Bug 1898130
| Summary: | ebtables is unable to rename chains | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Daniel Berrangé <berrange> |
| Component: | iptables | Assignee: | Phil Sutter <psutter> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 33 | CC: | kevin, paelzer, psutter |
| Target Milestone: | --- | Keywords: | Regression |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | iptables-1.8.5-4.fc33 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-11-21 01:30:38 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Daniel Berrangé
2020-11-16 13:30:08 UTC
This breaks libvirt's nwfilter functionality, as we rely on ability to rename chains in order to update rules in a race free manner Fix sent upstream: https://lore.kernel.org/netfilter-devel/20201117105114.5083-1-phil@nwl.cc/ Upstream commit to backport:
commit 55b7c71dce7144f4dc0297c17abf0f04879ee247
Author: Phil Sutter <phil>
Date: Tue Nov 17 11:38:27 2020 +0100
ebtables: Fix for broken chain renaming
Loading extensions pollutes 'errno' value, hence before using it to
indicate failure it should be sanitized. This was done by the called
function before the parsing/netlink split and not migrated by accident.
Move it into calling code to clarify the connection.
Fixes: a7f1e208cdf9c ("nft: split parsing from netlink commands")
Signed-off-by: Phil Sutter <phil>
Thanks for the fix Phil! BTW (FYI) this also affects Ubuntu >=20.10 and Debian-unstable FEDORA-2020-d19868229b has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2020-d19868229b Hi Christian, (In reply to Christian Ehrhardt from comment #4) > BTW (FYI) this also affects Ubuntu >=20.10 and Debian-unstable The fix is upstream, backporting into Ubuntu and Debian is (luckily) not my job as well. FEDORA-2020-d19868229b has been pushed to the Fedora 33 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-d19868229b` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-d19868229b See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. (In reply to Phil Sutter from comment #6) > Hi Christian, > > (In reply to Christian Ehrhardt from comment #4) > > BTW (FYI) this also affects Ubuntu >=20.10 and Debian-unstable > > The fix is upstream, backporting into Ubuntu and Debian is (luckily) not my > job as well. Hehe, I was not implying that - it really was only an FYI for awareness. But I realized this is the Fedora bug while https://bugzilla.netfilter.org/show_bug.cgi?id=1481 would have been the better place to mention this. FEDORA-2020-d19868229b has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report. |