'Re: Can anybody help me add a vmap element in a dictionary'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: Can anybody help me add a vmap element in a dictionary
From:       Khawar Shehzad <shehzad.khawar () gmail ! com>
Date:       2018-04-25 14:59:48
Message-ID: CAE0moyfupvt9xRbnuOOQ0HEDrBDimDQV=3tBk3BY-izsSRPXqg () mail ! gmail ! com
[Download RAW message or body]

I have put some code on this GitHub repo

https://github.com/ks228/nftops.git

The file that is having an issue is
https://github.com/ks228/nftops/blob/master/nft_concatmap_elem_add.c

I can add an element without concatenation to a verdict map, but I
can't understand how I should add an element with a concatenation
along with a verdict.

In essence I can do the following:

 map simplemap {
                type ipv6_addr : verdict
                elements = { 2002::13 : accept }
        }

But I am unable to do the following:

map concat_vmap {
                type ipv6_addr . ipv6_addr : verdict
                elements={2002::13 . 2001::14 : accept}
        }


You can run "make all" to create binaries, and then use base.sh to
create the relevant table/map/vmap etc.

On 25 April 2018 at 11:40, Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> On Tue, Apr 24, 2018 at 06:04:27PM +0100, Khawar Shehzad wrote:
>> Hi,
>> I am following this
>> (https://git.netfilter.org/libnftnl/tree/examples/nft-set-elem-add.c)
>> example to add a 'set' element in the nft set, but I am unable to add
>> vmap element.
>>
>> I want to do following using libnftnl
>>
>> sudo nft add element ip6 natcap natcap_vmap { 2001:3:0:1::1 .
>> 2001:4:0:1::2 : accept }
>>
>> I will appreciate if somebody help me on this. I will be adding
>> thousands of records in to nftables, so adding it using nft utitily is
>> not giving the right performance. So it would be great if we can add
>> verdict map elements using code.
>>
>> My vmap is defined like the following
>>
>> sudo nft add map ip6 natcap natcap_vmap { type ipv6_addr . ipv6_addr :
>> verdict \; }
>
> Could you post your example code? Something derived from
> nft-set-elem-add.c should be fine for review.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic