Hi,
i'm playing with nftables maps and found some issues.
First:
I can add this named map in the CLI but I can't load it from a file.
This can be reproduced with these commands:
% nft flush ruleset
% nft add table t
% nft add map t m { type ipv4_addr : ipv4_addr ; }
% nft add element t m {1.1.1.1: 2.2.2.2 }
% echo "flush ruleset" > test.nft
% nft list ruleset >> test.nft
% nft -f test.nft
test.nft:5:28-46: Error: mapping outside of map context
elements = { 1.1.1.1 : 2.2.2.2}
^^^^^^^^^^^^^^^^^^^
Second:
I can use ANONYMOUS maps for SNAT:
% nft flush ruleset
% nft add table nat
% nft add chain nat postrouting
% nft add rule nat postrouting snat ip saddr map {1.1.1.1 : 2.2.2.2}
[OK]
But I can't use NAMED maps for SNAT:
% nft flush ruleset
% nft add table nat
% nft add map nat m { type ipv4_addr : ipv4_addr\; }
% nft add element nat m { 1.1.1.1 : 2.2.2.2 }
% nft add chain nat postrouting
% nft add rule nat postrouting snat ip saddr map @m
<cmdline>:1:1-45: Error: Could not process rule: Invalid argument
add rule nat postrouting snat ip saddr map @m
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This seems to be triggered by the kernel (I'm running 4.1, please let
me know if newer versions has this fixed)
best regards!
--
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
