[Bug 1755] New: Impossible to copy ct mark into a packet

[bugzilla-daemon at netfilter.org]

https://bugzilla.netfilter.org/show_bug.cgi?id=1755

            Bug ID: 1755
           Summary: Impossible to copy ct mark into a packet
           Product: netfilter/iptables
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: unknown
          Assignee: netfilter-buglog at lists.netfilter.org
          Reporter: aksecurity at gmail.com

I noticed that while I can write payload data into ct mark (and into meta
mark), I cannot copy data from ct mark (and meta mark) into the packet. NFT
complains about mismatching types (expecting integer, but ct mark is "packet
mark" type). But this type mismatch doesn't happen when writing from the packet
to ct mark...

MWE (BTW this is an NFT command line compiled today from git, but it reports
the standard 1.0.9 version - is this on purpose?)

MWE>nft -V
nftables v1.0.9 (Old Doc Yak #3)
  cli: editline
  json: no
  minigmp: no
  libxtables: no
MWE>nft add table inet foo
MWE>nft 'add chain inet foo bar { type filter hook output priority 0; }'
MWE>nft 'add rule inet foo bar udp dport 1234 @ih,0,32 set ct mark'
Error: datatype mismatch: expected integer, expression has type packet mark
add rule inet foo bar udp dport 1234 @ih,0,32 set ct mark
                                     ~~~~~~~~~~~~~^^^^^^^
MWE>

The requested bug fix is to be able to write ct mark into the packet.

Thanks,
-Amit

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240623/a9e8d6b4/attachment.html>