bugzilla-daemon at netfilter.org
2019-Mar-30 19:15 UTC
[Bug 1330] New: Parse error for importing set with netmask
https://bugzilla.netfilter.org/show_bug.cgi?id=1330
Bug ID: 1330
Summary: Parse error for importing set with netmask
Product: nftables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: email at cs-ware.de
Create the following rules:
# nft add table inet filter
# nft add set inet filter blocklistssh4_8 { type ipv4_addr\; }
# nft add element inet filter blocklistssh4_8 { 1.1.1.1 }
# nft add chain inet filter blocklistssh
# nft add inet filter blocklistssh ip saddr \& 255.0.0.0 @blocklistssh4_8
counter drop
Pipe into file:
# nft list ruleset > rules.nftables
Flush ruleset:
# nft flush ruleset
Try to reimport rules:
# nft -f rules.nftables
rules.nftables:8:26-43: Error: Set 'blocklistssh4_8/8' does not exist
ip saddr @blocklistssh4_8/8 counter packets 0 bytes 0 drop
^^^^^^^^^^^^^^^^^^
Context:
# nft --version
nftables v0.9.0 (Fearless Fosdick)
# cat /proc/version
Linux version 4.9.0-8-amd64 (debian-kernel at lists.debian.org) (gcc version
6.3.0
20170516 (Debian 6.3.0-18+deb9u1) ) #1 SMP Debian 4.9.144-3.1 (2019-02-19)
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190330/60fc7e7d/attachment.html>
bugzilla-daemon at netfilter.org
2020-Aug-29 00:18 UTC
[Bug 1330] Parse error for importing set with netmask
https://bugzilla.netfilter.org/show_bug.cgi?id=1330
kfm at plushkava.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |1461
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200829/ea8eb7a3/attachment.html>
bugzilla-daemon at netfilter.org
2020-Aug-29 00:54 UTC
[Bug 1330] Parse error for importing set with netmask
https://bugzilla.netfilter.org/show_bug.cgi?id=1330
kfm at plushkava.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kfm at plushkava.net
--- Comment #1 from kfm at plushkava.net ---
I can reproduce this in nftables-0.9.6 with kernel 5.7.19. I cannot reproduce
it with nftables commit c156232. That is, the chain name is listed correctly in
the latter case.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200829/76f6bcd8/attachment.html>
bugzilla-daemon at netfilter.org
2020-Aug-29 01:10 UTC
[Bug 1330] Parse error for importing set with netmask
https://bugzilla.netfilter.org/show_bug.cgi?id=1330 --- Comment #2 from kfm at plushkava.net --- Excuse me, I meant the set name rather than the chain name. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200829/743297b2/attachment-0001.html>
bugzilla-daemon at netfilter.org
2020-Aug-29 10:10 UTC
[Bug 1330] Parse error for importing set with netmask
https://bugzilla.netfilter.org/show_bug.cgi?id=1330
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #3 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Upstreaming commit:
commit 7c9bef0c03120dd8febd33e213ef2cf5626f9262
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Wed Jul 29 19:40:02 2020 +0200
netlink_delinearize: transform binary operation to prefix only with values
Closing.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200829/b75a8047/attachment.html>
Possibly Parallel Threads
- [Bug 1461] New: [TRACKER] Issues concerning sets, maps and meters
- [Bug 1438] New: nft generates wrong intervals for sets with auto-merge
- [Bug 1197] New: 255.255.255.255 is transformed into 255.255.255.255-255.255.255.255
- [Bug 1180] New: Can't create a set with both timeout and interval flags at the same time
- [Bug 1392] New: nft stalls on EGAIN upon repeatedly flushing and populating a set