bugzilla-daemon at netfilter.org
2019-Dec-04 16:44 UTC
[Bug 1386] New: nftables.py cmd doesn't read updated counter values after first read
https://bugzilla.netfilter.org/show_bug.cgi?id=1386
Bug ID: 1386
Summary: nftables.py cmd doesn't read updated counter values
after first read
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Gentoo
Status: NEW
Severity: major
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: karel at unitednetworks.cz
Created attachment 577
--> https://bugzilla.netfilter.org/attachment.cgi?id=577&action=edit
example of nftables.py not reading updated counter state
System:
Gentoo 5.4.1 x86_64
nft up to date from GIT as of 4.12.2019
CPython 3.6.9
Overview:
nft commands which read named counters actually read counter values only first
time, subsequent reads returns values from first read.
Detailed info:
Consider this ruleset:
add table ip table1
add counter ip table1 counter1
add chain ip table1 chain1 { type filter hook input priority 0; }
add rule ip table1 chain1 counter name counter1
Then ping several times localhost, after that call nftables.py cmd:
list counter table1 counter1
and you will see some packets added to this counter. Ping localhost several
times again and call nftables.py cmd again:
list counter table1 counter1
and you will see same counter values as in first call without adding some
packets from second pinging. But when running nft from shell:
nft list counter table1 counter1
the values returned will be different from second call through nftables.py cmd
and will account packets from second pinging.
See attached example.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191204/b2e08fb8/attachment.html>
bugzilla-daemon at netfilter.org
2020-Jan-31 14:58 UTC
[Bug 1386] nftables.py cmd doesn't read updated counter values after first read
https://bugzilla.netfilter.org/show_bug.cgi?id=1386
Karel Rericha <karel at unitednetworks.cz> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #577 is|0 |1
obsolete| |
--- Comment #1 from Karel Rericha <karel at unitednetworks.cz> ---
Created attachment 585
--> https://bugzilla.netfilter.org/attachment.cgi?id=585&action=edit
example of nftables.py not reading updated counter state, v2
Bug still present on
Gentoo x86_64 kernel 5.4.14 x86_64
nftables from GIT as of 31.1.2020
Posted improved example.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200131/16ce6ddb/attachment.html>
bugzilla-daemon at netfilter.org
2020-Aug-07 09:53 UTC
[Bug 1386] nftables.py cmd doesn't read updated counter values after first read
https://bugzilla.netfilter.org/show_bug.cgi?id=1386
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #2 from Pablo Neira Ayuso <pablo at netfilter.org> ---
https://patchwork.ozlabs.org/project/netfilter-devel/patch/20200806112139.1977-1-pablo
at netfilter.org/
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200807/4049eae5/attachment.html>
bugzilla-daemon at netfilter.org
2020-Aug-11 16:19 UTC
[Bug 1386] nftables.py cmd doesn't read updated counter values after first read
https://bugzilla.netfilter.org/show_bug.cgi?id=1386 --- Comment #3 from Karel Rericha <karel at unitednetworks.cz> --- I can confirm that after applying Pablo's patch reading updated counters works, bug is fixed. Thanks a lot again Pablo! And again I will close this after patch will land in nftables git. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200811/00faadae/attachment.html>
bugzilla-daemon at netfilter.org
2020-Aug-14 05:21 UTC
[Bug 1386] nftables.py cmd doesn't read updated counter values after first read
https://bugzilla.netfilter.org/show_bug.cgi?id=1386
Karel Rericha <karel at unitednetworks.cz> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200814/c7c68b40/attachment.html>
Apparently Analagous Threads
- [Bug 1382] New: nftables.py cmd leaking memory when ruleset contain mapping ip length to range with high limit 65535
- [Bug 1185] New: counter flag proposal for sets and maps
- [Bug 1417] New: mapping to adjacent ranges is causing error in kernel 5.6, kernel 5.5 works fine
- [Bug 1127] New: running nft command creates lag for forwarded packets
- [Bug 1184] New: disable implicit concatenating of elements of sets with flag interval