Hi,
contents of /etc/nftables.conf (run in dash shell Debian 12.9):
-------------------------------
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain filter {
type filter hook output priority filter;
@ih,0,129 == 0 \
accept;
}
}
-------------------------------
Output:
nft: evaluate.c:510: expr_evaluate_bits: Assertion `masklen <= NFT_REG_SIZE * BITS_PER_BYTE' failed.
It appears this error occurs due to the apparent 16-byte 'NFT_REG_SIZE' limit.
contents of /etc/nftables.conf (run in dash shell Debian 12.9):
-------------------------------
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain filter {
type filter hook output priority filter;
@ih,0,136 == 0 \
accept;
}
}
-------------------------------
/etc/nftables.conf:16:13-14: Error: Could not process rule: Value too large for defined data type
@ih,0,136 == 0 \
^^
Again, it appears this error should occur due to the 16-byte 'reg-size' limit.
The error is printed differently, or is encountered differently because the mask length was divisble by eight.
I believe that the error messages should be similar;
"Mask Length greater than upper limit of x bits" may be appropriate.
What is the best method to view the values of "NFT_REG_SIZE" and "BITS_PER_BYTE"
sunny
