inet family (and others, e.g. bridge) lack context to figure out the layer 3 address type. examples: ct original saddr $addr rt nexthop $addr We can't use $addr, because it might be a set reference, e.g. ct original saddr @whitelist currently implemented workaround is to use 'meta nfproto' to provide the l3 context, e.g. meta nfproto ip rt nexthop 10.2.3.4 i.e. users need to fill dependency manually. Pablo suggested to instead specify ip saddr, ip6 saddr: ct original ip saddr $address and then let nft handle the dependency injection. This series does just that. Old syntax is preserved. doc/nft.xml | 23 ++++++++--- include/ct.h | 3 - include/expression.h | 2 src/ct.c | 70 ++++++++++++++++++++++++---------- src/evaluate.c | 92 +++++++++++++++++++++++++++++++++++---------- src/netlink_delinearize.c | 52 +++++++++++-------------- src/parser_bison.y | 42 ++++++++++++++++++-- src/rt.c | 14 ++++++ tests/py/bridge/icmpX.t | 4 - tests/py/inet/ct.t | 7 ++- tests/py/inet/ct.t.payload | 4 - tests/py/inet/icmpX.t | 4 - tests/py/inet/rt.t | 10 +++- tests/py/inet/rt.t.payload | 4 - tests/py/ip/ct.t | 18 ++++---- tests/py/ip/ct.t.payload | 16 +++---- tests/py/ip/rt.t | 3 - tests/py/ip6/rt0.t | 2 18 files changed, 260 insertions(+), 110 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
