Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > But if the user introduces a meta random value that can be mapped to > probability datatype, we would still hit this asymmetry, right? So the > guess game would fail and the user would get confused. Yes, but thats not really different from what we do with dependency removal, e.g. with 'ip protocol tcp tcp dport 22', the 'ip protocol tcp' is still elided from list output since its redundant. > > Nothing, but the meta random might be interesting to e.g. set random > > (ct)mark for load balancing purposes. > > Could you have a look at the libnftnl userdata tlv infrastructure? We > can probably place this information the RULE_USERDATA so we provide an > explicit indication to userspace of how to interpret this. Currently > this is only used for rule comments, but we can stash this > how-to-interpret-this information there. Sure, I will have a look. It might take a while though. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
