On Wed, Sep 27, 2017 at 08:16:44PM +0200, Florian Westphal wrote: > inet family (and others, e.g. bridge) lack context to figure > out the layer 3 address type. > > examples: > ct original saddr $addr > rt nexthop $addr > > We can't use $addr, because it might be a set reference, e.g. > > ct original saddr @whitelist > > currently implemented workaround is to use 'meta nfproto' > to provide the l3 context, e.g. > > meta nfproto ip rt nexthop 10.2.3.4 > > i.e. users need to fill dependency manually. > > Pablo suggested to instead specify ip saddr, ip6 saddr: > > ct original ip saddr $address > > and then let nft handle the dependency injection. > > This series does just that. > > Old syntax is preserved. Nice series, thanks Florian. Acked-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
