[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: [ANNOUNCE] nftables 1.0.0 release
From:       Amish <anon.amish () gmail ! com>
Date:       2021-08-20 0:56:24
Message-ID: ffc4dd4e-bbb1-0380-2cf2-7053fc3ab39c () gmail ! com
[Download RAW message or body]


On 19/08/21 11:06 pm, Pablo Neira Ayuso wrote:
> * Allow to combine jhash, symhash and numgen expressions with the
>    queue statement, to fan out packets to userspace queues via
>    nfnetlink_queue.
>
>    ... queue to symhash mod 65536
>    ... queue flags bypass to numgen inc mod 65536
>    ... queue to jhash oif . meta mark mod 32
>
>    You can also combine it with maps, to select the userspace queue
>    based on any other singleton key or concatenations:
>
>    ... queue flags bypass to oifname map { "eth0" : 0, "ppp0" : 2, "eth1" : 2 }

I upgraded from nftables 0.9.9 to 1.0.0 (Arch Linux).

Earlier I had this statement which used to work in nftables 0.9.9:

define ips_queue = 0
add rule ip foo snortips queue num $ips_queue bypass

And it gave error in nftables 1.0.0:

Aug 20 05:51:00 amish nft[3540]: /etc/nftables4.conf:19:49-54: Error: 
syntax error, unexpected bypass, expecting -
Aug 20 05:51:00 amish nft[3540]: add rule ip foo snortips queue num 
$ips_queue bypass

So I changed the rule to:
define ips_queue = 0
add rule ip foo snortips queue flags bypass num $ips_queue

But it still gave me error:

Aug 20 05:54:51 amish nft[3649]: /etc/nftables4.conf:19:61-61: Error: 
syntax error, unexpected newline, expecting -
Aug 20 05:54:51 amish nft[3649]: add rule ip foo snortips queue flags 
bypass num $ips_queue


Then I replaced $ips_queue directly with 0 (zero), and it worked.

add rule ip foo snortips queue flags bypass num 0

So why isn't nftables allowing defined variable?

It used to work till nft 0.9.9

Regards,

Amish

[prev in list] [next in list] [prev in thread] [next in thread]