bugzilla-daemon at netfilter.org
2014-Feb-05 07:46 UTC
[Bug 895] New: Add a 'ipv6_address' set into a ipv4 table and vice versa
https://bugzilla.netfilter.org/show_bug.cgi?id=895 Summary: Add a 'ipv6_address' set into a ipv4 table and vice versa Product: nftables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: enhancement Priority: P5 Component: nft AssignedTo: pablo at netfilter.org ReportedBy: anarey.spam at gmail.com Estimated Hours: 0.0 You can add a 'ipv6_address' set into a ipv4 table and a 'ipv4_address' set into a ipv6 table. # With a ipv6-set $ sudo nft list table ip t-ip table ip t-ip { set t-ipv4-set { type ipv4_address } chain c-filter { type filter hook input priority 0; } } $ sudo nft add set ip t-ip t-ipv6-set { type ipv6_address\;} $ sudo nft -nna list table ip t-ip table ip t-ip { set t-ipv4-set { type ipv4_address } set t-ipv6-set { type ipv6_address } chain c-filter { type filter hook input priority 0; } } # With a ipv6-set $ sudo nft add table ip6 t-ipv6 $ sudo nft add chain ip6 t-ipv6 c-filter { type filter hook input priority 0 \; } $ sudo nft add set ip6 t-ipv6 ipv6-set2 { type ipv6_address\;} $ sudo nft add set ip6 t-ipv6 ipv4-set2 { type ipv4_address\;} $ sudo nft list table ip6 t-ipv6 table ip6 t-ipv6 { set ipv6-set2 { type ipv6_address } set ipv4-set2 { type ipv4_address } chain c-filter { type filter hook input priority 0; } } I can always reproduce this bug. The last commit in libmnl repo is "090a842 examples: use mnl_socket_setsockopt" The last commit in libnftnl repo is "076fd1e include: add cached copy of linux/kernel.h" The last commit in nftables repo is "11ba325 bump release number to 0.100" -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
bugzilla-daemon at netfilter.org
2017-Feb-13 18:16 UTC
[Bug 895] Add a 'ipv6_address' set into a ipv4 table and vice versa
https://bugzilla.netfilter.org/show_bug.cgi?id=895 Phil Sutter <phil at nwl.cc> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |phil at nwl.cc --- Comment #1 from Phil Sutter <phil at nwl.cc> --- I don't see why this should be a problem. I guess it might even be useful to filter tunnelled traffic, matching IPv6 addresses encapsulated in IPv4 packets. Ana: Could you please elaborate why this is a bug rather than a feature? Thanks, Phil -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170213/2baf831b/attachment.html>
bugzilla-daemon at netfilter.org
2017-Feb-13 18:30 UTC
[Bug 895] Add a 'ipv6_address' set into a ipv4 table and vice versa
https://bugzilla.netfilter.org/show_bug.cgi?id=895 --- Comment #2 from Pablo Neira Ayuso <pablo at netfilter.org> --- I agree we can close this bug. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170213/fac4d236/attachment.html>
bugzilla-daemon at netfilter.org
2017-Feb-14 09:06 UTC
[Bug 895] Add a 'ipv6_address' set into a ipv4 table and vice versa
https://bugzilla.netfilter.org/show_bug.cgi?id=895 Phil Sutter <phil at nwl.cc> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|NEW |RESOLVED -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170214/71abab5e/attachment-0001.html>
Possibly Parallel Threads
- [Bug 1062] New: Kernel IPv6 event filtering not working
- [PATCH] display ipv6 address in networking details page, also fix ipv6 netmask configurations.
- [PATCH] display ipv6 address in networking details page, also fix ipv6 netmask configurations
- [Bug 896] New: You can not add the follow kinds of sets: mark, integer, string, lladdr
- [Bug 914] New: nft configure does not use --prefix as include/lib search path