<html>
<head>
<base href="https://bugzilla.netfilter.org/" />
</head>
<body><span class="vcard"><a class="email" href="mailto:pablo@netfilter.org" title="Pablo Neira Ayuso <pablo@netfilter.org>"> <span class="fn">Pablo Neira Ayuso</span></a>
</span> changed
<a class="bz_bug_link
bz_status_ASSIGNED "
title="ASSIGNED - Implicit chains and nesting result in parser_bison.y aborting"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1671">bug 1671</a>
<br>
<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>What</th>
<th>Removed</th>
<th>Added</th>
</tr>
<tr>
<td style="text-align:right;">Status</td>
<td>NEW
</td>
<td>ASSIGNED
</td>
</tr></table>
<p>
<div>
<b><a class="bz_bug_link
bz_status_ASSIGNED "
title="ASSIGNED - Implicit chains and nesting result in parser_bison.y aborting"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1671#c1">Comment # 1</a>
on <a class="bz_bug_link
bz_status_ASSIGNED "
title="ASSIGNED - Implicit chains and nesting result in parser_bison.y aborting"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1671">bug 1671</a>
from <span class="vcard"><a class="email" href="mailto:pablo@netfilter.org" title="Pablo Neira Ayuso <pablo@netfilter.org>"> <span class="fn">Pablo Neira Ayuso</span></a>
</span></b>
<pre>Hi,
Recent nft versions provide better error reporting:
# nft -v
nftables v1.0.7 (Old Doc Yak)
# nft -f /tmp/x.nft
test.nft:7:22-22: Error: too many levels of nesting
ip version 4 jump {
^
No plans to add support for more than one level of nesting. This feature should
be possible use only in "leaf" chains in a ruleset (I refer to "leaf" here
assuming you look at the ruleset as a "tree").
If you need more that one nesting level, probably you better look at using
verdict maps, because they use maps in the kernel, which is more convenient
(from performance perspective) way to represent this.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>