Hi,
On Thu, Nov 28, 2019 at 02:51:36PM +0000, Serguei Bezverkhi (sbezverk) wrote:
> Quick question, it appears that we do not support yet combining of two types into a key, so I need to quickly add it, your help would be appreciated. Here is the sequence I get to create such map:
> sudo nft --debug all add map ipv4table no-endpoint-services { type ipv4_addr . inet_service : verdict \; }
>
[...]
>
> Almost all is clear except 2 points; how set flag "00 00 01 cd " is generated and when key length is 8 and not 6.
I've been through that recently when implementing among match support in
iptables-nft (which uses an anonymous set with concatenated elements
internally). Please have a look at the relevant code here:
https://git.netfilter.org/iptables/tree/iptables/nft.c#n999
I guess this helps clarifying how set flags are created and how to pad
element data.
Cheers, Phil
