[Bug 1710] New: When called from nft -f, list counters outputs all zeros

Sun Oct 1 14:43:46 CEST 2023

https://bugzilla.netfilter.org/show_bug.cgi?id=1710

            Bug ID: 1710
           Summary: When called from nft -f, list counters outputs all
                    zeros
           Product: nftables
           Version: 1.0.x
          Hardware: x86_64
                OS: Debian GNU/Linux
            Status: NEW
          Severity: major
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: jannh at selfnet.de

Created attachment 722
  --> https://bugzilla.netfilter.org/attachment.cgi?id=722&action=edit
Example file

When adding a counter to a ruleset, the statement "nft list counters" (or "nft
reset counters") can be used to output the counter values. The list counters
statement can also be included into a rule file. When run from a file via "nft
-f", we experienced that all counters were always zero.

The attached file aims to atomically list the counters and then load a new
ruleset. Under Debian bullseye, this was working as expected. The bug appeared
new after the Debian bookworm upgrade.

Steps to reproduce:

1. Load attached file with "nft -f". It will create a simple ruleset with only
one named counter counting all input traffic. It will not make output if the
rules were empty before (list counters shows nothing if there are no counters).

2. Use nft list counters to display the current values. Verify, the counter
values increase (probably send a ping or so to get the counter to increase).

3. Load the attached file again. The list counter statement outputs the
counters, but the values are zero.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20231001/97815573/attachment.html>