search for: libnftables

Displaying 20 results from an estimated 35 matches for "libnftables".

2024 Sep 03
1
[Bug 1772] New: Double free corruption in libnftables
https://bugzilla.netfilter.org/show_bug.cgi?id=1772 Bug ID: 1772 Summary: Double free corruption in libnftables Product: nftables Version: 1.0.x Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: nellexplorer at gmail.com Wh...
2018 Jan 16
0
[ANNOUNCE] nftables 0.8.1 release
...er_bison: no need for 'name' token for meters include: refresh nf_tables.h cached copy build: Bump version to v0.8.1 Phil Sutter (19): netlink: Use nftnl_expr_fprintf() in netlink_dump_expr() main: Fix for wrong argument passed to cache_release in nft_ctx_free libnftables: Move library stuff out of main.c libnftables: Introduce nft_ctx_flush_cache() cli: Use nft_run_cmd_from_buffer() libnftables: Introduce getters and setters for everything libnftables: Get rid of explicit cache flushes libnftables: Flush iface cache after command execu...
2020 Feb 04
2
[Bug 1405] New: Possible a bug in n libnftables deserializer. [invalid type]
https://bugzilla.netfilter.org/show_bug.cgi?id=1405 Bug ID: 1405 Summary: Possible a bug in n libnftables deserializer. [invalid type] Product: libnftnl Version: unspecified Hardware: All OS: All Status: NEW Severity: critical Priority: P5 Component: libnftnl Assignee: pablo at netfilt...
2023 Oct 17
1
[Bug 1714] New: Stack smash: libnftables does not enforce string length limits for log prefixes
https://bugzilla.netfilter.org/show_bug.cgi?id=1714 Bug ID: 1714 Summary: Stack smash: libnftables does not enforce string length limits for log prefixes Product: nftables Version: 1.0.x Hardware: x86_64 OS: RedHat Linux Status: NEW Severity: major Priority: P5 Component: nft As...
2019 Aug 27
2
[Bug 1361] New: nft segfault on overlapping intervals
...: not-omega Storage: /var/lib/systemd/coredump/core.nft.0.d7a30c4dec804cd08fbd79e513dfbc16.8941.1563943033000000.lz4 Message: Process 8941 (nft) of user 0 dumped core. Stack trace of thread 8941: #0 0x00007f1d5d9fb39b set_to_intervals (libnftables.so.1) #1 0x00007f1d5d9dcd2f n/a (libnftables.so.1) #2 0x00007f1d5d9df2c7 do_command (libnftables.so.1) #3 0x00007f1d5da02320 n/a (libnftables.so.1) #4 0x00007f1d5da02cdc nft_run_cmd_from_filename (libnftables.so.1)...
2018 Nov 15
4
[Bug 1297] New: Replacement for nft export vm json?
...Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: anthonyryan1 at gmail.com It seems in 1.1.2, support for exporting json was removed. The commit messages reference better support in libnftables but nft 0.9.0 isn't taking advantage of that because `nft export vm json` is outputting broken json with a success code. I'd like to know what the current recommended approach for getting a future-proof representation of the current firewall state is? I've got a python application that...
2014 Apr 17
0
[ANNOUNCE] libnftnl 1.0.1 release
Hi! The Netfilter project proudly presents: libnftnl 1.0.1 libnftnl is a userspace library providing a low-level netlink programming interface (API) to the in-kernel nf_tables subsystem. The library libnftnl has been previously known as libnftables. This library is currently used by the nft command line tool. This release comes with new features available in 3.14 and fixes. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/libnftnl/downloads.html ftp://ftp.netfilte...
2019 Jul 10
6
[Bug 1351] New: Segfault in v0.9.1
...0007ffff7f10255 in cmd_evaluate_add (ctx=0x7fffffffe970, cmd=0x555555593050) at evaluate.c:3496 #8 0x00007ffff7f1140d in cmd_evaluate (ctx=0x7fffffffe970, cmd=0x555555593050) at evaluate.c:3957 #9 0x00007ffff7f335a2 in nft_evaluate (nft=0x55555555ba20, msgs=0x7fffffffeb00, cmds=0x7fffffffeb10) at libnftables.c:396 #10 0x00007ffff7f339d8 in nft_run_cmd_from_filename (nft=0x55555555ba20, filename=0x7fffffffeea2 "/etc/nftables/nftables.conf") at libnftables.c:479 #11 0x00005555555567a2 in main (argc=3, argv=0x7fffffffec78) at main.c:310 (gdb) info r rdi rdi 0x555555562f40 938249...
