On Thu, Jul 05, 2018 at 06:01:59PM +0200, Pablo Neira Ayuso wrote: > On Thu, Jul 05, 2018 at 05:56:00PM +0200, Máté Eckl wrote: > > On Thu, Jul 05, 2018 at 05:22:23PM +0200, Pablo Neira Ayuso wrote: > > > On Thu, Jul 05, 2018 at 05:14:20PM +0200, Máté Eckl wrote: > > > > On Thu, Jun 21, 2018 at 01:42:14PM +0200, Pablo Neira Ayuso wrote: > > > > > On Thu, Jun 21, 2018 at 01:01:31PM +0200, Phil Sutter wrote: > > > > > [...] > > > > > > On Thu, Jun 21, 2018 at 11:26:37AM +0200, Máté Eckl wrote: > > > > > > > By the way, there's a question I haven't met yet. Prio spec is used by not only > > > > > > > hook_spec but also flowtable_block. Are these standard priorities applicable for > > > > > > > flowtable priorities? Or should I make it specific to chains? > > > > > > > > > > Only the filter priority you can apply to the flowtable_block. > > > > > > > > Is there a man page you could recommend to read more about flowtables? Maybe one > > > > of an older tool? I haven't find much about this. > > > > > > man nft. > > > > > > There is also: Documentation/networking/nf_flowtable.txt > > > > But these don't say anything about filter or anything.. I'd like to see if it > > makes any sense here. It seems not to make any for now. How about leaving > > flowtables alone with this change and only apply this for chains? > > flowtables can be only beplaced at ingress. And there is only 'filter' > chains there at this stage. So taking filter as 0 there is just fine. To clarify flowtables are just like netdev/ingress chains. The priority allows you to place a netdev/ingress filter chain before your flowtable. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
