parse-util: extend the maximum length of nftable identifiers

Since kernel v4.14, more specifically, after the following four commits,
https://github.com/torvalds/linux/commit/e46abbcc05aa8a16b0e7f5c94e86d11af9aa2770
https://github.com/torvalds/linux/commit/b7263e071aba736cea9e71cdf2e76dfa7aebd039
https://github.com/torvalds/linux/commit/387454901bd62022ac1b04e15bd8d4fcc60bbed4
https://github.com/torvalds/linux/commit/615095752100748e221028fc96163c2b78185ae4
the maximum length of nftable identifiers are extended to 255.

Now, our kernel baseline is 5.4, hence we can freely use the extended
name length.

This also modernizes code a bit, and adds test cases.

Closes #36542.

diff --git a/src/basic/parse-util.c b/src/basic/parse-util.c
index faa5344921c40f69ce9e045cb6011355d433aa7b..2869a51aaa8c0b074e9e63021d5512b96e9eb029 100644 (file)
--- a/src/basic/parse-util.c
+++ b/src/basic/parse-util.c
@@ -3,6 +3,7 @@
 #include <errno.h>
 #include <inttypes.h>
 #include <linux/ipv6.h>
+#include <linux/netfilter/nf_tables.h>
 #include <net/if.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -777,18 +778,14 @@ int parse_loadavg_fixed_point(const char *s, loadavg_t *ret) {
 /* Limitations are described in https://www.netfilter.org/projects/nftables/manpage.html and
  * https://bugzilla.netfilter.org/show_bug.cgi?id=1175 */
 bool nft_identifier_valid(const char *id) {
-        if (!id)
+        if (isempty(id))
                 return false;
 
-        size_t len = strlen(id);
-        if (len == 0 || len > 31)
+        if (strlen(id) >= NFT_NAME_MAXLEN)
                 return false;
 
         if (!ascii_isalpha(id[0]))
                 return false;
 
-        for (size_t i = 1; i < len; i++)
-                if (!ascii_isalpha(id[i]) && !ascii_isdigit(id[i]) && !IN_SET(id[i], '/', '\\', '_', '.'))
-                        return false;
-        return true;
+        return in_charset(id + 1, ALPHANUMERICAL "/\\_.");
 }

diff --git a/src/test/test-parse-util.c b/src/test/test-parse-util.c
index 10297ae0535327c220bb4d2a1d127d46eeee2bf6..a2bb8cf3c3cc4679a0e137af0bef6c0ea71ebc10 100644 (file)
--- a/src/test/test-parse-util.c
+++ b/src/test/test-parse-util.c
@@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */
 
 #include <errno.h>
+#include <linux/netfilter/nf_tables.h>
 #include <locale.h>
 #include <math.h>
 #include <sys/socket.h>
@@ -896,4 +897,21 @@ TEST(parse_loadavg_fixed_point) {
         ASSERT_ERROR(parse_loadavg_fixed_point("", &fp), EINVAL);
 }
 
+TEST(nft_identifier_valid) {
+        ASSERT_TRUE(nft_identifier_valid("a"));
+        ASSERT_TRUE(nft_identifier_valid("abc"));
+        ASSERT_TRUE(nft_identifier_valid("abc"));
+        ASSERT_TRUE(nft_identifier_valid("a012/_\\."));
+
+        ASSERT_FALSE(nft_identifier_valid(NULL));
+        ASSERT_FALSE(nft_identifier_valid(""));
+        ASSERT_FALSE(nft_identifier_valid("1234"));
+        ASSERT_FALSE(nft_identifier_valid("1xyz"));
+        ASSERT_FALSE(nft_identifier_valid("abc?&*"));
+
+        char s[NFT_NAME_MAXLEN+1];
+        *(char*) mempset(s, 'a', NFT_NAME_MAXLEN) = '\0';
+        ASSERT_FALSE(nft_identifier_valid(s));
+}
+
 DEFINE_TEST_MAIN(LOG_INFO);