Bug 257270

Summary: 32 character limit in pf/firewall "PF_TABLE_NAME_SIZE". Can it be increased?
Product: Base System Reporter: Valentino <netskyvc>
Component: miscAssignee: freebsd-pf (Nobody) <pf>
Status: Closed Not Accepted    
Severity: Affects Some People CC: kp
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   

Description Valentino 2021-07-19 08:57:14 UTC 
Hello everyone!

I'm coming from OPNsense and already asked my question there:
https://forum.opnsense.org/index.php?topic=23972.0

Franco (Lead-dev OPNsense) directed me to you, as it seems to be a limit in the pf-code.
https://github.com/opnsense/src/blob/17a61782d3b8d86464d5bdc38483ee8a0ac6a4f9/sys/netpfil/pf/pf.h#L185

Is there any reason why aliases are limited to 32 characters in total? Could it be increased or will it break code/performance?

We have a use-case which would require more than 32 chars in the alias name, probably double (64) for good measure.

Thank you in advance and thank you for your continuos work on FreeBSD!
Comment 1 Kristof Provost freebsd_committer freebsd_triage 2021-07-19 18:13:53 UTC 
That'd change the ABI, breaking all old userspace binaries.
We're not doing that.

Long term this may perhaps become possible, if all calls get converted over to using nvlists. Some have already been done, but there's no expectation that they'll all get done anytime soon (or at all), so do not expect this change.