Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Thu, Sep 19, 2019 at 04:01:44PM +0200, Florian Westphal wrote: > > Do you mean NFT_SET_EVAL? > > No, I mean there is no NFT_SET_EXT_EXPR handling yet, sorry I forgot > the _EXT_ infix. > > nft_lookup should invoke the expression that is attached. Control > plane code is also missing, there is no way to create the > NFT_SET_EXT_EXPR from newsetelem() in nf_tables_api.c. Hmm, no, I don't think it should. Otherwise lookups on a set that has counters added to it will increment the counter values. I think we should leave all munging to nft_dynset.c, i.e. add/update in terms of nft frontend set syntax. > If NFT_SET_EVAL is set or not from nft_lookup is completely > irrelevant, nft_lookup should not care about this flag. Right, I will try to reflect that in the commit message.
