bugzilla-daemon at netfilter.org
2019-Dec-31 11:33 UTC
[Bug 1393] New: iptables-nft -S hangs if not run as root
https://bugzilla.netfilter.org/show_bug.cgi?id=1393
Bug ID: 1393
Summary: iptables-nft -S hangs if not run as root
Product: nftables
Version: unspecified
Hardware: x86_64
OS: other
Status: NEW
Severity: normal
Priority: P5
Component: iptables over nftable
Assignee: pablo at netfilter.org
Reporter: kfm at plushkava.net
Created attachment 581
--> https://bugzilla.netfilter.org/attachment.cgi?id=581&action=edit
iptables-nft-trace.txt.xz
As per the summary. The steps to reproduce here are to initialize a ruleset:
printf '%s\n' '*filter' :{INPUT,FORWARD,OUTPUT}' ACCEPT
[0:0]' COMMIT |
iptables-nft-restore
Then, to run the following under an ordinary user account:
timeout 5 strace -o iptables-nft-trace.txt iptables-nft -S
In my case, iptables-nft never exits. That is why I have used GNU timeout to
constrain the execution time and the size of the trace, which would otherwise
grow to enormous proportions.
The machine in question is running Arch Linux, with the following components:
Linux 5.4.6
glibc-2.30
iptables-nft-1.8.3
libnfnetlink-1.0.1
libnetfilter_conntrack-1.0.7
libnfntl-1.1.5
nftables-0.9.3
The trace is attached.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191231/27d71c21/attachment.html>
bugzilla-daemon at netfilter.org
2019-Dec-31 11:35 UTC
[Bug 1393] iptables-nft -S hangs if not run as root
https://bugzilla.netfilter.org/show_bug.cgi?id=1393 --- Comment #1 from kfm at plushkava.net --- I just realised that I hadn't tested iptables-1.8.4 so this might be INVALID. Will test now. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191231/cc85a638/attachment.html>
bugzilla-daemon at netfilter.org
2019-Dec-31 11:43 UTC
[Bug 1393] iptables-nft -S hangs if not run as root
https://bugzilla.netfilter.org/show_bug.cgi?id=1393
kfm at plushkava.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WORKSFORME
Status|NEW |RESOLVED
--- Comment #2 from kfm at plushkava.net ---
Florian already covered this one. Apologies, and closing.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191231/266beafe/attachment.html>
Possibly Parallel Threads
- [Bug 1392] New: nft stalls on EGAIN upon repeatedly flushing and populating a set
- [Bug 1326] New: `nft list' is very slow when output contains meters that has lots of elements
- [Bug 1361] New: nft segfault on overlapping intervals
- [Bug 1383] New: When using include, nft shows the wrong file name in errors
- [Bug 1363] New: nft: invalid octals silently parsed as zero