Re: [PATCH v2 nf-next 0/7] netfilter: nf_tables: avoid PROVE_RCU_LIST splats

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Oct 31, 2024 at 10:56:45PM +0100, Florian Westphal wrote:
> Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > > This targets nf-next because these are long-standing issues.
> > 
> > This series breaks inner matching, I can see tests/shell reports:
> > 
> > I: conf: NFT_TEST_HAVE_inner_matching=n
> 
> Uh, didn't i fix this in v2?  V1 had a bug in patch 6:
> 
> +       if (!type->inner_ops || type->owner) {
> +               err = -EOPNOTSUPP;

I am using v2, I can see this chunk.

> V1 had !type->owner, which causes feature probe to fail and the test to
> skip (it skips builtin instead of module...).
> 
> I re-tested, I get:
> I: conf: NFT_TEST_HAVE_inner_matching=y

# cat test.nft
table ip t {
        chain c {
                udp dport 4789 vxlan ip saddr 1.2.3.4
        }
}

# nft -f test.nft
test.nft:3:32-45: Error: Could not process rule: Operation not supported
                udp dport 4789 vxlan ip saddr 1.2.3.4
                               ^^^^^^^^^^^^^^

Reverting "netfilter: nf_tables: must hold rcu read lock while iterating expression type list"
makes it work for me again.

Are you compiling nf_tables built-in there? I make as a module, the
type->owner is THIS_MODULE which refers to nf_tables.ko?




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux