Value too large for defined data type

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

DISTRIB_DESCRIPTION="Ubuntu 18.04.4 LTS"
nftables=0.9.4-1

Hello, I'm trying to manipulate a packet based on the domain in the
UDP message header.

./nft.conf:8:1-138: Error: Could not process rule: Value too large for
defined data type
add rule myrule prerouting nftrace set 1 meta l4proto udp udp dport 53
@th,160,200 0x086163636F756E747306676F6F676C6503636F6D00 dnat 8.8.8.8
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Hex = accounts.google.com

Looks like there is a limit on what can be searched.

Using something smaller works fine in nftables.

nft add rule myrule prerouting nftrace set 1 meta l4proto udp udp
dport 53 @th,160,120 0x03777777057961686f6f03636f6d00 dnat 8.8.8.8

Hex = www.yahoo.com

accounts.google.com works using iptables.

-A PREROUTING -s 192.168.254.225/32 -p udp -m string --hex-string
"|086163636F756E747306676F6F676C6503636F6D00|" --algo bm --from 40
--to 65 -m udp --dport 53 -j DNAT --to-destination 1.0.0.1

Thanks in advance.
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux