Displaying 12 results from an estimated 12 matches for "unitednetwork".
Did you mean:
unitednetworks
2019 Nov 12
6
[Bug 1382] New: nftables.py cmd leaking memory when ruleset contain mapping ip length to range with high limit 65535
...igh limit 65535
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Gentoo
Status: NEW
Severity: major
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: karel at unitednetworks.cz
Created attachment 574
--> https://bugzilla.netfilter.org/attachment.cgi?id=574&action=edit
example of nftables.py leaking memory
System:
Gentoo 5.3.10 x86_64
nft up to date from GIT as of 12.11.2019
Overwiew:
nft commands which change ruleset leak memory when running through nft...
2019 Dec 04
4
[Bug 1386] New: nftables.py cmd doesn't read updated counter values after first read
...fter first read
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Gentoo
Status: NEW
Severity: major
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: karel at unitednetworks.cz
Created attachment 577
--> https://bugzilla.netfilter.org/attachment.cgi?id=577&action=edit
example of nftables.py not reading updated counter state
System:
Gentoo 5.4.1 x86_64
nft up to date from GIT as of 4.12.2019
CPython 3.6.9
Overview:
nft commands which read named counters...
2020 Apr 08
5
[Bug 1417] New: mapping to adjacent ranges is causing error in kernel 5.6, kernel 5.5 works fine
...5 works fine
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: critical
Priority: P5
Component: kernel
Assignee: pablo at netfilter.org
Reporter: karel at unitednetworks.cz
Created attachment 588
--> https://bugzilla.netfilter.org/attachment.cgi?id=588&action=edit
example of adjacent ranges causing error
After upgrading kernel from 5.5 to 5.6.2 our ruleset which includes mapping
packet sizes to counters fails to load. Problem is in adjacent ranges:
Thi...
2017 Mar 08
13
[Bug 1127] New: running nft command creates lag for forwarded packets
...rwarded packets
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Gentoo
Status: NEW
Severity: major
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: karel at unitednetworks.cz
We have several routers with Gentoo x86-64 kernels 4.9.9 or 4.10.1 with about
150 nftables rules (nftables used are commit da3f503, date 2017-1-03). Hardware
used are Xeons or i7-7700K with 10Gbe Intel or Solarflare NICs. There are few
sets, maps and flows. Any nft command, be it listing sets,...
2017 Sep 22
13
[Bug 1185] New: counter flag proposal for sets and maps
...ets and maps
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: karel at unitednetworks.cz
Now when we have stateful objects, one can use map to emulate counting of hits
in set elements, but counters have to be created first.
It would be nice to have "counter" flag for sets and maps with similar function
as counters in rules, just to count packets and bytes hitting elemen...
2016 Oct 13
1
[Bug 1091] New: named set with flag interval: delete multiple items in one command bug
...command bug
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Gentoo
Status: NEW
Severity: major
Priority: P5
Component: kernel
Assignee: pablo at netfilter.org
Reporter: karel at unitednetworks.cz
Created attachment 482
--> https://bugzilla.netfilter.org/attachment.cgi?id=482&action=edit
Proof of bug script
System:
Gentoo AMD64, kernel 4.8.1
nft, libmnl, libnftnl compiled from git (as of 13.10.2016)
When adding IPv4 addresses one by one to set { type ipv4_addr; flags interval...
2017 Oct 17
3
[Bug 1190] New: adding element to map with stateful object and flag interval raise SIGSEGV
...val raise SIGSEGV
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: karel at unitednetworks.cz
latest nft, libnftnl, libmnl (v0.8, v1.0.8, v1.0.4 + 2 more commits)
kernel 4.13.7 x86-64
commands:
nft add map x testmap { type inet_service: counter\; flags interval\;}
nft add counter x testcounter
nft add element x testmap { 0-100 : "testcounter" }
Neoprávněný přístup do paměti...
2017 Sep 21
11
[Bug 1184] New: disable implicit concatenating of elements of sets with flag interval
...lag interval
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: karel at unitednetworks.cz
If consequent elements are added to set with flag interval in one command, they
get concatenated. But when they are added with separate commands, they don't.
This is inconsistent behaviour and needs to be fixed. Listing of such sets and
keeping them in consistence with external data is pro...
2017 Aug 26
5
[Bug 1180] New: Can't create a set with both timeout and interval flags at the same time
https://bugzilla.netfilter.org/show_bug.cgi?id=1180
Bug ID: 1180
Summary: Can't create a set with both timeout and interval
flags at the same time
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: enhancement
Priority: P5
2020 Feb 28
3
[Bug 1411] New: add elements with counter to dynamic sets with
...ic sets with
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: karel at unitednetworks.cz
Few years ago I have proposed hit counters to set items:
https://bugzilla.netfilter.org/show_bug.cgi?id=1185
Now when we have dynamic sets that replaced meters, and lookups are already
allowed for these sets, maybe it is a time to add "hit" counters in set items,
which will increas...
2017 Apr 01
6
[Bug 1140] New: nft dump invalid (flow table)
https://bugzilla.netfilter.org/show_bug.cgi?id=1140
Bug ID: 1140
Summary: nft dump invalid (flow table)
Product: nftables
Version: unspecified
Hardware: x86_64
OS: other
Status: NEW
Severity: major
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
2018 Jul 02
3
[Bug 1267] New: unable to use limit with counter in meters
...in meters
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Gentoo
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: karel at unitednetworks.cz
It looks like nft doesnt allow counter after limit inside of meter.
counter after limit:
--------------------
localhost ~ # nft add rule filter INPUT icmp type echo-request meter
icmp-spammer { ip saddr limit rate over 10/second burst 30 packets counter}
counter drop
Error: syntax error, une...