On Thu, Jun 21, 2018 at 01:42:14PM +0200, Pablo Neira Ayuso wrote:
> On Thu, Jun 21, 2018 at 01:01:31PM +0200, Phil Sutter wrote:
> [...]
> > On Thu, Jun 21, 2018 at 11:26:37AM +0200, Máté Eckl wrote:
> > > By the way, there's a question I haven't met yet. Prio spec is used by not only
> > > hook_spec but also flowtable_block. Are these standard priorities applicable for
> > > flowtable priorities? Or should I make it specific to chains?
>
> Only the filter priority you can apply to the flowtable_block.
Is there a man page you could recommend to read more about flowtables? Maybe one
of an older tool? I haven't find much about this.
> Note that standard priorities may depend on family, so you may need to
> do the chain_std_prio_lookup() from the evaluation phase, instead of
> doing it from the parser.
>
> Telling this only filter applies to arp, bridge and netdev families
> IIRC.
>
> Have a look and let us know.
This is what I found:
iptables
filter
nat (dstnat, srcnat)
mangle
raw
security
arptables
filter
ebtables
filter
nat (dstnat, srcnat)
broute (no corresponding priority value)
I have an implementation to handle this, but I'd still like to do the
name->number translation outside the eval funcitons.
Is there any way to get the family of the context in the parser? I'd like to do
something like this:
standard_prio : STRING
{
int tmp = chain_std_prio_lookup(something->family, $1);
[...]
}
;
I tried chain family but it is not initialised at this point.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
