Hello,
I've come across a problem with named sets. My intention was to create two
sets with concatenated types, each set with a different number of subtypes.
nft failed to process such a definition, however, complaining about type
mismatch. Below is a simplified configuration that fails the processing.
flush ruleset
add table ip filter
add set filter setA {type ipv4_addr . inet_service . ipv4_addr; flags
timeout;}
add set filter setB {type ipv4_addr . inet_service; flags timeout;}
nft returns
fw2.nft:6:27-50: Error: datatype mismatch, expected concatenation of (IPv4
address, internet network service, IPv4 address), expression has type
concatenation of (IPv4 address, internet network service)
add set filter setB {type ipv4_addr . inet_service; flags timeout;}
If the number of subtypes matches, nft processes these sets just fine.
Is this a correct behavior? If so, how can one define two sets (in the same
table) with different numbers of concatenated types?
offtopic: Is there a way to define a *single* map that maps source ipv4: dst
port to ipv4:port and can be used in the dnat rule? So far, I was only able to
achieve that mapping with two maps (ip:port -> ip, ip:port -> port).
--
S pozdravem,
David Fabian
Cluster Design, s.r.o.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
