[Bug 1712] New: Deleting a nft chain immediately after flushing references to it does not always work

Fri Oct 6 14:59:09 CEST 2023

https://bugzilla.netfilter.org/show_bug.cgi?id=1712

            Bug ID: 1712
           Summary: Deleting a nft chain immediately after flushing
                    references to it does not always work
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: Ubuntu
            Status: NEW
          Severity: normal
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: cwm at epust.dk

Consider this script:

  #!/bin/bash
  nft flush ruleset
  nft table inet filter
  nft add chain inet filter mychain1
  nft add chain inet filter mychain2
  nft add rule inet filter mychain2 ip daddr vmap { 1.1.1.1 : goto mychain1 }

  nft flush chain inet filter mychain2
  # sleep 1
  nft delete chain inet filter mychain1

Most of the times when I run this script, the last call to nft fails with:

  Error: Could not process rule: Device or resource busy
  delete chain inet filter mychain1

If I uncomment the "sleep 1", it always seems to work.

If I put the flush and delete commands in a file to be executed atomically
(which is what I really want), it does not work either.

I have tried to run it in two different environments with the same result:

* Kernel 5.15.75 nft version 1.0.2 (Windows WSL)
* Kernel 5.15.0 nft version 0.9.3 (Ubuntu)

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20231006/f7cb1e50/attachment.html>