[Bug 1142] New: invalid binop operation 6nft
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Sun Apr 2 21:32:31 CEST 2017
https://bugzilla.netfilter.org/show_bug.cgi?id=1142
Bug ID: 1142
Summary: invalid binop operation 6nft
Product: nftables
Version: unspecified
Hardware: x86_64
OS: other
Status: NEW
Severity: major
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: netfilter at d9c.eu
Consider the following table:
table inet filter {
set allowable {
type ipv6_addr
flags timeout
}
chain input {
type filter hook input priority 0; policy accept;
tcp dport telnet set update ip6 saddr & ffff:ffff:ffff:ffff::
timeout 2m @allowable
}
}
# nft "add rule inet filter input ip6 saddr & ffff:ffff:ffff:ffff:: @allowable
counter"
BUG: invalid binop operation 6nft: evaluate.c:1418: binop_transfer: Assertion
`0' failed.
# nft add element inet filter allowable { 1:1:1:1:: timeout 1h }
# nft "add rule inet filter input ip6 saddr & ffff:ffff:ffff:ffff:: @allowable
counter"
works!
new ruleset works but is invalid:
table inet filter {
set allowable {
type ipv6_addr
flags timeout
elements = { 1:1:1:1:: timeout 1h expires 57m23s}
}
chain input {
type filter hook input priority 0; policy accept;
tcp dport telnet set update ip6 saddr & ffff:ffff:ffff:ffff::
timeout 2m @allowable
ip6 saddr @allowable/64 counter packets 3 bytes 212
}
}
--> Error: Could not process rule: Set 'allowable/64' does not exist
What i basically want to do is a dynamically updating set for ipv6 that
operates on /64 subnets.
Using nftables 0.7 on Archlinux x64 kernel 4.10.5
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170402/842c5b8a/attachment.html>
More information about the netfilter-buglog
mailing list