bugzilla-daemon at netfilter.org
2024-Jun-23 22:22 UTC
[Bug 1755] New: Impossible to copy ct mark into a packet
https://bugzilla.netfilter.org/show_bug.cgi?id=1755
Bug ID: 1755
Summary: Impossible to copy ct mark into a packet
Product: netfilter/iptables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: unknown
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: aksecurity at gmail.com
I noticed that while I can write payload data into ct mark (and into meta
mark), I cannot copy data from ct mark (and meta mark) into the packet. NFT
complains about mismatching types (expecting integer, but ct mark is
"packet
mark" type). But this type mismatch doesn't happen when writing from
the packet
to ct mark...
MWE (BTW this is an NFT command line compiled today from git, but it reports
the standard 1.0.9 version - is this on purpose?)
MWE>nft -V
nftables v1.0.9 (Old Doc Yak #3)
cli: editline
json: no
minigmp: no
libxtables: no
MWE>nft add table inet foo
MWE>nft 'add chain inet foo bar { type filter hook output priority 0;
}'
MWE>nft 'add rule inet foo bar udp dport 1234 @ih,0,32 set ct mark'
Error: datatype mismatch: expected integer, expression has type packet mark
add rule inet foo bar udp dport 1234 @ih,0,32 set ct mark
~~~~~~~~~~~~~^^^^^^^
MWE>
The requested bug fix is to be able to write ct mark into the packet.
Thanks,
-Amit
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240623/a9e8d6b4/attachment.html>
bugzilla-daemon at netfilter.org
2024-Jun-24 15:01 UTC
[Bug 1755] Impossible to copy ct mark into a packet
https://bugzilla.netfilter.org/show_bug.cgi?id=1755
aksecurity at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |aksecurity at gmail.com
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240624/ed2a9eb0/attachment.html>
bugzilla-daemon at netfilter.org
2024-Jun-25 23:40 UTC
[Bug 1755] Impossible to copy ct mark into a packet
https://bugzilla.netfilter.org/show_bug.cgi?id=1755
Phil Sutter <phil at nwl.cc> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |phil at nwl.cc
Component|unknown |nft
Assignee|netfilter-buglog at lists.netf |pablo at netfilter.org
|ilter.org |
Product|netfilter/iptables |nftables
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240625/02de1148/attachment.html>
bugzilla-daemon at netfilter.org
2024-Jun-26 11:25 UTC
[Bug 1755] Impossible to copy ct mark into a packet
https://bugzilla.netfilter.org/show_bug.cgi?id=1755 --- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> --- Created attachment 745 --> https://bugzilla.netfilter.org/attachment.cgi?id=745&action=edit sketch patch to allow to set raw expression to mark datatype -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240626/ec52d1e7/attachment.html>
bugzilla-daemon at netfilter.org
2024-Jun-26 11:26 UTC
[Bug 1755] Impossible to copy ct mark into a packet
https://bugzilla.netfilter.org/show_bug.cgi?id=1755 --- Comment #2 from Pablo Neira Ayuso <pablo at netfilter.org> --- It needs a close look, because datatype_compatible() is used in other existing codepaths. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240626/e55041e7/attachment.html>