nftables and set with interval

Serguei Bezverkhi (sbezverk) Thu, 08 Aug 2019 04:55:12 -0700
Hello,
 
I am developing golang nftables libraryI am debugging nftables set with 
elements defining intervals. I compare what gets generated by nfl command and 
strace of my code.
 
Based on the output of this command:
 
sudo nft --debug all add rule ipv4table ipv4chain-1  ip daddr { 192.16.0.0/16, 
10.16.0.0/16 } return
 
It seems nft sets up NFTNL_SET_KEY_TYPE  (0x4) as 0x2 and I cannot find 
anywhere what it means.
{{nla_len=8, nla_type=0x4}, "\x00\x00\x00\x02"}, 
 
When I decode strace generated for my code, it always gets set to x01
{{nla_len=8, nla_type=0x4}, "\x00\x00\x00\x01"},
 
I would really appreciate a pointer to where key types are defined and also 
which flags and or expressions are needed for sets with intervals.
 
Thank you
Serguei
 
 
Full decode below:
 
{{len=108, type=NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWSET, 
flags=NLM_F_REQUEST|NLM_F_CREATE, seq=1, pid=0},
{nfgen_family=AF_INET, version=NFNETLINK_V0, res_id=htons(0),
[
{{nla_len=14, nla_type=NFNETLINK_V1}, 
"\x69\x70\x76\x34\x74\x61\x62\x6c\x65\x00"},
 
NFTA_SET_NAME                     = 0x2
{{nla_len=12, nla_type=0x2}, "\x5f\x5f\x73\x65\x74\x25\x64\x00"},
 
NFTA_SET_FLAGS                    = 0x3
{{nla_len=8, nla_type=0x3}, "\x00\x00\x00\x07"},
 
NFTA_SET_KEY_TYPE                 = 0x4
{{nla_len=8, nla_type=0x4}, "\x00\x00\x00\x07"},
 
NFTA_SET_KEY_LEN                  = 0x5
{{nla_len=8, nla_type=0x5}, "\x00\x00\x00\x04"},
 
NFTA_SET_ID                       = 0xa
{{nla_len=8, nla_type=0xa}, "\x00\x00\x00\x02"},
 
NFTA_SET_DESC                     = 0x9
{{nla_len=12, nla_type=NLA_F_NESTED|0x9}, "\x08\x00\x01\x00\x00\x00\x00\x05"},
 
NFTA_SET_USERDATA                 = 0xd
{{nla_len=16, nla_type=0xd}, "\x00\x04\x02\x00 \x00\x00\x02\x04 
\x01\x00\x00\x00"}
]
}, 
 
{{len=164, type=NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWSETELEM, 
flags=NLM_F_REQUEST|NLM_F_CREATE, seq=1, pid=0},
{nfgen_family=AF_INET, version=NFNETLINK_V0, res_id=htons(0),
[
 
NFTA_SET_NAME                     = 0x2
{{nla_len=12, nla_type=0x2}, "\x5f\x5f\x73\x65\x74\x25\x64\x00"},
 NFTNL_SET_KEY_TYPE              = 0x4                              < 
==========================. It is nla type, but I cannot find what type 0x2 
means, we always used 0x1
{{nla_len=8, nla_type=0x4}, "\x00\x00\x00\x02"},
{{nla_len=14, nla_type=NFNETLINK_V1}, 
"\x69\x70\x76\x34\x74\x61\x62\x6c\x65\x00"},
{{nla_len=108, nla_type=NLA_F_NESTED|0x3}, "
\x18\x00\x01\x80\x08\x00\x03\x00\x00\x00\x00\x01\x0c\x00\x01\x80\x08\x00\x01\x00\x00\x00\x00\x00\x10\x00\x02\x80\x0c\x00\x01\x80\x08\x00\x01\x00\x0a\x10\x00\x00\x18\x00\x03\x80\x08\x00\x03\x00\x00\x00\x00\x01\x0c\x00\x01\x80\x08\x00\x01\x00\x0a\x11\x00\x00\x10\x00\x04\x80\x0c\x00\x01\x80\x08\x00\x01\x00\xc0\x10\x00\x00\x18\x00\x05\x80\x08\x00\x03\x00\x00\x00\x00\x01\x0c\x00\x01\x80\x08\x00\x01\x00\xc0\x11\x00\x00"}
]
},
nftables and set with interval

Reply via email to
