Add explanation of maximum zone length

Signed-off-by: Tom Eastep <teastep@shorewall.net> git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9690 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-22 23:53:30 +01:00 · 2009-03-15 15:54:29 +00:00 · 2009-03-15 15:54:29 +00:00 · fc3a2fc386
commit fc3a2fc386
parent 8dd7895609
3 changed files with 85 additions and 2 deletions
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -281,7 +281,8 @@ our %validlevels;
 #                       initialize() function does globals initialization for this
 #                       module and is called from an INIT block below. The function is
 #                       also called by Shorewall::Compiler::compiler at the beginning of
-#                       the second and subsequent calls to that function.
+#                       the second and subsequent calls to that function and when compiling
+#                       for IPv6.
 #
 sub initialize( $ ) {
    $family = shift;
--- a/manpages/shorewall-zones.xml
+++ b/manpages/shorewall-zones.xml
@ -1,4 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
+"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
 <refentry>
  <refmeta>
    <refentrytitle>shorewall-zones</refentrytitle>
@ -44,6 +46,46 @@
          default LOGFORMAT, zone names can be at most 5 characters
          long.</para>

+          <blockquote>
+            <para>The maximum length of an iptables log prefix is 29 bytes. As
+            explained in <ulink
+            url="shorewall.conf.html">shorewall.conf</ulink> (5), the default
+            LOGPREFIX formatting string is “Shorewall:%s:%s:” where the first
+            %s is replaced by the chain name and the second is replaced by the
+            disposition.</para>
+
+            <itemizedlist>
+              <listitem>
+                <para>The default formatting string has 12 fixed characters
+                ("Shorewall" and three colons).</para>
+              </listitem>
+
+              <listitem>
+                <para>The longest of the standard dispositions are ACCEPT and
+                REJECT which have 6 characters each.</para>
+              </listitem>
+
+              <listitem>
+                <para>The canonical name for the chain containing the rules
+                for traffic going from zone 1 to zone 2 is "&lt;zone
+                1&gt;2&lt;zone 2&gt;".</para>
+              </listitem>
+
+              <listitem>
+                <para>So if M is the maximum zone name length, such chains can
+                have length 2*M + 1.</para>
+
+                <simplelist>
+                  <member>12 + 6 + 2*M + 1 = 29 which reduces to</member>
+
+                  <member>2*M = 29 - 12 - 6 = 11 or</member>
+
+                  <member>M = 5</member>
+                </simplelist>
+              </listitem>
+            </itemizedlist>
+          </blockquote>
+
          <para>The order in which Shorewall matches addresses from packets to
          zones is determined by the order of zone declarations. Where a zone
          is nested in one or more other zones, you may either ensure that the
@ -258,4 +300,4 @@ c:a,b     ipv4</programlisting>
    shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
    shorewall-tos(5), shorewall-tunnels(5)</para>
  </refsect1>
-</refentry>
+</refentry>
--- a/manpages6/shorewall6-zones.xml
+++ b/manpages6/shorewall6-zones.xml
@ -46,6 +46,46 @@
          default LOGFORMAT, zone names can be at most 5 characters
          long.</para>

+          <blockquote>
+            <para>The maximum length of an iptables log prefix is 29 bytes. As
+            explained in <ulink
+            url="shorewall.conf.html">shorewall6.conf</ulink> (5), the default
+            LOGPREFIX formatting string is “Shorewall:%s:%s:” where the first
+            %s is replaced by the chain name and the second is replaced by the
+            disposition.</para>
+
+            <itemizedlist>
+              <listitem>
+                <para>The default formatting string has 12 fixed characters
+                ("Shorewall" and three colons).</para>
+              </listitem>
+
+              <listitem>
+                <para>The longest of the standard dispositions are ACCEPT and
+                REJECT which have 6 characters each.</para>
+              </listitem>
+
+              <listitem>
+                <para>The canonical name for the chain containing the rules
+                for traffic going from zone 1 to zone 2 is "&lt;zone
+                1&gt;2&lt;zone 2&gt;".</para>
+              </listitem>
+
+              <listitem>
+                <para>So if M is the maximum zone name length, such chains can
+                have length 2*M + 1.</para>
+
+                <simplelist>
+                  <member>12 + 6 + 2*M + 1 = 29 which reduces to</member>
+
+                  <member>2*M = 29 - 12 - 6 = 11 or</member>
+
+                  <member>M = 5</member>
+                </simplelist>
+              </listitem>
+            </itemizedlist>
+          </blockquote>
+
          <para>The order in which Shorewall6 matches addresses from packets
          to zones is determined by the order of zone declarations. Where a
          zone is nested in one or more other zones, you may either ensure