From: caskd <caskd@redxen.eu>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter@vger.kernel.org
Subject: Re: Regression 1.0.9..1.1.1 in glob inclusion behaviour
Date: Thu, 12 Dec 2024 10:33:14 +0000 [thread overview]
Message-ID: <1YCABX5KN97Z8.2KUN1QSJDL07P@unix.is.love.unix.is.life> (raw)
In-Reply-To: <Z1n9Gj6UaA5CfQIj@calendula>
[-- Attachment #1.1: Type: text/plain, Size: 1434 bytes --]
> I don't manage to reproduce such duplication with 1.1.1.
>
> Would you make a simpler reproducer?
Yes, surely. I've tested the following in a priviledged debian unstable container and i have the same behavior.
mkdir -p /tmp/test/include
echo > /tmp/test/main <<-EOF
table inet test {
chain test {
include "include/*";
}
}
EOF
echo "tcp dport 22 accept;" > /tmp/test/include/one
echo "tcp dport 25 accept;" > /tmp/test/include/two
nft -e -I /tmp/test/ -f /tmp/test/main
Executing this on 1.1.1 results in the following being executed/outputted:
root@nnd-navi:/tmp/test# nft -e -I /tmp/test/ -f /tmp/test/main
add table inet test
add chain inet test test
add rule inet test test tcp dport 22 accept
add rule inet test test handle 2 tcp dport 25 accept
add rule inet test test handle 3 tcp dport 22 accept
add rule inet test test tcp dport 25 accept
I've replicated it also on debian nftables with the following invokation:
# podman run --rm -it --privileged --network=host -w /tmp "debian:unstable"
# apt update
# apt install nftables
# ... (steps from reproducer go here)
> What default directory you have for nftables? You can guess via:
>
> # nft -h | grep "\-I"
While i highly suspect the include dir path is unrelated, here they are:
Alpine v3.21: /usr/share
Debian trixie/sid: /etc
> Thanks.
--
Alex D.
RedXen System & Infrastructure Administration
https://redxen.eu/
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 858 bytes --]
next prev parent reply other threads:[~2024-12-12 10:33 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-11 9:40 Regression 1.0.9..1.1.1 in glob inclusion behaviour caskd
2024-12-11 16:03 ` Pablo Neira Ayuso
2024-12-11 20:59 ` Pablo Neira Ayuso
2024-12-12 10:33 ` caskd [this message]
2024-12-12 22:26 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1YCABX5KN97Z8.2KUN1QSJDL07P@unix.is.love.unix.is.life \
--to=caskd@redxen.eu \
--cc=netfilter@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).