Displaying 5 results from an estimated 5 matches for "sbezverk".
Did you mean:
bezerk
2020 Jan 06
9
[Bug 1395] New: Add element fails with Error: Could not process rule: Invalid argument
...Invalid argument
Product: nftables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: critical
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: sbezverk at cisco.com
Here is defined vmap:
table ip ipv4table {
map no-endpoints-services {
type inet_proto . ipv4_addr . inet_service : verdict
}
When I try to add an element to the vmap I get an error:
```
sudo nft --debug all add element ipv4table no-e...
2020 Feb 04
2
[Bug 1405] New: Possible a bug in n libnftables deserializer. [invalid type]
...type]
Product: libnftnl
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: critical
Priority: P5
Component: libnftnl
Assignee: pablo at netfilter.org
Reporter: sbezverk at cisco.com
When I add update rule for a map, nft command does not fail but shows [invalid
type]
table ip kube-nfproxy-v4 {
map sticky-set-svc-M53CN2XYVUHRQ7UB {
type ipv4_addr : integer
size 65535
timeout 6m
}
chain k8s-nfproxy-sep-TMVEFT7EX55F4T62 {...
2019 Mar 01
2
[Bug 1324] New: with kernel 4.20.11 ip6table REDIRECT, process listening on redirected port does not get a packet
...t
Product: iptables
Version: 1.6.x
Hardware: All
OS: RedHat Linux
Status: NEW
Severity: critical
Priority: P5
Component: ip6tables
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: sbezverk at cisco.com
I encountered a bug in 4.20.11 kernel, specifically in ip6tables redirects.
It is kubernetes environment where two containers running in the same pod and
sharing the same network stack. One container sends tcp traffic curl to port
443, and output chain rule will redirect it to ::1:...
2020 Jan 07
4
[Bug 1396] New: When rule with 3 concat elements are added, nft list shows only 2
...shows only 2
Product: nftables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: critical
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: sbezverk at cisco.com
table ip ipv4table {
map cluster-ip-services-set {
type inet_proto . ipv4_addr . inet_service : verdict
}
chain k8s-nat-mark-masq {
ip protocol . ip daddr vmap @cluster-ip-services-set
}
chain k8s-nat-do-mark-masq {
meta mark set 0x000040...
2019 Jun 19
2
[Bug 1344] New: Segmentation fault in nft add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321 }
...cp sport { 12345-54321 }
Product: nftables
Version: unspecified
Hardware: All
OS: Ubuntu
Status: NEW
Severity: critical
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: sbezverk at cisco.com
According to documentation ` tcp sport { 12345-54321 }` should be supported but
it fails with Segmentation Fault.
See debug below:
sudo nft --debug all add rule ip ipv4table ipv4chain-1 tcp sport { 12345-54321
}
Entering state 0
Reducing stack by rule 1 (line 747):
-> $$ = nterm...