nftables: precondition validation fails on map construct

nftables: precondition validation fails on map construct

[Andreas Schultz]

Hi,

As far as I can tell the following construct should be valid:

# nft add nat prerouting ip protocol {tcp, udp} snat 10.200.4.1-10.200.4.254:10240-20480

However it fails with:

<cmdline>:1:72-82: Error: transport protocol mapping is only valid after transport protocol match
add nat prerouting ip protocol {tcp, udp} snat 10.200.4.1-10.200.4.254:10240-20480
                                           ~~~~                         ^^^^^^^^^^^

Is this intended behaviour?

Andreas

Re: nftables: precondition validation fails on map construct

[Patrick McHardy]

On 13.08, Andreas Schultz wrote:
> Hi,
> 
> As far as I can tell the following construct should be valid:
> 
> # nft add nat prerouting ip protocol {tcp, udp} snat 10.200.4.1-10.200.4.254:10240-20480
> 
> However it fails with:
> 
> <cmdline>:1:72-82: Error: transport protocol mapping is only valid after transport protocol match
> add nat prerouting ip protocol {tcp, udp} snat 10.200.4.1-10.200.4.254:10240-20480
>                                           ~~~~                         ^^^^^^^^^^^
> 
> Is this intended behaviour?

Yes, sets don't create a protocol context since we can currently only handle
a single protocol. It could be made to work, but right now it is expected
behaviour.

> 
> Andreas
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>