Re: [PATCH nft v2] src: Support maps as left side expressions

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Brett Mastbergen <bmastbergen@untangle.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nft v2] src: Support maps as left side expressions
Date: Fri, 9 Aug 2019 09:56:21 -0400	[thread overview]
Message-ID: <20190809135621.GA8680@pinebook> (raw)
In-Reply-To: <20190808111634.quczq7ajnaobscab@salvia>

On 08-08-19, Pablo Neira Ayuso wrote:
> Hi brett,
> 
> On Tue, Jul 30, 2019 at 08:28:18AM -0400, Brett Mastbergen wrote:
> > This change allows map expressions on the left side of comparisons:
> > 
> > nft add rule foo bar ip saddr map @map_a == 22 counter
> > 
> > It also allows map expressions as the left side expression of other
> > map expressions:
> > 
> > nft add rule foo bar ip saddr map @map_a map @map_b == 22 counter
> 
> This is an interesting usage of the maps from the left-hand side of an
> expression.
> 
> I have a fundamental question, that is, how this will be used from
> rulesets? My impression is that this will result in many rules, e.g.
> 
>         ip saddr map @map_a map @map_b == 22 accept
>         ip saddr map @map_a map @map_b == 21 drop
>         ip saddr map @map_a map @map_b == 20 jump chain_0
>         ...
> 
> This means that we need one rule per map lookup.
> 
> I think this feature will be more useful if this can be combined with
> verdict maps, so the right hand side could be used to look up for an
> action.
>

Thats a good point.  I bet a map expression could feed into a verdict
map without too much trouble.  I'll take a look.

> Thanks.

     prev parent reply	other threads:[~2019-08-09 13:56 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-30 12:28 [PATCH nft v2] src: Support maps as left side expressions Brett Mastbergen
2019-08-08 11:16 ` Pablo Neira Ayuso
2019-08-09 13:56   ` Brett Mastbergen [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190809135621.GA8680@pinebook \
    --to=bmastbergen@untangle.com \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.