<html>
    <head>
      <base href="https://bugzilla.netfilter.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Feature request - support missing and exists keywords for meta skuid"
   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1704">1704</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Feature request - support missing and exists keywords for meta skuid
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>nftables
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>1.0.x
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>x86_64
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>other
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>enhancement
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P5
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>nft
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>pablo@netfilter.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>thesashok724@gmail.com
          </td>
        </tr></table>
      <p>
        <div>
        <pre>According to the nft(8) man page
(<a href="https://man.archlinux.org/man/nft.8.en#BOOLEAN_TYPE">https://man.archlinux.org/man/nft.8.en#BOOLEAN_TYPE</a>), it is possible to only
check the existence of `fib`, `exthdr`, and `tcp option` of a packet.
It would be very useful to check the existence of other fields, for example
`meta skuid`/`meta skgid`, which are not present for packets sent by the
kernel. Currently, loading the following nftables rules throws an error:

```
#!/usr/bin/nft -f

table inet test
delete table inet test

table inet test {
    chain output_test {
        type filter hook output priority filter
        policy accept

        meta skuid missing log counter # log kernel packets
    }
}

```

nft -f test.conf:
```
test.conf:11:20-26: Error: datatype mismatch, expected user ID, expression has
type boolean type
        meta skuid missing log counter
        ~~~~~~~~~~ ^^^^^^^
```

OS: Arch Linux

uname -a:
`Linux pc.s724 6.5.3-arch1-1 #1 SMP PREEMPT_DYNAMIC Wed, 13 Sep 2023 08:37:40
+0000 x86_64 GNU/Linux`

nft -v:
`nftables v1.0.8 (Old Doc Yak #2)`</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are watching all bug changes.</li>
      </ul>
    </body>
</html>