On 1/25/20 5:02 PM, Daniel Lakeland wrote:
As far as I can tell in nftables there's no way to manipulate the TTL
field in packets, along the lines of iptables -A foo -j TTL --ttl-set
2 or the like
This becomes a problem for handling certain multicast scenarios. Is
this on the horizon?
hmmm in further inspection I see that you can *set* the ttl, something like:
nft add rule inet mytable mychain ip ttl set 2
but I don't see how I could do something like decrement the ttl by 4 or
basically do anything where you'd calculate the TTL as a function of its
current value.
In general calculating simple arithmetic in order to manipulate fields
isn't necessarily obvious in nftables. Any pointers?
