On Wed, Oct 10, 2018 at 05:25:47PM +0200, Florian Westphal wrote:
> Eyal says:
> doesn't the use of nft_pf(pkt) in this context limit the matching of
> encapsulated packets to the same family?
>
> IIUC when an e.g. IPv6-in-IPv4 packet is matched, the nft_pf(pkt) will
> be the decapsulated
Eyal says:
doesn't the use of nft_pf(pkt) in this context limit the matching of
encapsulated packets to the same family?
IIUC when an e.g. IPv6-in-IPv4 packet is matched, the nft_pf(pkt) will
be the decapsulated packet family - IPv6 - whereas the state may be
IPv4. So this check would
