Shared this on the forum but didn't get much. But i believe I've found the cause and a possible fix.
Here's the forum post for reference:
https://forum.vyos.io/t/1-2-0-rc9-limitation-to-number-of-address-groups/2987?u=xrpixer
I posted in the UBNT forum as well:
https://community.ubnt.com/t5/EdgeRouter/Problem-With-Large-Number-of-Firewall-Groups/m-p/2579665/highlight/false
I originally tested this on a Ubnt EdgeRouter, but was able to reproduce everything in 1.2.0 RC9 and earlier.
Here's the deal:
After you exceed so many address groups, auto-completion doesn't work anymore. It returns this -
set firewall name INSIDE-OUTSIDE rule 1 source group address-group (tab) vbash: unexpected EOF while looking for matching `'' vbash: syntax error: unexpected end of file Possible completions: <text> Group of addresses
I wrapped the vyatta-cfg autocompletion file with set -, set +, which shown that the output was being truncated and leaving open quotation marks.
++ /opt/vyatta/sbin/my_cli_shell_api -- getCompletionEnv set firewall name INSIDE-OUTSIDE rule 1 source group address-group '' + outstr='_cli_shell_api_comp_values=('\''FIREWALLGROUP1'\'' '\''FIREWALLGROUP2'\'' '\''FIREWALLGROUP3'\'' '\''FIREWALLGROUP4'\'' '\''FIREWALLGROUP5'\'' '\''FIREWALLGROUP6'\'' '\''FIREWALLGROUP7'\'' (truncated for readability) '\''FIREWALLGROUP220'\'' '\''FIREWALLGROUP221'\'' '\''FIR); _cli_shell_api_last_comp_val=true; _cli_shell_api_comp_help='\'''\''; _cli_shell_api_hitems=('\''txt'\'' ); _cli_shell_api_hstrs=('\''Group of addresses'\'' ); '
Notice '\''FIR);
The word firewall is cutoff leaving out the trailing quotes.
So i looked at the source for my_cli_shell_api, aka cli_shell_api and the function getCompletionEnv.
getCompletionEnv uses a cstore function by the same name.
The cstore function references this const -
static const size_t MAX_CMD_OUTPUT_SIZE = 4096;
When i remove the backslashes from the text output that's getting truncated, i get right around 4096 characters. And the name of the const seems obvious.
I'd like to test increasing this value to allow for more address-groups. Though that's where i ran into a wall.
I honestly don't know how to recompile this and test it. C++ has never been my thing.
If someone could help me test, that would be great! Or show me how to recompile and test it.
Either way, this has been a problem for me several times. The autocompletion not working is problematic when you're dealing with large numbers of address groups.