Linux Netfilter discussions
 help / color / mirror / Atom feed
* nftables 1.0.8 showing invalid type for ip dscp
@ 2023-07-18 15:31 Brian Davidson
  2023-07-19  0:16 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Brian Davidson @ 2023-07-18 15:31 UTC (permalink / raw)
  To: netfilter

The following ruleset setting ct mark from ip dscp does not display
the right-hand expression 'ip dscp' correctly when listing the
ruleset.
It instead displays '@nh,8,8 & 0xfc [invalid type]'.  'ip6 dscp' looks normal.

table inet x {
        chain y {
                type filter hook postrouting priority mangle + 1; policy accept;
                ct mark set ip dscp | 0x40 counter
                ct mark set ip6 dscp | 0x40 counter
        }
}

# nft list table inet x
table inet x {
        chain y {
                type filter hook postrouting priority mangle + 1; policy accept;
                meta nfproto ipv4 ct mark set @nh,8,8 & 0xfc [invalid
type] | 0x40 counter packets 3584 bytes 575402
                ct mark set ip6 dscp | 0x40 counter packets 755 bytes 255731
        }
}

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: nftables 1.0.8 showing invalid type for ip dscp
  2023-07-18 15:31 nftables 1.0.8 showing invalid type for ip dscp Brian Davidson
@ 2023-07-19  0:16 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2023-07-19  0:16 UTC (permalink / raw)
  To: Brian Davidson; +Cc: netfilter

Hi,

Thanks for reporting.

On Tue, Jul 18, 2023 at 11:31:38AM -0400, Brian Davidson wrote:
> The following ruleset setting ct mark from ip dscp does not display
> the right-hand expression 'ip dscp' correctly when listing the
> ruleset.

This patch fixes this issue:

https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230719001444.154070-1-pablo@netfilter.org/

> It instead displays '@nh,8,8 & 0xfc [invalid type]'.  'ip6 dscp' looks normal.
> 
> table inet x {
>         chain y {
>                 type filter hook postrouting priority mangle + 1; policy accept;
>                 ct mark set ip dscp | 0x40 counter
>                 ct mark set ip6 dscp | 0x40 counter
>         }
> }
> 
> # nft list table inet x
> table inet x {
>         chain y {
>                 type filter hook postrouting priority mangle + 1; policy accept;
>                 meta nfproto ipv4 ct mark set @nh,8,8 & 0xfc [invalid
> type] | 0x40 counter packets 3584 bytes 575402
>                 ct mark set ip6 dscp | 0x40 counter packets 755 bytes 255731
>         }
> }

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-07-19  0:16 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-07-18 15:31 nftables 1.0.8 showing invalid type for ip dscp Brian Davidson
2023-07-19  0:16 ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox