bugzilla-daemon at netfilter.org
2018-Jan-20 17:38 UTC
[Bug 1216] New: Error messaging for "interval overlaps with previous one" misidentifies location
https://bugzilla.netfilter.org/show_bug.cgi?id=1216
Bug ID: 1216
Summary: Error messaging for "interval overlaps with previous
one" misidentifies location
Product: nftables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: netfilter at allycomm.com
At least when "include" is employed, the error message returned when
"interval
overlaps with previous one" can fail to properly identify the file/line of
the
source of the overlap.
Noted on nftables master branch after
commit 0b3ccd27e12d1df442aa3eac40a2ccb63d6c6407
Author: Phil Sutter <phil at nwl.cc>
Date: Wed Jan 10 13:43:21 2018 +0100
including
commit 9afd72a883e391e366a1d75bb4e1705357e078e9
commit b4c7117ef552d0d71bde1db4a047b4c005699951
If a single include is used that contains the overlapping intervals, it appears
to report the proper file, line, and location
./blackhole_ipv6.nft:14:9-13: Error: interval overlaps with previous one
::/96, # IPv4-compatible address
^^^^^
If an include of "unrelated" content appears either before or after
the "bad"
include, the error message is incorrect.
With an include before the "bad" include:
In file included from nftables.conf:8:5-35:
./blackhole_ipv6.nft:45:9-23: Error: interval overlaps with previous one
^^^^^^^^^^^^^^^
With an include after the "bad" include
In file included from nftables.conf:10:5-34:
./defines_modem.nft:45:9-23: Error: interval overlaps with previous one
^^^^^^^^^^^^^^^
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180120/2cb84404/attachment.html>
bugzilla-daemon at netfilter.org
2018-Jan-20 17:46 UTC
[Bug 1216] Error messaging for "interval overlaps with previous one" misidentifies location
https://bugzilla.netfilter.org/show_bug.cgi?id=1216
--- Comment #1 from Jeff Kletsky <netfilter at allycomm.com> ---
Created attachment 520
--> https://bugzilla.netfilter.org/attachment.cgi?id=520&action=edit
nftables config with only a single include
Identifies the "bad" interval
./blackhole_ipv6.nft:14:9-13: Error: interval overlaps with previous one
::/96, # IPv4-compatible address
^^^^^
(overlaps ::1/128)
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180120/682653a5/attachment-0001.html>
bugzilla-daemon at netfilter.org
2018-Jan-20 17:48 UTC
[Bug 1216] Error messaging for "interval overlaps with previous one" misidentifies location
https://bugzilla.netfilter.org/show_bug.cgi?id=1216
--- Comment #2 from Jeff Kletsky <netfilter at allycomm.com> ---
Created attachment 521
--> https://bugzilla.netfilter.org/attachment.cgi?id=521&action=edit
nftables config with include before
Adding an include before causes the error file and location to change
In file included from nftables.conf:8:5-35:
./blackhole_ipv6.nft:45:9-23: Error: interval overlaps with previous one
^^^^^^^^^^^^^^^
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180120/4c387835/attachment.html>
bugzilla-daemon at netfilter.org
2018-Jan-20 17:50 UTC
[Bug 1216] Error messaging for "interval overlaps with previous one" misidentifies location
https://bugzilla.netfilter.org/show_bug.cgi?id=1216
--- Comment #3 from Jeff Kletsky <netfilter at allycomm.com> ---
Created attachment 522
--> https://bugzilla.netfilter.org/attachment.cgi?id=522&action=edit
nftables config with include after and befoe
Adding an include after "moves" the error message
In file included from nftables.conf:10:5-34:
./defines_modem.nft:45:9-23: Error: interval overlaps with previous one
^^^^^^^^^^^^^^^
The general behavior of the line/characters being identified as
":45:9-23:" has
been observed in many other situations
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180120/9b11f2c4/attachment.html>
bugzilla-daemon at netfilter.org
2018-Jan-20 23:52 UTC
[Bug 1216] Error messaging for "interval overlaps with previous one" misidentifies location
https://bugzilla.netfilter.org/show_bug.cgi?id=1216 --- Comment #4 from Jeff Kletsky <netfilter at allycomm.com> --- Created attachment 523 --> https://bugzilla.netfilter.org/attachment.cgi?id=523&action=edit Quick patch to print the conflicting interval bounds Not the prettiest output, but prints the left and right of the intervals in conflict I didn't immediately see IPv4/IPv6 pretty-print for mpz_t addresses, so the output is raw hex. Leading zeros not used for somewhat easier readability, at least for me. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180120/866c3d56/attachment.html>
bugzilla-daemon at netfilter.org
2018-Jan-20 23:55 UTC
[Bug 1216] Error messaging for "interval overlaps with previous one" misidentifies location
https://bugzilla.netfilter.org/show_bug.cgi?id=1216 --- Comment #5 from Jeff Kletsky <netfilter at allycomm.com> --- Note that gmp_fprintf, used in attachment 523, is not present in "mini-gmp" so nftables needs to be configured *without* --use-mini-gmp -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180120/81326c92/attachment.html>
bugzilla-daemon at netfilter.org
2018-Feb-02 00:01 UTC
[Bug 1216] Error messaging for "interval overlaps with previous one" misidentifies location
https://bugzilla.netfilter.org/show_bug.cgi?id=1216
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180202/972cb44a/attachment.html>
bugzilla-daemon at netfilter.org
2018-Sep-11 19:54 UTC
[Bug 1216] Error messaging for "interval overlaps with previous one" misidentifies location
https://bugzilla.netfilter.org/show_bug.cgi?id=1216
--- Comment #6 from Jeff Kletsky <netfilter at allycomm.com> ---
Still problems after v0.9.0 identifying the contest of a specific error. With
include statements, it appearsto report the error with a previously include-ed
file, rather than in the file in which the problem actually exists. While
painful at all times, this is especially troublesome at boot time when the
conditions of the system (such as interfaces not being created yet) cannot be
replicated during interactive use.
