bugzilla-daemon at netfilter.org
2017-Apr-02 19:32 UTC
[Bug 1142] New: invalid binop operation 6nft
https://bugzilla.netfilter.org/show_bug.cgi?id=1142 Bug ID: 1142 Summary: invalid binop operation 6nft Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: netfilter at d9c.eu Consider the following table: table inet filter { set allowable { type ipv6_addr flags timeout } chain input { type filter hook input priority 0; policy accept; tcp dport telnet set update ip6 saddr & ffff:ffff:ffff:ffff:: timeout 2m @allowable } } # nft "add rule inet filter input ip6 saddr & ffff:ffff:ffff:ffff:: @allowable counter" BUG: invalid binop operation 6nft: evaluate.c:1418: binop_transfer: Assertion `0' failed. # nft add element inet filter allowable { 1:1:1:1:: timeout 1h } # nft "add rule inet filter input ip6 saddr & ffff:ffff:ffff:ffff:: @allowable counter" works! new ruleset works but is invalid: table inet filter { set allowable { type ipv6_addr flags timeout elements = { 1:1:1:1:: timeout 1h expires 57m23s} } chain input { type filter hook input priority 0; policy accept; tcp dport telnet set update ip6 saddr & ffff:ffff:ffff:ffff:: timeout 2m @allowable ip6 saddr @allowable/64 counter packets 3 bytes 212 } } --> Error: Could not process rule: Set 'allowable/64' does not exist What i basically want to do is a dynamically updating set for ipv6 that operates on /64 subnets. Using nftables 0.7 on Archlinux x64 kernel 4.10.5 -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170402/842c5b8a/attachment.html>
bugzilla-daemon at netfilter.org
2017-Jul-30 19:25 UTC
[Bug 1142] invalid binop operation 6nft
https://bugzilla.netfilter.org/show_bug.cgi?id=1142 --- Comment #1 from Andreas Fischer <netfilter at d9c.eu> --- Any update/confirmation? -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170730/e8da01c1/attachment.html>
bugzilla-daemon at netfilter.org
2019-Jul-12 11:00 UTC
[Bug 1142] invalid binop operation 6nft
https://bugzilla.netfilter.org/show_bug.cgi?id=1142 Phil Sutter <phil at nwl.cc> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|pablo at netfilter.org |phil at nwl.cc CC| |phil at nwl.cc -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190712/962bae10/attachment.html>
bugzilla-daemon at netfilter.org
2019-Jul-12 11:00 UTC
[Bug 1142] invalid binop operation 6nft
https://bugzilla.netfilter.org/show_bug.cgi?id=1142 Phil Sutter <phil at nwl.cc> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|phil at nwl.cc |pablo at netfilter.org -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190712/255ad16b/attachment.html>
bugzilla-daemon at netfilter.org
2019-Jul-12 11:12 UTC
[Bug 1142] invalid binop operation 6nft
https://bugzilla.netfilter.org/show_bug.cgi?id=1142 Phil Sutter <phil at nwl.cc> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|pablo at netfilter.org |phil at nwl.cc Status|NEW |ASSIGNED --- Comment #2 from Phil Sutter <phil at nwl.cc> --- Hi, (In reply to Andreas Fischer from comment #1)> Any update/confirmation?Yes, I can still reproduce this. No idea why nft turns | ip6 saddr & ffff:ffff:ffff:ffff:: @allowable into | ip6 saddr @allowable/64 but it is definitely a bug. I'll see how we can fix this. Thanks, Phil -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190712/b6cc0d09/attachment.html>
bugzilla-daemon at netfilter.org
2020-Jul-29 21:50 UTC
[Bug 1142] invalid binop operation 6nft
https://bugzilla.netfilter.org/show_bug.cgi?id=1142 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pablo at netfilter.org --- Comment #3 from Pablo Neira Ayuso <pablo at netfilter.org> --- http://git.netfilter.org/nftables/commit/?id=7c9bef0c03120dd8febd33e213ef2cf5626f9262 -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200729/a87059d0/attachment-0001.html>
bugzilla-daemon at netfilter.org
2020-Jul-30 17:30 UTC
[Bug 1142] invalid binop operation 6nft
https://bugzilla.netfilter.org/show_bug.cgi?id=1142 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|ASSIGNED |RESOLVED --- Comment #4 from Pablo Neira Ayuso <pablo at netfilter.org> --- Closing, thanks for reporting. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200730/177f0040/attachment.html>