* nftables: Example involving payload_raw_expr
@ 2015-11-30 13:28 Stefan Berghofer
2015-12-14 17:29 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Stefan Berghofer @ 2015-11-30 13:28 UTC (permalink / raw)
To: netfilter
Hi all,
I just tried out the example file tests/payload-ll distributed with nftables,
which makes use of payload raw expressions of the form "@..,..,..". While the first
two declarations in the file, i.e.
nft add table ip filter
nft add chain ip filter input \{ type filter hook input priority 0\; \}
work as expected, the third declaration
nft add rule ip filter input @ll,48,48 00:15:e9:f0:10:f8 counter
is rejected with the error message
Error: protocol specification is invalid for this family
(the expression "@ll,48,48" is underlined in the output). Does the example use
an outdated syntax, or have I done something wrong?
Is there any documentation on how to use payload raw expressions? I couldn't find
any mention of it in the wiki or the manpage of nftables.
I am using Linux Kernel 4.2.4, together with the latest repository version of
libnftnl and nftables.
Greetings,
Stefan
--
Dr. Stefan Berghofer
Senior Consultant, Network & Client Security
Public Authorities
secunet Security Networks AG
Phone: +49 201 54 54-3606, Fax: +49 201 54 54-1323
E-Mail: stefan.berghofer@secunet.com
Ammonstrafle 74, 01067 Dresden, Germany
www.secunet.com
______________________________________________________________________
Registered at: Kronprinzenstrafle 30, 45128 Essen, Deutschland
Amtsgericht Essen HRB 13615
Management Board: Dr Rainer Baumgart (CEO), Thomas Pleines
Chairman of Supervisory Board: Dr Peter Zattler
______________________________________________________________________
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: nftables: Example involving payload_raw_expr
2015-11-30 13:28 nftables: Example involving payload_raw_expr Stefan Berghofer
@ 2015-12-14 17:29 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2015-12-14 17:29 UTC (permalink / raw)
To: Stefan Berghofer; +Cc: netfilter
On Mon, Nov 30, 2015 at 02:28:38PM +0100, Stefan Berghofer wrote:
> Hi all,
>
> I just tried out the example file tests/payload-ll distributed with nftables,
> which makes use of payload raw expressions of the form "@..,..,..". While the first
> two declarations in the file, i.e.
>
> nft add table ip filter
> nft add chain ip filter input \{ type filter hook input priority 0\; \}
>
> work as expected, the third declaration
>
> nft add rule ip filter input @ll,48,48 00:15:e9:f0:10:f8 counter
>
> is rejected with the error message
>
> Error: protocol specification is invalid for this family
It seems this got broken at some stage of the development, so it would
be good to get this back working and add tests to our regression test
infrastructure so we make sure this doesn't break again.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-12-14 17:29 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-11-30 13:28 nftables: Example involving payload_raw_expr Stefan Berghofer
2015-12-14 17:29 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox