On Wed, Oct 27, 2021 at 02:14:42PM +0200, Lukas Wunner wrote: > On Wed, Oct 27, 2021 at 12:17:15PM +0200, Pablo Neira Ayuso wrote: > > Hi Lukas, > > > > This is the rebase I'm using here locally for testing, let me know if > > you have more pending updates on your side. > > I'm using the attached two patches. The first one moves Python tests > dup.t and fwd.t to the netdev directory, the second one adds nft egress > support. > > Phil and Florian noted back in January that the payload dumps should > contain "oiftype" instead of "iiftype". That's the only remaining > issue not yet addressed in the attached patches: > > https://lore.kernel.org/all/20210125133405.GR19605@xxxxxxxxxxxxx/ See: https://patchwork.ozlabs.org/project/netfilter-devel/patch/20211025134329.1030333-1-pablo@xxxxxxxxxxxxx/ to generalize the iftype. I still have to post a patch to update libnftnl, then update all dumps to refer to iftype instead of iiftype. > The difference between the patch you've posted here and the attached ones > are primarily more extensive docs. Also, the following two issues are > not present in my version: > > > > +All packets leaving the system are processed by this hook. It is invoked after > > +layer 3 protocol handlers and after *tc* egress. It can be used for late > ^^^^^ > before > > > --- a/tests/py/inet/ah.t > > +++ b/tests/py/inet/ah.t > > @@ -1,10 +1,12 @@ > > :input;type filter hook input priority 0 > > :ingress;type filter hook ingress device lo priority 0 > > +:egress;type filter hook ingress device lo priority 0 > ^^^^^^^ > egress I'll apply these two patches if you are fine with their state. I'd just would like to have this in the tree for easier testing, I have to switch over several local branches here, one less makes it slightly easier for me. And to include this in the next release. Thanks.
