bugzilla-daemon at netfilter.org
2024-Jan-21 19:45 UTC
[Bug 1732] New: nft list chain does not return correct info on RHEL 8
https://bugzilla.netfilter.org/show_bug.cgi?id=1732
Bug ID: 1732
Summary: nft list chain does not return correct info on RHEL 8
Product: nftables
Version: 1.0.x
Hardware: x86_64
OS: RedHat Linux
Status: NEW
Severity: blocker
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: herecomeswaynebao0811 at gmail.com
I am seeing a bug using nft on RHEL 8, basically sometimes `nft list
chain` does not return info at all. This is blocking me from using nft further.
Here are the steps to reproduce
it:
nft add table ip filter
nft add chain ip filter forward { type filter hook forward priority 0;
policy accept; }
nft add chain ip filter input { type filter hook forward priority 0;
policy accept; }
nft add chain ip filter grp_test
nft add rule ip filter grp_test ip daddr == 10.1.2.0/24 tcp dport
100-123 counter accept
# now if I `nft list chain ip filter grp_test` it returns the rule
nft add chain ip filter tester
nft add rule ip filter tester counter jump grp_test
# now if I `nft list chain ip filter grp_test` or `nft list chain ip
filter tester`, none of them return info
nft delete rule ip filter grp_test handle 4
# now if I `nft list chain ip filter grp_test` or `nft list chain ip
filter tester`, they return as expected
I am running these on RHEL 8 and these are the version info
=================================================================================================================
Package Architecture Version
Repository Size
=================================================================================================================Installing:
python3-nftables x86_64 1:1.0.4-3.el8_9
rhel-8-for-x86_64-baseos-rpms 31 k
Installing dependencies:
iptables-libs x86_64 1.8.5-10.el8_9
rhel-8-for-x86_64-baseos-rpms 103 k
jansson x86_64 2.14-1.el8
rhel-8-for-x86_64-baseos-rpms 47 k
libnftnl x86_64 1.2.2-3.el8
rhel-8-for-x86_64-baseos-rpms 87 k
nftables x86_64 1:1.0.4-3.el8_9
rhel-8-for-x86_64-baseos-rpms 380 k
Transaction Summary
=================================================================================================================Install
5 Packages
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240121/7d8d77fd/attachment.html>
bugzilla-daemon at netfilter.org
2024-Jan-29 15:33 UTC
[Bug 1732] nft list chain does not return correct info on RHEL 8
https://bugzilla.netfilter.org/show_bug.cgi?id=1732 --- Comment #1 from herecomeswaynebao0811 at gmail.com --- I see the bug appearing on docker using linux 3.18.0, but not seeing it when I use linux 4.18.0. So this is not blocking me now. I do not see a "withdraw" option on the page, but feel free to skip this. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240129/415a494a/attachment.html>
bugzilla-daemon at netfilter.org
2024-Jan-29 15:33 UTC
[Bug 1732] nft list chain does not return correct info on RHEL 8
https://bugzilla.netfilter.org/show_bug.cgi?id=1732
herecomeswaynebao0811 at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|blocker |minor
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240129/7975a96c/attachment.html>
bugzilla-daemon at netfilter.org
2024-Jan-31 13:28 UTC
[Bug 1732] nft list chain does not return correct info on RHEL 8
https://bugzilla.netfilter.org/show_bug.cgi?id=1732
Phil Sutter <phil at nwl.cc> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |phil at nwl.cc
Resolution|--- |INVALID
--- Comment #2 from Phil Sutter <phil at nwl.cc> ---
You should report downstream issues with respective downstream vendors, not
here unless you are able to reproduce the problem with a vanilla nftables and
kernel from upstream.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240131/32910172/attachment.html>
Maybe Matching Threads
- [Bug 1734] New: nft set with auto-merge json import/export
- [Bug 1733] New: prefix len in a set of ips is wrong in a rule
- [Bug 1281] New: Using kernel 4.18.10, nft commandline tool or nft -f can't parse negative priority values over -200.
- [Bug 1391] New: iptables-nft-restore --test can segfault
- [Bug 1074] New: nft-0.{5, 6}: configure.ac: Replace automagic dblatex dependency with configure switch