netfilter buglog - May 2014 - [Bug 936] New: frag: "more-fragments" and "reserved" are not identified by nftables

https://bugzilla.netfilter.org/show_bug.cgi?id=936

           Summary: frag: "more-fragments" and "reserved"
are not
                    identified by nftables
           Product: nftables
           Version: unspecified
          Platform: x86_64
        OS/Version: Debian GNU/Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: nft
        AssignedTo: pablo at netfilter.org
        ReportedBy: anarey at gmail.com
   Estimated Hours: 0.0


The command-line parameters "more-fragments" and "reserved"
are not identified
by nftables.

 $ sudo nft add rule ip test input frag more-fragments
<cmdline>:1:43-43: Error: syntax error, unexpected end of file
add rule ip test input frag more-fragments
                                          ^
 $ sudo nft add rule ip test input frag reserved
<cmdline>:1:37-37: Error: syntax error, unexpected end of file
add rule ip test input frag reserved
                                    ^

The last commit in Pablo git tree of kernel is "40e6442 netfilter:
x_tables:
allow to use cgroup match for LOCAL_IN nf hooks"
The last commit in libmnl repo is "090a842 examples: use
mnl_socket_setsockopt"
The last commit in libnftnl repo is "57107c2 common: fix unconditional
output
of event wrapping stuff"
The last commit in nftables repo is "aefa9bf expression: Fix inconsistent
output in set"

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

https://bugzilla.netfilter.org/show_bug.cgi?id=936

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Fixed by:

commit 45e5e4e92a2c882b22e95a807026611612d57729
Author: Florian Westphal <fw at strlen.de>
Date:   Wed Mar 2 13:56:43 2016 +0100

    netlink_delinearize: handle extension header templates with odd sizes

# nft --debug=netlink add rule ip6 x y frag more-fragments 1
ip6 x y 
  [ exthdr load 1b @ 44 + 3 => reg 1 ]
  [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ]
  [ cmp eq reg 1 0x00000001 ]

Closing.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160513/00883966/attachment.html>