<html>
<head>
<base href="https://bugzilla.netfilter.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - meta limits protocols when it shouldn't"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1238">1238</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>meta limits protocols when it shouldn't
</td>
</tr>
<tr>
<th>Product</th>
<td>nftables
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>x86_64
</td>
</tr>
<tr>
<th>OS</th>
<td>Fedora
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>minor
</td>
</tr>
<tr>
<th>Priority</th>
<td>P5
</td>
</tr>
<tr>
<th>Component</th>
<td>nft
</td>
</tr>
<tr>
<th>Assignee</th>
<td>pablo@netfilter.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>ian.kumlien@gmail.com
</td>
</tr></table>
<p>
<div>
<pre>Reading about the raw payload, which has the examples:
inet filter input meta l4proto {tcp, udp} @th,16,16 { dns, http }
and
input meta iifname enp2s0 arp ptype 0x0800 arp htype 1 arp hlen 6 arp plen 4
@nh,192,32 0xc0a88f10 @nh,144,48 set 0x112233445566 accept
Makes you think that something like:
meta l4proto udp @th,64,4 0x0 @th,16,16 set 5301 accept
should work for detecting a dns query
It's a variant of:
-p udp -m udp --dport 53 -m u32 --u32 0x0>>0x16&0x3c@0x8&0xf8=0x0 -j REDIRECT
--to-ports 5301
Which I agree is a very, very special example but i DIDN'T expect this:
/etc/rc.nft:52:34-41: Error: conflicting protocols specified: udp vs. unknown
meta l4proto udp @th,64,4 0x0 accept
^^^^^^^^
This aspect of nft is not really well documented you could say but...</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>