nftables: Example involving payload_raw_expr

[Stefan Berghofer <stefan.berghofer@secunet.com>]

Hi all,

I just tried out the example file tests/payload-ll distributed with nftables,
which makes use of payload raw expressions of the form "@..,..,..". While the first
two declarations in the file, i.e.

  nft add table ip filter
  nft add chain ip filter input \{ type filter hook input priority 0\; \}

work as expected, the third declaration

  nft add rule ip filter input @ll,48,48 00:15:e9:f0:10:f8 counter

is rejected with the error message

  Error: protocol specification is invalid for this family

(the expression "@ll,48,48" is underlined in the output). Does the example use
an outdated syntax, or have I done something wrong?

Is there any documentation on how to use payload raw expressions? I couldn't find
any mention of it in the wiki or the manpage of nftables.

I am using Linux Kernel 4.2.4, together with the latest repository version of
libnftnl and nftables.

Greetings,
Stefan

-- 
Dr. Stefan Berghofer
Senior Consultant, Network & Client Security
Public Authorities
secunet Security Networks AG

Phone: +49 201 54 54-3606, Fax: +49 201 54 54-1323
E-Mail: stefan.berghofer@secunet.com
Ammonstrafle 74, 01067 Dresden, Germany
www.secunet.com

______________________________________________________________________

Registered at: Kronprinzenstrafle 30, 45128 Essen, Deutschland
Amtsgericht Essen HRB 13615
Management Board: Dr Rainer Baumgart (CEO), Thomas Pleines
Chairman of Supervisory Board: Dr Peter Zattler
______________________________________________________________________