[Bug 1405] New: Possible a bug in n libnftables deserializer. [invalid type]

Tue Feb 4 23:14:34 CET 2020

https://bugzilla.netfilter.org/show_bug.cgi?id=1405

            Bug ID: 1405
           Summary: Possible a bug in n libnftables deserializer. [invalid
                    type]
           Product: libnftnl
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: critical
          Priority: P5
         Component: libnftnl
          Assignee: pablo at netfilter.org
          Reporter: sbezverk at cisco.com

When I add update rule for a map, nft command does not fail but shows [invalid
type]

table ip kube-nfproxy-v4 {
    map sticky-set-svc-M53CN2XYVUHRQ7UB {
        type ipv4_addr : integer
        size 65535
        timeout 6m
    }

    chain k8s-nfproxy-sep-TMVEFT7EX55F4T62 {
        update @sticky-set-svc-M53CN2XYVUHRQ7UB { ip saddr : 0x2 [invalid type]
}
    }
}

Here is the command I use to add update rule:
sudo nft add rule kube-nfproxy-v4 k8s-nfproxy-sep-TMVEFT7EX55F4T62 update
@sticky-set-svc-M53CN2XYVUHRQ7UB { ip saddr timeout 30s : 2 }

I tried to use Mark instead of integer for Key/Value of the set, same result
with invalid value.

I am running Ubuntu 19.10, with kernel: 5.4.15-050415-generic

nft --version
nftables v0.9.3 (Topsy)

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200204/72c76ae7/attachment.html>