On Thu, Sep 19, 2019 at 04:34:31PM +0200, Florian Westphal wrote: > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > On Thu, Sep 19, 2019 at 04:01:44PM +0200, Florian Westphal wrote: > > > Do you mean NFT_SET_EVAL? > > > > No, I mean there is no NFT_SET_EXT_EXPR handling yet, sorry I forgot > > the _EXT_ infix. > > > > nft_lookup should invoke the expression that is attached. Control > > plane code is also missing, there is no way to create the > > NFT_SET_EXT_EXPR from newsetelem() in nf_tables_api.c. > > Hmm, no, I don't think it should. > Otherwise lookups on a set that has counters added to it will > increment the counter values. ipset can attach counter to elements, so matching lookups bump the element counter. I think users might want for this in the future, just to keep this usecase in the radar. > I think we should leave all munging to nft_dynset.c, i.e. add/update > in terms of nft frontend set syntax. > > > If NFT_SET_EVAL is set or not from nft_lookup is completely > > irrelevant, nft_lookup should not care about this flag. > > Right, I will try to reflect that in the commit message. Thanks.
