Rozdíly

Zde můžete vidět rozdíly mezi vybranou verzí a aktuální verzí dané stránky.

--- howto:network:nftables [2018/11/28 21:59] – harvie
+++ howto:network:nftables [2018/11/28 23:08] (aktuální) – harvie
@@ Řádek 3: / Řádek 3: @@
 ===== Traffic Shaping with nftables and tc =====
-This patch is already merged upstream:
+Using shell commands:
+<code bash>
+nft add table ip filter
+nft add map filter deucalion { type ipv4_addr : classid\; }
+</code>
+Using nftables file:
+<file ini deucalion.nft>
+table ip filter {
+	map deucalion {
+		type ipv4_addr : classid;
+		elements = { 1.1.1.2 : 2:2222, 1.1.1.3 : 3:3333 }
+	}
+	chain input {
+		type filter hook input priority 0; policy accept;
+		meta priority set ip daddr map @deucalion;
+	}
+}
+</file>
+==== Patch ====
+This patch is already merged upstream (as of 2018 Archlinux and Ubuntu have it, Debian not yet!):
+  * https://www.spinics.net/lists/netfilter/msg57694.html
+  * https://www.spinics.net/lists/netfilter/threads.html#57694
+You need it if nft shows this error:
+<code>
+<cmdline>:1:45-51: Error: syntax error, unexpected classid, expecting string or dscp or ecn or mark
+add map filter deucalion { type ipv4_addr : classid; }
+                                            ^^^^^^^
+<cmdline>:1:26-52: Error: map definition does not specify key data type
+add map filter deucalion { type ipv4_addr : classid; }
+                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^
+</code>
 <file diff nft-classid.patch>
@@ Řádek 29: / Řádek 69: @@
  hook_spec		:	TYPE		STRING		HOOK		STRING		dev_spec	PRIORITY	prio_spec
-</file>
-<code bash>
-nft add map filter deucalion { type ipv4_addr : classid\; }
-</code>
-<file ini deucalion.nft>
-	map deucalion {
-		type ipv4_addr : classid;
-		elements = { 1.1.1.2 : 2:2222, 1.1.1.3 : 3:3333 }
-	}
-	chain input {
-		type filter hook input priority 0; policy accept;
-		meta priority set ip daddr map @deucalion;
-	}
 </file>