On 18 February 2014 11:12, Patrick McHardy <kaber@xxxxxxxxx> wrote:
>
> I'm actually not sure nft really could fail if the expression returned
> from the kernel makes any sense at all.
I did a fast&small test.
What to do in the event reporting if this situation is reached?
Non-sense rule added to the kernel:
ip filter input 0 0
[ cmp eq reg 1 0x00000006 ]
[ payload load 1b @ network header + 9 => reg 1 ]
[ payload load 2b @ transport header + 1 => reg 2 ]
[ counter pkts 0 bytes 0 ]
[ cmp eq reg 1 0x00001600 ]
% nft list table filter
table ip filter {
[...]
}
netlink: Error: Relational expression has no left hand side
netlink: Error: Relational expression size mismatch
--
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
