[Bug 946] New: Cannot invert a protocol: ip protocol != tcp
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Wed May 28 20:13:43 CEST 2014
https://bugzilla.netfilter.org/show_bug.cgi?id=946
Summary: Cannot invert a protocol: ip protocol != tcp
Product: nftables
Version: unspecified
Platform: x86_64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
AssignedTo: pablo at netfilter.org
ReportedBy: anarey at gmail.com
Estimated Hours: 0.0
There is a problem when we invert a protocol:
* We add the following rule, and It does not show any error.
$ sudo nft add rule ip test input ip protocol != icmp
* We list the table test, and It shows this problem:
$ sudo nft -nn list table ip test
nft: src/payload.c:76: payload_expr_pctx_update: Assertion `expr->op == OP_EQ'
failed.
Also, we can reproduce it in the following cases:
- ah with nexthdr:
* We add the following rule, and It does not show any error.
$ sudo nft add rule ip test input ah nexthdr != esp
* We list the table test, It shows the following problem:
$ sudo nft -nn list table ip test
nft: src/payload.c:76: payload_expr_pctx_update: Assertion `expr->op == OP_EQ'
failed.
- comp nexthdr != esp
sudo nft add rule ip test input comp nexthdr != esp
sudo nft list table ip test
nft: src/payload.c:76: payload_expr_pctx_update: Assertion `expr->op == OP_EQ'
failed.
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the netfilter-buglog
mailing list