[Bug 1219] New: nftables prints the routing header type rules incorrectly
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Tue Jan 30 11:17:13 CET 2018
https://bugzilla.netfilter.org/show_bug.cgi?id=1219
Bug ID: 1219
Summary: nftables prints the routing header type rules
incorrectly
Product: nftables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: amsalam20 at gmail.com
While I was using nftables to add rules to routing header type 0, I found that
nft list ruleset command prints them incorrectly.
The configuration I was using is shown bellow
nft add table ip6 filter
nft add chain ip6 filter input { type filter hook input priority 0\;}
nft add rule ip6 filter input rt0 addr [1]A::2
nft list ruleset
table ip6 filter {
chain input {
type filter hook input priority 0; policy accept;
hbh unknown 0xa0000000000000000000000000002 [invalid type]
}
}
I'm quite to nftables implementation, but after some walkthrough the code I
think the problem might be as follows:
- when we the struct exthdr_desc for rt0[1], we don't set the type value.
- Then allocation function (exthdr_expr_alloc) allocates an HBH header
template since the type value is 0.
Folks who are more familiar with nftables implementation may have a better
explanation so we can find a fix for the this BUG
[1]http://git.netfilter.org/nftables/tree/src/exthdr.c#n248
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180130/2edcae70/attachment.html>
More information about the netfilter-buglog
mailing list