Re: Regression 1.0.9..1.1.1 in glob inclusion behaviour

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> I don't manage to reproduce such duplication with 1.1.1.
> 
> Would you make a simpler reproducer?
Yes, surely. I've tested the following in a priviledged debian unstable container and i have the same behavior.

mkdir -p /tmp/test/include
echo > /tmp/test/main <<-EOF
table inet test {
	chain test {
		include "include/*";
	}
}
EOF
echo "tcp dport 22 accept;" > /tmp/test/include/one
echo "tcp dport 25 accept;" > /tmp/test/include/two
nft -e -I /tmp/test/ -f /tmp/test/main

Executing this on 1.1.1 results in the following being executed/outputted:
root@nnd-navi:/tmp/test# nft -e -I /tmp/test/ -f /tmp/test/main
add table inet test
add chain inet test test
add rule inet test test tcp dport 22 accept
add rule inet test test handle 2 tcp dport 25 accept
add rule inet test test handle 3 tcp dport 22 accept
add rule inet test test tcp dport 25 accept

I've replicated it also on debian nftables with the following invokation:
# podman run --rm -it --privileged --network=host -w /tmp "debian:unstable"
# apt update
# apt install nftables
# ... (steps from reproducer go here)

> What default directory you have for nftables? You can guess via:
> 
> # nft -h | grep "\-I"
While i highly suspect the include dir path is unrelated, here they are:
Alpine v3.21: /usr/share
Debian trixie/sid: /etc

> Thanks.


-- 
Alex D.
RedXen System & Infrastructure Administration
https://redxen.eu/

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux