Bug 1374754 - TestOnly: [RFE] better keyword for pkt_type matches
Summary: TestOnly: [RFE] better keyword for pkt_type matches
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: nftables
Version: 7.4
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: rc
: ---
Assignee: Phil Sutter
QA Contact: Tomas Dolezal
URL:
Whiteboard:
Depends On:
Blocks: 1628694 1628696
TreeView+ depends on / blocked
 
Reported: 2016-09-09 14:13 UTC by Paolo Abeni
Modified: 2018-10-30 10:38 UTC (History)
7 users (show)

Fixed In Version: nftables-0.8-1.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1628694 (view as bug list)
Environment:
Last Closed: 2018-10-30 10:38:13 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:3154 0 None None None 2018-10-30 10:38:36 UTC

Description Paolo Abeni 2016-09-09 14:13:16 UTC
currently the nftables tool supports the following symbols for pkt_type matches:

broadcast
multicast
unicast

with the latter being quite misleading, actually meaning 'unicast packet for this host' or PACKET_HOST, in term of kernel's define.

Other relevant symbols are advisable, e.g. at least for the pkt_type PACKET_OTHERHOST.

Comment 1 Phil Sutter 2017-10-19 08:54:24 UTC
This was fixed by Florian:

commit 8a7f6de536408336770e352cde939f8cb09a644d
Author: Florian Westphal <fw>
Date:   Thu Oct 27 14:31:34 2016 +0200

    meta: fix pkttype name and add 'other' symbol
    
    'unicast' doesn't check for unicast packets; it checks for PACKET_HOST,
    i.e. a packet coming in for this host.
    
    A unicast address to some other machine (e.g. because nic is
    in promisc mode) will have PACKET_OTHER.
    
    So at best this is misleading, so this patch changes it
    to 'host'.  The unicast entry is retained for compat purpose.
    
    Signed-off-by: Florian Westphal <fw>
    Acked-by: Pablo Neira Ayuso <pablo>

The patch is part of v0.7 release. Since RHEL7.5 will come with v0.8, this ticket is merely TestOnly anymore.

Comment 2 Phil Sutter 2018-05-07 10:37:36 UTC
Targeting RHEL7.6 for testing this.

Comment 9 errata-xmlrpc 2018-10-30 10:38:13 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3154


Note You need to log in before you can comment on or make changes to this bug.