On Thu, 2020-08-27 at 19:40 +0200, Florian Westphal wrote: > Phil Sutter <phil@xxxxxx> wrote: > > Hi, > > > > On Thu, Aug 27, 2020 at 04:42:00PM +0100, Quentin Armitage wrote: > > > The dup statement requires an address, and the device is optional, > > > not the other way round. > > > > > > Signed-off-by: Quentin Armitage < > > > quentin@xxxxxxxxxxxxxxx > > > > > > > --- > > > doc/statements.txt | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/doc/statements.txt b/doc/statements.txt > > > index 9155f286..835db087 100644 > > > --- a/doc/statements.txt > > > +++ b/doc/statements.txt > > > @@ -648,7 +648,7 @@ The dup statement is used to duplicate a packet and > > > send the > > > copy to a different > > > destination. > > > > > > [verse] > > > -*dup to* 'device' > > > +*dup to* 'address' > > > *dup to* 'address' *device* 'device' > > > > > > .Dup statement values > > > > The examples are wrong, too. I wonder if this is really just a mistake > > and all three examples given (including the "advanced" usage using a > > map) are just wrong or if 'dup' actually was meant to support > > duplicating to a device in mirror port fashion. > > Right, 'dup to eth0' can be used in the netdev ingress hook. > > For dup from ipv4/ipv6 families the address is needed. So it seems the valid options are: *dup to* 'device' # netdev ingress hook only *dup to* 'address' # ipv4/ipv6 only *dup to* 'address' *device* 'device' # ipv4/ipv6 only >From a user perspective being able to specify "dup to 'device'" is something that is useful to be able to specify. I am now using: dup to ip[6] daddr device 'device' but it seems to me that having to specify "to ip[6] daddr" is unnecessary. So far as I can see, it would be quite straightforward to allow "dup to 'device'" to be specified and for nft to handle it with an implied "to ip[6] addr". I am happy to produce a patch to do this if it would be helpful. I am also happy to submit a revised patch for statements.txt if that would be useful. Quentin Armitage
