[Bug 1073] inet-service vs icmp conflict
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Thu Jun 9 14:11:34 CEST 2016
https://bugzilla.netfilter.org/show_bug.cgi?id=1073
Arturo Borrero Gonzalez <arturo.borrero.glez at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |arturo.borrero.glez at gmail.c
| |om
--- Comment #1 from Arturo Borrero Gonzalez <arturo.borrero.glez at gmail.com> ---
The bug is present in even a more obvious way:
% nft add rule inet t c ip6 nexthdr icmpv6 icmpv6 type nd-neighbor-solicit
--debug=netlink
inet t c
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ payload load 1b @ network header + 6 => reg 1 ]
[ cmp eq reg 1 0x0000003a ]
[ payload load 1b @ transport header + 0 => reg 1 ]
[ cmp eq reg 1 0x00000087 ]
However:
% nft list ruleset --debug=netlink
inet t c 14
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x0000000a ]
[ payload load 1b @ network header + 6 => reg 1 ]
[ cmp eq reg 1 0x0000003a ]
[ payload load 1b @ transport header + 0 => reg 1 ]
[ cmp eq reg 1 0x00000087 ]
table inet t {
chain c {
icmpv6 type nd-neighbor-solicit
}
}
% nft add rule inet t c icmpv6 type nd-neighbor-solicit
<cmdline>:1:19-29: Error: conflicting protocols specified: inet-service vs.
icmpv6
add rule inet t c icmpv6 type nd-neighbor-solicit
^^^^^^^^^^^
The rule produced by listing can't be added again
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160609/4723c720/attachment.html>
More information about the netfilter-buglog
mailing list