David Fabian <david.fabian@xxxxxxxxx> wrote:
> fw2.nft:6:27-50: Error: datatype mismatch, expected concatenation of (IPv4
> address, internet network service, IPv4 address), expression has type
> concatenation of (IPv4 address, internet network service)
> add set filter setB {type ipv4_addr . inet_service; flags timeout;}
>
> If the number of subtypes matches, nft processes these sets just fine.
>
> Is this a correct behavior?
No. We erronously leak properties of first parsed set into evaluation
of second one.
> offtopic: Is there a way to define a *single* map that maps source ipv4: dst
> port to ipv4:port and can be used in the dnat rule? So far, I was only able to
> achieve that mapping with two maps (ip:port -> ip, ip:port -> port).
I don't think so, it would require to add support to return multiple
results from lookup.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
