search for: libmnl0

...targetip Note that the counters in the filter table for concatenations with "ct status" do not increase, whereas the other counters increase. Versions: Debian 10, armhf (Raspberry Pi OS), with backports Linux myhostname 5.4.72-v7l+ #1356 SMP Thu Oct 22 13:57:51 BST 2020 armv7l GNU/Linux libmnl0 1.0.4-2 libnetfilter-conntrack3 1.0.7-1 libnftnl11 1.1.7-1~bpo10+1 libnftables1 0.9.6-1~bpo10+1 nftables 0.9.6-1~bpo10+1 Ruleset: $ nft list ruleset table inet filter { chain input { type filter hook input priority filter; policy accept; ct state established...

...nter accept ip saddr 10.xx.0.0/16 ip daddr 10.0.0.0/8 ip protocol tcp ct state invalid,new counter reject } } -----snip----- The vpn server (debian jessie with bpo) uses these: linux-image 4.6.4-1~bpo8+1 (also 4.5.5-1) nftables 0.6-1~bpo8+1 libnftnl4 1.0.6-1~bpo8+1 libmnl0 1.0.3-5 The ruleset is loaded without problem before we begin to transit vpn links. After we transit all links, we want to update the ruleset to add a new open IP. But loading the modified ruleset causes this machine hard lockup immediately. Then we had to revert the high load vpn link to...