bugzilla-daemon at netfilter.org
2018-Sep-04 04:32 UTC
[Bug 1276] New: "icmpv6 code" test returns wrong data type.
https://bugzilla.netfilter.org/show_bug.cgi?id=1276 Bug ID: 1276 Summary: "icmpv6 code" test returns wrong data type. Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: sabitov at sabitov.su -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180904/ed5c5d4a/attachment.html>
bugzilla-daemon at netfilter.org
2018-Sep-04 04:45 UTC
[Bug 1276] "icmpv6 code" test returns wrong data type.
https://bugzilla.netfilter.org/show_bug.cgi?id=1276 --- Comment #1 from Andrew A. Sabitov <sabitov at sabitov.su> --- I'd like to use a set (concatenation) of icmpv6 type and icmpv6 code and check incoming icmpv6 traffic against it. Something like this: add set inet fw input_public_icmpv6_types { type icmpv6_type . icmpv6_code ; } add element inet fw input_public_icmpv6_types { 1 . 0 } # no route to destination add element inet fw input_public_icmpv6_types { 1 . 1 } # communication with destination administratively prohibited add element inet fw input_public_icmpv6_types { 1 . 2 } # beyond scope of source address add element inet fw input_public_icmpv6_types { 1 . 3 } # address unreachable add element inet fw input_public_icmpv6_types { 1 . 4 } # port unreachable # ... and so on add rule inet fw input_icmpv6 \ ip6 daddr {::1, ff00::/8, fe80::/10, ff02::/64, 2000::/3 } \ icmpv6 type . icmpv6 code @input_public_icmpv6_types \ limit rate 15/minute \ accept "add rule" command returns an error: In file included from ./nft-inet-pea.nft:56:1-47: /etc/firewall/nft-inet-pea-input.nft:253:23-33: Error: can not use variable sized data types (integer) in concat expressions icmpv6 type . icmpv6 code @input_public_icmpv6_types \ ~~~~~~~~~~~~~~^^^^^^^^^^^ As I can see "icmpv6 code" returns "integer" type instead of icmpv6_code. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180904/8f908cd2/attachment.html>
bugzilla-daemon at netfilter.org
2018-Sep-04 10:46 UTC
[Bug 1276] "icmpv6 code" test returns wrong data type.
https://bugzilla.netfilter.org/show_bug.cgi?id=1276 Florian Westphal <fw at strlen.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |fw at strlen.de Assignee|pablo at netfilter.org |fw at strlen.de --- Comment #2 from Florian Westphal <fw at strlen.de> --- Created attachment 548 --> https://bugzilla.netfilter.org/attachment.cgi?id=548&action=edit fix code icmpv6 code type -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180904/8e700a10/attachment.html>
bugzilla-daemon at netfilter.org
2018-Sep-04 11:15 UTC
[Bug 1276] "icmpv6 code" test returns wrong data type.
https://bugzilla.netfilter.org/show_bug.cgi?id=1276 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pablo at netfilter.org --- Comment #3 from Pablo Neira Ayuso <pablo at netfilter.org> --- Do we need similar change for ICMPv4? -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180904/e0df257b/attachment.html>
bugzilla-daemon at netfilter.org
2018-Sep-04 15:30 UTC
[Bug 1276] "icmpv6 code" test returns wrong data type.
https://bugzilla.netfilter.org/show_bug.cgi?id=1276 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|ASSIGNED |RESOLVED --- Comment #4 from Pablo Neira Ayuso <pablo at netfilter.org> --- Florian fixed this upstream: http://git.netfilter.org/nftables/commit/?id=0f44d4f62753535d39d95d83778348bee4e88053 closing. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20180904/cb9b0519/attachment.html>
Maybe Matching Threads
- [Bug 761] New: Bug in ICMPv6 type and code fields processing
- ICMPv6 messages of type RS
- [Bug 1468] New: [netdev] dropping ether type vlan frames drops ICMPv6 type 134
- [Bug 567] New: Local multicast ICMPv6 and --state INVALID
- [Bug 926] New: icmp: ICMPv6 types are not supported