Bug 208093 - Broken vmap in nftables 0.9.5
Summary: Broken vmap in nftables 0.9.5
Status: NEW
Alias: None
Product: Networking
Classification: Unclassified
Component: Netfilter/Iptables (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: networking_netfilter-iptables@kernel-bugs.osdl.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-06-06 17:51 UTC by nucleo
Modified: 2020-06-07 17:35 UTC (History)
0 users

See Also:
Kernel Version: 5.7.0-1.fc33.x86_64
Subsystem:
Regression: No
Bisected commit-id:


Attachments

Description nucleo 2020-06-06 17:51:26 UTC
Hi,

This rules work with nftables 0.9.4 but do not apply with 0.9.5

# cat /etc/nftables/inet-filter.nft
#!/usr/sbin/nft -f

table inet filter {
        chain ssh_input {
        }

        chain wan_input {
                tcp dport vmap { 22 : jump ssh_input }
        }

        chain prerouting {
                type filter hook prerouting priority -300; policy accept;
                iif vmap { "eth0" : jump wan_input }
        }
}

# nft -f /etc/nftables/inet-filter.nft
/etc/nftables/inet-filter.nft:8:32-54: Error: map definition does not specify mapping data type
                tcp dport vmap { 22 : jump ssh_input }
                               ^^^^^^^^^^^^^^^^^^^^^^^
/etc/nftables/inet-filter.nft:13:26-52: Error: map definition does not specify mapping data type
                iif vmap { "eth0" : jump wan_input }
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^
Comment 1 nucleo 2020-06-07 17:35:36 UTC
Pablo's patch makes the rules work again.

Thanks.

Note You need to log in before you can comment on or make changes to this bug.