Recently observed with a build after v0.9.0
commit 0f44d4f62753535d39d95d83778348bee4e88053
Author: Florian Westphal <fw at strlen.de>
Date: Tue Sep 4 13:53:59 2018 +0200
jeff at apu3:/usr/local/etc/firewall$ sudo nft -c -f nftables.conf
In file included from ./accept_ipv6_link_local.nft:3:1-32:
from nftables.conf:92:5-43:
./defines_if_mgmt.nft:1:17-25: Error: Interface does not exist
# define if_mgmt = { enp2s0.102 }
^^^^^^^^^
It's still pointing to something in those columns, but certainly not an
interface. The error indicators pretty clearly aren't referring to that line
jeff at apu3:/usr/local/etc/firewall$ sudo nft -c -f nftables.conf
In file included from ./accept_ipv6_link_local.nft:3:1-32:
from nftables.conf:92:5-43:
./defines_if_mgmt.nft:1:17-25: Error: Interface does not exist
########################## define if_mgmt = { enp2s0.102 }
^^^^^^^^^
or completely removing the line and blank lines following
jeff at apu3:/usr/local/etc/firewall$ sudo nft -c -f nftables.conf
In file included from ./accept_ipv6_link_local.nft:3:1-32:
from nftables.conf:92:5-43:
./defines_if_mgmt.nft:1:17-25: Error: Interface does not exist
define if_mgmt_addrs_ipv4 = { 10.1.102.198 }
^^^^^^^^^
Very puzzling as well in that on the running (long past boot), nft -c -f
nftables.conf shows the error, yet ip link clearly shows that the interface
exists.
In file included from ./accept_ipv6_link_local.nft:3:1-32:
is misleading as well, as there are no include statements in that file.
cut -c 17-25 * | egrep ^[0-9a-z.]+$ | less
provided the clue as the string, which turned out to be in the file
defines_if_internal.nft, just before the one in which it was reported
defines_if_mgmt
include "./defines_if_external.nft"
include "./defines_if_internal.nft"
include "./defines_if_mgmt.nft
I haven't figured out why accept_ipv6_link_local.nft is mentioned, but it
looks
like the problems with error reporting context still haven't been resolved.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180911/0500b34a/attachment.html>
bugzilla-daemon at netfilter.org
2018-Sep-11 19:55 UTC
[Bug 1216] Error messaging misidentifies location; "include" involved
https://bugzilla.netfilter.org/show_bug.cgi?id=1216
Jeff Kletsky <netfilter at allycomm.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Error messaging for |Error messaging
|"interval overlaps with |misidentifies location;
|previous one" misidentifies |"include"
involved
|location |
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180911/4957866c/attachment.html>
bugzilla-daemon at netfilter.org
2019-Jul-12 10:23 UTC
[Bug 1216] Error messaging misidentifies location; "include" involved
https://bugzilla.netfilter.org/show_bug.cgi?id=1216 --- Comment #7 from Pablo Neira Ayuso <pablo at netfilter.org> --- This is fixed in nftables 0.9.1 thanks for reporting -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190712/a4335b5c/attachment.html>
bugzilla-daemon at netfilter.org
2019-Jul-18 10:32 UTC
[Bug 1216] Error messaging misidentifies location; "include" involved
https://bugzilla.netfilter.org/show_bug.cgi?id=1216
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190718/02cb38b9/attachment.html>
Possibly Parallel Threads
- [Bug 1188] New: nft fails to parse own output; unable to save-restore active state
- [Bug 1176] New: Invalid identifiers produce unhelpful error messages
- [Bug 1178] New: Provide better error messaging when a rule can't be executed in its context
- [Bug 1184] New: disable implicit concatenating of elements of sets with flag interval
- [Bug 1174] New: 'define' functionality not sufficient for maintaining sets and the like