[PATCH nf-next,v6 7/7] netfilter: nf_tables: remove artificial cap on maximum number of netdevices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Remove NFT_NETDEVICE_MAX (256) artificial cap on the maximum number of
netdevices that are allowed per chain/flowtable.

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
v6: no changes

 include/net/netfilter/nf_tables.h | 2 --
 net/netfilter/nf_tables_api.c     | 8 +-------
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 262dc17d2c0b..552e19ba4f43 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -1344,8 +1344,6 @@ struct nft_object_ops {
 int nft_register_obj(struct nft_object_type *obj_type);
 void nft_unregister_obj(struct nft_object_type *obj_type);
 
-#define NFT_NETDEVICE_MAX	256
-
 /**
  *	struct nft_flowtable - nf_tables flow table
  *
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 1cf52af26ba6..0e072b2365df 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1978,7 +1978,7 @@ static int nf_tables_parse_netdev_hooks(struct net *net,
 {
 	struct nft_hook *hook, *next;
 	const struct nlattr *tmp;
-	int rem, n = 0, err;
+	int rem, err;
 
 	nla_for_each_nested(tmp, attr, rem) {
 		if (nla_type(tmp) != NFTA_DEVICE_NAME) {
@@ -1999,12 +1999,6 @@ static int nf_tables_parse_netdev_hooks(struct net *net,
 			goto err_hook;
 		}
 		list_add_tail(&hook->list, hook_list);
-		n++;
-
-		if (n == NFT_NETDEVICE_MAX) {
-			err = -EFBIG;
-			goto err_hook;
-		}
 	}
 
 	return 0;
-- 
2.30.2




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux