On 23 August 2017 at 23:58, Jeff Kletsky <jmk@xxxxxxxxxx> wrote: > At least working with the HEAD version of nftables v0.7, current library > versions, and kernel 4.9, > the limits on identifier length that I have determined empirically (I have > not examined the code): > > * chain, set -- 31 characters > * table -- (not examined, but *guessing* 31 characters as well) > > * define -- limit in excess of 65 characters > Yes, we have limits in the name of the objects. Probably raising limits in the future. > The error message when the limit is exceeded for the "in-kernel" chain and > set identifiers is similar to > > nftables.conf:3:1-14: Error: Could not process rule: Numerical result > out of range > flush ruleset > ^^^^^^^^^^^^^^ > You complain again and again about this bug (bad error reporting) but as Pablo told you already, this has been solved. I know the bug is annoying, but this fixed code isn't included in v0.7. Reference: http://git.netfilter.org/nftables/commit/?id=509671dfa03365bba727b8be5e522b737da93a6f -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
