Phil Sutter <phil@xxxxxx> wrote:
> Since kernel commit 8059918a1377 ("netfilter: nft_ct: sanitize layer 3
> and 4 protocol number in custom expectations"), ct expectations
> specifying an l3proto which does not match the table family are
> rejected.
> - l3proto ip
> + l3proto inet
> }
This can't be right, the kernel must reject this.
99993789966a ("netfilter: nft_ct: fix l3num expectations with inet pseudo family")
was supposed to fix this up.
