This was my concern also. I'm running nft on router firmware called LEDE, it currently runs kernel 4.4.120 and originally included version of nft in the image was 0.4. I took nft source from latest unstable version of LEDE and I got 0.8.2. Then I thought ok, it might be something wrong with the versions and I just recompiled image with stock stable sources just for a test. Funny enough, I got same error message running nftables 0.4 on kernel 4.4.120.
Now the question is if it is LEDE configuration problem or it is something wrong with nftables.
> On March 20, 2018 at 11:52 PM Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx> wrote:
>
>
> On Tue, Mar 20, 2018 at 07:45:23PM +0100, darius wrote:
> > Ok, output of command is pasted below (sorry, but it is really log):
> >
> > root@LEDE:~# nft --debug all add rule ip ipv4_filter incoming tcp dport
> > {ssh} log accept
> > Entering state 0
> > Reducing stack by rule 1 (line 725):
> [...]
>
> It seems you may be running an unfortunate choice of nft version.
>
> The line and rule numbers in your dump are higher than for release 0.8.3:
>
> > Entering state 0
> > Reducing stack by rule 1 (line 721):
>
> But they are lower than the latest git snapshot I have built (up to 20180317):
>
> > Entering state 0
> > Reducing stack by rule 1 (line 737):
>
> Other than that, there are no substantial differences between any of the logs
> except you get an error message and I don't.
>
> Alternatively, it could be your kernel version. I am running 4.15.10, the newest
> revision to have any netfilter patches.
>
> Cheers ... Duncan.
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
