Hi Pablo, Ultimately my use would be to read the first byte of a ESP IP packet's data payload. So IP layer is where I would want the expression to work in. The packets I am working with are identical and need to be routed to one of two interfaces based on if the first byte of the data contents is non-zero. Regards, Raul -----Original Message----- From: Pablo Neira Ayuso [mailto:pablo@xxxxxxxxxxxxx] Sent: Friday, September 1, 2017 3:30 AM To: Raul Martinez <mraul@xxxxxxxxxxxxxxxx> Cc: netfilter@xxxxxxxxxxxxxxx Subject: Re: Possible nftables U32 equivalent to read packet's data contents Hi Raul, On Wed, Aug 30, 2017 at 09:59:26PM +0000, Raul Martinez wrote: > Hi all, > > Looking for a way to implement an expression that can read the first > few bytes of an packet's data contents. It seems this is only > possible using raw expressions such as @ll and @nh with an offset > that goes past the header length and into the packet's data. Is there > another keyword that supports u32 behavior that I am missing? > Will this approach fail because of some internal check to prevent out > of bounds reads? > > Another question is if raw expressions have been fixed or is there a > kernel change required to enable raw expressions? I still get the > below error when I try to use 2017 nftables. If not much asking, what application layer patterns would you like to match? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
