[Bug 1175] New: Document limitations on identifier names

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Wed Aug 23 19:40:05 CEST 2017


            Bug ID: 1175
           Summary: Document limitations on identifier names
           Product: nftables
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: netfilter at allycomm.com

I understand that some of the functionality within nftables requires
identifiers to be available within kernel structures and that there needs to be
a "reasonable" limit on the lengths of those identifiers.

Unfortunately, these limits are not only poorly documented, but also result in
"meaningless" error messages, such as

nftables.conf:3:1-14: Error: Could not process rule: No such file or directory
flush ruleset

(Error messaging to be the subject of another issue)

In searching the "official" documentation, there is little to describe the
limits on length.






(define syntax described here -- nothing)


"Current maximum name length is 16 characters."

(assumed to apply to sets and not necessarily other identifiers, especially
given the man page description of "identifiers")





Identifiers begin with an alphabetic character (a-z,A-Z), followed zero or more
alphanumeric characters (a-z,A-Z,0-9) and the characters slash (/), backslash
(\), underscore (_) and dot (.). Identifiers using different characters or
clashing with a keyword need to be enclosed in double quotes (").





You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170823/00b575d9/attachment.html>

More information about the netfilter-buglog mailing list