Hello, Can one currently perform actions with packet based on its *body* (not headers) payload? E.g. discard packet which has udp[8:4] = 0xABCDEFGH, or u32-like syntax. Can one load raw bpf expressions (tcpdump -ddd ...)? Or maybe one could involve instruction set to build payload inspection rule using bit mask, but how to do this using nft? As I've read https://wiki.nftables.org/wiki-nftables/index.php/Supported_features_compared_to_xtables page, this stays unclear to me... > bpf: consider native interface > u32: raw expressions? Thanks -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
