Hi brett,
On Tue, Jul 30, 2019 at 08:28:18AM -0400, Brett Mastbergen wrote:
> This change allows map expressions on the left side of comparisons:
>
> nft add rule foo bar ip saddr map @map_a == 22 counter
>
> It also allows map expressions as the left side expression of other
> map expressions:
>
> nft add rule foo bar ip saddr map @map_a map @map_b == 22 counter
This is an interesting usage of the maps from the left-hand side of an
expression.
I have a fundamental question, that is, how this will be used from
rulesets? My impression is that this will result in many rules, e.g.
ip saddr map @map_a map @map_b == 22 accept
ip saddr map @map_a map @map_b == 21 drop
ip saddr map @map_a map @map_b == 20 jump chain_0
...
This means that we need one rule per map lookup.
I think this feature will be more useful if this can be combined with
verdict maps, so the right hand side could be used to look up for an
action.
Thanks.
