Le 19/01/2017 à 15:41, Liping Zhang a écrit :
The nft table name's size is limited at this place:
static const struct nla_policy nft_table_policy[NFTA_TABLE_MAX + 1] = {
[NFTA_TABLE_NAME] = { .type = NLA_STRING,
.len =
NFT_TABLE_MAXNAMELEN - 1 },
If NFTA_CHAIN_TABLE's size exceeded 31, nf_tables_table_lookup will
fail eventually.
Why ? :
typedef unsigned short __u16; // minimum MaxValue = 65535
/*
* <------- NLA_HDRLEN ------> <-- NLA_ALIGN(payload)-->
* +---------------------+- - -+- - - - - - - - - -+- - -+
* | Header | Pad | Payload | Pad |
* | (struct nlattr) | ing | | ing |
* +---------------------+- - -+- - - - - - - - - -+- - -+
* <-------------- nlattr->nla_len --------------> // Payload minimum
MaxValue = 65535 - (at least)32 = 65503
*/
struct nlattr {
__u16 nla_len;
__u16 nla_type;
};
#define NFT_SET_MAXNAMELEN 32 // <- Why 32 ? Why not 65535 or 65503
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
