bugzilla-daemon at netfilter.org
2017-Aug-23 22:46 UTC
[Bug 1178] New: Provide better error messaging when a rule can't be executed in its context
https://bugzilla.netfilter.org/show_bug.cgi?id=1178 Bug ID: 1178 Summary: Provide better error messaging when a rule can't be executed in its context Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: netfilter at allycomm.com Observed Behavior: ================= nftables.conf:3:1-14: Error: Could not process rule: Operation not supported flush ruleset ^^^^^^^^^^^^^^ (when a chain with an snat expression was placed into a prerouting-hook chain through a copy-paste error in chain creation) Expected Behavior: ================= The error message would point to the line in the file that contained the unsupported operation. To Replicate: ============ $ cat nftables.conf #!/usr/sbin/nft -f flush ruleset table ip nat4 { chain nat_rules_postrouting_ipv4 { type nat hook prerouting priority 125 snat 203.0.113.1 # RFC 5737 doc net return } } -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170823/b8bafb8a/attachment.html>
bugzilla-daemon at netfilter.org
2017-Aug-23 22:47 UTC
[Bug 1178] Provide better error messaging when a rule can't be executed in its context
https://bugzilla.netfilter.org/show_bug.cgi?id=1178 --- Comment #1 from Jeff Kletsky <netfilter at allycomm.com> --- If the references to the original file have already been lost at the time the error is identified, provide a clear reference in the decompiled "code" -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170823/95465a66/attachment.html>
bugzilla-daemon at netfilter.org
2017-Oct-02 12:31 UTC
[Bug 1178] Provide better error messaging when a rule can't be executed in its context
https://bugzilla.netfilter.org/show_bug.cgi?id=1178 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #2 from Pablo Neira Ayuso <pablo at netfilter.org> --- Fixed upstream. # nft -f m m:10:10-25: Error: Could not process rule: Operation not supported snat 203.0.113.1 # RFC 5737 doc net ^^^^^^^^^^^^^^^^ -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171002/3a6edf0b/attachment.html>
bugzilla-daemon at netfilter.org
2017-Oct-02 12:49 UTC
[Bug 1178] Provide better error messaging when a rule can't be executed in its context
https://bugzilla.netfilter.org/show_bug.cgi?id=1178 --- Comment #3 from Pablo Neira Ayuso <pablo at netfilter.org> --- Just for the record, this bug just got reintroduced accidentally via: http://git.netfilter.org/nftables/commit/?id=438235af5453d34fb056e7230d5a5ad827e61c0d I asked Varsha Rao to add a shell test so we catch regressions in this front moving forward. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171002/f6318e10/attachment.html>
bugzilla-daemon at netfilter.org
2017-Oct-05 23:22 UTC
[Bug 1178] Provide better error messaging when a rule can't be executed in its context
https://bugzilla.netfilter.org/show_bug.cgi?id=1178 --- Comment #4 from Jeff Kletsky <netfilter at allycomm.com> --- Would you be able to point me to a revision in which this is fixed? I've tried the commit referenced below and am still running into errors that are apparently reported in the wrong file. commit 438235af5453d34fb056e7230d5a5ad827e61c0d (HEAD, tag: error-reporting) Author: Pablo Neira Ayuso <pablo at netfilter.org> Date: Mon Oct 2 14:19:15 2017 +0200 mnl: fix broken sequence number allocation Wrong arithmetics with pointer. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1178 Fixes: 0d9d04c31481 ("src: make netlink sequence number non-static") Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org> -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171005/c2caddad/attachment.html>
bugzilla-daemon at netfilter.org
2017-Oct-06 12:28 UTC
[Bug 1178] Provide better error messaging when a rule can't be executed in its context
https://bugzilla.netfilter.org/show_bug.cgi?id=1178 --- Comment #5 from Pablo Neira Ayuso <pablo at netfilter.org> --- (In reply to Jeff Kletsky from comment #4)> Would you be able to point me to a revision in which this is fixed?You can git clone or fetch a snapshot to test, is that what you mean? ftp://ftp.netfilter.org/pub/nftables/snapshot/nftables-20171006.tar.bz2> I've tried the commit referenced below and am still running into errors that > are apparently reported in the wrong file.Are you using a different ruleset to test? Probably it's a different problem. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171006/27c55713/attachment.html>
Seemingly Similar Threads
- [Bug 1216] New: Error messaging for "interval overlaps with previous one" misidentifies location
- [Bug 1188] New: nft fails to parse own output; unable to save-restore active state
- [Bug 1174] New: 'define' functionality not sufficient for maintaining sets and the like
- [Bug 1176] New: Invalid identifiers produce unhelpful error messages
- [Bug 1184] New: disable implicit concatenating of elements of sets with flag interval