2020 Jul 19
3
[Bug 1444] New: nftables-0.9.6 crashes on some set notations:
...289 in do_command_list (ctx=0x7fff2a98d110, cmd=0x55637f6ec290) at rule.c:2527 #14 0x00007f30cec32bc4 in do_command (ctx=0x7fff2a98d110, cmd=0x55637f6ec290) at rule.c:2753 #15 0x00007f30cec6faf5 in nft_netlink (nft=0x55637f6e52a0, cmds=0x7fff2a98d1c0, msgs=0x7fff2a98d1b0, nf_sock=0x55637f6e5f30) at libnftables.c:42 #16 0x00007f30cec70c81 in nft_run_cmd_from_filename (nft=0x55637f6e52a0, filename=0x7fff2a98eb59 "a.nft") at libnftables.c:512 #17 0x000055637e892f41 in main (argc=4, argv=0x7fff2a98d348) at main.c:459 -- You are receiving this mail because: You are watching all bug changes. ------...
2019 Sep 15
3
[Bug 1365] New: nft crashes in chain_print_declaration()
..../nftables/src/rule.c:2330 #8 0x00007fc1b9afef56 in do_command (ctx=0x7ffc919cdfe0, cmd=0x561fc75ec500) at ../../../nftables/src/rule.c:2572 #9 0x00007fc1b9b363e2 in nft_netlink (nft=0x561fc75eb2a0, cmds=0x7ffc919ce090, msgs=0x7ffc919ce080, nf_sock=0x561fc75ebc30) at ../../../nftables/src/libnftables.c:42 #10 0x00007fc1b9b3754a in nft_run_cmd_from_filename (nft=0x561fc75eb2a0, filename=0x7ffc919cecff "./nft.ruleset") at ../../../nftables/src/libnftables.c:508 #11 0x0000561fc5f6e70e in main (argc=4, argv=0x7ffc919ce1f8) at ../../../nftables/src/main.c:328 valgrind says it's a...
2013 Oct 24
5
[Bug 868] New: Null pointer segfault in netlink code
...blo at netfilter.org ReportedBy: john at sager.me.uk Estimated Hours: 0.0 In returning set information, the kernel omits the FLAGS attribute if it is zero (nf_tables_fill_set() in nf_tables_api.c). Consequently, calls to nft_set_attr_get_u32() in netlink.c fail because that routine (in libnftables) dereferences a null pointer returned by nft_set_attr_get(). I fixed it in nft by calling nft_set_attr_is_set() to test for the attribute's existence. It could also be fixed in the kernel by unconditionally sending the FLAGS attribute even if it is zero. Also it might be worth putting some more...
2018 Feb 18
5
[Bug 1228] New: [REGRESSION] nft cannot load big set anymore
...dcab0, excl=excl at entry=false) at rule.c:1054 #7 0x00005600a1c967a7 in do_command (ctx=ctx at entry=0x7fff364093e0, cmd=cmd at entry=0x5600a2fdcab0) at rule.c:1805 #8 0x00005600a1c810e5 in nft_netlink (nf_sock=0x5600a2fdbb50, msgs=0x7fff36409490, state=0x7fff364094a0, nft=0x5600a2fdba20) at libnftables.c:47 #9 nft_run (nft=nft at entry=0x5600a2fdba20, nf_sock=0x5600a2fdbb50, scanner=scanner at entry=0x5600a2fdbb90, state=state at entry=0x7fff364094a0, msgs=msgs at entry=0x7fff36409490) at libnftables.c:95 #10 0x00005600a1c817dc in nft_run_cmd_from_filename (nft=0x5600a2fdba20, filename=0x7f...
2019 Aug 19
1
[ANNOUNCE] libnftnl 1.1.4 release
Hi! The Netfilter project proudly presents: libnftnl 1.1.4 libnftnl is a userspace library providing a low-level netlink programming interface (API) to the in-kernel nf_tables subsystem. The library libnftnl has been previously known as libnftables. This library is currently used by nftables. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/libnftnl/downloads.html ftp://ftp.netfilter.org/pub/libnftnl/ Happy firewalling. -------------- next part -------------- Bre...
