Re: [PATCH] zones: fix max length of zone names
Hello Matthias, On 9/5/20 4:45 PM, Matthias Schiffer wrote: > On 9/5/20 4:32 PM, David Bauer wrote: >> Hi Matthias, >> >> On 9/5/20 4:08 PM, Matthias Schiffer wrote: >>> On 9/5/20 1:11 AM, David Bauer wrote: Hi Alexey, On 9/4/20 10:32 PM, Alexey Dobrovolskiy wrote: > Hi, > please, see also > https://patchwork.ozlabs.org/project/openwrt/patch/20200830211009.3359-1-dobrovolskiy.ale...@gmail.com/ I was not aware of this patch. Will merge yours in the coming days. Best wishes David >>> >>> >>> Maybe we could replace "postrouting" and similiar strings with abbreviated >>> versions? >> >> From my perspective this should be possible. However, postrouting might not >> be >> the primary limiting factor then, as there are also chains such as >> "zone__dest_REJECT" automatically created. Sure enough, these can >> also be renamed. >> >> Best wishes >> David >> > > I wonder which solution will break more configurations... keeping the > current names, breaking zones with longer names, or renaming them, breaking > custom rulesets that rely on the current naming. The patch in this thread effectively only fixes the validation. Commiting the iptables rules with long names failed already previously with the safer string operations patch from jow. So this patch does not break these longer names as they are currently already broken, just provides the user with a clearer error message. Best wishes David > > > >>> >>> Kind regards, >>> Matthias >>> >>> >>> > > Best regards, > Alexey > > пт, 4 сент. 2020 г. в 02:02, David Bauer : >> >> Previously the max length of a zone name was assuming the max >> length for a extension in netfilter is 32 bytes while in reality it is >> only 29. >> >> Fix this incorrect assumption to allow firewall3 to validate the zone >> name lengths correctly. >> >> Signed-off-by: David Bauer >> --- >> zones.h | 8 ++-- >> 1 file changed, 6 insertions(+), 2 deletions(-) >> >> diff --git a/zones.h b/zones.h >> index d786736..beb0e22 100644 >> --- a/zones.h >> +++ b/zones.h >> @@ -22,8 +22,12 @@ >> #include "options.h" >> #include "iptables.h" >> >> -/* 32 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") */ >> -#define FW3_ZONE_MAXNAMELEN 14 >> +/* XT_EXTENSION_MAXNAMELEN (29) >> + * - sizeof("postrouting_") >> + * - sizeof("_rule") >> + * - sizeof("\0") >> + */ >> +#define FW3_ZONE_MAXNAMELEN 11 >> >> extern const struct fw3_option fw3_zone_opts[]; >> >> -- >> 2.28.0 >> >> >> ___ >> openwrt-devel mailing list >> openwrt-devel@lists.openwrt.org >> https://lists.openwrt.org/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel >>> >>> > > ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] zones: fix max length of zone names
On 9/5/20 4:32 PM, David Bauer wrote: > Hi Matthias, > > On 9/5/20 4:08 PM, Matthias Schiffer wrote: >> On 9/5/20 1:11 AM, David Bauer wrote: >>> Hi Alexey, >>> >>> On 9/4/20 10:32 PM, Alexey Dobrovolskiy wrote: Hi, please, see also https://patchwork.ozlabs.org/project/openwrt/patch/20200830211009.3359-1-dobrovolskiy.ale...@gmail.com/ >>> >>> I was not aware of this patch. Will merge yours in the coming days. >>> >>> Best wishes >>> David >> >> >> Maybe we could replace "postrouting" and similiar strings with abbreviated >> versions? > > From my perspective this should be possible. However, postrouting might not be > the primary limiting factor then, as there are also chains such as > "zone__dest_REJECT" automatically created. Sure enough, these can > also be renamed. > > Best wishes > David > I wonder which solution will break more configurations... keeping the current names, breaking zones with longer names, or renaming them, breaking custom rulesets that rely on the current naming. >> >> Kind regards, >> Matthias >> >> >> >>> Best regards, Alexey пт, 4 сент. 2020 г. в 02:02, David Bauer : > > Previously the max length of a zone name was assuming the max > length for a extension in netfilter is 32 bytes while in reality it is > only 29. > > Fix this