netfilter: nf_tables: Allow chain name of up to 255 chars

	u16				level;

	u16				level;

	u8				flags:6,

	u8				flags:6,

					genmask:2;

					genmask:2;

	char				name[NFT_CHAIN_MAXNAMELEN];

	char				*name;

};

};

enum nft_chain_type {

enum nft_chain_type {

struct nft_trans_chain {

struct nft_trans_chain {

	bool				update;

	bool				update;

	char				name[NFT_CHAIN_MAXNAMELEN];

	char				*name;

	struct nft_stats __percpu	*stats;

	struct nft_stats __percpu	*stats;

	u8				policy;

	u8				policy;

};

};

#define NFT_NAME_MAXLEN		256

#define NFT_NAME_MAXLEN		256

#define NFT_TABLE_MAXNAMELEN	NFT_NAME_MAXLEN

#define NFT_TABLE_MAXNAMELEN	NFT_NAME_MAXLEN

#define NFT_CHAIN_MAXNAMELEN	32

#define NFT_CHAIN_MAXNAMELEN	NFT_NAME_MAXLEN

#define NFT_SET_MAXNAMELEN	32

#define NFT_SET_MAXNAMELEN	32

#define NFT_OBJ_MAXNAMELEN	32

#define NFT_OBJ_MAXNAMELEN	32

#define NFT_USERDATA_MAXLEN	256

#define NFT_USERDATA_MAXLEN	256

			static_branch_dec(&nft_counters_enabled);

			static_branch_dec(&nft_counters_enabled);

		if (basechain->ops[0].dev != NULL)

		if (basechain->ops[0].dev != NULL)

			dev_put(basechain->ops[0].dev);

			dev_put(basechain->ops[0].dev);

		kfree(chain->name);

		kfree(basechain);

		kfree(basechain);

	} else {

	} else {

		kfree(chain->name);

		kfree(chain);

		kfree(chain);

	}

	}

}

}

			nft_trans_chain_policy(trans) = -1;

			nft_trans_chain_policy(trans) = -1;

		if (nla[NFTA_CHAIN_HANDLE] && name) {

		if (nla[NFTA_CHAIN_HANDLE] && name) {

			nla_strlcpy(nft_trans_chain_name(trans), name,

			nft_trans_chain_name(trans) =

				    NFT_CHAIN_MAXNAMELEN);

				nla_strdup(name, GFP_KERNEL);

			if (!nft_trans_chain_name(trans)) {

				kfree(trans);

				free_percpu(stats);

				return -ENOMEM;

			}

		}

		}

		list_add_tail(&trans->list, &net->nft.commit_list);

		list_add_tail(&trans->list, &net->nft.commit_list);

		return 0;

		return 0;

	INIT_LIST_HEAD(&chain->rules);

	INIT_LIST_HEAD(&chain->rules);

	chain->handle = nf_tables_alloc_handle(table);

	chain->handle = nf_tables_alloc_handle(table);

	chain->table = table;

	chain->table = table;

	nla_strlcpy(chain->name, name, NFT_CHAIN_MAXNAMELEN);

	chain->name = nla_strdup(name, GFP_KERNEL);

	if (!chain->name) {

		err = -ENOMEM;

		goto err1;

	}

	err = nf_tables_register_hooks(net, table, chain, afi->nops);

	err = nf_tables_register_hooks(net, table, chain, afi->nops);

	if (err < 0)

	if (err < 0)

struct nft_rule_dump_ctx {

struct nft_rule_dump_ctx {

	char *table;

	char *table;

	char chain[NFT_CHAIN_MAXNAMELEN];

	char *chain;

};

};

static int nf_tables_dump_rules(struct sk_buff *skb,

static int nf_tables_dump_rules(struct sk_buff *skb,

	if (ctx) {

	if (ctx) {

		kfree(ctx->table);

		kfree(ctx->table);

		kfree(ctx->chain);

		kfree(ctx);

		kfree(ctx);

