Network interface name longer than 12 chars and include it in firewall zone brick router

openwrt / luci

LuCI - OpenWrt Configuration Interface

Apache License 2.0

6.38k stars 2.53k forks source link

Network interface name longer than 12 chars and include it in firewall zone brick router #2740

Open rcalpha opened 5 years ago

rcalpha commented 5 years ago

If you create a new Network interface with a name longer than 12 characters, and then you include this in a firewall zone (new or existing), then apply the change, it will brick the router.

To recover, enter fail safe mode, delete this interface and firewall zone

jow- commented 5 years ago

Sounds like something that should be fixed in OpenWrt core.

hnyman commented 5 years ago

Reference to bug report & discussion from year 2015 in the old OpenWrt bug tracker: https://dev.archive.openwrt.org/ticket/20380.html

(limitations from core Linux, which we do not enforce in Openwrt config)

ghost commented 5 years ago

Core limit is 16 characters though and not 12

jow- commented 5 years ago

Probably depends on the protocol and thus on the interface prefix length br-..., 6in4-..., pppoe-... etc.

ghost commented 5 years ago

right, those prefixes.

Oh, then there is anyway the hint in LuCI

Maximum length of the name is 15 characters including the automatic protocol/bridge prefix (br-, 6in4-, pppoe- etc.)

hnyman commented 5 years ago

Oh, then there is anyway the hint in LuCI

Yep. I added that as a quick&dirty fix/advice after discussion in that ticket20380 and LuCI issue #507 with https://github.com/openwrt/luci/commit/b1217c88c3566c1bd726bce9203da591af564bcf

I also added in 2015 the enforcement of only 11 chars for zone name in LuCI with https://github.com/openwrt/luci/commit/87b6bb0dafbbe46dc7669356ac3db24aa975c4b7 , but that is naturally not enforced on the main OpenWrt uci side, so you can edit the config file manually and have a longer name anyway...

As the real allowed interface name length depends on the protocol (which can be changed), it would be hard to set a 100% proof limit unless we shorten the allowed name quite much.

Alex85pro commented 5 years ago

вс, 2 июня 2019 г. в 20:30, Hannu Nyman notifications@github.com:

Oh, then there is anyway the hint in LuCI

Yep. I added that as a quick&dirty fix/advice after discussion in that ticket20380 and LuCI issue #507 with b1217c8

I also added in 2015 the enforcement of only 11 chars for zone name in LuCI with 87b6bb0 , but that is naturally not enforced on the main OpenWrt uci side, so you can edit the config file manually and have a longer name anyway...

As the real allowed interface name length depends on the protocol (which can be changed), it would be hard to set a 100% proof limit unless we shorten the allowed name quite much.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

--

С уважением,

Александр aka Alex85pro My contacts:

*моб.* 093-361-54-81 Skype alex85pro