Hi Phil,
On Wed, Jan 16, 2019 at 07:46:13PM +0100, Phil Sutter wrote:
> Nftables claims to allow arbitrary names for ruleset elements (tables,
> chains, objects) but suffers from the known problem of lex/yacc trying
> to interpret those as keywords. As a workaround, users may quote their
> names. Sadly this wasn't supported in most cases and this patch lifts
> this restriction.
>
> In order to not print rulesets which are not accepted anymore by 'nft
> -f' command, unconditionally quote all names on output.
>
> Note that the same problem existed for interface names. I've tested for
> those to work in both netdev family chains and flowtable definitions,
> though automatic testing is troublesome since they must exist (and I'm
> not sure if test scripts should call iproute2 to add an interface with a
> crafted name).
This is what we are supporting natively, probably not well documented:
commit 57ecffc9d1e551ecc0546806ca9c008e93c2ecf3
Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Date: Tue Aug 16 23:22:51 2016 +0200
scanner: allow strings starting by underscores and dots
POSIX.1-2008 (which is simultaneously IEEE Std 1003.1-2008) says:
"The set of characters from which portable filenames are constructed.
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 . _ -"
I think we can just document this or you need this sort of
flexibility. We can also allow for keywords to be used as names, which
is what is left behind...
We can of course decide to go for quotes as you propose, this was so
far the only exception since all other user-defined values from rules
are always assumed to enclosed in quotes.
