Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#949248: nftables: nft parsing from stdin fails but works from file
142 views
Skip to first unread message
Thomas Müller
Jan 18, 2020, 3:50:08 PM1/18/20
to
Package: nftables
Version: 0.9.0-2
Severity: normal
I want to parse rules from a script but parsing them from a pipe files while parsing from file works
nft -f nft.txt works
cat nft.txt | nft -f - fails with a handful of syntax errors
I also noticed a difference when doing full debug output
Reading Cfrom file shows the filename, the line number and the postion as well as the actual line and the used part of line
Reading from stdin just shows /dev/stdin, the line number and the position.
So there seams to be different handling oft reading the input
-- System Information:
Debian Release: 10.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages nftables depends on:
ii dpkg 1.19.7
ii libc6 2.28-10
ii libgmp10 2:6.1.2+dfsg-4
ii libjansson4 2.12-1
ii libnftables0 0.9.0-2
ii libreadline7 7.0-5
nftables recommends no packages.
nftables suggests no packages.
-- Configuration Files:
/etc/nftables.conf changed [not included]
-- no debconf information
Version: 0.9.0-2
Severity: normal
I want to parse rules from a script but parsing them from a pipe files while parsing from file works
nft -f nft.txt works
cat nft.txt | nft -f - fails with a handful of syntax errors
I also noticed a difference when doing full debug output
Reading Cfrom file shows the filename, the line number and the postion as well as the actual line and the used part of line
Reading from stdin just shows /dev/stdin, the line number and the position.
So there seams to be different handling oft reading the input
-- System Information:
Debian Release: 10.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages nftables depends on:
ii dpkg 1.19.7
ii libc6 2.28-10
ii libgmp10 2:6.1.2+dfsg-4
ii libjansson4 2.12-1
ii libnftables0 0.9.0-2
ii libreadline7 7.0-5
nftables recommends no packages.
nftables suggests no packages.
-- Configuration Files:
/etc/nftables.conf changed [not included]
-- no debconf information
jaro...@thinline.cz
Feb 24, 2020, 3:00:03 PM2/24/20
to
> Package: nftables
> Version: 0.9.0-2
> Severity: normal
>
> I want to parse rules from a script but parsing them from a pipe files
> while parsing from file works
>
> nft -f nft.txt works
> cat nft.txt | nft -f - fails with a handful of syntax errors
>
> I also noticed a difference when doing full debug output
> Reading Cfrom file shows the filename, the line number and the postion
> as well as the actual line and the used part of line
> Reading from stdin just shows /dev/stdin, the line number and the
> position.
> So there seams to be different handling oft reading the input
>
I encountered this too some time ago - according to strace, nft is
> Version: 0.9.0-2
> Severity: normal
>
> I want to parse rules from a script but parsing them from a pipe files
> while parsing from file works
>
> nft -f nft.txt works
> cat nft.txt | nft -f - fails with a handful of syntax errors
>
> I also noticed a difference when doing full debug output
> Reading Cfrom file shows the filename, the line number and the postion
> as well as the actual line and the used part of line
> Reading from stdin just shows /dev/stdin, the line number and the
> position.
> So there seams to be different handling oft reading the input
>
reading rules in 8kB long blocks (so everything works fine until your
rules grow) but after the block is read, nft attempts to seek few bytes
back in the file. I guess it wants to do the next read from some kind of
boundary. Anyway, seeking in stream obviously fails with ESPIPE -
Illegal seek (I guess nft doesn't check return value here), another 8kB
block is read but not from the file position nft wanted, resulting in
syntax error.
Nft man page says that reading from stdin is supported, but it also says
that "nft export json" is a thing, so I just written this off as yet
another error in the docs and worked around it by dumping my rules into
a temporary file a reading them via -f . You may want to do the same
thing.
MacKenzie Scott
Aug 5, 2022, 9:00:03 PM8/5/22
to
Hi,
My name is MacKenzie Scott Tuttle; I'm a philanthropist and founder of one of the largest private foundations in the world. I'm on a mission to give it all away as I believe in ‘giving while living.’ I always had the idea that never changed in my mind — that wealth should be used to help each other, which has made me decide to donate to you. Kindly acknowledge this message and I will get back to you with more details.
Visit the web page to know more about me: https://www.nytimes.com/2022/04/10/business/mackenzie-scott-charity.html
Regards,
MacKenzie Scott Tuttle.
My name is MacKenzie Scott Tuttle; I'm a philanthropist and founder of one of the largest private foundations in the world. I'm on a mission to give it all away as I believe in ‘giving while living.’ I always had the idea that never changed in my mind — that wealth should be used to help each other, which has made me decide to donate to you. Kindly acknowledge this message and I will get back to you with more details.
Visit the web page to know more about me: https://www.nytimes.com/2022/04/10/business/mackenzie-scott-charity.html
Regards,
MacKenzie Scott Tuttle.
0 new messages