nftables map with numgen type, not sure if it was implemented?

nftables map with numgen type, not sure if it was implemented?

[Eliezer Croitor]

I was reading the at Netfilter-devel:
https://lore.kernel.org/netfilter-devel/20191204223215.GX14469@orbyte.nwl.cc
/T/#mbbcfec07dc54754144aa06cd7bb098b66d9d1da6

and have seen the command:
nft add map t m2 '{ type typeof numgen random mod 2 : verdict; }'

which is something that might be able to help me.
I am trying this on Alpine linux latest stable and I receive an error:

b-r4:/tmp# nft -nnn list ruleset
table ip dummyTable {
        chain dummyChain {
                type nat hook input priority 0; policy accept;
                ct state 0x2 accept
        }
}
table netdev nftlb {
        chain ingress-eth0 {
                type filter hook ingress device "eth0" priority 100; policy
accept;
                ip daddr 192.168.112.100 ip protocol 17 counter packets 0
bytes 0 jhash ip saddr . udp sport . ip daddr . udp dport mod 2 vmap { 0 :
jump Node1, 1 : jump Node2 }
                ip daddr 192.168.112.100 ip protocol 6 counter packets 126
bytes 8504 jhash ip saddr . tcp sport . ip daddr . tcp dport mod 2 vmap { 0
: jump Node1, 1 : jump Node2 }
        }

        chain Node1 {
                counter packets 66 bytes 4448 ether saddr set
00:15:5d:89:c6:eb ether daddr set 00:15:5d:89:c6:e3 ether type 0x0800 fwd to
"eth0"
        }

        chain Node2 {
                counter packets 60 bytes 4056 ether saddr set
00:15:5d:89:c6:eb ether daddr set 00:15:5d:89:c6:f4 ether type 0x0800 fwd to
"eth0"
        }
}
lb-r4:/tmp# nft add map nftlb m2 '{ type typeof numgen random mod 2 :
verdict; }'
Error: syntax error, unexpected typeof
add map nftlb m2 { type typeof numgen random mod 2 : verdict; }
                        ^^^^^^
Error: No such file or directory; did you mean table 'nftlb' in family
netdev?
add map nftlb m2 { type typeof numgen random mod 2 : verdict; }
        ^^^^^
lb-r4:/tmp#


Am I right for even trying it?

Thanks,
Eliezer


----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd@gmail.com

Re: nftables map with numgen type, not sure if it was implemented?

[Pablo Neira Ayuso]

On Thu, Aug 27, 2020 at 06:34:35PM +0300, Eliezer Croitor wrote:
[...]
> lb-r4:/tmp# nft add map nftlb m2 '{ type typeof numgen random mod 2 :
> verdict; }'
> Error: syntax error, unexpected typeof
> add map nftlb m2 { type typeof numgen random mod 2 : verdict; }
>                         ^^^^^^
[...]
> 
> Am I right for even trying it?

What nft version are you using?

typeof support was introduced in nft >= 0.9.4.

RE: nftables map with numgen type, not sure if it was implemented?

[Eliezer Croitor]

I am using 0.9.4:
https://pkgs.alpinelinux.org/package/v3.12/main/x86_64/nftables

I will try to verify this again later with alpine edge which has 9.6

Thanks,

----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd@gmail.com

-----Original Message-----
From: Pablo Neira Ayuso <pablo@netfilter.org> 
Sent: Monday, August 31, 2020 6:25 PM
To: Eliezer Croitor <ngtech1ltd@gmail.com>
Cc: netfilter@vger.kernel.org
Subject: Re: nftables map with numgen type, not sure if it was implemented?

On Thu, Aug 27, 2020 at 06:34:35PM +0300, Eliezer Croitor wrote:
[...]
> lb-r4:/tmp# nft add map nftlb m2 '{ type typeof numgen random mod 2 :
> verdict; }'
> Error: syntax error, unexpected typeof add map nftlb m2 { type typeof 
> numgen random mod 2 : verdict; }
>                         ^^^^^^
[...]
> 
> Am I right for even trying it?

What nft version are you using?

typeof support was introduced in nft >= 0.9.4.