I have put some code on this GitHub repo https://github.com/ks228/nftops.git The file that is having an issue is https://github.com/ks228/nftops/blob/master/nft_concatmap_elem_add.c I can add an element without concatenation to a verdict map, but I can't understand how I should add an element with a concatenation along with a verdict. In essence I can do the following: map simplemap { type ipv6_addr : verdict elements = { 2002::13 : accept } } But I am unable to do the following: map concat_vmap { type ipv6_addr . ipv6_addr : verdict elements={2002::13 . 2001::14 : accept} } You can run "make all" to create binaries, and then use base.sh to create the relevant table/map/vmap etc. On 25 April 2018 at 11:40, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Tue, Apr 24, 2018 at 06:04:27PM +0100, Khawar Shehzad wrote: >> Hi, >> I am following this >> (https://git.netfilter.org/libnftnl/tree/examples/nft-set-elem-add.c) >> example to add a 'set' element in the nft set, but I am unable to add >> vmap element. >> >> I want to do following using libnftnl >> >> sudo nft add element ip6 natcap natcap_vmap { 2001:3:0:1::1 . >> 2001:4:0:1::2 : accept } >> >> I will appreciate if somebody help me on this. I will be adding >> thousands of records in to nftables, so adding it using nft utitily is >> not giving the right performance. So it would be great if we can add >> verdict map elements using code. >> >> My vmap is defined like the following >> >> sudo nft add map ip6 natcap natcap_vmap { type ipv6_addr . ipv6_addr : >> verdict \; } > > Could you post your example code? Something derived from > nft-set-elem-add.c should be fine for review. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
