RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1795223 - [RFE] libnftnl: Support for nftables sets with concatenated ranges
Summary: [RFE] libnftnl: Support for nftables sets with concatenated ranges
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: libnftnl
Version: 8.1
Hardware: All
OS: Linux
high
medium
Target Milestone: rc
: 8.2
Assignee: Phil Sutter
QA Contact: Tomas Dolezal
URL:
Whiteboard:
Depends On: 1593711
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-01-27 13:28 UTC by Stefano Brivio
Modified: 2022-05-02 03:07 UTC (History)
5 users (show)

Fixed In Version: libnftnl-1.1.5-3.el8
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-04-28 16:06:56 UTC
Type: Feature Request
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-33626 0 None None None 2022-05-02 03:07:53 UTC
Red Hat Product Errata RHEA-2020:1763 0 None None None 2020-04-28 16:08:22 UTC

Description Stefano Brivio 2020-01-27 13:28:45 UTC 
Support for nftables sets with concatenated ranges needs two patches in
libnftnl, submitted upstream, not merged yet:

  http://patchwork.ozlabs.org/patch/1225484/
  http://patchwork.ozlabs.org/patch/1225485/

the kernel counterpart is covered by bz1593711 -- kernel patches are
upstream now.

I'm requesting exception status for this ticket as bz1593711, that
originally covered the userspace implementation, and I later used to
track the kernel feature (as it represented the bulk of this work), is
in the RPL for 8.2.
Comment 3 Phil Sutter 2020-02-10 14:19:48 UTC 
Upstream commits to backport:

commit 131a6c2fa4cccaa04a7b93b686f10f5ba6f11b3d
Author: Stefano Brivio <sbrivio>
Date:   Thu Jan 30 01:16:32 2020 +0100

    include: resync nf_tables.h cache copy
    
    Get this header in sync with nf-next as of merge commit
    b3a608222336 (5.6-rc1-ish).
    
    Signed-off-by: Stefano Brivio <sbrivio>
    Signed-off-by: Pablo Neira Ayuso <pablo>

commit 7cd41b5387acf84088e9299a796f7c2c72339a1a
Author: Stefano Brivio <sbrivio>
Date:   Thu Jan 30 01:16:33 2020 +0100

    set: Add support for NFTA_SET_DESC_CONCAT attributes
    
    If NFTNL_SET_DESC_CONCAT data is passed, pass that to the kernel
    as NFTA_SET_DESC_CONCAT attributes: it describes the length of
    single concatenated fields, in bytes.
    
    Similarly, parse NFTA_SET_DESC_CONCAT attributes if received
    from the kernel.
    
    This is the libnftnl counterpart for nftables patch:
      src: Add support for NFTNL_SET_DESC_CONCAT
    
    v4:
     - move NFTNL_SET_DESC_CONCAT to the end of enum nftnl_set_attr
       to avoid ABI breakage (Pablo Neira Ayuso)
    v3:
     - use NFTNL_SET_DESC_CONCAT and NFTA_SET_DESC_CONCAT instead of a
       stand-alone NFTA_SET_SUBKEY attribute (Pablo Neira Ayuso)
     - pass field length in bytes instead of bits, fields would get
       unnecessarily big otherwise
    v2:
     - fixed grammar in commit message
     - removed copy of array bytes in nftnl_set_nlmsg_build_subkey_payload(),
       we're simply passing values to htonl() (Phil Sutter)
    
    Signed-off-by: Stefano Brivio <sbrivio>
    Signed-off-by: Pablo Neira Ayuso <pablo>

commit 04cc28d8d6923ea66b08ae9a74d81d8b6ac5b2d7
Author: Stefano Brivio <sbrivio>
Date:   Thu Jan 30 01:16:34 2020 +0100

    set_elem: Introduce support for NFTNL_SET_ELEM_KEY_END
    
    The new set element attribute maps to the netlink attribute
    NFTA_SET_ELEM_KEY_END in the same way as NFTNL_SET_ELEM_KEY
    maps to NFTA_SET_ELEM_KEY, and represents the key data used
    to express the upper bound of a range, in concatenations.
    
    Suggested-by: Pablo Neira Ayuso <pablo>
    Signed-off-by: Stefano Brivio <sbrivio>
    Signed-off-by: Pablo Neira Ayuso <pablo>
Comment 10 errata-xmlrpc 2020-04-28 16:06:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:1763
Note You need to log in before you can comment on or make changes to this bug.