similar to: [Bug 1261] New: nft trace crash with msg "BUG: invalid verdict value 2"

https://bugzilla.netfilter.org/show_bug.cgi?id=1736 Bug ID: 1736 Summary: nftables - dynamic update for verdict map from the packet path Product: nftables Version: 1.0.x Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1455 Bug ID: 1455 Summary: Queue verdict cannot be used in vmap Product: nftables Version: unspecified Hardware: arm OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1471 Bug ID: 1471 Summary: consider quick accept verdict and delayed drop policy Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1742 Bug ID: 1742 Summary: using nfqueue breaks SCTP connection (tracking) Product: libnetfilter_queue Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: libnetfilter_queue Assignee:

https://bugzilla.netfilter.org/show_bug.cgi?id=908 Summary: "not" keyword not implemented in nft Product: nftables Version: unspecified Platform: x86_64 OS/Version: Gentoo Status: NEW Severity: enhancement Priority: P5 Component: nft AssignedTo: pablo at netfilter.org ReportedBy:

https://bugzilla.netfilter.org/show_bug.cgi?id=1096 Bug ID: 1096 Summary: Kernel oops when inserting an element into a map Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: critical Priority: P5 Component: kernel Assignee: pablo at

Hi! The Netfilter project proudly presents: nftables 0.6 This release contains many accumulated bug fixes and new features availale up to the Linux 4.7-rc1 kernel release. New features ============ * Rule replacement: You can replace any rule from the unique 64-bits handle. You have to retrieve the handle from the ruleset listing. # nft list ruleset -a table ip filter { chain

Hi! The Netfilter project proudly presents: nftables 0.5 This release contains bug fixes and new features contained up to the 4.2 kernel release. New features ============ * Concatenations: You can combine two or more selectors to build a tuple, then use it to look up for a matching in sets, eg. % nft add rule ip filter input ip saddr . tcp dport { \ 1.1.1.1 . 22 , \

https://bugzilla.netfilter.org/show_bug.cgi?id=1112 Bug ID: 1112 Summary: xtables-compat-multi fails to parse comments Product: iptables Version: CVS (please indicate timestamp) Hardware: x86_64 OS: Gentoo Status: NEW Severity: minor Priority: P5 Component: unknown Assignee:

https://bugzilla.netfilter.org/show_bug.cgi?id=1396 Bug ID: 1396 Summary: When rule with 3 concat elements are added, nft list shows only 2 Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: critical Priority: P5 Component: nft

Hi! The Netfilter project proudly presents: nftables 0.4 This release contains a lot of bug fixes and new features contained up to the recent 3.18 kernel release (and some features coming up in the yet unreleased 3.19-rc). New features ============ * Add support for global ruleset operations (available since 3.18). Get rid of all tables, chains, and rules in one go: # nft

Hi, This is a second try to fix the long chain call lengths in netfilter. The difference with the previous patch is that I got rid of the extra argument. I somehow didn't see it could be done without using the 'int *ret2' argument. A comment on the number of arguments to nf_hook_slow: I don't think the number of arguments should be decreased. For the bridge-nf code, f.e., the

The netfilter project presents: nftables 0.2 This release contains a rather large number of bug fixes, syntax cleanups, new features, support for all new features contained in the recent 3.14 kernel release as well as *drumroll* documentation. Syntax changes ============== * More consistency in data type names Data type names are used in set declarations. All address related types now

https://bugzilla.netfilter.org/show_bug.cgi?id=1673 Bug ID: 1673 Summary: bug egress hook virtio interface with VLAN Product: nftables Version: 1.0.x Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: kernel Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1672 Bug ID: 1672 Summary: bug egress hook virtio interface with VLAN Product: nftables Version: 1.0.x Hardware: All OS: other Status: NEW Severity: normal Priority: P5 Component: kernel Assignee: pablo at netfilter.org

This question is not about linux usage. But still i think user list is a good crowd for linux programmer. So here it goes. I have this libnetfilter_queue application which receives packets from kernel based on some iptables rule. Before going straight to my problem, i'm giving a sample workable code and other tools to set up a test environment so that We problem definition and possible

Hi! The Netfilter project proudly presents: nftables 0.8.1 This release contains mostly incremental fixes and documentation updates, such as fixing up ./configure --with-mini-gmp for embedded setups that don't have libgmp. Deprecated syntax ================= This release deprecates the "flow table" syntax in favor of "meter" to address Netfilter's bugzilla

https://bugzilla.netfilter.org/show_bug.cgi?id=1225 Bug ID: 1225 Summary: Nft syntax error (snat, dnat using multiple maps) Product: nftables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1303 Bug ID: 1303 Summary: nft improperly merges intervals Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: critical Priority: P5 Component: nft Assignee: pablo at netfilter.org

Hi! The Netfilter project proudly presents: nftables 0.7 This release contains many accumulated bug fixes and new features available up to the (upcoming) Linux 4.10-rc1 kernel release. * Facilitate migration from iptables to nftables: At compilation time, you have to pass this option. # ./configure --with-xtables And libxtables needs to be installed in your system. This allows