[Bug 1781] New: Optimisation fails for raw payload expressions in a valid ruleset
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Tue Nov 19 23:12:34 CET 2024
https://bugzilla.netfilter.org/show_bug.cgi?id=1781
Bug ID: 1781
Summary: Optimisation fails for raw payload expressions in a
valid ruleset
Product: nftables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: kfm at plushkava.net
Consider the following ruleset.
table ip raw {
chain PREROUTING {
type filter hook prerouting priority raw; policy accept;
@th,160,32 0x02736c00 drop comment "sl"
@th,160,112 0x870697a7a6173656f03636f6d00 drop comment
"pizzaseo.com"
}
}
Despite being valid, it fails to compile with the -o flag.
Merging:
/dev/stdin:4:3-36: @th,160,32 0x02736c00 counter drop comment "sl"
/dev/stdin:5:3-56: @th,160,112 0x870697a7a6173656f03636f6d00
counter drop comment "pizzaseo.com"
into:
@th,160,32 { 41118720, 0x870697a7a6173656f03636f6d00 } counter drop
/dev/stdin:5:15-43: Error: Value 171165475023718563678624244788480 exceeds
valid range 0-4294967295
@th,160,112 0x870697a7a6173656f03636f6d00 counter drop comment
"pizzaseo.com"
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20241119/866b8124/attachment.html>
More information about the netfilter-buglog
mailing list