[Bug 1176] New: Invalid identifiers produce unhelpful error messages

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Wed Aug 23 19:46:48 CEST 2017 

https://bugzilla.netfilter.org/show_bug.cgi?id=1176

            Bug ID: 1176
           Summary: Invalid identifiers produce unhelpful error messages
           Product: nftables
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: critical
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: netfilter at allycomm.com

If an identifier (at least for define and chain) is present in a file processed
by nft, the error message returned does not appear to describe either the cause
of the problem, nor the proper location in the file.

As such, it is exceptionally difficult to find and resolve the case of the
problem.

This is further compounded by the lack of documentation on length of
identifiers.

A typical set of error message looks like:

$ sudo nft -c -f nftables.conf     
nftables.conf:3:1-14: Error: Could not process rule: No such file or directory
flush ruleset
^^^^^^^^^^^^^^
nftables.conf:3:1-14: Error: Could not process rule: No such file or directory
flush ruleset
^^^^^^^^^^^^^^
nftables.conf:3:1-14: Error: Could not process rule: No such file or directory
flush ruleset
^^^^^^^^^^^^^^
nftables.conf:3:1-14: Error: Could not process rule: No such file or directory
flush ruleset
^^^^^^^^^^^^^^
nftables.conf:3:1-14: Error: Could not process rule: No such file or directory
flush ruleset
^^^^^^^^^^^^^^
nftables.conf:3:1-14: Error: Could not process rule: No such file or directory
flush ruleset
^^^^^^^^^^^^^^
nftables.conf:3:1-14: Error: Could not process rule: Operation not supported
flush ruleset
^^^^^^^^^^^^^^


I have come to *guess* that at least the "No such file or directory" errors are
due to invalid (over-length) identifiers.  No idea on the "Operation not
supported" error, as of yet.


Expected behavior:
==================

* Invalid identifiers would be caught in the early phases of nft's syntax
validation

* Error messaging would point to the file and line at which the identifier
occurred, not the first "executable" line in the file

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170823/784c1d32/attachment.html>

More information about the netfilter-buglog mailing list