bugzilla-daemon at netfilter.org
2014-May-13 12:30 UTC
[Bug 935] New: Frag: problem with frag-off
https://bugzilla.netfilter.org/show_bug.cgi?id=935
Summary: Frag: problem with frag-off
Product: nftables
Version: unspecified
Platform: x86_64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
AssignedTo: pablo at netfilter.org
ReportedBy: anarey at gmail.com
Estimated Hours: 0.0
Without show some error message, you can add a rule using frag-off option with
flag. After, when you show the table, it shows the followin error:
$ sudo nft add rule ip test input frag frag-off 33
$ sudo nft list table ip test
table ip test {
chain input {
}
}
netlink: Error: Relational expression size mismatch
The last commit in Pablo git tree of kernel is "40e6442 netfilter:
x_tables:
allow to use cgroup match for LOCAL_IN nf hooks"
The last commit in libmnl repo is "090a842 examples: use
mnl_socket_setsockopt"
The last commit in libnftnl repo is "57107c2 common: fix unconditional
output
of event wrapping stuff"
The last commit in nftables repo is "aefa9bf expression: Fix inconsistent
output in set"
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
bugzilla-daemon at netfilter.org
2016-Mar-09 17:34 UTC
[Bug 935] Frag: problem with frag-off
https://bugzilla.netfilter.org/show_bug.cgi?id=935
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Fixed by this commit:
commit 45e5e4e92a2c882b22e95a807026611612d57729
Author: Florian Westphal <fw at strlen.de>
Date: Wed Mar 2 13:56:43 2016 +0100
netlink_delinearize: handle extension header templates with odd sizes
This enables nft to display
frag frag-off 33
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160309/9ece3cb5/attachment.html>
Apparently Analagous Threads
- [Bug 936] New: frag: "more-fragments" and "reserved" are not identified by nftables
- [Bug 934] New: frag: Invert a range in frag
- [Bug 937] New: frag: --fraglast is not supported in nft
- [Bug 919] New: ah: --reserver is not supported (ipv4 and ipv6)
- [Bug 920] New: DNAT: SNAT: --random and --persistent are not supported