search for: libnftabl

...er_bison: no need for 'name' token for meters include: refresh nf_tables.h cached copy build: Bump version to v0.8.1 Phil Sutter (19): netlink: Use nftnl_expr_fprintf() in netlink_dump_expr() main: Fix for wrong argument passed to cache_release in nft_ctx_free libnftables: Move library stuff out of main.c libnftables: Introduce nft_ctx_flush_cache() cli: Use nft_run_cmd_from_buffer() libnftables: Introduce getters and setters for everything libnftables: Get rid of explicit cache flushes libnftables: Flush iface cache after command exe...

https://bugzilla.netfilter.org/show_bug.cgi?id=1405 Bug ID: 1405 Summary: Possible a bug in n libnftables deserializer. [invalid type] Product: libnftnl Version: unspecified Hardware: All OS: All Status: NEW Severity: critical Priority: P5 Component: libnftnl Assignee: pablo at netfi...

https://bugzilla.netfilter.org/show_bug.cgi?id=1714 Bug ID: 1714 Summary: Stack smash: libnftables does not enforce string length limits for log prefixes Product: nftables Version: 1.0.x Hardware: x86_64 OS: RedHat Linux Status: NEW Severity: major Priority: P5 Component: nft...

...: not-omega Storage: /var/lib/systemd/coredump/core.nft.0.d7a30c4dec804cd08fbd79e513dfbc16.8941.1563943033000000.lz4 Message: Process 8941 (nft) of user 0 dumped core. Stack trace of thread 8941: #0 0x00007f1d5d9fb39b set_to_intervals (libnftables.so.1) #1 0x00007f1d5d9dcd2f n/a (libnftables.so.1) #2 0x00007f1d5d9df2c7 do_command (libnftables.so.1) #3 0x00007f1d5da02320 n/a (libnftables.so.1) #4 0x00007f1d5da02cdc nft_run_cmd_from_filename (libnftables.so.1...

...Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: anthonyryan1 at gmail.com It seems in 1.1.2, support for exporting json was removed. The commit messages reference better support in libnftables but nft 0.9.0 isn't taking advantage of that because `nft export vm json` is outputting broken json with a success code. I'd like to know what the current recommended approach for getting a future-proof representation of the current firewall state is? I've got a python application th...

Hi! The Netfilter project proudly presents: libnftnl 1.0.1 libnftnl is a userspace library providing a low-level netlink programming interface (API) to the in-kernel nf_tables subsystem. The library libnftnl has been previously known as libnftables. This library is currently used by the nft command line tool. This release comes with new features available in 3.14 and fixes. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/libnftnl/downloads.html ftp://ftp.netfil...

...0007ffff7f10255 in cmd_evaluate_add (ctx=0x7fffffffe970, cmd=0x555555593050) at evaluate.c:3496 #8 0x00007ffff7f1140d in cmd_evaluate (ctx=0x7fffffffe970, cmd=0x555555593050) at evaluate.c:3957 #9 0x00007ffff7f335a2 in nft_evaluate (nft=0x55555555ba20, msgs=0x7fffffffeb00, cmds=0x7fffffffeb10) at libnftables.c:396 #10 0x00007ffff7f339d8 in nft_run_cmd_from_filename (nft=0x55555555ba20, filename=0x7fffffffeea2 "/etc/nftables/nftables.conf") at libnftables.c:479 #11 0x00005555555567a2 in main (argc=3, argv=0x7fffffffec78) at main.c:310 (gdb) info r rdi rdi 0x555555562f40 9382...

...289 in do_command_list (ctx=0x7fff2a98d110, cmd=0x55637f6ec290) at rule.c:2527 #14 0x00007f30cec32bc4 in do_command (ctx=0x7fff2a98d110, cmd=0x55637f6ec290) at rule.c:2753 #15 0x00007f30cec6faf5 in nft_netlink (nft=0x55637f6e52a0, cmds=0x7fff2a98d1c0, msgs=0x7fff2a98d1b0, nf_sock=0x55637f6e5f30) at libnftables.c:42 #16 0x00007f30cec70c81 in nft_run_cmd_from_filename (nft=0x55637f6e52a0, filename=0x7fff2a98eb59 "a.nft") at libnftables.c:512 #17 0x000055637e892f41 in main (argc=4, argv=0x7fff2a98d348) at main.c:459 -- You are receiving this mail because: You are watching all bug changes. ----...

..../nftables/src/rule.c:2330 #8 0x00007fc1b9afef56 in do_command (ctx=0x7ffc919cdfe0, cmd=0x561fc75ec500) at ../../../nftables/src/rule.c:2572 #9 0x00007fc1b9b363e2 in nft_netlink (nft=0x561fc75eb2a0, cmds=0x7ffc919ce090, msgs=0x7ffc919ce080, nf_sock=0x561fc75ebc30) at ../../../nftables/src/libnftables.c:42 #10 0x00007fc1b9b3754a in nft_run_cmd_from_filename (nft=0x561fc75eb2a0, filename=0x7ffc919cecff "./nft.ruleset") at ../../../nftables/src/libnftables.c:508 #11 0x0000561fc5f6e70e in main (argc=4, argv=0x7ffc919ce1f8) at ../../../nftables/src/main.c:328 valgrind says it's...

