From aef75641d196ddc199df35092823f178b998a6a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20Falgueras=20Garc=C3=ADa?= <carlosfg@riseup.net>
Date: Mon, 30 May 2016 18:35:40 +0200
Subject: parser: cap comment length to 128 bytes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Pablo rewrites this description to:

"The user data area available is 256 bytes (NFT_USERDATA_MAXLEN). We plan
to allow storing other useful information such as datatypes in set
elements, so make sure there is room for this."

Example:
> nft add table t
> nft add chain t c
> nft add rule t c ip saddr 1.1.1.1 counter comment "abc...xyz" # len > 128
<cmdline>:1:47-N: Error: Comment too long. 128 characters maximum allowed
add rule t c ip saddr 1.1.1.1 counter comment abc...xyz
                                              ^^^^^^^^^

Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/rule.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'include/rule.h')

diff --git a/include/rule.h b/include/rule.h
index bd24648d..7e8daac9 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -428,4 +428,6 @@ enum udata_type {
 };
 #define UDATA_TYPE_MAX (__UDATA_TYPE_MAX - 1)
 
+#define UDATA_COMMENT_MAXLEN 128
+
 #endif /* NFTABLES_RULE_H */
-- 
cgit v1.2.3