Re: Issue with latest nftables

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Eric Leblond <eric@regit.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: Issue with latest nftables
Date: Sat, 29 Jun 2013 11:45:03 +0200	[thread overview]
Message-ID: <20130629094503.GA3805@localhost> (raw)
In-Reply-To: <1372450120.8772.5.camel@tiger2>

On Fri, Jun 28, 2013 at 10:08:40PM +0200, Eric Leblond wrote:
> Hi,
> 
> I've found an issue when using the libnftables based nft.
> 
> If you use nft-add-rule from libnftables examples and you try to list
> the rules afterward with nft, there is a problem with the added rules
> which are not displayed correctly.
> 
> Here is the output of "nft list table filter -n -a --debug=all":
> 
> family=ip table=filter chain=output handle=9 flags=0 match name=iprange rev=1 payload dreg=1 base=1 offset=9 len=1 target name=LOG rev=0 
> table filter {
>         chain input {
>                  hook NF_INET_LOCAL_IN 0;
>         }
> 
>         chain forward {
>                  hook NF_INET_FORWARD 0;
>         }
> 
>         chain output {
>                  hook NF_INET_LOCAL_OUT 0;
>                  ip daddr 1.2.3.4 drop # handle 4
>                  ip daddr 1.2.3.5 drop # handle 5
>                  ip daddr 1.2.3.6 drop # handle 6
>                  # handle 9
>         }
> }
> netlink: Error: unknown expression type 'match'
> name=iprange rev=1 
> 
> 
> netlink: Error: unknown expression type 'target'
> name=LOG rev=0 
> 
> Should this problem be trivial for someone, I let him do the job. If
> not, I will start to work on it.

We don't have support for compat from nft yet. That should be
relatively easy to fix.

next prev parent reply	other threads:[~2013-06-29  9:45 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-06-28 20:08 Issue with latest nftables Eric Leblond
2013-06-29  9:45 ` Pablo Neira Ayuso [this message]
2013-07-01  6:56   ` Tomasz Bursztyka
2013-07-01  8:22     ` Eric Leblond

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130629094503.GA3805@localhost \
    --to=pablo@netfilter.org \
    --cc=eric@regit.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.