Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-112699

ebtables: Can't delete rules using among match

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • iptables-1.8.8-6.el9_2.3
    • None
    • ZStream
    • rhel-se-networking
    • 3
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • Regression Exception
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      A bug in the code prevents deletion of rules containing an among match: Internally, this match is implemented using an anonymous set. The delete command inadvertently tries to create this set again, which the kernel denies. Issue was fixed upstream:

      commit 4e95200ded923f0eb5579c33b91176193c59dbe0
Author: Pablo Neira Ayuso <pablo@netfilter.org>
Date:   Tue Jul 11 22:06:44 2023 +0200

    nft-bridge: pass context structure to ops->add() to improve anonymous set support
    
    Add context structure to improve bridge among support which creates an
    anonymous set. This context structure specifies the command and it
    allows to optionally store a anonymous set.
    
    Use this context to generate native bytecode only if this is an
    add/insert/replace command.
    
    This fixes a dangling anonymous set that is created on rule removal.
    
    Fixes: 26753888720d ("nft: bridge: Rudimental among extension support")
    Reported-and-tested-by: Igor Raits <igor@gooddata.com>
    Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

      The fix is part of version 1.8.10, so affects only rhel-9.3 and below.

              rhn-support-nyewale Nitin Yewale
              psutter@redhat.com Phil Sutter
              se-network management se-network management
              Arun Bansal Arun Bansal
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated: