On Thu, Oct 31, 2024 at 10:56:45PM +0100, Florian Westphal wrote: > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > > This targets nf-next because these are long-standing issues. > > > > This series breaks inner matching, I can see tests/shell reports: > > > > I: conf: NFT_TEST_HAVE_inner_matching=n > > Uh, didn't i fix this in v2? V1 had a bug in patch 6: > > + if (!type->inner_ops || type->owner) { > + err = -EOPNOTSUPP; I am using v2, I can see this chunk. > V1 had !type->owner, which causes feature probe to fail and the test to > skip (it skips builtin instead of module...). > > I re-tested, I get: > I: conf: NFT_TEST_HAVE_inner_matching=y # cat test.nft table ip t { chain c { udp dport 4789 vxlan ip saddr 1.2.3.4 } } # nft -f test.nft test.nft:3:32-45: Error: Could not process rule: Operation not supported udp dport 4789 vxlan ip saddr 1.2.3.4 ^^^^^^^^^^^^^^ Reverting "netfilter: nf_tables: must hold rcu read lock while iterating expression type list" makes it work for me again. Are you compiling nf_tables built-in there? I make as a module, the type->owner is THIS_MODULE which refers to nf_tables.ko?