bugzilla-daemon at netfilter.org
2019-Dec-31 11:33 UTC
[Bug 1393] New: iptables-nft -S hangs if not run as root
https://bugzilla.netfilter.org/show_bug.cgi?id=1393 Bug ID: 1393 Summary: iptables-nft -S hangs if not run as root Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: normal Priority: P5 Component: iptables over nftable Assignee: pablo at netfilter.org Reporter: kfm at plushkava.net Created attachment 581 --> https://bugzilla.netfilter.org/attachment.cgi?id=581&action=edit iptables-nft-trace.txt.xz As per the summary. The steps to reproduce here are to initialize a ruleset: printf '%s\n' '*filter' :{INPUT,FORWARD,OUTPUT}' ACCEPT [0:0]' COMMIT | iptables-nft-restore Then, to run the following under an ordinary user account: timeout 5 strace -o iptables-nft-trace.txt iptables-nft -S In my case, iptables-nft never exits. That is why I have used GNU timeout to constrain the execution time and the size of the trace, which would otherwise grow to enormous proportions. The machine in question is running Arch Linux, with the following components: Linux 5.4.6 glibc-2.30 iptables-nft-1.8.3 libnfnetlink-1.0.1 libnetfilter_conntrack-1.0.7 libnfntl-1.1.5 nftables-0.9.3 The trace is attached. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191231/27d71c21/attachment.html>
bugzilla-daemon at netfilter.org
2019-Dec-31 11:35 UTC
[Bug 1393] iptables-nft -S hangs if not run as root
https://bugzilla.netfilter.org/show_bug.cgi?id=1393 --- Comment #1 from kfm at plushkava.net --- I just realised that I hadn't tested iptables-1.8.4 so this might be INVALID. Will test now. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191231/cc85a638/attachment.html>
bugzilla-daemon at netfilter.org
2019-Dec-31 11:43 UTC
[Bug 1393] iptables-nft -S hangs if not run as root
https://bugzilla.netfilter.org/show_bug.cgi?id=1393 kfm at plushkava.net changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WORKSFORME Status|NEW |RESOLVED --- Comment #2 from kfm at plushkava.net --- Florian already covered this one. Apologies, and closing. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191231/266beafe/attachment.html>
Reasonably Related Threads
- [Bug 1392] New: nft stalls on EGAIN upon repeatedly flushing and populating a set
- [Bug 1326] New: `nft list' is very slow when output contains meters that has lots of elements
- [Bug 1361] New: nft segfault on overlapping intervals
- [Bug 1383] New: When using include, nft shows the wrong file name in errors
- [Bug 1363] New: nft: invalid octals silently parsed as zero