* payload expressions, evaluate.c, expr_evaluate_bits
@ 2025-02-14 3:37 Sunny73Cr
2025-02-14 7:18 ` Florian Westphal
0 siblings, 1 reply; 3+ messages in thread
From: Sunny73Cr @ 2025-02-14 3:37 UTC (permalink / raw)
To: netfilter-devel@vger.kernel.org
Hi,
contents of /etc/nftables.conf (run in dash shell Debian 12.9):
-------------------------------
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain filter {
type filter hook output priority filter;
@ih,0,129 == 0 \
accept;
}
}
-------------------------------
Output:
nft: evaluate.c:510: expr_evaluate_bits: Assertion `masklen <= NFT_REG_SIZE * BITS_PER_BYTE' failed.
It appears this error occurs due to the apparent 16-byte 'NFT_REG_SIZE' limit.
contents of /etc/nftables.conf (run in dash shell Debian 12.9):
-------------------------------
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain filter {
type filter hook output priority filter;
@ih,0,136 == 0 \
accept;
}
}
-------------------------------
/etc/nftables.conf:16:13-14: Error: Could not process rule: Value too large for defined data type
@ih,0,136 == 0 \
^^
Again, it appears this error should occur due to the 16-byte 'reg-size' limit.
The error is printed differently, or is encountered differently because the mask length was divisble by eight.
I believe that the error messages should be similar;
"Mask Length greater than upper limit of x bits" may be appropriate.
What is the best method to view the values of "NFT_REG_SIZE" and "BITS_PER_BYTE"
sunny
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: payload expressions, evaluate.c, expr_evaluate_bits
2025-02-14 3:37 payload expressions, evaluate.c, expr_evaluate_bits Sunny73Cr
@ 2025-02-14 7:18 ` Florian Westphal
2025-02-15 4:03 ` Sunny73Cr
0 siblings, 1 reply; 3+ messages in thread
From: Florian Westphal @ 2025-02-14 7:18 UTC (permalink / raw)
To: Sunny73Cr; +Cc: netfilter-devel@vger.kernel.org
Sunny73Cr <Sunny73Cr@protonmail.com> wrote:
> contents of /etc/nftables.conf (run in dash shell Debian 12.9):
> -------------------------------
> #!/usr/sbin/nft -f
> flush ruleset
> table inet filter {
> chain filter {
> type filter hook output priority filter;
>
> @ih,0,129 == 0 \
> accept;
> }
> }
> -------------------------------
>
> Output:
>
> nft: evaluate.c:510: expr_evaluate_bits: Assertion `masklen <= NFT_REG_SIZE * BITS_PER_BYTE' failed.
Fixed last year:
https://git.netfilter.org/nftables/commit/?id=58904b8b55a2a7941287f0267601eb54c75432a0
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: payload expressions, evaluate.c, expr_evaluate_bits
2025-02-14 7:18 ` Florian Westphal
@ 2025-02-15 4:03 ` Sunny73Cr
0 siblings, 0 replies; 3+ messages in thread
From: Sunny73Cr @ 2025-02-15 4:03 UTC (permalink / raw)
To: Florian Westphal; +Cc: netfilter-devel@vger.kernel.org
> Fixed last year:
Apologies, thank you for the information.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-02-15 4:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-02-14 3:37 payload expressions, evaluate.c, expr_evaluate_bits Sunny73Cr
2025-02-14 7:18 ` Florian Westphal
2025-02-15 4:03 ` Sunny73Cr
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.