When sfunnel is attached in EGRESS, it would be highly interesting to be able to match fwmark. This would allow other BPF programs or iptables/nftables to select which traffic to funneled (or unfunneled in not-so-bvious use-cases).
Rule syntax would follow the ~nftables one, so:
meta mark <match_value>
meta mark & <value> == <match_value>
meta mark | <value> == <match_value>
When
sfunnelis attached in EGRESS, it would be highly interesting to be able to matchfwmark. This would allow other BPF programs oriptables/nftablesto select which traffic to funneled (or unfunneled in not-so-bvious use-cases).Rule syntax would follow the
~nftablesone, so:Requirements
TODO