Hi all,
I just tried out the example file tests/payload-ll distributed with nftables,
which makes use of payload raw expressions of the form "@..,..,..". While the first
two declarations in the file, i.e.
nft add table ip filter
nft add chain ip filter input \{ type filter hook input priority 0\; \}
work as expected, the third declaration
nft add rule ip filter input @ll,48,48 00:15:e9:f0:10:f8 counter
is rejected with the error message
Error: protocol specification is invalid for this family
(the expression "@ll,48,48" is underlined in the output). Does the example use
an outdated syntax, or have I done something wrong?
Is there any documentation on how to use payload raw expressions? I couldn't find
any mention of it in the wiki or the manpage of nftables.
I am using Linux Kernel 4.2.4, together with the latest repository version of
libnftnl and nftables.
Greetings,
Stefan
--
Dr. Stefan Berghofer
Senior Consultant, Network & Client Security
Public Authorities
secunet Security Networks AG
Phone: +49 201 54 54-3606, Fax: +49 201 54 54-1323
E-Mail: stefan.berghofer@xxxxxxxxxxx
Ammonstraße 74, 01067 Dresden, Germany
www.secunet.com
______________________________________________________________________
Registered at: Kronprinzenstraße 30, 45128 Essen, Deutschland
Amtsgericht Essen HRB 13615
Management Board: Dr Rainer Baumgart (CEO), Thomas Pleines
Chairman of Supervisory Board: Dr Peter Zattler
______________________________________________________________________
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
