Hi,
The typeof concatenation supported by map since nftables 0.95 got me
excited about using it to goto a chain based on incoming interface and
requested service. There are some service requests I want to dnat, so I
tried defining a vmap:
table ip ip_nat {
map dnat_srv {
typeof iifname . ip protocol . th dport : verdict
}
}
But this fails:
Error: primary expression type 'symbol' lacks typeof serialization
typeof iifname . ip protocol . th dport : verdict
^^^^^^^
nft parses the following similar "plain" (non-verdict) map without error:
table ip ip_nat {
map dnat_srv {
typeof iifname . ip protocol . th dport : meta mark
}
}
So it appears that vmaps, unlike plain sets and maps, do not support
typeof concatenation. I'm running Debian 10 with
kernel 5.9.15-1~bpo10+1 (2020-12-31) x86_64
nftables v0.9.6 (Capital Idea #2)
Are there any plans to support typeof concatenation for vmap? (Or maybe
it's already supported and I'm botching the syntax or otherwise doing
something silly?)
Guess I'll refactor my rules for now...
Thanks,
Frank
