Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> Hi Florian,
>
> On Fri, Jul 28, 2023 at 09:56:14PM +0200, Florian Westphal wrote:
> > Hi,
> >
> > I wanted to allow creating objref maps that
> > return "ct timeout" or "ct helper" templates.
> >
> > However:
> > map .. {
> > type ipv4_addr : ct timeout
> >
> > The above is fine, but this is not:
> >
> > map .. {
> > type ipv4_addr : ct helper
>
> This is type, not typeof, is it intentional?
Yes, but doesn't matter for this problem.
Same ambiguity with
typeof ip saddr : ct helper
> This works fine with typeof:
>
> table ip x {
> map x {
> typeof ip saddr : ct helper
> }
> }
My point is how nft should differentiate between
ct helper "bla" {
rule add ct helper "foo"
In above map declaration. What does
"typeof ip saddr : ct helper" declare?
As far as I can see its arbitrary 16-byte strings, so the
above doesn't delcare an objref map that maps ip addresses
to conntrack helper templates.
