Máté Eckl <ecklm94@xxxxxxxxx> wrote:
> On Thu, May 31, 2018 at 08:39:35PM +0200, Florian Westphal wrote:
> > Máté Eckl <ecklm94@xxxxxxxxx> wrote:
> > > On Thu, May 31, 2018 at 04:48:58PM +0200, Pablo Neira Ayuso wrote:
> > > > On Thu, May 31, 2018 at 01:42:17PM +0200, Máté Eckl wrote:
> > > > > On Thu, May 31, 2018 at 10:57:49AM +0200, Pablo Neira Ayuso wrote:
> > > > > > > I just wanted to make sure that the only accepted values are 0 and 1 and I
> > > > > > > didn't find other way to provide this check.
> > > > > >
> > > > > > You can reject this from the evaluation phase.
> > > > >
> > > > > Oh, earlier I didn't find how to do it, but now I think I did.
> > > > >
> > > > > Would you accept a new version of the patch with this?
> > > >
> > > > That looks good.
> > > >
> > > > Please tests if this will that work with maps too? eg.
> > > >
> > > > socket transparent ip saddr map { 1.1.1.1 : 1,
> > > > 2.2.2.2 : 0 }
> >
> > Pablo, this is to test if transparent flag is set, not to set it.
> >
> > There is no dreg. I'm not sure what the above should even do :-)
I meant 'sreg'.
> I think this should mean something like, match transparent eq 1 if saddr is 1.1.1.1 and transparent eq 0 if saddr is 2.2.2.2. But this is also just a guess.
That would be
socket transparent . ip saddr { 0 . 1.1.1.1, 1 . 2.2.2.2 }
"map" is used to obtain an input value, e.g.
mark set map socket transparent map { 1 : 42, 0 : 23 }
would set skb->mark to 42 or 23, depending on 'socket transparent'
state.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
