[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter
Subject: Re: [ANNOUNCE] nftables 1.0.0 release
From: Amish <anon.amish () gmail ! com>
Date: 2021-08-20 0:56:24
Message-ID: ffc4dd4e-bbb1-0380-2cf2-7053fc3ab39c () gmail ! com
[Download RAW message or body]
On 19/08/21 11:06 pm, Pablo Neira Ayuso wrote:
> * Allow to combine jhash, symhash and numgen expressions with the
> queue statement, to fan out packets to userspace queues via
> nfnetlink_queue.
>
> ... queue to symhash mod 65536
> ... queue flags bypass to numgen inc mod 65536
> ... queue to jhash oif . meta mark mod 32
>
> You can also combine it with maps, to select the userspace queue
> based on any other singleton key or concatenations:
>
> ... queue flags bypass to oifname map { "eth0" : 0, "ppp0" : 2, "eth1" : 2 }
I upgraded from nftables 0.9.9 to 1.0.0 (Arch Linux).
Earlier I had this statement which used to work in nftables 0.9.9:
define ips_queue = 0
add rule ip foo snortips queue num $ips_queue bypass
And it gave error in nftables 1.0.0:
Aug 20 05:51:00 amish nft[3540]: /etc/nftables4.conf:19:49-54: Error:
syntax error, unexpected bypass, expecting -
Aug 20 05:51:00 amish nft[3540]: add rule ip foo snortips queue num
$ips_queue bypass
So I changed the rule to:
define ips_queue = 0
add rule ip foo snortips queue flags bypass num $ips_queue
But it still gave me error:
Aug 20 05:54:51 amish nft[3649]: /etc/nftables4.conf:19:61-61: Error:
syntax error, unexpected newline, expecting -
Aug 20 05:54:51 amish nft[3649]: add rule ip foo snortips queue flags
bypass num $ips_queue
Then I replaced $ips_queue directly with 0 (zero), and it worked.
add rule ip foo snortips queue flags bypass num 0
So why isn't nftables allowing defined variable?
It used to work till nft 0.9.9
Regards,
Amish
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic