bugzilla-daemon at netfilter.org
2019-Oct-10 15:43 UTC
[Bug 1371] New: Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 Bug ID: 1371 Summary: Concatenations Literal sets Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: tad1073 at gmail.com inet.nft:97:44-51: Error: syntax error, unexpected protocol iif $int_if0 ip6 saddr . ip6 daddr . ip6 protocol { $g6dns . $myip_v6 . tcp, $g6dns . $myip_v6 . udp } jump global_dns_in ^^^^^^^^ -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191010/b5822c23/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-10 16:03 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> --- Use 'ip6 nexthdr' instead of 'ip6 protocol'. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191010/4b54b40f/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-11 12:01 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191011/c647a8df/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-11 12:21 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 Thomas <tad1073 at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- --- Comment #2 from Thomas <tad1073 at gmail.com> --- didn't work -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191011/7fa0e86d/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-11 17:56 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 --- Comment #3 from Thomas <tad1073 at gmail.com> --- (In reply to Pablo Neira Ayuso from comment #1) didn't work -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191011/262ba6f8/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-14 08:48 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |ASSIGNED --- Comment #4 from Pablo Neira Ayuso <pablo at netfilter.org> --- (In reply to Thomas from comment #3)> (In reply to Pablo Neira Ayuso from comment #1) > didn't worktable ip6 x { chain global_dns_in { } chain y { iif $int_if0 ip6 saddr . ip6 daddr . ip6 nexthdr { $g6dns . $myip_v6 . tcp, $g6dns . $myip_v6 . udp } jump global_dns_in } } Works here. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191014/bc92800d/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-14 13:19 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 --- Comment #5 from Thomas <tad1073 at gmail.com> --- Still not working. **Mon Oct 14 09:10 AM** [thomas at rainiermountain]:[~>]$ nftfw /home/thomas/.nftables/inet.nft:128:20-24: Error: syntax error, unexpected saddr iif $inet_if ip4 saddr . ip4 daddr . ip4 protocol { $g4dns . $myip_v4 . tcp, $g4dns . $myip_v4 . udp } jump global_dns_in ^^^^^ /home/thomas/.nftables/inet.nft:127:16-50: Error: Byteorder mismatch: expected big endian, got invalid iif $inet_if ip6 saddr . ip6 daddr . ip6 nexthdr { $g6dns . $myip_v6 . tcp, $g6dns . $myip_v6 . udp } jump global_dns_in ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ **Mon Oct 14 09:10 AM** -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191014/523b505b/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-14 13:22 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 --- Comment #6 from Thomas <tad1073 at gmail.com> --- (In reply to Thomas from comment #5) I leaped before i looked. Changed ip4 to ip but haven't tested it yet. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191014/9cbb6269/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-14 13:52 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 --- Comment #7 from Thomas <tad1073 at gmail.com> --- (In reply to Thomas from comment #5) It's not accepting my variables, $g6dns is both IPv6 addresses for google dns. from /home/thomas/.nftables/inet.nft:37:1-44: /home/thomas/.nftables/nat.nft:185:65-87: Error: datatype mismatch, expected concatenation of (IPv4 address, IPv4 address, IPv4 address, Internet protocol), expression has type concatenation of (IPv4 address, IPv4 address, Internet protocol) -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191014/699ff309/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-14 14:09 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 --- Comment #8 from Pablo Neira Ayuso <pablo at netfilter.org> --- Please pass me an example script that I can run here. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191014/42faaa02/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-14 14:32 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 --- Comment #9 from Thomas <tad1073 at gmail.com> --- Created attachment 572 --> https://bugzilla.netfilter.org/attachment.cgi?id=572&action=edit Concatenation test rules -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191014/797a8324/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-14 14:39 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 --- Comment #10 from Thomas <tad1073 at gmail.com> --- Created attachment 573 --> https://bugzilla.netfilter.org/attachment.cgi?id=573&action=edit My actual rulesets Here is my actual nftables rules, it's simple but I just have a home server. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191014/78422a34/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-14 15:13 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 --- Comment #11 from Pablo Neira Ayuso <pablo at netfilter.org> --- Please send me a very small test script to reproduce what it is actually not working on your side. Thank you. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191014/29adbcd2/attachment.html>
bugzilla-daemon at netfilter.org
2020-Sep-09 18:28 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 --- Comment #12 from Pablo Neira Ayuso <pablo at netfilter.org> --- (In reply to Thomas from comment #9)> Created attachment 572 [details] > Concatenation test rulesThe examples you post in your file are imbalanced. # This dosen't work # nft add rule inet filter input iif eth0 ip6 saddr . ip6 saddr . ip6 daddr . ip6 nexthdr { 2001:4680:4680::8888, 2001:4680:4680:8844 . 1:2:3::4 . tcp, 2001:4680:4680::8888, 2001:4680:4680:8844 . 1:2:3::4 . udp } accept Here above, you specify: 2001:4680:4680::8888 , so it reports an error: Error: invalid data type, expected concatenation of (IPv6 address, IPv6 address, IPv6 address, Internet protocol) This comma should be just a dot instead. Similar comments go for other examples in this file. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200909/11766b56/attachment.html>