Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > + case NFT_META_IIFKIND: > > + if (in == NULL || in->rtnl_link_ops == NULL) > > + goto err; > > + strncpy((char *)dest, in->rtnl_link_ops->kind, IFNAMSIZ); > > It seems kind can be arbitrarily large, no limitation in its length. Its limited to 60 or 56 bytes it seems: char kind[MODULE_NAME_LEN]; nla_strlcpy(kind, linfo[IFLA_INFO_KIND], sizeof(kind)); (linkinfo_to_kind_ops in rtnetlink.c). > Thinking... > > There is no other way to identify a vft device rather than this > string? The only l3mdev that exists if vrf, right? There is, I suggested this more generic approach, as it would allow to create rules that match on the kind of device used (vrf, ppp, etc.). If you think its too generic, ok.
