ipfilter on AIX doesn't support more than 68 IP's in a single ip-pool

[bshreyas1]

When the number of IP address entries in an ippool crosses 68, then we ipfilter is unable to create this ippool.
As per IBM support: This issue is related to yacc compiler.
Yacc compiler does not have the ability to read a high number of tokens at the same time(as large number of ippools are created).

Reported on ipfilter version:
bash-4.4# ipf -V
ipf: IP Filter: v4.1.13 (480)
Kernel: IP Filter: v4.1.13

[davemq]

Have you tried using any of yacc's options for larger grammars? The AIX yacc man page has these options:

-NnNumber
        Changes the size of the token and nonterminal names array to Number. The default value is 8000. Valid values are only those greater than 8000.
-NmNumber
        Changes the size of the memory states array to Number. Default value is 40000. Valid values are only those greater than 40000.
-NrNumber
        Changes the internal buffer sizes to handle large grammars. The default value is 2000. Valid values are only those greater than 2000.

Maybe try -Nr2500 when using yacc. I think you may need to do something like make YACC='yacc -Nr2500'. You might also need to force make to work by deleting *.o files.

[ishyiko]

diff --git a/usr/sbin/ippool_y.y b/usr/sbin/ippool_y.y
index 89c4f04..d76530c 100644
--- a/usr/sbin/ippool_y.y
+++ b/usr/sbin/ippool_y.y
@@ -49,6 +49,10 @@
 #include "kmem.h"
 
 #define	YYDEBUG	1
+//  YYMAXDEPTH is the maximum size the stacks can grow to
+#ifndef YYMAXDEPTH
+#define YYMAXDEPTH 0x000fffff
+#endif
 
 extern	int	yyparse __P((void));
 extern	int	yydebug;