Re: [PATCH nft] netlink: Print value sizes on Relational expression size mismatch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Máté Eckl <ecklm94@xxxxxxxxx> wrote:
> On Thu, May 31, 2018 at 08:39:35PM +0200, Florian Westphal wrote:
> > Máté Eckl <ecklm94@xxxxxxxxx> wrote:
> > > On Thu, May 31, 2018 at 04:48:58PM +0200, Pablo Neira Ayuso wrote:
> > > > On Thu, May 31, 2018 at 01:42:17PM +0200, Máté Eckl wrote:
> > > > > On Thu, May 31, 2018 at 10:57:49AM +0200, Pablo Neira Ayuso wrote:
> > > > > > > I just wanted to make sure that the only accepted values are 0 and 1 and I
> > > > > > > didn't find other way to provide this check.
> > > > > > 
> > > > > > You can reject this from the evaluation phase.
> > > > > 
> > > > > Oh, earlier I didn't find how to do it, but now I think I did.
> > > > > 
> > > > > Would you accept a new version of the patch with this?
> > > > 
> > > > That looks good.
> > > > 
> > > > Please tests if this will that work with maps too? eg.
> > > > 
> > > >         socket transparent ip saddr map { 1.1.1.1 : 1,
> > > >                                           2.2.2.2 : 0 }
> > 
> > Pablo, this is to test if transparent flag is set, not to set it.
> > 
> > There is no dreg.  I'm not sure what the above should even do :-)

I meant 'sreg'.

> I think this should mean something like, match transparent eq 1 if saddr is 1.1.1.1 and transparent eq 0 if saddr is 2.2.2.2. But this is also just a guess.

That would be

socket transparent . ip saddr { 0 . 1.1.1.1, 1 . 2.2.2.2 }

"map" is used to obtain an input value, e.g.

mark set map socket transparent map { 1 : 42, 0 : 23 }

would set skb->mark to 42 or 23, depending on 'socket transparent'
state.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux