-
Notifications
You must be signed in to change notification settings - Fork 139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set with key type nftables.TypeIFName not working #177
Comments
Hi @rdmcguire, I have checked your issue and it seems that there is a bug in the set marshaling logic in the nftables go lib. If we observe the messages sent by the
and compare it with the
You immediately see that the Digging into nftables source code shows that user data is always loaded with at least one TLV structure: https://git.netfilter.org/nftables/tree/src/mnl.c?id=187c6d01d35722618c2711bbc49262c286472c8f#n1165. The one that is loaded by default contains The description matches the udata structure we see in the message sent by the
Currently, in nftables go lib, setting set user data is done only in certain cases: Line 542 in ec1e802
I managed to work around your first issue by adding an else to the existing if that loads user data (#180):
This fixes the first part of the problem. The second part of your issue started working for me when I have aligned the "wg1" string in the code to a 16 byte value:
My guess is that this is because the IFName type has the key length type set to 16 when marshaling data to nftables. Remember this one from above?
|
Just for closure, it took me a while to realize that the Set byte order has to be defined to work func ifname(n string) []byte {
b := make([]byte, 16)
copy(b, []byte(n+"\x00"))
return b
}
....
devices := []string{"dummy0"}
devicesSet := &nftables.Set{
Table: table,
Name: "test-set",
KeyType: nftables.TypeIFName,
KeyByteOrder: binaryutil.NativeEndian,
}
elements := []nftables.SetElement{}
for _, dev := range devices {
elements = append(elements, nftables.SetElement{
Key: ifname(dev),
})
}
if err := nft.AddSet(devicesSet, elements); err != nil {
t.Errorf("failed to add Set %s : %v", devicesSet.Name, err)
}
... |
Creating a set with Type: nftables.TypeIFName seems to work, but the set acts strangely.
Sample code for set:
I also created a set called "manual_set" manually, and they both list:
nftables pkg set and nft cli set
I then added an element into each set using nft cli and they both seem to succeed, however the set created by this package shows empty elements.
Added Elements
Additionally, trying to add an element through this package fails for either table, though I do wonder if I've missed something in my code:
Attempt to add set element to both tables
Running returns error: "conn.Receive: netlink receive: invalid argument"
I've tried a few different key types and have only had success with TypeFamilyIPv4.
The text was updated successfully, but these errors were encountered: