[Bug 1338] New: Can't add IPv6 concatenation rule
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Mon May 20 20:25:51 CEST 2019
https://bugzilla.netfilter.org/show_bug.cgi?id=1338
Bug ID: 1338
Summary: Can't add IPv6 concatenation rule
Product: netfilter/iptables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5
Component: nfnetlink_queue
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: abrian at netapp.com
Attempting to add an ip6 address in a concatenation fails:
nft add rule inet filter input ip6 saddr . udp dport
fd20:332:332:0:250:56ff:fe87:f635 . 1662 counter accept
<cmdline>:1:1-112: Error: Could not process rule: Value too large for defined
data type
add rule inet filter input ip6 saddr . udp dport
fd20:332:332:0:250:56ff:fe87:f635 . 1662 counter accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If I replace ip6 with ip and use an IPv4 address, it works. If I remove the
concatenation and just add an ip6 saddr rule, it works.
I'm using debian 9 (stretch):
ii libnfnetlink0:amd64 1.0.1-3 amd64 Netfilter netlink library
Linux node2 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2+ntap11 (2019-05-01) x86_64
GNU/Linux
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190520/444fb440/attachment.html>
More information about the netfilter-buglog
mailing list