netfilter buglog - Mar 2016 - [Bug 1056] New: nft: Syntax error with dnat as ct state

https://bugzilla.netfilter.org/show_bug.cgi?id=1056

            Bug ID: 1056
           Summary: nft: Syntax error with dnat as ct state
           Product: nftables
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: karol at babioch.de

According to a disucssion in IRC dnat (and snat) should be valid states for the
connection tracking , so a rule like the following should actually work:

ct state dnat accept

Apparently this is already implemented. However, right now with nftables
version 0.5 this results in an error:

[root at kvm2 ~]# nft -f /etc/nftables.conf 
/etc/nftables.conf:115:18-21: Error: syntax error, unexpected dnat
    ct state dnat accept            ^^^^

According to fw in the #netfilter IRC this is due to a parser ambiguity:

<aborrero> kbabioch: that seems like a bug, I see support for it in the
current
source tree
<fw> aborrero: its because of parser ambiguity

These virtual states are also available in iptables and do work like expected.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160308/ebd1ba3e/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1056

Karol Babioch <karol at babioch.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |karol at babioch.de

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160308/1ef75358/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1056

Karol Babioch <karol at babioch.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |DUPLICATE

--- Comment #1 from Karol Babioch <karol at babioch.de> ---
While looking through the bugzilla database, this seems to be a duplicated of
#950.

*** This bug has been marked as a duplicate of bug 950 ***

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160308/c4af1153/attachment.html>