bugzilla-daemon at netfilter.org
2017-Feb-09 11:12 UTC
[Bug 1120] New: nf_tables_check_loops error on adding element to vmap
https://bugzilla.netfilter.org/show_bug.cgi?id=1120
Bug ID: 1120
Summary: nf_tables_check_loops error on adding element to vmap
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Ubuntu
Status: NEW
Severity: trivial
Priority: P5
Component: kernel
Assignee: pablo at netfilter.org
Reporter: c.marquis at viapass.com
Created attachment 493
--> https://bugzilla.netfilter.org/attachment.cgi?id=493&action=edit
Kernel Logs
Dear NetFilter team,
I'm facing an strange issue, and I had no idea where to put the information
so
I came here
I've a simple configuration, like this :
table ip filter {
map ok {
type mark : verdict
elements = { 0x00000001 : jump group_1, 0x00000002 : jump
group_2}
}
chain group_1 {
limit rate 100 kbytes/second counter accept
counter drop
}
chain group_2 {
limit rate 200 kbytes/second counter accept
counter drop
}
chain group_3 {
limit rate 300 kbytes/second counter accept
counter drop
}
chain forward {
type filter hook forward priority 0; policy accept;
counter
ct mark vmap @ok
}
}
(loaded by nft -f)
As you can see the map "ok" is already and perfectly populated with a
few
values, working just fine
now if I add a new element after that, with:
-> nft add element filter ok {3: jump group_3}
Then the kernel crash occurs, I'm attaching the logs here
Any information on this would be greatly appreciated
Thanks in advance, and really nice job around this new nftables flexibility,
King Regards,
Cedric
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170209/980c1981/attachment.html>
bugzilla-daemon at netfilter.org
2017-Feb-09 11:23 UTC
[Bug 1120] nf_tables_check_loops error on adding element to vmap
https://bugzilla.netfilter.org/show_bug.cgi?id=1120
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
kernel and userspace tooling version, please? Thanks.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170209/6a92ee61/attachment.html>
bugzilla-daemon at netfilter.org
2017-Feb-09 11:33 UTC
[Bug 1120] nf_tables_check_loops error on adding element to vmap
https://bugzilla.netfilter.org/show_bug.cgi?id=1120 --- Comment #2 from c.marquis at viapass.com --- Kernel: 4.8.0-37-generic from Ubuntu yakkety repo (dist-upgraded this morning) nft v0.7 freshly built from git -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170209/b7c077cd/attachment.html>
bugzilla-daemon at netfilter.org
2017-Feb-09 11:48 UTC
[Bug 1120] nf_tables_check_loops error on adding element to vmap
https://bugzilla.netfilter.org/show_bug.cgi?id=1120
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #3 from Pablo Neira Ayuso <pablo at netfilter.org> ---
commit 58c78e104d937c1f560fb10ed9bb2dcde0db4fcf
Author: Liping Zhang <zlpnobody at gmail.com>
Date: Sun Nov 6 14:40:01 2016 +0800
netfilter: nf_tables: fix oops when inserting an element into a verdict map
This patch fixes the problem.
kernel 4.8 is not maintained anymore, see kernel.org
So I cannot pass back this patch to -stable/-longterm.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170209/beee03e3/attachment.html>
bugzilla-daemon at netfilter.org
2017-Feb-09 14:15 UTC
[Bug 1120] nf_tables_check_loops error on adding element to vmap
https://bugzilla.netfilter.org/show_bug.cgi?id=1120 --- Comment #4 from c.marquis at viapass.com --- Ha yes indeed, i then search specifically for this line of code in the kernel sources, found out the 4.9 has it, and tried it right now, it's working! Thanks again for having pointed it out! -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170209/324efefa/attachment.html>