Page MenuHomeVyOS Platform
Create Task
Maniphest T1068

Completion data buffer is too small
Closed, ResolvedPublicBUG
Actions

Description

Shared this on the forum but didn't get much. But i believe I've found the cause and a possible fix.

Here's the forum post for reference:
https://forum.vyos.io/t/1-2-0-rc9-limitation-to-number-of-address-groups/2987?u=xrpixer

I posted in the UBNT forum as well:
https://community.ubnt.com/t5/EdgeRouter/Problem-With-Large-Number-of-Firewall-Groups/m-p/2579665/highlight/false

I originally tested this on a Ubnt EdgeRouter, but was able to reproduce everything in 1.2.0 RC9 and earlier.

Here's the deal:

After you exceed so many address groups, auto-completion doesn't work anymore. It returns this -

set firewall name INSIDE-OUTSIDE rule 1 source group address-group (tab) vbash: unexpected EOF while looking for matching `''
vbash: syntax error: unexpected end of file

Possible completions:
  <text>    Group of addresses

I wrapped the vyatta-cfg autocompletion file with set -, set +, which shown that the output was being truncated and leaving open quotation marks.

++ /opt/vyatta/sbin/my_cli_shell_api -- getCompletionEnv set firewall name INSIDE-OUTSIDE rule 1 source group address-group ''
+ outstr='_cli_shell_api_comp_values=('\''FIREWALLGROUP1'\'' '\''FIREWALLGROUP2'\'' '\''FIREWALLGROUP3'\'' '\''FIREWALLGROUP4'\'' '\''FIREWALLGROUP5'\'' '\''FIREWALLGROUP6'\'' '\''FIREWALLGROUP7'\''
(truncated for readability)
'\''FIREWALLGROUP220'\'' '\''FIREWALLGROUP221'\'' '\''FIR); _cli_shell_api_last_comp_val=true; _cli_shell_api_comp_help='\'''\''; _cli_shell_api_hitems=('\''txt'\'' ); _cli_shell_api_hstrs=('\''Group of addresses'\'' ); '

Notice '\''FIR);
The word firewall is cutoff leaving out the trailing quotes.

So i looked at the source for my_cli_shell_api, aka cli_shell_api and the function getCompletionEnv.
getCompletionEnv uses a cstore function by the same name.
The cstore function references this const -

static const size_t MAX_CMD_OUTPUT_SIZE = 4096;

When i remove the backslashes from the text output that's getting truncated, i get right around 4096 characters. And the name of the const seems obvious.

I'd like to test increasing this value to allow for more address-groups. Though that's where i ran into a wall.
I honestly don't know how to recompile this and test it. C++ has never been my thing.

If someone could help me test, that would be great! Or show me how to recompile and test it.
Either way, this has been a problem for me several times. The autocompletion not working is problematic when you're dealing with large numbers of address groups.

Details

Difficulty level
Unknown (require assessment)
Version
1.2.0 RC9
Why the issue appeared?
Will be filled on close

Event Timeline

xrpixer created this task.Nov 30 2018, 6:12 PM
syncer assigned this task to dmbaturin.Dec 1 2018, 5:53 PM
syncer triaged this task as Normal priority.
syncer edited projects, added VyOS 1.3 Equuleus; removed VyOS 1.2 Crux (VyOS 1.2.0-rc10).
xrpixer added a comment.Jan 11 2019, 5:55 PM

Since the vyos-build readme was updated, i was able to update and test the change I requested above.
It fixes the issue presented above.

Created a pull request. : )

syncer closed this task as Resolved.Jan 11 2019, 5:56 PM
syncer edited projects, added VyOS 1.2 Crux (VyOS 1.2.0-EPA3); removed VyOS 1.3 Equuleus.
syncer moved this task from Needs Triage to Finished on the VyOS 1.2 Crux (VyOS 1.2.0-EPA3) board.
dmbaturin renamed this task from Limitation to How Many Firewall Groups You Can Have to Completion data buffer is too small.Jan 14 2019, 6:18 PM
syncer added a project: VyOS-1.2.0-GA.Jan 25 2019, 2:40 PM