From: caskd <caskd@redxen.eu>
To: netfilter@vger.kernel.org
Subject: Regression 1.0.9..1.1.1 in glob inclusion behaviour
Date: Wed, 11 Dec 2024 09:40:43 +0000 [thread overview]
Message-ID: <2HWYO8DBOM98M.3CP5UDE19R679@unix.is.love.unix.is.life> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 1020 bytes --]
Hello netfilter users and devs,
Following upgrade to 1.1.1 i've noticed strange behavior in the inclusion of my netfilter rulesets. Entries included via glob were duplicated. This only occurs when both -I and -f is used, due to the follwing commits:
6ef04f99382c074c3669de31cf0a70651662b261 libnftables: search for default include path last
302e9f8b3a1382cf09db32541693b5df7d80ca1e libnftables: add base directory of -f/--filename to include path
Steps to replicate:
Create a directory with one or more rule files.
Include everything in the directory with include 'dir/*' from /etc/nft/rules
Apply the rules with nft -I /etc/nft -f /etc/nft/rules
If the include dir is defined as a command-line parameter then entries are duplicated, while without it they are not.
This was not the case on 1.0.9 before these commits were present.
Has someone worked on a patch for this yet? If not, i might give it a shot myself.
--
Alex D.
RedXen System & Infrastructure Administration
https://redxen.eu/
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 858 bytes --]
next reply other threads:[~2024-12-11 9:40 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-11 9:40 caskd [this message]
2024-12-11 16:03 ` Regression 1.0.9..1.1.1 in glob inclusion behaviour Pablo Neira Ayuso
2024-12-11 20:59 ` Pablo Neira Ayuso
2024-12-12 10:33 ` caskd
2024-12-12 22:26 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2HWYO8DBOM98M.3CP5UDE19R679@unix.is.love.unix.is.life \
--to=caskd@redxen.eu \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).