...blo at netfilter.org ReportedBy: john at sager.me.uk Estimated Hours: 0.0 In returning set information, the kernel omits the FLAGS attribute if it is zero (nf_tables_fill_set() in nf_tables_api.c). Consequently, calls to nft_set_attr_get_u32() in netlink.c fail because that routine (in libnftables) dereferences a null pointer returned by nft_set_attr_get(). I fixed it in nft by calling nft_set_attr_is_set() to test for the attribute's existence. It could also be fixed in the kernel by unconditionally sending the FLAGS attribute even if it is zero. Also it might be worth putting some mo...

...dcab0, excl=excl at entry=false) at rule.c:1054 #7 0x00005600a1c967a7 in do_command (ctx=ctx at entry=0x7fff364093e0, cmd=cmd at entry=0x5600a2fdcab0) at rule.c:1805 #8 0x00005600a1c810e5 in nft_netlink (nf_sock=0x5600a2fdbb50, msgs=0x7fff36409490, state=0x7fff364094a0, nft=0x5600a2fdba20) at libnftables.c:47 #9 nft_run (nft=nft at entry=0x5600a2fdba20, nf_sock=0x5600a2fdbb50, scanner=scanner at entry=0x5600a2fdbb90, state=state at entry=0x7fff364094a0, msgs=msgs at entry=0x7fff36409490) at libnftables.c:95 #10 0x00005600a1c817dc in nft_run_cmd_from_filename (nft=0x5600a2fdba20, filename=0x...

Hi! The Netfilter project proudly presents: libnftnl 1.1.4 libnftnl is a userspace library providing a low-level netlink programming interface (API) to the in-kernel nf_tables subsystem. The library libnftnl has been previously known as libnftables. This library is currently used by nftables. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/libnftnl/downloads.html ftp://ftp.netfilter.org/pub/libnftnl/ Happy firewalling. -------------- next part -------------- B...

Hi! The Netfilter project proudly presents: libnftnl 1.0.4 libnftnl is a userspace library providing a low-level netlink programming interface (API) to the in-kernel nf_tables subsystem. The library libnftnl has been previously known as libnftables. This library is currently used by the nft command line tool. This release comes with new features available up to 4.2, see ChangeLog for more details. In this release, we have renamed most of the library symbols to use the nftnl_ prefix while keeping aliases to the old ones. We would like to r...

...k (ctx=ctx at entry=0x7fffffffdf70, err_list=err_list at entry=0x7fffffffdf60, num_cmds=num_cmds at entry=161) at mnl.c:433 #18 0x000055555556b6c5 in nft_netlink (nft=nft at entry=0x55555560c2a0, cmds=cmds at entry=0x7fffffffe010, msgs=msgs at entry=0x7fffffffe000, nf_sock=<optimized out>) at libnftables.c:57 #19 0x000055555556bfa8 in nft_run_cmd_from_filename (nft=0x55555560c2a0, filename=0x7fffffffe4ad "/etc/nftables/init.nft") at libnftables.c:508 #20 0x000055555556acb9 in main (argc=<optimized out>, argv=0x7fffffffe1c8) at main.c:455 When it is adding the rules and echoing, t...

Hi! The Netfilter project proudly presents: libnftnl 1.0.8 libnftnl is a userspace library providing a low-level netlink programming interface (API) to the in-kernel nf_tables subsystem. The library libnftnl has been previously known as libnftables. This library is currently used by the nft command line tool. This release includes incremental updates to support new kernel features and bug fixes. You can download this library from: http://www.netfilter.org/projects/libnftnl/downloads.html ftp://ftp.netfilter.org/pub/libnftnl/ Thanks! ---...

Hi! The Netfilter project proudly presents: libnftnl 1.0.9 libnftnl is a userspace library providing a low-level netlink programming interface (API) to the in-kernel nf_tables subsystem. The library libnftnl has been previously known as libnftables. This library is currently used by the nft command line tool. This release includes mostly bug fixes plus one new nftnl_expr_fprintf() function. You can download this library from: http://www.netfilter.org/projects/libnftnl/downloads.html ftp://ftp.netfilter.org/pub/libnftnl/ Thanks! --------...

...Pablo Neira Ayuso (4): Revert ("src: Remove xt_stmt_() functions"). src: add 'auto-merge' option to sets netlink_delinearize: add assertion to prevent infinite loop build: Bump version to v0.8.2 Phil Sutter (4): build: Eliminate forgotten traces of libnftables exporting configure: Fix help text regarding --enable-debug configure: Allow to disable man page building tests/shell: Add back named_interval_automerging_0 Shyam Saini (2): src: Add import command for low level json tests: shell: Add tests for low level json import...

Hi! The Netfilter project proudly presents: libnftnl 1.1.3 libnftnl is a userspace library providing a low-level netlink programming interface (API) to the in-kernel nf_tables subsystem. The library libnftnl has been previously known as libnftables. This library is currently used by nftables. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/libnftnl/downloads.html ftp://ftp.netfilter.org/pub/libnftnl/ Happy firewalling. -------------- next part --------------...

...---------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #4 from Pablo Neira Ayuso <pablo at netfilter.org> --- json support for libnftnl has been deprecated in favor of libnftables json support. Closing. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190712/337b0771/attachment-0001.html>

...cified Platform: x86_64 OS/Version: All Status: NEW Severity: major Priority: P5 Component: nft AssignedTo: pablo at netfilter.org ReportedBy: bjornar.ness at gmail.com Estimated Hours: 0.0 running current git of libmnl/libnftables/nftables and 3.13-rc1 valgrind output: Memcheck, a memory error detector Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al. Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info Command: ./sets_and_maps Invalid write of size 8 at 0x4062B1: symbol_bind (list.h:49...