	}

	}

	return 0;

	return 0;

					return -ENOMEM;

					return -ENOMEM;

				}

				}

			}

			}

			if (nla[NFTA_RULE_CHAIN])

			if (nla[NFTA_RULE_CHAIN]) {

				nla_strlcpy(ctx->chain, nla[NFTA_RULE_CHAIN],

				ctx->chain = nla_strdup(nla[NFTA_RULE_CHAIN],

					    sizeof(ctx->chain));

							GFP_KERNEL);

				if (!ctx->chain) {

					kfree(ctx->table);

					kfree(ctx);

					return -ENOMEM;

				}

			}

			c.data = ctx;

			c.data = ctx;

		}

		}

{

{

	struct nft_base_chain *basechain;

	struct nft_base_chain *basechain;

	if (nft_trans_chain_name(trans)[0])

	if (nft_trans_chain_name(trans))

		strcpy(trans->ctx.chain->name, nft_trans_chain_name(trans));

		strcpy(trans->ctx.chain->name, nft_trans_chain_name(trans));

	if (!nft_is_base_chain(trans->ctx.chain))

	if (!nft_is_base_chain(trans->ctx.chain))

			    NFTA_TRACE_PAD);

			    NFTA_TRACE_PAD);

}

}

static bool nft_trace_have_verdict_chain(struct nft_traceinfo *info)

{

	switch (info->type) {

	case NFT_TRACETYPE_RETURN:

	case NFT_TRACETYPE_RULE:

		break;

	default:

		return false;

	}

	switch (info->verdict->code) {

	case NFT_JUMP:

	case NFT_GOTO:

		break;

	default:

		return false;

	}

	return true;

}

void nft_trace_notify(struct nft_traceinfo *info)

void nft_trace_notify(struct nft_traceinfo *info)

{

{

	const struct nft_pktinfo *pkt = info->pkt;

	const struct nft_pktinfo *pkt = info->pkt;

	size = nlmsg_total_size(sizeof(struct nfgenmsg)) +

	size = nlmsg_total_size(sizeof(struct nfgenmsg)) +

		nla_total_size(strlen(info->chain->table->name)) +

		nla_total_size(strlen(info->chain->table->name)) +

		nla_total_size(NFT_CHAIN_MAXNAMELEN) +

		nla_total_size(strlen(info->chain->name)) +

		nla_total_size_64bit(sizeof(__be64)) +	/* rule handle */

		nla_total_size_64bit(sizeof(__be64)) +	/* rule handle */

		nla_total_size(sizeof(__be32)) +	/* trace type */

		nla_total_size(sizeof(__be32)) +	/* trace type */

		nla_total_size(0) +			/* VERDICT, nested */

		nla_total_size(0) +			/* VERDICT, nested */

			nla_total_size(sizeof(u32)) +	/* verdict code */

			nla_total_size(sizeof(u32)) +	/* verdict code */

			nla_total_size(NFT_CHAIN_MAXNAMELEN) + /* jump target */

		nla_total_size(sizeof(u32)) +		/* id */

		nla_total_size(sizeof(u32)) +		/* id */

		nla_total_size(NFT_TRACETYPE_LL_HSIZE) +

		nla_total_size(NFT_TRACETYPE_LL_HSIZE) +

		nla_total_size(NFT_TRACETYPE_NETWORK_HSIZE) +

		nla_total_size(NFT_TRACETYPE_NETWORK_HSIZE) +

		nla_total_size(sizeof(u32)) +		/* nfproto */

		nla_total_size(sizeof(u32)) +		/* nfproto */

		nla_total_size(sizeof(u32));		/* policy */

		nla_total_size(sizeof(u32));		/* policy */

	if (nft_trace_have_verdict_chain(info))

		size += nla_total_size(strlen(info->verdict->chain->name)); /* jump target */

	skb = nlmsg_new(size, GFP_ATOMIC);

	skb = nlmsg_new(size, GFP_ATOMIC);

	if (!skb)

	if (!skb)

		return;

		return;