[Bug 1650] fail to add missing element to nft sets after running some time - file exists
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Sun Jul 9 11:44:54 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1650
--- Comment #4 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Hi,
(In reply to Wang Jian from comment #3)
> The issue still exists on new debian testing kernel 6.3.0-1-amd64 base on
> linux kernel version 6.3.7-1
>
> # last reboot
> reboot system boot 6.3.0-1-amd64 Thu Jun 29 02:14 still running
> reboot system boot 6.1.0-7-amd64 Tue Apr 4 09:31 - 02:14 (85+16:42)
>
> # grep Could /var/log/dnsmasq/dnsmasq-20230629.log
> 2023-06-29T08:34:56.679638+08:00 nftset inet mangle TUNNELv6
> internal:0:0-0: Error: Could not process rule: File exists
This internal:0:0-0 is incorrect error reporting.
Could you run nftables with git HEAD? It contains this fix:
commit 5e39a34b196d68b803911aa13066fef2f83dc98c
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Mon Mar 27 16:36:31 2023 +0200
intervals: use expression location when translating to intervals
Otherwise, internal location reports:
# nft -f ruleset.nft
internal:0:0-0: Error: Could not process rule: File exists
after this patch:
# nft -f ruleset.nft
ruleset.nft:402:1-16: Error: Could not process rule: File exists
1.2.3.0/30,
^^^^^^^^^^^
it fixes error reporting, so at least it is possible to know what element
already exists. This will be included in the next release (1.0.8).
Once error reporting is fixed, next step would be to validate whether EEXIST is
legitimate or bogus, via listing the set to check for overlaps, you could also
use 'get element' command.
Thanks.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230709/b05d6502/attachment.html>
More information about the netfilter-buglog
mailing list