Remove NFT_NETDEVICE_MAX (256) artificial cap on the maximum number of
netdevices that are allowed per chain/flowtable.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
v4: new in this series
include/net/netfilter/nf_tables.h | 2 --
net/netfilter/nf_tables_api.c | 8 +-------
2 files changed, 1 insertion(+), 9 deletions(-)
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 262dc17d2c0b..552e19ba4f43 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -1344,8 +1344,6 @@ struct nft_object_ops {
int nft_register_obj(struct nft_object_type *obj_type);
void nft_unregister_obj(struct nft_object_type *obj_type);
-#define NFT_NETDEVICE_MAX 256
-
/**
* struct nft_flowtable - nf_tables flow table
*
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index c82113d49868..d3a5f7fe675f 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1978,7 +1978,7 @@ static int nf_tables_parse_netdev_hooks(struct net *net,
{
struct nft_hook *hook, *next;
const struct nlattr *tmp;
- int rem, n = 0, err;
+ int rem, err;
nla_for_each_nested(tmp, attr, rem) {
if (nla_type(tmp) != NFTA_DEVICE_NAME) {
@@ -1999,12 +1999,6 @@ static int nf_tables_parse_netdev_hooks(struct net *net,
goto err_hook;
}
list_add_tail(&hook->list, hook_list);
- n++;
-
- if (n == NFT_NETDEVICE_MAX) {
- err = -EFBIG;
- goto err_hook;
- }
}
return 0;
--
2.30.2
