
>
>
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] zones: fix max length of zone names
On 9/5/20 1:11 AM, David Bauer wrote:
> Hi Alexey,
>
> On 9/4/20 10:32 PM, Alexey Dobrovolskiy wrote:
>> Hi,
>> please, see also
>> https://patchwork.ozlabs.org/project/openwrt/patch/20200830211009.3359-1-dobrovolskiy.ale...@gmail.com/
>
> I was not aware of this patch. Will merge yours in the coming days.
>
> Best wishes
> David
Maybe we could replace "postrouting" and similiar strings with abbreviated
versions?
Kind regards,
Matthias
>
>>
>> Best regards,
>> Alexey
>>
>> пт, 4 сент. 2020 г. в 02:02, David Bauer :
>>>
>>> Previously the max length of a zone name was assuming the max
>>> length for a extension in netfilter is 32 bytes while in reality it is
>>> only 29.
>>>
>>> Fix this incorrect assumption to allow firewall3 to validate the zone
>>> name lengths correctly.
>>>
>>> Signed-off-by: David Bauer
>>> ---
>>> zones.h | 8 ++--
>>> 1 file changed, 6 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/zones.h b/zones.h
>>> index d786736..beb0e22 100644
>>> --- a/zones.h
>>> +++ b/zones.h
>>> @@ -22,8 +22,12 @@
>>> #include "options.h"
>>> #include "iptables.h"
>>>
>>> -/* 32 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") */
>>> -#define FW3_ZONE_MAXNAMELEN 14
>>> +/* XT_EXTENSION_MAXNAMELEN (29)
>>> + * - sizeof("postrouting_")
>>> + * - sizeof("_rule")
>>> + * - sizeof("\0")
>>> + */
>>> +#define FW3_ZONE_MAXNAMELEN 11
>>>
>>> extern const struct fw3_option fw3_zone_opts[];
>>>
>>> --
>>> 2.28.0
>>>
>>>
>>> ___
>>> openwrt-devel mailing list
>>> openwrt-devel@lists.openwrt.org
>>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>
signature.asc
Description: OpenPGP digital signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] zones: fix max length of zone names
Hi Alexey,
On 9/4/20 10:32 PM, Alexey Dobrovolskiy wrote:
> Hi,
> please, see also
> https://patchwork.ozlabs.org/project/openwrt/patch/20200830211009.3359-1-dobrovolskiy.ale...@gmail.com/
I was not aware of this patch. Will merge yours in the coming days.
Best wishes
David
>
> Best regards,
> Alexey
>
> пт, 4 сент. 2020 г. в 02:02, David Bauer :
>>
>> Previously the max length of a zone name was assuming the max
>> length for a extension in netfilter is 32 bytes while in reality it is
>> only 29.
>>
>> Fix this incorrect assumption to allow firewall3 to validate the zone
>> name lengths correctly.
>>
>> Signed-off-by: David Bauer
>> ---
>> zones.h | 8 ++--
>> 1 file changed, 6 insertions(+), 2 deletions(-)
>>
>> diff --git a/zones.h b/zones.h
>> index d786736..beb0e22 100644
>> --- a/zones.h
>> +++ b/zones.h
>> @@ -22,8 +22,12 @@
>> #include "options.h"
>> #include "iptables.h"
>>
>> -/* 32 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") */
>> -#define FW3_ZONE_MAXNAMELEN 14
>> +/* XT_EXTENSION_MAXNAMELEN (29)
>> + * - sizeof("postrouting_")
>> + * - sizeof("_rule")
>> + * - sizeof("\0")
>> + */
>> +#define FW3_ZONE_MAXNAMELEN 11
>>
>> extern const struct fw3_option fw3_zone_opts[];
>>
>> --
>> 2.28.0
>>
>>
>> ___
>> openwrt-devel mailing list
>> openwrt-devel@lists.openwrt.org
>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] zones: fix max length of zone names
Hi,
please, see also
https://patchwork.ozlabs.org/project/openwrt/patch/20200830211009.3359-1-dobrovolskiy.ale...@gmail.com/
Best regards,
Alexey
пт, 4 сент. 2020 г. в 02:02, David Bauer :
>
> Previously the max length of a zone name was assuming the max
> length for a extension in netfilter is 32 bytes while in reality it is
> only 29.
>
> Fix this incorrect assumption to allow firewall3 to validate the zone
> name lengths correctly.
>
> Signed-off-by: David Bauer
> ---
> zones.h | 8 ++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/zones.h b/zones.h
> index d786736..beb0e22 100644
> --- a/zones.h
> +++ b/zones.h
> @@ -22,8 +22,12 @@
> #include "options.h"
> #include "iptables.h"
>
> -/* 32 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") */
> -#define FW3_ZONE_MAXNAMELEN 14
> +/* XT_EXTENSION_MAXNAMELEN (29)
> + * - sizeof("postrouting_")
> + * - sizeof("_rule")
> + * - sizeof("\0")
> + */
> +#define FW3_ZONE_MAXNAMELEN 11
>
> extern const struct fw3_option fw3_zone_opts[];
>
> --
> 2.28.0
>
>
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] zones: fix max length of zone names
Previously the max length of a zone name was assuming the max
length for a extension in netfilter is 32 bytes while in reality it is
only 29.
Fix this incorrect assumption to allow firewall3 to validate the zone
name lengths correctly.
Signed-off-by: David Bauer
---
zones.h | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/zones.h b/zones.h
index d786736..beb0e22 100644
--- a/zones.h
+++ b/zones.h
@@ -22,8 +22,12 @@
#include "options.h"
#include "iptables.h"
-/* 32 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") */
-#define FW3_ZONE_MAXNAMELEN 14
+/* XT_EXTENSION_MAXNAMELEN (29)
+ * - sizeof("postrouting_")
+ * - sizeof("_rule")
+ * - sizeof("\0")
+ */
+#define FW3_ZONE_MAXNAMELEN 11
extern const struct fw3_option fw3_zone_opts[];
--
2.28.0
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
