[OpenWrt-Devel] nftables: named counters broken on 18.06.4

Vincent Wiemann vincent.wiemann at ironai.com
Tue Sep 10 15:22:29 EDT 2019



On 10.09.19 19:06, Salvatore Mesoraca wrote:
> On Tue, 10 Sep 2019 at 17:58, Vincent Wiemann
> <vincent.wiemann at ironai.com> wrote:
>>
>>
>> On 10.09.19 17:20, Salvatore Mesoraca wrote:
>>> Hi,
>>>
>>> I'm experiencing a problem with nftables' named counters with OpenWrt 18.06.4 on a NetGear R7800.
>>> This is an example of what I get:
>>>
>>> # uname -a
>>> Linux OpenWrt 4.14.131 #0 SMP Thu Jun 27 12:18:52 2019 armv7l GNU/Linux
>>> # nft flush ruleset
>>> # nft add table inet filter
>>> # nft add counter inet filter mycounter
>>> # nft add chain inet filter output { type filter hook output priority 0 \; }
>>> # nft add rule inet filter output counter name mycounter
>>> Error: Could not process rule: No such file or directory
>>> add rule inet filter output counter name mycounter
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>> # nft list ruleset
>>> table inet filter {
>>>         counter mycounter {
>>>                 packets 0 bytes 0
>>>         }
>>>
>>>         chain output {
>>>                 type filter hook output priority 0; policy accept;
>>>         }
>>> }
>>>
>>> Running the failing command using strace I can tell that the ENOENT error is received from the kernel via Netlink.
>>> It's similar to what I get if I try to reference a non-existent counter, but "mycounter" exists.
>>> If I remove "name mycounter" from the command line, it works. Of course it creates an anonymous counter.
>>> The message sent via Netlink looks correct, so I think that the problem resides in kernel.
>>>
>>>
>>> On a PC with 4.15 the same command sequence works flawlessly:
>>>
>>> # nft flush ruleset
>>> # nft add table inet filter
>>> # nft add counter inet filter mycounter
>>> # nft add chain inet filter output { type filter hook output priority 0 \; }
>>> # nft add rule inet filter output counter name mycounter
>>> # nft list ruleset
>>> table inet filter {
>>>         counter mycounter {
>>>                 packets 0 bytes 0
>>>         }
>>>
>>>         chain output {
>>>                 type filter hook output priority 0; policy accept;
>>>                 counter name "mycounter"
>>>         }
>>> }
>>>
>>> Any ideas?
>>>
>>> Thank you,
>>>
>>> Salvatore
>>>
>>
>> Try to set mycounter into quotation marks.
> 
> I tried, it makes no difference.
> Thank you for your time.
> 

Please reply to the mailing list next time.

I don't see any OpenWrt-specific patches which could have altered the
behavior. So it is likely an upstream Linux issue.

The error message:
> Error: Could not process rule: No such file or directory

is strange. Thus I assumed it is a parsing issue.

Best,

Vincent

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list