Re: [nft PATCH] src: check if the set name is too long

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Mar 25, 2014 at 09:41:31AM +0100, Pablo Neira Ayuso wrote:
> On Tue, Mar 25, 2014 at 09:37:24AM +0200, Tomasz Bursztyka wrote:
> > Hi Pablo,
> > 
> > >I sent you a patch, I think it's better if we fix this from
> > >kernel-space.
> > 
> > I think it's also good if we check the length when parsing, as Giuseppe did.
> > Then it reduce the overhead: the error is detected way before we
> > process anything through netlink.
> 
> This is an error case, I don't think we should focus on reducing
> overhead in those scenarios.

Just to extend this. I prefer this limit is also set in kernelspace so
in case we ever remove it, we won't have to wait until a new nft
userspace tool version is released.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux