<html>
<head>
<base href="https://bugzilla.netfilter.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Impossible to copy ct mark into a packet"
href="https://bugzilla.netfilter.org/show_bug.cgi?id=1755">1755</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Impossible to copy ct mark into a packet
</td>
</tr>
<tr>
<th>Product</th>
<td>netfilter/iptables
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P5
</td>
</tr>
<tr>
<th>Component</th>
<td>unknown
</td>
</tr>
<tr>
<th>Assignee</th>
<td>netfilter-buglog@lists.netfilter.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>aksecurity@gmail.com
</td>
</tr></table>
<p>
<div>
<pre>I noticed that while I can write payload data into ct mark (and into meta
mark), I cannot copy data from ct mark (and meta mark) into the packet. NFT
complains about mismatching types (expecting integer, but ct mark is "packet
mark" type). But this type mismatch doesn't happen when writing from the packet
to ct mark...
MWE (BTW this is an NFT command line compiled today from git, but it reports
the standard 1.0.9 version - is this on purpose?)
MWE>nft -V
nftables v1.0.9 (Old Doc Yak #3)
cli: editline
json: no
minigmp: no
libxtables: no
MWE>nft add table inet foo
MWE>nft 'add chain inet foo bar { type filter hook output priority 0; }'
MWE>nft 'add rule inet foo bar udp dport 1234 @ih,0,32 set ct mark'
Error: datatype mismatch: expected integer, expression has type packet mark
add rule inet foo bar udp dport 1234 @ih,0,32 set ct mark
~~~~~~~~~~~~~^^^^^^^
MWE>
The requested bug fix is to be able to write ct mark into the packet.
Thanks,
-Amit</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are watching all bug changes.</li>
</ul>
</body>
</html>