Hi Raul, On Wed, Aug 30, 2017 at 09:59:26PM +0000, Raul Martinez wrote: > Hi all, > > Looking for a way to implement an expression that can read the first > few bytes of an packet's data contents. It seems this is only > possible using raw expressions such as @ll and @nh with an offset > that goes past the header length and into the packet's data. Is > there another keyword that supports u32 behavior that I am missing? > Will this approach fail because of some internal check to prevent > out of bounds reads? > > Another question is if raw expressions have been fixed or is there a > kernel change required to enable raw expressions? I still get the > below error when I try to use 2017 nftables. If not much asking, what application layer patterns would you like to match? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
