Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1795223

Summary: [RFE] libnftnl: Support for nftables sets with concatenated ranges
Product: Red Hat Enterprise Linux 8 Reporter: Stefano Brivio <sbrivio>
Component: libnftnlAssignee: Phil Sutter <psutter>
Status: CLOSED ERRATA QA Contact: Tomas Dolezal <todoleza>
Severity: medium Docs Contact:
Priority: high    
Version: 8.1CC: egarver, fwestpha, lmiksik, psutter, todoleza
Target Milestone: rcKeywords: FutureFeature
Target Release: 8.2Flags: pm-rhel: mirror+
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: libnftnl-1.1.5-3.el8 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-04-28 16:06:56 UTC Type: Feature Request
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1593711    
Bug Blocks:    

Description Stefano Brivio 2020-01-27 13:28:45 UTC 
Support for nftables sets with concatenated ranges needs two patches in
libnftnl, submitted upstream, not merged yet:

  http://patchwork.ozlabs.org/patch/1225484/
  http://patchwork.ozlabs.org/patch/1225485/

the kernel counterpart is covered by bz1593711 -- kernel patches are
upstream now.

I'm requesting exception status for this ticket as bz1593711, that
originally covered the userspace implementation, and I later used to
track the kernel feature (as it represented the bulk of this work), is
in the RPL for 8.2.
Comment 3 Phil Sutter 2020-02-10 14:19:48 UTC 
Upstream commits to backport:

commit 131a6c2fa4cccaa04a7b93b686f10f5ba6f11b3d
Author: Stefano Brivio <sbrivio>
Date:   Thu Jan 30 01:16:32 2020 +0100

    include: resync nf_tables.h cache copy
    
    Get this header in sync with nf-next as of merge commit
    b3a608222336 (5.6-rc1-ish).
    
    Signed-off-by: Stefano Brivio <sbrivio>
    Signed-off-by: Pablo Neira Ayuso <pablo>

commit 7cd41b5387acf84088e9299a796f7c2c72339a1a
Author: Stefano Brivio <sbrivio>
Date:   Thu Jan 30 01:16:33 2020 +0100

    set: Add support for NFTA_SET_DESC_CONCAT attributes
    
    If NFTNL_SET_DESC_CONCAT data is passed, pass that to the kernel
    as NFTA_SET_DESC_CONCAT attributes: it describes the length of
    single concatenated fields, in bytes.
    
    Similarly, parse NFTA_SET_DESC_CONCAT attributes if received
    from the kernel.
    
    This is the libnftnl counterpart for nftables patch:
      src: Add support for NFTNL_SET_DESC_CONCAT
    
    v4:
     - move NFTNL_SET_DESC_CONCAT to the end of enum nftnl_set_attr
       to avoid ABI breakage (Pablo Neira Ayuso)
    v3:
     - use NFTNL_SET_DESC_CONCAT and NFTA_SET_DESC_CONCAT instead of a
       stand-alone NFTA_SET_SUBKEY attribute (Pablo Neira Ayuso)
     - pass field length in bytes instead of bits, fields would get
       unnecessarily big otherwise
    v2:
     - fixed grammar in commit message
     - removed copy of array bytes in nftnl_set_nlmsg_build_subkey_payload(),
       we're simply passing values to htonl() (Phil Sutter)
    
    Signed-off-by: Stefano Brivio <sbrivio>
    Signed-off-by: Pablo Neira Ayuso <pablo>

commit 04cc28d8d6923ea66b08ae9a74d81d8b6ac5b2d7
Author: Stefano Brivio <sbrivio>
Date:   Thu Jan 30 01:16:34 2020 +0100

    set_elem: Introduce support for NFTNL_SET_ELEM_KEY_END
    
    The new set element attribute maps to the netlink attribute
    NFTA_SET_ELEM_KEY_END in the same way as NFTNL_SET_ELEM_KEY
    maps to NFTA_SET_ELEM_KEY, and represents the key data used
    to express the upper bound of a range, in concatenations.
    
    Suggested-by: Pablo Neira Ayuso <pablo>
    Signed-off-by: Stefano Brivio <sbrivio>
    Signed-off-by: Pablo Neira Ayuso <pablo>
Comment 10 errata-xmlrpc 2020-04-28 16:06:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:1763