====== nftables ======

===== Traffic Shaping with nftables and tc =====

Using shell commands:

<code bash>
nft add table ip filter
nft add map filter deucalion { type ipv4_addr : classid\; }
</code>

Using nftables file:

<file ini deucalion.nft>
table ip filter {
	map deucalion {
		type ipv4_addr : classid;
		elements = { 1.1.1.2 : 2:2222, 1.1.1.3 : 3:3333 }
	}


	chain input {
		type filter hook input priority 0; policy accept;
		meta priority set ip daddr map @deucalion;
	}
}
</file>

==== Patch ====

This patch is already merged upstream (as of 2018 Archlinux and Ubuntu have it, Debian not yet!):

  * https://www.spinics.net/lists/netfilter/msg57694.html
  * https://www.spinics.net/lists/netfilter/threads.html#57694

You need it if nft shows this error:

<code>
<cmdline>:1:45-51: Error: syntax error, unexpected classid, expecting string or dscp or ecn or mark
add map filter deucalion { type ipv4_addr : classid; }
                                            ^^^^^^^
<cmdline>:1:26-52: Error: map definition does not specify key data type
add map filter deucalion { type ipv4_addr : classid; }
                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^
</code>

<file diff nft-classid.patch>
parser: allow classid as set key

From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>

Allow TC classid as set key.

Signed-off-by: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
---
 src/parser_bison.y |    1 +
 1 file changed, 1 insertion(+)

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 7016f5b..2918875 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1545,6 +1545,7 @@ type_identifier		:	STRING	{ $$ = $1; }
 			|	MARK	{ $$ = xstrdup("mark"); }
 			|	DSCP	{ $$ = xstrdup("dscp"); }
 			|	ECN	{ $$ = xstrdup("ecn"); }
+			|	CLASSID { $$ = xstrdup("classid"); }
 			;
 
 hook_spec		:	TYPE		STRING		HOOK		STRING		dev_spec	PRIORITY	prio_spec
</file>