On Wed, May 31, 2023 at 02:10:42PM +0200, Phil Sutter wrote: > On Wed, May 31, 2023 at 01:28:16PM +0200, Florian Westphal wrote: > > Phil Sutter <phil@xxxxxx> wrote: > > > Then I revived my "rule bytecode for output" approach and got it working > > > apart from lookup expression. But finally you axed it since it requires > > > kernel adjustments. > > > > Can you remind me what the problem with userdata is/was? > > Brief summary will hopefully be enough ... > > > > I agree text representation sucks due to two different formats, but what > > about storing binary blob (xt format) of the rule in userdata? > > It requires updated binaries to support it on the receiver side. Or are > you suggesting the kernel to put the blob from userdata into > NFTA_RULE_EXPRESSIONS in dumps? Which would also not work if it contained lookup expressions as they won't get initialized. Any further feedback? I know it's not a perfect solution, but given the constraints I see no good alternative. Cheers, Phil
