From fd0ad8a3f899365059471f5fdefdc73082ce0777 Mon Sep 17 00:00:00 2001
From: Davide Ornaghi <turtlearm97@gmail.com>
Date: Wed, 11 Sep 2024 15:34:20 +0200
Subject: sys/linux: explain chain id restrictions

Restrict nft_chain_ids to 1:4 since they wouldn't match otherwise.
Ideally we should keep track of used ids and only choose among them.
---
 sys/linux/socket_netlink_netfilter_nftables.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sys/linux/socket_netlink_netfilter_nftables.txt b/sys/linux/socket_netlink_netfilter_nftables.txt
index 527ebfbfa..26fb1e3f8 100644
--- a/sys/linux/socket_netlink_netfilter_nftables.txt
+++ b/sys/linux/socket_netlink_netfilter_nftables.txt
@@ -19,6 +19,7 @@ include <net/xfrm.h>
 type msghdr_nf_tables[CMD, POLICY] msghdr_netlink[netlink_msg_netfilter_t[NFNL_SUBSYS_NFTABLES, CMD, POLICY]]
 # TODO: we should obtain them from somewhere, probably from other netlink messages,
 # but we can't extract output netlink attributes.
+# for now let's just manually limit it to 4 possible ids to allow lookups
 type nft_chain_id int32be[1:4]
 
 sendmsg$NFT_MSG_GETTABLE(fd sock_nl_netfilter, msg ptr[in, msghdr_nf_tables[NFT_MSG_GETTABLE, nft_table_policy]], f flags[send_flags])
-- 
cgit mrf-deployment