bugzilla-daemon at netfilter.org
2024-Jun-27 22:13 UTC
[Bug 1756] New: Compare payload to non-constant value, e.g. ct mark
https://bugzilla.netfilter.org/show_bug.cgi?id=1756 Bug ID: 1756 Summary: Compare payload to non-constant value, e.g. ct mark Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: aksecurity at gmail.com I'd like to filter e.g. "@ih,0,32 ct mark", but that results in a syntax error (whereas "@ih,0,32 123" does not). Example: # nft 'add rule inet foo bar udp sport 1234 @ih,0,32 ct mark' Error: syntax error, unexpected ct add rule inet foo bar udp sport 1234 @ih,0,32 ct mark vs.: # nft 'add rule inet foo bar udp sport 1234 @ih,0,32 123' # -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240627/2a8d04bd/attachment.html>
bugzilla-daemon at netfilter.org
2024-Jun-27 22:13 UTC
[Bug 1756] Compare payload to non-constant value, e.g. ct mark
https://bugzilla.netfilter.org/show_bug.cgi?id=1756 aksecurity at gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aksecurity at gmail.com -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240627/ba803e4a/attachment.html>
Maybe Matching Threads
- [Bug 1755] New: Impossible to copy ct mark into a packet
- [Bug 1775] New: RAW PAYLOAD EXPRESSION offset is limited to 2048
- [Bug 942] New: ct: timeout, ctevents, expevents and zone is not supported in nft
- [Bug 1056] New: nft: Syntax error with dnat as ct state
- [Bug 951] New: ct expiration does not work with ranges