netfilter buglog - Mar 2020 - [Bug 1413] New: Inconsistent EBUSY errors when adding a duplicate element to a map

https://bugzilla.netfilter.org/show_bug.cgi?id=1413

            Bug ID: 1413
           Summary: Inconsistent EBUSY errors when adding a duplicate
                    element to a map
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: Debian GNU/Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: kernel
          Assignee: pablo at netfilter.org
          Reporter: anton.aksola at upcloud.com

OS: Debian GNU/Linux 10 (Buster)
Kernel: 4.19.0-8-amd64

This works every time:
# nft -f - << EOF
flush ruleset
add table ip filter
add chain ip filter forward { type filter hook forward priority 0; policy
accept; }
add map ip filter foo { type ifname : verdict; }
add rule ip filter forward iifname vmap @foo
add element ip filter foo { "dummy0" : accept }
add element ip filter foo { "dummy0" : accept }
EOF

While these do not:
# nft -f - << EOF
flush ruleset
add table ip filter
add chain ip filter forward { type filter hook forward priority 0; policy
accept; }
add map ip filter foo { type ifname : verdict; }
add rule ip filter forward iifname vmap @foo
add element ip filter foo { "dummy0" : accept }
add element ip filter foo { "dummy0" : drop }
EOF
/dev/stdin:7:1-42: Error: Could not process rule: Device or resource busy
add element ip filter foo { "dummy0" : drop }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

# nft -f - << EOF
flush ruleset
add table ip filter
add chain ip filter forward { type filter hook forward priority 0; policy
accept; }
add map ip filter foo { type ifname : verdict; }
add rule ip filter forward iifname vmap @foo
add element ip filter foo { "dummy0" : accept }
add set ip filter prefixset { type ipv4_addr; flags interval; }
add element ip filter foo { "dummy0" : accept }
EOF
/dev/stdin:8:1-44: Error: Could not process rule: Device or resource busy
add element ip filter foo { "dummy0" : accept }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

I couldn't find any references how maps should behave when adding a
duplicate
element. In any case a consistent behaviour would be desirable.

Looking at the strace output this error seems to come from the kernel so filing
this under it.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200312/2addd01d/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1413

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED

--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
EEXIST here would be better, right?

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200415/f65fee97/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1413

--- Comment #2 from Pablo Neira Ayuso <pablo at netfilter.org> ---
This now reports EEXIST:

Upstream kernel patch.

commit 77a92189ecfd061616ad531d386639aab7baaad9
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Sun Aug 2 03:05:25 2020 +0200

    netfilter: nf_tables: report EEXIST on overlaps

Closing.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20201020/58a42cd9/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1413

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|ASSIGNED                    |RESOLVED

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20201020/d8d983c7/attachment.html>