lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240510110243.08eed391@kernel.org>
Date: Fri, 10 May 2024 11:02:43 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Florian Westphal <fw@...len.de>
Cc: Simon Horman <horms@...nel.org>, Hangbin Liu <liuhangbin@...il.com>,
 Jaehee Park <jhpark1013@...il.com>, Petr Machata <petrm@...dia.com>,
 Nikolay Aleksandrov <razor@...ckwall.org>, Ido Schimmel
 <idosch@...dia.com>, Davide Caratti <dcaratti@...hat.com>, Matthieu Baerts
 <matttbe@...nel.org>, netdev@...r.kernel.org
Subject: Re: [TEST] Flake report

On Fri, 10 May 2024 18:41:47 +0200 Florian Westphal wrote:
> > What does that mean in lay terms?   
> 
> This nft version chokes on syntax, but I cannot reproduce this:
> src/nft --check -f /dev/stdin <<EOF
> add table t
> add chain t c
> reset rules t c
> EOF
> echo $?
> table ip t {
> 	chain c { }
> }
> 0
> src/nft --version
> nftables v1.0.9 (Old Doc Yak #3)
> 
> No idea :-(
> 
> I tried building both recent nftables.git and v1.0.9 tag and both
> parse the test file for me :-(
> 
> Also. nft-flowtable.sh is still not working on nf infra even
> with the updated version while that script works fine locally for me
> as well, even with running via vng.
> 
> Maybe there is an old libnftables on the system that is used
> instead for parsing?  Its bundled/installed with nftables, can
> you check that ldd nft doesnt show some other distro-installed
> version?  Other than that I have no idea what could be happening here.

Good call! The LD_LIBRARY_PATH was including things in wrong order.
I change that for the next run.

> > Question #2, for the ebtables test - do I need to build iptables?
> > I built nft with
> > 	./configure --with-json --with-xtables   
> 
> You need to add --enable-nftables for ebtables-nft, or you need to
> use the old ebtables tree, i.e.:
> https://git.netfilter.org/ebtables/
> 
> both should work.

Picked the old tree. Let's see..

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