Hi Raul, On Wed, Aug 30, 2017 at 09:59:26PM +0000, Raul Martinez wrote: > Hi all, > > Looking for a way to implement an expression that can read the first few bytes of an packet's data contents. > It seems this is only possible using raw expressions such as @ll and @nh with an offset that goes past the header length and into the packet's data. > Is there another keyword that supports u32 behavior that I am missing? Will this approach fail because of some internal check to prevent out of bounds reads? > > Another question is if raw expressions have been fixed or is there a kernel change required to enable raw expressions? > I still get the below error when I try to use 2017 nftables. Would you follow up on this patch to address my comments? http://patchwork.ozlabs.org/patch/778719/ And send a new version? Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
