On Thu, May 17, 2018 at 04:42:15PM +0200, Florian Westphal wrote:
> Máté Eckl wrote:
> > +socket_stmt: SOCKET EXISTS /* with the actual
> > implementation we cannot match abscence */
>
> I think we should go for a native expression.
>
> I'll leave it
Máté Eckl wrote:
> +socket_stmt : SOCKET EXISTS /* with the actual
> implementation we cannot match abscence */
I think we should go for a native expression.
I'll leave it up to you what you'd like to do next.
There are a few options:
1. First go for TPROXY
Máté Eckl wrote:
> Originally I also added the following lines but it made the print too slow for
> the test to pass.
>
> It printed the following warning:
> inet/socket.t: WARNING: line 8: 'add rule ip sockip4 sockchain socket
> exists': 'socket exists' mismatches
Originally I also added the following lines but it made the print too slow for
the test to pass.
It printed the following warning:
inet/socket.t: WARNING: line 8: 'add rule ip sockip4 sockchain socket
exists': 'socket exists' mismatches 'socke'
inet/socket.t: WARNING: line 9:
Socket matching is achieved using the nft_compat interface.
The list of known limitations of the current implementation are:
* The absence of a corresponding socket cannot be matched (`socket
missing`).
* Only transparent socket flag can be matched, nowildcard is not a flag,
it should be