diff options
| author | Davide Ornaghi <turtlearm97@gmail.com> | 2024-09-11 15:34:20 +0200 |
|---|---|---|
| committer | Aleksandr Nogikh <nogikh@google.com> | 2024-09-11 14:22:00 +0000 |
| commit | fd0ad8a3f899365059471f5fdefdc73082ce0777 (patch) | |
| tree | bc6075cc644c756029e6db5236bdef7c6a6e1876 | |
| parent | 8964b5c608590e12b83e3689d30c6019fb700636 (diff) | |
sys/linux: explain chain id restrictions
Restrict nft_chain_ids to 1:4 since they wouldn't match otherwise.
Ideally we should keep track of used ids and only choose among them.
| -rw-r--r-- | sys/linux/socket_netlink_netfilter_nftables.txt | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sys/linux/socket_netlink_netfilter_nftables.txt b/sys/linux/socket_netlink_netfilter_nftables.txt index 527ebfbfa..26fb1e3f8 100644 --- a/sys/linux/socket_netlink_netfilter_nftables.txt +++ b/sys/linux/socket_netlink_netfilter_nftables.txt @@ -19,6 +19,7 @@ include <net/xfrm.h> type msghdr_nf_tables[CMD, POLICY] msghdr_netlink[netlink_msg_netfilter_t[NFNL_SUBSYS_NFTABLES, CMD, POLICY]] # TODO: we should obtain them from somewhere, probably from other netlink messages, # but we can't extract output netlink attributes. +# for now let's just manually limit it to 4 possible ids to allow lookups type nft_chain_id int32be[1:4] sendmsg$NFT_MSG_GETTABLE(fd sock_nl_netfilter, msg ptr[in, msghdr_nf_tables[NFT_MSG_GETTABLE, nft_table_policy]], f flags[send_flags]) |