Bug 208093

Summary: Broken vmap in nftables 0.9.5
Product: Networking Reporter: nucleo (nucleo)
Component: Netfilter/IptablesAssignee: networking_netfilter-iptables (networking_netfilter-iptables)
Status: NEW ---    
Severity: normal    
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 5.7.0-1.fc33.x86_64 Subsystem:
Regression: No Bisected commit-id:

Description nucleo 2020-06-06 17:51:26 UTC 
Hi,

This rules work with nftables 0.9.4 but do not apply with 0.9.5

# cat /etc/nftables/inet-filter.nft
#!/usr/sbin/nft -f

table inet filter {
        chain ssh_input {
        }

        chain wan_input {
                tcp dport vmap { 22 : jump ssh_input }
        }

        chain prerouting {
                type filter hook prerouting priority -300; policy accept;
                iif vmap { "eth0" : jump wan_input }
        }
}

# nft -f /etc/nftables/inet-filter.nft
/etc/nftables/inet-filter.nft:8:32-54: Error: map definition does not specify mapping data type
                tcp dport vmap { 22 : jump ssh_input }
                               ^^^^^^^^^^^^^^^^^^^^^^^
/etc/nftables/inet-filter.nft:13:26-52: Error: map definition does not specify mapping data type
                iif vmap { "eth0" : jump wan_input }
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^
Comment 1 nucleo 2020-06-07 17:35:36 UTC 
Pablo's patch makes the rules work again.

Thanks.