The following series lifts the tight restriction on name length of tables, chains, sets and objects. This is done by allocating memory for names dynamically, so there is no added overhead when reducing the restriction to a mere sanity level of 255 characters. The first patch removes a needless check discovered when discussing v2 of this patch set. The second patch introduces nla_strdup() which aids in duplicating a string contained in a netlink attribute. It is used to replace the call to nla_strlcpy() when populating name fields. I've tested the series manually by creating tables, chains, sets and counter objects with long names and automated by running the py and shell testsuites of nftables repo. Also, kmemleak did not find anything nftables related. Changes since v2: - Added new patch 1. - Patch 2 remains unchanged. - Detailed changelog of remaining patches is found there. Phil Sutter (6): netfilter: nf_tables: No need to check chain existence when tracing networking: Introduce nla_strdup() netfilter: nf_tables: Allow table names of up to 255 chars netfilter: nf_tables: Allow chain name of up to 255 chars netfilter: nf_tables: Allow set names of up to 255 chars netfilter: nf_tables: Allow object names of up to 255 chars include/net/netfilter/nf_tables.h | 10 +-- include/net/netlink.h | 1 + include/uapi/linux/netfilter/nf_tables.h | 9 +-- lib/nlattr.c | 24 +++++++ net/netfilter/nf_tables_api.c | 112 +++++++++++++++++++++++-------- net/netfilter/nf_tables_trace.c | 42 +++++++++--- 6 files changed, 151 insertions(+), 47 deletions(-) -- 2.13.1 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
