<html>
<head>
<base href="https://bugzilla.netfilter.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - meta pkttype incompatible? with ingress"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1280">1280</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>meta pkttype incompatible? with ingress
</td>
</tr>
<tr>
<th>Product</th>
<td>nftables
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>x86_64
</td>
</tr>
<tr>
<th>OS</th>
<td>other
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>major
</td>
</tr>
<tr>
<th>Priority</th>
<td>P5
</td>
</tr>
<tr>
<th>Component</th>
<td>nft
</td>
</tr>
<tr>
<th>Assignee</th>
<td>pablo@netfilter.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>netfilter@d9c.eu
</td>
</tr></table>
<p>
<div>
<pre>OS: 4.18.8-arch1-1-ARCH (Archlinux) with statically defined IPv4/IPv6 addresses
and nftables 0.9.0 (problem also occurs with kernel 4.14.70)
#!/usr/bin/nft -f
flush ruleset
table netdev ethernet {
chain etherfilter {
type filter hook ingress device eth0 priority 0; policy accept;
pkttype broadcast counter drop
}
}
When using the above ruleset, after some time (10 Minutes - 2 hours, seems to
be depending on the background noise like http traffic, ssh brute force
attempts, etc.), the system becomes unresponsive for IPv4 traffic (IPv6 still
works fine) as if everything is getting dropped.
Placing this rule to a "hook prerouting" does not have these problems.
I am completly in the dark regarding the reason for this, especially since it
is working at first sight.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>