[Bug 1048] xt_bpf completely broken with kernel 4.3

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Thu Feb 18 11:52:30 CET 2016


https://bugzilla.netfilter.org/show_bug.cgi?id=1048

Daniel Borkmann <daniel at iogearbox.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |daniel at iogearbox.net

--- Comment #1 from Daniel Borkmann <daniel at iogearbox.net> ---
(In reply to blaffablaffa from comment #0)
> It appears that xt_bpf isn't functioning at all. For example:
> 
> iptables -A INPUT -p udp -m bpf --bytecode "`tcpdump -i lo -ddd udp | tr
> '\n' ,`" -j LOG
> 
> should log all UDP packets, but it logs none because -m bpf never matches.

You may want to check out nfbpf_compile and bpf_asm:

  * nfbpf_compile:
http://git.netfilter.org/iptables/commit/?id=1ac30c97c339957b6e3c5cf571de7bc38c827730

  * bpf_asm: kernel tree under tools/net/

On which interface is iptables running? Does RAW linktype work for you?

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160218/8bb7761b/attachment.html>


More information about the netfilter-buglog mailing list