Join Log in
Score:0
Jakob avatar Server

Nftables map expects IPv6 address, mapping expression has type integer

io flag
Jakob

I need to change the destination address of an IPv6 packet depending on the payload of that packet.

I'm using a raw payload expression to extract the encapsulated IPv6 address inside that packet and want to use a map to determine the new destination address the outer packet.

The following minimized version of my nftables.conf fails to load:

table ip6 test {
    map iptoip {
        type ipv6_addr : ipv6_addr
    }
    chain foo {
        type filter hook postrouting priority srcnat; policy accept;
        #...
        ip6 daddr set @th,384,128 map @iptoip
    }
}

Trying to load this config with nft -f minimized.conf fails with the following error:

minimized.conf:8:39-45: Error: datatype mismatch, map expects IPv6 address, mapping expression has type integer
        ip6 daddr set @th,384,128 map @iptoip
                      ~~~~~~~~~~~     ^^^^^^^

Is it possible to convince nftables that a 128 bit integer can be used as a IPv6 address?

102
0 + 1
Jakob avatar
io flag
Jakob
I may have found a workaround: First set the destination address to the output of the raw payload expression and use the map in the next statement with the temporary destination address as the key. (Loads fine, but not yet tested for functionality)
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.