bugzilla-daemon at netfilter.org
2019-Oct-10 15:43 UTC
[Bug 1371] New: Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371
Bug ID: 1371
Summary: Concatenations Literal sets
Product: nftables
Version: unspecified
Hardware: x86_64
OS: other
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: tad1073 at gmail.com
inet.nft:97:44-51: Error: syntax error, unexpected protocol
iif $int_if0 ip6 saddr . ip6 daddr . ip6 protocol { $g6dns . $myip_v6 .
tcp, $g6dns . $myip_v6 . udp } jump global_dns_in
^^^^^^^^
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191010/b5822c23/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-10 16:03 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Use 'ip6 nexthdr' instead of 'ip6 protocol'.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191010/4b54b40f/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-11 12:01 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191011/c647a8df/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-11 12:21 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371
Thomas <tad1073 at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |---
--- Comment #2 from Thomas <tad1073 at gmail.com> ---
didn't work
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191011/7fa0e86d/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-11 17:56 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 --- Comment #3 from Thomas <tad1073 at gmail.com> --- (In reply to Pablo Neira Ayuso from comment #1) didn't work -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191011/262ba6f8/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-14 08:48 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |ASSIGNED
--- Comment #4 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to Thomas from comment #3)> (In reply to Pablo Neira Ayuso from comment #1)
> didn't work
table ip6 x {
chain global_dns_in {
}
chain y {
iif $int_if0 ip6 saddr . ip6 daddr . ip6 nexthdr { $g6dns .
$myip_v6 . tcp, $g6dns . $myip_v6 . udp } jump global_dns_in
}
}
Works here.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191014/bc92800d/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-14 13:19 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371
--- Comment #5 from Thomas <tad1073 at gmail.com> ---
Still not working.
**Mon Oct 14 09:10 AM**
[thomas at rainiermountain]:[~>]$ nftfw
/home/thomas/.nftables/inet.nft:128:20-24: Error: syntax error, unexpected
saddr
iif $inet_if ip4 saddr . ip4 daddr . ip4 protocol { $g4dns . $myip_v4 .
tcp, $g4dns . $myip_v4 . udp } jump global_dns_in
^^^^^
/home/thomas/.nftables/inet.nft:127:16-50: Error: Byteorder mismatch: expected
big endian, got invalid
iif $inet_if ip6 saddr . ip6 daddr . ip6 nexthdr { $g6dns . $myip_v6 .
tcp, $g6dns . $myip_v6 . udp } jump global_dns_in
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
**Mon Oct 14 09:10 AM**
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191014/523b505b/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-14 13:22 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 --- Comment #6 from Thomas <tad1073 at gmail.com> --- (In reply to Thomas from comment #5) I leaped before i looked. Changed ip4 to ip but haven't tested it yet. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191014/9cbb6269/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-14 13:52 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 --- Comment #7 from Thomas <tad1073 at gmail.com> --- (In reply to Thomas from comment #5) It's not accepting my variables, $g6dns is both IPv6 addresses for google dns. from /home/thomas/.nftables/inet.nft:37:1-44: /home/thomas/.nftables/nat.nft:185:65-87: Error: datatype mismatch, expected concatenation of (IPv4 address, IPv4 address, IPv4 address, Internet protocol), expression has type concatenation of (IPv4 address, IPv4 address, Internet protocol) -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191014/699ff309/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-14 14:09 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 --- Comment #8 from Pablo Neira Ayuso <pablo at netfilter.org> --- Please pass me an example script that I can run here. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191014/42faaa02/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-14 14:32 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 --- Comment #9 from Thomas <tad1073 at gmail.com> --- Created attachment 572 --> https://bugzilla.netfilter.org/attachment.cgi?id=572&action=edit Concatenation test rules -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191014/797a8324/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-14 14:39 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 --- Comment #10 from Thomas <tad1073 at gmail.com> --- Created attachment 573 --> https://bugzilla.netfilter.org/attachment.cgi?id=573&action=edit My actual rulesets Here is my actual nftables rules, it's simple but I just have a home server. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191014/78422a34/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-14 15:13 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 --- Comment #11 from Pablo Neira Ayuso <pablo at netfilter.org> --- Please send me a very small test script to reproduce what it is actually not working on your side. Thank you. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191014/29adbcd2/attachment.html>
bugzilla-daemon at netfilter.org
2020-Sep-09 18:28 UTC
[Bug 1371] Concatenations Literal sets
https://bugzilla.netfilter.org/show_bug.cgi?id=1371 --- Comment #12 from Pablo Neira Ayuso <pablo at netfilter.org> --- (In reply to Thomas from comment #9)> Created attachment 572 [details] > Concatenation test rulesThe examples you post in your file are imbalanced. # This dosen't work # nft add rule inet filter input iif eth0 ip6 saddr . ip6 saddr . ip6 daddr . ip6 nexthdr { 2001:4680:4680::8888, 2001:4680:4680:8844 . 1:2:3::4 . tcp, 2001:4680:4680::8888, 2001:4680:4680:8844 . 1:2:3::4 . udp } accept Here above, you specify: 2001:4680:4680::8888 , so it reports an error: Error: invalid data type, expected concatenation of (IPv6 address, IPv6 address, IPv6 address, Internet protocol) This comma should be just a dot instead. Similar comments go for other examples in this file. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200909/11766b56/attachment.html>