rule: larger number of error locations

Statically store up to 32 locations per command, if the number of
locations is larger than 32, then skip rather than hit assertion.

Revisit this later to dynamically store location per command using a
hashtable.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/rule.h b/include/rule.h
index ffe8daab6f1cf760d6c44599693844ef5135b7dd..10e71047fb0731c3eb547b9cbb794e2089129a92 100644 (file)
--- a/include/rule.h
+++ b/include/rule.h
@@ -666,7 +666,7 @@ struct monitor {
 struct monitor *monitor_alloc(uint32_t format, uint32_t type, const char *event);
 void monitor_free(struct monitor *m);
 
-#define NFT_NLATTR_LOC_MAX 8
+#define NFT_NLATTR_LOC_MAX 32
 
 /**
  * struct cmd - command statement

diff --git a/src/rule.c b/src/rule.c
index 4719fd6158f25806f8c5fc6e4e6abf7a56a29600..e57009b23c8e749c588bad83e02ab2baa1039bf7 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -1475,7 +1475,9 @@ struct cmd *cmd_alloc(enum cmd_ops op, enum cmd_obj obj,
 
 void cmd_add_loc(struct cmd *cmd, uint16_t offset, struct location *loc)
 {
-       assert(cmd->num_attrs < NFT_NLATTR_LOC_MAX);
+       if (cmd->num_attrs > NFT_NLATTR_LOC_MAX)
+               return;
+
        cmd->attr[cmd->num_attrs].offset = offset;
        cmd->attr[cmd->num_attrs].location = loc;
        cmd->num_attrs++;