rule: larger number of error locations

Statically store up to 32 locations per command, if the number of
locations is larger than 32, then skip rather than hit assertion.

Revisit this later to dynamically store location per command using a
hashtable.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

2 files changed, 4 insertions, 2 deletions

diff --git a/include/rule.h b/include/rule.h
index ffe8daab..10e71047 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -666,7 +666,7 @@ struct monitor {
 struct monitor *monitor_alloc(uint32_t format, uint32_t type, const char *event);
 void monitor_free(struct monitor *m);
 
-#define NFT_NLATTR_LOC_MAX 8
+#define NFT_NLATTR_LOC_MAX 32
 
 /**
  * struct cmd - command statement
diff --git a/src/rule.c b/src/rule.c
index 4719fd61..e57009b2 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1475,7 +1475,9 @@ struct cmd *cmd_alloc(enum cmd_ops op, enum cmd_obj obj,
 
 void cmd_add_loc(struct cmd *cmd, uint16_t offset, struct location *loc)
 {
-	assert(cmd->num_attrs < NFT_NLATTR_LOC_MAX);
+	if (cmd->num_attrs > NFT_NLATTR_LOC_MAX)
+		return;
+
 	cmd->attr[cmd->num_attrs].offset = offset;
 	cmd->attr[cmd->num_attrs].location = loc;
 	cmd->num_attrs++;