On Fri, Nov 01, 2024 at 12:22:01AM +0100, Florian Westphal wrote: > Florian Westphal <fw@xxxxxxxxx> wrote: > > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > > # nft -f test.nft > > > test.nft:3:32-45: Error: Could not process rule: Operation not supported > > > udp dport 4789 vxlan ip saddr 1.2.3.4 > > > ^^^^^^^^^^^^^^ > > > > > > Reverting "netfilter: nf_tables: must hold rcu read lock while iterating expression type list" > > > makes it work for me again. > > > > > > Are you compiling nf_tables built-in there? I make as a module, the > > > type->owner is THIS_MODULE which refers to nf_tables.ko? > > > > Indeed, this doesn't work. > > > > But I cannot remove this test, this code looks broken to me in case > > inner type is its own module. > > > > No idea yet how to fix this. > > Can you apply the series with out patch 6? > Someone else should look at it, i can't find a > good solution, this would need a rewrite to obtain > a reference on the type AFAICS. > > I could cmp for nft_payload_type/nft_meta_type instead > but I feel its cheating and fragile too. And these expression are the only ones providing ->inner_ops at this stage. I understand your concern if future extensibility could bring bugs, but we can place a comment here to remember by now.
