I am running out of time so I have to send this unfinished/non-working
state.
It breaks because ct is riddled with conflicts,
in nft we've handled original/reply as STRING to avoid conflicts
with 'arp reply', so we cannot add
ct original ip saddr
because it is
ct STRING IP SADDR
and that conflicts with basic use where 'ip saddr' could be payload
expression, and STRING is one of the normal ct tokens and not a direction.
I am trying to fix this here by moving all ct keywords back to tokens.
There are no shift/reduce errors, things compile fine, and all
test cases work. Its just that we break 'ct event set label':
Works:
ct event set new or reply
ct event set new,reply
ct event set new,label
fails:
ct event set label ('expects COMMA')
Other than that it should work, this also adds dependency removal
for meta and ct when de-linearizing rulesets and gets rid of
the uneeded meta dependency when using rt nexthop in inet table.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
