Wildcards / large ranges in concatenations
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Wildcards / large ranges in concatenations
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Date: Tue, 16 Feb 2021 22:09:25 -0500
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
Hi,
A couple of weeks ago I played around a bit with using ranges in
concatenations, a very cool feature added in nftables 0.9.4. Somehow I
wound up with set with nonsensical keys, and not long after a kernel
oops. I suppose this was very likely my own fault and/or due to very
limited memory inside a virtual machine. I ended up going with a
different ruleset config.
But I have a couple lingering questions about using ranges in
concatenations:
1) Would it be possible to specify a wildcard (* or similar) for one of
the constituent values? I had a vmap (if I remember correctly) using
concatenated keys like ifname . ifname . inet_service . inet_service.
For one element I didn't care about one of the inet_service values, and
since '*' didn't seem to work, specified a range of all possible values
0-65535. The oops happened not long after this.
2) Are concatenations of large (or wildcard) ranges inefficient (in
execution speed and/or memory use), even if they work? I started to
suspect this might be the case, and so changed my ruleset design.
Thanks,
Frank
[Index of Archives]
[Linux Netfilter Development]
[Linux Kernel Networking Development]
[Netem]
[Berkeley Packet Filter]
[Linux Kernel Development]
[Advanced Routing & Traffice Control]
[Bugtraq]
