<html>

    <head>

      <base href="https://bugzilla.netfilter.org/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - invalid binop operation 6nft"

   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1142">1142</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>invalid binop operation 6nft

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>nftables

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>unspecified

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>x86_64

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>other

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>major

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P5

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>nft

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>pablo@netfilter.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>netfilter@d9c.eu

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Consider the following table:

table inet filter {

        set allowable {

                type ipv6_addr

                flags timeout

        }

        chain input {

                type filter hook input priority 0; policy accept;

                tcp dport telnet set update ip6 saddr & ffff:ffff:ffff:ffff::

timeout 2m @allowable

        }

}

# nft "add rule inet filter input ip6 saddr & ffff:ffff:ffff:ffff:: @allowable

counter"

BUG: invalid binop operation 6nft: evaluate.c:1418: binop_transfer: Assertion

`0' failed.

# nft add element inet filter allowable { 1:1:1:1:: timeout 1h }

# nft "add rule inet filter input ip6 saddr & ffff:ffff:ffff:ffff:: @allowable

counter"

works!

new ruleset works but is invalid:

table inet filter {

        set allowable {

                type ipv6_addr

                flags timeout

                elements = { 1:1:1:1:: timeout 1h expires 57m23s}

        }

        chain input {

                type filter hook input priority 0; policy accept;

                tcp dport telnet set update ip6 saddr & ffff:ffff:ffff:ffff::

timeout 2m @allowable

                ip6 saddr @allowable/64 counter packets 3 bytes 212

        }

}

--> Error: Could not process rule: Set 'allowable/64' does not exist

What i basically want to do is a dynamically updating set for ipv6 that

operates on /64 subnets.

Using nftables 0.7 on Archlinux x64 kernel 4.10.5</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are watching all bug changes.</li>

      </ul>

    </body>

</html>