All of lore.kernel.org
 help / color / mirror / Atom feed
From: "William N." <netfilter@riseup.net>
To: netfilter@vger.kernel.org
Subject: Sets nesting/reference? Complex concatenations in vmaps?
Date: Sun, 5 May 2024 19:25:31 -0000	[thread overview]
Message-ID: <20240505192531.5e4ed8a8@localhost> (raw)

Hi,

I am trying to use one set inside another. However, none of my two
attempts work. Simplified example:

# cat test 
#!/usr/sbin/nft -f

table ip6 t {
        define ranges = {
                2001:db8:85::/60,
                2001:dd8:23::/48,
		# ...
        }

        set ONE {
                type ipv6_addr
                flags interval
                auto-merge
                counter packets 0 bytes 0
                elements = { $ranges }
        }

        set TWO {
                type icmpv6_type . icmpv6_code . ipv6_addr . ipv6_addr
                flags interval
                auto-merge
                counter packets 0 bytes 0
                elements = {
                        1 . 2 . ::/0 . @ONE,
                        3 . 4 . ::/0 . $ranges
			# ...
                }
        }
}

# nft -c -f test 
test:22:19-19: Error: syntax error, unexpected @
                        1 . 2 . ::/0 . @ONE,
                                       ^
test:23:4-4: Error: syntax error, unexpected number
                        3 . 4 . ::/0 . $ranges
                        ^
test:26:1-1: Error: syntax error, unexpected '}'
}
^

# nft -v
nftables v1.0.6 (Lester Gooch #5)


What is the correct way to do this?


XY: Ideally, I would also like to have similarly structured vmaps,
including also 'ct state' as part of the concatenations in a complex
vmap, instead of a set, e.g. (pseudo code):

iifgroup . icmpv6_type . icmpv6_code . ip6_saddr . ip6_daddr . ct_state : verdict

What is the syntax for that?

             reply	other threads:[~2024-05-05 19:26 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-05-05 19:25 William N. [this message]
2024-05-09 12:42 ` Sets nesting/reference? Complex concatenations in vmaps? William N.
2024-05-09 12:54   ` Kerin Millar
2024-05-09 13:15     ` William N.

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240505192531.5e4ed8a8@localhost \
    --to=netfilter@riseup.net \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.