[Bug 901] New: Can not add a rule with a 'hdrlength' value as IPv4 header expression

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Mon Feb 10 14:12:40 CET 2014 

https://bugzilla.netfilter.org/show_bug.cgi?id=901

           Summary: Can not add a rule with a 'hdrlength' value as IPv4
                    header expression
           Product: nftables
           Version: unspecified
          Platform: x86_64
        OS/Version: Debian GNU/Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: nft
        AssignedTo: pablo at netfilter.org
        ReportedBy: anarey.spam at gmail.com
   Estimated Hours: 0.0


The error message shows the range of possible values for this option, but It
not possible assign these values.

There is a reproduction of this bug here:

$ sudo nft add table ip test1
$ sudo nft add chain ip test1 filter {type filter hook input priority 0 \; }
$ sudo nft list table ip test1
table ip test1 {
    chain filter {
         type filter hook input priority 0;
    }
}
$ sudo nft add rule ip test1 filter ip hdrlength 15
<cmdline>:1:1-39: Error: Could not process rule: Invalid argument
add rule ip test filter ip hdrlength 15
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
$ sudo nft add rule ip test1 filter ip hdrlength 16
<cmdline>:1:38-39: Error: Value 16 exceeds valid range 0-15
add rule ip test filter ip hdrlength 16
                                     ^^

$ sudo nft add rule ip test1 filter ip hdrlength 222
<cmdline>:1:38-40: Error: Value 222 exceeds valid range 0-15
add rule ip test filter ip hdrlength 222
                                     ^^^
$ sudo nft add rule ip test1 filter ip hdrlength 14
<cmdline>:1:1-39: Error: Could not process rule: Invalid argument
add rule ip test filter ip hdrlength 14
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
$ sudo nft add rule ip test1 filter ip hdrlength 5
<cmdline>:1:1-38: Error: Could not process rule: Invalid argument
add rule ip test filter ip hdrlength 5
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

I can always reproduce this bug.

The last commit in libmnl repo is "090a842 examples: use mnl_socket_setsockopt"
The last commit in libnftnl repo is "076fd1e include: add cached copy of
linux/kernel.h"
The last commit in nftables repo is 35f689e mnl: fix inclusion of last rule in
batch page

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the netfilter-buglog mailing list