bugzilla-daemon at netfilter.org
2016-Aug-22 07:30 UTC
[Bug 1083] New: Cannot parse negative priorities from command line
https://bugzilla.netfilter.org/show_bug.cgi?id=1083 Bug ID: 1083 Summary: Cannot parse negative priorities from command line Product: nftables Version: unspecified Hardware: x86_64 OS: RedHat Linux Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: georg at fleig.xyz Adding a chain with a negative priority using the command line is not possible. E.g. the IPv4 nat example provided by this software: nft add chain nat prerouting { type nat hook prerouting priority -150\; } Returns: nft: invalid option -- '1' However, when this is stored in a file and loaded using nft -f <file> it works without problems. So negative priorities seem to work but can not be configured directly on the command line. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160822/d9199cbe/attachment.html>
bugzilla-daemon at netfilter.org
2017-Feb-10 17:56 UTC
[Bug 1083] Cannot parse negative priorities from command line
https://bugzilla.netfilter.org/show_bug.cgi?id=1083 Phil Sutter <phil at nwl.cc> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |phil at nwl.cc Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #1 from Phil Sutter <phil at nwl.cc> --- This happens due to how nft parses commandline options: - First, getopt_long() is called (in main.c). - Then, lex/yacc parses whatever remains. The leading dash of the negative priority value is picked up by getopt, which obviously rejects it. I think this neither can nor should be "solved". Instead, here are two ways how to achieve what you want to do: 1) quote the whole part in curly braces (I usually do that to avoid the shell picking up the braces by accident: nft add chain nat prerouting '{ type nat hook prerouting priority -150; }' 2) Use '--' parameter to tell getopt it shall not parse beyond that: nft -- add chain nat prerouting { type nat hook prerouting priority -150\; } Since I don't think any workaround in nft is feasible (and good ways to work around this issue exist), I'm closing this ticket. If you still think this is an absolute must-have for you, please feel free to reopen. Cheers, Phil -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20170210/b531e9bc/attachment.html>
Seemingly Similar Threads
- [Bug 1281] New: Using kernel 4.18.10, nft commandline tool or nft -f can't parse negative priority values over -200.
- [Bug 983] New: mnl_socket_recvfrom hangs in example code
- [Bug 1400] New: "COMMIT expected at line ..." when iptables-restore 1.8.4 (nft) parses stdin with empty lines
- [Bug 1395] New: Add element fails with Error: Could not process rule: Invalid argument
- [Bug 1739] New: meta mark 0x80000000 display error