Why does nftables fails to process commands in json format ?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux (RHEL)
  • nftables-0.9.3-18 or lower version
  • python3-nftables-0.9.3-18 or lower version
  • python3-jsonschema-2.6.0-4

Issue

  • After running the custom script Its should print meaningful error message, but it calls the abort first.
  • Python3-nftables fails to process commands in json format as below:
#python3 nft-load-example-ruleset.py

INFO: running json cmd: {'nftables': [{'flush': {'ruleset': None}}, {'add': {'table': {'family': 'inet', 'name': 'mytable'}}}, {'add': {'chain': {'family': 'inet', 'table': 'mytable', 'chain': 'mychain'}}}, {'add': {'rule': {'family': 'inet', 'table': 'mytable', 'chain': 'mychain', 'expr': [{'match': {'left': {'payload': {'protocol': 'tcp', 'field': 'dport'}}, 'right': 22}}, {'accept': None}]}}}]}
BUG: invalid input descriptor type 751524320
python3: erec.c:117: erec_print: Assertion `0' failed.
Aborted (core dumped)

Resolution

This was a bug and got Resolved after updating to nftables-0.9.3-25 or higher version.

How to Update the Package yum update command

Diagnostic Steps

Custom Script
https://github.com/aborrero/python-nftables-tutorial/blob/main/nft-load-example-ruleset.py

nftables-0.9.3-18: Getting Same abort message instead of error:


# ./test_nft.py 
test = {'nftables': [{'add': {'rule': {'family': 'ip', 'table': 'filter', 'chain': 'input', 'comment': 'complex rule', 'expr': [{'match': {'left': {'payload': {'protocol': 'tcp', 'field': 'dport'}}, 'right': 22}}, {'accept': None}]}}}]}
Successfully passed json_validate(), going to perform json_cmd()
BUG: invalid input descriptor type 3590277904
python3: erec.c:117: erec_print: Assertion `0' failed.  
Aborted (core dumped)                               <<------
#

Getting the same abort message with old version nftables-0.9.3-16 and New version nftables-0.9.3-21

# ./test_nft.py 
test = {'nftables': [{'add': {'rule': {'family': 'ip', 'table': 'filter', 'chain': 'input', 'comment': 'complex rule', 'expr': [{'match': {'left': {'payload': {'protocol': 'tcp', 'field': 'dport'}}, 'right': 22}}, {'accept': None}]}}}]}
Successfully passed json_validate(), going to perform json_cmd()
BUG: invalid input descriptor type 3590277904
python3: erec.c:117: erec_print: Assertion `0' failed.
Aborted (core dumped)                               <<------
#

While executing the script getting Error log in /var/log/messages.

Jun 27 17:45:49 mgmt05 systemd-coredump[4627]: Process 4625 (test_nft.py) of user 0 dumped core.#012#012Stack trace of thread 4625:#012#0  0x00007f8ea3b5637f raise (libc.so.6)#012#1  0x00007f8ea3b40db5 abort (libc.so.6)#012#2  0x00007f8ea3b40c89 __assert_fail_base.cold.0 (libc.so.6)#012#3  0x00007f8ea3b4ea76 __assert_fail (libc.so.6)#012#4  0x00007f8ea28978fb erec_print (libnftables.so.1.0.0)#012#5  0x00007f8ea2897969 erec_print_list (libnftables.so.1.0.0)#012#6  0x00007f8ea289d3cc nft_run_cmd_from_buffer (libnftables.so.1.0.0)#012#7  0x00007f8ea2d1409e ffi_call_unix64 (libffi.so.6)#012#8  0x00007f8ea2d13a4f ffi_call (libffi.so.6)#012#9  0x00007f8ea2f26947 _ctypes_callproc.cold.53 (_ctypes.cpython-36m-x86_64-linux-gnu.so)#012#10 0x00007f8ea2f2afd9 PyCFuncPtr_call (_ctypes.cpython-36m-x86_64-linux-gnu.so)#012#11 0x00007f8ea4a2aedb _PyObject_FastCallKeywords (libpython3.6m.so.1.0)#012#12 0x00007f8ea4a2b8a6 call_function (libpython3.6m.so.1.0)#012#13 0x00007f8ea4a2c3a8 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#14 0x00007f8ea4a08498 fast_function (libpython3.6m.so.1.0)#012#15 0x00007f8ea4a2b767 call_function (libpython3.6m.so.1.0)#012#16 0x00007f8ea4a2c3a8 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#17 0x00007f8ea4a08498 fast_function (libpython3.6m.so.1.0)#012#18 0x00007f8ea4a2b767 call_function (libpython3.6m.so.1.0)#012#19 0x00007f8ea4a2c3a8 _PyEval_EvalFrameDefault (libpython3.6m.so.1.0)#012#20 0x00007f8ea4987a74 _PyEval_EvalCodeWithName (libpython3.6m.so.1.0)#012#21 0x00007f8ea4988e13 PyEval_EvalCode (libpython3.6m.so.1.0)#012#22 0x00007f8ea4a97c72 run_mod (libpython3.6m.so.1.0)#012#23 0x00007f8ea496838d PyRun_FileExFlags (libpython3.6m.so.1.0)#012#24 0x00007f8ea496d4be PyRun_SimpleFileExFlags (libpython3.6m.so.1.0)#012#25 0x00007f8ea496de0d Py_Main.cold.3363 (libpython3.6m.so.1.0)#012#26 0x0000555f58b01b96 main (platform-python3.6)#012#27 0x00007f8ea3b42493 __libc_start_main (libc.so.6)#012#28 0x0000555f58b01d1e _start (platform-python3.6)

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments