[{"id":1777467,"web_url":"http://patchwork.ozlabs.org/comment/1777467/","msgid":"<20170929102434.GA2654@salvia>","list_archive_url":null,"date":"2017-09-29T10:24:34","subject":"Re: [PATCH nft 0/10] nftables remove use of meta nfproto","submitter":{"id":1315,"url":"http://patchwork.ozlabs.org/api/people/1315/","name":"Pablo Neira Ayuso","email":"pablo@netfilter.org"},"content":"On Wed, Sep 27, 2017 at 08:16:44PM +0200, Florian Westphal wrote:\n> inet family (and others, e.g. bridge) lack context to figure\n> out the layer 3 address type.\n> \n> examples:\n> ct original saddr $addr\n> rt nexthop $addr\n> \n> We can't use $addr, because it might be a set reference, e.g.\n> \n> ct original saddr @whitelist\n> \n> currently implemented workaround is to use 'meta nfproto'\n> to provide the l3 context, e.g.\n> \n> meta nfproto ip rt nexthop 10.2.3.4\n> \n> i.e. users need to fill dependency manually.\n> \n> Pablo suggested to instead specify ip saddr, ip6 saddr:\n> \n> ct original ip saddr $address\n> \n> and then let nft handle the dependency injection.\n> \n> This series does just that.\n> \n> Old syntax is preserved.\n\nNice series, thanks Florian.\n\nAcked-by: Pablo Neira Ayuso <pablo@netfilter.org>\n--\nTo unsubscribe from this list: send the line \"unsubscribe netfilter-devel\" in\nthe body of a message to majordomo@vger.kernel.org\nMore majordomo info at  http://vger.kernel.org/majordomo-info.html","headers":{"Return-Path":"<netfilter-devel-owner@vger.kernel.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netfilter-devel-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3y3SPm6mVBz9s4q\n\tfor <incoming@patchwork.ozlabs.org>;\n\tFri, 29 Sep 2017 20:25:48 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751933AbdI2KZs (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);\n\tFri, 29 Sep 2017 06:25:48 -0400","from [213.95.27.120] ([213.95.27.120]:58955 \"EHLO\n\tganesha.gnumonks.org\" rhost-flags-FAIL-FAIL-OK-OK) by vger.kernel.org\n\twith ESMTP id S1750927AbdI2KZr (ORCPT\n\t<rfc822;netfilter-devel@vger.kernel.org>);\n\tFri, 29 Sep 2017 06:25:47 -0400","from 129.166.216.87.static.jazztel.es ([87.216.166.129]\n\thelo=gnumonks.org) by ganesha.gnumonks.org with esmtpsa\n\t(TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2)\n\t(envelope-from <pablo@gnumonks.org>)\n\tid 1dxsTD-00057k-Bx; Fri, 29 Sep 2017 12:24:37 +0200"],"Date":"Fri, 29 Sep 2017 12:24:34 +0200","From":"Pablo Neira Ayuso <pablo@netfilter.org>","To":"Florian Westphal <fw@strlen.de>","Cc":"netfilter-devel@vger.kernel.org","Subject":"Re: [PATCH nft 0/10] nftables remove use of meta nfproto","Message-ID":"<20170929102434.GA2654@salvia>","References":"<20170927181654.3129-1-fw@strlen.de>","MIME-Version":"1.0","Content-Type":"text/plain; charset=us-ascii","Content-Disposition":"inline","In-Reply-To":"<20170927181654.3129-1-fw@strlen.de>","User-Agent":"Mutt/1.5.23 (2014-03-12)","X-Spam-Score":"-2.9 (--)","Sender":"netfilter-devel-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netfilter-devel.vger.kernel.org>","X-Mailing-List":"netfilter-devel@vger.kernel.org"}}]