From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id E89D11DC88; Sat, 29 Nov 2025 13:15:34 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id 742F31DC84; Sat, 29 Nov 2025 13:15:32 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_PASS,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=4.0.1 Received: from mail.cyberchaos.dev (mail.cyberchaos.dev [IPv6:2a0f:4ac0::3a11]) by atuin.qyliss.net (Postfix) with ESMTPS id DB97F1DC80 for ; Sat, 29 Nov 2025 13:15:30 +0000 (UTC) Message-ID: <0867de47-1c8d-425d-a33e-75e769d4a44d@yuka.dev> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yuka.dev; s=mail; t=1764422124; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=ldFMUpaSMI5FF16sM3L/fBbAxETxm8qCxkKUFFGGc2c=; b=pcIYMowfgKVO57D8WwRv1jI7BzUO5O2ZUgdiEvn+g4vV/4q+I4zuV15nxvDzC/HQZIZXih 2c4uCRhzYXzs8qrpEw8KjogBOExosqlRiYuDY4WEOOSoZhAmo3KbSPMdJnyEvO9R6d6BZT 6VcRpj7wo+cEzd+nmSR+6rkF8yZ+qXE= Date: Sat, 29 Nov 2025 14:15:23 +0100 MIME-Version: 1.0 Subject: Re: [PATCH v2 2/7] vm/sys/net: integrate xdp-forwarder To: Alyssa Ross References: <20251128223038.97536-1-yureka@cyberchaos.dev> <20251128223038.97536-3-yureka@cyberchaos.dev> <875xat56lz.fsf@alyssa.is> Content-Language: en-US From: Yureka Autocrypt: addr=yuka@yuka.dev; keydata= xjMEZ3vnnhYJKwYBBAHaRw8BAQdAn6RVMnaxLzmDDx+J3jSUGY7BqjyDhsWhdwKBSI6QpXfN Fll1cmVrYSA8eXVrYUB5dWthLmRldj7CjgQTFgoANhYhBPGINbLQ3ypM7JNhigKbtnC7kwpH BQJne+eeAhsDBAsJCAcEFQoJCAUWAgMBAAIeBQIXgAAKCRACm7Zwu5MKRx1qAP9ToLaOMd73 VVf1JdwoMc5G44OZfKNk/+ezt9Dl2oqZdQD/Xvgd0lytU3BZ4WnYeMNzo2xHeRxXmX+MfXhA D33tzQ/OOARne+eeEgorBgEEAZdVAQUBAQdAIs9uImfvgSCnJOcfvzshLuaSRJ/a0Vp/9rUA eBGZq10DAQgHwngEGBYKACAWIQTxiDWy0N8qTOyTYYoCm7Zwu5MKRwUCZ3vnngIbDAAKCRAC m7Zwu5MKRyW9AP0dBOuwgWso+QjBZUsbuEmGGUz2OWtszs2Yb7087RMerwEA3al6E7vqq0HC 7LiB3nisU+xqQojJ4n/fWCu70iEkjQw= In-Reply-To: <875xat56lz.fsf@alyssa.is> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Message-ID-Hash: SJB7QYRENTAK2PFQ4N3O5D6MEKCXVNDG X-Message-ID-Hash: SJB7QYRENTAK2PFQ4N3O5D6MEKCXVNDG X-MailFrom: yuka@yuka.dev X-Mailman-Rule-Hits: member-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address CC: devel@spectrum-os.org X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 11/29/25 14:08, Alyssa Ross wrote: > Yureka Lilian writes: > >> diff --git a/vm/sys/net/image/etc/nftables.conf b/vm/sys/net/image/etc/nftables.conf >> index 296d92c..cc8e462 100644 >> --- a/vm/sys/net/image/etc/nftables.conf >> +++ b/vm/sys/net/image/etc/nftables.conf >> @@ -1,8 +1,16 @@ >> # SPDX-License-Identifier: EUPL-1.2+ >> -# SPDX-FileCopyrightText: 2021 Alyssa Ross >> +# SPDX-FileCopyrightText: 2025 Yureka Lilian >> >> -table nat { >> - chain postrouting { >> - type nat hook postrouting priority 100; >> +table driver-fw { >> + chain input { >> + type filter hook input priority filter; policy drop; >> + } >> + >> + chain output { >> + type filter hook output priority filter; policy drop; >> + } >> + >> + chain forward { >> + type filter hook forward priority filter; policy drop; >> } >> } > Just checking: did you see my question about the formatting of this last > time? > > https://spectrum-os.org/lists/archives/spectrum-devel/87see1t69a.fsf@alyssa.is/ I saw the question but forgot to answer it. Thanks for reminding me. At least inside nixpkgs all nftables chains are declared in this style, so yes it is a common way of writing it. I suppose because the policy is semantically part of the chain "declaration" as opposed to the rules following it.