[Bug 1783] New: meta nftproto is lost in read-back ruleset when combined with ct meta expression

Thu Jan 9 10:58:54 CET 2025

https://bugzilla.netfilter.org/show_bug.cgi?id=1783

            Bug ID: 1783
           Summary: meta nftproto is lost in read-back ruleset when
                    combined with ct meta expression
           Product: nftables
           Version: 1.0.x
          Hardware: All
                OS: All
            Status: NEW
          Severity: minor
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: neandris at gmail.com

Take following input ruleset

table inet t {
 chain c {
  meta nfproto ipv6 ct protocol tcp
  ct protocol tcp
 }
}

It is entered to kernel correctly as evidenced by -d netlink output but the
rules read back omit nfproto part of first rule ie

table inet t {
        chain c {
                ct protocol tcp
                ct protocol tcp
        }
}

Expected behaviour - original or somewhat re-parsed original rule is reflected
back without losing essential active part of rule.

Issue is minor as meta l4proto tcp equivalent works correctly and is duly
generated by translation tool.

Tested wrong on OpenWRT/mips SuSE/x86_64 Debian/aarch64, so considering rest of
the world included.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20250109/ea021630/attachment.html>