Skip to content

nfnetlink nft_rule_msg regression #575

New issue
New issue
Closed
Closed
nfnetlink nft_rule_msg regression#575
Labels
bugfixed
@liam-mcb

Description

@liam-mcb
liam-mcb
opened on Jan 6, 2019

nft_rule_msg in netlink/nfnetlink/nftsocket.py no longer generates the correct netlink message.
#524 (specifically 254fc3e) changed nla array encoding so that the header type increments with each element.
The nfnetlink NFTA_RULE_EXPRESSIONS message requires that the header type remain as 1 for all elements in the array.

Following code should add a rule but doesn't.

import pyroute2
from pyroute2.nftables.expressions import ipv4addr, verdict
nft = pyroute2.NFTables()
nft.table('add', name='test0')
nft.chain('add', table='test0', name='test_chain0')
nft.rule('add',
         table='test0',
         chain='test_chain0',
         expressions=(ipv4addr(src='192.168.0.0/24'),
                      verdict(code=1)))

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugfixed

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions