Re: Regression 1.0.9..1.1.1 in glob inclusion behaviour

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On Wed, Dec 11, 2024 at 09:40:43AM +0000, caskd wrote:
> Hello netfilter users and devs,
> 
> Following upgrade to 1.1.1 i've noticed strange behavior in the inclusion of my netfilter rulesets. Entries included via glob were duplicated. This only occurs when both -I and -f is used, due to the follwing commits:
> 
> 6ef04f99382c074c3669de31cf0a70651662b261 libnftables: search for default include path last
> 302e9f8b3a1382cf09db32541693b5df7d80ca1e libnftables: add base directory of -f/--filename to include path
> 
> Steps to replicate:
> 
> Create a directory with one or more rule files.
> Include everything in the directory with include 'dir/*' from /etc/nft/rules
> Apply the rules with nft -I /etc/nft -f /etc/nft/rules
> 
> If the include dir is defined as a command-line parameter then entries are duplicated, while without it they are not.
> This was not the case on 1.0.9 before these commits were present.
> 
> Has someone worked on a patch for this yet? If not, i might give it a shot myself.

I don't manage to reproduce such duplication with 1.1.1.

Would you make a simpler reproducer? What default directory you have
for nftables? You can guess via:

# nft -h | grep "\-I"

Thanks.




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux