netfilter buglog - Aug 2017 - [Bug 1175] New: Document limitations on identifier names

https://bugzilla.netfilter.org/show_bug.cgi?id=1175

            Bug ID: 1175
           Summary: Document limitations on identifier names
           Product: nftables
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: netfilter at allycomm.com

I understand that some of the functionality within nftables requires
identifiers to be available within kernel structures and that there needs to be
a "reasonable" limit on the lengths of those identifiers.

Unfortunately, these limits are not only poorly documented, but also result in
"meaningless" error messages, such as

nftables.conf:3:1-14: Error: Could not process rule: No such file or directory
flush ruleset
^^^^^^^^^^^^^^

(Error messaging to be the subject of another issue)

In searching the "official" documentation, there is little to describe
the
limits on length.

==<https://wiki.nftables.org/wiki-nftables/index.php/Configuring_tables>

(nothing)

==<https://wiki.nftables.org/wiki-nftables/index.php/Configuring_chains>

(nothing)

==<https://wiki.nftables.org/wiki-nftables/index.php/Scripting>

(define syntax described here -- nothing)

==<https://wiki.nftables.org/wiki-nftables/index.php/Sets>

"Current maximum name length is 16 characters."

(assumed to apply to sets and not necessarily other identifiers, especially
given the man page description of "identifiers")

==<https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes>

(nothing)

==<http://www.netfilter.org/projects/nftables/manpage.html>

Under LEXICAL CONVENTIONS

Identifiers begin with an alphabetic character (a-z,A-Z), followed zero or more
alphanumeric characters (a-z,A-Z,0-9) and the characters slash (/), backslash
(\), underscore (_) and dot (.). Identifiers using different characters or
clashing with a keyword need to be enclosed in double quotes (").

Under SYMBOLIC VARIABLES

(nothing)

Under TABLES, CHAINS

(nothing)

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170823/00b575d9/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1175

--- Comment #1 from Jeff Kletsky <netfilter at allycomm.com> ---
The limit on set identifiers appears to be 31 characters, conflicting with the
wiki on this point. It also appears that the limit on chain identifiers is also
31 characters.

The limit on define identifiers ("variable names") appears to be
somewhere in
excess of 65 characters.

~/build/nftables$ git log -1
commit d74eed8c9649e9278b69f2cd0fd92f71e3e19cfb (HEAD -> master, tag:
2017-08-19, origin/master, origin/HEAD)
Author: Varsha Rao <rvarsha016 at gmail.com>
Date:   Wed Aug 16 19:48:17 2017 +0530


$ cat nftables.conf 
#!/usr/sbin/nft -f

flush ruleset

table inet global {

    define identifier123456789212345678931234567894123456789512345678961234. one
    define identifier123456789212345678931234567894123456789512345678961234_ one


    chain prerouting12345678921234567893. {
        type filter hook prerouting priority -175
    }

    chain prerouting12345678921234567893_ {
        type filter hook prerouting priority -50
    }

    set identifier12345678921234567893. {
        type inet_service
    }

    set identifier12345678921234567893_ {
        type inet_service
    }

}

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170823/71a4df12/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1175

kfm at plushkava.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kfm at plushkava.net

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200128/add99de1/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1175

kfm at plushkava.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           See Also|                            |https://bugzilla.netfilter.
                   |                            |org/show_bug.cgi?id=1283

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200828/500b6452/attachment.html>