Hi Florian, On Thu, Jan 11, 2024 at 02:16:51PM +0100, Florian Westphal wrote: > Florian Westphal <fw@xxxxxxxxx> wrote: > > ... this will cause an assertion in netlink linearization, catch this > > at eval stage instead. > > > > before: > > BUG: unknown expression type range > > nft: netlink_linearize.c:908: netlink_gen_expr: Assertion `0' failed. > > > > after: > > /unknown_expr_type_range_assert:3:31-40: Error: ct expression cannot be a range > > ct mark set 0x001-3434 > > ^^^^^^^^^^ > > This isn't enough, we have a truckload of bugs like this. > > e.g. 'tproxy to 1.1.1.10/0'. This passes EXPR_RANGE check, > but we still hit the assertion because prefix is translated to a range > later on. I am going to take a look at this one. > dup and fwd also have this issue, probably a lot more. I believe we have to go the extra mile and sanitize this, to avoid non-sensical transformations which leads to hit BUG.
