From: Thorsten Knabe <linux@thorsten-knabe.de>
To: netfilter-devel@vger.kernel.org
Cc: sbrivio@redhat.com
Subject: BUG: Anonymous maps with adjacent intervals broken since Linux 5.6
Date: Fri, 10 Apr 2020 19:25:49 +0200 [thread overview]
Message-ID: <6d036215-e701-db81-d429-2c76856463ee@thorsten-knabe.de> (raw)
Hello.
BUG: Anonymous maps with adjacent intervals are broken starting with
Linux 5.6. Linux 5.5.16 is not affected.
Environment:
- Linux 5.6.3 (AMD64)
- nftables 0.9.4
Trying to apply the ruleset:
flush ruleset
table ip filter {
chain test {
ip daddr vmap {
10.255.1.0-10.255.1.255: accept,
10.255.2.0-10.255.2.255: drop
}
}
}
using nft results in an error on Linux 5.6.3:
# nft -f simple.nft
simple.nft:7:19-5: Error: Could not process rule: File exists
ip daddr vmap {
The same ruleset works flawlessly using Linux 5.5.16.
Changing the ruleset to:
flush ruleset
table ip filter {
chain test {
ip daddr vmap {
10.255.1.0-10.255.1.254: accept,
10.255.2.0-10.255.2.255: drop
}
}
}
(non adjacent intervals) makes the ruleset work again on Linux 5.6.3.
Reverting commit 7c84d41416d836ef7e533bd4d64ccbdf40c5ac70 from Linux
5.6.3 also fixes the problem.
Kind regards
Thorsten
--
___
| | / E-Mail: linux@thorsten-knabe.de
|horsten |/\nabe WWW: http://linux.thorsten-knabe.de
next reply other threads:[~2020-04-10 17:42 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-10 17:25 Thorsten Knabe [this message]
2020-04-11 7:24 ` BUG: Anonymous maps with adjacent intervals broken since Linux 5.6 Stefano Brivio
2020-04-11 13:35 ` Thorsten Knabe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6d036215-e701-db81-d429-2c76856463ee@thorsten-knabe.de \
--to=linux@thorsten-knabe.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=sbrivio@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.