not all af families supported when built against old kernel headers
If the parser is built against old kernel headers then it will only support address families that are present in those headers, making it fail on newer policy that contains rules with those af names.
We need to update the parser to do what it is doing for capability names.
- Have a static list in the parser that can be updated.
- Generate a list at build time and compare to the static list so that the build can fail/warn when the internal list is missing an af
- All user to add unknown afs via config, as work around for new afs that are unknown
- Export from kernel set of af's
- Have the parser check the set of af's exported by kernel, so that it can properly map policy to kernel, sizing tables dropping rules, or mapping as necessary.
Unlike capabilities backmapping of afs is probably not necessary but should be investigated.