bugzilla-daemon at netfilter.org
2020-Apr-08 06:56 UTC
[Bug 1417] New: mapping to adjacent ranges is causing error in kernel 5.6, kernel 5.5 works fine
https://bugzilla.netfilter.org/show_bug.cgi?id=1417
Bug ID: 1417
Summary: mapping to adjacent ranges is causing error in kernel
5.6, kernel 5.5 works fine
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: critical
Priority: P5
Component: kernel
Assignee: pablo at netfilter.org
Reporter: karel at unitednetworks.cz
Created attachment 588
--> https://bugzilla.netfilter.org/attachment.cgi?id=588&action=edit
example of adjacent ranges causing error
After upgrading kernel from 5.5 to 5.6.2 our ruleset which includes mapping
packet sizes to counters fails to load. Problem is in adjacent ranges:
This fails (with File exists message):
counter name ip length map { 0-100 : "c1", 101-200 : "c2" }
After increasing start of second range by one it loads ok:
counter name ip length map { 0-100 : "c1", 102-200 : "c2" }
See attached examples.
Probably same bug as:
https://bugzilla.netfilter.org/show_bug.cgi?id=1415
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200408/89ab3525/attachment.html>
bugzilla-daemon at netfilter.org
2020-Apr-08 06:58 UTC
[Bug 1417] mapping to adjacent ranges is causing error in kernel 5.6, kernel 5.5 works fine
https://bugzilla.netfilter.org/show_bug.cgi?id=1417 --- Comment #1 from Karel Rericha <karel at unitednetworks.cz> --- Created attachment 589 --> https://bugzilla.netfilter.org/attachment.cgi?id=589&action=edit example of non adjacent ranges not causing error -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200408/8e598523/attachment.html>
bugzilla-daemon at netfilter.org
2020-Apr-08 09:44 UTC
[Bug 1417] mapping to adjacent ranges is causing error in kernel 5.6, kernel 5.5 works fine
https://bugzilla.netfilter.org/show_bug.cgi?id=1417
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #2 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Please, give a test to this patch:
https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git/commit/?id=72239f2795fab9a58633bd0399698ff7581534a3
Thanks.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200408/db79901c/attachment.html>
bugzilla-daemon at netfilter.org
2020-Apr-08 15:19 UTC
[Bug 1417] mapping to adjacent ranges is causing error in kernel 5.6, kernel 5.5 works fine
https://bugzilla.netfilter.org/show_bug.cgi?id=1417 --- Comment #3 from Karel Rericha <karel at unitednetworks.cz> --- I can confirm that after applying this patch to kernel 5.6.2 mapping to adjacent ranges works again. Thanks Pablo. Should I close this bug or lets wait until 5.6 branch will be patched? -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200408/67399f59/attachment.html>
bugzilla-daemon at netfilter.org
2020-Apr-15 21:14 UTC
[Bug 1417] mapping to adjacent ranges is causing error in kernel 5.6, kernel 5.5 works fine
https://bugzilla.netfilter.org/show_bug.cgi?id=1417 --- Comment #4 from Pablo Neira Ayuso <pablo at netfilter.org> --- (In reply to Karel Rericha from comment #3)> I can confirm that after applying this patch to kernel 5.6.2 mapping to > adjacent ranges works again. > > Thanks Pablo. > > Should I close this bug or lets wait until 5.6 branch will be patched?I'd prefer if you close it once this is fixed in -stable kernels and specify since what -stable kernel this is fixed. Thanks! -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200415/bddd7172/attachment.html>
bugzilla-daemon at netfilter.org
2020-Apr-23 13:48 UTC
[Bug 1417] mapping to adjacent ranges is causing error in kernel 5.6, kernel 5.5 works fine
https://bugzilla.netfilter.org/show_bug.cgi?id=1417
Karel Rericha <karel at unitednetworks.cz> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #5 from Karel Rericha <karel at unitednetworks.cz> ---
netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on
insertion
landed in kernel 5.6.7, closing as RESOLVED/FIXED now.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200423/3eae3fe9/attachment.html>
Apparently Analagous Threads
- [Bug 1185] New: counter flag proposal for sets and maps
- [Bug 1382] New: nftables.py cmd leaking memory when ruleset contain mapping ip length to range with high limit 65535
- [Bug 1127] New: running nft command creates lag for forwarded packets
- [Bug 1386] New: nftables.py cmd doesn't read updated counter values after first read
- [Bug 1184] New: disable implicit concatenating of elements of sets with flag interval