On 08-08-19, Pablo Neira Ayuso wrote: > Hi brett, > > On Tue, Jul 30, 2019 at 08:28:18AM -0400, Brett Mastbergen wrote: > > This change allows map expressions on the left side of comparisons: > > > > nft add rule foo bar ip saddr map @map_a == 22 counter > > > > It also allows map expressions as the left side expression of other > > map expressions: > > > > nft add rule foo bar ip saddr map @map_a map @map_b == 22 counter > > This is an interesting usage of the maps from the left-hand side of an > expression. > > I have a fundamental question, that is, how this will be used from > rulesets? My impression is that this will result in many rules, e.g. > > ip saddr map @map_a map @map_b == 22 accept > ip saddr map @map_a map @map_b == 21 drop > ip saddr map @map_a map @map_b == 20 jump chain_0 > ... > > This means that we need one rule per map lookup. > > I think this feature will be more useful if this can be combined with > verdict maps, so the right hand side could be used to look up for an > action. > Thats a good point. I bet a map expression could feed into a verdict map without too much trouble. I'll take a look. > Thanks.
