From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Steven Haigh <netwiz@crc.id.au>
Cc: netfilter@vger.kernel.org
Subject: Re: aarch64 - netlink: Error: Could not process rule: No buffer space available
Date: Wed, 4 Mar 2026 01:02:14 +0100 [thread overview]
Message-ID: <aad2hjmYS6Bcc3xz@chamomile> (raw)
In-Reply-To: <c92b85f0-7754-460b-a31a-19c3b268b2f0@crc.id.au>
Hi,
On Wed, Mar 04, 2026 at 10:36:20AM +1100, Steven Haigh wrote:
> Hi all,
>
> Firstly, please CC me in replies as I'm not subscribed to the list.
>
> I am currently loading some named sets into nftables using the following
> configuration:
>
> set au-ipv4 {
> type ipv4_addr
> flags interval
> auto-merge
> elements = { $AU.ipv4 }
> }
>
> set au-ipv6 {
> type ipv6_addr
> flags interval
> auto-merge
> elements = { $AU.ipv6 }
> }
>
> These sets are loaded in the config via:
> include "/etc/nftables/firewall/geo-nft/countrysets/AU.ipv4";
> include "/etc/nftables/firewall/geo-nft/countrysets/AU.ipv6";
>
> The files are created using the geo-nft.sh script here:
> https://raw.githubusercontent.com/wirefalls/geo-nft/main/geo-nft.sh
>
> When loading these, I get the following fatal error:
> netlink: Error: Could not process rule: No buffer space available
>
> This only seems to happen on the aarch64 installs. The same kernel version +
> tools version on x86_64 architecture seems to load just fine.
>
> $ cat /proc/version
> Linux version 6.18.15-200.fc43.aarch64
> (mockbuild@835a9c7eeabc46d3b99996c22f20c9cf) (gcc (GCC) 15.2.1 20260123 (Red
> Hat 15.2.1-7), GNU ld version 2.45.1-4.fc43) #1 SMP PREEMPT_DYNAMIC Fri Feb
> 27 22:55:30 UTC 2026
>
> $ nft --version
> nftables v1.1.3 (Commodore Bullmoose #4)
Can you try latest nftables version to confirm this bug on aarch64 is
current? Otherwise, try nftables git HEAD snapshot?
> I've had no success in hunting for why this would be the case.
>
> I've found that I can batch-load the sets in ~500 rules at a time, and the
> entire set will load - but including them at the nftables service level
> always fails.
>
> How should I fix this?
>
> --
> Steven Haigh
>
> 📧 netwiz@crc.id.au
> 💻 https://crc.id.au
>
>
>
next prev parent reply other threads:[~2026-03-04 0:02 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-03 23:36 aarch64 - netlink: Error: Could not process rule: No buffer space available Steven Haigh
2026-03-04 0:02 ` Pablo Neira Ayuso [this message]
2026-03-04 0:17 ` Pablo Neira Ayuso
2026-03-04 0:34 ` Steven Haigh
2026-03-04 0:42 ` Pablo Neira Ayuso
2026-03-04 0:49 ` Steven Haigh
2026-03-04 0:53 ` Pablo Neira Ayuso
2026-03-04 1:05 ` Steven Haigh
2026-03-04 1:17 ` Pablo Neira Ayuso
2026-03-04 0:19 ` Steven Haigh
2026-03-04 0:35 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aad2hjmYS6Bcc3xz@chamomile \
--to=pablo@netfilter.org \
--cc=netfilter@vger.kernel.org \
--cc=netwiz@crc.id.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox