On 28 November 2013 13:33, Tomasz Bursztyka <tomasz.bursztyka@xxxxxxxxxxxxxxx> wrote: > > Why not reusing existing NFT_META_* keys? > It would just raise an error if not priority/mark/nftrace/secmark, as it > does currently. > Worth to keep that as it is imho, no need to duplicate. > That is a good approach, indeed. My motivations for this was to give some additional flexibility, so both keys sets don't depend on each other. One may think you can simply modify other meta elements, like iifname, etc.. > All expression have a short, one-word based name, which is nice. Yes, any suggestion? > > Anyway, doesn't it work already: if you create an immediate expression (to > load the value you want, at default dreg 0 aka NFT_REG_VERDICT) and a meta > expression without the NFTA_META_DREG set? (didn't try myself) > I commented the immediate load with Pablo. He suggested the value to be fetched from the metatarget directly. > If not maybe there is a shorter way to fix this, instead of creating a full > new expression. Looks like it was the original plan. > You mean the original plan was to avoid creating a new expression? In that case, I will have to revisit this, as I wasn't considering this approach. Thanks Tomasz for your comments :-) Regards. -- Arturo Borrero González -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html