bugzilla-daemon at netfilter.org
2014-May-13 12:27 UTC
[Bug 933] New: queue: Incorrect use of option with queue
https://bugzilla.netfilter.org/show_bug.cgi?id=933
Summary: queue: Incorrect use of option with queue
Product: nftables
Version: unspecified
Platform: x86_64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
AssignedTo: pablo at netfilter.org
ReportedBy: anarey at gmail.com
Estimated Hours: 0.0
The correct use of option in queue is "[..] queue [..] options fanout,
bypass
[...]
But, you can add the following rule in a table without It shows some error
messages:
$ sudo nft add rule ip test input queue num 2 total 3 options fanout options
bypass counter
$ sudo nft list table test
table ip test {
chain input {
queue num 2 total 3 options bypass counter packets 0 bytes 0
}
}
If you list the table, The rule shows one options "options bypass" but
you miss
the "options fanout".
The last commit in Pablo git tree of kernel is "40e6442 netfilter:
x_tables:
allow to use cgroup match for LOCAL_IN nf hooks"
The last commit in libmnl repo is "090a842 examples: use
mnl_socket_setsockopt"
The last commit in libnftnl repo is "57107c2 common: fix unconditional
output
of event wrapping stuff"
The last commit in nftables repo is "aefa9bf expression: Fix inconsistent
output in set"
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
bugzilla-daemon at netfilter.org
2014-May-28 08:58 UTC
[Bug 933] queue: Incorrect use of option with queue
https://bugzilla.netfilter.org/show_bug.cgi?id=933
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> 2014-05-28
10:58:07 CEST ---
The (current) correct syntax is:
nft add rule ip filter input queue num 2 total 3 options fanout,bypass
But we have to fix that syntax to make it more compact, eg.
nft add rule ip filter input queue 2:3 fanout bypass
Closing this. We'll file a different ticket to rework the syntax.
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Seemingly Similar Threads
- [Bug 918] New: Ranges and comparat
- [Bug 938] New: TOS: Do not list hexadecimal values.
- [Bug 931] New: limit: -limit-burst is not supported in nft
- [Bug 935] New: Frag: problem with frag-off
- [Bug 936] New: frag: "more-fragments" and "reserved" are not identified by nftables