----- Original Message ----- > From: "Andreas Schultz" <aschultz@xxxxxxxx> > To: "Pablo Neira Ayuso" <pablo@xxxxxxxxxxxxx> > Cc: netfilter-devel@xxxxxxxxxxxxxxx > Sent: Wednesday, June 17, 2015 12:19:15 PM > Subject: Re: iptables nftables compat weirdness > Hi, > > ----- Original Message ----- >> From: "Pablo Neira Ayuso" <pablo@xxxxxxxxxxxxx> >> To: "Andreas Schultz" <aschultz@xxxxxxxx> >> Cc: netfilter-devel@xxxxxxxxxxxxxxx >> Sent: Tuesday, June 16, 2015 6:07:25 PM >> Subject: Re: iptables nftables compat weirdness > > [...] > >> Could you help me diagnosing this problem? The nf_tables kernel side >> is rejecting this with -EINVAL. Is this a new bug in the 4.1-rc >> series? Seems to be an old bug. I was able to reproduce it on Ubuntu 15.10, Kernel 3.19 with nftables 0.4 and libnftnl-dev 1.0.3 packages and iptables from git head. Test sequence: # nft delete table filter # iptables-compat -N test # iptables-compat -A INPUT -j test # iptables-compat -A test -j MARK --set-mark 0x80000000/0x80000000 # iptables-compat -A INPUT -j test iptables: Invalid argument. Run `dmesg' for more information. Andreas -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
