From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Florian Westphal <fw@strlen.de>
Cc: netfilter-devel@vger.kernel.org, kaber@trash.net
Subject: Re: mark set datatype check too strict?
Date: Fri, 22 Jan 2016 14:15:08 +0100 [thread overview]
Message-ID: <20160122131508.GA3018@salvia> (raw)
In-Reply-To: <20160120163124.GB10903@breakpoint.cc>
Hi Florian,
On Wed, Jan 20, 2016 at 05:31:24PM +0100, Florian Westphal wrote:
> Hello Patrick
>
> last your you added check to make this illegal:
>
> nft add rule ip filter input ip daddr 192.168.7.1 meta mark set '(ip saddr & 0xff)'
> datatype mismatch: expected packet mark, expression has type IPv4 address
>
> My question is -- why?
> The changelog for 068e138a8d9eb doesn't say :)
> Doesn't that take away a lot of flexibility?
>
> For instance one could e.g. set conntrack zones based on the VLAN id:
>
> bridge ... prerouting ct zone set vlan id
> (yes, I know that zone cannot be set at the moment).
>
> 'nft add rule bridge filter prerouting meta mark set vlan id'
> should work, in my opinion. Any ideas/comments?
Last time we talked about this, Patrick mentioned about adding
explicit casting. We definitely want this flexibility.
prev parent reply other threads:[~2016-01-22 13:15 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-20 16:31 mark set datatype check too strict? Florian Westphal
2016-01-22 13:15 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160122131508.GA3018@salvia \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).