Serguei Bezverkhi (sbezverk) <sbezverk@xxxxxxxxx> wrote: > Hello, > > I started testing nfproxy in ipv6 enabled kubernetes cluster and it seems ipv6 address cannot be a part of concatenation expression. Is there a known issue or it is me doing something incorrect? > From my side the code is the same, I just change ip4_addr to ip6_addr when I build sets. types are irrelvant for the kernel. They are ONLY used by the nft tool so it knows how to format output. I suspect you need to fix up the generated payload expressions for ipv6. Essentially, in the ipv6 case, you have a concatenation ipv4_addr . ipv4_addr . ip4_addr . ipv4_addr . inet_service (ipv6 address needs 4 32-bit registers) i.e., you need to use a different destination register when you store the tcp/udp port, else you will clobber a part of the ipv6 address.
