Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> Hi Florian,
>
> On Fri, Feb 26, 2016 at 08:19:34PM +0100, Florian Westphal wrote:
> > String is an unqualified type and we do not have a data element to
> > derive the element size from at set creation time.
> >
> > Add a new string subtype -- iface_name -- and switch
> > meta iifname/oifname to use it instead of string.
> >
> > One can then define a named set for interface names with
> >
> > nft add set filter ifnames '{type iface_name; }'
>
> The problem is that unqualified types cannot be currently used because
> the have no specific length.
Yes.
>
> Carlos has been submitting patches for a while (he's on Cc) that it
> would be great to see in the tree at some point this week. Basically,
> he's introducing a TLV infrastructure to store metainformation in the
> USERDATA area.
>
> The idea is to use these new TLVs to include the length of this
> datatype. This allows us to interpret the data when dumping it from
> the kernel and transform it to object via set_delinearize().
Ok, but how do you plan to handle the key length?
Currently the kernel will -EINVAL in nf_tables_newset() because the
key length is 0 for unqualified types.
Since nft has no information on the element keys (yet) I don't see
how the TLV infrastructure helps in this case.
I'll wait for your patches.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
