search for: inet_proto

...Hardware: All OS: All Status: NEW Severity: critical Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: sbezverk at cisco.com table ip ipv4table { map cluster-ip-services-set { type inet_proto . ipv4_addr . inet_service : verdict } chain k8s-nat-mark-masq { ip protocol . ip daddr vmap @cluster-ip-services-set } chain k8s-nat-do-mark-masq { meta mark set 0x00004000 return } } the command to add rule to k8s-nat-mark-masq chain is: sudo nft add rule...

...U_SOURCE -O2 -Wstrict-prototypes -Wall -I../include -DRESOLVE_HOSTNAMES -c -o ll_proto.o ll_proto.c gcc -D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall -I../include -DRESOLVE_HOSTNAMES -c -o ll_addr.o ll_addr.c gcc -D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall -I../include -DRESOLVE_HOSTNAMES -c -o inet_proto.o inet_proto.c gcc -D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall -I../include -DRESOLVE_HOSTNAMES -c -o dnet_ntop.o dnet_ntop.c gcc -D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall -I../include -DRESOLVE_HOSTNAMES -c -o dnet_pton.o dnet_pton.c gcc -D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall -I../inclu...

...l Status: NEW Severity: critical Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: sbezverk at cisco.com Here is defined vmap: table ip ipv4table { map no-endpoints-services { type inet_proto . ipv4_addr . inet_service : verdict } When I try to add an element to the vmap I get an error: ``` sudo nft --debug all add element ipv4table no-endpoints-services { tcp . 192.168.80.104 . 8989 : goto do_reject } Error: Could not process rule: Invalid argument add element...

...Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: fasnacht at protonmail.ch Hello, For tracking, here's a bug I'm experiencing, with the following, in an inet table: map nat-int-ext-port-v4 { type ipv4_addr . inet_service . inet_proto : inet_service } [...] ip protocol {udp, tcp} snat ip to $host_ipv4_address : ip saddr . th sport . ip protocol map @nat-int-ext-port-v4 I get: Error: transport protocol mapping is only valid after transport protocol match It works fine with restricting ip protocol to one single protocol. Be...

...two config files, one being the main config and another one to be loaded on a certain node condition after the main config being already in play. Both however with rules that refer to the same named set that is being loaded initially with the main config. The set in question: set t_u { type inet_proto flags constant counter size 2 elements = { 6, 17 } } Trying to prime the secondary conf with nft -f, not flushing the main conf, it produces: Error: No such file or directory It seems that NFT is checking only within the context of the secondary conf but not against the already...

Hi, i''m just new here, i''m searching for how to compile tc (if i''ve understood correctly, i must compile the whole iproute2 thing). So i did like the read me file said: ------ 1. Look at start of Makefile and set correct values for: KERNEL_INCLUDE ----- i did that, and then i doesn''t understand a damn thing about the reste of the the 1st step about ADDLIB

...ibc/glibc-bugs.h -I/usr/src/linux/include -I../include -DRESOLV E_HOSTNAMES -c -o ll_addr.o ll_addr.c gcc -D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall -g -I../include-glibc -I/usr /include/db3 -include ../include-glibc/glibc-bugs.h -I/usr/src/linux/include -I../include -DRESOLV E_HOSTNAMES -c -o inet_proto.o inet_proto.c gcc -D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall -g -I../include-glibc -I/usr /include/db3 -include ../include-glibc/glibc-bugs.h -I/usr/src/linux/include -I../include -DRESOLV E_HOSTNAMES -c -o dnet_ntop.o dnet_ntop.c gcc -D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall -g -I../include-...

https://bugzilla.netfilter.org/show_bug.cgi?id=1145 Bug ID: 1145 Summary: nft 0.7: expression.c:966: range_expr_value_low: Assertion '0' failed. Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: normal Priority: P5

...nftables style (and not just copying my old rules), and (a shortened excerpt just do demonstrate the problem) was something like table inet firewall { set allowed_interfaces { type ifname elements = { "lo" } } set allowed_protocols { type inet_proto elements = { icmp, icmpv6 } } set allowed_tcp_dports { type inet_service elements = { ssh } } chain allow { ct state established,related accept meta l4proto @allowed_protocols accept iifname @all...

...0 Reject statement with range meta mark set 0-100 - Support for auto-merge flag in sets in JSON - Print 0s in time datatype - Speed up list tables by fetching tables only - Skip byteorder conversion with 8-byte fields set test { type ipv4_addr . ether_addr . inet_proto flags interval } ip saddr . ether saddr . meta l4proto @test counter - Honor -t/--terse with list table and list set to speed up listing - Allow for host-endian in set lookups map ipsec_in { typeof ipsec in reqid . iif : verdict flags interval } ipsec in reqi...

Looks like the GSO is involved? I got this while running Dom0 only (no guests), with a BOINC/Rosetta@home application running on all 4 cores. changeset: 10649:8e55c5c11475 Build: x86_32p (pae). ------------[ cut here ]------------ kernel BUG at net/core/dev.c:1133! invalid opcode: 0000 [#1] SMP CPU: 0 EIP: 0061:[<c04dceb0>] Not tainted VLI EFLAGS: 00210297 (2.6.16.13-xen