I've been doing some online research and done several experiments:
1.) This seems to load properly, but i have not checked if it sets the
classid correctly:
table ip filter {
chain input {
type filter hook input priority 0; policy accept;
meta priority set 1:3065
}
}
however this is not really usefull as it does not do any real hashing /
maping, so i can't just use it for lots of rules. So i tried to adapt it
to use maps or dictionaries:
=======================================================
2.) This does not load:
table ip filter {
map prometheus {
type ipv4_addr : classid
elements = {
10.11.171.247 : "0001:4095",
10.11.171.248 : "0001:3065",
10.11.171.249 : "0001:2023"
}
}
}
test2.nft:3:34-40: Error: syntax error, unexpected classid, expecting
string or dscp or ecn or mark
type ipv4_addr : classid
^^^^^^^
test2.nft:2:13-22: Error: map definition does not specify key data type
map prometheus {
^^^^^^^^^^
=======================================================
3.) This also does not load:
table ip filter {
map prometheus {
type ipv4_addr : verdict
elements = {
10.11.171.247 : meta priority set "0001:4095",
10.11.171.248 : meta priority set "0001:3065",
10.11.171.249 : meta priority set "0001:2023"
}
}
}
test2.nft:5:41-44: Error: syntax error, unexpected meta
10.11.171.247 : meta priority set "0001:4095",
^^^^
test2.nft:6:25-37: Error: syntax error, unexpected string
10.11.171.248 : meta priority set "0001:3065",
^^^^^^^^^^^^^
test2.nft:7:25-37: Error: syntax error, unexpected string
10.11.171.249 : meta priority set "0001:2023"
^^^^^^^^^^^^^
test2.nft:10:1-1: Error: syntax error, unexpected '}'
}
^
It seems to me that maps are not generic enough to work with relatively
new "meta priority set" feature.
Do you have any suggestions how to make this work?
--
S pozdravem
Best regards
Tomáš Mudruňka - SPOJE.NET s.r.o.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
