[Bug 1216] Error messaging for "interval overlaps with previous one" misidentifies location

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Tue Sep 11 21:54:22 CEST 2018


https://bugzilla.netfilter.org/show_bug.cgi?id=1216

--- Comment #6 from Jeff Kletsky <netfilter at allycomm.com> ---
Still problems after v0.9.0 identifying the contest of a specific error. With
include statements, it appearsto report the error with a previously include-ed
file, rather than in the file in which the problem actually exists. While
painful at all times, this is especially troublesome at boot time when the
conditions of the system (such as interfaces not being created yet) cannot be
replicated during interactive use.

Recently observed with a build after v0.9.0

commit 0f44d4f62753535d39d95d83778348bee4e88053
Author: Florian Westphal <fw at strlen.de>
Date:   Tue Sep 4 13:53:59 2018 +0200


jeff at apu3:/usr/local/etc/firewall$ sudo nft -c -f nftables.conf
In file included from ./accept_ipv6_link_local.nft:3:1-32:
                 from nftables.conf:92:5-43:
./defines_if_mgmt.nft:1:17-25: Error: Interface does not exist
# define if_mgmt = { enp2s0.102 }
                ^^^^^^^^^

It's still pointing to something in those columns, but certainly not an
interface. The error indicators pretty clearly aren't referring to that line

jeff at apu3:/usr/local/etc/firewall$ sudo nft -c -f nftables.conf
In file included from ./accept_ipv6_link_local.nft:3:1-32:
                 from nftables.conf:92:5-43:
./defines_if_mgmt.nft:1:17-25: Error: Interface does not exist
########################## define if_mgmt = { enp2s0.102 }
                ^^^^^^^^^

or completely removing the line and blank lines following

jeff at apu3:/usr/local/etc/firewall$ sudo nft -c -f nftables.conf
In file included from ./accept_ipv6_link_local.nft:3:1-32:
                 from nftables.conf:92:5-43:
./defines_if_mgmt.nft:1:17-25: Error: Interface does not exist
define if_mgmt_addrs_ipv4 = { 10.1.102.198 }
                ^^^^^^^^^

Very puzzling as well in that on the running (long past boot), nft -c -f
nftables.conf shows the error, yet ip link clearly shows that the interface
exists.

In file included from ./accept_ipv6_link_local.nft:3:1-32:

is misleading as well, as there are no include statements in that file.

cut -c 17-25 * | egrep ^[0-9a-z.]+$ | less

provided the clue as the string, which turned out to be in the file
defines_if_internal.nft, just before the one in which it was reported
defines_if_mgmt

include "./defines_if_external.nft"
include "./defines_if_internal.nft"
include "./defines_if_mgmt.nft

I haven't figured out why accept_ipv6_link_local.nft is mentioned, but it looks
like the problems with error reporting context still haven't been resolved.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180911/0500b34a/attachment.html>


More information about the netfilter-buglog mailing list