2

hey i am using Nftables in Ubuntu 16.04 , i am trying to mark packet according to the inner Vlan id (create this rule). so far i have succeed to mark only by the first Vlan id with Nftables in this way:

nft add table netdev l2  #create table of type netdev  (layer 2)
nft add chain netdev l2 ingress #create chain
nft add rule netdev l2 ingress vlan id 4092 mark set 5 #if(vlan==4092) {mark 5}

how to set the same rule but according to second Vlan id?

Omer Anisfeld
  • 1,236
  • 12
  • 28
  • You can use `set` feature of nftables. https://wiki.nftables.org/wiki-nftables/index.php/Sets . Check these test cases to get better idea. http://git.netfilter.org/nftables/tree/tests/py/bridge/vlan.t.payload.netdev#n219 – Zzz0_o Sep 09 '17 at 17:00
  • can you pleas give an example of double vlan as a rule? i am quite confuse because set is used to change the data – Omer Anisfeld Sep 14 '17 at 05:09
  • See there are two things one is `set` (used to set the values) and another is mathematical set like `{element1, element2}`. – Zzz0_o Oct 03 '17 at 08:33

0 Answers0