2015 Sep 16
1
[ANNOUNCE] libnftnl 1.0.4 release
Hi! The Netfilter project proudly presents: libnftnl 1.0.4 libnftnl is a userspace library providing a low-level netlink programming interface (API) to the in-kernel nf_tables subsystem. The library libnftnl has been previously known as libnftables. This library is currently used by the nft command line tool. This release comes with new features available up to 4.2, see ChangeLog for more details. In this release, we have renamed most of the library symbols to use the nftnl_ prefix while keeping aliases to the old ones. We would like to res...
2024 Jul 16
0
[ANNOUNCE] nftables 1.1.0 release
...e tests: shell: add regression test for double-free crash bug tests: meta_time: fix dump validation failure tests: packetpath: add check for drop policy rule: do not crash if to-be-printed flowtable lacks priority tests: shell: add test case for reset tcp warning libnftables: fix crash when freeing non-malloc'd address tests: shell: add more ruleset validation test cases tests: shell: test jump to basechain is rejected, even if there is no loop tests: shell: connect chains to hook point Jeremy Sowden (3): tests: shell: packetpath/flowtables...
2020 Apr 09
5
[Bug 1418] New: segfaults when running nft --file foo.nft --echo
...k (ctx=ctx at entry=0x7fffffffdf70, err_list=err_list at entry=0x7fffffffdf60, num_cmds=num_cmds at entry=161) at mnl.c:433 #18 0x000055555556b6c5 in nft_netlink (nft=nft at entry=0x55555560c2a0, cmds=cmds at entry=0x7fffffffe010, msgs=msgs at entry=0x7fffffffe000, nf_sock=<optimized out>) at libnftables.c:57 #19 0x000055555556bfa8 in nft_run_cmd_from_filename (nft=0x55555560c2a0, filename=0x7fffffffe4ad "/etc/nftables/init.nft") at libnftables.c:508 #20 0x000055555556acb9 in main (argc=<optimized out>, argv=0x7fffffffe1c8) at main.c:455 When it is adding the rules and echoing, the...
2017 Oct 12
0
[ANNOUNCE] libnftnl 1.0.8 release
Hi! The Netfilter project proudly presents: libnftnl 1.0.8 libnftnl is a userspace library providing a low-level netlink programming interface (API) to the in-kernel nf_tables subsystem. The library libnftnl has been previously known as libnftables. This library is currently used by the nft command line tool. This release includes incremental updates to support new kernel features and bug fixes. You can download this library from: http://www.netfilter.org/projects/libnftnl/downloads.html ftp://ftp.netfilter.org/pub/libnftnl/ Thanks! -----...
2018 Jan 02
0
[ANNOUNCE] libnftnl 1.0.9 release
Hi! The Netfilter project proudly presents: libnftnl 1.0.9 libnftnl is a userspace library providing a low-level netlink programming interface (API) to the in-kernel nf_tables subsystem. The library libnftnl has been previously known as libnftables. This library is currently used by the nft command line tool. This release includes mostly bug fixes plus one new nftnl_expr_fprintf() function. You can download this library from: http://www.netfilter.org/projects/libnftnl/downloads.html ftp://ftp.netfilter.org/pub/libnftnl/ Thanks! ----------...
2018 Feb 02
0
[ANNOUNCE] nftables 0.8.2 release
...Pablo Neira Ayuso (4): Revert ("src: Remove xt_stmt_() functions"). src: add 'auto-merge' option to sets netlink_delinearize: add assertion to prevent infinite loop build: Bump version to v0.8.2 Phil Sutter (4): build: Eliminate forgotten traces of libnftables exporting configure: Fix help text regarding --enable-debug configure: Allow to disable man page building tests/shell: Add back named_interval_automerging_0 Shyam Saini (2): src: Add import command for low level json tests: shell: Add tests for low level json import...
2019 May 27
0
[ANNOUNCE] libnftnl 1.1.3 release
Hi! The Netfilter project proudly presents: libnftnl 1.1.3 libnftnl is a userspace library providing a low-level netlink programming interface (API) to the in-kernel nf_tables subsystem. The library libnftnl has been previously known as libnftables. This library is currently used by nftables. See ChangeLog that comes attached to this email for more details. You can download it from: http://www.netfilter.org/projects/libnftnl/downloads.html ftp://ftp.netfilter.org/pub/libnftnl/ Happy firewalling. -------------- next part -------------- Fe...