On Mon, Jul 22, 2019 at 11:37:40AM +0200, Florian Westphal wrote: > Currently nft dumps core when it encounters a prefix expression as > part of a statement, e.g. > iifname ens3 snat to 10.0.0.0/28 > > yields: > BUG: unknown expression type prefix > nft: netlink_linearize.c:688: netlink_gen_expr: Assertion `0' failed. > > This assertion is correct -- we can't linearize a prefix because > kernel doesn't know what that is. > > For LHS prefixes, they get converted to a binary 'and' such as > '10.0.0.0 & 255.255.255.240'. For RHS, we can do something similar > and convert them into a range. > > snat to 10.0.0.0/28 will be converted into: > iifname "ens3" snat to 10.0.0.0-10.0.0.15 > > Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1187 > Signed-off-by: Florian Westphal <f...@strlen.de>
Acked-by: Pablo Neira Ayuso <pa...@netfilter.org> Please, double check before pushing this out that valgrind is happy with this (no memleaks). Thanks.