incorrect assumption to allow firewall3 to validate the zone > name lengths correctly. > > Signed-off-by: David Bauer > --- > zones.h | 8 ++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/zones.h b/zones.h > index d786736..beb0e22 100644 > --- a/zones.h > +++ b/zones.h > @@ -22,8 +22,12 @@ > #include "options.h" > #include "iptables.h" > > -/* 32 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") */ > -#define FW3_ZONE_MAXNAMELEN 14 > +/* XT_EXTENSION_MAXNAMELEN (29) > + * - sizeof("postrouting_") > + * - sizeof("_rule") > + * - sizeof("\0") > + */ > +#define FW3_ZONE_MAXNAMELEN 11 > > extern const struct fw3_option fw3_zone_opts[]; > > -- > 2.28.0 > > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel >>> >>> ___ >>> openwrt-devel mailing list >>> openwrt-devel@lists.openwrt.org >>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel >>> >> >> signature.asc Description: OpenPGP digital signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] zones: fix max length of zone names
Hi Matthias, On 9/5/20 4:08 PM, Matthias Schiffer wrote: > On 9/5/20 1:11 AM, David Bauer wrote: >> Hi Alexey, >> >> On 9/4/20 10:32 PM, Alexey Dobrovolskiy wrote: >>> Hi, >>> please, see also >>> https://patchwork.ozlabs.org/project/openwrt/patch/20200830211009.3359-1-dobrovolskiy.ale...@gmail.com/ >> >> I was not aware of this patch. Will merge yours in the coming days. >> >> Best wishes >> David > > > Maybe we could replace "postrouting" and similiar strings with abbreviated > versions? From my perspective this should be possible. However, postrouting might not be the primary limiting factor then, as there are also chains such as "zone__dest_REJECT" automatically created. Sure enough, these can also be renamed. Best wishes David > > Kind regards, > Matthias > > > >> >>> >>> Best regards, >>> Alexey >>> >>> пт, 4 сент. 2020 г. в 02:02, David Bauer : Previously the max length of a zone name was assuming the max length for a extension in netfilter is 32 bytes while in reality it is only 29. Fix this incorrect assumption to allow firewall3 to validate the zone name lengths correctly. Signed-off-by: David Bauer --- zones.h | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/zones.h b/zones.h index d786736..beb0e22 100644 --- a/zones.h +++ b/zones.h @@ -22,8 +22,12 @@ #include "options.h" #include "iptables.h" -/* 32 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") */ -#define FW3_ZONE_MAXNAMELEN 14 +/* XT_EXTENSION_MAXNAMELEN (29) + * - sizeof("postrouting_") + * - sizeof("_rule") + * - sizeof("\0") + */ +#define FW3_ZONE_MAXNAMELEN 11 extern const struct fw3_option fw3_zone_opts[]; -- 2.28.0 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel >> >> ___ >> openwrt-devel mailing list >> openwrt-devel@lists.openwrt.org >> https://lists.openwrt.org/mailman/listinfo/openwrt-devel >> > > ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] zones: fix max length of zone names
On 9/5/20 1:11 AM, David Bauer wrote: > Hi Alexey, > > On 9/4/20 10:32 PM, Alexey Dobrovolskiy wrote: >> Hi, >> please, see also >> https://patchwork.ozlabs.org/project/openwrt/patch/20200830211009.3359-1-dobrovolskiy.ale...@gmail.com/ > > I was not aware of this patch. Will merge yours in the coming days. > > Best wishes > David Maybe we could replace "postrouting" and similiar strings with abbreviated versions? Kind regards, Matthias > >> >> Best regards, >> Alexey >> >> пт, 4 сент. 2020 г. в 02:02, David Bauer : >>> >>> Previously the max length of a zone name was assuming the max >>> length for a extension in netfilter is 32 bytes while in reality it is >>> only 29. >>> >>> Fix this incorrect assumption to allow firewall3 to validate the zone >>> name lengths correctly. >>> >>> Signed-off-by: David Bauer >>> --- >>> zones.h | 8 ++-- >>> 1 file changed, 6 insertions(+), 2 deletions(-) >>> >>> diff --git a/zones.h b/zones.h >>> index d786736..beb0e22 100644 >>> --- a/zones.h >>> +++ b/zones.h >>> @@ -22,8 +22,12 @@ >>> #include "options.h" >>> #include "iptables.h" >>> >>> -/* 32 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") */ >>> -#define FW3_ZONE_MAXNAMELEN 14 >>> +/* XT_EXTENSION_MAXNAMELEN (29) >>> + * - sizeof("postrouting_") >>> + * - sizeof("_rule") >>> + * - sizeof("\0") >>> + */ >>> +#define FW3_ZONE_MAXNAMELEN 11 >>> >>> extern const struct fw3_option fw3_zone_opts[]; >>> >>> -- >>> 2.28.0 >>> >>> >>> ___ >>> openwrt-devel mailing list >>> openwrt-devel@lists.openwrt.org >>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel > signature.asc Description: OpenPGP digital signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] zones: fix max length of zone names
Hi Alexey, On 9/4/20 10:32 PM, Alexey Dobrovolskiy wrote: > Hi, > please, see also > https://patchwork.ozlabs.org/project/openwrt/patch/20200830211009.3359-1-dobrovolskiy.ale...@gmail.com/ I was not aware of this patch. Will merge yours in the coming days. Best wishes David > > Best regards, > Alexey > > пт, 4 сент. 2020 г. в 02:02, David Bauer : >> >> Previously the max length of a zone name was assuming the max >> length for a extension in netfilter is 32 bytes while in reality it is >> only 29. >> >> Fix this incorrect assumption to allow firewall3 to validate the zone >> name lengths correctly. >> >> Signed-off-by: David Bauer >> --- >> zones.h | 8 ++-- >> 1 file changed, 6 insertions(+), 2 deletions(-) >> >> diff --git a/zones.h b/zones.h >> index d786736..beb0e22 100644 >> --- a/zones.h >> +++ b/zones.h >> @@ -22,8 +22,12 @@ >> #include "options.h" >> #include "iptables.h" >> >> -/* 32 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") */ >> -#define FW3_ZONE_MAXNAMELEN 14 >> +/* XT_EXTENSION_MAXNAMELEN (29) >> + * - sizeof("postrouting_") >> + * - sizeof("_rule") >> + * - sizeof("\0") >> + */ >> +#define FW3_ZONE_MAXNAMELEN 11 >> >> extern const struct fw3_option fw3_zone_opts[]; >> >> -- >> 2.28.0 >> >> >> ___ >> openwrt-devel mailing list >> openwrt-devel@lists.openwrt.org >> https://lists.openwrt.org/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] zones: fix max length of zone names
Hi, please, see also https://patchwork.ozlabs.org/project/openwrt/patch/20200830211009.3359-1-dobrovolskiy.ale...@gmail.com/ Best regards, Alexey пт, 4 сент. 2020 г. в 02:02, David Bauer : > > Previously the max length of a zone name was assuming the max > length for a extension in netfilter is 32 bytes while in reality it is > only 29. > > Fix this incorrect assumption to allow firewall3 to validate the zone > name lengths correctly. > > Signed-off-by: David Bauer > --- > zones.h | 8 ++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/zones.h b/zones.h > index d786736..beb0e22 100644 > --- a/zones.h > +++ b/zones.h > @@ -22,8 +22,12 @@ > #include "options.h" > #include "iptables.h" > > -/* 32 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") */ > -#define FW3_ZONE_MAXNAMELEN 14 > +/* XT_EXTENSION_MAXNAMELEN (29) > + * - sizeof("postrouting_") > + * - sizeof("_rule") > + * - sizeof("\0") > + */ > +#define FW3_ZONE_MAXNAMELEN 11 > > extern const struct fw3_option fw3_zone_opts[]; > > -- > 2.28.0 > > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] zones: fix max length of zone names
Previously the max length of a zone name was assuming the max length for a extension in netfilter is 32 bytes while in reality it is only 29. Fix this incorrect assumption to allow firewall3 to validate the zone name lengths correctly. Signed-off-by: David Bauer --- zones.h | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/zones.h b/zones.h index d786736..beb0e22 100644 --- a/zones.h +++ b/zones.h @@ -22,8 +22,12 @@ #include "options.h" #include "iptables.h" -/* 32 - sizeof("postrouting_") - sizeof("_rule") - sizeof("\0") */ -#define FW3_ZONE_MAXNAMELEN 14 +/* XT_EXTENSION_MAXNAMELEN (29) + * - sizeof("postrouting_") + * - sizeof("_rule") + * - sizeof("\0") + */ +#define FW3_ZONE_MAXNAMELEN 11 extern const struct fw3_option fw3_zone_opts[]; -- 2.28.0 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel