[Bug 1775] New: RAW PAYLOAD EXPRESSION offset is limited to 2048
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Thu Sep 26 08:44:59 CEST 2024
https://bugzilla.netfilter.org/show_bug.cgi?id=1775
Bug ID: 1775
Summary: RAW PAYLOAD EXPRESSION offset is limited to 2048
Product: nftables
Version: 1.0.x
Hardware: All
OS: All
Status: NEW
Severity: critical
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: lev.shutov at gmail.com
RAW PAYLOAD EXPRESSION described here
https://manpages.debian.org/bookworm/nftables/nft.8.en.html#RAW_PAYLOAD_EXPRESSION
It has "offset" argument.
According to my tests it is limited to 2048.
--------------------------------------------------------------------------------
nft delete table raw-payload-test
nft add table raw-payload-test
nft add chain raw-payload-test input {type filter hook input priority filter\;}
nft add rule raw-payload-test input tcp dport 80 @ih,2047,8 1 log
nft add rule raw-payload-test input tcp dport 80 @ih,2048,8 2 log
--------------------------------------------------------------------------------
The 2nd rule throws error.
2048 bits is 256 bytes.
So RAW PAYLOAD EXPRESSION can be used only for the first 256 bytes of packet.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240926/b10704eb/attachment.html>
More information about the netfilter-buglog
mailing list