[Bug 902] New: Can not add a rule with a 'version' value as IPv4 header expression

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Mon Feb 10 14:14:44 CET 2014


https://bugzilla.netfilter.org/show_bug.cgi?id=902

           Summary: Can not add a rule with a 'version' value as IPv4
                    header expression
           Product: nftables
           Version: unspecified
          Platform: x86_64
        OS/Version: Debian GNU/Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: nft
        AssignedTo: pablo at netfilter.org
        ReportedBy: anarey.spam at gmail.com
   Estimated Hours: 0.0


The error message shows the range of possible values for this option, but It
not possible assign these values. Then, It shows others meaningless errors 

There is a reproduction of this bug here:

$ sudo nft list table ip test1 
table ip test1 {
    chain filter {
         type filter hook input priority 0;
    }
}

$ sudo nft add rule ip test1 filter ip version 4
<cmdline>:1:1-37: Error: Could not process rule: Invalid argument
add rule ip test1 filter ip version 4
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
$ sudo nft add rule ip test1 filter ip version 6
<cmdline>:1:1-37: Error: Could not process rule: Invalid argument
add rule ip test1 filter ip version 6
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
$ sudo nft add rule ip test1 filter ip version 16
<cmdline>:1:37-38: Error: Value 16 exceeds valid range 0-15
add rule ip test1 filter ip version 16
                                    ^^
$ sudo nft add rule ip test1 filter ip version 17
<cmdline>:1:37-38: Error: Value 17 exceeds valid range 0-15
add rule ip test1 filter ip version 17
                                    ^^
$ sudo nft add rule ip test1 filter ip version ip
<cmdline>:1:37-38: Error: Value 2048 exceeds valid range 0-15
add rule ip test1 filter ip version ip
                                    ^^
$ sudo nft add rule ip test1 filter ip version ip 44
<cmdline>:1:42-42: Error: syntax error, unexpected end of file
add rule ip test1 filter ip version ip 44
                                         ^

I can always reproduce this bug.

The last commit in libmnl repo is "090a842 examples: use mnl_socket_setsockopt"
The last commit in libnftnl repo is "076fd1e include: add cached copy of
linux/kernel.h"
The last commit in nftables repo is 35f689e mnl: fix inclusion of last rule in
batch page

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.



More information about the netfilter-buglog mailing list