[Bug 1671] Implicit chains and nesting result in parser_bison.y aborting
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Sat Apr 8 20:03:47 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1671
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Hi,
Recent nft versions provide better error reporting:
# nft -v
nftables v1.0.7 (Old Doc Yak)
# nft -f /tmp/x.nft
test.nft:7:22-22: Error: too many levels of nesting
ip version 4 jump {
^
No plans to add support for more than one level of nesting. This feature should
be possible use only in "leaf" chains in a ruleset (I refer to "leaf" here
assuming you look at the ruleset as a "tree").
If you need more that one nesting level, probably you better look at using
verdict maps, because they use maps in the kernel, which is more convenient
(from performance perspective) way to represent this.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230408/b682d181/attachment.html>
More information about the netfilter-buglog
mailing list