bugzilla-daemon at netfilter.org
2024-Jun-27 22:13 UTC
[Bug 1756] New: Compare payload to non-constant value, e.g. ct mark
https://bugzilla.netfilter.org/show_bug.cgi?id=1756
Bug ID: 1756
Summary: Compare payload to non-constant value, e.g. ct mark
Product: nftables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: aksecurity at gmail.com
I'd like to filter e.g. "@ih,0,32 ct mark", but that results in a
syntax error
(whereas "@ih,0,32 123" does not).
Example:
# nft 'add rule inet foo bar udp sport 1234 @ih,0,32 ct mark'
Error: syntax error, unexpected ct
add rule inet foo bar udp sport 1234 @ih,0,32 ct mark
vs.:
# nft 'add rule inet foo bar udp sport 1234 @ih,0,32 123'
#
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240627/2a8d04bd/attachment.html>
bugzilla-daemon at netfilter.org
2024-Jun-27 22:13 UTC
[Bug 1756] Compare payload to non-constant value, e.g. ct mark
https://bugzilla.netfilter.org/show_bug.cgi?id=1756
aksecurity at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |aksecurity at gmail.com
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240627/ba803e4a/attachment.html>
Apparently Analagous Threads
- [Bug 1755] New: Impossible to copy ct mark into a packet
- [Bug 1775] New: RAW PAYLOAD EXPRESSION offset is limited to 2048
- [Bug 942] New: ct: timeout, ctevents, expevents and zone is not supported in nft
- [Bug 1056] New: nft: Syntax error with dnat as ct state
- [Bug 951] New: ct expiration does not work with ranges