Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx> wrote:
> On 12/8/18 2:49 AM, Robert White wrote:
> > So like a year ago I mentioned that being able to put a default verdict
> > into a verdict map would be super helpful. Some interest was shown, but
> > it didn't happen.
> >
> > Clearly it doesn't have any meaning for other kinds of sets where you
> > are matching a value as a truth-test, but for verdicts it's potentially
> > a big deal.
> >
> >
> > So something like this contrived example
> >
> > ip protocol { tcp: jump tcp_tests,
> > udp: jump udp_tests,
> > :: jump ip_sanitizer }
> >
>
> This has been in my backlog for a while. Sadly, I didn't find time to
> work on this and I'm not sure I will be able in the short term.
I think we should simply change the lookup expression to no longer
set NFT_BREAK when we don't find a match.
Then you can do:
ip protocol { tcp: jump tcp_tests,
udp: jump udp_tests } jump ip_sanitizer
without any need for userspace changes.
