bugzilla-daemon at netfilter.org
2020-Sep-27 18:11 UTC
[Bug 1474] New: [sets] improve context checks (against already primed sets)
https://bugzilla.netfilter.org/show_bug.cgi?id=1474
Bug ID: 1474
Summary: [sets] improve context checks (against already primed
sets)
Product: nftables
Version: unspecified
Hardware: arm
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: vtolkm at gmail.com
kernel 5.9.0-rc6 armv7l | nft 0.9.6
_____
With two config files, one being the main config and another one to be loaded
on a certain node condition after the main config being already in play. Both
however with rules that refer to the same named set that is being loaded
initially with the main config.
The set in question:
set t_u {
type inet_proto
flags constant
counter
size 2
elements = { 6, 17 }
}
Trying to prime the secondary conf with nft -f, not flushing the main conf, it
produces:
Error: No such file or directory
It seems that NFT is checking only within the context of the secondary conf but
not against the already primed (main) conf.
Copying the named set from main conf to the secondary conf however then
produces a clash with the already primed (main) conf:
Error: Could not process rule: Resource busy
It would make sense that NFT checks not only within the context of the conf
file but also against a conf that is already primed.
The way it is now one has to generate a (redundant) set named differently to
get it working with the secondary conf.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200927/8de97ff6/attachment.html>
bugzilla-daemon at netfilter.org
2020-Oct-15 18:24 UTC
[Bug 1474] [sets] improve context checks (against already primed sets)
https://bugzilla.netfilter.org/show_bug.cgi?id=1474
Marcos de Oliveira <markinholiveira at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
See Also| |https://bugzilla.netfilter.
| |org/show_bug.cgi?id=1305
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20201015/c42caf0e/attachment.html>
bugzilla-daemon at netfilter.org
2020-Dec-03 01:58 UTC
[Bug 1474] [sets] improve context checks (against already primed sets)
https://bugzilla.netfilter.org/show_bug.cgi?id=1474
kfm at plushkava.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kfm at plushkava.net
Blocks| |1461
--- Comment #1 from kfm at plushkava.net ---
Can you provide a test case that would for others to directly reproduce the
error?
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20201203/c5200d84/attachment.html>
Reasonably Related Threads
- [Bug 1305] New: Rules in second chain same hook ignored if first chain has policy drop
- [Bug 1471] New: consider quick accept verdict and delayed drop policy
- [Bug 1472] New: [sets] global named sets that can be utilised across families
- [Bug 1467] New: [sets] support adaptive (escalating) rule(s)
- [Bug 1466] New: [sets] add support for combination of counter and limit