These tests work, but I omitted a few lines that do not:
in: frag frag-off @s4 accept
in: ip version @s8
out: (frag unknown & 0xfff8 [invalid type]) >> 3 == @s4
out: (ip l4proto & pfsync) >> 4 == @s8
Next patches resolve this.
Signed-off-by: Florian Westphal <fw@strlen.de>
elements = { 1, 4 }
}
+ set s8 {
+ typeof ip version
+ elements = { 4, 6 }
+ }
+
+ set s9 {
+ typeof ip hdrlength
+ elements = { 0, 1, 2, 3, 4,
+ 15 }
+ }
+
chain c1 {
osf name @s1 accept
}
chain c7 {
sctp chunk init num-inbound-streams @s7 accept
}
+
+ chain c9 {
+ ip hdrlength @s9 accept
+ }
}
elements = { 1, 4 }
}
+ set s8 {
+ typeof ip version
+ elements = { 4, 6 }
+ }
+
+ set s9 {
+ typeof ip hdrlength
+ elements = { 0, 1, 2, 3, 4, 15 }
+ }
+
chain c1 {
osf name @s1 accept
}
chain c7 {
sctp chunk init num-inbound-streams @s7 accept
}
+
+ chain c9 {
+ ip hdrlength @s9 accept
+ }
}"
set -e
projects / thirdparty / nftables.git / commitdiff
