Re: ebtables-nft can't delete complex rules by specifying complete rule with kernel 6.3+

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Florian Westphal <fw@strlen.de>
To: Florian Westphal <fw@strlen.de>
Cc: Igor Raits <igor@gooddata.com>, netfilter-devel@vger.kernel.org
Subject: Re: ebtables-nft can't delete complex rules by specifying complete rule with kernel 6.3+
Date: Mon, 10 Jul 2023 14:49:50 +0200	[thread overview]
Message-ID: <20230710124950.GC12203@breakpoint.cc> (raw)
In-Reply-To: <20230710112135.GA12203@breakpoint.cc>

Florian Westphal <fw@strlen.de> wrote:
> Igor Raits <igor@gooddata.com> wrote:
> > Hello,
> > 
> > We started to observe the issue regarding ebtables-nft and how it
> > can't wipe rules when specifying full rule. Removing the rule by index
> > works fine, though. Also with kernel 6.1.y it works completely fine.
> > 
> > I've started with 1.8.8 provided in CentOS Stream 9, then tried the
> > latest git version and all behave exactly the same. See the behavior
> > below. As you can see, simple DROP works, but more complex one do not.
> > 
> > As bugzilla requires some special sign-up procedure, apologize for
> > reporting it directly here in the ML.
> 
> Thanks for the report, I'll look into it later today.

Its a bug in ebtables-nft, it fails to delete the rule since

938154b93be8cd611ddfd7bafc1849f3c4355201,
netfilter: nf_tables: reject unbound anonymous set before commit phase

But its possible do remove the rule via
nft delete rule .. handle $x

so the breakge is limited to ebtables-nft.

next prev parent reply	other threads:[~2023-07-10 12:49 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-07-10 10:24 ebtables-nft can't delete complex rules by specifying complete rule with kernel 6.3+ Igor Raits
2023-07-10 11:21 ` Florian Westphal
2023-07-10 12:49   ` Florian Westphal [this message]
2023-07-10 14:41     ` Igor Raits
2023-07-10 18:03       ` Pablo Neira Ayuso
2023-07-10 18:05         ` Pablo Neira Ayuso
2023-07-10 19:05           ` Igor Raits
2023-07-10 19:18         ` Florian Westphal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230710124950.GC12203@breakpoint.cc \
    --to=fw@strlen.de \
    --cc=igor@gooddata.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.