[Bug 1413] New: Inconsistent EBUSY errors when adding a duplicate element to a map

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Thu Mar 12 09:23:06 CET 2020 

https://bugzilla.netfilter.org/show_bug.cgi?id=1413

            Bug ID: 1413
           Summary: Inconsistent EBUSY errors when adding a duplicate
                    element to a map
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: Debian GNU/Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: kernel
          Assignee: pablo at netfilter.org
          Reporter: anton.aksola at upcloud.com

OS: Debian GNU/Linux 10 (Buster)
Kernel: 4.19.0-8-amd64

This works every time:
# nft -f - << EOF
flush ruleset
add table ip filter
add chain ip filter forward { type filter hook forward priority 0; policy
accept; }
add map ip filter foo { type ifname : verdict; }
add rule ip filter forward iifname vmap @foo
add element ip filter foo { "dummy0" : accept }
add element ip filter foo { "dummy0" : accept }
EOF

While these do not:
# nft -f - << EOF
flush ruleset
add table ip filter
add chain ip filter forward { type filter hook forward priority 0; policy
accept; }
add map ip filter foo { type ifname : verdict; }
add rule ip filter forward iifname vmap @foo
add element ip filter foo { "dummy0" : accept }
add element ip filter foo { "dummy0" : drop }
EOF
/dev/stdin:7:1-42: Error: Could not process rule: Device or resource busy
add element ip filter foo { "dummy0" : drop }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

# nft -f - << EOF
flush ruleset
add table ip filter
add chain ip filter forward { type filter hook forward priority 0; policy
accept; }
add map ip filter foo { type ifname : verdict; }
add rule ip filter forward iifname vmap @foo
add element ip filter foo { "dummy0" : accept }
add set ip filter prefixset { type ipv4_addr; flags interval; }
add element ip filter foo { "dummy0" : accept }
EOF
/dev/stdin:8:1-44: Error: Could not process rule: Device or resource busy
add element ip filter foo { "dummy0" : accept }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

I couldn't find any references how maps should behave when adding a duplicate
element. In any case a consistent behaviour would be desirable.

Looking at the strace output this error seems to come from the kernel so filing
this under it.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200312/2addd01d/attachment.html>

More information about the netfilter-buglog mailing list