[Bug 1494] New: On chain sreation with elements, after deletion no longer ACCEPT - it is DROP

Sun Jan 31 01:24:59 CET 2021

https://bugzilla.netfilter.org/show_bug.cgi?id=1494

            Bug ID: 1494
           Summary: On chain sreation with elements, after deletion no
                    longer ACCEPT - it is DROP
           Product: libnftnl
           Version: unspecified
          Hardware: i386
                OS: Debian GNU/Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: libnftnl
          Assignee: pablo at netfilter.org
          Reporter: hell at fibermax.bg

nftables RACE CONDITION
chain main (accept)
rule chain main vmap ip saddr W,Z goto H,Y
create chain H
create chain Y
chain H rule ip saddr W...counter DROP
chain H rule ip saddr Z.. counter ACCEPT
flush chain H
flush chain Y
chain H rule ip saddr W...counter ACCEPT
chain H rule ip saddr Z.. counter DROP
now rule saddr Z will not work or other way around.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20210131/7a65b35c/attachment.html>