parse-util: extend the maximum length of nftable identifiers

Since kernel v4.14, more specifically, after the following four commits, e46abbcc05 b7263e071a 387454901b 6150957521 the maximum length of nftable identifiers are extended to 255. Now, our kernel baseline is 5.4, hence we can freely use the extended name length. This also modernizes code a bit, and adds test cases. Closes #36542.
2025-03-28 02:50:16 +03:00 · 2025-02-28 02:28:41 +09:00 · 2025-02-28 02:28:41 +09:00 · 78f2c17454
commit 78f2c17454
parent b8358967e6
2 changed files with 22 additions and 7 deletions
--- a/src/basic/parse-util.c
+++ b/src/basic/parse-util.c
@ -3,6 +3,7 @@
 #include <errno.h>
 #include <inttypes.h>
 #include <linux/ipv6.h>
+#include <linux/netfilter/nf_tables.h>
 #include <net/if.h>
 #include <stdio.h>
 #include <stdlib.h>
@ -777,18 +778,14 @@ int parse_loadavg_fixed_point(const char *s, loadavg_t *ret) {
 /* Limitations are described in https://www.netfilter.org/projects/nftables/manpage.html and
 * https://bugzilla.netfilter.org/show_bug.cgi?id=1175 */
 bool nft_identifier_valid(const char *id) {
-        if (!id)
+        if (isempty(id))
                return false;

-        size_t len = strlen(id);
-        if (len == 0 || len > 31)
+        if (strlen(id) >= NFT_NAME_MAXLEN)
                return false;

        if (!ascii_isalpha(id[0]))
                return false;

-        for (size_t i = 1; i < len; i++)
-                if (!ascii_isalpha(id[i]) && !ascii_isdigit(id[i]) && !IN_SET(id[i], '/', '\\', '_', '.'))
-                        return false;
-        return true;
+        return in_charset(id + 1, ALPHANUMERICAL "/\\_.");
 }
--- a/src/test/test-parse-util.c
+++ b/src/test/test-parse-util.c
@ -1,6 +1,7 @@
 /* SPDX-License-Identifier: LGPL-2.1-or-later */

 #include <errno.h>
+#include <linux/netfilter/nf_tables.h>
 #include <locale.h>
 #include <math.h>
 #include <sys/socket.h>
@ -896,4 +897,21 @@ TEST(parse_loadavg_fixed_point) {
        ASSERT_ERROR(parse_loadavg_fixed_point("", &fp), EINVAL);
 }

+TEST(nft_identifier_valid) {
+        ASSERT_TRUE(nft_identifier_valid("a"));
+        ASSERT_TRUE(nft_identifier_valid("abc"));
+        ASSERT_TRUE(nft_identifier_valid("abc"));
+        ASSERT_TRUE(nft_identifier_valid("a012/_\\."));
+
+        ASSERT_FALSE(nft_identifier_valid(NULL));
+        ASSERT_FALSE(nft_identifier_valid(""));
+        ASSERT_FALSE(nft_identifier_valid("1234"));
+        ASSERT_FALSE(nft_identifier_valid("1xyz"));
+        ASSERT_FALSE(nft_identifier_valid("abc?&*"));
+
+        char s[NFT_NAME_MAXLEN+1];
+        *(char*) mempset(s, 'a', NFT_NAME_MAXLEN) = '\0';
+        ASSERT_FALSE(nft_identifier_valid(s));
+}
+
 DEFINE_TEST_MAIN(LOG_INFO);