<html>
<head>
<base href="https://bugzilla.netfilter.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - When rule with 3 concat elements are added, nft list shows only 2"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1396#c1">Comment # 1</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - When rule with 3 concat elements are added, nft list shows only 2"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1396">bug 1396</a>
from <span class="vcard"><a class="email" href="mailto:pablo@netfilter.org" title="Pablo Neira Ayuso <pablo@netfilter.org>"> <span class="fn">Pablo Neira Ayuso</span></a>
</span></b>
<pre>(In reply to Serguei Bezverkhi from <a href="show_bug.cgi?id=1396#c0">comment #0</a>)
<span class="quote">> table ip ipv4table {
> map cluster-ip-services-set {
> type inet_proto . ipv4_addr . inet_service : verdict
> }
>
>
> chain k8s-nat-mark-masq {
> ip protocol . ip daddr vmap @cluster-ip-services-set</span >
Not correct.
ip protocol . ip daddr . th dport vmap @cluster-ip-services-set
or
ip protocol . ip daddr . th dport vmap @cluster-ip-services-set
<span class="quote">> }
>
> chain k8s-nat-do-mark-masq {
> meta mark set 0x00004000 return
> }
> }</span >
/home/sparky/x.nft:7:37-60: Error: datatype mismatch, map expects concatenation
of (Internet protocol, IPv4 address, internet network service), mapping
expression has type concatenation of (Internet protocol, IPv4 address)
ip protocol . ip daddr vmap @cluster-ip-services-set
~~~~~~~~~~~~~~~~~~~~~~ ^^^^^^^^^^^^^^^^^^^^^^^^
<span class="quote">> the command to add rule to k8s-nat-mark-masq chain is:
>
> sudo nft add rule ipv4table k8s-nat-mark-masq ip protocol . ip daddr . th
> dport vmap @cluster-ip-services-set
>
> It does not fail but sudo nft list table ipv4table shows incorrect rule.
>
> nft -version
> nftables v0.9.3 (Topsy)
>
>
> Debug output:
> ip ipv4table k8s-nat-mark-masq
> [ payload load 1b @ network header + 9 => reg 1 ]
> [ payload load 4b @ network header + 16 => reg 9 ]
> [ payload load 2b @ transport header + 2 => reg 10 ]
> [ lookup reg 1 set cluster-ip-services-set dreg 0 ]
>
> ---------------- ------------------
> | 0000000020 | | message length |
> | 00016 | R--- | | type | flags |
> | 0000000000 | | sequence number|
> | 0000000000 | | port ID |
> ---------------- ------------------
> | 00 00 0a 00 | | extra header |
> ---------------- ------------------
> ---------------- ------------------
> | 0000000292 | | message length |
> | 02566 | R--- | | type | flags |
> | 0000000001 | | sequence number|
> | 0000000000 | | port ID |
> ---------------- ------------------
> | 02 00 00 00 | | extra header |
> |00014|--|00001| |len |flags| type|
> | 69 70 76 34 | | data | i p v 4
> | 74 61 62 6c | | data | t a b l
> | 65 00 00 00 | | data | e
> |00022|--|00002| |len |flags| type|
> | 6b 38 73 2d | | data | k 8 s -
> | 6e 61 74 2d | | data | n a t -
> | 6d 61 72 6b | | data | m a r k
> | 2d 6d 61 73 | | data | - m a s
> | 71 00 00 00 | | data | q
> |00232|N-|00004| |len |flags| type|
> |00052|N-|00001| |len |flags| type|
> |00012|--|00001| |len |flags| type|
> | 70 61 79 6c | | data | p a y l
> | 6f 61 64 00 | | data | o a d
> |00036|N-|00002| |len |flags| type|
> |00008|--|00001| |len |flags| type|
> | 00 00 00 01 | | data |
> |00008|--|00002| |len |flags| type|
> | 00 00 00 01 | | data |
> |00008|--|00003| |len |flags| type|
> | 00 00 00 09 | | data |
> |00008|--|00004| |len |flags| type|
> | 00 00 00 01 | | data |
> |00052|N-|00001| |len |flags| type|
> |00012|--|00001| |len |flags| type|
> | 70 61 79 6c | | data | p a y l
> | 6f 61 64 00 | | data | o a d
> |00036|N-|00002| |len |flags| type|
> |00008|--|00001| |len |flags| type|
> | 00 00 00 09 | | data |
> |00008|--|00002| |len |flags| type|
> | 00 00 00 01 | | data |
> |00008|--|00003| |len |flags| type|
> | 00 00 00 10 | | data |
> |00008|--|00004| |len |flags| type|
> | 00 00 00 04 | | data |
> |00052|N-|00001| |len |flags| type|
> |00012|--|00001| |len |flags| type|
> | 70 61 79 6c | | data | p a y l
> | 6f 61 64 00 | | data | o a d
> |00036|N-|00002| |len |flags| type|
> |00008|--|00001| |len |flags| type|
> | 00 00 00 0a | | data |
> |00008|--|00002| |len |flags| type|
> | 00 00 00 02 | | data |
> |00008|--|00003| |len |flags| type|
> | 00 00 00 02 | | data |
> |00008|--|00004| |len |flags| type|
> | 00 00 00 02 | | data |
> |00072|N-|00001| |len |flags| type|
> |00011|--|00001| |len |flags| type|
> | 6c 6f 6f 6b | | data | l o o k
> | 75 70 00 00 | | data | u p
> |00056|N-|00002| |len |flags| type|
> |00008|--|00002| |len |flags| type|
> | 00 00 00 01 | | data |
> |00008|--|00003| |len |flags| type|
> | 00 00 00 00 | | data |
> |00028|--|00001| |len |flags| type|
> | 63 6c 75 73 | | data | c l u s
> | 74 65 72 2d | | data | t e r -
> | 69 70 2d 73 | | data | i p - s
> | 65 72 76 69 | | data | e r v i
> | 63 65 73 2d | | data | c e s -
> | 73 65 74 00 | | data | s e t
> |00008|--|00004| |len |flags| type|
> | 00 00 00 01 | | data |
> ---------------- ------------------
> ---------------- ------------------
> | 0000000020 | | message length |
> | 00017 | R--- | | type | flags |
> | 0000000002 | | sequence number|
> | 0000000000 | | port ID |
> ---------------- ------------------
> | 00 00 0a 00 | | extra header |
> ---------------- ------------------</span ></pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>