<html>
<head>
<base href="https://bugzilla.netfilter.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Trying to populate a set raises a netlink error "Could not process rule: No space left on device""
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1464">1464</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Trying to populate a set raises a netlink error "Could not process rule: No space left on device"
</td>
</tr>
<tr>
<th>Product</th>
<td>nftables
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>x86_64
</td>
</tr>
<tr>
<th>OS</th>
<td>Gentoo
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P5
</td>
</tr>
<tr>
<th>Component</th>
<td>nft
</td>
</tr>
<tr>
<th>Assignee</th>
<td>pablo@netfilter.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>kfm@plushkava.net
</td>
</tr></table>
<p>
<div>
<pre>This bug is somewhat related to <a class="bz_bug_link
bz_status_ASSIGNED "
title="ASSIGNED - nft stalls on EAGAIN upon repeatedly flushing and populating a set"
href="show_bug.cgi?id=1392">bug 1392</a>. As explained there, I was unable to
atomically re-populate a set by issuing a "flush set" command followed by an
"add element" command within the same command stream. Eventually this was
resolved by upgrading to nftables commit 40ef308.
However, in the inital report, I had also mentioned that executing my script
would occasionally result in the following error:-
netlink: Error: Could not process rule: No space left on device
I had hoped that this issue would never arise again. Unfortunately, today it
has. Whenever it has happened before, flushing the ruleset has always sufficed
as a workaround. For now, I have chosen not to do this because the affected
host is in a state whereby I can reliably reproduce this.
The script in question downloads the IPv4 bogons list from Team Cymru and tries
to populate a specific set. On the last occasion that I ran it, it emptied the
set but failed to add the given elements, before printing the above-mentioned
error. After realising this, I reduced my script to just the part that tries to
populate the set and tried it again. Hence, the test case looks like this:-
tmpfile=/tmp/tmp.lWZWu0uSkn
nft -f - <<-EOF
flush set ip raw bogons
add element ip raw bogons {
$(grep -v '^#' "$tmpfile" | paste -d, -s -)
}
EOF
The temp file is a copy of the "fullbogons-ipv4.txt" file that I last
downloaded. At this point, I am able to reproduce the error by running the
above code, despite the fact that it has worked correctly for weeks up until
now.
The definition of the set is currently as follows:-
table ip raw {
set bogons {
type ipv4_addr
flags interval,timeout
timeout 4h5m
}
}
Some components have changed since I last commented on <a class="bz_bug_link
bz_status_ASSIGNED "
title="ASSIGNED - nft stalls on EAGAIN upon repeatedly flushing and populating a set"
href="show_bug.cgi?id=1392">bug 1392</a>. Here is what I
am running now:
* Linux 5.8.8 (I upgraded from the 5.7 series)
* nftables commit c156232
* libnftnl commit 99be0e6
I shall attach the exact command stream, along with some additional
information.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>