thr3ads.net - netfilter buglog - [Bug 950] New: ct status [May 2014]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at netfilter.org

2014-May-28 18:18 UTC

[Bug 950] New: ct status

https://bugzilla.netfilter.org/show_bug.cgi?id=950

           Summary: ct status
           Product: nftables
           Version: unspecified
          Platform: x86_64
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: nft
        AssignedTo: pablo at netfilter.org
        ReportedBy: anarey at gmail.com
   Estimated Hours: 0.0


This is the symbol table for ct status parameter:

 71 static const struct symbol_table ct_status_tbl = {                          
 72         /*                                                                  
 73          * There are more, but most of them don't make sense for
filtering.
 74          */                                                                 
 75         .symbols        = {                                                 
 76                 SYMBOL("expected",      IPS_EXPECTED),
 77                 SYMBOL("seen-reply",    IPS_SEEN_REPLY),
 78                 SYMBOL("assured",       IPS_ASSURED),
 79                 SYMBOL("confirmed",     IPS_CONFIRMED),
 80                 SYMBOL("snat",          IPS_SRC_NAT),
 81                 SYMBOL("dnat",          IPS_DST_NAT),
 82                 SYMBOL("dying",         IPS_DYING),
 83                 SYMBOL_LIST_END                                             
 84         },                                                                  
 85 };

We can use correctly: expected, seen-reply, assured, confirmed, dying but there
is a problem with 'snat' and 'dnat' symbol. 
nft doesn't identify these symbols.

Here, an example:

 $ sudo nft add rule ip test input ct status snat
<cmdline>:1:34-37: Error: syntax error, unexpected snat
add rule ip test input ct status snat
                                 ^^^^
The problem is in the parser:

Stack now 0 1 15
Error: popping token "add" (: )
Stack now 0 1
Shifting token error (: )
Entering state 3
Next token is token "snat" (: )
Error: discarding token "snat" (: )
Error: popping token error (: )
Stack now 0 1
Shifting token error (: )
Entering state 3
Reading a token: --(end of buffer or a NUL)
--EOF (start condition 0)
Now at end of input.
Cleanup: discarding lookahead token "end of file" (: )
Stack now 0 1 3
Cleanup: popping token error (: )
Cleanup: popping nterm input (: )
<cmdline>:1:34-37: Error: syntax error, unexpected snat
add rule ip test input ct status snat

## With dnat

Error: popping token "add" (: )
Stack now 0 1
Shifting token error (: )
Entering state 3
Next token is token "dnat" (: )
Error: discarding token "dnat" (: )
Error: popping token error (: )
Stack now 0 1
Shifting token error (: )
Entering state 3
Reading a token: --(end of buffer or a NUL)
--EOF (start condition 0)
Now at end of input.
Cleanup: discarding lookahead token "end of file" (: )
Stack now 0 1 3
Cleanup: popping token error (: )
Cleanup: popping nterm input (: )
<cmdline>:1:34-37: Error: syntax error, unexpected dnat
add rule ip test input ct status dnat
                                 ^^^^

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

bugzilla-daemon at netfilter.org

2016-Mar-08 17:30 UTC

head link

[Bug 950] ct status

https://bugzilla.netfilter.org/show_bug.cgi?id=950

Karol Babioch <karol at babioch.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |karol at babioch.de

--- Comment #1 from Karol Babioch <karol at babioch.de> ---
*** Bug 1056 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160308/939ca573/attachment.html>

bugzilla-daemon at netfilter.org

2016-Mar-09 11:39 UTC

head link

[Bug 950] ct status

https://bugzilla.netfilter.org/show_bug.cgi?id=950

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #2 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Just submitted this patch to resolve this:

http://patchwork.ozlabs.org/patch/594994/

Thanks for reporting.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160309/546a4dc3/attachment.html>

Reasonably Related Threads

Search for more possibly parallel threads

netfilter buglog - May 2014 - [Bug 950] New: ct status

[Bug 950] New: ct status

[Bug 950] ct status

[Bug 950] ct status

Reasonably Related Threads