On Tue, Mar 01, 2016 at 03:21:24PM +0530, Shivani Bhardwaj wrote: > On Tue, Mar 1, 2016 at 2:52 AM, Laura Garcia Liebana <nevola@xxxxxxxxx> wrote: > > Hi Laura, > > > Add translation for random to nftables. > > > Here, you are providing translation for module statistic, random is > just a mode for matching the rule. Please make sure to use correct > module name in the commit message next time. > > > Examples: > > > > $ iptables-translate -A INPUT -m statistic --mode random --probability > > 0.1 -j ACCEPT > > nft add rule ip filter INPUT meta random 0.10000000009 counter accept > > > > $ iptables-translate -A INPUT -m statistic --mode random ! --probability > > 0.1 -j ACCEPT > > nft add rule ip filter INPUT meta random != 0.10000000009 counter accept > > > > The match statistic is not yet supported in nftables, so these > translations are not going to work. You can track the supported > extensions here: > http://wiki.nftables.org/wiki-nftables/index.php/Supported_features_compared_to_xtables, > you can edit any discrepancies you find on this page. I'm seeing here that there are partial translations that are not in the tree. I would like to have them merged upstream, no need to wait to fully support every extension, we can document these limitations in the wiki and the commit log. IIRC, if the .xlate indirection returns 0, then it means no translation is available. We can use that for things that we don't support yet. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
